CCNA Routing and SwitchingPractice and Study Guide: Exercises, Activities, and Scenarios to Prepare for the ICND2 (200-101) Certification Exam Instructor’s Answer Key Allan Johnson Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA instructor.indb i 3/12/14 7:51 AM ii CCNA Routing and Switching Practice and Study Guide Publisher CCNA Routing and Switching Practice and Paul Boger Study Guide: Associate Publisher Dave Dusthimer Exercises, Activities, and Scenarios to Prepare for the ICND2 (200-101) Certification Exam Business Operation Manager, Cisco Press Jan Cornelssen Instructor’s Answer Key Allan Johnson Executive Editor Mary Beth Ray Copyright© 2014 Cisco Systems, Inc. Managing Editor Cisco Press logo is a trademark of Cisco Systems, Inc. Sandra Schroeder Published by: Senior Development Editor Cisco Press Christopher Cleveland 800 East 96th Street Project Editor Indianapolis, IN 46240 USA Mandie Frank All rights reserved. No part of this book may be reproduced or transmitted in any Copy Editor form or by any means, electronic or mechanical, including photocopying, record- Keith Cline ing, or by any information storage and retrieval system, without written permis- sion from the publisher, except for the inclusion of brief quotations in a review. Technical Editor Steve Stiles Printed in the United States of America Editorial Assistant First Printing April 2014 Vanessa Evans ISBN-13: 978-0-13-381341-8 Designer Mark Shirar ISBN-10: 0-13-381341-X Composition Tricia Bronkella Warning and Disclaimer Proofreader This book is designed to provide information about networking. Every effort has Sarah Kearns been made to make this book as complete and as accurate as possible, but no war- ranty or fitness is implied. The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. instructor.indb ii 3/12/14 7:51 AM iii Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at
[email protected] or (800) 382-3419. For government sales inquiries, please contact
[email protected]. For questions about sales outside the U.S., please contact
[email protected]. Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regard- ing how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at
[email protected]. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance. 8 instructor.indb iii 3/12/14 7:51 AM iv CCNA Routing and Switching Practice and Study Guide About the Author Allan Johnson entered the academic world in 1999 after 10 years as a business owner/opera- tor to dedicate his efforts to his passion for teaching. He holds both an MBA and an M.Ed in Occupational Training and Development. He is an information technology instructor at Del Mar College in Corpus Christi, Texas. In 2003, Allan began to commit much of his time and energy to the CCNA Instructional Support Team, providing services to Networking Academy instructors worldwide and creating training materials. He now works full time for Cisco Networking Academy as a Learning Systems Developer. instructor.indb iv 3/12/14 7:51 AM v About the Technical Reviewer Steve Stiles is a Cisco Network Academy Instructor for Rhodes State College and a Cisco Certified Instructor Trainer, having earned CCNA Security and CCNP level certifications. He was the recipient of the 2012 Outstanding Teacher of the Year by the Ohio Association of Two-Year Colleges and co-recipient for the Outstanding Faculty of the Year at Rhodes State College. instructor.indb v 3/12/14 7:51 AM Thank you providing me the comfort and resting place only you can give.indb vi 3/12/14 7:51 AM . Without the sacrifices you made during the project. this work would not have come to fruition. —Allan Johnson instructor. Becky. vi CCNA Routing and Switching Practice and Study Guide Dedication For my wife. The Cisco Network Academy authors for the online curriculum and series of Companion Guides take the reader deeper. you amaze me with your ability to juggle multiple projects at once. Chris. Wayne Lewis. but for more advanced college-level technology courses and degrees. This is my seventh project with Christopher Cleveland as development editor. steering each from beginning to end. past the CCENT exam topics. His dedication to perfection pays dividends in countless. and Bob Vachon—for their excellent treatment of the material. as well. he was willing and able to do the arduous review work necessary to make sure that you get a book that is both technically accurate and unambiguous. when Mary Beth Ray contacted him. Thankfully. unseen ways. instructor. and his excel- lent work building activities for the new Cisco Networking Academy curriculum. he was an obvious choice. it is reflected throughout this book. Executive Editor. vii Acknowledgments When I began to think of whom I would like to have as a technical editor for this work.indb vii 3/12/14 7:51 AM . Steve Stiles immediately came to mind. for providing me with much-needed guidance and support. I can always count on you to make the tough deci- sions. Thank you again. Thank you especially to Amy Gerrie and her team of authors— Rick Graziani. with the ultimate goal of not only preparing the student for CCENT certification. This book could not be a reality without your persis- tence. With his instructor and industry background. Mary Beth Rey. indb viii 3/12/14 7:51 AM . viii CCNA Routing and Switching Practice and Study Guide Contents at a Glance Introduction xvi Part I: Scaling Networks Chapter 1 Introduction to Scaling Networks 1 Chapter 2 LAN Redundancy 13 Chapter 3 Link Aggregation 31 Chapter 4 Wireless LANs 41 Chapter 5 Adjust and Troubleshoot Single-Area OSPF 57 Chapter 6 Multiarea OSPF 77 Chapter 7 EIGRP 87 Chapter 8 EIGRP Advanced Configurations and Troubleshooting 109 Chapter 9 IOS Images and Licensing 127 Part II: Connecting Networks Chapter 10 Hierarchical Network Design 137 Chapter 11 Connecting to the WAN 147 Chapter 12 Point-to-Point Connections 155 Chapter 13 Frame Relay 171 Chapter 14 Network Address Translation for IPv4 181 Chapter 15 Broadband Solutions 193 Chapter 16 Securing Site-to-Site Connectivity 203 Chapter 17 Monitoring the Network 213 Chapter 18 Troubleshooting the Network 223 instructor. indb ix 3/12/14 7:51 AM .1D Port Roles 17 Varieties of Spanning Tree Protocols 20 Comparing the STP Varieties 20 PVST+ Operation 21 Rapid PVST+ Operation 22 Spanning-Tree Configuration 23 PVST+ and Rapid PVST+ Configuration 23 First Hop Redundancy Protocols 26 Identify FHRP Terminology 27 Identify the Type of FHRP 28 HSRP and GLBP Configuration and Verification 28 Chapter 3 Link Aggregation 31 Link Aggregation Concepts 32 EtherChannel Advantages 32 EtherChannel Operation 32 instructor. ix Contents Introduction xvi Part I: Scaling Networks Chapter 1 Introduction to Scaling Networks 1 Implementing a Network Design 2 Hierarchical Network Design 2 Identify Scalability Terminology 6 Selecting Network Devices 7 Selecting Switch Hardware 7 Selecting Router Hardware 8 Managing Devices 8 Basic Router Configuration Review 9 Basic Router Verification Review 10 Basic Switch Configuration Review 10 Basic Switch Verification Review 11 Chapter 2 LAN Redundancy 13 Spanning-Tree Concepts 14 Draw a Redundant Topology 14 Purpose of Spanning Tree 15 Spanning-Tree Operation 15 Identify the 802. 11 Frame 45 Wireless Media Contention 48 Associating with an AP 50 Channel Management Concepts 52 Wireless LAN Security 53 WLAN Security Terminology 53 Identify the WLAN Security Characteristics 54 Wireless LAN Configuration 54 Configuring WLAN Routers and Clients 54 Troubleshooting WLAN Issues 55 Chapter 5 Adjust and Troubleshoot Single-Area OSPF 57 Advanced Single-Area OSPF Configurations 58 Single-Area OSPF Configuration Review 58 Configuring Single-Area OSPFv2 58 Verifying Single-Area OSPFv2 59 Configuring Single-Area OSPFv3 59 Verifying Single-Area OSPFv3 61 Identify Network Types 62 OSPF and Multi-Access Networks 63 OSPF and Multi-Access Networks Completion Exercise 63 DR/BDR Election Exercise 65 Redistributing an OSPF Default Route Exercise 67 OSPFv2 Default Route Redistribution 67 OSPFv3 Default Route Redistribution 68 Fine-Tuning OSPF Interfaces 69 Securing OSPFv2 with MD5 Authentication 69 Troubleshooting Single-Area OSPF Implementations 71 OSPF Adjacency Issues 71 Identify OSPFv2 Troubleshooting Commands 71 Identify OSPFv3 Troubleshooting Commands 74 instructor. x CCNA Routing and Switching Practice and Study Guide Link Aggregation Configuration 33 Configuring EtherChannel 34 EtherChannel Configuration Scenario 1 34 EtherChannel Configuration Scenario 1 34 EtherChannel Configuration Scenario 1 35 Verifying and Troubleshooting EtherChannel 35 Chapter 4 Wireless LANs 41 Wireless LAN Concepts 42 Identify Wireless Technologies 42 WLANs Components and Topologies 44 Wireless LAN Operations 45 Label the 802.indb x 3/12/14 7:51 AM . xi Chapter 6 Multiarea OSPF 77 Multiarea OSPF Operation 78 Multiarea OSPF Terminology and Concepts 78 Multiarea OSPF LSA Operation 79 OSPF Routing Table and Types of Routes 79 Configuring Multiarea OSPF 80 Configuring Multiarea OSPF 80 Configuring Route Summarization for Multiarea OSPFv2 83 Verifying Multiarea OSPF 85 Chapter 7 EIGRP 87 Characteristics of EIGRP 88 Describe Basic EIGRP Features 88 Identify and Describe EIGRP Packet Types 88 Identify Elements of the EIGRP Message Formats 89 Configuring EIGRP for IPv4 94 Configuring EIGRP with IPv4 94 Verifying EIGRP with IPv4 97 Operation of EIGRP 99 EIGRP Metric Concepts 99 DUAL Concepts Exercise 100 DUAL FSM Completion Exercise 102 Configuring EIGRP for IPv6 104 Comparing EIGRP for IPv4 and EIGRP for IPv6 104 Configuring and Verifying EIGRP for IPv6 105 Chapter 8 EIGRP Advanced Configurations and Troubleshooting 109 Advanced EIGRP Configurations 110 Automatic Summarization 110 Manual Summarization 112 IPv4 Manual Summarization 113 IPv6 Manual Summarization 115 Default Route Propagation 116 Fine-Tuning EIGRP Interfaces 118 Securing EIGRP Routing Updates 120 Troubleshoot EIGRP 121 Commands for Troubleshooting EIGRP 121 Troubleshoot EIGRP Connectivity Issues 122 Connectivity Issue #1 122 Connectivity Issue #2 123 Connectivity Issue #3 123 instructor.indb xi 3/12/14 7:51 AM . and Naming Conventions 128 Backing Up Cisco IOS Images 131 IOS Licensing 132 Software Licensing 132 License Verification and Management 133 Part II: Connecting Networks Chapter 10 Hierarchical Network Design 137 Hierarchical Network Design Overview 138 Enterprise Network Campus Design 138 Hierarchical Network Design 138 Cisco Enterprise Architecture 139 Modular Network Design 139 Cisco Enterprise Architecture Model 140 Evolving Network Architectures 144 Cisco Enterprise Architectures 144 Emerging Network Architectures 144 Chapter 11 Connecting to the WAN 147 WAN Technologies Overview 148 Network Types and Their Evolving WAN Needs 148 WAN Operations and Terminology 149 Selecting a WAN Technology 151 Varieties of WAN Link Connections 151 Private and Public WAN Access Options 152 Chapter 12 Point-to-Point Connections 155 Serial Point-to-Point Overview 156 Serial Communications 156 WAN Protocols 158 HDLC Encapsulation 158 HDLC Configuration and Troubleshooting 159 Troubleshooting Serial Interfaces 159 PPP Operation 160 PPP Components 160 PPP Sessions 162 instructor.indb xii 3/12/14 7:51 AM . xii CCNA Routing and Switching Practice and Study Guide Chapter 9 IOS Images and Licensing 127 Managing IOS System Files 128 IOS Families. Trains. indb xiii 3/12/14 7:51 AM . xiii Configure PPP 165 Basic PPP Configuration with Options 165 PPP Authentication 167 PAP Configuration 168 CHAP Configuration 168 Troubleshoot WAN Connectivity 168 Chapter 13 Frame Relay 171 Introduction to Frame Relay 172 Frame Relay Concepts and Terminology 172 Frame Relay Operation 173 Configure Frame Relay 176 Configure Basic Frame Relay 176 Configure Subinterfaces 177 Troubleshoot Connectivity 178 Chapter 14 Network Address Translation for IPv4 181 NAT Operation 181 NAT Characteristics 181 Configuring NAT 183 Configuring Static NAT 183 Configuring Dynamic NAT 184 Configuring Port Address Translation 185 A Word About Port Forwarding 189 Configuring NAT and IPv6 189 Troubleshooting NAT 190 Chapter 15 Broadband Solutions 193 Teleworking 194 Benefits of Teleworking 194 Costs of Teleworking 194 Business Requirements for Teleworker Services 194 Comparing Broadband Solutions 195 Cable 195 DSL 197 Broadband Wireless 199 Selecting Broadband Solutions 200 Configuring xDSL Connectivity 200 PPPoE Overview 200 Configuring PPPoE 201 instructor. indb xiv 3/12/14 7:51 AM . xiv CCNA Routing and Switching Practice and Study Guide Chapter 16 Securing Site-to-Site Connectivity 203 VPNs 204 Fundamentals of VPNs 204 Types of VPNs 204 Site-to-Site GRE Tunnels 205 Fundamentals of Generic Routing Encapsulation 205 Configuring GRE Tunnels 206 Introducing IPsec 208 Internet Protocol Security 208 IPsec Framework 208 Remote Access 210 Remote-Access VPN Solutions 210 IPsec Remote-Access VPNs 211 Chapter 17 Monitoring the Network 213 Syslog 214 Syslog Operation 214 Configuring Syslog 215 SNMP 215 SNMP Operation 215 Configuring SNMP 218 NetFlow 219 NetFlow Operation 220 Configuring NetFlow 220 Chapter 18 Troubleshooting the Network 223 Troubleshooting with a Systematic Approach 224 Network Documentation 224 Troubleshooting Process and Methodologies 227 Network Troubleshooting 230 Troubleshooting Tools 231 Network Troubleshooting and IP Connectivity 232 instructor. In actual configuration examples and output (not general command syntax). The Command Reference describes these conventions as follows: ■ Boldface indicates commands and keywords that are entered literally as shown. ■ Vertical bars (|) separate alternative. ■ Square brackets [ ] indicate optional elements. ■ Italics indicate arguments for which you supply actual values. boldface indicates commands that are manually input by the user (such as a show command). ■ Braces { } indicate a required choice. instructor. mutually exclusive elements.indb xv 3/12/14 7:51 AM . xv Icons Used in This Book DSU/CSU Router Bridge Hub DSU/CSU Catalyst Multilayer ATM ISDN/Frame Relay Switch Switch Switch Switch Communication Gateway Access Server Server Command Syntax Conventions The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference. ■ Braces within brackets [{ }] indicate a required choice within an optional element. netacad. They are divided into five broad categories: ■ LAN Switching Technologies ■ IP Routing Technologies ■ IP Services ■ Troubleshooting ■ WAN Technologies instructor.com. Successfully completing this course means that you should be able to configure and troubleshoot routers and switches and resolve common issues with OSPF.indb xvi 3/12/14 7:51 AM . you can buy any or all of CCNA Routing and Switching Companion Guides (CG) and Lab Manuals (LM) of the Academy’s popular online curriculum. Successfully completing this course means that you should be able to configure and trouble- shoot network devices and resolve common WAN issues and implement IPsec and virtual pri- vate network (VPN) operations in a complex network. To learn more about CCNA Routing and Switching courses and to find an Academy near you. if you are not an Academy student but would like to benefit from the extensive authoring done for these courses. and VTP in both IPv4 and IPv6 networks. Passing the CCNA exam means that you have the knowledge and skills required to successfully install. Ideally. CN pulls everything from the first three courses together as the student learns the WAN technologies and network services required by converged applications in a complex network. However. the reader will have completed the first two courses: Introduction to Networks (ITN) and Routing and Switching Essentials (RSE). and troubleshoot a small branch office network. xvi CCNA Routing and Switching Practice and Study Guide Introduction The purpose of this book is to provide you with an extra resource for studying the exam top- ics of the Interconnecting Cisco Networking Devices Part 2 (ICND2) exam that leads to Cisco Certified Networking Associate (CCNA) certification. you will have access to the tireless work of an outstanding team of Cisco Academy instructors dedi- cated to providing students with comprehensive and engaging CCNA Routing and Switching preparation course material. You can view the detailed exam topics any time at http://learningnetwork. STP. and operations of routers and switches in a large and complex network. operate. The titles and ISBNs for the first two courses of the CCNA Routing and Switching CGs and LMs are as follows: ■ Scaling Networks Companion Guide (ISBN: 9781587133282) ■ Scaling Networks Lab Manual (ISBN: 9781587133251) ■ Connecting Networks Companion Guide (ISBN: 9781587133329) ■ Connecting Networks Lab Manual (ISBN: 9781587133312) Goals and Methods The most important goal of this book is to help you pass the 200-101 Interconnecting Cisco Networking Devices Part 2 (ICND2) exam. SN continues where RSE left off. visit http://www. EIGRP.com.cisco. taking the student deeper into the architecture. This book maps to the third and fourth Cisco Networking Academy courses in the CCNA Routing and Switching curricula: Scaling Networks (SN) and Connecting Networks (CN). Although you will not have access to the Packet Tracer network simulator software. which is associated with the Cisco Certified Network Associate (CCNA) certification. components. whereas other Academies recommend the Practice Study Guide as an additional resource to prepare for class exams and the CCNA certification. Many Academies use this Practice Study Guide as a required tool in the course.and university-level networking courses.indb xvii 3/12/14 7:51 AM . the Labs are available in the Lab Manuals previously cited. However. Each chapter differs slightly and includes some or all of the following types of practice: ■ Vocabulary-matching exercises ■ Concept question exercises ■ Skill-building activities and scenarios ■ Configuration scenarios ■ Troubleshooting scenarios Audience for This Book This book’s main audience is anyone taking the CCNA Routing and Switching courses of the Cisco Networking Academy curriculum. the Connecting Networks Companion Guide. This book has 18 chapters. Video Demonstration instructor. progressing from Chapter 1 to Chapter 18. This book can also be used for college. These refer- ences are provided so that you can. the num- bering is sequential in this book. configurations. However. operations. and the online curriculum is sequential. The secondary audiences for this book include people taking CCNA-related classes from pro- fessional training organizations. A different topology affords you the opportunity to practice your knowl- edge and skills without just simply recording the information you find in the text. and by anyone wanting to gain a detailed understanding of INCD2 routing and switching concepts. complete those activities. However. their names the same as the online course chapters. Most of the configuration chapters use a single topology where appropriate. the topology differs from the one used in the online curriculum and the Companion Guide. you will find references to Packet Tracer and Lab activities. you should work through this Practice and Study Guide in order beginning with Chapter 1. Packet Tracer Activity Note: Throughout the book. and outputs. at that point. The online cur- riculum starts over at Chapter 1 in the Connecting Networks course. How This Book Is Organized Because the content of the Scaling Networks Companion Guide. xvii This book offers exercises that help you learn the concepts. and troubleshoot- ing skills crucial to your success as a CCNA exam candidate. The book covers the major topic headings in the same sequence as the online curriculum. The Packet Tracer activities are accessible only if you have access to the online curriculum. This allows for better continuity and easier understanding of routing and switching commands. starts off network design. ■ Chapter 13. verification. “Link Aggregation”: This chapter’s exercises are devoted to the concepts. “IOS Images and Licensing”: This chapter is devoted to the crucial knowl- edge and skills you need to manage IOS images. it is still a viable option in depending on your location. In addition. ■ Chapter 7. and troubleshooting of Frame Relay. ■ Chapter 8. verifica- tion. You will also practice basic router and switch configuration and veri- fication. “Adjust and Troubleshoot Single-Area OSPF”: This chapter focuses on advanced OSPF concepts. this chapter includes exercises covering multiarea OSPF concepts and configuration. and troubleshooting. and still viable. configuration. WAN options is PPP. “EIGRP”: The exercises in this chapter are devoted to the basic concepts and configuration of Cisco’s routing protocol. ■ Chapter 12. EIGRP for IPv4 and IPv6. configuration. and security. The exercises focus on differentiating between all these WAN options. “Hierarchical Network Design”: Part II. opera- tions. “EIGRP Advanced Configurations and Troubleshooting”: This chapter focuses on advanced EIGRP concepts. Part II: Connecting Networks ■ Chapter 10. and troubleshooting.11. you will complete activities focused on WLAN compo- nents. “Wireless LANs”: This chapter is all about wireless connectivity technolo- gies. configuration. and troubleshooting of PPP with PAP and CHAP authentication. configuration. You will complete exercises that focus on various types of wireless and the stan- dards for 802. This chapter includes exercises cover- ing the concepts. Exercises in this chapter focus on the serial interface and then the con- cepts. instructor. Exercises focus on basic IOS image con- cepts and management tasks. and troubleshooting of EtherChannel. much like Part I. topologies. ■ Chapter 4. verification. “LAN Redundancy”: The exercises in this chapter cover the concepts. configuration. So. ■ Chapter 9. “Point-to-Point Connections”: One of the older. ■ Chapter 5. “Introduction to Scaling Networks”: This chapter provides vocabulary and concept exercises to reinforce your understanding of hierarchical network design and selecting hardware. “Frame Relay”: Although some may consider Frame Relay obsolete. “Multiarea OSPF”: The CCNA exam now includes multiarea OSPF. Exercises focus on the various types of network design models and architec- tures. verification. ■ Chapter 2. xviii CCNA Routing and Switching Practice and Study Guide Part I: Scaling Networks ■ Chapter 1. ■ Chapter 3. ■ Chapter 11.indb xviii 3/12/14 7:51 AM . verification. configuration. “Connecting to the WAN”: This chapter is a survey of all the various WAN access options and technologies that are available for connecting today’s networks. and troubleshooting. verification. ■ Chapter 6. and verification of all the current varieties of STP. Practice activities include configuring. The exercises in this chapter cover three popular network monitoring tools: syslog. instructor. ■ Chapter 16. and PAT.com to continue registration. This exercises in this chapter help you distinguish between the various broadband offerings on the market. xix ■ Chapter 14. and you then gain access to exclusive deals on other resources from Cisco Press. This chapter reviews troubleshooting methodologies and the tools and commands you use to troubleshoot a network. Becoming a member and registering is free. a link to the supplemental content will be listed on your My Registered Books page.indb xix 3/12/14 7:51 AM . you have practice troubleshooting skills in relation to specific technologies. Troubleshooting is a key skill to fine-tune now that you are close to taking your CCNA exam. This chapter focuses on exercises to reinforce your understanding of NAT operation and characteristics. Just about every router con- nected to the network uses NAT or forwards traffic to a NAT-enabled device for address translation. verifying. About the Cisco Press Website for This Book Cisco Press provides additional content that can be accessed by registering your individual book at the ciscopress. dynamic NAT. To register this book. “Network Address Translation for IPv4”: NAT was created to provide a temporary solution to the limited address space in IPv4. ■ Chapter 17. SNMP.asp and enter the book’s ISBN located on the back cover of this book. “Securing Site-to-Site Connectivity”: VPNs allow teleworkers and branch sites connect to the corporate network regardless of the underlying WAN access option. including IPsec and GRE configuration. “Monitoring the Network”: As a network administrator.com/bookstore/register. After you register the book.com website.ciscopress. and NetFlow. and trou- bleshooting static NAT. go to http://www. The exercises in this chapter are devoted to the concepts of the various VPN solutions. ■ Chapter 15. You’ll then be prompted to log in or join ciscopress. “Broadband Solutions”: Working from home or away from a central office has largely been made possible by the advent of broadband technologies and VPNs. ■ Chapter 18. you are more likely to be managing a network using a variety of tools rather than designing and building them. “Troubleshooting the Network”: Throughout your CCNA studies. indb xx 3/12/14 7:51 AM .instructor. To keep pace with a business’s expansion and new emerging technologies.indb 1 3/12/14 7:51 AM . so does its networking requirements. This short chapter sets the stage for the rest of the course. and appropriate device selections that you can use to systematically design a highly functional network. A network that scales well is not only one that can handle growing traffic demands. the Cisco Enterprise Architecture modules. a network must be designed to scale. This chapter covers the hierarchical network design model. instructor. CHAPTER 1 Introduction to Scaling Networks As a business grows. but also one designed with the inevitable need to expand. IP telephony. To provide this kind of reliability. and video applications for multiple business units. including data files. label the three layers of the hierarchical design model. Failover capability refers to the ability of a device to switch from a nonfunctioning module. Designing a network using the three-layer hierarchical design model helps optimize the net- work. Hierarchical Network Design Users expect enterprise networks to be up 99. Figure 1-1 Hierarchical Design Model Hierarchical Design Model Internet Internet instructor. In Figure 1-1. email.indb 2 3/12/14 7:51 AM . 2 CCNA Routing and Switching Practice and Study Guide Implementing a Network Design An enterprise network must be designed to support the exchange of various types of network traffic. enterprise class equipment uses redundant power supplies and has failover capabili- ties. Describe what failover capability means for enterprise class equipment. or device to a functioning one with little or no break in service. Why should a network be organized so that traffic stays local and is not propagated unneces- sarily on to other portions of the network? Keeping traffic local optimizes bandwidth.999 percent of the time. service. instructor. Enterprise Edge. and Remote. A failure domain is the area of a network that is impacted when a critical device or network service experiences problems. the core layer represents a high-speed back- bone layer between dispersed networks.indb 3 3/12/14 7:51 AM . Finally. The distribution layer is used to forward traffic from one local network to another. The Cisco Enterprise Architecture divides the network into functional components while still maintaining the core. and access layers. The primary Cisco Enterprise Architecture modules include Enterprise Campus. distribution. Briefly describe a failure domain. Chapter 1: Introduction to Scaling Networks 3 Figure 1-1a Hierarchical Design Model (answer) Hierarchical Design Model Internet Internet Core Layer Distribution Layer Access Layer Briefly describe each layer of the hierarchical design model. The access layer provides connectivity for the users. A well-designed network not only controls traffic but also limits the size of failure domains. Service Provider Edge. Modules 1 Campus Core 2 Remote Access & VPN 3 Building Distribution 4 Internet Connectivity 5 Building Access 6 Server Farm & Data Center 7 WAN Site-to-Site VPN 8 E-Commerce Figure 1-2 Cisco Enterprise Architecture Enterprise Campus Enterprise Edge Service Remote Provider Edge Enterprise Branch Campus Infrastructure Module ISP A ISP B Enterprise Teleworker PSTN Enterprise Data Center Frame Relay. Network Management instructor.. .. MAN. 4 CCNA Routing and Switching Practice and Study Guide Use the list of modules to label the parts of the Cisco Enterprise Architecture in Figure 1-2.indb 4 3/12/14 7:51 AM . ATM. . MAN.. Network Management instructor. . ATM. Chapter 1: Introduction to Scaling Networks 5 Figure 1-2a Cisco Enterprise Architecture (answer) Enterprise Campus Enterprise Edge Service Remote Provider Edge 5 Enterprise 8 Branch Campus Infrastructure Module ISP A 3 4 ISP B Enterprise Teleworker 1 2 PSTN 6 Enterprise Data Center 7 Frame Relay.indb 5 3/12/14 7:51 AM . Supports new features and devices without requiring major equipment upgrades b. Link-state routing protocol with a two-layer hierarchical design d. Cisco proprietary distance vector routing pro. EtherChannel failure a. Allows for redundant paths by eliminating e. c. EIGRP tocol d. OSPF c. Minimizes the possibility of a single point of h. This is a one-to-one matching exercise. Scalable Routing Protocol e. Spanning Tree Protocol h. Wireless LANs f. Redundancy switching loops f. Isolates routing updates and minimizes the a. Increases flexibility. Technique for aggregating multiple links between equipment to increase bandwidth g.indb 6 3/12/14 7:51 AM . Modular equipment size of routing tables b. 6 CCNA Routing and Switching Practice and Study Guide Identify Scalability Terminology Match the definition on the left with the term on the right. and pro- vides mobility to users instructor. reduces costs. Definition Terms g. Refers to a switch’s ability to support the e. a. Important consideration in a network where i. How fast the interfaces will process network data h. Scalability e. Within an enterprise network. Business Consideration Switch Feature a. Ability to adjust to growth of network users g. supported features. Fixed configuration i. Frame buffers appropriate number of devices on the network f. This is a one-to-one matching exercise. Should provide continuous access to the net. Cost h. Switches with insertable switching line/port cards instructor. Port density other areas of the network c. Reliability work b. Chapter 1: Introduction to Scaling Networks 7 Selecting Network Devices When designing a network. Depends on the number and speed of the interfaces. Provides electrical current to other device and support redundant power supplies g. both switches and routers play a critical role in network communication. and expansion capability b.indb 7 3/12/14 7:51 AM . Power throughput d. Stackable j. Daisy-chain switches with high-bandwidth c. Selecting Switch Hardware Match the business consideration on the left with the switch feature on the right. Switches with preset features or options f. it is important to select the proper hardware to meet current network requirements and to allow for network growth. Port speed there may be congested ports to servers or j. Modular d. 255.1 255.168.16. and branch networks X Managing Devices A basic router or switch configuration includes the hostname for identification.0 192. Use the address scheme in Table 1-2 in the following exercises that review the most common router and switch configuration and verification commands.255.255.1.1. Table 1-2 Router and Switch Addressing Table Device Interface IPv4 Address Subnet Mask Default Gateway R1 G0/0 172. 8 CCNA Routing and Switching Practice and Study Guide Packet Tracer Packet Tracer .1.255.7/SwN 1.10. data center.252 N/A S1 VLAN 1 192.16.168.0 N/A S0/0/0 172. passwords for security.1 255.255.5 255.indb 8 3/12/14 7:51 AM . A router configuration also includes basic routing.5) Activity Selecting Router Hardware In Table 1-1. select the router category that applies to each description.1.252 N/A S0/0/1 192. Table 1-1 Identify Router Category Features Router Description Branch Network Service Routers Edge Provider Routers Routers Fast performance with high security for data centers.Comparing 2960 and 3560 Switches (SN 1.1 instructor.255. and branch networks Simple network configuration and management for LANs X and WANs Optimizes services on a single platform X End-to-end delivery of subscriber services X Deliver next-generation Internet experiences across all X devices and locations High capacity and scalability with hierarchical quality of X service Maximizes local services and ensures 24/7/365 uptime X Unites campus.255.168. and assignment of IP addresses to interfaces for connectivity. In addition to configuration commands. router and switch verification commands are used to verify the operational status of the router or switch and related network functionality.2.2.3.5 255.1. X campus.255. ■ Privileged EXEC password is class.0.255. ■ Save the configuration.3 area 0 R1(config-router)# do copy run start instructor.0.255.16. Router(config)# hostname R1 R1(config)# enable secret class R1(config)# line con 0 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# line vty 0 15 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# service password-encryption R1(config)# banner motd $ Authorized Access Only! $ R1(config)# interface GigabitEthernet0/0 R1(config-if)# ip address 172.168.0 R1(config-if)# no shutdown R1(config-if)# interface Serial0/0/0 R1(config-if)# ip address 172.255.1 255.3.0 0.255. ■ Interface addressing.168. ■ OSPF routing.1 255.3.255 area 0 R1(config-router)# network 172.0. to implement a basic router configuration: ■ Hostname is R1.10.0. ■ Console and Telnet line’s password is cisco. Chapter 1: Introduction to Scaling Networks 9 Basic Router Configuration Review Using Table 1-2 and the following requirements. including the router prompt.3 area 0 R1(config-router)# network 192.1.0 0. ■ Banner message-of-the-day.10.1.4 0.16.255.1 R1(config-router)# network 172.16.1.5 255. including an appropriate router ID.255.0.16. record the commands.1.indb 9 3/12/14 7:51 AM .252 R1(config-if)# no shutdown R1(config-if)# interface Serial0/0/1 R1(config-if)# ip address 192.252 R1(config-if)# no shutdown R1(config-if)# router ospf 10 R1(config-router)# router-id 1.0. 10 CCNA Routing and Switching Practice and Study Guide Basic Router Verification Review In Table 1-3.0 S1(config-if)# no shutdown S1(config-if)# ip default-gateway 192. including status. record the verification command that will generate the described output. record the commands. ■ Save the configuration.255. Switch(config)# hostname S1 S1(config)# enable secret class S1(config)# line con 0 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# line vty 0 15 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# service password-encryption S1(config)# banner motd $ Authorized Access Only! $ S1(config)# interface vlan 1 S1(config-if)# ip address 192. and local interface that learned of neighbor show interfaces Displays one or all interfaces.1.168. router ID. bandwidth. ■ Console and Telnet line’s password is cisco. and duplex type Basic Switch Configuration Review Using Table 1-2 and the following requirements. IP address. including router ID.1 S1(config-if)# do copy run start instructor. including the switch prompt. and outbound interface show ip protocols Displays information about routing protocols. to implement a basic switch configuration: ■ Hostname is S1. including admin- istrative distance.1. and neighbors show cdp neighbors Displays information about directly connected Cisco devices show ip interface brief Displays all interfaces in an abbreviated format. ■ Privileged EXEC password is class.255. state.indb 10 3/12/14 7:51 AM . including process ID.5 255.168. Table 1-3 Router Verification Commands Command Command Output show ip route Displays the routing table for known networks. metric. ■ VLAN 1 interface addressing. ■ Banner message-of-the-day. including IP address and status show ip ospf neighbor Displays information about neighbors. Table 1-4 Router Verification Commands Command Command Output show cdp neighbors Displays information about directly connected Cisco devices show port-security address Displays all secure MAC addresses show mac-address-table Displays a table of learned MAC addresses. record the verification command that will generate the described output. Chapter 1: Introduction to Scaling Networks 11 Basic Switch Verification Review In Table 1-4. and action to be taken Packet Tracer Packet Tracer . including the port number and VLAN assigned to the port show interfaces Displays one or all interfaces. including status. bandwidth. security violation count.indb 11 3/12/14 7:51 AM .3.2) Challenge instructor. and duplex type show port-security Displays information about maximum MAC addresses allowed.Skills Integration Challenge (SN 1. current counts.1. indb 12 3/12/14 7:51 AM .instructor. another link needs to quickly take its place without introducing any traffic loops.indb 13 3/12/14 7:51 AM . In addition. IT administrators have to implement redundancy in their hierarchical networks. CHAPTER 2 LAN Redundancy Computer networks are inextricably linked to productivity in today’s small and medium-sized business- es. Consequently. When a switch connection is lost. This chapter investigates how Spanning Tree Protocol (STP) logically blocks physical loops in the network and how STP has evolved into a robust protocol that rapidly calculates which ports should be blocked in a VLAN-based network. the chapter briefly explores how Layer 3 redundancy is implemented through First Hop Redundancy Protocols (FHRPs). instructor. draw redundant links between the access. such as a failed network cable or switch. STP was developed to address the issue of loops in a redundant Layer 2 design. Each distribution layer switch should have two links to the core layer with each link connecting to a different core layer switch. 14 CCNA Routing and Switching Practice and Study Guide Spanning-Tree Concepts Redundancy increases the availability of a network topology by protecting the network from a single point of failure.indb 14 3/12/14 7:51 AM . and core switches. Each access switch should have two links to the distribution layer with each link connecting to a different distribution layer switch. Figure 2-1 Redundant Topology C1 C2 Core Distribution D1 D2 D3 D4 Access S1 S2 S3 S4 S5 S6 PC1 PC2 PC3 PC4 PC5 PC6 Figure 2-1a Redundant Topology (answer) C1 C2 Core Distribution D1 D2 D3 D4 Access S1 S2 S3 S4 S5 S6 PC1 PC2 PC3 PC4 PC5 PC6 instructor. distribution. Draw a Redundant Topology In Figure 2-1. This switch automatically becomes the root bridge. The lowest BID value determines which switch is root. A switch port is considered blocked when network traffic is prevented from entering or leaving that port. which is documented in IEEE 802. instructor.Examining a Redundant Design (SN 2.5) Activity Spanning-Tree Operation Because Rapid Spanning Tree Protocol (RSTP). the STA calculates the shortest path to the root bridge. Each BPDU contains a BID that identifies the switch that sent the BPDU. supersedes the original STP documented in IEEE 802. Packet Tracer Packet Tracer . The STA designates a single switch as the root bridge and uses it as the reference point for all subsequent calculations. each switch may flood broad- casts endlessly. STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop. Specifically.1. Multiple copies of the same frame can cause unrecoverable errors. all references to STP assume RSTP unless otherwise indicated. STP uses the spanning-tree algorithm (STA) to determine which switch ports on a network need to be blocking to prevent loops from occurring. Describe each of the following issues: ■ MAC database instability: Instability in the content of the MAC address table results from copies of the same frame being received on different ports of the switch.1D-1998.5/SwN 4. ■ Broadcast storms: Without some loop-avoidance process.1. Chapter 2: LAN Redundancy 15 Purpose of Spanning Tree STP prevents specific types of issues in a redundant topology like the one in Figure 2-1. STA chooses the path with the lowest path cost.1. ■ Multiple frame transmission: Multiple copies of unicast frames may be delivered to des- tination stations. You should be prepared to use a topology like Figure 2-1 to explain exactly how these three issues would occur if STP was not implemented.1D-2004. This situation is commonly called a broadcast storm. A bridge protocol data unit (BPDU) is a frame containing STP information exchanged by switches running STP. Switches participat- ing in STP determine which switch has the lowest bridge ID (BID) on the network. If there is more than one path to choose from.1. Many protocols expect to receive only a single copy of each transmis- sion. After the root bridge has been determined.indb 15 3/12/14 7:51 AM . three potential issues would occur if STP was not implemented. Data for- warding can be impaired when the switch consumes the resources that are coping with instability in the MAC address table. The port roles describe their relation in the network to the root bridge and whether they are allowed to forward traffic: ■ Root ports: Switch ports closest to the root bridge ■ Designated ports: Nonroot ports that are still permitted to forward traffic on the network ■ Alternate and backup ports: Ports in a blocking state to prevent loops ■ Disabled port: Ports that are administratively shut down After a switch boots. it configures the switch ports into distinct port roles. enter the spanning-tree cost value command in interface configuration mode. Record the commands. To configure the port cost of an interface. How would a switch determine that another switch is now the root bridge? If the root ID in the BPDU received from another switch is lower than the root ID on the receiving switch. Table 2-1 Port Costs Link Speed Cost (Revised IEEE Cost (Previous IEEE Specification) Specification) 10 Gbps 2 1 1 Gbps 4 1 100 Mbps 19 10 10 Mbps 100 100 Although switch ports have a default port cost associated with them. the receiving switch updates its cached root ID information to that of the sending switch.indb 16 3/12/14 7:51 AM . as shown here: S2# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee instructor. The range value can be between 1 and 200. to configure the port cost for F0/1 as 15: S2(config)# interface f0/1 S2(config-if)# spanning-tree cost 15 To verify the port and path cost to the root bridge. the port cost is configu- rable. 