What do you learn in CCNA

Subnetting

Subnetting divides an IP address into two parts, namely network address and host address.
Then, using the subnet mask technique, you can further divide the divided address into units
and assign them to various devices in a network.

There are two types of Subnets

1. FLSM (Fixed Length Subnet Mask)

2. VLSM (Variable Length Subnet Mask)

FLSM Subnet Mask

Any part of a mask that is not hidden (part of the network mask) can be divided. The process
will always be to divide 256 into a smaller number using a number that is a power of 2, such
as 2, 4, 8, 16, etc

The first step is to create the masks: the mask table starts from the bottom and goes to the
top. 254 is the largest possible mask, so it will be the last entry in our mask table. All the
remaining masks will be less than 254.

Now divide 256 by powers of 2 to create the subnets from the top down.
Once the number of subnets have been calculated, the number of hosts per subnet it the
next step. Hosts are inserted in the table from the top down.

256/1 = 256
256/2 = 128
256/4 = 64
256/8 = 32
256/16 = 16
256/32 = 8
256/64 = 4
256/128 = 2

Always remember that the actual number of hosts is 2 less that the calculated number
shown above- hence the (n-2) notation. That is because the first host address on a subnet is
the subnet “name” or identifier, and the last host address on a subnet is the broadcast
address. Subnets will always start on an even numbered boundary, and end on an odd
numbered boundary.

192.168.10.0/24 Subnetting

BitValues 1 2 3 4 5 6 7 8
Hosts-2n-2 126 62 30 14 6 2 1 0
Subnets 2 4 8 16 32 64 128 254
Masks 128 192 224 240 248 252 254 256
CIDR /25 /26 /27 /28 /29 /30 /31 /32
Supernetting

Change in 3rd ocatate

Convert 4th ocatate to Binary

First 4 bits not changed and the last 4 bits are diffrent

Convert all different bits to 0

 1+2+3 ocatate for /20

1. Discuss the layered approach in internetworking and its advantages

2. Describe the OSI model and its layers and Describe the functionalities of each layer of the
OSI model

OSI (Open system Interconnect) is a 7 layers reference model which shows how the data
flows from one computer to another computer. Every layer in OSI has specific task to
perform to do the data transfers from one computer to another computer. ISO

1. Application
2. Presentation Host
3. Session
4. Transport
5. Network
6. Data Link Network
7. Physical

Host layer handles software related issues and software applications works with Application
layer and Network layer handles transport related issues data link layer and physical layer
handle information about software and hardware. Physical layer mainly place information
on physical medium.

1. Physical Layer Functions

Activating and deactivating the physical connections with systems.
Transferring data from one computer to another.
It decides the transfer modes simplex or half-duplex or full-duplex
2. Data Link Layer Functions
Sub Layers: Data Link control layer
Media Access control layer
Identifying the destination network device for data transfer
Framing of received information such as source and destination addresses is handled
Flow control smooth data transfer from source to destination so that data won’t get
corrupted
Routing and forwarding packets.
3. Network Layer Functions
Tracks the location of the device and finds the suitable path for data transfer from
source to destination.
Internetworking and creating logical connection source to destination
Data packet divided in smaller parts using IP for the transfer
4. Transport Layer Functions
Data packet Converted in smaller parts called segments and sequenced in numbers for
the transfer
Provides end to end connection source to destination and stops the duplication of data
Uses TCP and UDP protocols for connection and transmission.
5. Session Layer Functions
Create session before data transfer if any error the transmission starts from check point
it’s known to be Synchronization.
6. Presentation Layer Functions
It compress and decompress, encrypt the decrypt the data
 Encoding methods used while transferring data from source to destination
7. Application Layer Functions
Provide network services helps to access file transfer, management on remote
computers, Mail services, and Directory services.

3. Explain the TCP/IP protocol suite and Compare the OSI and TCP/IP models

TCP/IP was developed before OSI model TCP/IP have 4 Layers

1. Application Layer (OSI – Application – Presentation – Session)

2. Transport (OSI – Transport)
3. Internet (OSI – Network)
4. Network Access (OSI – Data Link – Physical)

OSI Model TCP/IP Model

This model is based on a vertical This model is based on a horizontal
approach. approach.

In this model, the session and In this model, the session and
presentation layers are separated, i.e., presentation layer are not different
both the layers are different. layers. Both layers are included in the
application layer.
In this model, the network layer provides The network layer provides only
both connection-oriented and connectionless service.
connectionless service.
Protocols in the OSI model are hidden In this model, the protocol cannot be
and can be easily replaced when the easily replaced.
technology changes.
It consists of 7 layers. It consists of 4 layers.

4. Identify the protocols used by each layer in the TCP/IP protocol suite

1. Describe hardware addressing

2. Explain framing in Ethernet
3. Describe the original ad expanded Ethernet standards
4. Compare the different types of cables
5. Identify different networking devices.

Static Routing

If you have two networks with two routers in the network in this case router have a capability to
understand the network with its own network interfaces. On another router network interface need
to add the manual route or configure protocol to have both the networks connected. If you manually
add the route to the routing table the route is known as static route

There are 4 types of Static routes

1. Static Network Route

2. Static Host Route
3. Fix Static Route
4. Floating Static Route
Router 1 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R1
R1(config)#int
R1(config)#interface f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to
up

R1(config)#int
R1(config)#interface fa0/1
R1(config-if)#ip add 11.0.0.1 255.255.255.0
R1(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

R1(config)#ip route 192.168.2.0 255.255.255.0 11.0.0.2

R1(config)#exit
R1#
%SYS-5-CONFIG_I: Configured from console by console

Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#in
Router(config)#interface fa0/0
Router(config-if)#ip add 192.168.2.1 255.255.255.0
Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 11.0.0.2 255.255.255.0
Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config)#ip route 192.168.1.0 255.255.255.0 11.0.0.1

Router(config)#exit
Static Route Configuration

Router 1 Configuration

Router(config-if)#exit
Router(config)#ip route 192.168.2.0 255.255.255.0 11.0.0.2
Router(config)#ip route 192.168.3.0 255.255.255.0 10.0.0.2
Router(config)#ip route 192.168.2.0 255.255.255.0 10.0.0.1
Router(config)#

Router 2 Configuration

Router(config)#ip route 192.168.1.0 255.255.255.0 11.0.0.1

Router(config)#ip route 192.168.3.0 255.255.255.0 10.0.0.2

Router 3 Configuration
Router(config)#ip route 192.168.2.0 255.255.255.0 10.0.0.1
Router(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1
Router(config)#ip route 11.0.0.2 255.255.255.0 10.0.0.1
IGP and EGP

IGP (Interior Gateway Protocol) exchanges the information within the same Autonomous System
(AS) in the network and EGP exchanges the information with different autonomous systems in the
network.

RPV1 IGRP OSPF EIGRP RIPv2 are IGP protocols

BGP (Border Gateway Protocol) is the only protocol used to connect different autonomous systems
in the network and will be used as Exterior Gateway Protocol.

RIP Routing

RIP protocol uses the method of distance vector routing and learns all the neighbour networks
router information using broadcasting. Routers configured using RIP protocol broadcast configured
networks from all the ports and routers update their routing tables from these broadcasts. RIP
multicast address is 224.0.0.9 for IPv4 and FF02::9 is for IPv6.
Router 1 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R1
R1(config)#int
R1(config)#interface fa0/0
R1(config-if)#ip add 192.168.10.1 255.255.255.0
R1(config-if)#exit
R1(config)#interface FastEthernet0/0
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

R1(config-if)#int
R1(config-if)#exit
R1(config)#int
R1(config)#interface fa0/1
R1(config-if)#ip add 10.0.0.1 255.0.0.0
R1(config-if)#no shut

R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

R1(config-if)#route rip
R1(config-router)#network 192.168.10.0
R1(config-router)#network 10.0.0.0
R1(config-router)#

Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R2
Router(config)#int fa0/0
R2(config-if)#ip add 192.168.20.1 255.255.255.0
R2(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

R2(config)#int
R2(config)#interface fa0/1
R2(config-if)#ip add 10.0.0.2 255.0.0.0
R2(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

R2(config)#router rip
R2(config-router)#network 192.168.20.0
R2(config-router)#network 10.0.0.0
R2(config-router)#

Differences RIPv1 and RIP v2

RIPv1 RIPv2
RIPv1 Classful routing Protocol RIPv2 Classless routing Protocol
Routing table updates send without Routing table updates with Subnetmask
subnetmask
It does not support VLSM It support VLSM and CIDR
It sends updates broadcast to address It send updates to multicast address
255.255.255.255 224.0.0.9
There is no route authentication It supports MD5 authentication

EIGRP Routing

EIGRP is CISCO propriety routing protocol which automatically add routing information of neighbour
routers. When EIGRP router joins network sends Hello to all the EIGRP routers and the neighbour
EIGRP router checks the router information once checks pass the router accepts the other EIGRP
router. The hello packets and updates are sent using multicast transmission to a multicast address
of FF02::A. For IPv4 the multicast address was 224.0.0.10.
Router 1 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config-if)#host R1
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 192.168.0.1
Router(config-if)#ip add 192.168.0.1 255.255.255.0
Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 10.0.0.1 255.0.0.0
Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

R1(config)#route eigrp 10
R1(config-router)#network 192.168.0.0
R1(config-router)#network 10.0.0.0
%DUAL-5-NBRCHANGE: IP-EIGRP 10: Neighbor 10.0.0.2 (FastEthernet0/1) is up: new
adjacency

Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R2
R2(config)#int
R2(config)#interface fa0/0
R2(config-if)#ip add 172.168.0.1 255.255.255.0
R2(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

R2(config)#int
R2(config)#interface fa0/1
R2(config-if)#ip add 10.0.0.2 255.0.0.0
R2(config-if)#no shut

R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

R2(config-if)#router eigrp 10
R2(config-router)#network 172.168.0.0
R2(config-router)#network 10.0.0.0
R2(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 10: Neighbour 10.0.0.1 (FastEthernet0/1) is up: new
adjacency

OSPF (Open shortest path first) is Link state protocol uses SPF algorithm to find shortest path and
supports unlimited hop counts. EIGRP protocol supports only CISCO routers and OSPF supports
CISCO and 3rd party routers. OSPF is used in Enterprise large networks setting OSPF is more difficult
while we set up RIP or EIGRP In networks. OSPF is Open Standard Protocol and provide flexibility if
remove existing or adding new routers. OSPF is a complex protocol and need more memory to store
SPF information and uses processor speed more compare to other protocols. OSPF uses multicast
address 224.0.0.5 for normal communication and 224.0.0.6 for update to designated router (DR)
/Backup Designated Router (BDR).

Area border router (ABR) A router that connects one or more areas to the OSPF backbone.
Autonomous system border router (ASBR) A router that is connected to one or more logical entities
(AS), usually through an exterior routing protocol such as BGP.

There are 8 types of LSA (Link State Advertisements) In OSPF.

1 Type LSA – Router LSA (Type 1) is the LSA type used in standard areas. The aim of this LSA type is
giving information about the router. This LSA includes information like Router ID, Router interfaces,
neighbours, IP addresses and cost. Router LSA cannot pass ABR, so it cannot reach to the other
areas.

2 Type LSA – Network LSA: Network LSAs are generated by the DR. The link-state ID will be the
interface IP address of the DR.

3 Type LSA - The Summary (Type 3) LSA is used for advertising prefixes learned from the Type 1 and
Type 2 LSAs into a different area.

Type 4 LSA – Summery ASBR LSA is an LSA that instructs the rest of the OSPF domain how to get to
the ASBR so that other routes in the OSPF domain can route to external prefixes redistributed into
OSPF by the ASBR. If we have no way to reach the actual ASBR that redistributed the route, we
obviously can't reach the external route.

5 Type LSA – AS External LSA OSPF creates 5 Type LSA OSPF creates a type 5 LSA for a subnet that is
injected into OSPF from an external source. To inject the route, the autonomous System Border
Router (ASBR), which is by definition a router that connects to a non-OSPF routing domain, uses the
redistribute command.

6 Type LSA – Multicast OSPF LSAs are Group-Membership-LSAs used to identify multicast group
membership in the Multicast Open Shortest Path First (MOSPF) protocol. Type 6 LSAs are not
supported on the switch.

7 Type LSA – NSSA External LSA Type 7 LSAs are generated by ASBRs. These LSAs describe routes
within a not-so-stubby-area (NSSA). Type 7 LSAs can be summarized and converted into Type 5 LSAs
by the ABRs for transmission into other OSPF areas.

8 Type LSA – A Type 8 External-Attributes-LSA for BGP is used to give information about link-local
addresses and a list of IPv6 addresses on the link. In OSPFv2, the Type 8 was originally intended to be
used as a so-called External-Attributes-LSA for transit autonomous systems where OSPFv2 could
replace the internal Border Gateway Protocol (iBGP).

OSPF Virtual Link

OSPF virtual links allow you to create a logical connection between two non-contiguous areas,
essentially creating a tunnel through the backbone area. One possible scenario where an OSPF
virtual link may be necessary is when there is a partitioned backbone area within a network.
OSPF uses areas concept to optimize network traffic and simplify administration there two types In
OSPF Areas

1. OSPF Single Area

2. OSPF Multiple Area

Both areas multicast traffic to send its routing updates and acknowledgements, with a multicast
address of FF02::5 for OSPF routers and FF02::6 for OSPF- designated routers. These addresses are a
replacement of 224.0.0.5 and 224.0.0.6 respectfully as used in IPv4.

OSPF single Area uses only one area usually Area 0 and useful in smaller networks.

OSPF Multiple Area implemented using two layer hierarchy and all areas must connect from area 0
useful is larger area networks.
Router 1 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#ip add 10.0.0.1 255.0.0.0
Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config)#int fa0/1
Router(config-if)#ip add 20.0.0.1 255.0.0.0
Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up

Router(config-if)#route ospf 1
Router(config-router)#network 10.0.0.0 0.255.255.255 area 0
Router(config-router)#network 20.0.0.0 0.255.255.255 area 0
Router(config-router)#
00:08:41: %OSPF-5-ADJCHG: Process 1, Nbr 20.0.0.2 on FastEthernet0/1 from LOADING
to FULL, Loading Done

Router(config-router)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#show ip route ospf

O 30.0.0.0 [110/2] via 20.0.0.2, 00:04:04, FastEthernet0/1

Router#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

20.0.0.2 1 FULL/BDR 00:00:33 20.0.0.2 FastEthernet0/1
Router#
Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#ip add 30.0.0.1 255.0.0.0
Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int fa0/1
Router(config-if)#ip add 20.0.0.2 255.0.0.0
Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#route ospf 1
Router(config-router)#route ospf 2
Router(config-router)#network 20.0.0.0 0.255.255.255 area 0
Router(config-router)#network 30.0.0.0 0.255.255.255 area 0
00:08:41: %OSPF-5-ADJCHG: Process 2, Nbr 20.0.0.1 on FastEthernet0/1 from LOADING
to FULL, Loading Done

%SYS-5-CONFIG_I: Configured from console by console

Router#show ip route ospf

O 10.0.0.0 [110/2] via 20.0.0.1, 00:01:08, FastEthernet0/1

Router#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

20.0.0.1 1 FULL/DR 00:00:31 20.0.0.1 FastEthernet0/1
Router#
 OSPF Multi Area Routing

Router 1 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 192.168.0.1 255.255.255.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int fa0/1
Router(config-if)#ip add 192.168.1.1 255.255.255.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up

Router(config-if)#route ospf 1
Router(config-router)#network 192.168.0.0 0.0.0.255 area 0
Router(config-router)#network 192.168.1.0 0.0.0.255 area 0
Router(config-router)#
00:25:35: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.1 on FastEthernet0/1 from
LOADING to FULL, Loading Done

Router(config-router)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#show ip route ospf

O IA 192.168.2.0 [110/2] via 192.168.1.2, 00:02:50, FastEthernet0/1
O IA 192.168.3.0 [110/3] via 192.168.1.2, 00:01:34, FastEthernet0/1

Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#ip add 192.168.1.2 255.255.255.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int fa0/1
Router(config-if)#ip add 192.168.2.1 255.255.255.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up

Router(config-if)#route ospf 1
Router(config-router)#network 192.168.1.0 0.0.0.255 area 0
Router(config-router)#network 192.168.2.0 0.0.0.255 area 1
00:25:30: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on FastEthernet0/0 from
LOADING to FULL, Loading Done
1
Router(config-router)#
00:27:01: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.3.1 on FastEthernet0/1 from
LOADING to FULL, Loading Done

Router(config-router)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.1.1 1 FULL/DR 00:00:31 192.168.1.1 FastEthernet0/0
192.168.3.1 1 FULL/BDR 00:00:33 192.168.2.2 FastEthernet0/1
Router#

Router 3 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 192.168.2.2 255.255.255.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int fa0/1
Router(config-if)#ip add 192.168.3.1 255.255.255.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#
Router(config-if)#route ospf 1
Router(config-router)#network 192.168.2.0 0.0.0.255 area 1
Router(config-router)#network 192.168.3.0 0.0.0.255 area 1
Router(config-router)#
00:26:55: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.1 on FastEthernet0/0 from
LOADING to FULL, Loading Done

Router(config-router)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#show ip route ospf

O IA 192.168.0.0 [110/3] via 192.168.2.1, 00:02:01, FastEthernet0/0
O IA 192.168.1.0 [110/2] via 192.168.2.1, 00:02:01, FastEthernet0/0

Router#
#show ip ospf - List OSPF status

#show ip ospf interface -Displays OSPF information associated with all available interfaces.

R1#show ip ospf interface fastEthernet 0/0 - To show OSPF information associated a specific

Interface

#debug ip ospf events - Displays OPSF events

#show ip ospf neighbour - Shows OSPF neighbor network and its state (DR-BDR)

#show ip ospf neighbor detail - View all OSPF neighbor details

#clear ip ospf process - Resets full OSPF process, pushing OSPF to rebuild

neighbors, database, and routing table

#show ip ospf database - Displays OSPF database

#show ip protocols - To know which routing protocol is enabled in specific router

#show ip route - Shows the routing table of router

R1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#interface fastEthernet 0/0

R1(config-if)#ip ospf priority 255

R1(config-if)#exit

R2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

R2(config)#interface fastEthernet 0/0

R2(config-if)#ip ospf priority 254

R2(config-if)#exit
 3. Default Routing

Default route is used where we have not set any particular routing in routing table network allows
outbound rules to the destination with no restrictions.

Ipv4 default route 0.0.0.0 0.0.0.0

Ipv6 default route ::/0

Router 1 Configuration
Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to
up

Router(config-if)#exit
Router(config)#interface FastEthernet0/1
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.2

Router 2 Configuration
Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#interface FastEthernet0/1
Router(config-if)#ip address 192.168.10.2 255.255.255.0
Router(config-if)#ip address 192.168.10.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.1
Router(config)#
ACL (Access Control List) acts as a firewall where you can configure inbound and outbound
connections to network machines. There two types of access control lists.