16 CCNA Routing and Switching Practice and Study Guide When the STA has determined the “best” paths emanating from the root bridge. each switch identifies itself as the root bridge after boot. enter the show spanning-tree privileged EXEC mode command. Initially. it sends BPDU frames containing the switch BID and the root ID every 2 seconds.000. How does the STA determine path cost? The path information is determined by summing up the individual egress port costs along the path from the respective switch to the root bridge.000. including the switch prompt. Record the default port costs for various link speeds in Table 2-1. the bridge priority is a customizable value that you can use to influence which switch becomes the root bridge.---.Nbr Type ------------------.--------. Cisco enhanced its implementation of STP to include support for the extended system ID field. the switch with the lowest MAC address has the lower BID. they provide good exercise topologies for you to practice determining the STP port roles. which contains the ID of the VLAN with which the BPDU is associated.3 P2p Fa0/4 Desg LIS 19 128.ef00 Cost 15 Port 1 (FastEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address c07b.2 P2p Fa0/3 Desg LIS 19 128. Of these three fields.indb 17 3/12/14 7:51 AM . use the priority values and MAC addresses to determine the root bridge.6 P2p<output omitted> The BID field of a BPDU frame contains three separate fields: bridge priority.-------------------------------- Fa0/1 Root FWD 15 128. Because using the extended system ID changes the number of bits available for the bridge pri- ority.-------. Then label the ports with one of the following: ■ RP: Root Port ■ DP: Designated Port ■ AP: Alternate Port instructor.1D Port Roles The topologies in the next three figures do not necessarily represent an appropriate network design. The default value for this field is 32768. In Figures 2-2 through 2-4. However.1 P2p Fa0/2 Altn BLK 19 128. the customizable values can only be multiples of 4096. Identify the 802. extended system ID. Chapter 2: LAN Redundancy 17 Root ID Priority 32769 Address c025. and MAC address.5cd7.4 P2p Fa0/6 Desg FWD 19 128. When two switches are configured with the same priority and have the same extended system ID.bcc4.--.a980 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 sec Interface Role Sts Cost Prio. Scenario 1 (answer) G1/1 Root G1/1 S1 RP DP S2 F0/1 F0/1 G1/2 DP DP DP AP RP G1/2 RP F0/1 F0/1 S3 S4 Device Priority MAC Address S1 32769 000a:0001:1111 S2 24577 000a:0002:2222 S3 32769 000a:0003:3333 S4 32769 000a:0004:4444 Figure 2-3 802.1D Port Roles .1D Port Roles .Scenario 1 G1/1 G1/1 S1 S2 F0/1 F0/1 G1/2 G1/2 F0/1 F0/1 S3 S4 Device Priority MAC Address S1 32769 000a:0001:1111 S2 24577 000a:0002:2222 S3 32769 000a:0003:3333 S4 32769 000a:0004:4444 Figure 2-2a 802.Scenario 2 G1/1 G1/1 S1 S2 F0/1 F0/1 G1/2 G1/2 F0/1 F0/1 S3 S4 Device Priority MAC Address S1 24577 000a:0001:1111 S2 32769 000a:0002:2222 S3 32769 000a:0003:3333 S4 32769 000a:0004:4444 instructor. 18 CCNA Routing and Switching Practice and Study Guide Figure 2-2 802.1D Port Roles .indb 18 3/12/14 7:51 AM . 1D Port Roles . Chapter 2: LAN Redundancy 19 Figure 2-3a 802.Scenario 3 G1/1 G1/1 S1 S2 F0/1 F0/1 G1/2 G1/2 F0/1 F0/1 S3 S4 Device Priority MAC Address S1 32769 000a:0001:1111 S2 32769 000a:0002:2222 S3 24577 000a:0003:3333 S4 32769 000a:0004:4444 Figure 2-4a 802.1D Port Roles .1D Port Roles .Scenario 3 (answer) G1/1 G1/1 S1 DP AP S2 F0/1 F0/1 G1/2 RP RP DP DP RP G1/2 DP F0/1 F0/1 S3 S4 Root Device Priority MAC Address S1 32769 000a:0001:1111 S2 32769 000a:0002:2222 S3 24577 000a:0003:3333 S4 32769 000a:0004:4444 instructor.Scenario 2 (answer) Root G1/1 G1/1 S1 DP RP S2 F0/1 F0/1 G1/2 DP DP DP RP RP G1/2 AP F0/1 F0/1 S3 S4 Device Priority MAC Address S1 24577 000a:0001:1111 S2 32769 000a:0002:2222 S3 32769 000a:0003:3333 S4 32769 000a:0004:4444 Figure 2-4 802.indb 19 3/12/14 7:51 AM . 1. Comparing the STP Varieties Identify each of the STP varieties described in the following list: ■ Multiple Spanning Tree Protocol (MSTP): This is an IEEE that maps multiple VLANs into the same spanning tree instance.1D Low Slow All VLANs PVST+ Cisco High Slow Per VLAN RSTP 802. ■ Rapid PVST+: This is a Cisco enhancement that provides a separate instance of 802.Exercise 1 Protocol Standard Resources Needed Convergence Tree Calculation STP 802. Table 2-2 STP Characteristics . ■ PVST+: This is a Cisco enhancement of STP that provides a separate 802.1w Medium Fast All VLANs Rapid PVST+ Cisco Very high Fast Per VLAN MSTP 802. instructor. A network administrator should know which type to implement based on the equip- ment and topology needs.10) Varieties of Spanning Tree Protocols STP has been improved multiple times since its introduction in the original IEEE 802.1D version (802. Complete the cells in Table 2-2 to identify each the characteristics of each STP variety. ■ Rapid Spanning Tree Protocol (RSTP) or IEEE 802.1. ■ STP: This is the original IEEE 802.indb 20 3/12/14 7:51 AM .10/SwN 4.2.1D speci- fication. 20 CCNA Routing and Switching Practice and Study Guide Lab – Building a Switched Network with Redundant Links (SN 2. Some characteristics apply to more than one STP variety.1D-2004: This is an updated version of the STP standard. Cisco Medium or high Fast Per instance In Table 2-3. incorporating IEEE 802.1w per VLAN. ■ 802.1w: This is an evolution of STP that provides faster convergence than STP.1D spanning tree instance for each VLAN configured in the network.1w. indicate which varieties of STP are best described by the characteristic.1D-1998 and earlier) that provides a loop-free topology in a network with redundant links.2.1s. ■ Listening: STP has determined that the port can be selected as a root port or designated port based upon the information in the BPDU frames it has received so far. At this point. There is only 1 root bridge and 1 tree.1D spanning-tree X instance for the entire bridged network. the switch port is not only receiving BPDU frames. First version of STP to address conver. but still provided only one STP instance. BPDU X X filter. PVST+ Operation After a switch boots.indb 21 3/12/14 7:51 AM . Provides a X separate 802. Briefly describe each state: ■ Blocking: The port is an alternate port and does not participate in frame forwarding. Maps multiple VLANs that have the X same traffic flow requirements into the same spanning-tree instance. The port continues to process received BPDU frames to determine the location and root ID of the root bridge and what port role the switch port should assume in the final active STP topology. X X Uses 1 IEEE 802. Has the highest CPU and memory X requirements.Exercise 2 Characteristic STP PVST+ RSTP Rapid MSTP MST PVST+ A Cisco implementation of 802. regardless of the number of VLANs. X X X Cisco enhancement of STP. instructor. The port returns to blocking state if it is determined that the port does not provide the lowest cost path to the root bridge. the spanning tree is immediately determined as ports transition through five possible states and three BPDU timers on the way to convergence.1s that X provides up to 16 instances of RSTP. An evolution of STP that provides faster X STP convergence. X gence issues. Supports PortFast. X X Cisco proprietary versions of STP. and loop guard. Can lead to suboptimal traffic flows. root guard. BPDU guard. it is also transmitting its own BPDU frames and informing adjacent switches that the switch port is preparing to participate in the active topology. Chapter 2: LAN Redundancy 21 Table 2-3 STP Characteristics . Cisco enhancement of RSTP.1D spanning-tree instance for each VLAN. X The default STP mode for Cisco Catalyst X switches. every active port in the switched network is either in the forwarding state or the blocking state. The root port is the lowest-cost path from the nonroot bridge to the root bridge. Table 2-4 Operations Allowed at Each Port State Operation Allowed Port State Blocking Listening Learning Forwarding Disabled Can receive and process BPDUs Yes Yes Yes Yes No Can forward data frames No No No Yes No received on interface Can forward data frames No No No Yes No switched from another interface Can learn MAC addresses No No Yes Yes No Rapid PVST+ Operation RSTP (IEEE 802. Step 1. Once stable. The switch port is administratively disabled.1w) is an evolution of the original 802. Step 4. Step 3.1D-2004 standard. What is the primary difference between Rapid PVST+ and RSTP? With Rapid PVST+. RSTP identifies those ports that can be considered edge ports that are directly connected to an end device. Rapid PVST+ is the Cisco implementation of RSTP on a per- VLAN basis. ■ Forwarding: The port is considered part of the active topology and forwards frames and also sends and receives BPDU frames. List and briefly describe the four steps PVST+ performs for each VLAN to provide a loop-free logical topology. ■ Disabled: The Layer 2 port does not participate in spanning tree and does not forward or process frames. instructor. Because edge ports are not connected to another switch. Selects the designated port on each segment: The designated port is selected on the switch that has the lowest-cost path to the root bridge. to logically break the loop topology.1D standard and is incorporated into the IEEE 802. 22 CCNA Routing and Switching Practice and Study Guide ■ Learning: The port prepares to participate in frame forwarding and begins to populate the MAC address table. Elects one root bridge: The root bridge is the switch with the lowest bridge ID. Briefly describe the RSTP concept that corresponds to the PVST+ PortFast feature. Step 2. In Table 2-4. an independent instance of RSTP runs for each VLAN. The remaining ports in the switched network are alternate ports: Alternate ports normally remain in the blocking state. Selects the root port on each nonroot bridge: STP establishes one root port on each nonroot bridge.indb 22 3/12/14 7:51 AM . answer the “Operation Allowed” question with “yes” or “no” for each port state. they can immediately transition to the forwarding state. The root bridge is determined by the lowest BID + VLAN ID X + MAC. backup. edge. Sends a BPDU “hello message” every 2 seconds. alternate.indb 23 3/12/14 7:51 AM . or both. X Spanning-Tree Configuration It is crucial to understand the impact of a default switch configuration on STP convergence and what configurations can be applied to adjust the default behavior. indicate whether the characteristic describes PVST+. PVST+ and Rapid PVST+ Configuration Complete Table 2-6 to show the default spanning-tree configuration for a Cisco Catalyst 2960 series switch. X CPU processing and trunk bandwidth usage is greater than X with STP. X Possible to have load sharing with some VLANS forwarding X on each trunk. X Port roles: root. Table 2-5 Comparing PVST+ and Rapid PVST+ Characteristic PVST+ Rapid PVST+ Both Cisco proprietary protocol.1D STP instance for each VLAN. Chapter 2: LAN Redundancy 23 What command implements Cisco’s version of an edge port? spanning-tree portfast In Table 2-5. Table 2-6 Default Switch Configuration Feature Default Setting Enable state Enabled on VLAN 1 Spanning-tree mode PVST+ Switch priority 32768 Spanning-tree port priority 128 (configurable on a per-interface basis) Spanning-tree port cost 1000 Mbps: 4 (configurable on a per-interface basis) 100 Mbps: 19 10 Mbps: 100 Spanning-tree VLAN port priority 128 (configurable on a per-VLAN basis) instructor. Rapid PVST+. Ports can transition to forwarding state without relying on a X timer. Runs a separate IEEE 802. designated. The BPDU guard feature protects the spanning tree from recalculations that might occur if a BPDU is received on an edge port because it connected to a switch.--.3333 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 0019. Use the value 4096 when necessary: S1(config)# spanning-tree vlan 1 root primary !or S1(config)# spanning-tree vlan 1 priority 4096 Record the command to verify that the local switch is now root: S1# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 24577 Address 000A.b000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.0033.aa9e.---. instructor.-------------------------------- Fa0/1 Desg FWD 4 128.Nbr Type ---------------.-------.--------. 24 CCNA Routing and Switching Practice and Study Guide Feature Default Setting Spanning-tree VLAN port cost 1000 Mbps: 4 (configurable on a per-VLAN basis) 100 Mbps: 19 10 Mbps: 100 Spanning-tree timers Hello time: 2 seconds Forward-delay time: 15 seconds Maximum-aging time: 20 seconds Transmit hold count: 6 BPDUs Document the two different configuration commands that you can use to configure the bridge priority value so that the switch is root for VLAN 1.2 Shr Explain the purpose of the BPDU guard feature on Cisco switches.1 Shr Fa0/2 Desg FWD 4 128.indb 24 3/12/14 7:51 AM . showing only two distribution layer switch- es and one access layer switch. D1 should be the primary root for VLAN 1 and VLAN 15 and the secondary root for VLAN 25. By default. Figure 2-5 represents a small section of Figure 2-1. and PC2 is assigned to VLAN 25. D1 commands D1(config)# spanning-tree vlan 1 root primary D1(config)# spanning-tree vlan 15 root primary D1(config)# spanning-tree vlan 25 root secondary D2 commands D2(config)# spanning-tree vlan 15 root secondary D2(config)# spanning-tree vlan 25 root primary instructor. Figure 2-5 PVST+ Configuration Topology Root for VLAN 15 Root for VLAN 25 D1 D2 S1 PC1 PC2 VLAN 15 VLAN 25 Based on these requirements. Chapter 2: LAN Redundancy 25 What command interface configuration command enables BPDU guard? spanning-tree bpduguard enable What global configuration command will configure all nontrunking ports as edge ports? spanning-tree portfast default What global configuration command will configure BPDU guard on all PortFast-enabled ports? spanning-tree portfast bpduguard default The power of PVST+ is that it can load balance across redundant links. PC1 is assigned to VLAN 15. D2 should be the primary root for VLAN 25 and the secondary root for VLAN 15. you must manually configure PVST+ to use the link.indb 25 3/12/14 7:51 AM . we have attached PC2 to S1. document the commands to modify the default PVST+ operation on D1 and D2. the least- favored redundant link is not used. So. For this example. Configuring Rapid PVST+. Through the use of a virtual IP address.3/SwN 4. a high-availability network might also implement Layer 3 redundancy by sharing the default gateway responsibility across multiple devices.2) Activity First Hop Redundancy Protocols Up to this point. S1(config)# spanning-tree portfast default S1(config)# spanning-tree portfast bpduguard default Now.2.3.3. PortFast. In addition to Layer 1 and Layer 2 redundancy.1. The section reviews First Hop Redundancy Protocols (FHRPs) that provide Layer 3 redundancy.1.indb 26 3/12/14 7:51 AM . and BPDU Guard (SN 2.2/SwN 4.3.5/SwN 4. instructor.3. 26 CCNA Routing and Switching Practice and Study Guide Document the commands to configure all nontrunking ports on S1 as edge ports with BPDU guard enabled.Configuring Rapid PVST+ (SN 2. What command is required? spanning-tree mode rapid-pvst Lab . we’ve been reviewing STP and how to manipulate the election of root bridges and load balance across redundant links.3.2.2. assume that you want to run rapid PVST+ on all three switches.3.Configuring PVST+ (SN 2.3) Packet Tracer .5) Packet Tracer Activity Packet Tracer Packet Tracer . two Layer 3 devices can share the default gateway responsibility.2. The Layer 2 address returned by ARP for an FHRP gateway instructor. Two or more routers sharing a single MAC and d. Forwarding router h. A device that is part of a virtual router group assigned to the role of default gateway f. A Layer 3 address assigned to a protocol that shares the single address among multiple devices g. A device that is part of a virtual router group assigned the role of alternate default gateway f. First-hop redundancy way c. Default gateway failure of a device acting as the default gate. This is a one-to-one matching exercise. Virtual router traffic a. Chapter 2: LAN Redundancy 27 Identify FHRP Terminology Match the definition on the left with the terms on the right. Definitions Terms b. Virtual MAC address router should take the active role in forwarding h. b.indb 27 3/12/14 7:51 AM . A device that routes traffic destined to net- work segments beyond the source network segment e. Provides the mechanism for determining which g. Virtual IP address d. The ability to dynamically recover from the a. Redundancy rrotocol IP address e. Standby router c. indicate whether the characteristic describes HSRP.168.1 standby 20 priority 120 <output omitted> instructor. X by device.168. A nonproprietary election protocol that allows several routers on a X multi-access link to use the same virtual IPv4 address.1 192.168.168. One router is elected as the virtual router master.168. or GLBP. priority 120.168. IP address 192.1.20. Cisco-proprietary FHRP protocol that protects data traffic from a X failed router or circuit while also allowing load sharing between a group of redundant routers.1. 28 CCNA Routing and Switching Practice and Study Guide Identify the Type of FHRP In Table 2-7.255. and virtual IP address 192. Table 2-7 FHRP Characteristics FHRP Characteristic HSRP VRRP GLBP Used in a group of routers for selecting an active device and a stand. Figure 2-6 HSRP and GLBP Configuration Topology Core R2 Virtual IP R1 192. HSRP and GLBP Configuration and Verification Refer to the topology in Figure 2-6.1.20 255.10 Example 2-1 shows the HSRP configuration for R2.0 standby 20 ip 192. X ers acting as backups in case the virtual router master fails.1.1.1.255. with the other rout.indb 28 3/12/14 7:51 AM . VRRP. R2 has been configured for HSRP group 20. Example 2-1 R2 HSRP Configuration R2# show run interface g0/1 <output omitted> interface GigabitEthernet0/1 ip address 192.1.1. Cisco-proprietary FHRP protocol designed to allow for transparent X failover of a first-hop IPv4 devices.168.20 192. 1. | Interface Grp Pri P State Active Standby Virtual IP Gi0/1 20 210 Active local 192.1.255.1.1.255.1 R1(config-if)#standby 20 priority 210 What command would generate the following output to verify the HSRP configuration? R1# show standby brief P indicates configured to preempt.255.1 Now assume that all HSRP configurations have been removed.168.255.0 R1(config-if)# no shutdown R1(config-if)# glbp 20 ip 192.1 R1(config-if)# glbp 20 priority 210 What command would generate the following output to verify the GLBP configuration? R1# show glbp GigabitEthernet0/0 . Example 2-2 R2 GLBP Configuration R2# show run interface g0/1 <output omitted> interface GigabitEthernet0/1 ip address 192.168.1.1. Chapter 2: LAN Redundancy 29 Using the information in Example 2-1.168. document the commands to configure R1 to be in GLBP group 20 using a priority of 210.168. priority 120.20 192. last state change 00:03:05 Virtual IP address is 192.168.Group 20 State is Active 1 state change.168.1.1 instructor. and virtual IP address 192.20.indb 29 3/12/14 7:51 AM .10 255.1.20 255.168.1.168.0 R1(config-if)# no shutdown R1(config-if)#standby 20 ip 192.0 glbp 20 ip 192.168. document the commands to configure R1 as the HSRP active router in group 20 using a priority of 210.168.168.1. R1(config)# interface GigabitEthernet0/1 R1(config-if)# ip address 192. R2 has been configured for GLBP group 20.1. Example 2-2 shows the GLBP configuration for R2.1.255. R1(config)# interface GigabitEthernet0/1 R1(config-if)# ip address 192.255. IP address 192.1 glbp 20 priority 120 <output omitted> Using the information in Example 2-2.10 255. 30 CCNA Routing and Switching Practice and Study Guide Hello time 3 sec.20 (primary).20) There are 2 forwarders (1 active) Forwarder 1 State is Active 1 state change.f671.792 secs Redirect time 600 sec.f671. weighting 100 (expires in 9. weighting 100 Forwarder 2 State is Listen MAC address is 0007.db58 Redirection enabled Preemption enabled. min delay 30 sec Active is 192.eb38 (192.eb38 Redirection enabled.b400. priority 120 (expires in 9.4. thresholds: lower 1.168.040 sec (maximum 14400 sec) Preemption enabled.1.4/SwN 4. hold time 10 sec Next hello sent in 1.3.4) instructor.b400.312 sec) Lab .040 sec remaining (maximum 600 sec) Time to live: 14399.f671.10) local 0006.168. upper 100 Load balancing: round-robin Group members: 0006.024 sec) Priority 210 (configured) Weighting 100 (default 100).Configuring HSRP and GLBP (SN 2.3.20. min delay 30 sec Active is local.0a02 (learnt) Owner ID is 0006.indb 30 3/12/14 7:51 AM .1. 599. forwarder timeout 14400 sec Preemption disabled Active is local Standby is 192.1.db58 (192.168.0a01 (default) Owner ID is 0006. last state change 00:02:53 MAC address is 0007.1.168.f671.4. This allows load sharing among the physical links. instructor. rather than having a STP block one or more of the links. CHAPTER 3 Link Aggregation Link aggregation is the ability to create one logical link using multiple physical links between two devices.indb 31 3/12/14 7:51 AM . even if its overall throughput decreases because of a lost link within the EtherChannel. indicate the mode that is described. ■ Active: The interface initiates negotiations with other interfaces by sending LACP packets. List at least three advantages to using EtherChannel: ■ Most configuration tasks can be done on the EtherChannel interface instead of on each individual port. For PAgP. the EtherChannel remains functional. ■ Load balancing takes place between links that are part of the same EtherChannel. ■ Desirable: The interface initiates negotiations with other interfaces by sending PAgP packets. ■ EtherChannel provides redundancy because the overall link is seen as one logical con- nection. ■ EtherChannel relies on existing switch ports. For LACP. there are also two proto- cols that can be used to configure the negotiation process: Port Aggregation Protocol (PAgP— Cisco proprietary) and Link Aggregation Control Protocol (LACP—IEEE 802. Where there is only one EtherChannel link. These two protocols ensure that both sides of the link have compatible configurations—same speed. but does not initi- ate LACP negotiation. ■ Auto: The interface responds to the PAgP packets that it receives. Assuming at least one physical link is present. duplex setting. but does not initiate PAgP negotiation. and VLAN information. briefly describe each of the following modes: ■ On: This mode forces the interface to channel without PAgP. However.indb 32 3/12/14 7:51 AM . all physical links in the EtherChannel are active because STP sees only one (logical) link. instructor. EtherChannel Advantages EtherChannel technology was originally developed by Cisco as a technique of grouping several Fast Ethernet or Gigabit Ethernet switch ports into one logical channel. briefly describe each of the following modes: ■ On: This mode forces the interface to channel without LACP. The modes for each differ slightly. ■ EtherChannel creates an aggregation that is seen as one logical link. 32 CCNA Routing and Switching Practice and Study Guide Link Aggregation Concepts One of the best ways to reduce the time it takes for STP convergence is to simply avoid STP.3ad). EtherChannel is a form of link aggregation used in switched networks. In Table 3-1. ■ Passive: The interface responds to the LACP packets that it receives. EtherChannel Operation You can configure EtherChannel as static or unconditional. No need to upgrade. Chapter 3: Link Aggregation 33 Table 3-1 PAgP and LACP Modes Mode PAgP and/or LACP Mode Description Active Initiates LACP negotiations with other interfaces. Desirable Actively initiates PAgP negotiations with other interfaces.indb 33 3/12/14 7:51 AM . instructor. two switches are using LACP. Does not initiate LACP negotiations. The mode that is configured on each side of the EtherChannel link determines whether EtherChannel will be operational. Table 3-3 EtherChannel Negotiation Using LACP Switch 1 Mode Switch 2 Mode EtherChannel Established? Passive On No Passive Active Yes On On Yes Passive Passive No On Active No Link Aggregation Configuration EtherChannel configuration is rather straightforward once you decide on which protocol you will use. Passive Places an interface in a passive. the easiest method is to just force both sides to be on. Indicate with “yes” or “no” whether EtherChannel is established. On Forces EtherChannel state without PAgP or LACP initiated negotiations. responding state. In Table 3-2. Indicate with “yes” or “no” whether EtherChannel is established. responding state. two switches are using PAgP. Table 3-2 EtherChannel Negotiation Using PAgP Switch 1 Mode Switch 2 Mode EtherChannel Established? Auto Auto No Auto Desirable Yes On Desirable No On Off No Desirable Desirable Yes In Table 3-3. Auto Places an interface in a passive. In fact. Does not initiate PAgP negotiations. LACP. to configure the S1 Fa0/1 and Fa0/2 into an EtherChannel without negotiations.20 instructor. including the switch prompt. S1 should initiate the negotiations. Use the interface port-channel identifier command to configure channel-wide settings like trunking. As you can see from the configuration steps. participate in the EtherChannel group using the interface range interface command. the way you specify whether to use PAgP.10. The channel-group command automatically creates a port channel interface using the identifier as the number. including the switch prompt. The channel should trunk. 10. and share the same range of allowed VLANs on trunks. So. S1(config)# interface range fa0/1-2 S1(config-range-if)# channel-group 1 mode desirable S1(config-range-if)# interface port-channel 1 S1(config-if)# switchport mode trunk S1(config-if)# switchport trunk allowed vlan 1. What are the requirements for each interface before they can form an EtherChannel? All interfaces must support EtherChannel. S1(config)# interface range fa0/1-2 S1(config-range-if)# channel-group 1 mode on S1(config-range-if)# interface port-channel 1 S1(config-if)# switchport mode trunk S1(config-if)# switchport trunk native vlan 99 EtherChannel Configuration Scenario 1 Record the commands. Figure 3-1 EtherChannel Topology Fa0/1 S1 S2 Fa0/2 EtherChannel Configuration Scenario 1 Record the commands. The keywords auto and desirable enable PAgP. to configure the S1 Fa0/1 and Fa0/2 into an EtherChannel using PAgP. allowing only VLANs 1. be configured with the same speed and duplex settings. native VLANs. complete the following steps: Step 1. support the same VLAN or be configured as a trunk. 34 CCNA Routing and Switching Practice and Study Guide Configuring EtherChannel To configure EtherChannel. Then force the channel to trunking using native VLAN 99.indb 34 3/12/14 7:51 AM . Step 2. Step 3. The keywords active and passive enable LACP. Specify the interfaces that. consider Figure 3-1 in each of the following configuration scenarios. or allowed VLANs. or no negotiations is by configuring one keyword in the channel-group command. Create the port channel interface with the channel-group identifier mode {on | auto | desirable | active | passive} command in interface range configuration mode. and 20. with those steps in mind. The keyword on forces the port to channel without PAgP or LACP. 2.indb 35 3/12/14 7:51 AM . Chapter 3: Link Aggregation 35 EtherChannel Configuration Scenario 1 Record the commands.unsuitable for bundling w . The channel should trunk.1. rxload 1/255 <output omitted> S1# show etherchannel summary Flags: D . DLY 100 usec.2.failed to allocate aggregator M .suspended H .3/SwN 5.8a01) MTU 1500 bytes. to configure the S1 Fa0/1 and Fa0/2 into an EtherChannel using LACP.Configuring EtherChannel (SN 3. reliability 255/255. including the switch prompt. line protocol is up (connected) Hardware is EtherChannel.4) Packet Tracer . BW 200000 Kbit/sec. allowing all VLANs.1.3) Packet Tracer Activity Verifying and Troubleshooting EtherChannel Record the commands used to display the output in Example 3-1.1.default port Number of channel-groups in use: 1 Number of aggregators: 1 instructor.bundled in port-channel I .not in use. txload 1/255.4/SwN 5.waiting to be aggregated d .1.8a01 (bia 0cd9.stand-alone s .2.Configuring EtherChannel (SN 3.96e8.Layer3 S .Hot-standby (LACP only) R .in use f . Example 3-1 EtherChannel Verification Commands S1# show interface port-channel1 Port-channel1 is up.96e8. address is 0cd9. S1(config)# interface range fa0/1-2 S1(config-range-if)# channel-group 1 mode passive S1(config-range-if)# interface port-channel 1 S1(config-if)# switchport mode trunk Lab . S1 should not initiate the negotiations.Layer2 U .down P . minimum links not met u .2. P . Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = LACP Flags: S .indb 36 3/12/14 7:51 AM .Device is sending Slow LACPDUs F .Device is in active mode.Device is in passive mode. A . 36 CCNA Routing and Switching Practice and Study Guide Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/1(P) Fa0/2(P) S1# show etherchannel port-channel Channel-group listing: ---------------------- Group: 1 ---------- Port-channels in the group: --------------------------- Port-channel: Po1 (Primary Aggregator) ------------ Age of the Port-channel = 0d:00h:25m:17s Logical slot/port = 2/1 Number of ports = 2 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = LACP Port security = Disabled Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------- 0 00 Fa0/1 Active 0 0 00 Fa0/2 Active 0 Time since last port bundled: 0d:00h:05m:41s Fa0/2 Time since last port Un-bundled: 0d:00h:05m:48s Fa0/2 S1# show interfaces f0/1 etherchannel Port state = Up Mstr Assoc In-Bndl Channel group = 1 Mode = Active Gcchange = - Port-channel = Po1 GC = . instructor.Device is sending fast LACPDUs. Fa0/1(D) Fa0/2(D) S1# show run | begin interface Port-channel instructor. ■ Allowed VLANs on trunks must be the same for both sides.96d2.bundled in port-channel I .Layer2 U .not in use. Chapter 3: Link Aggregation 37 Local information: LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Fa0/1 SA bndl 32768 0x1 0x1 0x102 0x3D Partner's information: LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key Number State Fa0/1 SA 32768 0cd9. ■ Both sides of the channel must be configured with compatible PAgP or LACP dynamic negotiation options.indb 37 3/12/14 7:51 AM .unsuitable for bundling w .waiting to be aggregated d .4000 4s 0x0 0x1 0x102 0x3D Age of the port in the current state: 0d:00h:24m:59s S1# When troubleshooting an EtherChannel issue.Layer3 S . keep in mind the configuration restrictions for interfaces that participate in the channel.stand-alone s .default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SD) .down P .suspended H . Refer to the output for S1 and S2 in Example 3-2.failed to allocate aggregator M . Example 3-2 Troubleshooting an EtherChannel Issue S1# show etherchannel summary Flags: D . ■ All ports must be in the same VLANs or configured as trunks. minimum links not met u . Record the command that generated the output.Hot-standby (LACP only) R . ■ The link speed and duplex setting must match. List at least four restrictions.in use f . ■ Trunking mode must be the same for each side of the channel. you must first remove the port channel. 38 CCNA Routing and Switching Practice and Study Guide interface Port-channel1 switchport mode trunk ! interface FastEthernet0/1 switchport mode trunk channel-group 1 mode auto ! interface FastEthernet0/2 switchport mode trunk channel-group 1 mode auto ! <output omitted> S 1# S2# show run | begin interface Port-channel interface Port-channel1 switchport mode trunk ! interface FastEthernet0/1 switchport mode trunk channel-group 1 mode auto ! interface FastEthernet0/2 switchport mode trunk channel-group 1 mode auto ! <output omitted> S2# Explain why the EtherChannel between S1 and S2 is down. spanning-tree errors cause the associated ports to go into blocking or errdisabled state. and then configure the interfaces to use desirable mode. Otherwise. For this reason. EtherChannel and spanning tree must interoperate. the order in which EtherChannel-related commands are entered is important. This can be done on one or both switches. which means that the interface will listen for PAgP packets but will not initiate negotiations. what would you suggest to correct the issue shown in Example 3-2 if the requirement is to use PAgP? What commands would be required? Remove the port channel 1 interface.indb 38 3/12/14 7:51 AM .2 S1(config-if-range)# channel-group 1 mode desirable instructor. so the channel is down. S1(config)# no interface Port-channel 1 S1(config)# interface range f0/1 . With that in mind. To correct this issue. Neither side initiates negotiation. Both sides of the link are set to the PAgP auto mode. 2.1.2 S2(config-if-range)# channel-group 1 mode desirable S2(config-if-range)# no shutdown S2(config-if-range)# interface Port-channel 1 S2(config-if)# switchport mode trunk Lab .2.2.2.3/SwN 5.4/SwN 5.3.2.1.Troubleshooting EtherChannel (SN 3.4) Packet Tracer .2) instructor.2.Troubleshooting EtherChannel (SN 3.2.2.2/SwN 5.3.indb 39 3/12/14 7:51 AM . Chapter 3: Link Aggregation 39 S1(config-if-range)# interface Port-channel 1 S1(config-if)# switchport mode trunk S2(config)# no interface Port-channel 1 S2(config)# interface range f0/1 .3) Packet Tracer Activity Packet Tracer .Skills Integration Challenge (SN 3. indb 40 3/12/14 7:51 AM .instructor. implementation. This chapter reviews WLAN technology. If you have a router at home. security. planning. instructor. WLANs provide the ability to connect from any location at any time within the campus network. chances are it supports a wireless LAN (WLAN). com- ponents.indb 41 3/12/14 7:51 AM . WLANs use radio frequencies that present some unique design and implementation considerations. CHAPTER 4 Wireless LANs Wireless networks are becoming increasingly ubiquitous. and troubleshooting. In the work environment. frequency or frequencies. 3G. 42 CCNA Routing and Switching Practice and Study Guide Wireless LAN Concepts Wireless access can result in increased productivity and more relaxed employees. indi- cate the wireless technology described by each feature.15 X Uses 2G. it became important to maintain backward compatibility so that devices would still be able to connect to newer and faster access points. Although the focus for the CCNA student is on WLANs.11 are listed in chronological order. For each one.11 X WLANs standards began in 1997 with the first 802. employees have the flexibility to work when they want. indicate the maximum speed. and with what earlier versions the specification is compatible (if any). and 4G variations X Supports speeds up to 1 Gbps X Provides mobile broadband connectivity X Supports download speeds up to 10 X Mbps Supports speeds up to 5 Mbps X Distance transmissions of up to 300 X meters Requires directional dish aligned with X GEO device Supports speeds up to 24 Mbps X Transmission distances of up to 30 miles X (50 km) Distance transmissions of up to 100 X meters Supports speeds up to 7 Gbps X IEEE 802. all the current flavors of 802. In Table 4-1. In Table 4-2. As the standard rapidly evolved. Subsequent revisions have increased the speed and changed the frequency.16 X IEEE 802. you should also be aware of the basic features of other wireless technologies and applications. This section reviews basic wireless concepts and components. Table 4-1 Identify the Wireless Technology Wireless Technology Feature Bluetooth Wi-Fi WiMax Cellular Satellite Clear line of sight required X IEEE 802. With wire- less networking. where they want. the term wireless encompasses a wide variety of technologies. instructor. Identify Wireless Technologies When referring to communication networks.indb 42 3/12/14 7:51 AM .11 specification. 4 GHz 802.11b X 802.11g 802.4 GHz (UHF) 5 GHz (SFH) 60 GHz (EHF) 802.11b 802.3 Gbps 5 GHz 802.11ad 7 Gbps 2.11g X 802.11ad X As a network technician.11ac 1.11ac 802.11b 802.11n 802.4 GHz. you should be aware of other wireless applications that could poten- tially cause problems with your WLAN implementations. Chapter 4: Wireless LANs 43 Table 4-2 Comparing the WLAN Standards IEEE Standard Maximum Speed Frequency Backward Compatibility With 802.11n 600 Mbps 2.4 GHz None 802.4 GHz and 5 GHz 802.11n X 802. 5 GHz.11g 802. Table 4-4 Wireless Application Frequencies Wireless Application 2. In Table 4-4. indicate in Table 4-3 the frequencies at which each standard operates.11ac 802.11a 54 Mbps 5 GHz None 802. indicate whether the feature describes LANs or WLANs.11a/b/g/n/ac Using your completed Table 4-2.11ad X 802.11a X 802.indb 43 3/12/14 7:51 AM .11a 802.4 GHz (UHF) 5 GHz (SHF) 60 GHz (EHF) Cellular broadband X Radar landing systems X GPS systems X Radio astronomy X X Bluetooth X Satellite communications X Microwave communications X In Table 4-5.11 2 Mbps 2.11ac X 802.11b 11 Mbps 2.11b 802.11n X 802. Some applications may use more than one frequency.4 GHz None 802.11a/b/g 802.11a/n 802. and 60 GHz 802.11g 54 Mbps 2.11ad X 802. instructor. indicate the frequency for each wireless application.11a 802. Table 4-3 WLAN Standards and Frequencies 2. X Allows for device mobility. tablets.3 LANs 802.indb 44 3/12/14 7:51 AM . such as in WLANs. X Connects to an access point. Briefly explain the difference between an autonomous AP and controller-based AP. 44 CCNA Routing and Switching Practice and Study Guide Table 4-5 Comparing LANs and WLANs WLAN or LAN Feature 802. Two or more autonomous APs can be combined into a cluster to ease management require- ments.11 wireless topologies: ■ Ad hoc mode: When two devices connect wirelessly without the aid of an infrastructure device. However. X WLANs Components and Topologies Today. you can easily install a wireless network interface card (NIC) to provide connectivity. such as a wireless router or AP. What four conditions must be met before a cluster can be formed: ■ Clustering mode is enabled on the APs. In a home or small office network. such as Ethernet. X Collision avoidance (CSMA/CA).11 WLANs Collision detection (CSMA/CD). X Connects to an Ethernet switch. X Provides for better security. Controller-based APs are server- dependent devices that require no initial configuration. instructor. ■ Infrastructure mode: When wireless clients interconnect via a wireless router or AP. Examples include Bluetooth and Wi-Fi Direct. X Radio frequencies (RFs) are used to interconnect devices. ■ The APs joining the cluster have the same cluster name. A home router is a good example of an autonomous AP. Briefly explain the two main 802. In such situations. desk- top computers usually do not. X Signal interference is normally not a problem. Autonomous APs are standalone devices configured using the Cisco CLI or a GUI. it might not be desirable or feasible to run cabling to a desktop. Wireless NICs associate (and possibly authenticate) with an access point (AP). APs connect to the network infrastructure using the wired distribu- tion system (DS). but are automatically configured and managed by a WLAN controller. all laptops. Autonomous APs are useful in situations where only a couple of APs are required in the net- work. and smartphones include an integrated wireless NIC. X Additional laws and regulations in local areas may apply. ■ The APs use the same radio mode. X Cables are used to interconnect devices. ■ The APs are connected on the same network segment. 3.10/SwN 8.3. 802.2. two or more BSSs can be joined through a common distri- bution system (DS) into an ESS.2. Figure 4-1 WLAN Topologies The topology on the left shows an example of infrastructure mode. Infrastructure mode uses two topology building blocks: a basic service set (BSS) and an extended service set (ESS). However.1. authenticating. and associating with an AP. Label the 802.1. When a single BSS provides insufficient RF coverage. label each field in the 802. The topology on the right shows an example of ad hoc mode. Ethernet does not have to worry about finding. CSMA/CA.Investigating Wireless Implementations (SN 4.11 uses a frame format similar to 802. instructor.11 uses a collision detection system similar to Ethernet’s carrier sense multiple access collision detect (CSMA/CD). label the two wireless topologies with either infrastructure mode or ad hoc mode. Nor does Ethernet have to worry about managing channels on the wireless radio frequencies.11 Frame In Figure 4-2. Lab . AP association. Briefly describe each and how they interrelate.indb 45 3/12/14 7:51 AM .11 frame. A BSS consists of a single AP interconnecting all associated wireless clients. Chapter 4: Wireless LANs 45 In Figure 4-1. but with more fields. and channel management. 802.11 frame.10) Wireless LAN Operations WLAN operations have similar structures and concepts to Ethernet’s 802. This section reviews the 802. 11 Frame Format (answer) Header Payload FCS Frame Sequence Duration Address1 Address2 Address3 Address4 Control Control Power Protocol Frame Frame More More ToDS FromDS Retry Manage. Security Reserved Version Type Subtype Fragments Data ment instructor.indb 46 3/12/14 7:51 AM .11 Frame Format Header Payload FCS Figure 4-2a 802. 46 CCNA Routing and Switching Practice and Study Guide Figure 4-2 802. c. Security ing device a. Subfield Description Subfield e.indb 47 3/12/14 7:51 AM .11 protocols is being used c. Protocol version being used b. Power management d. Identifies the frame as either a management. Indicates whether encryption/authentication is a. or data frame d. Frame subtype b. Specifies which 802. Indicates to an associated AP client that data is exiting a DS (distributed system) instructor. Chapter 4: Wireless LANs 47 Match the subfield description on the left with the subfield on the right. FromDS control. Active or power-save mode status of the send- e. This is a one-to-one matching exercise. a wire- less client transmits only if the channel is clear. a wireless device that is sending cannot also listen for collision. shared media environment. it assumes a collision occurred and retries after a random waiting interval. However. All transmissions are acknowledged. So. 48 CCNA Routing and Switching Practice and Study Guide Wireless Media Contention A wireless device operates in a half-duplex.indb 48 3/12/14 7:51 AM . unlike half-duplex Ethernet operations. a wireless device must also sense the carrier because multiple devices have access—carrier sense multiple access (CSMA). Therefore. if a wireless client does not receive an acknowledgment. IEEE developed a collision avoidance (the CA in CSMA/CA) mechanism called the distributed coordination function (DCF). Using DCF. label the missing steps in the CSMA/CA process. Therefore. In the flowchart in Figure 4-3. Figure 4-3 CSMA/CA Process Start Assemble a Frame No Yes No Yes Transmit Application Data End instructor. Chapter 4: Wireless LANs 49 Figure 4-3a CSMA/CA Process (answer) Start Assemble a Frame Is the Channel No Wait for Random Backoff Time Idle? Yes Transmit RTS No CTS Received? Yes Transmit Application Data End instructor.indb 49 3/12/14 7:51 AM . Identifies the 802. it must first associate with an AP or wireless rout- er. Match the definitions on the left with the association parameter on the right. Channel settings d. 50 CCNA Routing and Switching Practice and Study Guide Associating with an AP Before a wireless device can communicate over the network. Definitions Security Parameter e. Refers to the frequency bands being used to transmit wireless data b. Password works in the same vicinity c. Currently standards include WEP. This is a one-to-one matching activity. To do so. or WPA2 c. it must discover and authenticate with an AP. Network mode ported by the AP e. b. Prevents intruders and other unwanted users from associating with the AP instructor.indb 50 3/12/14 7:51 AM . WPA.11 WLAN standards sup- d. Security mode to distinguish between multiple wireless net. SSID a. A unique identifier that wireless clients use a. Chapter 4: Wireless LANs 51 To discover and connect with an AP or wireless routers, clients use a probing process, which can either be passive or active, as shown in Figure 4-4. Label each example as either passive or active. Figure 4-4 Two Methods to Discover an AP Sender Receiver Sender Receiver Beacon Frame (0x08) Probe Request Frame (0x04) • SSID • SSID • Supported standards • Supported standards • Security settings Beacon Frame (0x08) Probe Response Frame (0x05) • SSID • SSID • Supported standards • Supported standards • Security settings • Security settings Beacon Frame (0x08) • SSID • Supported standards • Security settings Passive mode is illustrated on the left. Active mode is illustrated on the right. Briefly explain the two authentication mechanisms: ■ Open authentication: Fundamentally a NULL authentication where the wireless client says “authenticate me” and the AP responds with “yes.” Open authentication provides wireless connectivity to any wireless device and should only be used in situations where security is of no concern. ■ Shared-key authentication: Technique is based on a key that is pre-shared between the client and the AP. After discovering and authenticating with an AP or wireless router, the wireless device goes through an association process. Label Step 3 in Figure 4-5 with the association substeps. Figure 4-5 The AP Association Process Step 1 (Discovery): Step 2 (Authentication): Step 3 (Association): Listen for beacon frames to 1 Agree with AP to share find WLAN SSIDs Open authentication (passive mode) or or 2 Send a probe request to the Initiate Shared Key AP with or without a known authentication process SSID (active mode) 3 1. Send client’s MAC address to AP. 2. Receive AP’s MAC address (BSSID). 3. Receive AP’s association identifier (AID). instructor.indb 51 3/12/14 7:51 AM 52 CCNA Routing and Switching Practice and Study Guide Channel Management Concepts In wireless implementations, a common practice is for the radio wave frequencies to be allocated as ranges. Such ranges are then split into smaller ranges called channels. Depending on the 802.11 standard, there are vari- ous ways to manage these channels. Match the channels, frequency modulation technique, or standard on the right with the definitions on the left. Definitions Channels, Frequency Modulation, and Standards h. Spreads the signal over larger-frequency bands; a. 11 used by 802.11b, cordless phones, CDMA cel- b. 12 lular, and GPS networks c. 13 c. Number of channels identified in Europe for d. 1,5,10 802.11b e. 1,6,11 e. Nonoverlapping 802.11b channels f. 802.11g i. Rapidly switches the signal over many fre- quency channels; used by the original 802.11 g. 802.11n standard, walkie-talkies, and Bluetooth h. DSSS g. Supports four nonoverlapping channels and i. FHSS channel bonding j. OFDM a. Number of channels identified in North America for 802.11b j. Maximizes spectral efficiency without caus- ing adjacent channel interference; used by 802.11a/g/n/ad instructor.indb 52 3/12/14 7:51 AM Chapter 4: Wireless LANs 53 Wireless LAN Security WLANs present unique security concerns because anyone within range of the AP and with the correct creden- tials can gain access to the network. WLAN Security Terminology Match the definitions on the left with the WLAN security terms on the right. This is a one-to-one matching exercise. Definitions WLAN Security Term k. Wireless home router connected to the corpo- a. TKIP rate network without authorization b. Man-in-the-middle attack f. Attacker sends a series of “disassociate” com- c. SSID cloaking mands to all wireless clients within a BSS d. AES g. Attacker takes advantage of the CSMA/CA e. WEP contention method to monopolize the band- width and deny all other clients access to the f. Spoofed disconnect attack AP g. CTS Flood j. The 802.11i industry standard for securing h. WPA wireless networks i. MAC address filtering b. An AP configured with the same SSID as a j. WPA2 legitimate AP k. Rogue AP a. Uses Message Integrity Check (MIC) to ensure the message has not been tampered with h. Basically WEP with TKIP encryption e. Obsolete wireless authentication method i. Manually allow or deny based on physical address c. Disable the transmission of the beacon d. Uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which allows destination hosts to recognize whether the bits have been tam- pered with instructor.indb 53 3/12/14 7:51 AM 54 CCNA Routing and Switching Practice and Study Guide Identify the WLAN Security Characteristics The best way to secure a wireless network is to use authentication and encryption systems. The two major types of authentication are open authentication and shared authentication. Open is basically no authentication. Shared-key authentication comes in three flavors: WEP, WPA, and WPA2. In Table 4-6, indicate the authentication method for each characteristic. Table 4-6 WLAN Security Characteristics WLAN Security Characteristic Open Authentication Shared-Key Authentication WEP WPA WPA2 TKIP data encryption X AES data encryption X MIC authentication X No password authentication X Medium security risk X Shared-key authentication X RC4 data encryption X No data encryption X Highest security risk X Lowest security risk X High security risk X CCMP authentication X Wireless LAN Configuration Modern wireless routers offer a variety of features, and most are designed to be functional right out of the box with the default settings. However, it is good practice to change this initial configuration—particularly, the default administrator password—so that public known default settings cannot be used to access the wireless settings. Configuring WLAN Routers and Clients The best way to practice configuring wireless routers is to complete the Lab and Packet Tracer activities associated with the course. You can also make sure your own home router is config- ured with some of the following settings: ■ Change the administrator password. ■ Change the IP addressing assigned through DHCP to wireless clients. ■ Change the service set identification (SSID) name. However, if you disable SSID broad- casts, users will have to manually enter the SSID. ■ Enable the strongest authentication protocol supported by the wireless router: hopefully WPA2. instructor.indb 54 3/12/14 7:51 AM Chapter 4: Wireless LANs 55 ■ Enable MAC address filtering if you know the devices that will be joining the WLAN. Otherwise, you will have to manually add new devices each time someone wants to access the WLAN. ■ If desired, configure a guest network and password for guest users to access the WLAN. If you do not have access to a wireless router, Packet Tracer, or Lab equipment, you can search the Internet for “wireless router configuration simulation.” Several wireless router manufactur- ers host a simulation web page where you can practice configuring their specific GUI. Lab - Configuring a Wireless Router and Client (SN 4.4.2.3/SwN 8.4.2.3) Packet Tracer - Configuring Wireless LAN Access (SN 4.4.2.2/SwN 8.4.2.2) Packet Tracer Activity Troubleshooting WLAN Issues Troubleshooting WLAN issues normally requires an elimination process. Start with the wire- less client by checking the following: ■ Does the client have a valid IP address configuration? ■ Can the client successfully access the wired network? ■ Is the client configured with the correct security settings? ■ Is the client configured with the correct channel and SSID? ■ Is the wireless NIC driver up-to-date? If the wireless client is operating as expected, check the following: ■ Is the AP powered on? ■ How far away is the closest AP? ■ Are other devices in the area interfering with the signal? ■ Are there any cabling or connector issues? Finally, check the configuration of the AP to verify that it conforms to the desired specifica- tions. Occasionally, issues with the AP software are identified and corrected by the manufacturer. So, you should regularly check to make sure that the firmware is up-to-date on the AP. Packet Tracer - Skills Integration Challenge (SN 4.5.1.2/SwN 8.5.1.2) Packet Tracer Challenge instructor.indb 55 3/12/14 7:51 AM instructor.indb 56 3/12/14 7:51 AM . instructor. propagating a default router. fine-tuning Open Shortest Path First (OSPF) Protocol interfaces. you should already know how to configure basic single-area OSPF.indb 57 3/12/14 7:51 AM . including manipulating the designated router / backup designated router (DR/BDR) elec- tion. This chapter focuses on the concepts and configurations to fine-tune the operation of OSPF. and authenticating OSPF neighbors. CHAPTER 5 Adjust and Troubleshoot Single-Area OSPF Although we will spend a little bit of time on it. 192 S0/0/0 192.168.64/26 192.255.129 255.1.1.1.168.252 Router ID 2. Single-Area OSPF Configuration Review The following activity may look familiar to you if you also used the CCENT Practice and Study Guide.245 255.248/30 G0/0 S0/0/1 RTC 384 kbps S0/0/0 RTB DCE Table 5-1 IPv4 Addressing Scheme for OSPFv2 Device Interface IPv4 Address Subnet Mask RTA G0/0 192.0/26 G0/0 S0/0/1 S0/0/0 RTA DCE 192.255.246 255.252 S0/0/1 192.65 255.1.255.2 RTC G0/0 192.252 S0/0/1 192.255.253 255.1.254 255.255.255.1 RTB G0/0 192.1.252 Router ID 1.168.255.indb 58 3/12/14 7:51 AM .255.250 255.168.168.192 S0/0/0 192.168.1. It is repeated here so that you can get back up to speed on OSPF before we look at more advanced configurations.168.1.1.255.252/30 192. 58 CCNA Routing and Switching Practice and Study Guide Advanced Single-Area OSPF Configurations In this section.1.1.252 Router ID 3.255.128/26 G0/0 192. This first topology shows IPv4 network addresses.255.168.255.255. The IPv4 addressing scheme is in Table 5-1.3 instructor.1.2.1.168. we review the concepts and configurations to fine-tune the operation of OSPFv2 and OSPFv3.255.2.255.168.249 255.168.3.244/30 OSPF T1 T1 Area 0 S0/0/0 DCE S0/0/1 192.1.1 255.168.1.255.252 S0/0/1 192. Configuring Single-Area OSPFv2 Figure 5-1 shows the topology that we will use to configure OSPFv2 and OSPFv3.255.168.168.1. Figure 5-1 OSPFv2 Topology with IPv4 Network Addresses 192.192 S0/0/0 192.168.1.255.3. the neighbors the router is receiving updates from.63 area 0 RTA(config-router)# network 192. which is 110 for OSPF. the router ID. Configuring Single-Area OSPFv3 Figure 5-2 shows the same topology we used for OSPFv2.2.0.1.indb 59 3/12/14 7:51 AM .168.64 0. including the OSPF process ID.1.0.1.2 RTB(config-router)# network 192.3 area 0 RTB(config-router)# passive-interface g0/0 RTC(config)# router ospf 1 RTC(config-router)# router-id 3.0. this command displays the OSPF area information as well as the last time the SPF algorithm was calculated.168.244 0. including the router prompt.3 RTC(config-router)#network 192.0.63 area 0 RTC(config-router)#network 192.244 0.1. Table 5-2 shows the IPv6 addressing scheme. Chapter 5: Adjust and Troubleshoot Single-Area OSPF 59 In the space provided.0.168. to con- figure the routers in Figure 5-1 with OSPFv2.1.0 0. instructor.168.252 0.1.0.1 RTA(config-router)# network 192. but with IPv6 network addresses. document the correct commands. In addition. The quickest way to verify Hello and Dead intervals is to use the show ip ospf interface com- mand.3 area 0 RTC(config-router)# passive-interface g0/0 Verifying Single-Area OSPFv2 Fill in the missing command to complete the following sentences: The show ip ospf neighbor command can be used to verify and troubleshoot OSPF neighbor relationships.3.0.128 0.168.252 0. and the default administrative distance.63 area 0 RTB(config-router)# network 192. The show ip protocols command is a quick way to verify vital OSPF configuration informa- tion.3 area 0 RTA(config-router)# passive-interface g0/0 RTB(config)# router ospf 1 RTB(config-router)# router-id 2.0.1.1.3.0. RTA(config)# router ospf 1 RTA(config-router)# router-id 1.168.0.0.0. The quickest way to verify OSPF convergence is to use the show ip route command to view the routing table for each router in the topology.1. The show ip ospf command can also be used to examine the OSPF process ID and router ID.168. Include commands to configure the router ID and disable updates on the LAN interface.0.2.3 area 0 RTA(config-router)# network 192. networks the router is advertising.0. 3.2. Include commands to enable IPv6 routing.2 RTC G0/0 2001:DB8:1:3::1/64 S0/0/0 2001:DB8:F:AC::2/64 S0/0/1 2001:DB8:F:BC::2/64 Link-local FE80::C Router ID 3. including the router prompt. RTA(config)# ipv6 unicast-routing RTA(config)# ipv6 router ospf 10 RTA(config-rtr)# router-id 1. the commands are the same for all three routers. Record the correct commands.indb 60 3/12/14 7:51 AM . 60 CCNA Routing and Switching Practice and Study Guide Figure 5-2 OSPFv3 Topology with IPv6 Network Addresses 2001:DB8:1:1::/64 G0/0 S0/0/1 S0/0/0 RTA DCE 2001:DB8:F:AC::/64 2001:DB8:F:AB::/64 OSPF T1 T1 Area 0 S0/0/0 DCE S0/0/1 2001:DB8:1:2::/64 2001:DB8:1:3::/64 G0/0 2001:DB8:F:BC::/64 G0/0 S0/0/1 RTC 384 kbps S0/0/0 RTB DCE Table 5-2 IPv6 Addressing Scheme for OSPFv3 Device Interface IPv6 Address/Prefix RTA G0/0 2001:DB8:1:1::1/64 S0/0/0 2001:DB8:F:AC::1/64 S0/0/1 2001:DB8:F:AB::1/64 Link-local FE80::A Router ID 1.1. configure the router ID. you need to document only one router. change the reference bandwidth to 10000.1 RTB G0/0 2001:DB8:1:2::1/64 S0/0/0 2001:DB8:F:BC::1/64 S0/0/1 2001:DB8:F:AB::2/64 Link-local FE80::B Router ID 2.3 The routers are already configured with interface addressing.1.3. So.2. and disable updates on the LAN interface.1. Except for the router ID.1.1 RTA(config-rtr)# auto-cost reference-bandwidth 10000 RTA(config-rtr)# passive-interface g0/0 instructor. to configure the routers with OSPFv3. The show ipv6 protocols command is a quick way to verify vital OSPF configuration informa- tion. Chapter 5: Adjust and Troubleshoot Single-Area OSPF 61 RTA(config-rtr)# interface g0/0 RTA(config-if)# ipv6 ospf 10 area 0 RTA(config-if)# interface s0/0/0 RTA(config-if)# ipv6 ospf 10 area 0 RTA(config-if)# interface s0/0/1 RTA(config-if)# ipv6 ospf 10 area 0 Verifying Single-Area OSPFv3 Fill in the missing command to complete the following sentences: The show ipv6 ospf neighbor command can be used to verify and troubleshoot OSPF neigh- bor relationships. However. including the OSPF process ID.Configuring Basic Single-Area OSPFv2 (SN 5. this command displays the OSPF area information as well as the last time the SPF algorithm was calculated.1. Lab . the quickest way to verify Hello and Dead intervals is to use the show ipv6 ospf interface command. To view a quick summary of OSPFv3-enabled interfaces.9) instructor. the router ID. use the show ipv6 ospf interface brief command. The quickest way to verify OSPF convergence is to use the show ipv6 route command to view the routing table for each router in the topology.indb 61 3/12/14 7:51 AM . and interfaces the router is advertising.1. The show ipv6 ospf command can also be used to examine the OSPF process ID and router ID. In addition. Connects distant OSPF networks to the back. This is a one-to-one matching exercise. Definitions Network Type e. a. Connects multiple routers using Frame Relay c.indb 62 3/12/14 7:51 AM . 62 CCNA Routing and Switching Practice and Study Guide Identify Network Types Match the definition on the left with the network type on the right. Connects two routers directly on a single WAN network a. Broadcast multi-access bone area b. Nonbroadcast multi-access b. Connects multiple routers in a hub-and-spoke d. Virtual links d. Point to multipoint c. Point to point topology e. Connects multiple routers using Ethernet tech- nology instructor. By default.5 as the destination address. In Figure 5-4. Chapter 5: Adjust and Troubleshoot Single-Area OSPF 63 In Figure 5-3.0.indb 63 3/12/14 7:51 AM . Examples of multi-access networks include Ethernet and Frame Relay. all OSPF routers have a priority of 1.0. If all OSPF routers have the same priority. The following exercises cover the con- cepts of multi-access networks in OSPF and the DR/BDR election process.0. nonbroad- cast multi-access (NBMA). OSPF and Multi-Access Networks A multi-access network is a network with more than two devices on the same shared media. Among other things. The DR and the BDR will receive LSAs at this address. it will send it using 224. point to multipoint. Frame Relay is a WAN technology that is discussed in a later CCNA course.0. If the router ID is not explicitly configured and a loopback interface is not configured. BDR. The DR/BDR election is based on OSPF priority and OSPF router ID. OSPF and Multi-Access Networks Completion Exercise Complete the missing words or phrases in the following paragraphs. broadcast multi-access. label each network type. If a DRother (a router that is not the DR) needs to send a link-state advertisement (LSA). the designated router is responsible for generating LSAs for the entire multi-access network which allows a reduction in routing update traffic. the highest router ID determines the DR and BDR. instructor.6 as the destination address. the highest IP address on an active interface at the moment of OSPF process startup is used as the router ID. the hello protocol elects a designated router (DR) and a backup des- ignated router (BDR). Figure 5-3 Network Types Internet R2 Frame Relay R1 R3 R3 R3 Starting from the top and going clockwise: point to point. On multi-access networks (networks supporting more than two routers) such as Ethernet and Frame-Relay networks. The DR. label the steps taken to elect the DR. and every other router in an OSPF network sends out Hellos using 224. 2/24 S0/0: 10.168.1 Router C 10.1.201.165.1/27 S0/0: 10.1.1.1.1/24 S0/0: 209.10. if applicable.10.168.10..1.16. Step 2b: Highest loopback address.1.10.1.168. Step 2c: Highest active interface IP address. record the router ID for each router..201.168.4/24 G0/0: 10.10.indb 64 3/12/14 7:51 AM .2 In Table 5-4.19.1/32 G0/0: 10.165.1.1/24 In Table 5-3.3/24 G0/1: 10. Step 2c Step 1: Highest interface priority values.” instructor.2/30 G0/1: 10.165. and then determine which router will be the DR.16.13.1/30 G0/1: 10.1. indicate so with “none.168.2/27 Lo0: 192. determine whether a DR will be elected for each network and record the DR’s hostname.1.1 Router D 192.13.10.10.10. 64 CCNA Routing and Switching Practice and Study Guide Figure 5-4 Steps in the DR Election Process Step 2a If router values from Step 1 Step 1 Step 2 Step 2b are exactly the same.5 Router B 209.3 Router E 192. Use the topology in Figure 5-5 to determine the router ID for each router.then. Table 5-3 Listing of Router IDs Device Router ID Router A 192.10.1/24 Lo0: 192. If no DR is elected.10.5/32 RTA RTB S0/0: 209.10.1 Router F 209. Step 2: Highest router ID.201.165.3/32 Lo0 RTE RTD RTC 192.201.2/24 G0/0: 10. Step 2a: Highest manually configured router ID.168. Figure 5-5 Determine the Router ID RTF G0/0: 10. 168. Figure 5-6 DR/BDR Election Exercise 1 Topology Fa0/0 = 172. Setting the priority on the interface is another way to control DR or BDR.0 None 10.4 Lo0 = 192.2 Lo0 = 192.16. assume that all routers are simultaneously booted and that router priorities are set to the default.1.1 S0/0/0 = 192.1. Determine the network type.13.1. Refer to Figure 5-6 and answer the following questions.3 RTA RTB RTC RTD Fa0/0 = 172.5.1.168.165.0 Router B Note: Configure your OSPFv2 routers with a router ID to control the DR/BDR election. and label which router is elected as the DR and which router is elected as the BDR.1 What is the router ID for RTA? 192.1.1.2 What is the router ID for RTD? 192.16.168.168.168.4 What is the router ID for RTB? 192.1.1.168. Chapter 5: Adjust and Troubleshoot Single-Area OSPF 65 Table 5-4 Listing of DRs Network DR 209.2 Lo0 = 192.168.3 What is the router ID for RTC? 192.1 instructor.1. With OSPFv3.16. you must configure a router ID. The syntax for configuring OSPF priority is as follows: Router(config-if)# ip ospf priority priority Document the commands you use to configure on RTA to make sure that its priority will always win the DR/BDR election.1.1. DR/BDR Election Exercise In the following exercises.1.indb 65 3/12/14 7:51 AM .0 None 10. In addition to configuring loopbacks.16.201.2 Lo0 = 192.5.4 S0/0/0 = 192.16.168.1. it is a good idea to configure RTA with an OSPF priority that will ensure it always wins the DR/BDR election.1. RTA(config)# interface Fa 0/0 RTA(config-if)# ip ospf priority 2 !Any priority higher than the default of 1 will work.1.168.10.0 Router D 10. if applicable.3 Fa0/0 = 172.168.1 Fa0/0 = 172. 0/24 Yes RTC RTD 172.16.17.168.1/30 S0/0/0 172.18.201. If applicable.2/24 Fa0/1 Fa0/0 172.165.16.3/30 S0/0/0 = 192.1.1.2/30 Lo0 = 10.168.1.168.0.1.168.1. Figure 5-7 DR/BDR Election Exercise 2 Topology 172.1/30 OSPF Area 0 Fa0/0 Fa0/0 S0/0/0 S0/0/0 RTC RTB Fa0/0 = 192.indb 66 3/12/14 7:51 AM .1.16.165.3/24 Fa0/0 = 192.1/30 S0/0/0 S0/0/0 RTD RTB Fa0/0 Fa0/0 172.1/24 172.1.18.2/24 172.17.1.1/32 instructor.0.15.18.0/24 Yes RTB RTC 172.15.1.1.2/30 RTA S0/0/1 172.1.0/30 No N/A N/A 172.2/30 S0/0/0 RTA ISP Fa0/0 S0/0/0 = 209.1/24 S0/0/0 = 209.1.2/30 172.1/24 RTC Network DR/BDR Election? Which Router Is the DR? Which Router Is the BDR? 172.1. 66 CCNA Routing and Switching Practice and Study Guide Which router will be elected DR? RTA Which router will be elected BDR? RTB Refer to Figure 5-7 and determine whether there will be a DR/BDR election.168.2/24 S0/0/0 = 192.15.1.17. Figure 5-8 DR/BDR Election Exercise 3 Topology Fa0/0 = 192.201.1.0/30 No N/A N/A Refer to Figure 5-8 and answer the following questions. des- ignate which router is DR and which router is BDR.1.0. RTA is called the Autonomous System Boundary Router (ASBR) because it connects to an external routing domain that uses a different routing policy.165. it is desirable to have an Autonomous System Boundary Router (ASBR) redistribute a default route to the OSPF neigh- bors in the area. joins the 192.0/24 network with a router ID of 209.168.1.0 serial 0/1/0 instructor.indb 67 3/12/14 7:51 AM . Document the command to configure a static default route on RTA using the exit interface argument.0/24 209.2/30 RTA 209.0.0. This can be quickly accomplished in both OSPFv2 and OSPFv3. RTA will need a static default route pointing to ISP.1.64/26 384 kbps S0/0/0 G0/0 G0/0 DCE S0/0/1 RTC 192.168.0. Redistributing an OSPF Default Route Exercise In some topology configurations and routing policy situations.0.202. notice that RTA is now our gateway router because it provides access outside the area.252/30 RTB and RTC 192.1. OSPFv2 Default Route Redistribution In Figure 5-9.168.1.128/26 DCE S0/0/1 192.2 What is the router ID for RTC? 10.0/24 network? RTA Which router is BDR for the 192.168. For OSPF. Chapter 5: Adjust and Troubleshoot Single-Area OSPF 67 What is the router ID for RTA? 209.1.201.165.168.201.168.201.9? Nothing.168.1 Which router is DR for the 192. RTD.168.2 What is the router ID for RTB? 192.1.1.165.0/24 network? RTB Now assume a priority of zero on RTA. the gateway router must be configured with two commands. In OSPF terminology.0 0. Both the DR and BDR have to go down before RTD can become the DR.248/30 RTB Each routing protocol handles the propagation of default routing information a little different- ly.168.129/30 OSPF S0/0/0 Area 0 192. Figure 5-9 Propagating a Default Route in OSPFv2 192.165. RTA(config)# ip route 0.1.1/30 ISP S0/0/0 S0/0/1 DCE Static Route RTA Propagates Default Route to 192.1.0.168.244/30 Public T1 T1 Web Server 209.1.0.168.0.168. First.201.0/26 G0/0 Default Route S0/1/0 S0/0/0 Address Space DCE 192. Which router is DR for the 192.1.0/24 network? RTB What will happen if another router.165. 165. Why? Because neither router has a default route Document the command that needs to be configured on RTA to fix this problem. RTB and RTC still cannot ping out- side the 192.129. document the command necessary to configure ISP with a static route pointing to the 192.0 255. Figure 5-10 Propagating a Default Route in OSPFv3 2001:DB8:1:1::/64 2001:DB8:CAFE:1::F/64 G0/0 Default Route S0/1/0 S0/0/0 Address Space DCE 2001:DB:1::/48 209.168. ISP(config)# ipv6 route 2001:DB8:1::/48 serial 0/0/0 Document the command that will cause RTA to propagate the default router to RTB and RTC. any host on the LAN attached to RTA will be able to access ISP and be able to ping the Public Web Server at 209. 68 CCNA Routing and Switching Practice and Study Guide Using the exit interface argument. ISP(config)# ip route 192.2/30 RTA 209.0/24 address space.255.201. RTA(config)# router ospf 1 RTA(config-router)# default-information originate OSPFv3 Default Route Redistribution Configuring OSPFv3 to propagate a default route is essentially the same tasks as you do in OSPFv2.165.1/30 ISP S0/0/0 S0/0/1 DCE Static Route RTA Propagates Default Route to 2001:DB8:1:AC::/64 RTB and RTC 2001:DB8:1:AB::/64 Public T1 T1 Web Server 2001:DB8:CAFE:F::F/64 OSPF S0/0/0 Area 0 2001:DB8:1:3::/64 DCE S0/0/1 2001:DB8:1:2::/64 384 kbps S0/0/0 G0/0 G0/0 DCE S0/0/1 RTC 2001:DB8:1:BC::/64 RTB Document the command to configure a static default route on RTA using the exit interface argument.0/24 address space.165.1. RTA(config)#ipv6 router ospf 1 RTA(config-rtr)#default-information originate instructor.indb 68 3/12/14 7:51 AM .168.168. RTA(config)# ipv6 route ::/0 serial 0/1/0 Using the exit interface argument.202.1.0 serial 0/0/0 At this point.255.1. document the command necessary to configure ISP with a static route pointing to the 2001:DB8:1::/48 address space. Figure 5-10 is an IPv6 version of Figure 5-9. However.201. Assume the routers in Figure 5-11 are using MD5 authentication to exchange OSPFv2 routing updates. Now refer to Figure 5-10. The default interval values result in efficient OSPF operation and seldom need to be modified.indb 69 3/12/14 7:51 AM . Again. Briefly explain the steps in MD5 authentication as R1 sends an OSPF message to R2. document the commands necessary to change these OSPFv2 intervals on the link between RTB and RTC to a value four times greater than the current value. what commands can you use to verify OSPF timers on an interface for both IPv4 and IPv6? show ip ospf interface show ipv6 ospf interface Securing OSPFv2 with MD5 Authentication Because routers are targets for network attacks. Figure 5-11 OSPFv2 MD5 Authentication Between R1 and R2 S0/0/0 R1 R2 S0/0/1 instructor. Assuming that the current intervals are 10 and 40. RTB(config)# interface serial 0/0/0 RTB(config-if)# ip ospf hello-interval 40 RTB(config-if)# ip ospf dead-interval 160 RTC(config)# interface serial 0/0/1 RTC(config-if)# ip ospf hello-interval 40 RTC(config-if)# ip ospf dead-interval 160 Note that it is not necessary to configure the Dead interval as long as the desired interval is four times the Hello. you should always configure authentication services for OSPFv2 using the strongest authentication available: MD5 (message digest algo- rithm 5). The IOS will automatically increase the Dead interval to four times the configured Hello interval. refer to Figure 5-9. you can change them. RTB(config)# interface serial 0/0/0 RTB(config-if)# ipv6 ospf hello-interval 40 RTB(config-if)# ipv6 ospf dead-interval 160 RTC(config)# interface serial 0/0/1 RTC(config-if)# ipv6 ospf hello-interval 40 RTC(config-if)# ipv6 ospf dead-interval 160 Other than the show run command. However. Chapter 5: Adjust and Troubleshoot Single-Area OSPF 69 Fine-Tuning OSPF Interfaces OSPF routers must use matching Hello intervals and Dead intervals on the same link. document the commands necessary to change the OSPFv3 intervals on the link between RTB and RTC to a value four times greater than the current value. Assuming that the current intervals are 10 and 40. forcing all OSPF interfaces to use authentication. Choose your own process ID and key values. Once received by R2. RTB(config)# interface s0/0/0 RTB(config-if)# ip ospf message-digest-key 1 md5 cisco123 RTB(config-if)# ip ospf authentication message-digest RTB(config-if)# interface s0/0/1 RTB(config-if)# ip ospf message-digest-key 1 md5 cisco123 RTB(config-if)# ip ospf authentication message-digest What command can you use to verify OSPF MD5 authentication? show ip ospf interface Note: Cisco IOS supports a simple authentication method. it combines the message with the key using MD5 to calculate a signature—known as a hash value. On a specific interface: Router(config-if)# ip ospf message-digest-key key md5 password Router(config-if)# ip ospf authentication message-digest Refer to Figure 5-9. it com- bines the message with the key and uses MD5 to calculate the signature.indb 70 3/12/14 7:51 AM . However. Document the commands to configure RTA to use MD5 authentication globally on all OSPF interfaces. You can configure OSPFv2 MD5 authentication globally. it is not considered a best practice. So when R1 has a message to send to R2. Therefore. this method sends the password in plain text. to enable OSPFv2 MD5 authen- tication on all interfaces. RTA(config)# router ospf 1 RTA(config-router)# area 0 authentication message-digest RTA(config-router)# interface s0/0/0 RTA(config-if)# ip ospf message-digest-key 1 md5 cisco123 RTA(config-if)# interface s0/0/1 RTA(config-if)# ip ospf message-digest-key 1 md5 cisco123 Document the commands to configure RTB to use MD5 authentication on the serial interfaces only. instructor. R2 discards the message. R1 adds the signature to the message and sends it to R2. 70 CCNA Routing and Switching Practice and Study Guide Both routers are configured with a pre-shared key. Choose your own process ID and key values. Or you can configure authentication on specific interfaces. Document the command syntax. In router configuration mode: Router(config-router)# area area-id authentication message-digest Then on each interface: Router(config-if)# ip ospf message-digest-key key md5 password Document the command syntax including the router prompt to enable OSPFv2 MD5 authenti- cation only on specific interfaces. If not. If signatures match. including the router prompt. R2 accepts the message. Exstart. EX . Indicate the command used to generate the output.Configuring OSPFv2 Advance Features (SN 5.static.indb 71 3/12/14 7:51 AM .Configuring OSPFv2 Advance Features (SN 5.IS-IS inter area.mobile. or OSPF is not configured correctly on the interface (OSPFv3).1. Chapter 5: Adjust and Troubleshoot Single-Area OSPF 71 Lab . B . O . M .1.candidate default. What are the seven states OSPF transitions through on its way to convergence? Down. su . Solid understanding of OSPF operation and the impact of the OSPF configuration commands is essential.IS-IS.5.1.5. IA .1.4. ■ Authentication is misconfigured. RTA# show ip route ospf Codes: L . ■ The interfaces are not on the same network.IS-IS level-1. R .7/RP 7.per-user static route instructor.8/RP 7. * .BGP D .OSPF NSSA external type 2 E1 . List at least four reasons why adjacency might fail to establish.OSPF external type 1. ■ OSPF Hello or Dead timers do not match.OSPF external type 2 i .4.EIGRP. Full Identify OSPFv2 Troubleshooting Commands The following output is from the topology shown in Figure 5-9. ■ OSPF network types do not match. E2 .RIP. C .OSPF inter area N1 . OSPF Adjacency Issues A common problem in OSPF convergence is a lack of adjacency with OSPF neighbors.8) Packet Tracer Packet Tracer . Two-Way. Exchange. What are the OSPFv2 and OSPFv3 commands you use to quickly verify adjacency between OSPF routers? show ip ospf neighbors show ipv6 ospf neighbors The command will list a state for each known OSPF router. L1 .local. ■ There is a missing or incorrect OSPF network command (OSPFv2). S . ■ Interface to neighbor is incorrectly configured as passive. U . N2 . Loading.OSPF NSSA external type 1.connected. L2 .IS-IS summary.OSPF.7) Activity Troubleshooting Single-Area OSPF Implementations Troubleshooting single-area OSPF is required skill for any network professional involved in the implementation and maintenance of an OSPF network.EIGRP external. Init.IS-IS level-2 ia . 249 0 FULL/ . 00:00:32 192.0. Hello 10.246. 00:00:31 192.1.64/26 [110/65] via 192.1.1.1. Serial0/0/1 RTA# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192. Dead 40.254. P .168. line protocol is up Internet Address 192.168.1.168.0/24 is variably subnetted.1.168.1.1.1. 9 subnets.168.0 192.NHRP.168. Serial0/0/0 [110/128] via 192. 00:19:35.periodic downloaded static route. Network Type POINT_TO_POINT. maximum is 0 msec Neighbor Count is 1.254.1.1.253/30. 00:19:35. H .168.0. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1.ODR. 00:19:10. Attached via Network Statement Process ID 1.168.168.168. 72 CCNA Routing and Switching Practice and Study Guide o . Cost: 64 Topology-MTID Cost Disabled Shutdown Topology Name 0 64 no no Base Transmit Delay is 1 sec.0. l .248/30 [110/128] via 192.168.indb 72 3/12/14 7:51 AM .168. Adjacent neighbor count is 1 Adjacent with neighbor 192.168.LISP + .1.1.0 to network 0.254 Serial0/0/0 192.168.replicated route. Serial0/0/1 O 192. State POINT_TO_POINT Timer intervals configured.253 It is an autonomous system boundary router instructor.128/26 [110/65] via 192. Router ID 192.246.253.254 0 FULL/ . % .168.246 Serial0/0/1 RTA# show ip ospf interface serial 0/0/0 Serial0/0/0 is up. 3 masks O 192.1. Wait 40. Serial0/0/0 O 192. 00:19:10.1.next hop override Gateway of last resort is 0.0. Area 0. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:03 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 3/3.254 Suppress hello for 0 neighbor(s) RTA# show ip protocols *** IP Routing is NSF aware *** Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.1. maximum is 1 Last flood scan time is 0 msec. 1.1. Chapter 5: Adjust and Troubleshoot Single-Area OSPF 73 Redistributing External Routes from.168.252 0.0.3 area 0 Routing Information Sources: Gateway Distance Last Update 192. Time elapsed: 00:23:27. Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1.246 110 00:18:13 192. Maximum number of events: 1000. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 192.63 area 0 192.3 area 0 192. Number of areas in this router is 1.0.1.244 0. 1 normal 0 stub 0 nssa Number of areas transit capable is 0 External flood list length 0 IETF NSF helper support enabled Cisco NSF helper support enabled instructor. Checksum Sum 0x003416 Number of opaque AS LSA 0.0.360 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Supports NSSA (compatible with RFC 3101) Event-log enabled.168.0. Mode: cyclic It is an autonomous system boundary router Redistributing External Routes from.1.0.253 Start time: 00:44:46.168.168.1.0 0.254 110 00:17:48 Distance: (default is 110) RTA# show ip ospf Routing Process "ospf 1" with ID 192.168.0.1.168.indb 73 3/12/14 7:51 AM .536. Checksum Sum 0x000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. RTC# show ipv6 protocols IPv6 Routing Protocol is "connected" IPv6 Routing Protocol is "ND" IPv6 Routing Protocol is "ospf 1" Router ID 3. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Identify OSPFv3 Troubleshooting Commands The following output is from the topology shown in Figure 5-10. line protocol is up Link Local Address FE80::C. 00:00:39 6 Serial0/0/1 1. Checksum Sum 0x00E037 Number of opaque link LSA 0.3. 0 nssa Interfaces (Area 0): GigabitEthernet0/0 Serial0/0/1 Serial0/0/0 Redistribution: None RTC# show ipv6 ospf neighbor OSPFv3 Router with ID (3. 00:00:31 6 Serial0/0/0 RTC# show ipv6 ospf interface serial 0/0/1 Serial0/0/1 is up.2.472 ago SPF algorithm executed 4 times Area ranges are Number of LSA 3.1. Instance ID 0.1.3. Interface ID 7 Area 0. Cost: 64 Transmit Delay is 1 sec.2.3.1 0 FULL/ .3. Indicate the command used to generate the output.3) (Process ID 1) Neighbor ID Pri State Dead Time Interface ID Interface 2. Router ID 3.3 Network Type POINT_TO_POINT.3. State POINT_TO_POINT instructor. 0 stub.3.indb 74 3/12/14 7:51 AM .3 Number of areas: 1 normal. Process ID 1.2 0 FULL/ . 74 CCNA Routing and Switching Practice and Study Guide Reference bandwidth unit is 100 mbps Area BACKBONE(0) Number of interfaces in this area is 3 Area has no authentication SPF algorithm last executed 00:16:47. Mode: cyclic Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1.OSPF Intra. OE2 . flood queue length 0 Next 0x0(0)/0x0(0)/0x0(0) Last flood scan length is 2.OSPF Inter.Destination. maximum is 0 msec Neighbor Count is 1.ND Prefix. R . Maximum number of events: 1000.Local.ISIS summary. D .2 Suppress hello for 0 neighbor(s) RTC# show ipv6 ospf Routing Process "ospfv3 1" with ID 3.EIGRP.ISIS interarea. NDr . Checksum Sum 0x00B657 Number of areas in this router is 1.OSPF ext 2 ON1 . Wait 40.Redirect O .2.3.3 Event-log enabled.OSPF NSSA ext 1.11 entries Codes: C . DCE .BGP.indb 75 3/12/14 7:51 AM . OE1 .default .Per-user Static route B . maximum is 4 Last flood scan time is 0 msec. U . Adjacent neighbor count is 1 Adjacent with neighbor 2. IS . Dead 40.ISIS L2 IA .RIP. OI . NDp . Retransmit 5 Hello due in 00:00:06 Graceful restart helper support enabled Index 1/2/2. I2 .ND Default. Chapter 5: Adjust and Troubleshoot Single-Area OSPF 75 Timer intervals configured. 1 normal 0 stub 0 nssa Graceful restart helper support enabled Reference bandwidth unit is 100 mbps RFC1583 compatibility enabled Area BACKBONE(0) Number of interfaces in this area is 3 SPF algorithm executed 4 times Number of LSA 15. EX . ON2 .OSPF NSSA ext 2 instructor.EIGRP external ND .2.3. Checksum Sum 0x07E293 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 RTC#show ipv6 route ospf IPv6 Routing Table . Hello 10. L .ISIS L1.Static. S .Connected. I1 .OSPF ext 1. Skills Integration Challenge (SN 5.3.Troubleshooting Single-Area OSPFv2 (SN 5.2) instructor. tag 1 via FE80::A.4/RP 7.2.3/RP 7.3.3.3. 