1. Access control list – Standard is simple and check only source of the IP packet if the source is
configured to be allowed it provide the access. Numbers used to define ACL are 1-99 and
1300-1999

Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config-if)#host R1
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.100.1 255.255.255.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

R1(config-if)#exit
R1(config)#interface FastEthernet0/1
R1(config-if)#ip address 172.31.10.1 255.255.0.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up
R1(config)#access-list 1 deny 192.168.100.0 0.0.0.255
R1(config)#access-list 1 permit any
R1(config)#do sh access-list
Standard IP access list 1
10 deny 192.168.100.0 0.0.2.255
20 permit any

R1(config)#int fa0/0
R1(config-if)#ip access-group 1 in
R1(config-if)#do wr
Building configuration...
[OK]
R1(config)#access-list 1 permit host 192.168.100.10
R1(config)#access-list 1 deny any
R1(config)#do sh access-list
Standard IP access list 1
10 permit host 192.168.100.10
20 deny any
 2. Access control list – Extended is advanced compare to standard ACL as it checks source,
destination, port and protocol used to send the packet if the source is secure it allows the
traffic. Numbers used to define ACL are 100-199 and 2000-2699

Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#interface FastEthernet1/0
Router(config-if)#ip address 20.0.0.1 255.0.0.0
Router(config-if)#ip address 20.0.0.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to

up

Router(config-if)#exit
Router(config)#interface FastEthernet6/0
Router(config-if)#ip address 30.0.0.1 255.0.0.0
Router(config-if)#ip address 30.0.0.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet6/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet6/0, changed state to

up

Router(config-if)#exit
Router(config)#ip a
Router(config)#ip access-list ex
Router(config)#ip access-list extended excludemarketing
Router(config-ext-nacl)#permit tcp 10.0.0.0 0.255.255.255 host 30.0.0.0 eq 80
Router(config-ext-nacl)#permit tcp 10.0.0.0 0.255.255.255 host 30.0.0.0 eq 53
Router(config-ext-nacl)#deny ip 10.0.0.0 0.255.255.255 host 30.0.0.10
Router(config-ext-nacl)#permit ip 10.0.0.0 0.255.255.255 any
Router(config-ext-nacl)#exit
Router(config)#interface fa0/0
Router(config-if)#ip access-group excludemarketing in
Router(config-if)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#
 3. Network address Translation

NAT is used to convert local IP address to global IP addresses and Global to local IP address for
providing Internet access to the local host. NAT is configured using router or firewall. There are 3
types in NAT

1. Static NAT
2. Dynamic NAT
3. Port Address Translation (PAT)

Static NAT: Static NAT is used to Map single IP address to Global IP used for web hosting.

Router 1 Configuration
Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface GigabitEthernet0/0
Router(config-if)#ip address 10.10.10.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state

to up

Router(config-if)#exit
Router(config)#interface GigabitEthernet0/1
Router(config-if)#ip address 11.10.10.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state

to up

Router(config-if)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 11.10.10.2
Router(config)#

Router 2 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface gig0/1
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#int
Router(config)#interface gig0/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip nat inside source static 10.10.10.2 3.3.3.3

Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console
Router#debug ip nat
IP NAT debugging is on
Router#
NAT: s=10.10.10.2->3.3.3.3, d=12.10.10.2 [29]

NAT*: s=12.10.10.2, d=3.3.3.3->10.10.10.2 [2]

4. Dynamic NAT

Multiple private IP addresses are mapped to group of global IP addresses it is used when group of
local or global hosts need internet access.

Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#interface FastEthernet0/1
Router(config-if)#ip address 200.0.0.1 255.255.255.0
Router(config-if)#ip address 200.0.0.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config)#interface FastEthernet0/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#int fa0/1
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255
Router(config)#ip nat pool mypool 155.21.21.10 155.21.21.15 netmask 255.255.0.0
Router(config)#ip nat inside source list 1 pool mypool
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#show ip nat translation

Pro Inside global Inside local Outside local Outside global

icmp 155.21.21.10:13 192.168.1.2:13 200.0.0.10:13 200.0.0.10:13
icmp 155.21.21.10:14 192.168.1.2:14 200.0.0.10:14 200.0.0.10:14
icmp 155.21.21.10:15 192.168.1.2:15 200.0.0.10:15 200.0.0.10:15
icmp 155.21.21.10:16 192.168.1.2:16 200.0.0.10:16 200.0.0.10:16

Router#

5. Port Address Translation

It is used to convert unlimited IP addresses in single global IP address identifying local IP addresses
different port number assigned for every IP address it is mapping with global IP address. It is cost
effective as unlimited users get internet access with single global IP address.
Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#interface FastEthernet0/1
Router(config-if)#ip address 200.0.0.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config)#interface fa0/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#interface fa0/1
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#access
Router(config)#access-list 1 permit 192.168.1.2 0.0.0.255
Router(config)#ip nat inside source list 1 interface fa0/1 overload
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#show ip nat translations

Pro Inside global Inside local Outside local Outside global
icmp 200.0.0.1:1 192.168.1.2:1 200.0.0.10:1 200.0.0.10:1
icmp 200.0.0.1:2 192.168.1.2:2 200.0.0.10:2 200.0.0.10:2
icmp 200.0.0.1:3 192.168.1.2:3 200.0.0.10:3 200.0.0.10:3
icmp 200.0.0.1:4 192.168.1.2:4 200.0.0.10:4 200.0.0.10:4
icmp 200.0.0.1:5 192.168.1.2:5 200.0.0.10:5 200.0.0.10:5
icmp 200.0.0.1:6 192.168.1.2:6 200.0.0.10:6 200.0.0.10:6
icmp 200.0.0.1:7 192.168.1.2:7 200.0.0.10:7 200.0.0.10:7
icmp 200.0.0.1:8 192.168.1.2:8 200.0.0.10:8 200.0.0.10:8

IPv6 RIPng
The primary features of RIPng are the same as they were in IPv4: It’s still a distance-
vector protocol, has a maximum hop count of 15 and uses split horizon, poison reverse and
other loop avoidance mechanisms.

Router 1 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config-if)#ipv6 unicast-routing
Router(config)#interface fa0/0
Router(config-if)#ipv6 add 2000::1/64
Router(config-if)#host R1
R1(config)#interface fa0/0
R1(config)#interface fa0/0
R1(config-if)#ipv6 rip 123 enable
R1(config-if)#exit
R1(config)#interface fa0/1
R1(config-if)#ipv6 add 2001::1/64
R1(config-if)#ipv6 rip 123 enable
R1(config-if)#no shut

R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

R1(config-if)#int
R1(config-if)#exit
R1(config)#int
R1(config)#interface fa0/0
R1(config-if)#ipv6 add 2000::1/64
R1(config-if)#ipv6 rip 123 enable
R1(config-if)#no shut

R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

R1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up

R1(config-if)#exit
R1(config)#exit
R1#
%SYS-5-CONFIG_I: Configured from console by console

Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ipv6 unicast-routing
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ipv6 add 2002::1/64
Router(config-if)#ipv6 rip 123 enable
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ipv6 add 2001::2/64
Router(config-if)#ipv6 rip 123 enable
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#

Check and Verify Router 1 Configuration

R1#show ipv6 rip database

RIP process "123" local RIB

2001::/64, metric 2
FastEthernet0/1/FE80::203:E4FF:FE74:D102, expires in 152 sec
2002::/64, metric 2, installed
FastEthernet0/1/FE80::203:E4FF:FE74:D102, expires in 152 sec

R1#show ipv6 route

IPv6 Routing Table - 6 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
C 2000::/64 [0/0]
via ::, FastEthernet0/0
L 2000::1/128 [0/0]
via ::, FastEthernet0/0
C 2001::/64 [0/0]
via ::, FastEthernet0/1
L 2001::1/128 [0/0]
via ::, FastEthernet0/1
R 2002::/64 [120/2]
via FE80::203:E4FF:FE74:D102, FastEthernet0/1
L FF00::/8 [0/0]
via ::, Null0

R1#show ipv6 protocol

IPv6 Routing Protocol is "connected"

IPv6 Routing Protocol is "static"
IPv6 Routing Protocol is "rip 123"
Interfaces:
FastEthernet0/0
FastEthernet0/1
Redistribution:
None

R1#

IPV6 EIGRP Routing

Router 1 Configuration
Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#
Router(config-if)#exit
Router(config)#interface FastEthernet0/1
Router(config-if)#exit
Router(config)#ipv6 unicast-routing
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ipv6 add 2000::1/64
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#ipv6 router eigrp 1

Router(config-rtr)#eigrp router-id 1.1.1.1
Router(config-rtr)#no shut
Router(config-rtr)#exit
Router(config)#interface fa0/1
Router(config-if)#ipv6 add 2001::1/64
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#ipv6 router eigrp 1

Router(config-rtr)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ipv6 eigrp 1
Router(config-if)#exit
Router(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up

%DUAL-5-NBRCHANGE: IPv6-EIGRP 1: Neighbor FE80::2D0:97FF:FE80:A902

(FastEthernet0/1) is up: new adjacency

Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ipv6 eigrp 1
Router(config-if)#exit
Router(config)#

Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ipv6 unicast-routing
Router(config)#interface fa0/0
Router(config-if)#ipv6 add 2002::1/64
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#ipv6 router eigrp 1

Router(config-rtr)#eigrp router-id 1.1.1.2
Router(config-rtr)#no shut
Router(config)#interface fa0/1
Router(config-if)#ipv6 add 2001::2/64
Router(config-if)#no
Router(config-rtr)#exit
shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#ipv6 eigrp 1
Router(config-if)#
%DUAL-5-NBRCHANGE: IPv6-EIGRP 1: Neighbor FE80::201:C7FF:FE66:E902
(FastEthernet0/1) is up: new adjacency

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ipv6 eigrp 1
Router(config-if)#

Check and Verify the Configuration R1 EIGRP

Router#show ipv6 protocol

IPv6 Routing Protocol is "connected"

IPv6 Routing Protocol is "static"
IPv6 Routing Protocol is "eigrp 1"
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Interfaces:
FastEthernet0/1
FastEthernet0/0
Redistributing: eigrp 1
Maximum path: 16
Distance: internal 90 external 170

Router#show ipv6 route

IPv6 Routing Table - 6 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
D 2000::/64 [90/30720]
via FE80::201:C7FF:FE66:E902, FastEthernet0/1
C 2001::/64 [0/0]
via ::, FastEthernet0/1
L 2001::2/128 [0/0]
via ::, FastEthernet0/1
C 2002::/64 [0/0]
via ::, FastEthernet0/0
L 2002::1/128 [0/0]
via ::, FastEthernet0/0
L FF00::/8 [0/0]
via ::, Null0

Router#show ipv6 eigrp topology

IPv6-EIGRP Topology Table for AS 1/ID(1.1.1.2)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - Reply status