76 CCNA Routing and Switching Practice and Study Guide OE2 ::/0 [110/1].3) Lab .3. directly connected O 2001:DB8:1:AB::/64 [110/65] via FE80::B.Troubleshooting Basic Single-Area OSPFv2 and OSPFv3 (SN 5.2.2.4) Packet Tracer .2.2.2.2.Troubleshooting Advanced Single-Area OSPFv2 (SN 5.indb 76 3/12/14 7:51 AM .3.3) Packet Tracer Activity Packet Tracer .3/RP 7.1.2/RP 7.1. GigabitEthernet0/0 O 2001:DB8:2:1::/64 [110/1] via GigabitEthernet0/0.2. directly connected Lab . GigabitEthernet0/0 O 2001:DB8:1:1::/64 [110/1] via GigabitEthernet0/0. instructor. CHAPTER 6 Multiarea OSPF In larger network implementations. This chapter reviews the concepts and configurations for multiarea OSPFv2 and OSPFv3. routing table entries. single-area OSPF can require a significant amount of CPU and memory resources. network administrators often implement multiarea OSPF to control the size of link-state databases.indb 77 3/12/14 7:51 AM . and the number of SPF calcula- tions. As the number of routers grows. ■ OSPF does not perform route summarization by default. by convention. Briefly describe the role of each of the following OSPF router types. ■ The LSDB includes every link in the area which each router must maintain. A router can be more than one type. even if every link is not selected for the routing table. Figure 6-1 Sample Multiarea OSPF Topology Area 1 Area 0 Area 2 R1 BB2 R2 BB1 BB3 R4 BB4 R3 External AS instructor. but not an external network ■ Autonomous System Boundary Router (ASBR): A router with at least one interface attached to an external. recalculating the SFP algorithm consumes many CPU cycles. Multiarea OSPF Terminology and Concepts Briefly describe three issues that arise if an OSPF area becomes too big. 78 CCNA Routing and Switching Practice and Study Guide Multiarea OSPF Operation Multiarea OSPF was specifically designed to address several issues that result from single-area OSPF growing beyond its constraints.indb 78 3/12/14 7:51 AM . non-OSPF network In Table 6-1. indicate the OSPF router type for each router in Figure 6-1. con- figured as area 0 ■ Area Border Router (ABR): A router with interfaces attached to multiple OSPF areas. ■ In areas that are too large. so the routing table can become very large. ■ Internal router: A router with all of its interfaces in the same area ■ Backbone router: A router that belongs to backbone area which is. indicate the name for each LSA type. BB3 is advertising to Area 2 that BB4 is the X ASBR. As DR. BB1 and BB3 do not forward these LSAs into X Area 0. R2 sends this LSA type to R3. instructor. X BB4 is advertising an external network to X BB3 and BB1. In Table 6-3. Table 6-3 Determine the LSA Type LSA Scenario Type 1 Type 2 Type 3 Type 4 Type 5 BB1 is advertising to Area 1 a link to an X external autonomous system. In Table 6-2. the routing table uses different codes to identify the various types of routes. BB2 is advertising its directly connected X OSPF-enabled links to BB1 and BB3. Table 6-2 Most Common OSPF LSA Types LSA Type Description 1 Router LSA 2 Network LSA 3 and 4 Summary LSAs 5 AS External LSA Refer to Figure 6-1. BB2 is advertising the links in Area 0 to the X routers in Area 1. at the CCNA level we are only concerned with the first 5.indb 79 3/12/14 7:51 AM . Briefly describe each of the three OSPF route types shown. indicate which LSA type is used in each of the scenarios. Refer to Example 6-1. Chapter 6: Multiarea OSPF 79 Table 6-1 Indentify the OSPF Router Type OSPF Router Type BB1 BB2 BB3 BB4 R1 R2 R3 R4 Internal router X X X X X X Backbone router X X X X Area Border Router (ABR) X X Autonomous System X Boundary Router (ASBR) Multiarea OSPF LSA Operation Although the RFCs for OSPF specify up to 11 different LSA types. OSPF Routing Table and Types of Routes Because of the different LSA types with routes originating from different areas and from non- OSPF networks. indb 80 3/12/14 7:51 AM .1.1.16. Serial0/0/0 BB1# O: Indicates the router received router (type 1) and network (type 2) LSAs describing the details within an area.0.0. GigabitEthernet0/0 C 172. Serial0/0/0 O 10.0.0.0/8 is variably subnetted. Calculate intra-area OSPF routes. 00:03:24.0.0. This is an interarea route.0/21 [110/129] via 10.1. Serial0/0/0 O IA 172.0.0.0/23 is directly connected. 3 subnets.0.16. 4 masks C 172.0/0 [110/1] via 10.0.0/30 [110/128] via 10.0. O*E2: Indicates the router received an AS External (type 5) LSA either from an ABR or an ASBR.16.1. 00:03:24.0/21 [110/129] via 10.0. 80 CCNA Routing and Switching Practice and Study Guide Example 6-1 A Sample Multiarea OSPF Routing Table BB1# show ip route | begin Gateway Gateway of last resort is 10.0.0. 00:02:16.0/30 is directly connected. 00:03:24.0. Serial0/0/0 10.2/32 is directly connected.1/32 is directly connected.16. 1.0 O*E2 0.1. meaning that the route is intra-area. 00:03:24. GigabitEthernet0/1 L 172. GigabitEthernet0/1 O 172.0.1. 3.16.0.0/23 is directly connected. 2.16.0. Serial0/0/0 O IA 172. 2 masks C 10.0.5. GigabitEthernet0/0 L 172.0. List the steps in order that OSPF uses to calculate the best paths. This is an external route.0. Serial0/0/0 172. This section reviews configuring and verify- ing multiarea OSPFv2 and OSPFv3.16.24. Configuring Multiarea OSPF We will use the topology in Figure 6-2 and the addressing in Table 6-4 to configure a dual- stack network running multiarea OSPFv2 and OSPFv3.0.0/16 is variably subnetted.0.0.0.2.1/32 is directly connected. 7 subnets. Calculate best path to interarea OSPF routes. instructor.0/24 [110/65] via 10.1 to network 0.16.2.16. O IA: Indicates the router received a summary (type 3) LSA from an ABR. Calculate best path route to external non-OSPF networks. the configuration of multiarea OSPF is rather straightforward if you are already comfortable configuring single-area OSPF. Serial0/0/0 L 10. Configuring Multiarea OSPF At the CCNA level.0. 2 255.1 255.16.2 instructor.1.255.0.2.2.201.16.255.1 G0/0 G0/1 .1 10.1 209.16.2.0.252 2001:DB8:F:F::1/64 Link-Local FE80::2 Router ID 2.255.1 172.1 BB2 G0/0 172.0/24 2001:DB8:5:1::/64 G0/0 .255.255.0 2001:DB8:5:1::1/64 S0/0/0 10.indb 81 3/12/14 7:51 AM .1 Area 2 .0/30 2001:DB8:0:E::/64 2001:DB8:0:F::/64 .0.0.1.165.1 G0/0 G0/1 .2 S0/0/0 S0/0/1 BB1 BB3 Area 1 .0/23 172.255.0.1 255.16.1 255.0 2001:DB8:1:1::2/64 G0/1 172.16.24.165.0.1.255. finish documenting the addressing scheme in Table 6-4.0.252 2001:DB8:0:E::1/64 S0/0/1 10.255.1.255.16.201.252 2001:DB8:0:E::2/64 Link-Local FE80::1 Router ID 1.255.0.254.252 2001:DB8:0:F::1/64 Lo0 209.0 255.0 255.5. Table 6-4 Addressing for the Dual-Stacked Multiarea OSPF Topology Device Interface Addressing Information BB1 G0/0 172.0/21 2001:DB8:1:1::/64 2001:DB8:1:2::/64 2001:DB8:3:1::/64 2001:DB8:3:2::/64 Based on the addressing shown in the topology. Chapter 6: Multiarea OSPF 81 Figure 6-2 Dual-Stacked Multiarea OSPF Topology Area 0 172.0/23 172.0 2001:DB8:1:2::2/64 S0/0/0 10.1 255.2 .255.0/30 2001:DB8:F:F::/64 Lo0 Internet BB2 .5.0/30 S0/0/0 S0/0/1 10.0.2.16.255.0/21 172.1 .16.0.16.254. 3.16.0.2.0.0.0.1. you configure the area as part of the network command in OSPF router configuration mode.1.0 0.255.1.16.0 255.1.2.0.0.16.16.255 area 1 network 10.indb 82 3/12/14 7:51 AM .0. In OSPFv3.1. Include default routing to the Internet with BB2 redistributing the IPv4 and IPv6 default routes to BB1 and BB2. !BB1!!!!!!!!!!!!!!!!!!! router ospf 10 router-id 1.0. Recall that for OSPFv2.2 network 172.0.0.2.0 0.248.5.16.24.16.0. Document the OSPFv2 and OSPFv3 routing configurations for all three routers.255.252 2001:DB8:0:F::2/64 Link-Local FE80::3 Router ID 3.2.3.0.255 area 0 network 10.2 instructor.1.0 0.1 interface g0/0 ipv6 ospf 10 area 1 interface g0/1 ipv6 ospf 10 area 1 interface s0/0/0 ipv6 ospf 10 area 0 !BB2!!!!!!!!!!!!!!!!!!! ip route 0.3 area 0 network 10. 82 CCNA Routing and Switching Practice and Study Guide Device Interface Addressing Information BB3 G0/0 172.0.2. you configure the area as part of the ipv6 ospf command in interface configuration mode.0.0.1 network 172.3 area 0 ipv6 router ospf 10 router-id 1.0 0.0 2001:DB8:3:1::2/64 G0/1 172.0.0.0 0.255.1.3 The only difference between configuring single-area OSPF and multiarea OSPF is assigning the area value.0.248.0 2001:DB8:3:2::2/64 S0/0/1 10.1 255.0.0 Lo0 ipv6 route ::/0 Lo0 router ospf 10 router-id 2.255.2 255.0 0.1.0.0.0 0.255 area 1 network 172.3 area 0 default-information originate ipv6 router ospf 10 router-id 2. 0 0.255.0 0. Chapter 6: Multiarea OSPF 83 default-information originate interface g0/0 ipv6 ospf 10 area 0 interface s0/0/0 ipv6 ospf 10 area 0 interface s0/0/1 ipv6 ospf 10 area 0 !BB3!!!!!!!!!!!!!!!!!!! router ospf 10 router-id 3.24.0 Mask: 255.0 Document the command to configure BB3 with an interarea summary route.252.0. In Figure 6-2.0.0.3.0 What is the summary route for the two LANs attached to BB3: Address: 172.16.255 area 2 network 10. BB1 and BB3 can sum- marize the two LANs into one network advertisement.0 255.16. instructor.16. What is the command syntax to configure an ABR interarea summary route? Router(config-router)# area area-id range address mask What is the summary route for the two LANs attached to BB1: Address: 172.3.255.16. BB1(config-router)# area 1 range 172.3.16.16. you can manually configure ABRs and ASBRs to summarize net- works so that they will then inject them into another area. To reduce the size of routing tables.3 network 172. BB3(config-router)# area 2 range 172.252.255.16.3.indb 83 3/12/14 7:51 AM .0 0.1.16.3 interface g0/0 ipv6 ospf 10 area 2 interface g0/1 ipv6 ospf 10 area 2 interface s0/0/1 ipv6 ospf 10 area 0 Configuring Route Summarization for Multiarea OSPFv2 ABRs do not automatically summarize network addresses across area boundaries.0.0.7.7.240.240.0.16.0 255.255.3 area 0 ipv6 router ospf 10 router-id 3.0 Your OSPF routing tables should look like the output in Example 6-2.255 area 2 network 172.0 Document the command to configure BB1 with an interarea summary route.0.0 Mask: 255. Serial0/0/0 172.1. 00:05:59.0.OSPF NSSA ext 2 OE2 ::/0 [110/1].0.16.0/30 [110/128] via 10.1 to network 0.0.0.0 172.0/0 [110/1] via 10. Serial0/0/1 BB2# BB3# show ip route ospf | begin Gateway Gateway of last resort is 10.0. Serial0/0/0 BB1# BB2# show ip route ospf | begin Gateway Gateway of last resort is 0. tag 10 via FE80::2. 84 CCNA Routing and Switching Practice and Study Guide Example 6-2 Multiarea OSPFv2 and OSPFv3 Routing Tables BB1# show ip route ospf | begin Gateway Gateway of last resort is 10.0.0.0.1. Serial0/0/1 OI 2001:DB8:3:2::/64 [110/65] via FE80::3.16.0.0. 4 masks O IA 172. 3 subnets.0/16 is variably subnetted. ON2 .0.0. Serial0/0/0 OI 2001:DB8:3:2::/64 [110/129] via FE80::2.1.16. 00:08:36.0.0 O*E2 0. Serial0/0/0 OI 2001:DB8:1:2::/64 [110/65] via FE80::1.0. 00:08:36.16.indb 84 3/12/14 7:51 AM .0.0.0. Serial0/0/0 OI 2001:DB8:3:1::/64 [110/129] via FE80::2.0.16.OSPF ext 2.0.0. 00:08:36. 7 subnets.0/24 [110/65] via 10.0 to network 0. Null0 O 172.OSPF NSSA ext 1. Serial0/0/0 O IA 172.0.1.0/8 is variably subnetted.0/16 is variably subnetted.16.5.1.16.2. Serial0/0/0 BB1# show ipv6 route ospf | begin OE2 OE2 .0/20 [110/129] via 10.2.0.0.0. 5 masks O 172.0.1.0 instructor. Serial0/0/1 BB2# show ipv6 route ospf | begin OI 2001 OI 2001:DB8:1:1::/64 [110/65] via FE80::1.0/20 [110/65] via 10. 2 masks O 10.0/22 is a summary.1 to network 0.1. Serial0/0/0 OI 2001:DB8:3:1::/64 [110/65] via FE80::3.0.0.0. ON1 . 4 subnets.0.16.16.0/22 [110/65] via 10. Serial0/0/0 10.0. 00:08:36. Serial0/0/0 O 2001:DB8:5:1::/64 [110/65] via FE80::2. Serial0/0/0 O IA 172.0. 00:04:44. Serial0/0/0 O 2001:DB8:0:F::/64 [110/128] via FE80::2. 00:09:51. Serial0/0/1 O 172. 3 subnets. In Table 6-6.indb 85 3/12/14 7:51 AM .0. Serial0/0/1 OI 2001:DB8:1:2::/64 [110/129] via FE80::2.OSPF NSSA ext 1.0.0.OSPF ext 2.16.0/16 is variably subnetted.0/30 [110/128] via 10.0. 00:05:31.16.0. Table 6-5 Multiarea OSPFv2 Verification Commands Verification Information show ip show ip ospf show ip show ip ospf protocols interface brief route ospf database Process ID X X X State of OSPF Interface X Networks Configured X Interface Cost X Router ID X X Administrative Distance X X Number of Areas X Networks from Other Areas X All Known Routes X Total Cost of Route X Verification commands for multiarea OSPFv3 are almost identical to OSPFv2.1. tag 10 via FE80::2. instructor.0.5. 2 masks O 10.OSPF NSSA ext 2 OE2 ::/0 [110/1]. 00:05:31.0/0 [110/1] via 10. 00:05:31.0. Serial0/0/1 BB3# Verifying Multiarea OSPF In Table 6-5. Chapter 6: Multiarea OSPF 85 O*E2 0. Serial0/0/1 OI 2001:DB8:1:1::/64 [110/129] via FE80::2.1. ON1 .0.1.1. Serial0/0/1 O 2001:DB8:0:E::/64 [110/128] via FE80::2.0/24 [110/65] via 10.0/20 is a summary.16.1. ON2 . 5 masks O IA 172. Serial0/0/1 O 172. indicate which command or commands will provide the multiarea OSPFv2 verifi- cation information. 00:05:31. Null0 BB3# show ipv6 route ospf | begin OE2 OE2 . 00:05:31.1.0.0/22 [110/129] via 10. Serial0/0/1 O 2001:DB8:5:1::/64 [110/65] via FE80::2. Serial0/0/1 172.0. Serial0/0/1 10.16. indicate which command or commands will provide the multiarea OSPFv3 verification informa- tion.0.16.1.0/8 is variably subnetted.0.1. 7 subnets. 2.10/RP 8.3.8/RP 8.3.3.9/RP 8.3.3.7/RP 8.6/RP 8.3.2.3.2.2.Troubleshooting Multiarea OSPFv2 and OSPFv3 (SN 6.indb 86 3/12/14 7:51 AM . 86 CCNA Routing and Switching Practice and Study Guide Table 6-6 Multiarea OSPFv3 Verification Commands Verification Information show ipv6 show ipv6 ospf show ipv6 show ipv6 ospf protocols interface brief route ospf database Administrative Distance X All Known Routes X Interface Cost X Networks from Other Areas X X Number of Areas X Process ID X X X Router ID X X State of OSPF Interface X Total Cost of Route X Lab .Configuring Multiarea OSPFv2 (SN 6.2.2.7) instructor.8) Lab .6) Activity Packet Tracer .Configuring Multiarea OSPFv3 (SN 6.2.Configuring Multiarea OSPFv3 (SN 6.10) Packet Tracer Packet Tracer .9) Lab .Configuring Multiarea OSPFv2 (SN 6.3.3.2.2.2.3. EIGRP includes several features that are not commonly found in other distance vector routing protocols such as RIP (RIPv1 and RIPv2) and IGRP. CHAPTER 7 EIGRP The main purpose in Cisco’s development of Enhanced Interior Gateway Routing Protocol (EIGRP) was to create a classless version of IGRP. it is still a distance vector routing protocol. instructor. Although EIGRP may act like a link-state routing protocol.indb 87 3/12/14 7:51 AM . ■ Maintaining the neighbor and topology tables of EIGRP routers that belong to that protocol suite ■ Building and translating protocol-specific packets for DUAL ■ Interfacing DUAL to the protocol-specific routing table ■ Computing the metric and passing this information to DUAL ■ Implementing filtering and access lists ■ Performing redistribution functions to and from other routing protocols ■ Redistributing routes that are learned by other routing protocols What are the IPv4 and IPv6 multicast addresses used by EIGRP’s RTP? IPv4 uses 224. Identify and Describe EIGRP Packet Types Like the Open Shortest Path First (OSPF) Protocol. unique to EIGRP. What protocol. provides for the delivery of EIGRP packets to neighbors? Reliable Transport Protocol (RTP) What is meant by the statement.0.indb 88 3/12/14 7:51 AM . EIGRP relies on different types of packets to maintain its tables and establish relationships with neighbor routers. 88 CCNA Routing and Switching Practice and Study Guide Characteristics of EIGRP EIGRP is considered an advanced distance vector routing protocol because it has characteris- tics not found in other distance vector protocols like RIP and IGRP. instructor.0. Instead.10 and IPv6 uses FF02::A. “EIGRP provides partial and bounded updates”? EIGRP doesn’t send periodic updates (like RIP or IGRP). Describe Basic EIGRP Features A major difference between EIGRP and other distance vector protocols is the algorithm it uses to calculate the best rate. provide a brief description for each EIGRP packet type. These backup routes are maintain in a topology table and can be immediately installed in the routing table if the primary route fails. EIGRP sends out a partial update if there is a change in a route or routes. Bounded means that the partial update is only sent to those routers that need it. Protocol-dependent modules (PDMs) allow EIGRP to route several different network layer protocols. Name and briefly describe this algorithm. List at least four functions of EIGRP’s PDMs. The Diffusing Update Algorithm (DUAL) guarantees a loop-free route and provides backup paths throughout the routing domain. In Table 7-1. indb 89 3/12/14 7:51 AM . Hello packets: ■ (Reliable/unreliable) (unicast/multicast) sent to the address. This type is actually a Hello packet with a nonzero value in the Acknowledgment field. Reply packets. An EIGRP router assumes that as long as it is receiving Hello packets from a neighbor.544 Mbps = 5 sec. Identify Elements of the EIGRP Message Formats Figure 7-1 shows an example of an encapsulated EIGRP message. Fill in the missing field contents. Neighbors (unicast/multicast) a reply to a query whether they have a route. or 15 seconds on most networks and 180 seconds on networks with speeds of T1 or slower. to discover and maintain neighbors. asking neighbors for a new successor to a lost route. Acknowledgment packets. When encountered. this waiting period is three times the Hello interval. Sent (reliably/unreliably). 224. “Dataless” (unicast/multicast) packet that acknowledges the receipt of a packet that was sent reliably. Holdtime tells the router the maximum time the router should wait to receive the next Hello before declaring that neighbor as unreachable. circle whether the packet is reliable or unreliable and whether it is unicast or multicast. Hello interval (180 holdtime) ■ > 1. Hello interval (15 holdtime) Update packets. there are two types: ■ (Unicast/multicast) to new neighbor discovered. Queries are (unicast/multicast) (reliably/unreliably) during route recomputa- tion. If the time expires. EIGRP will declare the route as down.10. the neighbor and its routes remain viable.544 Mbps = 60 sec. contains routing information ■ (Unicast/multicast) to all neighbors when topology changes Query packets. contains the router’s neighbor table ■ Default Hello interval depends on the bandwidth: ■ ≤ 1. Chapter 7: EIGRP 89 Table 7-1 EIGRP Packet Types Packet Type Description Hello Used to discover other EIGRP routers in the network Acknowledgment Used to acknowledge the receipt of any EIGRP packet Update Used to convey routing information to known destinations Query Used to request specific information from a neighbor router Reply Used to respond to a query Complete the missing elements in this exercise by filling in appropriate words or phrases.0.0. instructor. By default. and DUAL will search for a new path by sending out queries. 90 CCNA Routing and Switching Practice and Study Guide Figure 7-1 Encapsulated EIGRP Message Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types Header Header Header Data Link Frame MAC Source Address = Address of Sending Interface MAC Destination Address = Multicast: 01-00-5E-00-00-0A IP Packet IP Source Address = Address of Sending Interface IP Destination Address = Multicast: Protocol Field = for EIGRP EIGRP Packet Header Opcode for EIGRP Packet Type TLV Types Some Types Include: 0x0001 0x0102 0x0103 Figure 7-1a Encapsulated EIGRP Message (answer) Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types Header Header Header Data Link Frame MAC Source Address = Address of Sending Interface MAC Destination Address = Multicast: 01-00-5E-00-00-0A IP Packet IP Source Address = Address of Sending Interface IP Destination Address = Multicast: 224. Every EIGRP message includes the header as shown in Figure 7-2.0. regardless of its type.0. the Protocol field is set to 88 to indicate EIGRP.0.10. instructor. Fill in the missing field con- tents.10 Protocol Field = 88 for EIGRP EIGRP Packet Header Opcode for EIGRP Packet Type AS Number TLV Types Some Types Include: 0x0001 EIGRP Parameters 0x0102 IP Internal Routes 0x0103 IP External Routes The EIGRP packet header is included with every EIGRP packet. In the IP packet header.indb 90 3/12/14 7:51 AM . and the destination address is set to the multicast 224.0. one of the following: ■ Update ■ Query ■ Reply ■ Hello The number in the AS field is used to track multiple instances of EIGRP. Opcode specifies the EIGRP packet type. Encapsulated in the EIGRP packet header is the TLV (Type/Length/Values) shown in Figure 7-3. Chapter 7: EIGRP 91 Figure 7-2 EIGRP Packet Header Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types Header Header Header Bit 0 7 8 15 16 23 24 31 Version Checksum Flags EIGRP Sequence Header Ack EIGRP Numbers TLVs Message Figure 7-2a EIGRP Packet Header (answer) Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types Header Header Header Bit 0 7 8 15 16 23 24 31 Version Opcode Checksum Flags EIGRP Sequence Header Ack Autonomous System EIGRP Numbers TLVs Message Important fields for our discussion include the Opcode field and the Autonomous System (AS) field.indb 91 3/12/14 7:51 AM . Fill in the missing field contents. Figure 7-3 EIGRP Parameters TLV Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types: Header Header Header EIGRP Parameters TLV Bit 0 7 8 15 16 23 24 31 Type = 0x0001 Length Values Reserved instructor. only bandwidth and delay are weighted. Both are equally weighted. 92 CCNA Routing and Switching Practice and Study Guide Figure 7-3a EIGRP Parameters TLV (answer) Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types: Header Header Header EIGRP Parameters TLV Bit 0 7 8 15 16 23 24 31 Type = 0x0001 Length K1 K2 K3 K4 Values K5 Reserved Hold Time This EIGRP parameters message includes the weights that EIGRP uses for its composite metric. the K1 field for bandwidth and the K3 field for delay are both set to 1. therefore. The holdtime is the amount of time the EIGRP neighbor receiving this message should wait before considering the advertising router to be down. By default. The other K values are set to 0. Fill in the missing field contents. Figure 7-4 IP Internal Routes TLV Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types: Header Header Header IP Internal Routes TLV Bit 0 7 8 15 16 23 24 31 Type = 0x0102 Length Next Hop Values MTU Hope Count Reliability Load Reserved Figure 7-4a IP Internal Routes TLV (answer) Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types: Header Header Header IP Internal Routes TLV Bit 0 7 8 15 16 23 24 31 Type = 0x0102 Length Next Hop Delay Bandwidth Values MTU Hope Count Reliability Load Reserved Prefix Length Destination instructor.indb 92 3/12/14 7:51 AM . Figure 7-4 shows the IP Internal message that is used to advertise EIGRP routes within an autonomous system. 0 has a prefix length of 24.255. Figure 7-5 shows the IP External message that is used when external routes are imported into the EIGRP routing process. The subnet mask is specified as the prefix length or the number of network bits in the subnet mask. Explain how the delay value is calculated? Delay is calculated as the sum of delays from source to destination in units of 10 micro- seconds.255. Protocol ID Flags route. Delay Same Bandwidth value fields used MTU Hope Count in the IP Reliability Load Reserved Internal Prefix Length Destination TLV. the subnet mask field (Prefix Length). Notice that the bottom half of the IP External TLV includes all the fields used by the IP Internal TLV. instructor. the subnet mask 255. Chapter 7: EIGRP 93 Important fields include the metric fields (Delay and Bandwidth). For example. Figure 7-5 IP External Routes TLV Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types: Header Header Header IP External Routes TLV Bit 0 7 8 15 16 23 24 31 Type = 0x0103 Length Value Originating Routers fields Originating Autonomous System Number used to track Arbitrary Tag external source of Values Reserved Ext. Fill in the missing field contents.indb 93 3/12/14 7:51 AM . Protocol ID Flags route. Explain how the bandwidth value is determined? Bandwidth is the lowest configured bandwidth of any interface along the route. and the Destination field. Figure 7-5a IP External Routes TLV (answer) Data Link Frame IP Packet EIGRP Packet Type/Length/Values Types: Header Header Header IP External Routes TLV Bit 0 7 8 15 16 23 24 31 Type = 0x0103 Length Next Hop Value Originating Routers fields Originating Autonomous System Number used to track Arbitrary Tag external External Protocol Metric source of Values Reserved Ext. Same value fields used MTU Hope Count in the IP Reliability Load Reserved Internal TLV. 10.16. To stop unnecessary traffic from being sent out an interface where there are no other EIGRP routers.10. Configuring EIGRP with IPv4 Briefly explain the purpose of the autonomous system number in EIGRP configurations.13.1.indb 94 3/12/14 7:51 AM . We will use the topology in Figure 7-6 and the addressing in Table 7-2 to configure a dual- stack network running EIGRP for IPv4 and IPv6. The autonomous system number functions as a process ID to help routers keep track of mul- tiple running instances of EIGRP. If the router ID is not configured. What are the two main reasons for using the passive-interface command? 1.0/24 2001:DB8:1:4::/64 G0/1 G0/1 2001:DB8:1:6::/64 2001:DB8:F::/64 instructor. 2.0/23 172.10. Figure 7-6 Dual-Stacked Multiarea EIGRP Topology 10.0/30 G0/1 G0/0 2001:DB8:F:F::/64 Lo0 Internet S0/0/0 HQ S0/0/1 172.12.10.4.252/30 2001:DB8:F:1::/64 2001:DB8:F:2::/64 10. use the highest IPv4 address loopback interfaces.10.0/22 2001:DB8:1:1::/64 2001:DB8:1:2::/64 209.0.16.0/24 10. Tweaking EIGRP with more advanced settings is the topic of the next chapter.0/22 10. To provide security to the EIGRP routing process by preventing a rogue device from injecting false or less than optimal routing information. use the highest active IPv4 address of physical inter- faces.165. 3.244/30 10.10.0/23 2001:DB8:1:5::/64 2001:DB8:1:3::/64 768 kbps 512 kbps S0/0/0 S0/0/1 128 kbps G0/0 G0/0 B1 S0/0/1 S0/0/0 B3 10. 2.248/30 172.10. Use the IPv4 address configured with the eigrp router-id command.16. 94 CCNA Routing and Switching Practice and Study Guide Configuring EIGRP for IPv4 Implementing EIGRP for IPv4 is with basic configurations is straightforward. It has nothing to do with the autonomous system number assigned by IANA and RIRs to ISPs for their BGP routing configurations What are the steps a Cisco router uses to choose its router ID? 1.1.1.8. If no loopbacks are configured.201. 252 2001:DB8:F:2::1/64 Lo0 209.245 255.255.10.3 Document the most basic routing commands you could use to configure EIGRP for IPv4.16. !B1!!!!!!!!!!! router eigrp 1 eigrp router-id 1.255.3.10.0.165.252.255.1.255.0.255. Chapter 7: EIGRP 95 Table 7-2 Addressing for the Dual-Stacked EIGRP Topology Device Interface Addressing Information HQ G0/0 10.1 network 10.1.255.255.255.255.253 255.2.0 2001:DB8:1:5::1/64 G0/1 10.0 2001:DB8:1:1::1/64 G0/1 10.16.10.0 2001:DB8:1:6::1/64 S0/0/0 172.1 255.254.0 2001:DB8:1:3::1/64 G0/1 10.16.255.255.13.2 B1 G0/0 10.1.1 255.12.4.16.1.246 255.252 2001:DB8:F:1::1/64 S0/0/1 172.252 2001:DB8:F::1/64 Link-Local FE80::1 Router ID 1.10.255.1 255.1.0 2001:DB8:1:2::1/64 S0/0/0 172.252 2001:DB8:F:1::2/64 S0/0/1 172.1.252 2001:DB8:F:F::1/64 Link-Local FE80::2 Router ID 2.255.16.252 2001:DB8:F:2::2/64 Link-Local FE80::3 Router ID 3.255.1 255. Include the commands to configure the LAN interfaces as passive. The commands for all three routers are the same.255.249 255.250 255.indb 95 3/12/14 7:51 AM .10.255.254 255.1 255.1 255.8.10.10. except for the router ID configuration for each router.1.252 2001:DB8:F::2/64 S0/0/1 172.0.1.255.1.255.0 instructor.201.252.3.255.1 255.16.255.1.254.0 2001:DB8:1:4::1/64 S0/0/0 172.1 B3 G0/0 10.2.255.255. 0 0.0. for each router.16.1.0.0.10.1.0.0.4.3.252 0.3.10.3.3 instructor.0.0.0.0 no network 172.0.0.0.16.0.255 network 172.10.1.255 network 10.3 network 172. 96 CCNA Routing and Switching Practice and Study Guide network 172.10.0.2.255 network 172.2 network 10.0.0 passive-interface g0/0 passive-interface g0/1 !B3!!!!!!!!!!! router eigrp 1 eigrp router-id 3.0 no network 172.255 network 10.0.252 0.16.indb 96 3/12/14 7:51 AM .13.0 0. document the network commands you would configure if the policy stated that you must also configure the wildcard mask for each interface participating in the EIGRP routing domain.1.0.0 network 172.16.0 network 10.10.16.16.0.16.0.8.0.0 0.0 0.0.0.0.0.0.0 network 10.0.3 !HQ!!!!!!!!!!! router eigrp 1 no network 10.248 0.3.248 0.0 passive-interface g0/0 passive-interface g0/1 Now.0.3 network 10.0 no network 172.0 network 172.0 network 10.0.0.0.12.16.0.3 !B3!!!!!!!!!!! router eigrp 1 no network 10.0 0.0 0.2.0.0.16.1.10.10. !B1!!!!!!!!!!! router eigrp 1 no network 10.0.16.255 network 10.1.0 passive-interface g0/0 passive-interface g0/1 !HQ!!!!!!!!!!! router eigrp 1 eigrp router-id 2.255 network 172. K4=0. Example 7-1 EIGRP Neighbor Table for HQ HQ# show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(1) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 1 172. Because this configuration was done on a router with IOS 15. Use the show ip eigrp neighbors command to view the neighbor table and verify that EIGRP has established an adjacency with its neighbors. auto- matic summarization is disabled by default.2.254 Se0/0/1 14 00:28:35 2 100 0 33 0 172.1. Example 7-2 Verifying EIGRP Is Enabled on HQ HQ# show ip protocols *** IP Routing is NSF aware *** Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP-IPv4 Protocol for AS(1) Metric weight K1=1.250 Se0/0/0 10 00:28:48 1 100 0 36 As with OSPF. This command enables you to verify and trou- bleshoot EIGRP.1. Example 7-1 shows the neighbor table for HQ. routers must establish adjacencies with their neighbors. Chapter 7: EIGRP 97 Verifying EIGRP with IPv4 Before any updates can be sent or received by EIGRP. EIGRP routers establish adjacencies with neighbor routers by exchanging EIGRP Hello packets. K5=0 NSF-aware route hold timer is 240 Router-ID: 2.indb 97 3/12/14 7:51 AM .2 Topology : 0 (base) Active Timer: 3 min Distance: internal 90 external 170 Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1 Automatic Summarization: disabled Maximum path: 4 instructor. you can use the show ip protocols command shown in Example 7-2 to verify that EIGRP is enabled.16. K3=1.1. K2=0.16.2. 2 masks D 172.246.0.10.10.0.0.1.1.4.10.1.0.4.1.249.0/16 is variably subnetted. 98 CCNA Routing and Switching Practice and Study Guide Routing for Networks: 10.1.0/22 10.250 90 00:29:47 Distance: internal 90 external 170 Another way to verify that EIGRP and other functions of the router are configured properly is to examine the routing tables with the show ip route command.248/30 172. Serial0/0/0 D 10.16.0/24 [90/2684416] via 172. notice that the output begins at the “Gateway of last resort is not set” statement.249.0/8 is variably subnetted.16. 5 subnets.16.10.16.16.252/30 Passive Interface(s): GigabitEthernet0/0 GigabitEthernet0/1 Routing Information Sources: Gateway Distance Last Update 172.1.0/24 [90/2684416] via 172.249.10.indb 98 3/12/14 7:51 AM .16. 8 subnets. Serial0/0/0 D 10. which stands for DUAL.16. Serial0/0/0 D 10.0/22 [90/2172416] via 172.16.13.249.0/22 [90/2172416] via 172. 00:43:44.0. What command generated this output? show ip route eigrp | begin Gateway Example 7-3 B1 Routing Table with EIGRP Routes B1# show ip route eigrp | begin Gateway Gateway of last resort is not set 10. 4 masks D 10. Serial0/0/0 172.10.1.16.1. EIGRP routes are denoted in the routing table with a D. Also.1. 00:43:31. Serial0/0/1 B1# instructor. 00:43:44.0/22 172. Example 7-3 shows output from the routing table for B1 with only the EIGRP routes shown.12.254 90 00:29:47 172. 00:43:31.16.16.252/30 [90/2681856] via 172.1. 00:00:05. 5) Packet Tracer .000 bps. This metric is a static value and is expressed in microseconds.2. The WIC-2T and HWIC-2T use the default value of 1. We will review modifying the band- width calculation to reflect actual values in the next chapter. which is the value for a T1 connection.2. EIGRP Metric Concepts List the values EIGRP uses in its composite metric to calculate the preferred path to a network: ■ Bandwidth ■ Delay ■ Reliability ■ Load Record the formula used to calculate the default EIGRP composite metric.indb 99 3/12/14 7:51 AM .Configuring Basic EIGRP with IPv4 (SN 7. This section reviews the values of the EIGRP metric and how EIGRP performs the calculation to arrive at the metric displayed in the routing table. Table 7-3 Interface Delay Values Media Delay Ethernet 1000 Fast Ethernet 100 Gigabit Ethernet 10 FDDI 100 T1 (serial default) 20.2. If actual bandwidth of the link dif- fers from the default value.4) Packet Tracer Activity Operation of EIGRP EIGRP uses the Diffusing Update Algorithm (DUAL) to select the best routes based on a com- posite metric. Delay is a measure of the time it takes for a packet to traverse a route.Configuring Basic EIGRP with IPv4 (SN 7. Default metric = [K1 * Bandwidth + K3 * Delay] * 256 What command can you use to change the default K values? Router(config-router)# metric weights tos k1 k2 k3 k4 k5 What command do you use to verify the K values used by EIGRP? show ip protocols What command enables you to verify the actual values of the EIGRP metric? show interface The bandwidth metric is displayed in Kbit (kilobits). Chapter 7: EIGRP 99 Lab .5/RP 4.000 instructor. you should modify the value.2.544.2.2.4/RP 4. Complete Table 7-3.2.2. The value may or may not reflect the actual physical bandwidth of the interface. 16. 8 subnets.0/22 [90/2172416] via 172. 2 masks D 172.0.1. because the EIGRP composite metric defaults to bandwidth and delay only.16.16. Serial0/0/0 D 10.10.16. Examine the following output for B1’s routing table shown in Example 7-4.249.13. 03:06:49.10.0/24 [90/2684416] via 172. reliabil- ity and load are not normally considered in the calculation of metric. However.000 1024 Kbps 20.249.16. A successor is a neighboring router that is used for packet forwarding and is the least-cost route to the destination network. DUAL Concepts Exercise Dual provides the following: ■ Loop-free paths ■ Loop-free backup paths which can be used immediately ■ Fast convergence ■ Minimum bandwidth usage with bounded updates Briefly explain the term successor. Serial0/0/0 D 10.000 56 Kbps 20. 03:06:49.indb 100 3/12/14 7:51 AM .1. 03:06:50. Serial0/0/0 D 10. Feasible distance (FD) is the lowest calculated metric to reach the destination network.252/30 [90/2681856] via 172.249.4.12.1.0/16 is variably subnetted.0/22 [90/2172416] via 172.1.249.0. 4 masks D 10. 100 CCNA Routing and Switching Practice and Study Guide Media Delay DS0 (64 Kbps) 20.10. 03:06:49. 5 subnets.1. Load is based on the worst value on a particular link and is computed based on packet rates. Briefly explain what is meant by feasible distance. 03:06:49. Serial0/0/0 instructor.1.16.249.16.0.10. Serial0/0/0 172.0.0/24 [90/2684416] via 172. Example 7-4 Feasible Distance and Successors in the B1 Routing Table B1# show ip route eigrp | begin Gateway Gateway of last resort is not set 10.0/8 is variably subnetted.000 Reliability is based on the worst value on a particular link and is computed based on keep- alives. 16. A .1.249.16.indb 101 3/12/14 7:51 AM .16. 1 successors.0/24? 2684416 Briefly explain the term feasible successor.1. FD is 3845120 via Connected. Serial0/0/0 P 172. Serial0/0/0 via 172. The successor. feasible distance. FD is 2684416 via 172. Example 7-5 Successors and Feasible Successors in the B1 Topology Table B1# show ip eigrp topology EIGRP-IPv4 Topology Table for AS(1)/ID(1.16. FD is 2681856 via 172. r . 1 successors.1.16.12. which is HQ What is the feasible distance to 10. This table can be viewed using the show ip eigrp topology command.1. The reported distance is the metric that a router reports to a neighbor about its own cost to that network. Serial0/0/0 P 172. The feasibility condition (FC) is met when a neighbor’s reported distance (RD) to a network is less than the local router’s feasible distance to the same destination network.1.Query.4.Active.246 (3847680/28160). Q .0/22.Reply.1.12.1.0/22? 172.16. Serial0/0/1 P 10. Serial0/0/1 instructor. GigabitEthernet0/0 P 172.10.244/30.10. s . Serial0/0/1 P 10.10. Serial0/0/0 via 172. Briefly explain reported distance. 1 successors.10. FD is 2172416 via 172.Update.12. R .10.1. and any feasible successors with their reported distances are kept by a router in its EIGRP topology table or topology database. 1 successors.249 (2172416/28160). Chapter 7: EIGRP 101 Answer the questions that follow: What is the IP address of the successor for network 10.16. 1 successors.0/23.1. The reported distance or advertised distance is simply an EIGRP neighbor’s feasible distance to the same destination network. FD is 28160 via Connected.1. 1 successors.Passive.249 (2681856/2169856). as shown in Example 7-5.249 (2684416/2172416).1.reply Status.1.0/24? 172.sia Status P 10.249.8.10.16.16.1) Codes: P .246 (4357120/2169856).4. FD is 2169856 via Connected.0/24.252/30.4. A backup path to other routers maintained in a separate table so that DUAL does not have to be recomputed when the successor becomes unavailable.10.0/22? 2172416 What is the IP address of the successor for network 10. A feasible successor satisfies the fea- sibility condition Briefly explain feasibility condition. which is HQ What is the feasible distance to 10. U .248/30.16. Serial0/0/1 P 10.249 What is the reported distance of the successor? 2172416 What is the feasible distance of the successor? 2684416 What is the IP address of the feasible successor? 172. What is the IP address of the successor? 172. what events cause those states.16. and what events result from those states.1. or routing algorithm will react to a set of input events.0/24.16.indb 102 3/12/14 7:51 AM .0/22. 1 successors. 1 successors.12.10.16.10.13. DUAL FSM Completion Exercise A finite state machine (FSM) is an abstract machine.249 (2172416/28160). Designers use FSMs to describe how a device. GigabitEthernet0/1 The topology table lists all successors and feasible successors that DUAL has calculated to des- tination networks.0. instructor.246 (3847680/28160). Figure 7-7 is a simplified flowchart of DUAL’s FSM.16.10. Serial0/0/0 via 172.. What happens if an EIGRP router doesn’t have feasible successor in the topology table and the router loses connection to the successor? Then DUAL must be recomputed and neighbors queried for a possible backup route. FSMs define a set of possible states that something can go through.1. Fill in the flowchart with the states EIGRP moves through when it loses connectivity with a successor. FD is 2172416 via 172.249 (2684416/2172416).1. 1 successors.0/24.0/23.1.10.. not a mechanical device with moving parts. The flowchart should serve as a visual study aid to help you remember how DUAL converges on new routes. FD is 2684416 via 172. FD is 28160 via Connected.16. 102 CCNA Routing and Switching Practice and Study Guide P 10. computer program.1.10. Serial0/0/0 P 10.246 What is the reported distance of the feasible successor? 28160 What is the feasible distance of the feasible successor? 3847680 Notice that the reported distance of the feasible successor is less than the feasible distance of the successor. Use the partial output in Example 9-5 to answer the following questions: For route 10. Chapter 7: EIGRP 103 Figure 7-7 DUAL FSM Flowchart Lost Connectivity to Successor Yes No Yes No instructor.indb 103 3/12/14 7:51 AM . instructor. in Network from Topology Topology Table and Routing Tables 7. No need to configure network statements. assigning a router ID. or both.4. EIGRP for IPv6.3.4 Packet Tracer . indicate whether an EIGRP feature is associated with EIGRP for IPv4. Configuring EIGRP for IPv6 is actually easier than IPv4.indb 104 3/12/14 7:51 AM .Investigating DUAL FSM Configuring EIGRP for IPv6 EIGRP for IPv4 and EIGRP for IPv6 are almost identical in their operation. Then enable EIGRP on each interface you want to participate in the EIGRP routing process. Comparing EIGRP for IPv4 and EIGRP for IPv6 In Table 7-4. 104 CCNA Routing and Switching Practice and Study Guide Figure 7-7 DUAL FSM Flowchart (answer) Lost Connectivity to Successor Yes Feasible No Place Destination Promote to Successor Successor? Network in Active State Install Successor in Routing Table Yes One or More Query Neighbors for Select New Successor New Routes? New Route No Install Feasible Remove Destination Successor(s). Simply enable EIGRP for IPv6 globally. if any. 0.10 multicast X FF02::10 multicast X Configuring and Verifying EIGRP for IPv6 The steps to configure EIGRP for IPv6 are as follows: Step 1.indb 105 3/12/14 7:51 AM . Instructor Note: Although not required of the student. Step 2. and bounded updates X Neighbor discovery: Hello packets X 224. partial.2.2. !HQ!!!!!!!!!!! en conf t ipv6 unicast-routing ipv6 router eigrp 1 eigrp router-id 2. the IPv6 interface addressing is also including in the following scripts. With those steps in mind. Chapter 7: EIGRP 105 Table 7-4 Comparing EIGRP for IPv4 and IPv6 Features EIGRP for IPv4 EIGRP for IPv6 Both Advertised IPv4 networks X Advertised IPv6 networks X Distance vector X DUAL algorithm X Default metric: bandwidth and delay X Transport protocol: RTP X Incremental.0. document the configurations for each router shown in Figure 7-6. Enable IPv6 routing.2 no shutdown interface g0/0 ipv6 address 2001:db8:1:1::1/64 ipv6 address fe80::2 link-local ipv6 eigrp 1 no shutdown interface g0/1 ipv6 address 2001:db8:1:2::1/64 ipv6 address fe80::2 link-local ipv6 eigrp 1 no shutdown interface s0/0/0 ipv6 address 2001:db8:f:1::1/64 ipv6 address fe80::2 link-local instructor. Step 3. Enable the interfaces that are to participate in EIGRP for IPv6. Enable EIGRP for IPv6 globally and configure the router ID. 3.3.3 instructor. 106 CCNA Routing and Switching Practice and Study Guide ipv6 eigrp 1 no shutdown interface s0/0/1 ipv6 address 2001:db8:f:2::1/64 ipv6 address fe80::2 link-local ipv6 eigrp 1 no shutdown int lo0 ipv6 address 2001:db8:f:f::1/64 end !B1!!!!!!!!!!! en conf t ipv6 unicast-routing ipv6 router eigrp 1 eigrp router-id 1.indb 106 3/12/14 7:51 AM .1 no shutdown interface g0/0 ipv6 address 2001:db8:1:3::1/64 ipv6 address fe80::1 link-local ipv6 eigrp 1 no shutdown interface g0/1 ipv6 address 2001:db8:1:4::1/64 ipv6 address fe80::1 link-local ipv6 eigrp 1 no shutdown interface s0/0/0 ipv6 address 2001:db8:f:1::2/64 ipv6 address fe80::1 link-local ipv6 eigrp 1 no shutdown interface s0/0/1 ipv6 address 2001:db8:f::1/64 ipv6 address fe80::1 link-local ipv6 eigrp 1 no shutdown end !B3!!!!!!!!!!! en conf t ipv6 unicast-routing ipv6 router eigrp 1 eigrp router-id 3.1.1. K4=0.indb 107 3/12/14 7:51 AM . process ID. router ID. K2=0. K3=1. and administrative distances? B1# show ipv6 protocols IPv6 Routing Protocol is "connected" IPv6 Routing Protocol is "eigrp 1" EIGRP-IPv6 Protocol for AS(1) Metric weight K1=1. Chapter 7: EIGRP 107 no shutdown interface g0/0 ipv6 address 2001:db8:1:5::1/64 ipv6 address fe80::3 link-local ipv6 eigrp 1 no shutdown interface g0/1 ipv6 address 2001:db8:1:6::1/64 ipv6 address fe80::3 link-local ipv6 eigrp 1 no shutdown interface s0/0/0 ipv6 address 2001:db8:f::2/64 ipv6 address fe80::3 link-local ipv6 eigrp 1 no shutdown interface s0/0/1 ipv6 address 2001:db8:f:2::2/64 ipv6 address fe80::3 link-local ipv6 eigrp 1 no shutdown end What command enables you to verify adjacency with other EIGRP routers? B1# show ipv6 eigrp neighbors EIGRP-IPv6 Neighbors for AS(1) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 1 Link-local address: Se0/0/1 11 00:14:52 1 186 0 50 FE80::3 0 Link-local address: Se0/0/0 12 00:14:53 1 100 0 25 FE80::2 What command enables you to display the EIGRP parameters.1.1 Topology : 0 (base) Active Timer: 3 min instructor.1. including the K values. K5=0 NSF-aware route hold timer is 240 Router-ID: 1. Serial0/0/0 D 2001:DB8:1:6::/64 [90/2684416] via FE80::2.ND Default.OSPF Inter. Serial0/0/0 Lab .Static.Configuring Basic EIGRP for IPv6 (SN 7.4. IS .3. S . L .ISIS summary. Serial0/0/0 D 2001:DB8:1:5::/64 [90/2684416] via FE80::2.4.indb 108 3/12/14 7:51 AM . H . Serial0/0/0 D 2001:DB8:1:2::/64 [90/2172416] via FE80::2. IA .5) Packet Tracer .ISIS interarea. R .3. 