P 2000::/64, 1 successors, FD is 30720

via FE80::201:C7FF:FE66:E902 (30720/28160), FastEthernet0/1
P 2001::/64, 1 successors, FD is 28160
via Connected, FastEthernet0/1
P 2002::/64, 1 successors, FD is 28160
via Connected, FastEthernet0/0
Router#show ipv6 eigrp traffic
IPv6-EIGRP Traffic Statistics for process 1
Hellos sent/received: 531/275
Updates sent/received: 4/3
Queries sent/received: 0/0
Replies sent/received: 0/0
Acks sent/received: 3/3
Input queue high water mark 1, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0

Router#show ipv6 eigrp neighbors

IPv6-EIGRP neighbors for process 1

H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 Link-local address: Fa0/1 14 00:21:30 40 1000 0 4
FE80::201:C7FF:FE66:E902

Router#

IPV6 OSPF Routing

Router 1 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R1
R1(config)#ipv6 unicast-routing
R1(config)#int
R1(config)#interface fa0/0
R1(config-if)#ipv6 add 2000::1/64
R1(config-if)#no shut

R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

R1(config-if)#int
R1(config-if)#exit
R1(config)#int
R1(config)#interface fa0/1
R1(config-if)#ipv6 add 2001::1/64
R1(config-if)#no shut

R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

R1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up

R1(config-if)#exit
R1(config)#ipv6 router ospf 1
%OSPFv3-4-NORTRID: OSPFv3 process 1 could not pick a router-id,please configure
manually
R1(config-rtr)#ipv6 router ospf 10
%OSPFv3-4-NORTRID: OSPFv3 process 10 could not pick a router-id,please configure
manually
R1(config-rtr)#exit
R1(config)#ipv6 router ospf1
^
% Invalid input detected at '^' marker.
R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 1.1.1.1
R1(config-rtr)#exit
R1(config)#int
R1(config)#interface fa0/0
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#exit
R1(config)#int
R1(config)#interface fa0/1
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#
00:22:13: %OSPFv3-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/1 from
LOADING to FULL, Loading Done

R1(config-if)#exit
R1(config)#exit
R1#
%SYS-5-CONFIG_I: Configured from console by console

R1#show ospf route

^
% Invalid input detected at '^' marker.
R1#show ipv6 route
IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
C 2000::/64 [0/0]
via ::, FastEthernet0/0
L 2000::1/128 [0/0]
via ::, FastEthernet0/0
C 2001::/64 [0/0]
via ::, FastEthernet0/1
L 2001::1/128 [0/0]
via ::, FastEthernet0/1
O 2002::/64 [110/2]
via FE80::260:47FF:FE1D:6602, FastEthernet0/1
L FF00::/8 [0/0]
via ::, Null0
R1#

Router 2 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#configt
Translating "configt"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ipv6 unicast-routing
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ipv6 add 2002::1/64
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to
up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ipv6 add 2002::2/64
%FastEthernet0/1: Error: 2002::/64 is overlapping with 2002::/64 on FastEthernet0/0
Router(config-if)#ipv6 add 2002::2/64
%FastEthernet0/1: Error: 2002::/64 is overlapping with 2002::/64 on FastEthernet0/0
Router(config-if)#ipv6 add 2001::2/64
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#
Router(config-if)#exit
Router(config)#ipv6 router ospf 1
%OSPFv3-4-NORTRID: OSPFv3 process 1 could not pick a router-id,please configure
manually
Router(config-rtr)#exit
Router(config)#ipv6 router ospf 1
Router(config-rtr)#router-id 2.2.2.2
Router(config-rtr)#exit
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ipv6 ospf 1 area 0
Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ipv6 ospf 1 area 0
Router(config-if)#exit
Router(config)#
00:22:11: %OSPFv3-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/1 from
LOADING to FULL, Loading Done
Telnet Configuration in Switch and Router

Switch>enable
Switch#config terminal
Switch(config)#enable password admin
Switch(config)#int VLAN 1
Switch(config-if)#ip address 10.0.0.30 255.0.0.0
Switch(config-if)#no shut
Switch(config-if)#exit
Switch(config)#line vty 0 15
Switch(config-line)#password cisco
Switch(config-line)#login

Router>en
Router#config term
Router(config)#enable password admin
Router(config)#int fa0/0
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no shut
Router(config)#line vty 0 15
Router(config-line)#password cisco
Router(config-line)#login
Switch VLAN Configuration Inter Routing

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name IT
Switch(config-vlan)#exit
Switch(config)#int fa0/1
Switch(config-if)#switch mode acc
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#int
Switch(config)#interface fa0/2
Switch(config-if)#switchport mode acc
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#int
Switch(config)#interface fa0/3
Switch(config-if)#switchp
Switch(config-if)#switchport mo
Switch(config-if)#switchport mode ac
Switch(config-if)#switchport mode access
Switch(config-if)#sw
Switch(config-if)#switchport m
Switch(config-if)#switchport ac
Switch(config-if)#switchport access vlan20
^
% Invalid input detected at '^' marker.
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
Switch(config)#int
Switch(config)#interface fa0/4
Switch(config-if)#switch
Switch(config-if)#switchport m
Switch(config-if)#switchport mode a
Switch(config-if)#switchport mode access
Switch(config-if)#sw
Switch(config-if)#switchport a
Switch(config-if)#switchport access v
Switch(config-if)#switchport access vlan 20
Switch(config-if)#int
Switch(config-if)#int rang fa0/1-4
Switch(config-if-range)#switch
Switch(config-if-range)#switchport m
Switch(config-if-range)#switchport mode a
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#in
Switch(config-if-range)#exit
Switch(config)#int
Switch(config)#interface fa0/5
Switch(config-if)#sw
Switch(config-if)#switchport mo
Switch(config-if)#switchport mode tr
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to

up

Switch#
%SYS-5-CONFIG_I: Configured from console by console
Router Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#int
Router(config-if)#int fa0/0.10
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.10, changed state

to up

Router(config-subif)#en
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip add 192.168.1.1 255.255.255.0
Router(config-subif)#int fa0/0.20
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.20, changed state

to up

Router(config-subif)#en
Router(config-subif)#encapsulation do1q 20
^
% Invalid input detected at '^' marker.
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip add 192.168.2.1 255.255.255.0
Router(config-subif)#
VLAN Configuration Trunk Linking
SW1 Configuration

Port Fa0/1 – Fa0/3 – Vlan 2

Port Fa0/4 – Fa0/6 – Vlan3

SW2 Configuration

Port Fa0/1 – Fa0/2 – Vlan 4

Port Fa0/3 – Fa0/4 – Vlan 3

Switch 1 Configuration

Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 2
Switch(config-vlan)#name Accounts
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#name management
Switch(config-vlan)#exit
Switch(config)#swit
Switch(config)#int
Switch(config)#interface ra
Switch(config)#interface range fa
Switch(config)#interface range fastEthernet 0/1-3
Switch(config-if-range)#swit
Switch(config-if-range)#switchport m
Switch(config-if-range)#switchport mode a
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#sw
Switch(config-if-range)#switchport ac
Switch(config-if-range)#switchport access vlan 2
Switch(config-if-range)#exit
Switch(config)#inf
Switch(config)#int
Switch(config)#interface r
Switch(config)#interface range fa
Switch(config)#interface range fastEthernet 0/4-6
Switch(config-if-range)#swit
Switch(config-if-range)#switchport m
Switch(config-if-range)#switchport mode ac
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#sw
Switch(config-if-range)#switchport ac
Switch(config-if-range)#switchport access vlan 3
Switch(config-if-range)#exit

Switch 2 Configuration

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 3
Switch(config-vlan)#name Management
Switch(config-vlan)#exit
Switch(config)#vlan 4
Switch(config-vlan)#name HR
Switch(config-vlan)#exit
Switch(config)#int
Switch(config)#interface ra
Switch(config)#interface range fa
Switch(config)#interface range fastEthernet 0/1-2
Switch(config-if-range)#swi
Switch(config-if-range)#switchport m
Switch(config-if-range)#switchport mode a
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#sw
Switch(config-if-range)#switchport a
Switch(config-if-range)#switchport access vlan 3
Switch(config-if-range)#exit
Switch(config)#int
Switch(config)#interface ra
Switch(config)#interface range fa
Switch(config)#interface range fastEthernet 0/3-4
Switch(config-if-range)#swit
Switch(config-if-range)#switchport m
Switch(config-if-range)#switchport mode a
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#sw
Switch(config-if-range)#switchport a
Switch(config-if-range)#switchport access vlan 3
Switch(config-if-range)#exit

Switch 1 Trunk Configuration

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int
Switch(config)#interface fa
Switch(config)#interface fastEthernet 0/23
Switch(config-if)#switch
Switch(config-if)#switchport m
Switch(config-if)#switchport mode tr
Switch(config-if)#switchport mode trunk

Switch 2 Trunk Configuration

Switch(config)#interface fastEthernet 0/23
Switch(config-if)#swit
Switch(config-if)#switchport m
Switch(config-if)#switchport mode t
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
VTP (Vlan Trunk Protocol)

Using VTP we can configure vlan in one switch and push the vlan to another switch in the network. It
means you can centrally do administration of vlan in the network for all the switches.

There are three types of modes in the VTP

1. Server Mode
2. Client Mode
3. VTP transparent
VTP Server Mode
VTP Server can add, modify, and delete VLANs. It will propagate a VTP message containing all the
changes from all of its trunk ports. If server receives a VTP message, it will incorporate the change
and forward the message from all remaining trunk ports.

VTP Transparent Mode

VTP Transparent switch can also make change in VLANs but it will not propagate these changes to
other switches. If transparent switch receives a VTP message, it will not incorporate the change and
forward the message as it receives, from all remaining trunk ports.

VTP Client Mode

VTP client switch cannot change the VLAN configurations itself. It can only update its VLAN
configuration through the VTP messages that it receive from VTP server. When it receives a VTP
message, it incorporates the change and then forwards it to the remaining trunk ports

VTP Messages
VTP share VLANs information via VTP messages. VTP messages can only be propagate through the
Trunk connections. So we need to set up trunk connection between switches. VTP messages are
propagated as layer2 multicast frames.

VTP Domain
VTP domain is a group of switches that share same VLAN information. A switch can have a single
domain. VTP messages include domain name. Switch only update VLAN information if it receive VTP
message from same domain

Access Link and Trunk Link

An access link can carry single VLAN information while trunk link can carry multiple VLANs
information. Configuring VLANs on single switch does not require trunk link. It is required only when
you configure VLANs across the multiple switches.

VLAN Tagging
Trunk links use VLAN tagging to carry the multiple VLANs traffic separately.
In VLAN tagging process, sender switch add a VLAN identifier header to the original Ethernet frame.
Receiver switch read VLAN information from this header and remove it before forwarding to the
associate ports. Thus original Ethernet frame remains unchanged. Destination PC receives it in its
original shape.

VLAN Trunking Protocol

Cisco switches supports two types of trunking protocols ISL and 802.1Q.

ISL
ISL (Inter-Switch Link) is a Cisco proprietary protocol. It was developed a long time before the
802.1Q. It adds a 26-byte header (containing a 15-bit VLAN identifier) and a 4-byte CRC trailer to the
frame. 802.1Q It is an open standard protocol developed by IEEE. It inserts 4 byte tag in original
Ethernet frame. Over time, 802.1Q has become the most popular trunking protocols.
Key difference between ISL and 802.1Q
•ISL was developed Cisco while 802.1Q was developed by IEEE.
•ISL is a proprietary protocol. It will works only in Cisco switches. 802.1Q is an open standard based
Protocol. It will works on all switches.
•ISL adds 26 bytes header and 4 byte trailer to the frame.
•802.1Q inserts 4 byte tag in original frame. 802.1Q is a lightweight and advanced protocol with
several enhanced security features. Even Cisco has adopted it as a standard protocol for tagging in
newer switches. 2960 Switch supports only 802.1Q tagging protocol

Dynamic Trunking Protocol

DTP [Dynamic Trunking Protocol] is a Cisco proprietary protocol. It automatically configures trunking
on necessary ports. It operates in five modes.

DTP Modes

DTP Mode ON
In ON mode, interface is set to trunk, regardless whether remote end supports trunking or not. ON
mode cause interface to generate DTP messages and tag frames based on trunk type.

DTP Mode Desirable

In Desirable mode, interface will generate the DTP messages and send them to other end. Interface
will work as access link until it get replies from remote end. If reply messages indicate that remote
device is trunking capable, DTP will change connection link from access link to Trunk. If the other end
does not respond to DTP message, the interface will work as access link connection

DTP Mode Auto

In auto mode interface works as access link and passively listen for DTP messages. Interface will
change connection link to trunk, if it receives a DTP message from remote end.

DTP Mode No-Negotiate

In No-Negotiate mode, interface is set as trunk connection. Interface will tag frames but it will not
generate DTP messages. DTP is a Cisco's proprietary protocol, thus a non Cisco device will not
understand it. This mode is used to trunk connection between Cisco device and a non Cisco device

DTP Mode OFF

In off mode interface is configured as access-link. No DTP message will be generated nor frames will
be tagged.
SW1 Configuration

Switch>en
Switch#show vlan brief
Switch#show interfaces gig0/1 switchport
Switch#config t

sw1(config)#int g0/1
sw1(config-if)#switch mode trunk

sw1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state
to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state

to up

sw1(config-if)#exit
sw1(config)#vtp domain global
Changing VTP domain name from NULL to global
sw1(config)#vtp mode server
Device mode already VTP SERVER.
sw1(config)#vlan 10
sw1(config-vlan)#name Eng
sw1(config-vlan)#vlan 20
sw1(config-vlan)#name sales
sw1(config-vlan)#vlan 199
sw1(config-vlan)#name Native
sw1(config-vlan)#exit
sw1(config)#interface g0/1
sw1(config-if)#exit
sw1(config)#interface range f0/2-3
sw1(config-if-range)#switch mode access
sw1(config-if-range)#switch access vlan 10
sw1(config-if-range)#exit
sw1(config)#interface range fa0/1
sw1(config-if-range)#switch mode access
sw1(config-if-range)#switch access vlan 20
sw1(config-if-range)#exit
sw1(config)#interface g0/1
sw1(config-if)#switch trunk native vlan 199
sw1(config-if)#

%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on

GigabitEthernet0/1 VLAN199.

%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/1 on VLAN0199.

Inconsistent local vlan.

%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on

GigabitEthernet0/1 (199), with sw2 GigabitEthernet0/1 (1).

%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on

GigabitEthernet0/1 (199), with sw2 GigabitEthernet0/1 (1).
%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/1 on
VLAN0001. Port consistency restored.

%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/1 on

VLAN0199. Port consistency restored.
SW2 Configuration

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname sw2
sw2(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state
to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state

to up

sw2(config)#int g0/1
sw2(config-if)#switch trunk encapsulation dot1q
sw2(config-if)#switch mode trunk
sw2(config)#int g0/2
sw2(config-if)#switch trunk encapsulation dot1q
sw2(config-if)#switch mode trunk

sw2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state
to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state

to up

sw2(config-if)#exit
sw2(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.
sw2(config)#vlan 10
sw2(config-vlan)#name Eng
sw2(config-vlan)#vlan 20
sw2(config-vlan)#name sales
sw2(config-vlan)#vlan 199
sw2(config-vlan)#name Native
sw2(config-vlan)#

SW3 Configuration
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname sw3
sw3(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state
to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state

to up

sw3(config)#interface g0/2
sw3(config-if)#switch mode trunk
sw3(config-if)#exit
sw3(config)#vtp mode client
Setting device to VTP CLIENT mode.
sw3(config)#vtp domain global
Changing VTP domain name from NULL to global
sw3(config)#exit
sw3#
%SYS-5-CONFIG_I: Configured from console by console
sw3#show vlan brief
sw3(config)#interface range fa0/1-3
sw3(config-if-range)#switch mode access
sw3(config-if-range)#switch access vlan 20
sw3(config-if-range)#exit
sw3(config)#interface range fa0/2
sw3(config-if-range)#switch mode access
sw3(config-if-range)#switch access vlan 10
sw3(config-if-range)#exit
sw3(config)#interface g0/2
sw3(config-if)#switch trunk native vlan 199
sw3(config-if)#%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer
vlan id 1 on GigabitEthernet0/2 VLAN199.

%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/2 on VLAN0199.

Inconsistent local vlan.
STP Configuration
STP (Spanning Tree Protocol) is a network protocol and it builds loop free network topology
in the local area network. BPDU (Bridge Protocol Data Units) is used to prevent loops. It is
root switch works as a firewall to save network attacks. BPDU guard on port.
STP is a layer 2 protocol, used for removing loops. For backup purpose we typically create
Backup links for important resources. BPDU (Bridge Protocol Data Units). Switch use
BPDUs to learn network topology. If it found any loop, it will automatically remove that. To
remove loop, STP disables port or ports that are causing it

Example: If there are two switches in the network it selects the root bridge basis of bridge ID.
The ID is made up of two parts
Priority 2 bytes (Default value 32768)
MAC address 6 bytes (Lower is preferred)
There are 3 types of STP configurations
1. RSTP (Rapid Spanning Tree Protocol)
2. MSTP (Multiple Spanning Tree Protocol)
3. SPC (Span Port Configuration)
Select the Root Bridge Primary and Secondary
Switch 1
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#spanning-tree vlan 1 root primary
Switch#show spanning-tree
Switch 2
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#spanning-tree vlan 1 root secondary
Switch#show spanning-tree

Configure Port Fast

Switch 3

Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int
Switch(config)#interface f
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#spanning-tree p
Switch(config-if)#spanning-tree portfast
Switch 4
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int
Switch(config)#interface f
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#spanning-tree p
Switch(config-if)#spanning-tree portfast
Switch 5
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int
Switch(config)#interface f
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#spanning-tree p
Switch(config-if)#spanning-tree portfast
Switch 6
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int
Switch(config)#interface f
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#spanning-tree p
Switch(config-if)#spanning-tree portfast
Switch 7
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#spa
Switch(config)#int
Switch(config)#interface fa
Switch(config)#interface fastEthernet 0/3
Switch(config-if)#sp
Switch(config-if)#spa
Switch(config-if)#spanning-tree por
Switch(config-if)#spanning-tree portfast

Now ping PC1 to PC5

Now disconnected Cable of Switch 1 and Switch 3 and Ping PC1 to PC5
Ping PC1 to PC5 one more time to check if the STP has occupied and get linked with secondary root
bridge.