108 CCNA Routing and Switching Practice and Study Guide Distance: internal 90 external 170 Maximum path: 16 Maximum hopcount 100 Maximum metric variance 1 Interfaces: Serial0/0/0 Serial0/0/1 GigabitEthernet0/0 GigabitEthernet0/1 Redistribution: None IPv6 Routing Protocol is "ND" What command enables you to verify the EIGRP routes are installed in the routing table? B1# show ipv6 route eigrp IPv6 Routing Table . Serial0/0/0 D 2001:DB8:F:2::/64 [90/2681856] via FE80::2.default . ND .ISIS L2.5/RP 4.Local.ND Prefix.5) Packet Tracer Activity instructor.OSPF ext 1 OE2 . O .3.Redirect. NDp .ISIS L1 I2 . I1 .Destination NDr .Connected.Per-user Static route B .BGP.14 entries Codes: C . OE1 .4.4.OSPF ext 2. U .OSPF NSSA ext 2 D 2001:DB8:1:1::/64 [90/2172416] via FE80::2. D . ON2 . DCE .RIP.3.OSPF NSSA ext 1.OSPF Intra.EIGRP external.4/RP 4.EIGRP EX . ON1 . OI .NHRP.Configuring Basic EIGRP with IPv6 (SN 7. instructor. CHAPTER 8 EIGRP Advanced Configurations and Troubleshooting This chapter reviews the various ways you can adjust your Enhanced Interior Gateway Routing Protocol (EIGRP) implementation to provide additional capabilities and functionality. In addition. trou- bleshooting EIGRP is also covered.indb 109 3/12/14 7:51 AM . 10. Automatic summarization is disabled by default in IOS 15 and later.0. What command including the router prompt will enable automatic summarization? Router(config-router)# auto-summary instructor. Table 8-1 Determine the Classful Networks Advertised by an EIGRP Router Subnets Classful Networks 10.0 WAN links.1. record the classful address advertised by the router for each listing of subnets.0/23 10.0. so the update from the neighbor is stored in the topology table.0. automatic summarization in EIGRP was enabled by default.16. 110 CCNA Routing and Switching Practice and Study Guide Advanced EIGRP Configurations Now that you are familiar with the basic configuration and verification commands for imple- menting EIGRP. 192.0/24.2. the addressing scheme is dis- contiguous.168.2.10.1.0.10.0.168. this section focuses on ways you can tweak the implementation to improve performance.0/16 192. In Table 8-1. they will not advertise the specific sub- nets that belong to 10.128/25.1.12.16. 192. enable load balancing. Automatic Summarization Before Cisco IOS 15.128/25 EIGRP automatic summarization should be used only if you are absolutely sure that you do not have any discontiguous subnets. Automatic summarization occurs at classful boundaries.168. Assume an EIGRP router is using automatic summarization. B.0/25.0/22 172. 192.0/24 10.0/8 address space.168.2(33).0/24.0/24 B1 B3 If you enable automatic summarization on the routers.indb 110 3/12/14 7:51 AM . they automatically sum- marize the subnets to 10. Instead.0.252/30 10.0.0/22 HQ 172.10.10.16. 10.16.01(1)M and 12.8.0.0/25.168.16.248/30 172. or C network will only advertise that network.0/24.1.0/8 across the 172.1.10.18.0/8 and advertise the classful network.0/24 192.10.0/22. But each router already has a link in the 10. in Figure 8-1. 10. So an EIGRP router with several sub- nets of a Class A.0/8 172.2. Figure 8-1 EIGRP Automatic Summarization Topology with Discontiguous Subnets 10.16. No routes to the subnets are installed.0.0. 172.11. Briefly explain the concept of automatic summarization.12.0.16. 192. and authenticate updates between EIGRP neighbors.168. For example. 254 90 00:01:30 172.16.1.0.indb 111 3/12/14 7:51 AM .2. K2=0.16.0/16 for Gi0/0 Summarizing 2 components with metric 2169856 10.0.0. use the show ip eigrp topology all-links command to generate the output displayed in Example 8-2.0 Routing Information Sources: Gateway Distance Last Update 172. K4=0. Se0/0/1 Summarizing 1 component with metric 28160 Maximum path: 4 Routing for Networks: 10.16.0 172. Example 8-1 Verifying Automatic Summarization Is in Effect HQ# show ip protocols *** IP Routing is NSF aware *** Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP-IPv4 Protocol for AS(1) Metric weight K1=1.0. K3=1.250 90 00:01:30 Distance: internal 90 external 170 To view the entire EIGRP topology table for HQ.1.0/8 for Se0/0/0. Chapter 8: EIGRP Advanced Configurations and Troubleshooting 111 You can verify whether automatic summarization is enabled with the show ip protocols com- mand displayed in Example 8-1 for HQ from Figure 8-1. instructor.16.2. K5=0 NSF-aware route hold timer is 240 Router-ID: 2.0.0.2 Topology : 0 (base) Active Timer: 3 min Distance: internal 90 external 170 Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1 Automatic Summarization: enabled 172. 0/16 is a summary. U .Reply. GigabitEthernet0/0 You can see that HQ has a route for 10. 3 masks D 172.0/16 is variably subnetted.0.0.16. This will help reduce the size of routing tables. Q .0/22. Serial0/0/1 P 172.250 (2172416/28160). FD is 2169856.Update.248/30.0. The Null0 interface is installed in the routing table to prevent routing loops. Example 8-3 Verifying the Summary Route Installed on HQ HQ# show ip route eigrp | begin Gateway Gateway of last resort is not set 10. FD is 28160. Manual Summarization In EIGRP design scenarios where it is not desirable to prevent discontiguous subnets. 5 subnets. Serial0/0/1 P 10. Serial0/0/0 via 172.0.Query. This is the route installed and used by HQ.252/30.0/8 is variably subnetted.0. 00:09:01. R .1.254 (2172416/28160). Serial0/0/0 P 172. serno 8 via Connected. 1 successors.16. s .2.Active. 112 CCNA Routing and Switching Practice and Study Guide Example 8-2 Viewing the Complete EIGRP Topology Table HQ# show ip eigrp topology all-links EIGRP-IPv4 Topology Table for AS(1)/ID(2.indb 112 3/12/14 7:51 AM .1.0. you may still want to encourage scalable designs so that you can take advantage of EIGRP’s manual summarization. 3 subnets. A .Passive.16. Null0 172. FD is 2169856.0.0. 1 successors. FD is 2169856. as verified with the show ip route eigrp command displayed in Example 8-3.0/16.16.reply Status. Null0 P 10. serno 4 via Summary (2169856/0).1. r .sia Status P 172. Null0 Briefly explain the purpose of the Null0 interface.0. serno 1 via Connected. instructor.16. serno 2 via Connected.10. 3 masks D 10.0.0. However.0/8.2) Codes: P . 00:08:42. serno 3 via Summary (28160/0). 1 successors.0. Null0 via 172. 1 successors.16.1. it also has its own summary route with a better metric.16.0/8 is a summary.2. FD is 28160.0/8 from both B1 and B3 in its topology table. 1 successors. 165. Step 3. “EIGRP.10. now the topology shows the contracted bandwidth rates on each of the serial interfaces.” However. find all the bits that match consecutively. Figure 8-2 Dual-Stack EIGRP Topology with Bandwidths 10.244/30 10. which in this example is 22. Count the number of far-left matching bits.10. instructor.10.4.10. When there is a column of bits that do not match. start with the far-left bit. Once you have your summary.0/22 2001:DB8:1:1::/64 2001:DB8:1:2::/64 209. each router can summarizes the two local LANs into one summary route.0/22 10.10. In Figure 8-2. Note: The bandwidths shown in Figure 8-2 are not realistic for today’s network implementations that require gigabit speeds across WAN links. use the same technique you used to calculate a IPv4 static summary routes: Step 1. Each interface that will send out an EIGRP update should have the command. This number is used to determine the subnet mask for the summarized route: /22 or 255.0.10.indb 113 3/12/14 7:51 AM .16.10. This is the summary boundary. These bandwidths are used for simplicity.13.0/24 10. Step 4.1. copy the matching 22 bits and add all 0 bits to the end to make 32 bits.0.16.1. Step 6. Calculate the summary routes for each route and record the commands to configure the serial interfaces.8.252/30 2001:DB8:F:1::/64 2001:DB8:F:2::/64 10.255.0/30 G0/1 G0/0 2001:DB8:F:F::/64 Lo0 Internet S0/0/0 HQ S0/0/1 172. Step 2. We will use that information later to tune how EIGRP chooses the best route. Chapter 8: EIGRP Advanced Configurations and Troubleshooting 113 IPv4 Manual Summarization Figure 8-2 shows the same EIGRP topology we used in Chapter 7. To find the subnet mask for summarization.1.252. To find the network address for summarization.201.16. Step 5.0/24 2001:DB8:1:4::/64 G0/1 G0/1 2001:DB8:1:6::/64 2001:DB8:F::/64 To calculate the IPv4 summary routes.248/30 172. stop. Working from left to right.12. configure the desired interfaces with the ip summary-address eigrp command.0/23 2001:DB8:1:5::/64 2001:DB8:1:3::/64 768 kbps 512 kbps S0/0/0 S0/0/1 128 kbps G0/0 G0/0 B1 S0/0/1 S0/0/0 B3 10. Write out the networks to be summarized in binary.0/23 172. 0.0/8 is variably subnetted.0/22 Command to configure Serial 0/0/0 and Serial 0/0/1: ip summary-address eigrp 1 10.12.10.16.254. Note: We have not yet configured the bandwidth values shown in Figure 8-2.12.0/21 [90/2172416] via 172.0.8.10.252.0/22 10.10.10.250.8.10.249. 4 masks D 10.0/8 is variably subnetted.16.0 B3 Summary Route: 10.10. 2 masks D 172. 00:01:43.16. 00:00:54.0 The following calculations focus on the third octet: HQ B1 B3 00000000 00001000 00001100 LAN 2 00000100 00001010 00001101 Summary Route 10.0 B1 Summary Route: 10.1. Serial0/0/0 B1# show ip route eigrp | begin Gateway Gateway of last resort is not set 10.10.255.0/22 is a summary.0.0/21 10.0/16 is variably subnetted.0/23 [90/2172416] via 172.10. 00:06:50. 00:01:43. your EIGRP routing tables should look like Example 8-4. 00:06:21.10.12.10.10. 00:01:13. 4 masks D 10.254.255. Null0 instructor.8.16.1.1.1.10.0/23 Command to configure Serial 0/0/0 and Serial 0/0/1: ip summary-address eigrp 1 10. 114 CCNA Routing and Switching Practice and Study Guide HQ Summary Route: 10.254.16.0.0/23 If you are following along in a simulator or on lab equipment.0.8.248.0.16.0. 7 subnets.0.0/21 Command to configure Serial 0/0/0 and Serial 0/0/1: ip summary-address eigrp 1 10.10.0 255. Null0 D 10. 5 subnets.12.0/22 [90/2172416] via 172. Serial0/0/0 D 10. 00:01:43.0.10.244/30 [90/2681856] via 172. Serial0/0/0 D 10. Example 8-4 EIGRP Routing Tables with Manual Summarization in Effect HQ# show ip route eigrp | begin Gateway Gateway of last resort is not set 10.1. 7 subnets.0 255. Serial0/0/1 172.16.255.8.indb 114 3/12/14 7:51 AM .0.250.0 255.1. Serial0/0/1 [90/2681856] via 172.0/21 is a summary. Serial0/0/0 D 10.12. which does not exist in IPv6.253.16.248/30 [90/2681856] via 172. You can manually configure IPv6 summary routes. a summary route on B1 would include all the IPv6 LANs in the topology.16.16.1. The calcula- tion focuses on the fourth hextet since it is the one that is changing: 0000 0000 0000 0100 --> included in summary (B1 LAN) 0000 0000 0000 0101 --> B3 LAN 0000 0000 0000 0110 --> B3 LAN 0000 0000 0000 0111 --> included in a B1 summary.0/16 is variably subnetted.16.16.0. 2 masks D 172. Chapter 8: EIGRP Advanced Configurations and Troubleshooting 115 D 10. Null0 172.1. 2 masks D 172.0/23 [90/2172416] via 172.0/22 [90/2172416] via 172. Serial0/0/1 [90/2681856] via 172. 5 masks D 10.12. 5 subnets. 00:00:54.10.1.10.0.246. Automatic summarization is based on classful addressing.245.252/30 [90/2681856] via 172. 00:00:54.0. Serial0/0/1 B3# show ip route eigrp | begin Gateway Gateway of last resort is not set 10.1. 00:00:48. 2001:DB8:1:4::/64.1.246. For example. If you summarized the IPv6 LANs on any of the routers.16.1. 5 subnets. But it would also include additional address space summarized by B1 if B1 also configured an IPv6 manual summary route. Serial0/0/1 D 10. Serial0/0/1 172.1.16.16.16.8.1. 00:00:48. 0000 0000 0000 0000 0000 0000 0000 0001 --> HQ LAN 0000 0000 0000 0010 --> HQ LAN 0000 0000 0000 0011 --> B1 LAN 0000 0000 0000 0100 --> B1 LAN 0000 0000 0000 0101 --> B3 LAN 0000 0000 0000 0110 --> B3 LAN 0000 0000 0000 0111 instructor. if configured You can see that this summary would include the B1 IPv6 LAN. you would be including IPv6 LANs from one or both of the other routers. 00:00:54. the summary for the IPv6 LANs on B3 would be 2001:DB8:1:4::/62. In fact. 00:00:48.1.245. Serial0/0/0 IPv6 Manual Summarization Briefly explain why IPv6 does not support automatic summarization.0/16 is variably subnetted.10. the IPv6 addressing in Figure 8-2 was not designed for summary routes. Serial0/0/0 [90/2681856] via 172.249.0.0/23 is a summary.0/21 [90/2172416] via 172. However. 00:00:19. 7 subnets.indb 115 3/12/14 7:51 AM .0/8 is variably subnetted.16.16. 00:00:48.10.0.253. Prove this using the following workspace to calculate what the IPv6 summary route would be for B1. 06:04:19.1.0.0 0.1. 116 CCNA Routing and Switching Practice and Study Guide What would be the summary route for B1? 2001:DB8:1::/61 Packet Tracer Packet Tracer .1.10.5/RP 5. Serial0/0/0 [90/2681856] via 172. 5 subnets. HQ(config)# ip route 0.1.249 to network 0.0/0 [170/2297856] via 172.10.0.0. 06:04:19.10.0/23 [90/2172416] via 172.5) Default Route Propagation Propagating a default route in EIGRP requires one additional command in your EIGRP configu- ration.249.2. including the router prompt.0.2. Serial0/0/0 D 2001:DB8:1:1::/64 [90/2172416] via FE80::2.249.12.0.0/21 [90/2172416] via 172.252/30 [90/2681856] via 172. for both IPv4 and IPv6? IPv4: Router(config-router)# redistribute static IPv6: Router(config-rtr)# redistribute static Figure 8-2 is using a Loopback interface to simulate a connection to the Internet.249.Configuring EIGRP Manual Summary Routes for IPv4 and IPv6 (SN Activity 8. Serial0/0/0 D 10.16.246.16.16.0.0. and redistribute the routes to B1 and B3.16. 00:05:31.0.0/16 is variably subnetted. 06:04:19.0 Lo0 HQ(config)# ipv6 route ::/0 Lo0 HQ(config)# router eigrp 1 HQ(config-router)# redistribute static HQ(config-router)# ipv6 router eigrp 1 HQ(config-rtr)# redistribute static If you are following along in a simulator or on lab equipment.246.16.16. Serial0/0/1 172. 7 subnets.indb 116 3/12/14 7:51 AM .8. Record the commands to configure an IPv4 default route. IPv6 default route.1.0. 06:04:19.0.0/8 is variably subnetted. 00:12:58. Serial0/0/1 B1# show ipv6 route eigrp | begin EX ::/0 EX ::/0 [170/2169856] via FE80::2.0/22 is a summary.1.1.0. Serial0/0/0 instructor. 2 masks D 172. Null0 D 10.16.0 D*EX 0. What is the command. 4 masks D 10.1.1. your verification output for B1 and B3 should look like Example 8-5.0.16. Example 8-5 EIGRP Routing Tables with Default Route Propagation B1# show ip route eigrp | begin Gateway Gateway of last resort is 172. Serial0/0/0 10. Serial0/0/0 D 2001:DB8:1:6::/64 [90/2172416] via FE80::3.1. Serial0/0/1 B1# ping 209. 100-byte ICMP Echos to 2001:DB8:F:F::1. 00:13:32. round-trip min/avg/max = 1/1/4 ms B1# ping 2001:db8:f:f::1 Type escape sequence to abort. Serial0/0/0 D 10.0/23 is a summary.10.16. Serial0/0/1 D 2001:DB8:1:2::/64 [90/2172416] via FE80::2. Serial0/0/1 D 2001:DB8:F:2::/64 [90/2681856] via FE80::2. 100-byte ICMP Echos to 209.201.1. 06:04:52.0/22 [90/2172416] via 172.16. Chapter 8: EIGRP Advanced Configurations and Troubleshooting 117 D 2001:DB8:1:2::/64 [90/2172416] via FE80::2.0/0 [170/2297856] via 172.0.0.1. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5).10. Serial0/0/0 via FE80::3. 5 masks D 10.0. Serial0/0/0 via FE80::2. 06:04:52.12. Serial0/0/1 B3# ping 209.253.10. 06:05:05. 7 subnets.16. 5 subnets.0.165. 06:04:52.248/30 [90/2681856] via 172.165.0.0.0/21 [90/2172416] via 172.1. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). Serial0/0/1 [90/2681856] via 172.1 Type escape sequence to abort.0/16 is variably subnetted. 2 masks D 172.16.0 D*EX 0. Serial0/0/0 B3# show ipv6 route eigrp | begin EX ::/0 EX ::/0 [170/2169856] via FE80::2.1.1. instructor. Null0 172.16.253.165.201.16. Serial0/0/1 D 2001:DB8:1:1::/64 [90/2172416] via FE80::2.1. Sending 5. round-trip min/avg/max = 1/1/4 ms B3# show ip route eigrp | begin Gateway Gateway of last resort is 172. Sending 5.201. Serial0/0/1 D 10.0.8.16.0/8 is variably subnetted.0.245.1 Type escape sequence to abort.indb 117 3/12/14 7:51 AM .1.253. Serial0/0/1 10.245.253 to network 0. Serial0/0/1 D 2001:DB8:1:4::/64 [90/2172416] via FE80::1.16. 06:04:52. Serial0/0/0 D 2001:DB8:F:1::/64 [90/2681856] via FE80::1. Router(config-if)# ip hold-time eigrp as-number seconds EIGRP has different default Hello intervals and holdtimes based on the type of link. Record the full syntax for this command.Propagating a Default Route in EIGRP for IPv4 and IPv6 Fine-Tuning EIGRP Interfaces Bandwidth Utilization By default. Router(config-if)# ip bandwidth-percent eigrp as-number percent This command uses the amount of configured bandwidth (or the default bandwidth) when cal- culating the percent that EIGRP can use.indb 118 3/12/14 7:51 AM .544 Mbps Multipoint Frame Relay 60 seconds 180 seconds Greater Than T1. Ethernet 5 seconds 15 seconds 1. make sure that you also change the holdtime to a value equal to or greater than the Hello interval. The ip bandwidth-percent eigrp command can be used to configure the percentage of band- width that may be used by EIGRP on an interface. EIGRP will use only up to 50 percent of the bandwidth of an interface for EIGRP information.1. Sending 5.3.201.1. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). This prevents the EIGRP process from overutilizing a link and not allowing enough bandwidth for the routing of normal traffic.4 Packet Tracer . neighbor adjacency will go down after the holdtime expires and before the next Hello interval. Complete Table 8-2 with the default values. round-trip min/avg/max = 1/2/4 ms B3# ping 2001:db8:f:f::1 Type escape sequence to abort. Router(config-if)# ip hello-interval eigrp as-number seconds If you change the Hello interval.165. 100-byte ICMP Echos to 2001:DB8:F:F::1. 100-byte ICMP Echos to 209. 118 CCNA Routing and Switching Practice and Study Guide Sending 5. Record the command to configure a different holdtime.544 Mbps instructor. Hello Intervals and Holdtimes Hello intervals and holdtimes are configurable on a per-interface basis and do not have to match with other EIGRP routers to establish adjacencies. Table 8-2 Default Hello Intervals and Holdtimer for EIGRP Bandwidth Example Link Default Hello Interval Default Holdtime 1. Otherwise. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). round-trip min/avg/max = 1/1/4 ms 8. Record the command to configure a different Hello interval. Example 8-6 EIGRP Routing Tables After Bandwidth Configuration B1# show ip route eigrp | begin Gateway Gateway of last resort is 172.1.10. Notice that B1 and B3 are no longer using the 128-Kbps link to route to each other’s LANs.1.249.0/8 is variably subnetted.249. 7 subnets.16. Record the commands to configure the routers with the correct bandwidth values. 00:05:50. 00:05:21. Serial0/0/0 D 10.10. You can see load balancing in effect in the routing tables shown in previous Examples 8-4 and 8-5.0.0/22 is a summary. Serial0/0/0 D 2001:DB8:1:1::/64 [90/3847680] via FE80::2. they are each using the faster path through HQ.16.0.1.1. 5 subnets.0/23 [90/6026496] via 172. Serial0/0/0 10.0/16 is variably subnetted.16.16.0 D*EX 0. 4 masks D 10.indb 119 3/12/14 7:51 AM . By default.0. Load balancing is the ability of a router to use all local interfaces that routes with the same metric to a destination address.12.0/21 [90/3847680] via 172.0.0.249. 00:05:21.10.249 to network 0.252/30 [90/6023936] via 172.0.16. HQ(config)# int s0/0/0 HQ(config-if)# bandwidth 768 HQ(config-if)# int s0/0/1 HQ(config-if)# bandwidth 512 B1(config)# int s0/0/0 B1(config-if)# bandwidth 768 B1(config-if)# int s0/0/1 B1(config-if)# bandwidth 128 B3(config)# int s0/0/0 B3(config-if)# bandwidth 128 B3(config-if)# int s0/0/1 B3(config-if)# bandwidth 512 Once the routers are properly configured with the actual bandwidth values. Instead. The reason EIGRP is load balancing is that we have not configured the actual bandwidth shown in Figure 8-2.8.0/0 [170/3973120] via 172. Serial0/0/0 instructor. EIGRP recalculates the metrics and installs the best route in the routing table.16.16.1.0. EIGRP uses up to four equal-cost paths to load balance traffic. Null0 D 10. Serial0/0/0 172.1. Serial0/0/0 B1# show ipv6 route eigrp | begin EX ::/0 EX ::/0 [170/3845120] via FE80::2.0. 2 masks D 172. 00:05:50. 00:05:31.249. Chapter 8: EIGRP Advanced Configurations and Troubleshooting 119 Load Balancing Briefly describe equal-cost load balancing. as shown in Example 8-6. 00:06:11. Serial0/0/1 10.1. 00:05:43. Serial0/0/1 D 10.8.253.0. Serial0/0/0 D 2001:DB8:1:6::/64 [90/6026496] via FE80::2. Serial0/0/1 D 2001:DB8:1:1::/64 [90/5514496] via FE80::2.1.253.0/23 is a summary. Create a keychain and key. 5 subnets.1. Serial0/0/1 D 2001:DB8:1:4::/64 [90/6026496] via FE80::2.12. Router(config)# key chain name-of-chain Router(config-keychain)# key key-id Router(config-keychain-key)# key-string key-string-text instructor.indb 120 3/12/14 7:51 AM .253.0/21 [90/5514496] via 172. Serial0/0/0 B3# show ip route eigrp | begin Gateway Gateway of last resort is 172. The steps to configure EIGRP with MD5 authentication are as follows: Step 1.0. 2 masks D 172.253 to network 0.0/22 [90/6026496] via 172.0/16 is variably subnetted.0.10. Serial0/0/1 D 2001:DB8:F:1::/64 [90/6023936] via FE80::2.1. Serial0/0/1 D 2001:DB8:1:2::/64 [90/5514496] via FE80::2.16.0.10. 00:05:43. 120 CCNA Routing and Switching Practice and Study Guide D 2001:DB8:1:2::/64 [90/3847680] via FE80::2.16.16.0 D*EX 0.10.16.0. Record the command syntax including the router prompt to configure a keychain and key. Serial0/0/1 Securing EIGRP Routing Updates In most production networks.253. Serial0/0/1 B3# show ipv6 route eigrp | begin EX ::/0 EX ::/0 [170/5511936] via FE80::2.248/30 [90/6023936] via 172.0. you would want to configure the EIGRP routers to authenticate updates received from neighbors.1.0/8 is variably subnetted. Serial0/0/0 D 2001:DB8:F:2::/64 [90/6023936] via FE80::2.16. Serial0/0/1 D 10.0. 00:05:43. 00:05:43. Null0 172.1. 5 masks D 10.16.16.0/0 [170/5639936] via 172.0. 7 subnets. the IPv4 version of the troubleshooting commands for EIGRP are listed.5) Troubleshoot EIGRP This section reviews the tools and procedures to troubleshoot EIGRP issues. Indicate which command or commands you would use to answer each of the questions.5/RP 5.Configuring Advanced EIGRP for IPv4 Features (SN 8. Use MYKEY as the keychain name. including the router prompt.1.16.1. Assume that B1 and B3 are already configured. Router(config)# interface type number Router(config-if)# ip authentication mode eigrp as-num md5 Router(config-if)# ip authentication key-chain eigrp as-num name-of-chain Now record the commands to configure HQ to authenticate updates from B1 and B3.254 Se0/0/1 13 00:07:09 3 288 0 59 Lab . and cisco123 as the key string.5. Record the command syntax. to configure EIGRP authentication using the keychain and key. Configure EIGRP authentication to use the keychain and key.250 Se0/0/0 10 00:06:25 2 192 0 59 0 172. Chapter 8: EIGRP Advanced Configurations and Troubleshooting 121 Step 2.5.indb 121 3/12/14 7:51 AM . 1 as the key ID. The same commands are available for IPv6.1. HQ(config)# key chain MYKEY HQ(config-keychain)# key 1 HQ(config-keychain-key)# key-string cisco123 HQ(config-keychain-key)# int s0/0/0 HQ(config-if)# ip authentication mode eigrp 1 md5 HQ(config-if)# ip authentication key-chain eigrp 1 MYKEY HQ(config-if)# int s0/0/1 HQ(config-if)# ip authentication mode eigrp 1 md5 HQ(config-if)# ip authentication key-chain eigrp 1 MYKEY Use the show ip eigrp neighbors command as displayed in Example 8-7 to verify that HQ has reestablished adjacency with B1 and B3. Commands for Troubleshooting EIGRP In Table 8-3. Example 8-7 Verifying EIGRP Authentication HQ# show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(1) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 1 172.1. instructor.16. 245 YES manual up up instructor.1.16.1 YES manual up up Serial0/0/0 172.16. Use the output in Example 8-8 to trouble- shoot the first issue.250 YES manual up up Serial0/0/1 172.10.1 YES manual up up GigabitEthernet0/1 10.8.16.0.16.10.1 YES manual up up GigabitEthernet0/1 10.1. 122 CCNA Routing and Switching Practice and Study Guide Table 8-3 Diagnosing EIGRP Connectivity Issues Command Is the Neighbor Is the Routing Does Traffic Take Table Correct? Table Correct? the Desired Path? show ip eigrp neighbors X show ip interface brief X show ip eigrp interface X show ip protocols X show ip route eigrp X X Troubleshoot EIGRP Connectivity Issues Using the configuration for the devices in Figure 8-2 and the following command outputs diag- nose the EIGRP connectivity issue and recommend a solution.1. Example 8-8 Troubleshooting Command Output for Issue #1 HQ# show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(1) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 172.10.1.246 Se0/0/1 12 00:26:47 9 1170 0 67 B1# show ip interface brief Interface IP-Address OK? Method Status Protocol Embedded-Service-Engine0/0 unassigned YES unset administratively down down GigabitEthernet0/0 10.16.253 YES manual up up Loopback0 209.1.165.16.250 YES manual up up Serial0/0/1 172.10.1 YES manual up up B1# show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(1) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 1 172.1 YES manual up up Serial0/0/0 172.254 Se0/0/1 10 00:23:18 1 288 0 65 HQ# show ip interface brief Interface IP-Address OK? Method Status Protocol Embedded-Service-Engine0/0 unassigned YES unset administratively down down GigabitEthernet0/0 10.1.10.indb 122 3/12/14 7:51 AM . Connectivity Issue #1 HQ and B1 have not formed a neighbor adjacency.4.201. K5=0 NSF-aware route hold timer is 240 Router-ID: 2. K2=0.248/30 link.1. Example 8-9 Troubleshooting Command Output for Issue #2 HQ# show ipv6 eigrp neighbors EIGRP-IPv6 Neighbors for AS(1) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 Link-local address: Se0/0/0 14 05:12:49 1 186 0 57 FE80::1 B3# show ipv6 eigrp neighbors EIGRP-IPv6 Neighbors for AS(2) Problem and Solution: B3 does not have EIGPR neighbors because it is configured with a different AS number than HQ. B3 is using a less-than-optimal route to reach the B1 and HQ IPv4 LANs.indb 123 3/12/14 7:51 AM . K3=1.16. Change either one to use IP address 172.16. Example 8-9 displays the output for the second issue. K4=0.1.2 Topology : 0 (base) Active Timer: 3 min instructor.2.249 and the neighbor relationship will be restored. Configure B3 to use AS number 1 for its IPv6 EIGRP configuration. Chapter 8: EIGRP Advanced Configurations and Troubleshooting 123 Problem and Solution: HQ and B1 are both using the same IP address on the 172. Connectivity Issue #3 Although the IPv6 routes look correct. Use the output in Example 8-10 to troubleshoot the third issue. Example 8-10 Troubleshooting Command Output for Issue #3 HQ# show ip protocols *** IP Routing is NSF aware *** Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates Redistributing: static EIGRP-IPv4 Protocol for AS(1) Metric weight K1=1.2. Connectivity Issue #2 HQ and B3 have not formed a neighbor adjacency. 1.1.0. Serial0/0/1 instructor. Serial0/0/0 B3# show ipv6 route eigrp | begin EX ::/0 EX ::/0 [170/5511936] via FE80::2.16. 04:39:57.1. Serial0/0/1 D 2001:DB8:1:1::/64 [90/5514496] via FE80::2.16.0 D*EX 0. Serial0/0/1 D 2001:DB8:1:2::/64 [90/5514496] via FE80::2.0.250 90 00:00:41 Distance: internal 90 external 170 B3# show ip route eigrp | begin Gateway Gateway of last resort is 172.0.245.248/30 [90/21024000] via 172.16.0 Passive Interface(s): GigabitEthernet0/0 GigabitEthernet0/1 Serial0/0/1 Routing Information Sources: Gateway Distance Last Update 172.10.0.0. 00:08:32. Serial0/0/0 D 10. Serial0/0/0 10.0.0/8 is variably subnetted.245.0.0/0 [170/21152000] via 172. Serial0/0/1 D 2001:DB8:1:4::/64 [90/6026496] via FE80::2.indb 124 3/12/14 7:51 AM .16.0/21 [90/21026560] via 172.10.1. Null0 172.16.1.245 to network 0.1.0/23 is a summary.0 172.0/21 for Se0/0/0.0. Se0/0/1 Summarizing 2 components with metric 28160 Maximum path: 4 Routing for Networks: 10.0. 7 subnets. 2 masks D 172.0. Serial0/0/0 D 10.16.254 90 00:17:55 172.16.8.1.12. 5 masks D 10. 00:08:32.16.245. 124 CCNA Routing and Switching Practice and Study Guide Distance: internal 90 external 170 Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1 Automatic Summarization: disabled Address Summarization: 10.0.10. Serial0/0/1 D 2001:DB8:F:1::/64 [90/6023936] via FE80::2.0/22 [90/20514560] via 172.16.0.0/16 is variably subnetted.16.1. 00:08:32.245.10. 5 subnets. 00:08:32. 5) Activity Packet Tracer .3.3.Troubleshooting Advanced EIGRP (SN 8.indb 125 3/12/14 7:51 AM .3.3.7/RP 5.2.Skills Integration Challenge (SN 8.5/RP 5.Troubleshooting Basic EIGRP for IPv4 and IPv6 (SN 8.3.2. Lab .Troubleshooting EIGRP for IPv4 (SN 8.1.3.6/RP 5.2.1.3. Therefore.2.2) instructor. Chapter 8: EIGRP Advanced Configurations and Troubleshooting 125 Problem and Solution: The EIGRP configuration on HQ has the Serial 0/0/1 interface set to passive.3.7) Packet Tracer Packet Tracer . HQ and B3 have not established adjacency and HQ is not sending IPv4 routing updates to B3.2.6) Lab .2.2/RP 5. instructor.indb 126 3/12/14 7:51 AM . CHAPTER 9 IOS Images and Licensing Network administrators are responsible for managing the routers and switches owned by the organiza- tion. This responsibility includes backing up and upgrading software images when needed.indb 127 3/12/14 7:51 AM . This chapter reviews basic IOS image concepts and management tasks. instructor. These releases are also designated as Maintenance Deployment releases (MD). VoFR. and 15. 3DES. 12. What are the three features that distinguish an IOS software release family? ■ Share the same code base ■ Apply to a related platform (for example. A T train. and MPLS to IP Voice ■ Enterprise Base: Includes AppleTalk. 15. and IP Telephony ■ Advanced Security: Security and VPN features. VoIP. These releases are organized into trains that may contain several releases over the life of a soft- ware family. A mainline train is always associated with a technology train (T train). receives the same software bug fixes as the mainline train. and VPN ■ SP (Service Provider) Services: Adds SSH/SSL. and IBM Support instructor.4. IPsec. which receives mostly soft- ware (bug) fixes with the goal of increasing software quality. 128 CCNA Routing and Switching Practice and Study Guide Managing IOS System Files Cisco IOS software is a sophisticated operating system that includes multiple release versions that are organized into software release families and software trains. such as 12. Then fill in the blanks for each part of the IOS 12 software release numbering scheme. 1900 series routers) ■ Overlap in support coverage What are some major software releases within the software release family? 12. ATM. Releases before IOS 15 consisted of eight packages for Cisco routers.indb 128 3/12/14 7:51 AM . T train releases are considered Early Deployment (ED) releases.4 software release family. and Naming Conventions A software release family is comprised of multiple IOS software release versions. IDS/IPS. Decoding the IOS release numbering conventions will go a long way in helping you understand the various trains used in the IOS 12. VoATM.3. What else does a T train include? T trains receive new software and hardware support features. The Cisco IOS Software 12. indicate whether the release is a mainline train or a technology train.4 train is considered the mainline train. In Figure 9-1.1 Briefly describe a software train. including Cisco IOS Firewall. IOS Families. Trains.4T.0. These packages were the following: Five nonpremium packages: ■ IP Base: Entry-level Cisco IOS Software Image ■ IP Voice: Converged voice and data. IPX. New versions are created to fix bugs and add new features to an existing software family. 4T Figure 9-1a The IOS 12.4(20) T 1 Train Number Maintenance Identifier 12.4? Instead of diverging into separate trains. service provider services. instructor.4T Train Identifier T Train Rebuild Identifier Three premium packages: ■ Advanced Enterprise Services: Full Cisco IOS software features ■ Enterprise Services: Enterprise base and service provider services ■ Advanced IP Services: Advanced security.indb 129 3/12/14 7:51 AM .4(21 a) 12.4(21 a) Train Number 12. New releases for the T trains are available two to three times a year. Cisco IOS 15 mainline releases are referred to as M trains. With the new IOS release model. Chapter 9: IOS Images and Licensing 129 Figure 9-1 The IOS 12.4 Software Release Numbering Convention (answer) 12. EM releases are available every 16 to 20 months. Cisco IOS Software 15 mainline and T will have extended maintenance release (EM release) and standard maintenance release (T release).0 release model differ from the mainline and T trains of 12.4 Software Release Numbering Convention 12.4(20) T 1 12.4 12. and support for IPv6 How does the Cisco IOS 15.4 Maintenance Identifier Mainline Train Rebuild Identifier 12. indb 130 3/12/14 7:51 AM . 130 CCNA Routing and Switching Practice and Study Guide In Figure 9-2. The network administrator then activates feature sets using licensing keys. With the Services on Demand model. Decode the IOS 12 image name in Table 9-1.1 (1) T1 15.0 (1) M1 15.0M Major Release Number Minor Release Number M = Extended Maintenance Release EM Release Maintenance Rebuild Number New Feature Release Number 15. The first one is done for you. indicate whether the release is a mainline train or a technology train. The IP base feature set is installed by default. Then fill in the blanks for each part of the IOS 15 software release numbering scheme. all features are included in one universal image shipped with all ISR G2s. What is the key difference between universalk9 and universalk9_npe IOS images? The universalk9_npe software image is provided for customers in those countries with import requirements disallowing routers with strong cryptography functionality.0T Major Release Number Minor Release Number T = Standard Maintenance Release T Release Maintenance Rebuild Number Briefly explain how Services on Demand for Cisco Integrated Services Routers Generation Two (ISR G2) works. The npe extension to the image name stands for no payload encryption.0M 15.1 (1) T1 15.0T Figure 9-2a The IOS 15 Software Release Numbering Convention (answer) New Feature Release Number 15.0 (1) M1 15. Figure 9-2 The IOS 15 Software Release Numbering Convention 15. instructor. 4 10 M b bin services c3725-entbase-mz.T.124-10b. Step 3.10. you are copying the image c1900-universalk9-mz.bin services Backing Up Cisco IOS Images To back up an IOS image to a TFTP server. Copy the image to the TFTP server using the copy source-url destination-url command.bin from RTA to the TFTP server at 10. round-trip min/avg/max = 1/1/1 ms instructor.124-12. 100-byte ICMP Echos to 10. 1900 Universal 15 3 2 T SPA. including the router prompt. to complete this task.152-4.10.10.151-4. Use the show flash command to determine the size of the image. Sending 5. 1841 Advanced 12. 2900 Universal 15 3 3 M SPA. Table 9-2 Decoding IOS 15 Image Names IOS Images Hardware Feature Major Minor New Feature Maintenance Maintenance Set Release Release Release Release Rebuild c1900-universalk9-mz. Step 2.10.bin 3725 Enterprise 12.M6.4 6 T base Decode the IOS 15 image name in Table 9-2.SPA.153-3.10 RTA# ping 10.124-6. Chapter 9: IOS Images and Licensing 131 Table 9-1 Decoding IOS 12 Image Names IOS Images Hardware Feature Train Maintenance Train Rebuild Set Number Release Identifier Identifier c1841-ipbasek9-mz.bin 1841 Ipbasek9 12.10.T. Figure 9-3 Backing Up an IOS to a TFTP Server RTA TFTP Server 10. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5).1841 Advanced 15 1 4 M 6 mz.bin c2900-universalk9-mz.10.10.M. Verify the TFTP server has enough memory to accept the image file.10.10 Type escape sequence to abort.M1.indb 131 3/12/14 7:51 AM . complete the following steps: Step 1.153-2. Ping the TFTP server to test connectivity. The first one is done for you.10.10. In Figure 9-3.bin c1841-advipservicesk9. Record the commands.4 12 M c1841-advipservicesk9-mz. Each device ships with the same universal image. 2900. That all changed with 15.6/RP 10.M1. your router came with the IOS already installed for the features you desired.0.path 1 67998028 Nov 30 1983 00:00:00 +00:00 c1900-universalk9-mz.5/RP Activity 10.-----date/time-----. Step 2.Managing Cisco IOS Images (SN 9. Software Licensing The feature sets that you enable with licensing keys are called technology packages. instructor.SPA.2. and install a new version. Install the license file. Purchase the software package or feature to be installed.0.--length-.M1.bin]? <enter> !!!!!!!!!!!!!!!!!!!!!!!!! <output omitted> 67998028 bytes copied in 107. 132 CCNA Routing and Switching Practice and Study Guide RTA# show flash -#.1.10.1.SPA.bin 188608512 bytes available (68001792 bytes used) RTA# copy flash tftp Source filename []? c1900-universalk9-mz.indb 132 3/12/14 7:51 AM .152-4.M1.2. and 3900 series routers What command enables you to view the licenses currently supported on the router? Router# show license feature What are the three major steps to activate a new software package or feature on the router? Step 1. Obtain a Software Activation License file from Cisco.SPA. What are the four technology packages available? IP Base Data Unified Communications (UC) Security (SEC) On which Cisco ISR G2 platforms can these licenses be used? Cisco 1900. Step 3.Using a TFTP Server to Upgrade a Cisco IOS Image (SN 9.5) Video Video Demonstration .6) Demonstration IOS Licensing Before Cisco IOS Software Release 15.1.2.928 secs (630031 bytes/sec) RTA# Packet Tracer Packet Tracer .10 Destination filename [c1900-universalk9-mz.152-4. You enable the features you need through the use of licensing keys.152-4.2. download. If you wanted to upgrade the feature set.10.bin Address or name of remote host []? 10.1. you had to order. Chapter 9: IOS Images and Licensing 133 What two things are needed to obtain a license? The product activation key (PAK) and a unique device identifier (UDI) How is the UDI constructed? The UDI is a combination of the product ID (PID). and the hardware version What command displays the UDI? Router# show license udi What command installs the license? Router# license install stored-location-url License Verification and Management After installing a license.indb 133 3/12/14 7:51 AM . What two commands are used in Example 9-1 to verify the licenses installed? Example 9-1 Verifying License Installation Router# show version | begin License Info: License Info: License UDI: ------------------------------------------------- Device# PID SN ------------------------------------------------- *0 CISCO1941/K9 FTX163283RZ Technology Package License Information for Module:'c1900' ----------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ------------------------------------------------------------------ ipbase ipbasek9 Permanent ipbasek9 security securityk9 EvalRightToUse securityk9 data None None None Configuration register is 0x2102 instructor. you must reboot the router before the technology package is active and ready to use. the serial number (SN). to clear the datak9 technology package. In Use License Count: Non-Counted License Priority: Medium Index 2 Feature: securityk9 Period left: 8 weeks 1 day Period Used: 2 days 0 hour License Type: EvalRightToUse License State: Active. the datak9 technology package is not in use. save them to flash. Router(config)# license accept end user agreement Router(config)# license boot module c1900 technology-package securityk9 What message do you receive when activate a package? % use 'write' command to make license boot config take effect on next boot To back up your license files. including the router prompt. Router(config)# license boot module c1900 technology-package datak9 disable Step 2.indb 134 3/12/14 7:51 AM . including the router prompt. to accept the EULA and activate the datak9 package. Record the commands. EULA not accepted License Count: Non-Counted License Priority: None <output omitted> In Example 9-1. Router(config)# license save flash0:R1_license_files Complete the following steps to uninstall a license: Step 1. clear the license from storage. Record the command. Router# license clear datak9 Router# configure terminal Router(config)# no license boot module c1900 technology-package datak9 disable instructor. including the router prompt. to disable the datak9 technology package. In Use License Count: Non-Counted License Priority: Low Index 3 Feature: datak9 Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use. Disable the technology package. After reloading the router. including the router prompt. to save the license files to flash. Record the commands. Record the command. 134 CCNA Routing and Switching Practice and Study Guide Router# show license Index 1 Feature: ipbasek9 Period left: Life time License Type: Permanent License State: Active. 