HSRP Configuration

HSRP (Hot Standby Routing Protocol) is a CISCO propriety protocol provides virtual IP address to
each group in the network and act as redundant router. If primary router failed to provide
connection packets use secondary to router to send and receive packets. Multicast address is
224.0.0.2
R1>enable
R1#configure terminal
R1(config)#interface gigabitEthernet 0/0.10
R1(config-subif)#standby 10 ip 10.0.0.10
R1(config-subif)#standby 10 priority 120
R1(config-subif)#standby 10 preempt
R1(config-subif)#exit
R1(config)#interface gigabitEthernet 0/0.20
R1(config-subif)#standby 20 ip 20.0.0.10
R1(config-subif)#standby 20 priority 110
R1(config-subif)#exit
R1(config)#interface gigabitEthernet 0/0.30
R1(config-subif)#standby 30 ip 30.0.0.10
R1(config-subif)#exit
R1(config)#

R2>enable
R2#configure terminal
R2(config)#interface gigabitEthernet 0/0.10
R2(config-subif)#standby 10 ip 10.0.0.10
R2(config-subif)#exit
R2(config)#interface gigabitEthernet 0/0.20
R2(config-subif)#standby 20 ip 20.0.0.10
R2(config-subif)#standby 20 priority 120
R2(config-subif)#standby 20 preempt
R2(config-subif)#exit
R2(config)#interface gigabitEthernet 0/0.30
R2(config-subif)#standby 30 ip 30.0.0.10
R2(config-subif)#standby 30 priority 110
R2(config-subif)#exit
R2(config)#

R3>enable
R3#configure terminal
R3(config)#interface gigabitEthernet 0/0.10
R3(config-subif)#standby 10 ip 10.0.0.10
R3(config-subif)#standby 10 priority 110
R3(config-subif)#exit
R3(config)#interface gigabitEthernet 0/0.20
R3(config-subif)#standby 20 ip 20.0.0.10
R3(config-subif)#exit
R3(config)#interface gigabitEthernet 0/0.30
R3(config-subif)#standby 30 ip 30.0.0.10
R3(config-subif)#standby 30 priority 120
R3(config-subif)#standby 30 preempt
R3(config-subif)#exit
R3(config)#
Router 1 Configuration
Router>
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#int
Router(config)#interface g
Router(config)#interface gigabitEthernet 0/0/0
Router(config-if)#ip add 10.1.1.2 255.255.255.248
Router(config-if)# no shut

Router(config)#interface gigabitEthernet 0/0/0

Router(config-if)#standby 1 ip 10.1.1.1
Router(config-if)#standby 1 priority 150

%HSRP-6-STATECHANGE: GigabitEthernet0/0/0 Grp 1 state Speak -> Standby

%HSRP-6-STATECHANGE: GigabitEthernet0/0/0 Grp 1 state Standby -> Active

Router(config-if)#exit

Router 2 Configuration
Router>
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#int
Router(config)#interface g
Router(config)#interface gigabitEthernet 0/0/0
Router(config-if)#ip add 10.1.1.2 255.255.255.248
Router(config-if)# no shut

Router(config)#interface gigabitEthernet 0/0/0

Router(config-if)#standby 1 ip 10.1.1.1
Router(config-if)#standby 1 priority 110

To check the redundancy of the router shutdown the g0/0/0 and run traceroute 8.8.8.8 it should
switch to 2nd router
STP With HSRP

SW1

Switch(config)#vlan 10
Switch(config-vlan)#exit
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface vlan 10
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up

Switch(config-if)#ip add 10.10.10.2 255.255.255.0

Switch(config-if)#standby 1 ip 10.10.10.1
Switch(config-if)#standby 1 priority 120
Switch(config-if)#standby 1 preempt
Switch(config-if)#standby version 2
Switch(config-if)#
%HSRP-6-STATECHANGE: Vlan10 Grp 1 state Init -> Init
Switch(config)#spanning-tree vlan 10 root secondary

SW2

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface vlan 10
Switch(config-if)# ip add 10.10.10.3 255.255.255.0
Switch(config-if)#standby 2 ip 10.10.10.1
Switch(config-if)#standby 2 priority 200
Switch(config-if)#standby 2 preempt
Switch(config-if)#standby version 2
Switch(config)#spanning-tree vlan 10 root primary

%HSRP-6-STATECHANGE: Vlan10 Grp 2 state Init -> Init

VRRP

VRRP (Virtual Redundancy Router Protocol) is a open source protocol provides redundancy in
network. If one of the router is down in network the configuration moves to backup router to
provide redundancy. Virtual IP and Mac address is assigned to clients to have redundancy work in
network. Multicast address for VRRP is 224.0.0.18 it sends signal every 1 second.

Switch 1 Configuration

SW1(config)#interface fa0/1
SW1(config-if)#vrrp 1 ip 192.168.1.3
SW1(config-if)#vrrp 1 priority 150
SW1(config-if)#vrrp 1 preempt

Switch 2 Configuration

SW2(config)#interface fa0/1
SW2(config-if)#vrrp 1 ip 192.168.1.3
SW2(config-if)#

Single DHCP Server Configration Using Server

Sw1 Configuration

Switch(config)#ip dhcp pool networkpool

Switch(dhcp-config)#network 20.0.0.1 255.0.0.0
Switch(dhcp-config)#dns-server 4.4.4.4
Switch(dhcp-config)#default-router 20.0.0.1
Multiple DHCP Server Configuration Using Router

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface fa0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#interface fa0/1
Router(config-if)#ip add 192.168.2.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#exit
Router(config)#ip dhcp excluded-address 192.168.1.0 192.168.1.10
Router(config)#ip dhcp pool Network1
Router(dhcp-config)#default-router 192.168.1.1
Router(dhcp-config)#dns-server 192.168.1.2
Router(dhcp-config)#option 150 ip 192.168.1.3
Router(dhcp-config)#network 192.168.1.0 255.255.255.0
Router(dhcp-config)#exit

Router(config)#ip dhcp excluded-address 192.168.2.0 192.168.2.10

Router(config)#ip dhcp pool network2
Router(dhcp-config)#dns-server 192.168.2.2
Router(dhcp-config)#default-router 192.168.2.1
Router(dhcp-config)#option 150 ip 192.168.2.3
Router(dhcp-config)#network 192.168.2.0 255.255.255.0
Router(dhcp-config)#exit
Router(config)#
Verify Configuration

Ip dhcp binding

Show ip dhcp pool network1

ARP Inspection and DHCP Snooping

DHCP snooping is where client computers get IP from attackers DHCP server who is trying to get in
instead of the DHCP server is configured to get secure IP. So few computers in network will get IP
from DHCP attacker and few computers will get IP from secure DHCP to solve this DHCP server and
CISCO router port need to be configured so client computers should get IP from the DHCP
configured.

Switch(config)#
Switch(config)#ip dhcp snooping
Switch(config)#ip dhcp snooping vlan 1
Switch(config)#no ip dhcp snooping information option
Switch(config)#interface fa0/2
Switch(config-if)#ip dhcp snooping trust
Switch(config-if)#exit
Switch(config)#ip arp inspection vlan 1
Switch(config)#interface fa0/2
Switch(config-if)#ip arp inspection trust

show ip arp inspection

show ip dhcp snooping
show ip dhcp snooping binding

show ip arp inspection statistics

ARP Inspection

DAI (Dynamic ARP inspection) is a method of scanning the MAC addresses of client computers
before providing the IP address. ARP Attacks (Man in the Middle) is the reason we do ARP inspection
As a default all ports in switch requests for IP address and switch has a Mac Address table and it
verifies the client MAC address and forwards to DHCP server once its scanned and verified it. As
Default all the ports in switch are set to untrusted so it can scan the phishing MAC address before
send request to the DHCP server if a hacker makes one of the port Trusted in switch DAI assumes its
trusted and Sends requests to DHCP server for the IP address.
Switch 1 Configuration

Switch(config)#vlan 2
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#exit
Switch(config)#ip arp inspection vlan 2
Switch(config)#interface fa0/1
Switch(config-if)#ip arp inspection trust
Switch(config-if)#exit
Switch(config)#interface fa0/3
Switch(config-if)#ip arp inspection trust
Switch(config-if)#exit

Switch 2 Configuration

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 2
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config)#ip arp inspection vlan 2
Switch(config)#interface fa0/1
Switch(config-if)#ip arp inspection trust
Switch(config)#interface fa0/2
Switch(config-if)#ip arp inspection trust
Switch(config)#do show ip arp inspection vlan 2

Switch(config)#do show ip arp inspection int fa0/1

BGP

BGP (Border Gateway Protocol) is a path vector protocol it is a exterior gateway protocol exchanges
information of autonomous system networks over the internet. It does not contain any topology but
keep loop free its network during exchanging information.
Router 1 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 10.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 172.16.0.1 255.255.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up

Router(config-if)#exit
Router(config)#router bgp 1
Router(config-router)#neighbor 172.16.0.2 remote-as 71
Router(config-router)#network 10.0.0.0 mask 255.0.0.0
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]
Router(config)#%BGP-5-ADJCHANGE: neighbor 172.16.0.2 Up

Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 172.16.0.2 255.255.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 172.14.0.1 255.255.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up
Router(config-if)#router bgp 71
Router(config-router)#neighbor 172.16.0.1 remote-as 1
Router(config-router)#%BGP-5-ADJCHANGE: neighbor 172.16.0.1 Up

Router(config-router)#neighbor 172.14.0.2 remote-as 79

Router(config-router)#network 40.0.0.0 mask 255.0.0.0
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]
Router(config)#%BGP-5-ADJCHANGE: neighbor 172.14.0.2 Up

Router 3 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 172.14.0.2 255.255.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 40.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#exit
Router(config)#router bgp 79
Router(config-router)#neighbor 172.14.0.1 remote-as 71
Router(config-router)#%BGP-5-ADJCHANGE: neighbor 172.14.0.1 Up

Router(config-router)#network 40.0.0.0 mask 255.0.0.0

Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]
Router(config)#

Site to Site VPN connection

Router 1 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface g0/0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state

to up

Router(config-if)#exit
Router(config)#interface g0/0/1
Router(config-if)#ip add 1.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state
to up

Router(config-if)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 1.0.0.2
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console
Router(config)#interface tunnel 10

Router(config-if)#
%LINK-5-CHANGED: Interface Tunnel10, changed state to up

Router(config-if)#ip add 172.16.1.1 255.255.0.0

Router(config-if)#tunnel source g0/0/1
Router(config-if)#tunnel destination 2.0.0.2
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel10, changed state to up

Router(config-if)#no shut
Router(config-if)#exit
Router(config)#ip route 192.168.2.0 255.255.255.0 172.16.1.2
Router(config)#
Router(config)#exit
Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface g0/0/0
Router(config-if)#ip add 1.0.0.2 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state

to up

Router(config-if)#exit
Router(config)#int
Router(config)#interface g0/0/1
Router(config-if)#ip add 2.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up

Router 3 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface g0/0/0
Router(config-if)#ip add 2.0.0.2 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state

to up

Router(config-if)#exit
Router(config)#int
Router(config)#interface g0/0/1
Router(config-if)#ip add 192.168.2.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#do write
Building configuration...
[OK]
Router(config)#
Router(config)#interface GigabitEthernet0/0/1
Router(config-if)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 2.0.0.1
Router(config)#interface tunnel 100

Router(config-if)#
%LINK-5-CHANGED: Interface Tunnel100, changed state to up

Router(config-if)#ip add 172.16.1.2 255.255.0.0

Router(config-if)#tunnel destination 1.0.0.1
Router(config-if)#tunnel source GigabitEthernet0/0/1
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel100, changed state to up

Router(config-if)#no shut
Router(config-if)#
Router(config-if)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console
Router(config)#ip route 192.168.1.0 255.255.255.0 172.16.1.1
Router(config)#exit

TACACS

TACACS (Terminal Access Controller Access Control System) is a security protocol that provides
centralized validation of users who are attempting to gain access to a router or NAS.