4/RP 10. Chapter 9: IOS Images and Licensing 135 Packet Tracer Packet Tracer .1.3.1.3.3/RP 10.5/RP 10.2/RP 10.2.3.5) Demonstration instructor.1.2) Activity Packet Tracer .1.2.4) Video Video Demonstration .3) Packet Tracer .3.indb 135 3/12/14 7:51 AM .2.EIGRP Capstone (SN 9.Working with IOS 15 Image Licenses (SN 9.3.2.1.3.1.OSPF Capstone (SN 9.Skills Integration Challenge (SN 9. instructor.indb 136 3/12/14 7:51 AM . indb 137 3/12/14 7:51 AM . instructor. and manageable. you still need a firm grasp of the benefits incurred from using a systematic design approach. Even if your direct responsibilities do not include actually designing the net- work. resilient. CHAPTER 10 Hierarchical Network Design Part of your job as a network administrator is understanding how to build networks that are flexible. ■ Access layer: Provides workgroup/user access to the network ■ Distribution layer: Provides policy-based connectivity and controls the boundary between the access and core layers ■ Core layer: Provides fast transport between distribution switches within the enterprise campus In Table 10-2.indb 138 3/12/14 7:51 AM . Enterprise Network Campus Design What are the three main categories of network sizes and how are they distinguished? Small network for up to 200 devices Medium-sized network for 200 to 1000 devices Large network for 1000+ devices In Table 10-1. indicate the structured engineering principle that is best described by the char- acteristic. Table 10-1 Structured Engineering Principles Characteristic Hierarchy Modularity Resiliency Flexibility Is available to users regardless of the X current conditions High-level tool for designing a reliable X network Can be easily modified X Examples include the data center and the X Internet edge Hierarchical Network Design Briefly describe the three layers of the hierarchical network design. However. The size of the network is directly proportional to the complexity of the design. 138 CCNA Routing and Switching Practice and Study Guide Hierarchical Network Design Overview Networks come in all sizes. structured engineering principles can help guide the designer in for- mulating a plan even for the most complex networks. indicate the layer that is best described by the function Table 10-2 Hierarchical Network Layer Functions Layer Function Access Distribution Core Highest speed switching of the three layers X Policy-based security X Port security X Redundancy and load balancing X Broadcast domain control X Spanning tree X instructor. Chapter 10: Hierarchical Network Design 139 Layer Function Access Distribution Core Layer 2 switching X Avoid CPU-intensive packet manipulation X Aggregates traffic from distribution devices X Aggregating LAN and WAN links X Briefly explain the concept of a collapsed core. These networks call for design approach where functions can be separated into modules. Network changes. Small networks and many medium-sized networks are not large enough to justify the expense and complexity of different devices at each of the three layers. or the introduction of new services can be made in a controlled and staged fashion. When a specific module no longer has sufficient capacity or is missing a new function or ser- vice. upgrades. In Table 10-3. branch sites. collabo- rate. Services Data Enterprise Distribution Center Edge Provides resources necessary to employees X so that they can effectively create. X ways. Modular Network Design Briefly describe three benefits for using a modular approach to network design. and data centers. This reduces the costs of the design while still maintaining the benefits of a hierarchical design. and interact Could include wireless controls. But the networks for many organizations span larger areas than just a campus to include teleworkers. indicate which module is described by the feature. it can be updated or replaced by another module. Table 10-3 Features of Modules in the Enterprise Architecture Module Feature Access. A collapsed core design incor- porates the distribution and core layer functions in one device. policy gate.indb 139 3/12/14 7:51 AM . Cisco Enterprise Architecture Hierarchical network design is fine for campus network implementations. Failures that occur within a module can be isolated from the remainder of the network. Security can be implemented on a modular basis. and unified communications services Fundamental component of a campus design X Consists of the Internet Edge and WAN Edge X Provide connectivity outside the enterprise X Originally called the server farm X instructor. indb 140 3/12/14 7:51 AM . label the modules of the Enterprise Architecture. Figure 10-1 Identify Modules of the Enterprise Architecture Services Block Data Center MetroE HDLC Figure 10-1a Identify Modules of the Enterprise Architecture (answer) Access Distribution Services Block Internet Edge Core Data Center WAN Edge MetroE HDLC Cisco Enterprise Architecture Model What are the three primary modules of the Cisco Enterprise Architecture model? Enterprise Campus Enterprise Edge Service Provider Edge instructor. 140 CCNA Routing and Switching Practice and Study Guide In Figure 10-1. Table 10-5 Cisco Enterprise Architecture Model Functions Cisco Enterprise Architecture Enterprise Enterprise Service Remote Feature Campus Edge Provider Edge Aggregates connectivity from vari. Dual. and teleworkers? Service Provider Edge What are the submodules of the Enterprise Campus module? Building Access Building Distribution Campus Core Data Center What are the submodules of the Enterprise Edge module? E-Commerce Internet Connectivity Remote Access and VPN WAN Site-to-Site VPN What is the main purpose of the Service Provider Edge module? The Service Provider Edge module provides connectivity between the Enterprise Edge module and submodules of the Remote module (Branch Locations. Teleworkers. branches. X campus locations. Allows employees to work at non.indb 141 3/12/14 7:51 AM . Provides cost-effective access X across large geographic areas. In Table 10-4. Table 10-4 Service Provider Designs Service Provider Connectivity Solution Single. Chapter 10: Hierarchical Network Design 141 Which module provides connectivity to the data center. instructor. X ous functional areas. indicate the service provider solution described. Data Center). indicate which module is best described by the function. Multihomed Dual- Homed Homed Multihomed Connections to 2 or more ISPs X A single connection to 1 ISP X Multiple connections to 2 or more ISPs X 2 or more connections to 1 ISP X What are the submodules of the remote module? Enterprise Branch Enterprise Teleworker Enterprise Data Center In Table 10-5. indb 142 3/12/14 7:51 AM . X wall and firewall routers. Provides internal users with secure X connectivity to Internet services. Offsite data center to provide disas. X ter recovery and business continu- ance services. Incorporates the enterprise WAN X links. server X farm. Authenticates remote users and X branch sites. In Figure 10-2. and net- work intrusion prevention systems. Converges voice. and enterprise edge. Routes traffic into the Campus Core X submodule. label the modules and submodules of the Cisco Enterprise Architecture model. Uses multicast traffic and QoS to X optimize network traffic. High availability through resilient X hierarchical network design. Access management with VLANs X and IPsec. Devices located here include fire. and data X across a single IP communications network. instructor. 142 CCNA Routing and Switching Practice and Study Guide Cisco Enterprise Architecture Enterprise Enterprise Service Remote Feature Campus Edge Provider Edge Could use high-end Cisco Catalyst X switches or just a ISR G2. Mobile users connect using a local X ISP. video. Connects users with campus. Supports security over Layer 2 and X Layer 3 WANs. depend- ing on size of location. Network Management Figure 10-2a Cisco Enterprise Architecture Model (answer) Enterprise Campus Enterprise Edge Service Remote Provider Edge Building Access Enterprise E-Commerce Branch Campus Infrastructure Module ISP A Building Distribution Internet Connectivity ISP B Enterprise Teleworker Campus Core Remote Access and VPN PSTN Server Farm and Data Enterprise Center Data Center WAN Site-to-site VPN Frame Relay. . ATM. Chapter 10: Hierarchical Network Design 143 Figure 10-2 Cisco Enterprise Architecture Model E-Commerce Campus Infrastructure Module ISP A Building Distribution ISP B Enterprise Teleworker PSTN WAN Site-to-site VPN Frame Relay. . ATM..indb 143 3/12/14 7:51 AM . MAN. MAN. Network Management instructor.... Cisco Enterprise Architectures What are the top trends that are impacting networks? Bring your own device (BYOD) Online collaboration Video communication Cloud computing What network architectures has Cisco introduced to address these trends? Cisco Borderless Network Architecture Collaboration Architecture Data Center/Virtualization Architecture Emerging Network Architectures What are the two primary sets of services provided by the Cisco Borderless Network Architecture? Borderless end-point/user services Borderless network services What are the three layers of the Cisco Collaboration Architecture? Application and Devices Collaboration Services Network and Computer Infrastructure What are the three components of the Cisco Data Center/Virtualization Architecture? Cisco Unified Management Solutions Unified Fabric Solutions Unified Computing Solutions In Table 10-6.indb 144 3/12/14 7:51 AM . indicate the emerging network architecture described by the feature or service. 144 CCNA Routing and Switching Practice and Study Guide Evolving Network Architectures Network architectures need to rapidly evolve to meet the needs of users. employ- ees and students alike used devices provided by the organization. Traditionally. However. Today’s enterprise networks should seamlessly provide services to users of all modes of access. instructor. you more than likely currently use some type of mobile device to conduct some of your business or school work. EIGRP (CN 1.OSPF (CN 1. Applications include WebEx Meeting. and soft.1.3) instructor. Any device must be able to connect securely.4. WebEx X Social.indb 145 3/12/14 7:51 AM . Cisco Jabber.Skills Integration Challenge . Chapter 10: Hierarchical Network Design 145 Table 10-6 Emerging Network Architectures Emerging Network Architecture Functions and Cisco Cisco Cisco Data Services Borderless Collaboration Center/ Networks Architecture Virtualization Architecture Comprehensive set of technologies that bring X together the network. Portfolio of products. applications.Skills Integration Challenge . computing. X ware development kits that provide a compre- hensive solution to allow people to cooperate and contribute to the production of something.2) Challenge Packet Tracer . X reliably. Unified approach to deliver application services X to users in a highly distributed environment. and TelePresence. and storage platforms. Packet Tracer Packet Tracer .4. and seamlessly from anywhere. Network infrastructure and services are united X via Cisco unified system services options.1. instructor.indb 146 3/12/14 7:51 AM CHAPTER 11 Connecting to the WAN Wide-area networks (WANs) are used to connect remote LANs together. Various technologies are used to achieve this connection. This chapter reviews WAN technologies and the many WAN services avail- able. instructor.indb 147 3/12/14 7:51 AM 148 CCNA Routing and Switching Practice and Study Guide WAN Technologies Overview WAN access options differ in technology, speed, and price. Each has advantages and disadvan- tages. Selecting the best technology depends largely on the network design. Network Types and Their Evolving WAN Needs The WAN needs of a network depend greatly on the size of the network. These network types run the spectrum from small offices that really only need a broadband connection to the Internet all the way up to multinational enterprises that need a variety of WAN options to sat- isfy local, regional, and global restrictions. In Table 11-1, indicate the network type that fits each of the descriptions. Some descriptions may apply to more than one network type. Table 11-1 Identify the Network Type Network Description Small Office Campus Branch Distributed Network Network Network Network Outsourced IT support X Very large sized busi- X ness Connectivity to the X Internet Converged network and X application services Hundreds of employees X X Home, branch, and X regional offices, tele- workers, and a central office Limited number of X employees In-house IT staff and X X X network support Thousands of X employees Several remote, branch, X and regional offices (one central office) Small-sized business X LAN focus of opera- X tions with broadband Small to medium-sized X business Multiple campus LANs X Medium-sized business X instructor.indb 148 3/12/14 7:51 AM Chapter 11: Connecting to the WAN 149 WAN Operations and Terminology WANs operate at which layers of the OSI model? Data link (Layer 2) and physical (Layer 1) Which organizations are responsible for WAN standards? Telecommunication Industry Association and the Electronic Industries Alliance (TIA/EIA) International Organization for Standardization (ISO) Institute of Electrical and Electronics Engineers (IEEE) What are some of the Layer 2 WAN technologies? Frame Relay, Point-to-Point Protocol (PPP), MetroEthernet, VSAT, MPLS, Broadband Why is the Layer 2 address field not usually used in WAN services? WAN links are normally point to point. Therefore, there is no need for a data link layer address. instructor.indb 149 3/12/14 7:51 AM 150 CCNA Routing and Switching Practice and Study Guide Match the definition on the left with a term on the right. This exercise is a one-to-one matching. Definitions Terms a. The boundary between customer equipment g. Packet-switched network and service provider equipment n. WAN switch b. Devices inside the enterprise edge wiring b. Customer premises equipment (CPE) closet that are owned or leased by the organi- h. Central office (CO) zation o. Dialup modem c. Provider equipment that resides in the WAN p. Access server backbone capable of supporting routing pro- tocols f. Data communications equipment (DCE) d. Digital modem used by DSL or cable Internet l. Router service providers m. Data terminal equipment (DTE) e. Dynamically establishes a dedicated circuit i. Local loop before communication starts j. CSU/DSU f. Provides an interface to connect subscribers to e. Circuit-switched network a WAN link a. Demarcation point g. Splits traffic so that it can be routed over the d. Broadband modem shared network k. Toll network h. Local service provider facility that connects the CPE to the provider network c. Core multilayer switch i. Physical connection between the CPE to the CO j. Required by digital leased lines to provide ter- mination of the digital signal and convert into frames ready for transmission on the LAN k. Consists of the all-digital, long-haul commu- nications lines, switches, routers, and other equipment in the provider network l. Customer device that provides internetwork- ing and WAN access interface ports m. Customer device that transmits data over the WAN link n. Multiport device that sits at the service pro- vider edge to switch traffic o. Legacy technology device that converts digital signals into analog signals transmitted over telephone lines p. Legacy technology device that can support hundreds of dial-in and dial-out users instructor.indb 150 3/12/14 7:51 AM Figure 11-1 WAN Access Options WAN Public Dedicated Internet instructor.indb 151 3/12/14 7:51 AM . Use the list of WAN access options to label Figure 11-1. These options can be classified in various categories. Each type provides various WAN technolo- gies. Understanding which WAN access connections and technologies are best suited to your situation is an important part of network design. Varieties of WAN Link Connections Your ISP can recommend several WAN link connection options that based on your specific requirements. Chapter 11: Connecting to the WAN 151 Selecting a WAN Technology The WAN access connections your small to medium-sized business purchases could use a public or private WAN infrastructure—or a mix of both. 152 CCNA Routing and Switching Practice and Study Guide Figure 11-1 WAN Access Options (answer) WAN Private Public Dedicated Switched Internet Leased Circuit. A permanent. Packet. Broadband Lines Switched Switched VPN T1/E1 PSTN Metro Ethernet DSL T3/E3 ISDN MPLS Cable Frame Relay Wireless ATM Labels T1/E1/T3/E3 ATM Switched Frame Relay Circuit switched Packet switched Metro Ethernet Cable Wireless MPLS PSTN DSL VPN Private Broadband ISDN Leased lines Private and Public WAN Access Options As shown in Figure 11-1. WAN access options can first be classified as either private or public. Table 11-2 Private WAN Access Options Private WAN Access Options Leased MPLS Ethernet ATM ISDN VSAT Dialup Frame Lines WAN Relay Considered the most expensive X of all WAN access technologies. dedicated WAN X connection which uses a T. Some options are described more than once.or E-carrier system. Table 11-2 lists descriptions for various private WAN access options. Indicate which one is described.indb 152 3/12/14 7:51 AM . instructor. Analog telephone lines are used X to provide a switched WAN con- nection. Chapter 11: Connecting to the WAN 153 Private WAN Access Options Leased MPLS Ethernet ATM ISDN VSAT Dialup Frame Lines WAN Relay Satellite to router communica- X tions for WAN connections. Delivers data using fixed 53-byte X packet cells over permanent and switched virtual circuits. Service providers and short-path X labeling are used for leased lines, Ethernet WANs, and Frame Relay WANs. Connects multiple sites using X virtual circuits and data-link con- nection identifiers. Includes MetroE, EoMPLS, X and VPLS as WAN connection options. Converts analog to digital signals X to provide a switched WAN con- nection over telephone lines. A popular replacement for tra- X ditional Frame Relay and ATM WAN access technologies. instructor.indb 153 3/12/14 7:51 AM 154 CCNA Routing and Switching Practice and Study Guide Match the definition on the left with a public WAN access option on the right. This exercise is a one-to-one matching. Definitions Public WAN Access Options a. Radio and directional-antenna modem WAN d. 3G/4G Cellular access option provided to public organizations f. VPN Remote b. WAN access option that uses telephone lines c. WiMax to transport data via multiplexed links e. Satellite Internet c. High-speed long-distance wireless connections b. DSL through nearby special service provider towers h. Cable d. Cellular radio waves WAN access option used a. Municipal WiFi with smartphones and tablets g. VPN site-to-site e. Dish and modem-based WAN access option for rural users where cable and DSL are not available f. Secure Internet-based WAN access option used by teleworkers and extranet users g. Entire networks connected together by using VPN routers, firewalls, and security appliances h. A shared WAN access option that transports data using television-signal networks Lab - Researching WAN Technologies (CN 2.2.4.3) instructor.indb 154 3/12/14 7:51 AM CHAPTER 12 Point-to-Point Connections Point-to-point connections are the most common type of WAN connections. These connections are also called serial or leased lines. This chapter reviews the terms, technology, and protocols used in serial connections. instructor.indb 155 3/12/14 7:51 AM 156 CCNA Routing and Switching Practice and Study Guide Serial Point-to-Point Overview Understanding how point-to-point serial communication across a leased line works is impor- tant to an overall understanding of how WANs function. Serial Communications Briefly explain the difference between serial and parallel communications. In serial communications, the data is sent 1 bit at a time down one link. In parallel communica- tions, bits are transmitted simultaneously over multiple links. What is clock skew issue in parallel communications? Clock skew is when the bits do not arrive at the same time causing synchronization issues. instructor.indb 156 3/12/14 7:51 AM Chapter 12: Point-to-Point Connections 157 Match the serial communications definition on the left with a term on the right. This is a one-to-one matching exercise. Definitions Terms a. Cable that allows two WAN end devices to be h. Physical directly connected together k. DCE b. Signals sent sequentially 1 bit after another f. Demarc c. A networking device that converts signals into n. CPE an ISP WAN circuit format i. ISDN d. Universal ports that have replaced both l. DTE RS-232 and parallel ports on newer PCs j. Variable e. A WAN connection that interconnects two LANs directly m. Parallel f. The point at the customer site where the ISP c. CSU/DSU network ends d. USB g. A technique that reassembles multiple data e. Leased line transmissions a. Null modem h. The OSI layer where time-division multiplex- b. Serial ing (TDM) operates g. Bit interleaving i. A WAN technology that uses TDM j. The way that STDM divides bandwidth into multiple slots for data transmission k. Provides a clocking signal for the WAN circuit l. LAN/WAN routers at the customer location m. Transmission signals split between multiple wires concurrently n. The network equipment connected to the WAN circuit at the customer location instructor.indb 157 3/12/14 7:51 AM X nections between a DTE and DCE HDLC Encapsulation What is the major difference between the ISO 13239 HDLC standard and Cisco’s implementa- tion of HDLC? Cisco’s implementation of HDLC uses a Protocol field to support multiple protocols.25/LAPB Frame Relay ATM Provides connections over synchro. X tion and flow control Forms the basis for synchronous X PPP Built-in security with PAP and X CHAP Transfers data 53 bytes at a time so X that processing can occur in hard- ware Next-generation protocol after X. Various encapsulation protocols can be used to achieve the framing.indb 158 3/12/14 7:51 AM . 158 CCNA Routing and Switching Practice and Study Guide WAN Protocols Just like LANs. Figure 12-1 Cisco HDLC Frame Format Figure 12-1a Cisco HDLC Frame Format (answer) Flag Address Control Protocol Data FCS Flag instructor. X nous and asynchronous circuits International standard for cell relay X Predecessor to Frame Relay X Default encapsulation on a serial X link between two Cisco devices Eliminates the need for error correc. Table 12-1 WAN Encapsulation Protocols WAN Protocol Description HDLC PPP SLIP X. data is encapsulated into frames before transmission onto a WAN link. In Figure 12-1. label the fields of Cisco HDLC frame.25 X Largely replaced by PPP X An ITU-T standard that defines con. In Table 12-1. indicate which pro- tocol best fits the description. Cabling is faulty or incorrect. indicate what status would display for each of the conditions of the serial interface. Is Down. R1# configure terminal R1(config)# interface serial 0/0/0 R1(config-if)# encapsulation hdlc Troubleshooting Serial Interfaces Troubleshooting the cause of a serial interface issue usually begins by entering the show inter- face serial command. Line Up.indb 159 3/12/14 7:51 AM . This is the proper status X line condition. instructor. This command can return one of six possible statuses for the line. X The clockrate command X is not configured on the interface. Line Administratively Line Line Line Protocol Protocol Down. In Table 12-2. including the router prompt. to change the first serial interface on a 1900 series router to HDLC. X Is Up. Some statuses are used more than once. Chapter 12: Point-to-Point Connections 159 List the three different formats of the Control field. Up. The router configuration X includes the shutdown interface configuration command. Record the com- mands. Keepalives are not being X sent by the remote router. Information (I) Frame Supervisory (S) Frame Unnumbered (U) Frame HDLC Configuration and Troubleshooting Although High-Level Data Link Control (HDLC) is the default encapsulation on Cisco synchro- nous serial lines. you may need to change the encapsulation back to HDLC. Line Protocol Protocol Protocol Is Up Is Down Protocol Is Is Up Is Down Is Down (Looped) (Disabled) Down A high error rate has X occurred due to a WAN service provider problem. The same random sequence X number in the keepalive is returned over the link. Table 12-2 Line Conditions and Status Indicators Condition of the Serial Serial Serial X Serial Serial X Is Serial X Is Serial X Is Interface X Is Up. The router is not sensing a X carrier detect (CD) signal. configuring. ■ HDLC-like framing for transporting multiprotocol packets over point-to-point links ■ Link Control Protocol (LCP) for establishing. PPP Components Briefly described the three main components of PPP.Troubleshooting Serial Interfaces (CN 3. PPP encapsulates data frames for transmission over Layer 2 physi- cal links. and testing the data-link connection ■ Network Control Protocols (NCPs) for establishing and configuring different network layer protocols In Figure 12-2.1.2. 160 CCNA Routing and Switching Practice and Study Guide What command will show whether a DTE or DCE cable is attached to the interface? show controllers Packet Tracer Packet Tracer . Figure 12-2 PPP Layered Architecture IPv4 IPv6 IPCP IPv6CP Network Layer PPP Data Link Layer Physical Layer Figure 12-2a PPP Layered Architecture (answer) IPv4 IPv6 IPCP IPv6CP Network Layer Network Control Protocol (NCP) PPP Authentication. fill in the missing parts of the PPP layered architecture. Other Options Data Link Layer Link Control Protocol (LCP) Synchronous or Asynchronous Physical Layer Physical Media instructor.indb 160 3/12/14 7:51 AM .7) Activity PPP Operation PPP encapsulation has been carefully designed to retain compatibility with most commonly used supporting hardware. PPP uses NCPs to negotiate the Layer 3 protocols that will be used to carry data packets. ■ Asynchronous serial ■ Synchronous serial ■ HSSI ■ ISDN What automatic configurations does the Link Control Protocol (LCP) provide at each end of the link? ■ Handling varying limits on packet size ■ Detecting common misconfiguration errors ■ Terminating the link ■ Determining when a link is functioning properly or when it is failing Briefly describe how PPP uses Network Control Protocol (NCP). configure. Figure 12-3 PPP Frame Format Field Length. and error detection X Bring network layer protocols up and down X Encapsulate and negotiate options for IPv4 and IPv6 X Negotiate and set up control options on the WAN circuit X Handles limits on packet size X Establish. and test the data link connection X Uses standardized codes to indicate the network layer protocol X Determine if link is functioning properly X Terminate the link X Manage packets from several network layer protocols X Figure 12-3 shows the PPP frame format. compression. In Table 12-3. They provide functional fields containing standardized codes to indicate the network layer protocol type that PPP encapsulates. in Bytes 1 1 1 2 Variable 2 or 4 1 Flag Address Control Protocol Data FCS Flag instructor. indicate whether each characteristic describes LCP or NCP. Table 12-3 LCP and NCP Characteristics Characteristic LCP NCP Can configure authentication. Chapter 12: Point-to-Point Connections 161 List the type of physical interfaces supported by PPP. Answer the following questions about the specific features and purpose of each field.indb 161 3/12/14 7:51 AM . providing a connectionless link that does not require data links to be established. 162 CCNA Routing and Switching Practice and Study Guide What is the bit pattern for the Flag field? 01111110 Why is the Address field all 1s or 0xFF? On a point-to-point link. Complete the flowchart by properly labeling it with the provided steps. What is the purpose of the Control field? The Control field calls for transmission of user data in an unsequenced frame. the frame is silently discarded. What is the purpose of the Protocol field? The Protocol field uses a 2-byte value to identify what network layer protocol is encapsulated in the data. Figure 12-4 Steps in the LCP Link Negotiation Process Sends Yes All options Configure- acceptable? Request No Yes Yes All options Authentication recognized? option? No No Determine new Link is negotiation established parameters instructor. the destination node does not need to be addressed. What is the default size of the information stored in the Data field? 1500 bytes What does FCS stand for and what is the purpose of this field? The Frame Check Sequence field is used by the receiver to test the integrity of the frame received. If the FCS calculated by the receiver doesn’t match.indb 162 3/12/14 7:51 AM . PPP Sessions What are the three phase for establishing a PPP session? ■ Phase 1: Link establishment and configuration negotiation ■ Phase 2: Link quality determination (optional) ■ Phase 3: Network layer protocol configuration negotiation Figure 12-4 shows a partially labeled flowchart for the LCP link negotiation process. the LCP passes control to the appropriate NCP. including the following: ■ Authentication using either PAP or CHAP ■ Compression using either Stacker or Predictor ■ Multilink that combines two or more channels to increase the WAN bandwidth After the link is established. Figure 12-5 shows the NCP process for IPv4. Chapter 12: Point-to-Point Connections 163 Figure 12-4a Steps in the LCP Link Negotiation Process (answer) Sends Process Yes All options Send Receive Configure. Complete the figure by properly labeling it with the provided phas- es and steps. Missing Labels for Figure 12-5 ■ IPv4 Data Transfer ■ NCP Termination ■ IPCP Configure-Request ■ IPCP Configure-Ack ■ IPCP Terminate-Request ■ LCP Maintenance ■ IPCP Terminate-Ack ■ NCP Configuration instructor.indb 163 3/12/14 7:51 AM . Configure- acceptable? Configure-Ack Configure-Ack Request Request No Yes Yes Send All options Authentication Authentication Configure-Nak recognized? Phase option? No No Determine new Send Link is negotiation Configure- established parameters Reject Missing Labels for Figure 12-4 ■ Send Configure-Reject ■ Receive Configure-Ack ■ Process Configure-Request ■ Send Configure-Ack ■ Authentication Phase ■ Send Configure-Nak PPP can be configured to support optional functions. 164 CCNA Routing and Switching Practice and Study Guide Figure 12-5 The NCP Process LCP Configuration IPv4 DATA Exchange LCP Termination Figure 12-5a The NCP Process (answer) LCP Configuration IPCP Configure-Request NCP Configuration IPCP Configure-Ack IPv4 Data Transfer IPv4 DATA and Exchange LCP Maintenance IPCP Terminate-Request NCP Termination IPCP Terminate-Ack LCP Termination instructor.indb 164 3/12/14 7:51 AM . What happens if RTA is not configured with compression? During the LCP negotiation phase.1.0/30 2001:DB8:1:F::/64 Table 12-4 Addressing Table for PPP Device Interface IPv4 Address Subnet Mask IPv6 Address/Prefix RTA S0/0/0 172.16.16. RTA and RTB will negotiate to not use compression. In addition. Record the command. Figure 12-6 PPP Topology S0/0/0 S0/0/0 RTA .255.252 2001:DB8:1:F::1/64 RTB S0/0/0 172.255. PPP has many optional features the network administrator can choose to implement. to configure the same compression on RTA.1. RTA# configure terminal RTA(config)# interface serial 0/0/0 RTA(config-if)# encapsulation ppp RTB is configured for software compression using the Stacker compression algorithm.1 RTB 172. including the router prompt. to configure RTA with a basic PPP configuration. RTA(config-if)# compress stac RTB is configured to take down the link if the quality falls below 70 percent.2 255. RTB is already con- figured with PPP multilink to load balance the traffic to RTA.16.252 2001:DB8:1:F::2/64 Assume that the router interfaces are already configured with IPv4 and IPv6 addressing. instructor. Record the commands. to configure the RTA multilink interface including IPv4 and IPv6 addressing and the necessary commands for the serial interfaces. Basic PPP Configuration with Options Figure 12-6 shows the topology and Table 12-4 shows the addressing we will use for PPP con- figuration. to configure the equivalent on RTA. RTA(config-if)# ppp quality 70 In Figure 12-7. including the router prompt.1.255.255. Chapter 12: Point-to-Point Connections 165 Configure PPP PPP is a robust WAN protocol supporting multiple physical layer and network layer implemen- tations.1 255.2 . RTA and RTB are now using two serial links to transfer data.indb 165 3/12/14 7:51 AM . including the router prompt. Record the commands. RTB is fully configured with PPP. including the router prompt. Record the com- mand. Use the addressing in Table 12-4 for the multilink interface rather than Serial 0/0/0. 1. CDPCP.0/30 2001:DB8:1:F::/64 RTA(config)# interface multilink 1 RTA(config-if)# ip address 172.255.1 255. line protocol is up Hardware is WIC MBRD Serial Internet address is 172. LCP Open Open: IPCP. 166 CCNA Routing and Switching Practice and Study Guide Figure 12-7 PPP Multilink Topology S0/0/0 S0/0/0 RTA S0/0/1 RTB S0/0/1 172.16.indb 166 3/12/14 7:51 AM . RTA# show interface serial 0/0/0 Serial0/0/0 is up. BW 1544 Kbit/sec. loopback not set Keepalive set (10 sec) <output omitted> RTA# show ppp multilink Multilink1 Bundle name: RTA Remote Endpoint Discriminator: [1] RTB Local Endpoint Discriminator: [1] RTA instructor.1. IPV6CP. reliability 255/255. Record the com- mands used to generate the output on RTA. rxload 1/255 Encapsulation PPP.1/30 MTU 1500 bytes.255.1. CCP.16. txload 1/255.16.252 RTA(config-if)# ipv6 address 2001:db8:1:f::1/64 RTA(config-if)# ppp multilink RTA(config-if)# ppp multilink group 1 RTA(config-if)# interface serial 0/0/0 RTA(config-if)# no ip address RTA(config-if)# no ipv6 address RTA(config-if)# encapsulation ppp RTA(config-if)# ppp multilink RTA(config-if)# ppp multilink group 1 RTA(config-if)# interface serial 0/0/1 RTA(config-if)# no ip address RTA(config-if)# no ipv6 address RTA(config-if)# encapsulation ppp RTA(config-if)# ppp multilink RTA(config-if)# ppp multilink group 1 You can verify the operation of PPP using the following show commands. DLY 20000 usec. The password is never sent. 0 inactive (max 255. When you configure an interface with the ppp authentication pap com- mand. List three situations where PAP would be the appropriate choice for authentication. Step 1. 0x2 sent sequence Member links: 2 active. Chapter 12: Point-to-Point Connections 167 Bundle up for 00:01:20. ID. the hashed value. the link is vulnerable to attack. RTB generates an ID and a random number. RTA then sends the challenge ID. min not set) Se0/0/0. and sends that and its username as a CHAP challenge packet to RTA. CHAP uses a three-way process with an encrypted hash value generated by the MD5 algorithm. CHAP challenges periodically to make sure that the remote node still has a valid password. and the shared secret pass- word. and the two systems agree to use CHAP authentication during the PPP LCP negotiation.indb 167 3/12/14 7:51 AM . load 1/255 Receive buffer limit 24000 bytes. RTA initially negotiates the link connection using LCP with router RTB. PAP is not interactive. instructor. Why? PAP does not reauthenticate. 0 lost received 0x2 received sequence. Step 4. Complete the missing information in the following steps as RTA authenticates with RTB using CHAP. total bandwidth 3088. Step 2. and its username (RTA) to RTB. frag timeout 1000 ms 0/0 fragments/bytes in reassembly list 0 lost fragments. PAP uses a two-way process to authenticate with unencrypted plain-text passwords. You are not prompted for a username. The receiving node checks the username and password combination and either accepts or rejects the connection. So. a hacker can piggyback on an open connection. 0 reordered 0/0 discarded fragments/bytes. RTA then generates a unique MD5 hash number using the RTB’s username. Step 3. since 00:01:20 Se0/0/1. since 00:01:06 No inactive multilink interfaces PPP Authentication Briefly explain the difference between PAP and CHAP. random number. the username and password are sent as one LCP data package. RTA uses the username of the challenger (RTB) and cross references it with its local database to find its associated password. ■ A large installed base of client applications that do not support CHAP ■ Incompatibilities between different vendor implementations of CHAP ■ Situations where a plain-text password must be available to simulate a login at the remote host Once PAP authentication is established. indb 168 3/12/14 7:51 AM .3. the issue is probably the PPP configuration.8) Troubleshoot WAN Connectivity If you cannot ping across a PPP link and you have checked the physical and data link layer issues reviewed in the “Troubleshooting Serial Interfaces” section earlier.Configuring Basic PPP with Authentication (CN 3. what is the command syntax to configure PPP authentication on an interface? Router(config-if)# ppp authentication {chap | chap pap | pap chap | pap } Assume that both PAP and CHAP are configured with the command ppp authentication chap pap on the interface. CHAP. RTB generates its own hash value using the ID. RTB compares its hash value with the hash value sent by RTA. The first method specified. Based on the descriptions in Table 12-5. When authentication is local (no AAA/TACACS+). instructor. will be used. Explain how authentication will proceed. PAP. Step 6. RTB is already configured with PAP authentication with the password cisco123.7) Lab .3. Record the commands to configure PAP on RTA. You can use the debug command to troubleshoot PPP issues using the debug ppp {parameter} syntax.2. will be requested during link negotiation. fill in the correspond- ing parameter you would use with the debug ppp command. RTA(config)# username RTB password cisco123 RTA(config)# interface s0/0/0 RTA(config-if)# ppp authentication pap RTA(config-if)# ppp pap sent-username RTA password cisco123 CHAP Configuration CHAP uses one less command than PAP. the second method specified.Configuring PAP and CHAP Authentication (CN 3. Now record the commands to remove PAP and con- figure RTA to use CHAP authentication. RTA(config)# interface s0/0/0 RTA(config-if)# no ppp authentication pap RTA(config-if)# no ppp pap sent-username RTA password cisco123 RTA(config-if)# ppp authentication chap Packet Tracer .2. the shared secret password. If the receiving node is not configured for CHAP. 168 CCNA Routing and Switching Practice and Study Guide Step 5. RTB sends a link established response to RTA. If the values are the same. and the random number it originally sent to RTA. PAP Configuration In Figure 12-6. 1.Troubleshooting Basic PPP with Authentication (CN 3.Skills Integration Challenge (CN 3.Troubleshooting PPP with Authentication (CN 3.4.5) Packet Tracer Packet Tracer .indb 169 3/12/14 7:51 AM .4) Activity Packet Tracer . Chapter 12: Point-to-Point Connections 169 Table 12-5 Parameters for the debug ppp Command Parameter Usage error Displays issues associated with PPP connection negotiation and operation compression Displays information specific to the exchange of PPP connections using MPPC negotiation Displays PPP packets transmitted during PPP startup packet Displays PPP packets being sent and received authentication Displays authentication protocol messages cbcp Displays protocol errors and statistics associated with PPP connection negotiations using MSCB Lab .4.1.1.2) instructor.5. instructor.indb 170 3/12/14 7:51 AM . instructor. Frame Relay has been a popular alternative to expensive dedicated leased lines. This chapter reviews Frame Relay technology.indb 171 3/12/14 7:51 AM . Frame Relay provides a cost-efficient solution for WAN access between multiple sites. and troubleshooting. CHAPTER 13 Frame Relay Although newer services are rapidly replacing it in some locations. configuration. verification. 172 CCNA Routing and Switching Practice and Study Guide Introduction to Frame Relay Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the OSI reference model. Unlike leased lines, Frame Relay requires only a single access circuit to the Frame Relay pro- vider to communicate with other sites connected to the same provider. Frame Relay Concepts and Terminology Match the definition on the left with a term on the right. Terms are only used once. Definitions Terms a. Bandwidth “borrowing” from other PVCs m. Access rate when available n. ANSI b. Read Frame Relay was popular when com- k. Black hole pared to private leased lines a. Bursting c. A preconfigured logical path between two f. CIR endpoints and assigned a DLCI b. Cost savings d. A logical connection that is established dynamically for the time needed p. DE e. The equivalent of 24 DS0 channels h. Disable f. Guaranteed bandwidth for a specific PVC l. DLCI g. Downstream notification that there is conges- r. DTE tion on a Frame Relay switch g. FECN h. Manual configuration will do this to the auto- q. Inverse ARP sensing of LMI-type feature on Cisco routers j. LMI i. Holding frame in a buffer before sending c. PVC j. Frame Relay extension that allows the DTE to i. Queuing discover the list of available DLCIs configured o. Status on the access link d. SVC k. A PVC that no longer exists e. T1 l. Used to identify each Frame Relay circuit s. X.25 endpoint m. Port bandwidth of the local loop n. One of the three LMI types other than cisco and q933a o. LMI provides these updates about Frame Relay connectivity p. Identifies the frames to be dropped in times of congestion q. Process used by LMI to associate network layer addresses to data link layer addresses r. The end of the Frame Relay connection that initiates requests about the status of its Frame Relay links s. Protocol replaced by Frame Relay instructor.indb 172 3/12/14 7:51 AM Chapter 13: Frame Relay 173 Frame Relay Operation Frame Relay networks use permanent virtual circuits (PVCs), which uniquely define a logical path between two endpoints. Frame Relay is a more cost-effective option than leased lines for two reasons: The cost of a leased line includes the cost of a full end-to-end dedicated connection. The cost of Frame Relay includes only the cost to the local loop. Frame Relay shares bandwidth with other customers across the same physical circuit. The end of each PVC uses a number to identify it called the data link connection identifier (DLCI). What does it mean to say that these numbers are locally significant? Locally significant DLCIs means that only the local devices need to know this number. That way, the DLCI number can be reused on other equipment throughout the network. Frame Relay is statistically multiplexed, meaning that it transmits only one frame at a time, but that many logical connections can coexist on a single physical line. In Figure 13-1, label the missing fields in a standard Frame Relay frame. Figure 13-1 Fields of the Standard Frame Relay Frame 8 bits 16 bits Variable 16 bits 8 bits Flag Address Data FCS Flag C/R EA EA Byte 1 Byte 2 Figure 13-1a Fields of the Standard Frame Relay Frame (answer) 8 bits 16 bits Variable 16 bits 8 bits Flag Address Data FCS Flag DLCI C/R EA DLCI FECN BECN DE EA Byte 1 Byte 2 instructor.indb 173 3/12/14 7:51 AM 174 CCNA Routing and Switching Practice and Study Guide Identify and briefly describe each of the three Frame Relay topologies. Star topology: Also known as a hub-and-spoke topology with a central site connected to branch sites. All branch-to-branch communication is sent through the central (hub) site. Therefore, branch sites are only configured with one VC. Full mesh: Every node is configured with a VC to every other node in the network. However, each node usually only has one physical link to the local Frame Relay switch. Partial mesh: Nodes may have more than one VC configured to remote locations. But all nodes are not configured with all VCs, as in full mesh. This works better for larger networks where a full-mesh topology would be cost prohibitive. A router must know what remote Layer 3 address maps to the locally configured DLCI before it can send data over the link. This mapping can be achieved statically or dynamically. Briefly describe the IPv4 protocol that provides dynamic mapping. Dynamic address mapping relies on Inverse ARP to resolve a next-hop network layer IPv4 address to a local DLCI value. The Frame Relay router sends out Inverse ARP requests on its PVC to discover the protocol address of the remote device connected to the Frame Relay net- work. On Cisco routers, what must you do to make sure Inverse ARP is operational? Nothing; Inverse ARP is enabled by default. What is the command syntax to disable Inverse ARP? Router(config-if)# no frame-relay inverse-arp What is the command syntax to override dynamic mapping and statically configure the map? Router(config-if)# frame-relay map protocol protocol-addressdlci [broadcast] [ietf] [cisco] Why would you use the keyword ietf? Use the keyword ietf when connecting to a non-Cisco router. Why would you use the keyword broadcast? The keyword broadcast allows broadcast and multicast traffic to be sent over the VC, which can greatly simplify the configuration of routing protocols like OSPF. What command can you use to verify Frame Relay maps? show frame-relay map Briefly describe the Local Management Interface (LMI). LMI is an extension of Frame Relay that provides additional capabilities including the ability for DTEs to dynamically acquire information about the status of the network. LMI uses reserved DLCIs in the range from 0 to 1023 to exchange LMI messages between the DTE and DCE. What are the three LMI types supported by Cisco routers? CISCO, ANSI, Q933A With Cisco IOS software release 11.2, the LMI type does not need to be configured because it is autosensed. instructor.indb 174 3/12/14 7:51 AM Chapter 13: Frame Relay 175 In Figure 13-2, RTA and RTB are both configured to use Frame Relay with the IPv4 addressing and DLCIs shown. RTA has just booted up. Fully explain how RTA will dynamically learn the DLCIs from the local Frame Relay switch and then dynamically learn the IPv4 address of RTB. Figure 13-2 Frame Relay Topology S0/0/0 S0/0/0 10.10.10.1/30 Frame 10.10.10.2/30 Relay RTA RTB DLCI 201 DLCI 102 PVC After booting, RTA will autosense the LMI type used on the local loop. Then RTA will send an LMI status inquiry message to the local Frame Relay switch. The local Frame Relay switch replies to the query with all the VCs configured on the access link. This will include the DLCI 201, which the Frame Relay network has mapped internally to reach RTB. Once RTA has the DLCIs for the access link (only 201 in this example), it sends an Inverse ARP message which is forwarded by the Frame Relay network to RTB. RTB responds to the Inverse ARP message with its IPv4 address. When RTA receives the response from RTB, it will map the local DLCI 201 to the IPv4 address of RTB. From the customer’s point of view, Frame Relay is one interface configured with one or more PVCs. The rate at which data will be accepted by the local Frame Relay switch is contracted. The access rate is the actual speed of the port connected to the service provider. It is not pos- sible to send data any faster. The committed information rate (CIR) is the rate at which the cus- tomer can send data into the Frame Relay network. All data at or below this rate is guaranteed. What does the term oversubscription mean in relation to Frame Relay? What problems can it cause? A service provider may decide to oversell an access link on the assumption that everyone that is subscribed on the link will not need to use the link for their full subscription all the time. Traffic will be dropped in situations where a link is oversubscribed and then subsequently overutilized. When the Frame Relay network is underutilized, customers can burst over their CIR at no addi- tional cost. The committed burst size (Bc) is a negotiated rate above the CIR that the customer can use to transmit for short bursts, and represents the maximum allowed traffic under normal working conditions. When sending at a rate higher than the CIR, the Discard Eligibility (DE) bit is set to 1 in every frame so that the Frame Relay network can discard the frame if conges- tion is occurring. However, when there is congestion on the Frame Relay network, the switch that is experienc- ing congestion will begin setting the Forward Explicit Congestion Notification (FECN) bit to 1 to inform downstream devices that there is congestion on the network. It will also set the Backward Explicit Congestion Notification (BECN) bit to 1 and send a message to the source to throttle back the speed at which it is sending data. In addition, the Frame Relay switch expe- riencing congestion will discard every frame that has the DE bit set to 1. instructor.indb 175 3/12/14 7:51 AM 176 CCNA Routing and Switching Practice and Study Guide Configure Frame Relay Frame Relay connections are created by configuring customer premise equipment (CPE) routers or other devices to communicate with a service provider Frame Relay switch. The service provider configures the Frame Relay switch, which helps keep end-user configuration tasks to a minimum. Configure Basic Frame Relay Because so many of the features of Frame Relay are enabled by default, configuration is straightforward. Assuming the interface is correctly addressed, the basic configuration is simply a matter of changing the encapsulation on the interface. In Figure 13-3, RTB is configured and ready to send traffic on the Frame Relay network. Assume RTA is already configured with IPv4 and IPv6 addressing. Record the commands, including the router prompt, to enable Frame Relay. Figure 13-3 S0/0/0 S0/0/0 10.10.10.1/30 10.10.10.2/30 2001:DB8:1:F::1/64 2001:DB8:1:F::2/64 Link Local: FE80::1 Frame Link Local: FE80::2 Relay RTA RTB DLCI 201 DLCI 102 PVC RTA# configure terminal RTA(config)# interface serial 0/0/0 RTA(config-if)# encapsulation frame-relay Connectivity between RTA and RTB should now be operational for IPv4 traffic. However, in our example, IPv6 requires static mapping. You will need to map both the globally unique and link local IPv6 addresses. Because the link local address is used for multicasts, you will need to add the keyword broadcast to your frame relay map configuration. Record the commands, including the router prompt, to statically configure RTA with IPv6 frame relay maps. RTA(config)# interface s0/0/0 RTA(config-if)# frame-relay map ipv6 2001:db8:1:f::2 201 RTA(config-if)# frame-relay map ipv6 fe80::2 201 broadcast Record the command used to generate the following output verifying the IPv4 and IPv6 maps. RTA# show frame-relay map Serial0/0/0 (up): ipv6 FE80::2 dlci 201(0xC9,0x3090), static, broadcast, CISCO, status defined, active Serial0/0/0 (up): ipv6 2001:DB8:1:F::2 dlci 201(0xC9,0x3090), static, CISCO, status defined, active Serial0/0/0 (up): ip 10.10.10.2 dlci 201(0xC9,0x3090), dynamic, broadcast, CISCO, status defined, active Packet Tracer Packet Tracer - Configuring Static Frame Relay Maps (CN 4.2.1.4) Activity instructor.indb 176 3/12/14 7:51 AM including the router prompts.10. this can cause reachability issues without proper configuration. record the commands.10. In a Frame Relay nonbroadcast multi- access (NBMA) topology like the one shown in Figure 13-4. Broadcast and multicast replication: Broadcast and multicast traffic must be replicated for each PVC that is configured on the interface.10. you must create subinterfaces so that each PVC can have its own Layer 3 addressing.6/30 DLCI 103 Briefly describe the three reachability issues caused by NBMA topologies. configure sub- interfaces. What are the three ways to solve these reachability issues? One or more of the following: disable split horizon. build a full mesh topology.10. Figure 13-4 Frame Relay NBMA Topology S0/0/0 10.10. RTA(config)# interface serial 0/0/0 RTA(config-if)# encapsulation frame-relay RTA(config-if)# no ip address RTA(config-if)# no shutdown RTA(config-if)# exit RTA(config)# interface serial 0/0/0.301 10.10.5/30 RTC PVC S0/0/0 DLCI 301 10.201 point-to-point RTA(config-subif)# ip address 10. Neighbor discovery: In OSPF.255.1 255. Split horizon: This rule states that an update received on a physical interface should not be retransmitted out that same physical interface. Chapter 13: Frame Relay 177 Configure Subinterfaces When configuring a hub-and-spoke topology with Frame Relay. to configure RTA with Frame Relay using point-to-point subinterfaces.1/30 DLCI 201 RTB Frame Relay NBMA RTA S0/0/0.10.2/30 DLCI 102 S0/0/0.10. This can consume considerable bandwidth which might impact user traffic if the path already has low bandwidth.201 10.indb 177 3/12/14 7:51 AM . RTA is the hub router and RTB and RTC are spokes.10. In Figure 13-4. Given the information shown in Figure 13-4.252 RTA(config-subif)# frame-relay interface-dlci 201 RTA(config-fr-dlci)# exit RTA(config-subif)# exit instructor.10. the DR/BDR election must result in the hub router as DR because it is the only router that has PVCs to all other routers.255. 301 RTA(config-subif)# ip address 10.2.2. and troubleshooting is necessary. 0 packets/sec 5 minute output rate 0 bits/sec.5 255. Record the Frame Relay verification commands that generated the following output: RTA# show frame-relay pvc PVC Statistics for interface Serial0/0/0 (Frame Relay DTE) Active Inactive Deleted Static Local 1 0 0 0 Switched 0 0 0 0 Unused 0 0 0 0 DLCI = 201.255. Sent 14 Num Status msgs Rcvd 15 instructor.Configuring Frame Relay Point-to-Point Subinterfaces (CN 4.255. INTERFACE = Serial0/0/0 input pkts 1 output pkts 1 in bytes 34 out bytes 34 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 1 out bcast bytes 34 5 minute input rate 0 bits/sec. last time pvc status changed 00:01:38 RTA# show frame-relay lmi LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq.2.10.indb 178 3/12/14 7:51 AM . 178 CCNA Routing and Switching Practice and Study Guide RTA(config)# interface serial 0/0/0.2. Nonetheless.7) Packet Tracer Packet Tracer .Configuring Frame Relay and Subinterfaces (CN 4. sometimes the network performs at less-than-expected levels.252 RTA(config-subif)# frame-relay interface-dlci 301 RTA(config-fr-dlci)# Lab . PVC STATUS = ACTIVE.6) Activity Troubleshoot Connectivity Frame Relay is generally a reliable service.10. 0 packets/sec pvc create time 00:02:12. DLCI USAGE = LOCAL. 10. indicate which command enables you to verify the described information. CISCO. LAPF state down Broadcast queue 0/64. LMI stat recvd 16.1/30 MTU 1500 bytes. DTE LMI up LMI enq recvd 0. show frame. loopback not set Keepalive set (10 sec) LMI enq sent 15.10.0x3090). CISCO. txload 1/255. LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled. LMI upd recvd 0.indb 179 3/12/14 7:51 AM . active Serial0/0/0 (up): ipv6 2001:DB8:1:F::2 dlci 201(0xC9. BW 1544 Kbit/sec. reliability 255/255. rxload 1/255 Encapsulation FRAME-RELAY. interface <output omitted> RTA# show frame-relay map Serial0/0/0 (up): ip 10. Table 13-1 Frame Relay Verification Commands Frame Relay Information show interface show frame.2 dlci 201(0xC9. active RTA# In Table 13-1. DLY 20000 usec. static. X X ries sent and received Layer 1 and Layer 2 status X information LMI type X X Invalid LMI types X instructor. show frame- Verified serial relay lmi relay pvc relay map Broadcast status for the PVC X PVC status X X Number of LMI status que. Some information can be verified with more than one command.0x3090). static. broadcast. line protocol is up Hardware is WIC MBRD Serial Internet address is 10. Chapter 13: Frame Relay 179 Num Update Status Rcvd 0 Num Status Timeouts 0 Last Full Status Req 00:00:23 Last Full Status Rcvd 00:00:23 RTA# show interface serial 0/0/0 Serial0/0/0 is up. active Serial0/0/0 (up): ipv6 FE80::2 dlci 201(0xC9. LMI stat sent 0.10. CISCO. broadcast.0x3090). status defined. broadcasts sent/dropped 1/0. status defined. status defined. dynamic.10. 1.4.Skills Integration Challenge (CN 4.indb 180 3/12/14 7:51 AM . 180 CCNA Routing and Switching Practice and Study Guide Frame Relay Information show interface show frame. show frame- Verified serial relay lmi relay pvc relay map Number of ECN packets in X and out DLCI assigned to the PVC X X The encapsulation type X Frame Relay DTE/DCE type X Packet Tracer .2) Packet Tracer Challenge instructor. show frame. 0. Class Address Range CIDR Prefix A 10.0.255 172.255 192.16. But for the short term.0–172.0/16 Briefly explain the following terms: ■ Inside local address: The address of the source as seen from inside the network.indb 181 3/12/14 7:51 AM . Only the registered holder of a public Internet address can assign that address to a network device.0. ■ Inside global address: The address of source as seen from the outside network.3 billion IPv4 addresses would not be enough.0.0.255.168. CHAPTER 14 Network Address Translation for IPv4 All public IPv4 addresses that transverse the Internet must be registered with a Regional Internet Registry (RIR). instructor. Although uncommon.0–192. ■ Outside global address: The address of the destination as seen from the outside network.0–10.16.0.255. NAT Characteristics Fill in the table with the private addresses defined by RFC 1918. this address could differ from the globally routable address of the destination.255.255. it soon became obvious that 4.168.31.0/8 B 172.0/12 C 192. Networks are commonly implemented using private IPv4 addresses. several solutions were implemented by the IETF. With the proliferation of personal computing and the advent of the World Wide Web.0.168.255 10.0. including Network Address Translation (NAT) and RFC 1918 private IPv4 addresses. NAT Operation There are not enough public IPv4 addresses to assign a unique address to each device connected to the Internet. ■ Outside local address: The address of the destination as seen from the inside network. The long-term solution was to eventually be IPv6. Most often the outside local and outside global addresses are the same. ■ Port Address Translation (PAT): Many-to-one address mapping between local and global addresses.0. What is the difference between dynamic NAT and PAT? Dynamic NAT uses a pool of public addresses and assigns them on a first-come. It is also useful for devices that must be accessible by authorized personnel when offsite.1 Web Server Outside Outside Inside Inside Local Global Global Local Types and Benefits of NAT Briefly describe the three types of NAT: ■ Static address translation (static NAT): One-to-one address mapping between local and global addresses.51. This method is also known as overloading (NAT overloading).100.51. Figure 14-1 Identify NAT Address Types 203. When is it appropriate to use static NAT? Static NAT is particularly useful for web servers or devices that must have a consistent address that is accessible from the Internet.11 192.168.2 WWW PC1 R1 ISP 192. 182 CCNA Routing and Switching Practice and Study Guide In Figure 14-1. label each type of NAT address.168. ■ Dynamic address translation (dynamic NAT): Many-to-many address mapping between local and global addresses. List and explain at least three advantages and three disadvantages to using NAT. such as a company web server.2 WWW PC1 R1 ISP 192.5 198.1 Web Server Figure 14-1a Identify NAT Address Types (Answer) 203. Advantages ■ Conserves the legally registered addressing scheme ■ Increases the flexibility of connections to the public network instructor.indb 182 3/12/14 7:51 AM .51.11 192.51.51.113. first-served basis.0.51.168.100.5 198.168.113. PAT maps multiple private addresses to one or a few public addresses using the source port number to track connections. but not by the general public on the Internet. 254 Static NAT Translation http://64.10 209. Adding PAT to a dynamic NAT is as simple as adding a keyword to the configuration.2.2.1 instructor.1. Step 2.10. Step 3. Configure the inside interface of the LAN the device is attached to participate in NAT with the ip nat inside interface configuration command.indb 183 3/12/14 7:51 AM .16. ■ End-to-end IP traceability is lost.100. Create a map between the inside local IP address and the inside global IP address with the ip nat inside source static local-ip global-ip global configuration com- mand.6/WAN 5.1. Static NAT and dynamic NAT configurations vary slightly.6) Activity Configuring NAT Configuring NAT is straightforward if you follow a few simple steps.1. Figure 14-2 Static NAT Configuration Topology Inside Network Outside Network S0/0/0 S0/1/0 Internet R2 Web Server Client 172.10 64.201.100. R2(config)# ip nat inside source static 172. ■ End-to-end functionality is degraded.1 The web server uses an inside local address 172. CHAPTER 14: Network Address Translation for IPv4 183 ■ Provides consistency for internal network addressing schemes ■ Provides network security Disadvantages ■ Performance is degraded.1.10. ■ Initiating TCP connections can be disrupted. Configure the outside interface where NAT translation will occur with the ip nat outside interface configuration command. Refer to the topology in Figure 14-2 to configure static NAT.10 that needs to be translated to the inside global address 64.10.100.1. Configuring Static NAT Use the following steps to configure static NAT: Step 1.165.16. Packet Tracer Packet Tracer . ■ Tunneling becomes more complicated.16. Record the command including router prompt to configure the static translation on R2.Investigating NAT Operation (RSE 11.1. 0 64.252 instructor. Configure the inside interface of the LAN the device is attached to participate in NAT with the ip nat inside interface configuration command.0/24 PC1 Inside Network Outside Network 172.4/WAN 5.100.16. Step 3.2. R2(config)# interface Serial0/0/0 R2(config-if)# ip nat inside Record the commands including router prompt to configure the outside interface.100.1.3 netmask 255.0/30.10 Dynamic NAT 172. Record the command including router prompt to configure the NAT pool with an appropriate name. Configure an ACL to specify which inside local addresses will be translated using a standard ACL.indb 184 3/12/14 7:51 AM . Configure the outside interface where NAT translation will occur with the ip nat outside interface configuration command.0/24 The pool of available addresses is 64.2.1. R1(config)# ip nat pool NAT 64.2.0/30 172. R2(config)# interface Serial0/1/0 R2(config-if)# ip nat outside Packet Tracer .10.10.10. Define the pool of addresses that will be used for dynamic translation using the ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} global configuration command.16. Step 2.4) Packet Tracer Activity Configuring Dynamic NAT Use the following steps to configure dynamic NAT: Step 1.100. Bind the NAT pool to the ACL with the ip nat inside source list ACL-number pool name global configuration command. Refer to the topology in Figure 14-3 to configure dynamic NAT.16.100. Figure 14-3 Dynamic NAT Configuration Topology 172.Configuring Static NAT (RP 11.10 S0/0/0 S0/1/0 Internet R1 R2 Server PC2 NAT POOL: 64. 184 CCNA Routing and Switching Practice and Study Guide Record the commands including router prompt to configure the inside interface.1. Step 4.1.255.255.10.16. Step 5.2. 2. 172.0/24 instructor.16.0.10 S0/0/0 S0/1/0 Internet R1 R2 Server PC2 172.0 0.5) Activity Configuring Port Address Translation Configuring Port Address Translation (PAT) is just like configuring dynamic NAT except you add the keyword overload to your binding configuration: Router(config)# ip nat inside source list ACL-number pool name overload However.2.2.0/24 and 172.16.0. In fact.1 172.16.1.2.” To configure NAT to overload the public IP address on an interface.Configuring Dynamic and Static NAT (RP 11.0.10 64. need to be translated. this is what a home router does “out of the box.2.5/WAN 5.6) Packet Tracer Packet Tracer . there is no pool configuration.255 Record the command including router prompt to bind the NAT pool to the ACL.0/24.2.16. R1(config)# access-list 1 permit 172.indb 185 3/12/14 7:51 AM .16. Refer to the topology in Figure 14-4 to configure PAT.2. of course. CHAPTER 14: Network Address Translation for IPv4 185 The two LANs. No other addresses are allowed.0/24 PC1 Inside Network Outside Network 172.16.16.0.1. Record the command including router prompt to configure the ACL.2. Figure 14-4 Dynamic NAT Configuration Topology 172.100.10.2. use the following command: Router(config)# ip nat inside source list ACL-number interface type number overload In this case. R1(config)# ip nat inside source list 1 pool NAT Record the commands including router prompt to configure the inside interface. R2(config)# interface Serial0/1/0 R2(config-if)# ip nat outside Lab .1.2.Configuring Dynamic NAT (RP 11.1.255 R1(config)# access-list 1 permit 172. R2(config)# interface Serial0/0/0 R2(config-if)# ip nat inside Record the commands including router prompt to configure the outside interface.2.0 0.2.16. a more common solution in a small business enterprise network is to simply overload the IP address on the gateway router.6/WAN 5. 186 CCNA Routing and Switching Practice and Study Guide R1 is using the public IP address 64.51. Use the options in Table 14-1 to fill in the source address (SA).51.1 ISP PC1 Internet R1 64.5 192. PAT maintains a table of inside and outside addresses mapped to port numbers to track connections between the source and destination.10.5 192.10.168. Record the command including router prompt to bind the ACL you configured for dynamic NAT to the Serial 0/1/0 interface.11 1150 53 192.168.indb 186 3/12/14 7:51 AM . The series of Figures 14-5 through 14-8 illustrate the PAT process overloading an interface address.10. and corresponding port numbers as the packet travels from source to destination and back.201.2 192.11 192. the process of translating inbound and outbound packets is a bit more involved. R1(config)# ip nat inside source list 1 interface s0/1/0 overload That’s it! The rest of the commands are the same as dynamic NAT.5 209.2 Web Server SA DA Source Port Destination Port 1150 80 Figure 14-5a Hop1: PC1 to NAT-Enabled R1 (Answer) 209.2 Web Server SA DA 192.201.168.51.165.165.51.201.1 on the Serial 0/1/0 interface.100.165.168.5 1268 209.11 192.11 Source Port Destination Port 1150 80 instructor. Table 14-1 Addresses and Port Numbers 64.168.51.10.100.51.1 80 Figure 14-5 Hop 1: PC1 to NAT-Enabled R1 209.100.168.100. destination address (DA).201.165.51.1 ISP PC1 Internet R1 64.168. However. indb 187 3/12/14 7:51 AM .10.2 Web Server SA DA 64.168.2 Web Server SA DA Source Port Destination Port instructor.51.165.5 192. CHAPTER 14: Network Address Translation for IPv4 187 Figure 14-6 Hop 2: NAT-Enabled R1 to Web Server 209.11 192.168.11 192.51.51.100.11 192.168.201.1 ISP PC1 Internet R1 64.5 192.201.2 Web Server SA DA Source Port Destination Port 1268 Figure 14-6a Hop 2: NAT-Enabled R1 to Web Server (Answer) 209.2 209.165.51.51.168.5 192.201.10.100.201.165.168.100.1 ISP PC1 Internet R1 64.11 Source Port Destination Port 1268 80 Figure 14-7 Hop 3: Web Server to NAT-Enable R1 209.1 ISP PC1 Internet R1 64.51.100.168.10.165.10. 51.165.201.11 64.10.168.2 Web Server SA DA 209.51.1 ISP PC1 Internet R1 64.51.10.51.11 192.168.5 Source Port Destination Port 80 1150 instructor. 188 CCNA Routing and Switching Practice and Study Guide Figure 14-7a Hop 3: Web Server to NAT-Enable R1 (Answer) 209.5 192.100.201.165.11 192.168.100.5 192.1 ISP PC1 Internet R1 64.165.100.168.168.201.10.165.100.11 192.168.165.1 ISP PC1 Internet R1 64.11 192.201.201.51.5 192.51.2 Source Port Destination Port 80 1268 Figure 14-8 Hop 4: NAT-Enabled R1 to PC1 209.2 Web Server SA DA Source Port Destination Port Figure 14-8a Hop 4: NAT-Enabled R1 to PC1 (Answer) 209.168.indb 188 3/12/14 7:51 AM .2 Web Server SA DA 209.10.51. label the missing parts of the IPv6 ULA address structure. where NAT can map outgoing requests against incoming replies.4) Configuring NAT and IPv6 IPv6 includes both its own IPv6 private address space and NAT. CHAPTER 14: Network Address Translation for IPv4 189 Lab .2.3.2. The port forwarding configuration is commonly done in a GUI. However.Implementing Static and Dynamic NAT (RP 11.indb 189 3/12/14 7:51 AM .Configuring NAT Pool Overload and PAT (RP 11. Figure 14-9 IPv6 Unique Local Address Structure Bits L Subnet ID Pseudo- EUI-64. In Figure 14-9.3. To resolve this problem. IPv6 uses a unique local address (ULA) for communication within a local site.7) Packet Tracer Packet Tracer .4.6/WAN 5.2. peer-to-peer connections work only from the inside out.2.3. which are implemented differently than they are for IPv4.6) Activity A Word About Port Forwarding Because NAT hides internal addresses.4/WAN Packet Tracer Activity 5. you can configure port forwarding to identify specific ports that can be forwarded to inside hosts. you can also configure port forwarding in the Cisco IOS adding the following command to your NAT configuration: Router(config)# ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} [extendable] Packet Tracer .3.2. Random.7/WAN 5. The problem is that NAT does not allow requests initiated from the outside.Configuring Port Forwarding on a Linksys Router (RP 11. or Random Manual Configuration Algorithm 1 or 0 instructor.4.2. ■ Allow sites to be combined or privately interconnected. Troubleshooting NAT When there are IPv4 connectivity problems in a NAT environment. Is there a static NAT implementa- tion? Are the addresses in the dynamic pool actually valid? Are the inside and out- side interfaces correctly identified? Step 2. it is often difficult to determine the cause of the problem. This allows the IPv6 packet to be transmitted over an IPv4-only network. Review in detail what is happening to the packet.indb 190 3/12/14 7:51 AM . Review the purpose of the NAT configuration. The first step in solving the problem is to rule out NAT as the cause. instructor. without creating any address conflicts or requiring renumbering of interfaces that use these prefixes ■ Independent of any ISP and can be used for communications within a site without having any Internet connectivity ■ Not routable across the Internet. 190 CCNA Routing and Switching Practice and Study Guide Figure 14-9a IPv6 Unique Local Address Structure (Answer) Bits 7 1 40 16 64 /64 Prefix L Global ID Subnet ID Interface ID Pseudo- EUI-64. there is no conflict with other addresses What is the main purpose of NAT for IPv6? To provide a translation mechanism between IPv6 and IPv4 networks Briefly describe the three transition strategies to move from IPv4 to IPv6. Step 4. which is now replaced with NAT64. Step 3. Translation strategies include NAT-PT. Briefly describe three characteristics of ULAs. Follow these steps to verify that NAT is operating as expected: Step 1. Use the clear ip nat translations * and debug ip nat commands to verify that NAT is operating as expected. Dual stack is when the devices are running protocols associated with both the IPv4 and IPv6. Verify that correct translations exist in the translation table using the show ip nat translations command. and verify that routers have the correct routing information to move the packet. but if accidentally leaked by routing or DNS. or FC00::/7 Random Manual Configuration Algorithm 1 or 0 ULAs are also known as local IPv6 addresses. Tunneling for IPV6 is the process of encapsulating an IPv6 packet inside an IPv4 packet. Random. Check to see whether dynamic entries are re-created after they are cleared. 3.1.4) Packet Tracer .3.3.4.Troubleshooting NAT Configurations (RP 11.1.indb 191 3/12/14 7:51 AM .4/WAN Activity 5.5/WAN 5.1.2) instructor.1.3. CHAPTER 14: Network Address Translation for IPv4 191 Lab .Skills Integration Challenge (RP 11.4.5) Packet Tracer Packet Tracer .Verifying and Troubleshooting NAT Configurations (RP 11.1.2/WAN 5.1. indb 192 3/12/14 7:51 AM .instructor. working from home has become a popular option for both employees and companies alike. VPN. This chapter reviews DLS. There are several fac- tors to consider when choosing a broadband solution. Virtual private networks (VPN) allow workers to securely connect to the business from remote locations.indb 193 3/12/14 7:51 AM . wireless. cable. and the factors to consider when implementing broadband solutions. instructor. CHAPTER 15 Broadband Solutions With the advent of broadband technologies like digital subscriber line (DSL) and cable. instructor. Business Requirements for Teleworker Services Both the teleworker and the business must meet certain minimum requirements to implement teleworking services for the organization. indicate whether the teleworker or the company is responsible for each requirement. indicate which group primarily receives the benefit described. employers.indb 194 3/12/14 7:51 AM . Lack of technology support and services compared to colleagues that are in the office. Teleworking can have its own set of distractions like household chores or leisure pursuits like watching TV. 194 CCNA Routing and Switching Practice and Study Guide Teleworking Teleworking is working away from the traditional workplace by using telecommunication tech- nologies such as broadband and VPN security. Table 15-1 Benefits of Teleworking Benefit Employer Government/ Individual Community Improves employee morale X Decreases recruitment and retention costs X Reduces local infrastructure costs X Attracts local employment and development X Saving time or earning more in the same time X Increases available time to care for dependents X Reduces absenteeism levels X Reduces the impact of urban drift X Reduces costs associated with commuting X Can reduce regional traffic delays X Flexibility to deal with personal tasks X Customers experience improved response times X Costs of Teleworking Teleworking does have some costs. Benefits of Teleworking The groups that benefit from teleworking include employees. In Table 15-1. local governments. as well. In Table 15-2. List at least two costs from the employer’s perspec- tive and two costs from the employee’s perspective. Employer It may be difficult to keep track of employee progress on work. and communities. Employees Teleworkers can feel isolated working alone. Managers must use a different management style to oversee teleworkers. DSL. X Manages VPN authentication procedures. The Data-over-Cable Service Interface Specification (DOCSIS) is the international standard developed by CableLabs that cable operators use to provide Internet access over their existing hybrid fiber-coaxial (HFC) infrastructure. connecting to the corporate network can be done in one of three ways: cable. and high-speed Internet access. Two-way communications occurs downstream in the 50. Cable Cable broadband uses a coaxial cable that carries radio frequency (RF) signals across the net- work. residential phone service. X Comparing Broadband Solutions Depending on the location of the teleworker.to 860-MHz range and upstream in the 5. cable communications was one way.indb 195 3/12/14 7:51 AM . Chapter 15: Broadband Solutions 195 Table 15-2 Teleworker Services Requirements Responsibility Teleworker Company Usually uses cable or DSL to access the VPN. What portion of the electromagnetic spectrum do these signals occupy? Radio frequencies occur between 1 KHz and 1 THz on the electromagnetic spectrum. X Uses client software for network access. Traditionally. X Maintains VPN concentrators and security appliances. or broadband wireless. What two types of equipment are required to send digital modem signals upstream and down- stream on a cable system? Cable Modem Termination System (CMTS) at the headend of the cable operator Cable Modem (CM) on the subscriber end instructor. X Uses network access while traveling.to 42-MHz range. Modern cable systems now provide two-way communication. X Determines link aggregation and VPN termination methods. What three main telecommunication services are offered by today’s cable companies? Cable companies now offer digital cable TV. Definitions Terms a. Defines the communications and operation c. Upstream the headend to subscribers d. Downstream support interface that permits the addition of e.indb 196 3/12/14 7:51 AM . DOCSIS b. HFC c. The direction of a signal transmission from subscribers to the headend instructor. 196 CCNA Routing and Switching Practice and Study Guide Match the definition on the left with a term on the right. Terms are only used once. The direction of a signal transmission from f. The rate at which current (voltage) cycles (computed as the number of waves per sec- ond) f. Combining both fiber-optic and coax cabling d. Frequency high-speed data transfer to a traditional cable TV system a. Located in the headend (and communicates with CMs located in subscriber homes) e. CMTS together into a hybrid cabling infrastructure b. The local loop connection to the CO must be less than 3.39 miles (5. What two components are required to provide a DSL connection to the teleworker? Equipment required includes a transceiver (DSL modem). which connects the teleworker’s net- work to the DSL network and a DSL access multiplexer (DSLAM) located at the CO to com- bine individual DSL subscribers into one link to an ISP.indb 197 3/12/14 7:51 AM .46 km). What two devices can separate the signals? There are two ways to separate ADSL from voice at the customer premises: using a microfilter or using a splitter. The analog voice and ADSL signals must be separated to avoid interference. instructor. Asymmetric DSL (ADSL) provides higher downstream bandwidth than upload speed. Symmetric DSL (SDSL) provides the same bandwidth in both directions. Chapter 15: Broadband Solutions 197 DSL Digital subscriber line (DSL) technology takes advantage of the additional bandwidth available in telephone networks between 3 KHz and 1 MHz. Briefly describe the two main types of DSL. Terms are only used once. Category of DSL technology that provides equal high-speed downstream and upstream data capacities f. The category of DSL technology that provides b. Transceiver high-speed downstream data capacity value with a lower upstream capacity value d. Located at the CO. A means of providing high-speed connections over pre-existing installed copper wire infra- structure instructor. 198 CCNA Routing and Switching Practice and Study Guide Match the definition on the left with a term on the right. Sometimes referred to as the DSL modem. Definitions Terms a. d. SDSL c. ADSL individual DSL connections from subscribers f. Device with one end connecting to a tele- phone device and the other end connecting to the telephony wall jack e.indb 198 3/12/14 7:51 AM . a device that combines c. DSL into one high-capacity link to an ISP a. DSLAM b. Microfilter a device that connects the subscriber to the DSL network e. indb 199 3/12/14 7:51 AM . Employs a mesh network with an access points at each node for 802. Municipal WiFi b. Whether from your laptop or from a smartphone. A general term for Internet service from a mobile phone or any other mobile device that uses the same technology f. Terms are only used once. Match the definition on the left with a term on the right. urban or rural. Two-way satellite Internet using IP multicast- ing technology instructor. VSAT cellular data (considered to be part of 4G) a. Chapter 15: Broadband Solutions 199 Broadband Wireless Of the three broadband technologies.11 connections e. broadband wireless has a solution. Uses a point-to-multipoint topology to pro. wireless offers the largest variety of ways to connect. LTE speeds up to 1 Gbps d. 3G/4G Wireless vide wireless cellular broadband access at b. Cellular broadband access that gets faster with each generation e. WiMAX c. c. Wireless Internet d. Newer and faster technology for high-speed f. Definitions Terms a. indicate the factors for each broadband solution. Limited bandwidth that is X distance sensitive. Most municipalities do X not have a mesh network deployed. it is a viable option. you want to consider several fac- tors. Cellular/ Wi-Fi WiMAX Satellite to-the. instructor. PPPoE Overview For the ISP. and upstream data rates are often slow. Configuring xDSL Connectivity The underlying data-link protocol commonly used by Internet service providers (ISPs) to send and receive data across DSL links is PPP over Ethernet (PPPoE). a teleworker would have a fiber-optic cable directly connected to the home office. Table 15-3 Broadband Solutions: Factors to Consider Factor to Consider Cable DSL Fiber. X bandwidth is limited. and the upstream rate is proportion- ally quite small compared to downstream rate. Bit rate is limited to 2 Mbps X per subscriber. Bandwidth is shared by many X users. and data may not be unlimited. Expensive. if it is available and the SOHO is in range.indb 200 3/12/14 7:51 AM . often provides access where no other access is possible. what are the benefits of using PPP? PPP supports the ability to assign IP addresses to the remote end of the link. PPP with CHAP authentication allows the ISP to check the customer’s records to make sure that the bill is paid. cell size is 1 to 2 km (1. When selecting the broadband solution that is right for you.25 mi). Mobile Mesh Home Requires fiber installation X directly to the home. In Table 15-3. Coverage is often an issue. limited capacity X per subscriber. 200 CCNA Routing and Switching Practice and Study Guide Selecting Broadband Solutions Ideally. In Figure 15-1. understanding how PPPoE is implemented will help solidify your skills in configuring PPP. ■ CHAP authentication with username and password assigned by ISP. ■ MTU size is set to 1492. the ISP router is already configured. ■ Dialer interface is assigned a pool. Why? To allow for the additional 8-byte PPP header. Configuring PPPoE Although PPPoE configuration is beyond the scope of the course. Customer(config)# interface dialer 1 Customer(config-if)# ip address negotiated Customer(config-if)# encapsulation ppp Customer(config-if)# ip mtu 1492 Customer(config-if)# dialer pool 1 instructor. You can verify the dialer interface was assigned an IP address with the show ip interface brief command. Step 2. the MTU is reduced from the maxi- mum Ethernet size of 1500 bytes to 1492.indb 201 3/12/14 7:51 AM . Create a PPP tunnel using dialer interface with the following settings: ■ Encapsulation is PPP. The two steps to configure PPPoE are as follows: Step 1. ■ IP address is negotiated. which was later replaced with ISDN. Record the commands to configure the Customer router using the following CHAP information: Figure 15-1 PPPoE Configuration Topology Internet G0/0 G0/0 Customer ISP DSL Modem DSLAM ■ Username is CustomerBob. ■ Password is Bob$connect. Enable PPPoE on the interface attached to the DSL modem and assign it as a PPPoE client using the dialer pool defined in Step 1. which was then replaced by DSL. Chapter 15: Broadband Solutions 201 What are the three stages of evolution in teleworker connections from the home that use PPP? First there was analog dialup. 3.Configuring a Router as a PPPoE Client for DSL Connectivity (CN 6.255.1 64.254 255.1. 