TACACS+ provides separate authentication, authorization and accounting services.

One of the unique features offered by TACACS+ is encryption of the entire packet beyond the
header. This feature distinguishes it from RADIUS, which can encrypt only the passwords exchanged
rather than the entire packet.

Remote Authentication Dial-In User Service (RADIUS) Protocol operates on ports

UDP 1645 and UDP 1812 that provide centralized AAA management for users who connect and use
Network Access Server (NAS), such as a VPN concentrator, router, and switch. This client/server
protocol and software enables remote access servers to communicate with a central server to
perform AAA operations for remote users. This protocol operates at the application layer and can
use TCP or UDP as a transport protocol.

Terminal Access Controller Access-Control System Plus (TACACS+) – is a

remote authentication protocol that allows a remote access server to communicate with an
authentication server to validate user access to the network. TACACS+ permits a client to accept a
username and password and pass a query to a TACACS+ authentication server.
GRE- IPsec Tunnel
Router 1 Configuration

Router(config)# interface Tunnel0

Router(config-if)# ip address 172.16.0.1 255.255.255.0
Router(config-if)# ip mtu 1400
Router(config-if)# ip tcp adjust-mss 1360
Router(config-if)# tunnel source 1.1.1.10
Router(config-if)# tunnel destination 2.2.2.10

R1(config)# ip route 192.168.2.0 255.255.255.0 172.16.0.2

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#cr
Router(config)#crypto is
Router(config)#crypto isakmp po
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#en
Router(config-isakmp)#encryption 3
Router(config-isakmp)#encryption 3des
Router(config-isakmp)#h
Router(config-isakmp)#hash m
Router(config-isakmp)#hash md5
Router(config-isakmp)#au
Router(config-isakmp)#authentication p
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#g
Router(config-isakmp)#group 2
Router(config-isakmp)#l
Router(config-isakmp)#lifetime 86400
Router(config-isakmp)#exit
Router(config)#cr
Router(config)#crypto i
Router(config)#crypto is
Router(config)#crypto isakmp k
Router(config)#crypto isakmp key f
Router(config)#crypto isakmp key fi
Router(config)#crypto isakmp key fir
Router(config)#crypto isakmp key firewall
Router(config)#crypto isakmp key firewall address 2.2.2.10
Router(config)#cr
Router(config)#crypto ip
Router(config)#crypto ipsec t
Router(config)#crypto ipsec transform-set TS esp-e
Router(config)#crypto ipsec transform-set TS esp-3
Router(config)#crypto ipsec transform-set TS esp-3des esp-m
Router(config)#crypto ipsec transform-set TS esp-3des esp-md5-hmac
Router(cfg-crypto-trans)#
Router (cfg-crypto-trans)# mode transport
Router (config)# crypto ipsec profile protect-gre
Router (ipsec-profile)# set security-association lifetime seconds 86400
Router (ipsec-profile)# set transform-set TS

Router (config)# interface Tunnel 0

Router (config-if)# tunnel protection ipsec profile protect-gre

Router 2 Configuration

Router(config)# interface Tunnel0

Router(config-if)# ip address 172.16.0.2 255.255.255.0
Router(config-if)# ip mtu 1400
Router(config-if)# ip tcp adjust-mss 1360
Router(config-if)# tunnel source 2.2.2.10
Router(config-if)# tunnel destination 1.1.1.10
Router(config)# ip route 192.168.1.0 255.255.255.0 172.16.0.1

CONFIGURING IPSEC ENCRYPTION FOR GRE TUNNEL (GRE OVER IPSEC)

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#cr
Router(config)#crypto is
Router(config)#crypto isakmp po
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#en
Router(config-isakmp)#encryption 3
Router(config-isakmp)#encryption 3des
Router(config-isakmp)#h
Router(config-isakmp)#hash m
Router(config-isakmp)#hash md5
Router(config-isakmp)#au
Router(config-isakmp)#authentication p
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#g
Router(config-isakmp)#group 2
Router(config-isakmp)#l
Router(config-isakmp)#lifetime 86400
Router(config-isakmp)#exit
Router(config)#cr
Router(config)#crypto i
Router(config)#crypto is
Router(config)#crypto isakmp k
Router(config)#crypto isakmp key f
Router(config)#crypto isakmp key fi
Router(config)#crypto isakmp key fir
Router(config)#crypto isakmp key firewall
Router(config)#crypto isakmp key firewall address 1.1.1.10
Router(config)#cr
Router(config)#crypto ip
Router(config)#crypto ipsec t
Router(config)#crypto ipsec transform-set TS esp-e
Router(config)#crypto ipsec transform-set TS esp-3
Router(config)#crypto ipsec transform-set TS esp-3des esp-m
Router(config)#crypto ipsec transform-set TS esp-3des esp-md5-hmac
Router(cfg-crypto-trans)#
Router (cfg-crypto-trans)# mode transport

Router (config)# crypto ipsec profile protect-gre

Router (ipsec-profile)# set security-association lifetime seconds 86400
Router (ipsec-profile)# set transform-set TS

Router (config)# interface Tunnel 0

Router (config-if)# tunnel protection ipsec profile protect-gre

RADIUS Server Authentication

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface fa0/0
Router(config-if)#ip add 192.168.1.10 255.255.255.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#radius-server host 192.168.1.12
Router(config)#aaa new-model
Router(config)#radius-server key ccna
Router(config)#aaa authentication login default local
Router(config)#username admin1 secret cisco
Router(config)#exit

TACACS Server Authentication

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface fa0/0
Router(config-if)#ip add 192.168.1.10 255.255.255.0
Router(config-if)#no shut
Router(config)#tacacs-server host 192.168.1.10
Router(config)#username admin1 secret cisco
Router(config)#tacacs-server key ccna
Router(config)#aaa authentication login default local

Multipoint GRE (Generic Routing Encapsulation)

Generic Routing Encapsulation (GRE) is a tunnelling protocol developed by Cisco Systems that can
encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-
multipoint links over an Internet Protocol network.

Point-to-Multipoint GRE is used as the transport protocol for the encapsulation of packets in
multipoint VPN. GRE supports multiple remote endpoints via a single VTI. It can transport both IPv4
and IPv6 packets and emulates broadcast and multicast by duplicating those packets and sending
them to all known endpoints.

No Encryption so need to be mixed with security protocols to secure point to point links and its less
scalable.
IPSec are used in Virtual Private Networks (VPNs) to offer safe communication over an insecure
network like the internet. GRE is a tunnelling protocol used to construct a virtual point-to-point link
between two networks, not a security protocol.

HDLC (High Level Data-Link Control)

HDLC is a simple protocol used to connect point to point serial devices. For example, you have point
to point leased line connecting two locations, in two different cities. HDLC would be the protocol
with the least amount of configuration required to connect these two locations.

MLPP

Multilink Point-to-Point Protocol (MLPPP) aggregates multiple PPP physical links into a single virtual
connection, or logical bundle. More specifically, MLPPP bundles multiple link-layer channels into a
single network-layer channel.

Frame Relay

Frame Relay is a Layer 2 WAN protocol that can be configured on physical serial links. In addition to
physical interfaces, you can also configure two types of logical interfaces for Frame Relay – point-to-
point and multipoint.

R1 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface loopback 1
Router(config-if)#ip add 10.1.1.1 255.255.255.0
Router(config)#interface serial 0/0/1
Router(config-if)#ip add 10.1.123.1 255.255.255.0
Router(config-if)#encapsulation frame-relay ietf
Router(config-if)#no frame-relay inverse-arp
Router(config-if)#frame-relay map ip 10.1.123.1 102
Router(config-if)#frame-relay map ip 10.1.123.2 102
Router(config-if)#frame-relay map ip 10.1.123.3 103
Router(config-if)#no shut

%LINK-5-CHANGED: Interface Serial0/0/1, changed state to down

Router(config-if)#

R2 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface loopback 2
Router(config-if)#ip add 10.1.2.1 255.255.255.0
Router(config)#interface serial 0/0/1
Router(config-if)#ip add 10.1.123.2 255.255.255.0
Router(config-if)#encapsulation frame-relay ietf
Router(config-if)#no frame-relay inverse-arp
Router(config-if)#frame-relay map ip 10.1.123.1 201
Router(config-if)#frame-relay map ip 10.1.123.2 201
Router(config-if)#frame-relay map ip 10.1.123.3 201
Router(config-if)#no shut

Router(config)#interface fa0/0
Router(config-if)#ip add 10.1.23.2 255.255.255.0
Router(config-if)#no shut

Router 3 Configuration

Router(config)#frame-relay switching
Router(config)#interface serial 0/0/0
Router(config-if)#no ip ad
Router(config-if)#encapsulation frame-relay ietf
Router(config-if)#no ip route cache
Router(config-if)#frame-relay intf-type dce
Router(config-if)#frame-relay route 102 interface serial0/0/1 201
Router(config-if)#frame-relay route 103 interface serial0/1/0 301
Router(config-if)#no shut

Router(config)#interface serial 0/0/1

Router(config-if)#no ip ad
Router(config-if)#encapsulation frame-relay ietf
Router(config-if)#no ip route cache
Router(config-if)#frame-relay intf-type dce
Router(config-if)#frame-relay route 201 interface serial0/0/0 102
Router(config-if)#no shut