202 CCNA Routing and Switching Practice and Study Guide Customer(config-if)# ppp chap hostname CustomerBob Customer(config-if)# ppp chap password Bob$connect Customer(config-if)# no shutdown Customer(config-if)# interface g0/0 Customer(config-if)# no ip address Customer(config-if)# pppoe enable Customer(config-if)# pppoe-client dial-pool-number 1 Customer(config-if)# no shutdown If you want to configure this on lab equipment.3) instructor.255.2.100. connect two routers through a switch or with a crossover cable and use the following configuration for ISP: username CustomerBob password Bob$connect ! bba-group pppoe global virtual-template 1 ! interface GigabitEthernet0/0 no ip address pppoe enable group global no shutdown ! interface Virtual-Template1 mtu 1492 ip address 64.indb 202 3/12/14 7:51 AM .100.253 Lab .100.1.0 peer default ip address pool CUSTOMER_POOL ppp authentication chap callin ! ip local pool CUSTOMER_POOL 64.1. Frame Relay. virtual private networks (VPNs) play an important role in today’s network implementations. CHAPTER 16 Securing Site-to-Site Connectivity Up to this point in our WAN discussions. instructor. With the use of generic routing encapsulation (GRE) and IP security (IPsec).indb 203 3/12/14 7:51 AM . cable. digital subscriber line (DSL). Now it is time to turn our attention toward a popular solution for linking two sites or a teleworker to the corporate office. and wireless. including leased lines. we have covered access options. Site-to-site VPNs support connections where the two locations are permanent and contain more than one user. a firewall. Briefly describe three different scenarios in which VPNs are a viable solution. branch. Scalability: It is easy to add branches. a VPN gateway is needed. For example. a branch site or a business partner site most likely would benefit from a site-to-site VPN. Remote-access VPNs are best used for single user connection needs such as teleworkers and mobile users. and business partners to the corporate network at the central site. VPNs are ideal for connecting teleworkers. List three devices can serve as a VPN gateway. Cost savings: VPNs allow organizations to replace expensive dedicated WAN links or modem banks by using Internet connections to connect end users. Fundamentals of VPNs VPNs are used to create a private tunnel over the Internet regardless of the WAN access option used to make the connection. Briefly describe four benefits to using VPNs. To implement a VPN. or users because ISP choices can be made locally.indb 204 3/12/14 7:51 AM . partners. A router. indicate the type of VPN described by each characteristic. Types of VPNs There are two main types of VPN networks. What is the difference between VPN and secure VPN? Secure VPNs are implemented with data encryption using IPsec. Table 16-1 Comparing Site-to-Site and Remote-Access VPNs Characteristic Site-to-Site Remote-Access VPN VPNs VPN is dynamically enabled when needed. remote/branch offices. and mobile workers can take advan- tage of whatever broadband technology they are using to connect to the Internet. Compatibility with broadband technology: Home. Security: VPNs use advanced encryption technology to secure data as it travels across the Internet. X Most likely uses VPN client software to establish VPN X connection and encrypt data. 204 CCNA Routing and Switching Practice and Study Guide VPNs With the proper implementation at that central site. X instructor. This is increasingly important as more users need or want access to their corporate networks no matter their cur- rent location. Users have no knowledge of the VPN. In Table 16-1. VPNs provide the flexibility of having safe and secure connections regardless of the underlying access technology. and Cisco’s Adaptive Security Appliance (ASA) can all serve as VPN gate- ways. 1. Chapter 16: Securing Site-to-Site Connectivity 205 Characteristic Site-to-Site Remote-Access VPN VPNs Connects networks together through peer VPN gateways. X VPN connection is static.1. X Connects teleworkers and mobile users. X Packet Tracer Packet Tracer . then encapsulated in an IP packet for trans- port across the Internet. Figure 16-1 GRE Encapsulated Packet IP GRE IP TCP Data Figure 16-2 shows the topology we will use to configure GRE later in this section.1.0/30 10.100. is encapsulated with GRE.1/30 S0/0/0 S0/0/0 G0/0 PC1 G0/0 Tunnel RTB RTA 10.10/24 IPv4 Original Packet IP GRE Payload Header Header Packet instructor. IPv6. or IPX Figure 16-1 shows the basic fields in a GRE encapsulated packet.2/30 10.1.4) Activity Site-to-Site GRE Tunnels Generic routing encapsulation (GRE) is a site-to-site VPN tunneling protocol developed by Cisco. DECnet. GRE can encapsulate a wide variety of protocol packet types inside IP tunnels. Note: The public addressing is on the same subnet.1. IPv4.2/30 10. AppleTalk. Notice how the protocol packet.100. X Uses a client/server model.1.Configuring VPNs (Optional) (CN 7. The inside IP packet is using private addressing and the outside IP packet is using public addressing.10. However.2/30 64.10/24 Tunnel1 Tunnel1 10. we are doing it here so that you can easily attach to routers and use this configuration for practice. This is uncommon on real networks. IP.10.2.1.1.indb 205 3/12/14 7:51 AM .1. Fundamentals of Generic Routing Encapsulation List three protocols that GRE can encapsulate.2.1. Figure 16-2 GRE Topology 64. The interface numbers do not have to match between RTA and RTB.252 RTB(config-if)# tunnel source 64.100. Configuring GRE Tunnels In Figure 16-2 shown earlier. GRE is stateless.100. For RTB. Specify the tunnel’s source IP address in the public part of the network with the tunnel source ip-address command.255. Of course.10. assume the physical interfaces on RTA and RTB are configured and active.0. 206 CCNA Routing and Switching Practice and Study Guide GRE is defined by IETF RFC 2784.1. To configure GRE on RTB. this address is the 64. 47 is used in the Protocol field to indicate that a GRE header follows.255.indb 206 3/12/14 7:51 AM . RTB(config)# interface tunnel 1 RTB(config-if)# ip address 10.100.1.2 IP address configured on its S0/0/0 interface. use the following commands to troubleshoot the issue.0. However. complete the following steps: Step 1. record the commands including the router prompt to configure RTB with a GRE tunnel to RTA.0/30.0 0.1 IP address configured on RTA’s S0/0/0.3 area 0 A number of commands can be used to verify the GRE tunnel is operational. In our topology.1.2 RTB(config-if)# tunnel destination 64.255 area 0 RTB(config-router)# network 10.1. GRE does not include any security mecha- nisms to protect the payload.1. this address is the 64. Also.2 255. is what is needed here. The GRE header and additional IP header creates at least 24 bytes of additional overhead for tunneled packets. GRE IP. instructor. Step 4.0. The IP address must match the other side’s configuration for tunnel destination ip-address. If connectivity fails. in the future.2. Configure routing to use the tunnel to advertise the private LANs at each site. The two routers on the tun- nel should use addresses from the same subnet. For RTB.1.1 RTB(config-if)# router ospf 1 RTB(config-router)# network 10.0 0.0.1.1. a Protocol Type field specifies the OSI Layer 3 protocol that is encapsulated (IP in Figure 16-2).1. In the outer IP header. The IP address must match the other side’s tunnel source ip-address.1. the subnet is 10. Step 2. meaning that it does not include any flow-control mechanisms. Configure an IP address for the tunnel interface. Step 5. Note: These steps do not include configuring the tunnel mode command because the default. the ultimate test is that PC1 should now be able to ping the server attached to the RTA LAN. Also assume that RTA is already configured with a GRE tunnel and OSPF routing. the GRE tunnel will most likely be IPv6. In the GRE header. Using these steps. Step 3. Specify the tunnel’s destination IP address in the public part of the network with the tunnel destination ip-address command.100. Create a tunnel interface using the interface tunnel number command. why is the maximum transmission unit (MTU) set at 1476 bytes? The overhead for GRE is 24 bytes. 3 masks O 10.3) Activity Packet Tracer .1.1.Troubleshooting GRE (CN 7.0. Chapter 16: Securing Site-to-Site Connectivity 207 Record the commands and command filtering used to generate the following output.2.2/30 MTU 17916 bytes. 5 subnets.100. txload 1/255.0/8 is variably subnetted.1 Tunnel protocol/transport GRE/IP Key disabled. 00:23:49.10.2.Configuring a Point-to-Point GRE VPN Tunnel (CN 7.1.0.1. DLY 50000 usec. Tunnel1 RTB# show interface Tunnel 1 Tunnel1 is up.5) Packet Tracer Packet Tracer .1. which limits the encapsulated packet from the normal 1500 bytes to 1476 bytes.1.2.1 Tunnel1 RTB# show ip interface brief | include Tunnel Tunnel1 10.2.Configuring GRE (CN 7.0/24 [110/1001] via 10.2. sequencing disabled Checksumming of packets disabled Tunnel TTL 255. reliability 255/255.2 YES manual up up RTB# show ip route ospf | begin Gateway Gateway of last resort is not set 10.100. line protocol is up Hardware is Tunnel Internet address is 10. 00:00:34 10.1.1. rxload 1/255 Encapsulation TUNNEL.1.4) instructor.indb 207 3/12/14 7:51 AM .1.1.100. Lab .1.2.1 0 FULL/ . RTB# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 64. BW 100 Kbit/sec. Fast tunneling enabled Tunnel transport MTU 1476 bytes <output omitted> RTB# In the output from the last command shown.2. loopback not set Keepalive not set Tunnel source 64.1. destination 64. ■ Anti-replay protection: This is the ability to detect and reject replayed packets and helps prevent spoofing. Hash-based Message Authentication Code (HMAC) is a mechanism for message authentication using hash functions. the source and the destination use two different keys. Security Architecture for the Internet Protocol. it does not include any kind of security. What is the main difference between symmetric and asymmetric encryption? In symmetric encryption. defines IP security. IPsec has uses a hash to ensure that the packet has not been changed. Internet Protocol Security RFC 4301. longer keys (such as 256-bit) provide stronger encryption and data confidentiality. What is the main purpose of the Diffie-Hellman (DH) algorithm? DH is a method for two parties to establish a shared secret key that will be used by encryption and hash algorithms. So. 208 CCNA Routing and Switching Practice and Study Guide Introducing IPsec Although GRE is excellent for creating a tunnel across the Internet. any practice you do is purely optional. Briefly describe each of the four critical functions of IPsec security services. In addition. A keyed HMAC is a data integrity algorithm that guarantees the integ- rity of a message. ■ Data integrity: When data is received on the other end of the tunnel. What are the two common HMAC algorithms? MD5 and SHA instructor. the sophistication of the algorithm impacts confidentiality. Encryption What two factors impact the degree of confidentiality in an encryption algorithm? The shorter a key used in the encryption.indb 208 3/12/14 7:51 AM . Therefore. IPsec configuration is not a CCNA Routing and Switching exam topic. In what scenarios are symmetric and asymmetric encryption used? Symmetric encryption is commonly used to encrypt the contents of a message. ■ Confidentiality (encryption): IPsec provides strong algorithms used to encrypt the data before it is sent across the VPN tunnel. or simply IPsec. This section reviews basic IPsec concepts. the easier it is to hack. IPsec Framework Encryption protects data confidentiality and integrity. Authentication ensures that the sender and receiver actually know and trust each other. Late and duplicate packets are dropped. the source and destination use a pre-shared key. and asymmet- ric encryption is commonly used for digital certificates. whereas in asym- metric encryption. ■ Authentication: IPsec uses Internet Key Exchange (IKE) to authenticate that the connec- tion is made with the desired communication partner. instructor. Integrity: A hash algorithm is used to guarantee that the data has not been altered in transit. Confidentiality: The selection of an encryption algorithm to encrypt and decrypt the original message. Figure 16-3 IPsec Framework IPsec Framework Choices ESP + IPsec Protocol AH ESP AH Confidentiality DES 3DES AES SEAL Integrity MD5 SHA Authentication PSK RSA Diffie-Hellman DH1 DH2 DH5 DH. It is manually configured and used to authenticate at each end. a VPN tunnel must also authenticate the device on the other end before the path can be considered secure. Chapter 16: Securing Site-to-Site Connectivity 209 Briefly describe the operation of an HMAC algorithm. However. Figure 16-3 is a depiction of the IPsec framework with all the possible algorithm choices for each piece in the framework. Authentication: A method is used to authenticate the two ends of a tunnel. ■ PSK: A secret key that is shared between the two parties using a secure channel before it needs to be used. Briefly describe each of the following: IPsec framework protocol: The protocol used to encapsulate the full packet. either PSK or RSA. The result is a hash that is appended to the original message... A shared secret key and variable-length message are combined and run through the algorithm. the Encapsulating Security Payload (ESP) is used. The receiving end reverses the process to decrypt the variable-length message. as we have seen. ■ RSA signatures: Digital certificates are obtained from a certificate authority and then are exchanged to authenticate peers.indb 209 3/12/14 7:51 AM . DH algorithm: The method in which a shared secret key is established between peers. Most likely. Briefly describe the two main peer authentication methods. Authentication Encryption is crucial. X er-based file-sharing resources instructor. spyware. Table 16-2 Cisco SSL VPN Solutions Cisco SSL VPN Solution Description Cisco AnyConnect Secure Cisco Secure Mobility Mobility Client with SSL Clientless SSL Non-corporate-managed devices are X provided VPN remote access Provides access to corporate resources X for devices that are not managed by the corporation Provides clients with a LAN-like full X network access Remote users establish the SSL session X using a web browser A client application must be installed X on the end-user device Requires a standalone application be X installed on the end-user device Access to services is limited to brows. 210 CCNA Routing and Switching Practice and Study Guide Packet Tracer Packet Tracer . and complete network access without preinstalled desktop soft- ware Protection against viruses. worms. scaled. This section briefly reviews types of remote-access VPN solutions. and tailored to the access rights of the individual. VPNs are an ideal remote-access solution for many reasons. Web-based.3. Secure communications can easily be implemented. label the two columns with the Cisco SSL VPN solution that is best described by the statements.Configuring GRE over IPsec (Optional) (CN 7. and hackers on a VPN connection by integrating network and endpoint security in the Cisco SSL VPN platform Use of a single device for both SSL VPN and IPsec VPN In Table 16-2.indb 210 3/12/14 7:51 AM . Remote-Access VPN Solutions What are the two primary methods for deploying remote-access VPNs? IPsec and SSL List three benefits or features of Cisco SSL VPN solutions. clientless access.2.8) Activity Remote Access As discussed earlier in this chapter. 5. key-length encryption. Label each based on the following descriptions. X 56 to 256-bit. X Packet Tracer Packet Tracer . indicate whether the characteristic belongs to SSL or IPsec. X One. and ease of use for both site-to-site and remote-access IPsec VPNs. X Any device can connect.or two-way authentication. The Cisco Easy VPN solution consists of three components. Table 16-3 Comparing SSL and IPsec Characteristic SSL IPsec 40.indb 211 3/12/14 7:51 AM .to 256-bit key-length encryption. X Shared secrets or digital certificates for authentication. In Table 16-3.1. scalability. X Specifically configured devices can connect.2) Activity instructor. X Access to all IP-based applications.Skills Integration Challenge (CN 7. ■ Cisco Easy VPN Remote: A Cisco IOS router or Cisco ASA firewall acting as a VPN client ■ Cisco VPN Client: An application supported on a PC used to access a Cisco VPN server ■ Cisco Easy VPN Server: A Cisco IOS router or Cisco ASA Firewall acting as the VPN headend device in site-to-site or remote-access VPNs IPsec exceeds SSL in many ways. Chapter 16: Securing Site-to-Site Connectivity 211 IPsec Remote-Access VPNs The Cisco Easy VPN solution feature offers flexibility. X Web applications and file sharing. instructor.indb 212 3/12/14 7:51 AM . CHAPTER 17 Monitoring the Network Most of your CCNA studies have focused on implementing networking technologies. This chapter focuses on three popu- lar monitoring tools: Syslog. and NetFlow. several tools have evolved to help you do just that. instructor. Simple Network Management Protocol (SNMP). Over the years. But what if there is currently no design or implementation to do in your job as network administrator? What if the net- work is already up and running? Then chances are you will be responsible for monitoring the network.indb 213 3/12/14 7:51 AM . as shown in Example 17-1. Table 17-1 Syslog Message Format Field Example Sequence Number 000040: Timestamp *Nov 13 15:20:40. to add this field to syslog messages. Example 17-1 Syslog Message: Interface Is “Up” and “Up” 000039: *Nov 13 15:20:39. including the rout- er prompt. changed state to up By default. the Sequence Number field is not shown. Router(config)# service sequence-numbers instructor. ■ RAM (logging buffer) ■ Console line ■ Terminal line ■ Syslog server Because you have configured many routers by now. use the second line of output from Example 17-1 to provide an example of each field in the syslog message format. Briefly describe the three main syslog functions. Syslog Operation Developed in the 1980s and documented as RFC 3164. Record the command.999: %LINK-3-UPDOWN: Interface GigabitEthernet0/0. syslog used UDP port 514 to send notifications across IP networks to a syslog server. 214 CCNA Routing and Switching Practice and Study Guide Syslog The most common method of accessing system messages that networking devices provide is to use a protocol called syslog.999: Facility %LINEPROTO Severity 5 Mnemonic UPDOWN Description Line protocol on Interface GigabitEthernet0/0.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0. changed state to up 000040: *Nov 13 15:20:40.indb 214 3/12/14 7:51 AM . one of the more common messages you have seen is the interface “up” and “up” message. ■ Gathers logging information for monitoring and troubleshooting ■ Can be configured to select the type of logging information that is captured ■ Can be configured to send captured syslog messages to a destination IP address List the four destinations these messages can be sent to. changed state to up In Table 17-1. The SNMP manager can collect instructor. Chapter 17: Monitoring the Network 215 What are the two different methods to make sure the timestamp is accurate? Manually set the date and time using the clock command. Since then.10.10. 1066.10 RTA(config)# logging trap 5 RTA(config)# logging source interface g0/0 What command will display the messages logged to RAM? RTA# show logging Lab .1. Configure the router to get its date and time from an NTP server using the ntp server ip-address command. SNMP has undergone several revisions.10. The SNMP manager is part of a network management system (NMS).10.10 RTA# configure terminal RTA(config)# logging console RTA(config)# logging buffer RTA(config)# logging 10.5) Packet Tracer Activity SNMP SNMP began with a series of three RFCs back in 1988 (1065.2. Figure 17-1 Syslog Configuration Topology G0/0 Syslog RTA Server 10. and 1067). record the commands including the router prompt to configure the logging service on RTA with the following requirements: ■ All logging messages should be sent to the console and to the buffer as well as the syslog server.indb 215 3/12/14 7:51 AM .Configuring Syslog and NTP (CN 8. ■ Only log messages with severity 5 or lower.1. SNMP Operation SNMP is an application layer protocol that provides a standardized way of communicating information between SNMP agents and SNMP managers using UDP port 162.6) Packet Tracer .10.Configuring Syslog and NTP (CN 8. The SNMP name is derived from RFC 1067.10. A Simple Network Management Protocol.1 10.2. ■ The source interface for logged messages should always be the G0/0 interface. Configuring Syslog Using the topology and addressing shown in Figure 17-1. The MIB defines a variable using a MIB object ID. set-request Stores a value in a specific variable. instructor. get-next-request Retrieves a value from a variable within a table. indicate whether the SNMP characteristic applies to SNMPv2c. or both. trap An unsolicited message sent by an SNMP agent to an SNMP manager when some event has occurred. SNMPv3. All versions of SNMP use SNMP managers. In Table 17-2. alter. The SNMP manager does not need to know the exact variable name. Label Figure 17-2 with the most common public variables. Agents can also be configured to forward directly to the NMS using “trap” messages. agents. and MIBs. Cisco IOS supports all three versions. These IDs are derived hierarchically using the scheme shown in Figure 17-2. In Table 17-3. such as multiple rows in a table. They are easy to intercept. Although SNMPv1 is legacy. Each agent stores data about the device in the Management Information Base (MIB) locally so that it is ready to respond to these messages from the NMS.indb 216 3/12/14 7:51 AM . get-response Replies to messages sent by an NMS. a sequential search is per- formed to find the needed variable from within a table. get-bulk-request Retrieves large blocks of data. you will most likely encounter SNMPv3 or SNMPv2c. In today’s networks. access to the MIB is controlled through the use of two types of community strings: ■ Read-only(ro): Access to MIB variables but no changes allowed ■ Read-write(rw): Access and manipulation of MIB variables allowed Why is this type of access no longer considered best practice? Community strings are sent in plain text across the network. and resend. Table 17-2 SNMP Message Type Operation Description get-request Retrieves a value from a specific variable. only works with SNMPv2 or later. 216 CCNA Routing and Switching Practice and Study Guide information from agents using “get” messages. Table 17-3 Comparing SNMPv2c and SNMPv3 Characteristic SNMPv2c SNMPv3 Both Used for interoperability and includes message integrity X Provides services for security models X Uses community-based forms of security X Includes expanded error codes with types X Provides services for both security models and security levels X Authenticates the source of management messages X Cannot provide encrypted management messages X Supported by Cisco IOS software X In SNMPv1 and SNMPv2c. indicate the SNMP message type for each of the descriptions provided. read. org (3). cisco flash group (10). cisco flash group (10). enterprises (1). instructor. local variables (2). Management Information Base Object ID Scheme (answer) iso (1). cisco mgmt (9). interface group (2). internet (1).indb 217 3/12/14 7:51 AM . cisco (9). private (4). local variables (2). cisco mgmt (9). dod (6). Chapter 17: Monitoring the Network 217 Figure 17-2 Management Information Base Object ID Scheme cisco (9). interface group (2). Record the commands to configure SNMPv2 on RTA with the following requirements: ■ Use an ACL to allow NMS read-only access to the router using community string NMS_eyesonly.10.10 Traps RTA(config)# ip access-list standard SNMP RTA(config-std-nacl)# permit 10.10.2. 218 CCNA Routing and Switching Practice and Study Guide Lab .10.10 version 2c NMS_eyesonly RTA(config)# snmp-server enable traps Record the commands that generate the SNMP verification output for RTA shown in Example 17-2. ■ Specify that 10.indb 218 3/12/14 7:51 AM .10 RTA(config-std-nacl)# exit RTA(config)# snmp-server community NMS_eyesonly ro SNMP RTA(config)# snmp-server location Aloha_Net RTA(config)# snmp-server contact Bob Metcalfe RTA(config)# snmp-server host 10.10 is the recipient of traps and explicitly configure the router to send traps.10.Researching Network Monitoring Software (CN 8. Example 17-2 SNMP Verification Commands RTA# show snmp Chassis: FTX163283RZ Contact: Bob Metcalfe Location: Aloha_Net 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables instructor.8) Configuring SNMP In Figure 17-3.1.10.10.10.1 10.10. RTA is an SNMP agent and NMS is an SNMP manager.10.10. ■ Location is Aloha_Net and the contact is Bob Metcalfe. Figure 17-3 SNMP Configuration Topology Gets G0/0 NMS RTA 10. 10.indb 219 3/12/14 7:51 AM .162. 0 dropped.10. owners of networks were looking for a tool to measure TCP/IP flows. instructor. 0/10. 0 sent.10. 0 dropped SNMP Engine: queue 0/1000 (current/max). which quickly gained popularity in the marketplace. Cisco engi- neers developed NetFlow. So. 0 dropped SNMP logging: enabled Logging to 10. Chapter 17: Monitoring the Network 219 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 Input queue packet drops (Maximum queue size 1000) 0 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP Dispatcher: queue 0/75 (current/max). RTA# show snmp community Community name: ILMI Community Index: cisco0 Community SecurityName: ILMI storage-type: read-only active Community name: NMS_eyesonly Community Index: cisco1 Community SecurityName: NMS_eyesonly storage-type: nonvolatile active access-list: SNMP Community name: NMS_eyesonly@1 Community Index: cisco2 Community SecurityName: NMS_eyesonly@1 storage-type: nonvolatile active access-list: SNMP NetFlow Although syslog and SNMP are powerful tools for collecting information about networking devices. Collects IP data to record who used network resources and for what pur.indb 220 3/12/14 7:51 AM . Verify NetFlow is operational. CPU usage. Configure where to send NetFlow data. destination port number. Access to the MIB is controlled through community string settings. Briefly describe four reasons to use NetFlow. ■ Measuring who is using what network resources for what purpose ■ Accounting and charging back according to the resource utilization level ■ Using the measured information to do more effective network planning so that resource allocation and deployment is well aligned with customer requirements ■ Using the information to better structure and customize the set of available applications and services to meet user needs and customer service requirements NetFlow is not a replacement for SNMP. X pose those resources were used. ToS marking. Configure NetFlow to capture inbound and outbound packets. indicate whether the characteristic describes SNMP or NetFlow. X A Management Information Base (MIB) is used to record network moni. Both have their purposes in network monitoring. Define a TCP/IP flow. and memory usage are not recorded. complete the following steps: Step 1. In Table 17-4. Table 17-4 Comparing SNMP and NetFlow Characteristics SNMP NetFlow Agents can send traps to a network management system when defined X events occur. Layer 3 protocol type. A flow is a unidirectional stream of packets between a source and a destination. X tored events. 220 CCNA Routing and Switching Practice and Study Guide NetFlow Operation What is the latest version of NetFlow called? Flexible NetFlow What improvements does it make over the original version? Flexible NetFlow adds the capability to customize the traffic analysis parameters for the specific requirements of a network administrator. What fields in a packet are used to determine that the packet is from a different flow? Source IP address. and input logical interface Configuring NetFlow To implement NetFlow on a router. Interface errors. Step 3. X An external server (collector) is used to record IP network monitored X cache changes. destination IP address. Step 2. source port number. instructor. 000 .10.000 .000 .000 . Chapter 17: Monitoring the Network 221 Using Figure 17-4 as a reference.10.000 .000 .000 . 4095 inactive.10 RTA(config)# interface g0/0 RTA(config-if)# ip flow ingress RTA(config-if)# ip flow egress RTA(config-if)# exit RTA(config)# ip flow-export destination 10.000 .998 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .1 10.000 .10 2055 RTA(config)# ip flow-export version 9 Record the commands that generated the NetFlow verification output on RTA shown in Example 17-3. 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache.10. record the commands configure RTA to capture and send NetFlow data from interface G0/0 to the collector using Version 9.000 . 34056 bytes 1 active.000 . 32 added 728 ager polls.000 IP Flow Switching Cache. 0 force free 1 chunk.10.000 .000 .000 .000 .10.000 .000 .000 .000 .000 .indb 221 3/12/14 7:51 AM . Example 17-3 NetFlow Verification RTA# show ip flow interface GigabitEthernet0/0 ip flow ingress ip flow egress RTA# show ip cache flow IP packet size distribution (132959 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 . 1 chunk added last clearing of statistics never instructor. 1023 inactive. 28 added. 28 added to flow 0 alloc failures.10.000 . 278544 bytes 1 active.000 . Figure 17-4 NetFlow Configuration Topology NetFlow Collector G0/0 RTA 10.000 . 10 (2055) Version 9 flow records 63 flows exported in 29 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures Lab .5 15.10.0 Total: 31 0.5 ICMP 18 0.2 SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Gi0/0 10.3) instructor.indb 222 3/12/14 7:51 AM .4 17.10.0 0. 222 CCNA Routing and Switching Practice and Study Guide Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------.3.6 15.4 7.0 10225 32 37.10. Flows /Sec /Flow /Pkt /Sec /Flow /Flow UDP-other 13 0.Collecting and Analyzing NetFlow Data (CN 8.10 Local 10.1 15.10.10.3.0 4288 32 37.10.0 1 181 0.1 01 0000 0303 1 RTA# show ip flow export Flow export v9 is enabled for main cache Export source and destination details : VRF ID : Default Destination(1) 10. indb 223 3/12/14 7:51 AM . general troubleshooting methods. Users of the network do unexpected things. instructor. and tools. So. This chapter reviews network documentation. networks would never fail. CHAPTER 18 Troubleshooting the Network In an ideal world. But mechanical failures happen. issues will arise that require a network administrator’s effective troubleshooting skills—one of the most sought after skills in IT. With documentation in hand. floor. instructor. rack. Device name (purpose) Operating system and version MAC addresses IPv4 and IPv6 addresses Subnet mask and prefix length Default gateway. 224 CCNA Routing and Switching Practice and Study Guide Troubleshooting with a Systematic Approach Documentation is the starting point and is a crucial factor in the success of any troubleshoot- ing effort. and WINS server addresses Any high-bandwidth network applications that the end system runs In Table 18-1. and implement a solution. Type of device. Configuration files Physical and logical topology diagrams Baseline performance measurements List at least four pieces of information that could be included in a network device’s configura- tion documentation. DNS server. model designation IOS image name Device network hostname Location of the device (building. room. panel) Module types and in which module slot they are located Data link layer addresses Network layer addresses List at least four pieces of information that could be included in an end system’s configuration documentation. a network administrator can choose a troubleshooting method. isolate the problem.indb 224 3/12/14 7:51 AM . indicate whether the feature is part of a physical topology document or logical topology document. Network Documentation List three types of documentation a network administrator should have to effectively trouble- shoot issues. “Monitoring the Network. What is the minimum duration for capturing data to establish a baseline? 7 days When is the best time to establish a baseline of network performance? During the hours when the network is used the most In Table 18-2.” the purpose of network monitoring is to watch network performance in comparison to a predetermined baseline. Chapter 18: Troubleshooting the Network 225 Table 18-1 Physical and Logical Topology Features Feature Physical Topology Logical Topology WAN technologies used X Interface identifiers X Connector type X Device identifiers or names X Cable specification X Operating system version X Cabling endpoints X Device type X Data-link protocols X DLCI for virtual circuits X Site-to-site VPNs X Static routes X Cable type and identifier X Routing protocols X Connection type X IP address and prefix lengths X Model and manufacturer X As you learned in Chapter 17. Table 18-2 Benefits of Establishing a Network Baseline Statements Benefit Not a Benefit Enable fast transport services between campuses X Investigate if the network can meet the identified policies and use X requirements Combine two hierarchical design layers X Locate areas of the network that are most heavily used X Identify the parts of the network that are least used X Identify where the most errors occur X Establish the traffic patterns and loads for a normal or average day X instructor. indicate which statements describe benefits of establishing a network baseline.indb 225 3/12/14 7:51 AM . Summarized table of the up/down status of all d. show version e. Summary of the NetFlow accounting statistics b. Detailed settings and status for device inter. show ip interface brief faces h. Information Gathered Command a. a. Contents of the address resolution table e. show ip cache flow device interfaces g. show ip route b. Summary of VLANs and access ports on a switch h. Contents of the routing table c. it is often necessary to gather information directly from routers and switches using a variety of show commands. Current configuration of the device instructor. show running-config d. show arp ware and hardware g. f. Uptime and information about device soft. 226 CCNA Routing and Switching Practice and Study Guide When documenting the network.indb 226 3/12/14 7:51 AM . show vlan c. show interface f. Match the information gathered on the left with the show command on the right. Figure 18-1 Major Troubleshooting Stages Stage 1: Stage 2: Stage 3: No Yes Problem Fixed? If it did not fix the problem or if it created another problem.Troubleshooting Challenge .1. label the four major stages in the troubleshooting process. Chapter 18: Troubleshooting the Network 227 Packet Tracer Packet Tracer . corrective action and start again. instructor.8) Activity Troubleshooting Process and Methodologies All troubleshooting methodologies have four stages they share in common: three stages to find and solve the problem and a final important stage after the problem is resolved.indb 227 3/12/14 7:51 AM . In Figure 18-1.1. undo Stage 4: corrective action and start again.Documenting the Network (CN 9. Figure 18-1a Major Troubleshooting Stages (answer) Stage 1: Gather Symptoms Stage 2: Isolate the Problem Stage 3: Implement Corrective Action No Yes Problem Fixed? If it did not fix the problem or if it Stage 4: Document solution and created another problem. undo save changes. Gather symptoms from suspect devices Step 5. Gather information Step 2. Stage 4 is indeed the final and arguably most important stage. Narrow the scope Step 4. that is most likely an oversight. However. 228 CCNA Routing and Switching Practice and Study Guide Note: The Academy curriculum does not label the last stage as Stage 4. Document symptoms instructor. The gathering symptoms stage can be broken into five steps: Step 1.indb 228 3/12/14 7:51 AM . Determine ownership Step 3. traceroute networks a. show ipv6 interface brief c. ping e. Displays a summary status of all the IP h. Displays the IP version 6 routing table f. Connects remotely to a device by IP address c. Sends an echo request to an address and waits for a reply h. show protocols d. debug ? b. show ipv6 route or URL g.indb 229 3/12/14 7:51 AM . Chapter 18: Troubleshooting the Network 229 In Step 1. In the following activity. show running-config Version 6 interfaces on a device e. telnet f. Information Gathered Testing Command a. Offers a list of options for real-time diagnos- tics d. match the information gathered with the testing command. you will most likely use a variety of commands to progress through the process of gathering symp- toms. Shows global and interface specific status of Layer 3 protocols g. Shows the path a packet takes through the b. Shows the current configuration of the device instructor. X bleshooting guess to inves- tigate a possible cause Used for problems that X likely involve software settings Compare a working and X nonworking situation while looking for the sig- nificant differences Use when suspected prob. 230 CCNA Routing and Switching Practice and Study Guide In Table 18-3. Table 18-3 Troubleshooting Methodologies Statements Bottom Top Divide Shoot from Spot the Move the Up Down Conquer the Hip Difference Problem Disadvantage is it requires X you to check every device and interface Begins at the OSI applica. identify the troubleshooting methodology described by each statement. The section reviews some of the tools used in today’s networks and some specific troubleshooting symptoms at various OSI layers. X lem is cabling or device failure Begins at the OSI physical X layer Swap the problematic X device with a known- working device Start with an informed X guess for which OSI layer to begin troubleshooting Disadvantage is it requires X you to check every net- work application Network Troubleshooting Effective troubleshooting requires good tools and systematic approaches. instructor.indb 230 3/12/14 7:51 AM . X tion layer Use an experienced trou. Network Analysis Module e. draw network diagrams. Tests and certifies copper and fiber cables for different services and standards via a handheld device instructor. Powerful troubleshooting and tracing tool that provides traffic tracking as it flows through a router g. configura- tion. Cable analyzer c. crossed wiring. Host-based protocol analyzer mation e. a. Tools that document tasks. Discovers VLAN configuration.indb 231 3/12/14 7:51 AM . h. Cisco IOS Embedded Packet Capture d. Knowledge Base and resistance g. average and b. Online repositories of experience-based infor. and establish network performance i. Match the description on the left with the tool on the right. Measures electrical values of voltage. Tests data communication cabling for broken d. Description Software and Hardware Tools a. Digital multimeter wires. Chapter 18: Troubleshooting the Network 231 Troubleshooting Tools A wide variety of software and hardware tools is available to make troubleshooting easier. Analyzes network traffic. and fault management j. Cable tester b. You can use these tools to gather and analyze symptoms of network problems. Provides a graphical representation of traffic from local and remote switches and routers h. Baseline establishment tool device j. Portable network analyzer peak bandwidth utilization using a portable c. Includes device-level monitoring. specifically source and destination frames i. and shorted connec- tions f. current. Network Management System Tool statistics f. X Knowing which command to use to gather the necessary information for troubleshooting is crucial to effectively and efficiently resolving problems. A VPN connection is not working correctly across a NAT X boundary. 6. X The show processes cpu command displays usage way X beyond the baseline. X The DNS server is not configured with the correct A X records. and 7 A computer is configured with the wrong default gateway. instructor. STP loops and route flapping are generating a broadcast X storm. Table 18-4 Isolating the OSI Layer Where an Issue Resides Network Problems and Issues OSI Layers 1 2 3 4 5. one side is using the default Cisco encapsula. In Table 18-4. A cable was damaged during a recent equipment install. X SSH error messages display unknown/untrusted certificates. On a PPP link. 232 CCNA Routing and Switching Practice and Study Guide Network Troubleshooting and IP Connectivity A network administrator should be able to quickly isolate the OSI layer where an issue is most likely located. A static route is sending packets to the wrong router. indicate the most likely layer associated with each issue. X The routing table is missing routes and has unknown X networks listed.indb 232 3/12/14 7:51 AM . X tion. X ACLs are misconfigured and blocking all web traffic. All the commands you have mastered over the course of your CCNA studies are part of your troubleshooting toolkit. Traffic is congested on a low capacity link and frames are X lost. SNMP messages are unable to traverse NAT. This next exer- cise only highlights a few. Can be used to verify the transport layer f. Displays the known MAC addresses on a switch g. Displays input and output queue drops h. Clears the MAC to IP address table on a PC d. Displays the MAC to IP address table for other a. Command Output Command a. Displays all known destinations on a Windows e. show interfaces f. Displays the IP addressing information on a Windows PC instructor. Chapter 18: Troubleshooting the Network 233 Match the command output on the left with the command on the right. arp -d e. show ipv6 route router c.indb 233 3/12/14 7:51 AM . route print IPv6 devices g. Displays all known IPv6 destinations on a b. telnet c. show ipv6 neighbors PC h. ipconfig b. show mac address-table d. Troubleshooting Enterprise Networks 1 (CN 9.1.Using Documentation to Solve Issues (CN 9.2. 234 CCNA Routing and Switching Practice and Study Guide Note: No book or study guide will effectively teach you how to troubleshoot networks. For those readers with access to the Academy curriculum.15) Packet Tracer .3.3.Troubleshooting Enterprise Networks 2 (CN 9.2. Packet Tracer Packet Tracer .2.2. There is no doubt that you will be asked to trouble- shoot several issues on the CCNA exam. To get proficient at it.13) Packet Tracer .CCNA Skills Integration Challenge (CN 9. You might be surprised how fun and rewarding it can be.3.14) Packet Tracer .Troubleshooting Enterprise Networks 3 (CN 9.indb 234 3/12/14 7:51 AM .2) instructor.Troubleshooting Challenge . you must practice troubleshooting on lab equipment and simulators.3. the Packet Tracer activities in this chapter are great resources for just such practice sessions with your team. But you also know enough now that you can create your own troubleshooting scenarios to try out on each other. This practice works best with a partner or a team because (1) you can collaborate together to resolve issues and (2) you can swap roles.3.12) Activity Packet Tracer . practice as much as you can now in preparation for the test. taking turns breaking the network while the other person or team resolves the issue. So. indb 235 3/12/14 7:51 AM .instructor. instructor.indb 236 3/12/14 7:51 AM .