Router(config)#interface serial 0/1/0

Router(config-if)#no ip ad
Router(config-if)#encapsulation frame-relay ietf
Router(config-if)#no ip route cache
Router(config-if)#frame-relay intf-type dce
Router(config-if)#frame-relay route 301 interface serial0/0/0 103
Router(config-if)#no shut

OSPF Configuration Point to Point

Router 1

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#netowrk 10.1.123.0 0.0.0.255 area 0
Router(config-router)#netowrk 10.1.1.0 0.0.0.255 area 0
Router(config)#interface loopback 1
Router(config)#ip ospf network point-to-point

Router 2

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#netowrk 10.1.123.0 0.0.0.255 area 0
Router(config-router)#netowrk 10.1.2.0 0.0.0.255 area 0
Router(config)#interface loopback 2
Router(config)#ip ospf network point-to-point

Router 4

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#netowrk 10.1.123.0 0.0.0.255 area 0
Router(config-router)#netowrk 10.1.3.0 0.0.0.255 area 0
Router(config)#interface loopback 3
Router(config)#ip ospf network point-to-point

Make Router 1 DR so Configure R2 and R3 Priority to 0

Router 2
Router(config)#interface serial 0/0/1
Router(config-if)#ip ospf priority 0

Router 4
Router(config)#interface serial 0/0/0
Router(config-if)#ip ospf priority 0

OSPF Broadcast Configuration

Router 1
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#neighbor 10.1.123.2
Router(config-router)# neighbor 10.1.123.3

Router 2

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#neighbor 10.1.123.1

Router 4
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#neighbor 10.1.123.1

Verify configuration

Ping from Router 1 it should work

10.1.1.1
10.1.2.1
10.1.3.1
10.1.123.1
10.1.123.2
10.1.123.3
10.1.23.2
10.1.23.3

If you want to Configure Point to Multipoint

Router 1
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#no neighbor 10.1.123.2
Router(config-router)#no neighbor 10.1.123.3

Router 2

Router(config)# interface serial 0/0/1

Router(config-if)# no ip ospf priority 0
Router(config-if)# exit
Router(config)# router ospf 1
Router(config-router)# no neighbor 10.1.123.1

Router 4
Router(config)# interface serial 0/0/0
Router(config-if)# no ip ospf priority 0
Router(config-if)# exit
Router(config)# router ospf 1
Router(config-router)# no neighbor 10.1.123.1

Configure Broadcast for Point to Multipoint

Router 1
Router (config)#interface serial 0/0/1
Router (config-if)# ip ospf network point-to-multipoint
Router (config-if)# frame-relay map ip 10.1.123.2 102 broadcast
Router (config-if)# frame-relay map ip 10.1.123.3 103 broadcast

Router 2
Router (config)# interface serial 0/0/1
Router (config-if)# ip ospf network point-to-multipoint
Router (config-if)# frame-relay map ip 10.1.123.1 201 broadcast
Router (config-if)# frame-relay map ip 10.1.123.3 201 broadcast

Router 4

Router (config)# interface serial 0/0/0

Router (config-if)# ip ospf network point-to-multipoint
Router (config-if)# frame-relay map ip 10.1.123.1 301 broadcast
Router (config-if)# frame-relay map ip 10.1.123.2 301 broadcast

Switch Stacking

Switch stacking is a feature of certain Cisco access layer switches which allows for the creation of a
single logical device from many individual devices via a backside stack port connected by several
stack cables. Stackable switches logically to become one switch.

APIC-EM

Cisco introduced their Application Centric Infrastructure (ACI) strategy with the implementation of
Application Policy Infrastructure Controller - DC as implemented on the new generation Nexus 9000
switches in the data centre. The APIC - Enterprise Module (APIC-EM) focuses on the campus network
and the WAN.

QoS Mechanism

Quality of service (QoS) is the use of mechanisms or technologies that work on a network to control
traffic and ensure the performance of critical applications with limited network capacity. It enables
organizations to adjust their overall network traffic by prioritizing specific high-performance
applications.

Index of /pcsiete/prez/upravene (cnl.sk)

https://www.dideo.ir/

Dynamic NAT configuration in Packet Tracer – Computer Networking Tips (wordpress.com)

Router Configuration
Router>enable
Router#configure terminal
Router(config)#interface Fa0/0
Router(config-if)#ip address 10.0.0.2 255.0.0.0
Router(config-if)#no shutdown
Router(config)#interface Fa0/1
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit

Router(config)#router ospf 1
Router(config-router)#network 10.0.0.0 0.0.0.255 area 0
Router(config-router)#network 192.168.1.0 0.255.255.255 area 0
Router(config-router)#exit
Router(config)#exit

Configure TFTP services In Server

Router#copy running-config tftp: – Backup

Router#copy startup-config tftp: – Backup
Router#copy tftp: running-config – Restore

Router#copy tftp: startup-config – Restore

Route Redistribution RIP and EIGRP

Router 1 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 3.0.0.1 255.0.0.0
Router(config-if)#no shut
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 1.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#router rip
Router(config-router)#version 2
Router(config-router)#network 1.0.0.0
Router(config-router)#network 3.0.0.0
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]

Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 3.0.0.2 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 4.0.0.1 255.0.0.0
Router(config-if)#no shut
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#exit
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 3.0.0.0
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]
Router(config)#router eigrp 1
Router(config-router)#network 4.0.0.0
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]
Router(config)#
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 4.0.0.2 (FastEthernet0/1) is up: new
adjacency

Router(config)#router rip
Router(config-router)#redistribute eigrp 1 metric 1
Router(config-router)#exit
Router(config)#router eigrp 1
Router(config-router)#redistri
Router(config-router)#redistribute rip metric 10000 1 255 1 1500
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]

EIGRP was configured to redistribute all rip routes, and apply a metric of 10000 (bandwidth), 1
(delay), 255 (reliability), 1 (load), and 1500 (MTU) to the redistributed routes.
Router 3 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 4.0.0.2 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to
up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 5.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#exit
Router(config)#router eigrp 1
Router(config-router)#network 4.0.0.0
Router(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 4.0.0.1 (FastEthernet0/0) is up: new
adjacency

Router(config-router)#network 5.0.0.0
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]

Redistribution of EIGRP and OSPF

Router 1 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 1.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 3.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#exit
Router(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up

Router(config)#router eigrp 10
Router(config-router)#network 1.0.0.0
Router(config-router)#network 3.0.0.0
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]
Router(config)#
%DUAL-5-NBRCHANGE: IP-EIGRP 10: Neighbor 3.0.0.2 (FastEthernet0/1) is up: new
adjacency

Router 2 Configuration

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 3.0.0.2 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 4.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up

Router(config-if)#exit
Router(config)#router eigrp 10
Router(config-router)#network 3.0.0.0
Router(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 10: Neighbor 3.0.0.1 (FastEthernet0/0) is up: new
adjacency
Router(config-router)#exit
Router(config)#router ospf 10
Router(config-router)#network 4.0.0.0 0.0.0.255 area 0
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]
Router(config)#
00:10:22: %OSPF-5-ADJCHG: Process 10, Nbr 5.0.0.1 on FastEthernet0/1 from LOADING
to FULL, Loading Done

Router(config)#router eigrp 10
Router(config-router)#redistribute ospf 10 metric 1000 100 255 1 1500
Router(config-router)#exit
Router(config)#router ospf 10
Router(config-router)#redistribute eigrp 10 metric 1 subnets
Router(config-router)#exit

Router 3 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 4.0.0.2 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 5.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#exit
Router(config)#router ospf 10
Router(config-router)#network 4.0.0.0 0.0.0.255 area 0
Router(config-router)#network 5.0.0.0 0.0.0.255 area 0
Router(config-router)#exit
Router(config)#do wr
00:10:20: %OSPF-5-ADJCHG: Process 10, Nbr 4.0.0.1 on FastEthernet0/0 from LOADING
to FULL, Loading Done

Building configuration...
[OK]
Router(config)#

Redistribution Static and EIGRP

Router 1 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 10.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 30.0.0.1 255.0.0.0
Router(config-if)#no shu

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#exit
Router(config)#ip route 40.0.0.0 255.0.0.0 30.0.0.2
Router(config)#ip route 20.0.0.0 255.0.0.0 30.0.0.2

Router 2 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 30.0.0.2 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 40.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#exit
Router(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
up
Router(config)#ip route 10.0.0.0 255.0.0.0 30.0.0.1

Router(config)#router eigrp 1
Router(config-router)#network 4.0.0.0
Router(config-router)#exit
Router(config)#no route eigrp 1
Router(config)#route eigrp 1
Router(config-router)#network 40.0.0.0
Router(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 40.0.0.2 (FastEthernet0/1) is up: new
adjacency

Router(config-router)#redistribute static
Router(config-router)#redistribute connected
Router(config-router)#exit
Router(config)#do write
Building configuration...
[OK]
Router(config)#

Router 3 Configuration
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int
Router(config)#interface fa0/0
Router(config-if)#ip add 40.0.0.2 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to

up

Router(config-if)#exit
Router(config)#int
Router(config)#interface fa0/1
Router(config-if)#ip add 20.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to

up

Router(config-if)#exit
Router(config)#
Router(config)#router eigrp 1
Router(config-router)#network 40.0.0.0
Router(config-router)#network 20.0.0.0
Router(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 40.0.0.1 (FastEthernet0/0) is up: new
adjacency

Switch Port Security

Switch#
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 1
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#switchport port-security mac-address sticky
PAP (Password Authentication Protocol)

PAP is password authentication protocol used in PPP links. Username and Passwords need to be
send from R1 to R2. No encryption and accepts connection using two handshake method but it is not
a strong authentication protocol

• PAP (Password Authentication Protocol): This is plaintext! It will send the username and
password over the PPP link, and the router on the other side will check it.

• CHAP (Challenge Handshake Authentication Protocol): Instead of sending the password in

plaintext, we will send a “challenge,” which is a hash of the password. This is far more
secure.