Bevezetés a Cisco routerek konfigurálásába. Szemmelveisz András E-mail: [email protected]

Synergon Informatika Rt.

Bevezetés a Cisco routerek konfigurálásába

Szemmelveisz András

E-mail: [email protected]

Tematika I.

A 7 rétegű OSI modell

Az alkalmazási és a felsõbb rétegek

A fizikai és adatkapcsolati réteg

A hálózati réteg és az útvonal-meghatározás

A routerek felhasználói intefésze

Routing alapok

A router kiindulási konfigurációja

Tematika II.

Konfigurálási módszerek és módok

A Cisco IOS szoftver betöltésének módjai

TCP/IP áttekintés

IP címek beállítása

IP routing beállítása

A Novell IPX beállítása

Az AppleTalk beállítása

Tematika III.

Szűrőlisták használata

Soros vonali alapok

Az ISDN BRI használata

X.25 alapok

Frame Relay alapok

Az Autoinstall opció

Egyéb protokollok


The Internetworking model

The Layered Model

Why a Layered Network Model?

Reduces complexity

Standardizes interfaces

Facilitates modular engineering

Ensure interoperable technology

Accelerates evolution

Simplifies teaching and learning

Application

Presentation

Session

Transport

Network

Data Link

Physical

7

6

5

4

3

2

1

Layer Functions

Network processes to applications

Data representation

Interhost communication

End-to-end connections

Addresses and best path

Access to media

Binary transmission

Application

Presentation

Session

Transport

Network

Data Link

Physical

7

6

5

4

3

2

1

Peer-to-Peer Communication

Application

Presentation

Session

Transport

Network

Data Link

Physical

Application

Presentation

Session

Transport

Network

Data Link

Physicalbits

HOST A HOST B

segments

packets

frames

Data Encapsulation

Application

Presentation

Session

Transport

Network

Data Link

Physical

Application

Presentation

Session

Transport

Network

Data Link

Physical

Network Header

Network Header

Frame Header

Frame Trailer

DATA

DATA

DATA

0101101010110001

Data Encapsulation Example

Segment Header DATA

Network Header DATA

Network Header

Frame Header DATA

Frame Trailer

Segment Header

DATA

Segment Header

0111111010101100010101101010110001

Segment

E-mail message

Data

Packet

Frame

Bits

(Medium dependent)

Remaining Chapter Sequence

Application

Presentation

Session

transport

Network

Data Link

Physical

7

6

5

4

3

2

1

Network Applications

End-to-end services

Routing

Data Transmission

Summary

The OSI reference model organizes network functions

into seven categories called layers

Data flows from upper-level user applications to lower-

level bits transmitted over network media

Peer-to-Peer functions use encapsulation and de-

encapsulation at layer interfaces

Most network manager task configure the lower three

layers


Application and Upper Layers

Objectives

Upon complention of this chapter, you will be able to: – Name and describe computer, network, and internetwork

applications – Describe the OSI presentation functions and identify common

standards– Describe the OSI session functions and identify common

standards– Describe the OSI transport functions for end-to-end network

services– Identify common processes for establishing connections, flow

control, and windowing


Application, Presentation and Session Layers

Application Layer

COMPUTER

APPLICATIONS

Word processing

Presentation Graphics

Spreadsheet

Database

Design/Manufacturing

Project Planning

Others

NETWORK

APPLICATIONS

Electronic Mail

File transfer

Remote Access

Client/Server Process

Information Location

Network Management

Others

Selects network application to support user’s application

Application Layer (cont.)

INTERNETWORK

APPLICATIONS Electronic Data Interchange

World Wide Web E-Mail Gateways

Special-Interest Bulletin Boards

Financial Transaction Services

Internet Navigation Utilities

Conferencing (Video, Voice, Data)

Others

NETWORK

APPLICATIONS Electronic Mail

File transfer

Remote Access

Client/Server Process

Information Location

Network Management

Others

•Internetwork applications can extend beyond the enterprise

Presentation Layer

• Text• Data

ASCII

EBCDIC

Encrypted• Sound• Video MIDI MPEG QuickTime

• Sound• Video MIDI MPEG QuickTime

• Graphics• Visual Images PICT TIFF JPEG GIF

• Graphics• Visual Images PICT TIFF JPEG GIF

• Provides code formatting and conversion for applications

Session Layer

Network File System (NFS)

Structured Query Language (SQL)

X Window System

AppleTalk Session Protocol (ASP)

DNA Session Control Protocol (SCP)

Service Request

Service Reply

• Coordinates applications as they interact on different hosts


Transport Layer

Transport Layer Overview

Segments upper-layer applications

Establishes an end-to-end connection

Sends segments from one end host to another

Optionally, ensures data reliability

Segment Upper-Layer Applications

Application

Presentation

Session

Transport

FileTransfer

FileTransfer

TerminalSession

TerminalSession

Electronic Mail

Application Data Application Data port port

Segments

• Transport segments share traffic stream

Establishes Connection

SENDER RECEIVER

Synchronize

Negotiate ConnectionSynchronize

Acknowledge

Connection Established

Data Transfer

(Send Segments)

Sends Segments with Flow Control

SENDER RECEIVERTransmit

Buffer Full Process Segments

Buffer OK

Buffer Full Process Segments

Buffer OK

Not ReadyStop

ReadyGo

Resume Transmission

Reliability with Windowing

SENDER RECEIVER

SENDER RECEIVER

Send 1

Send 2

Receive 1Ack 2

Receive 2Ack 3

Send 1Send 2Send 3

Send 4

• Window size = 3Receive 1Receive 2Receive 3Ack 4

An Acknowledgment Technique

SENDER RECEIVER

1 2 3 654 1 2 3 654

Send 1Send 2Send 3

Send 4Send 5Send 6

Send 5

Ack 4

Ack 5

XX

Ack 7

Transport to Network Layer

End-to-end segments

Routed packets

Summary

The ISO/OSI reference model describes network applications Presentation layer formats and converts network application data

to represent text, graphics, images, video, and audio Session-layer functions coordinate communication interactions

between applications Reliable transport-layer functions include

Multiplexing

Connection synchronization

Flow control

Error recovery

Reliability through windowing


Physical and Data Link Layers

Objectives

Upon completion of this chapter, you will be able

to perform the following tasks:

Identify and describe the data link sublayers and

their functions

Explain the use of MAC addresses

Describe the topology and functionally of LANs

Differentiate between LAN and WAN protocols

Describe the characteristics of WAN based

protocols


Physical and Data Link Layers

Physical and Data-link standards

Data Link (frames)

Physical (bits,

signals, clocking)

802.2 LLC

FDDI

802.5

802.3

Ethernet

Dial on

Demand

ISDN

SDLC HDLC

X.25 Link

Frame Relay PPP

V.24

V.35

HSSI

G.703

EAI-530

EAI/TIA-232

EAI/TIA-449

LAN WAN

• Separate physical and data link layers for LAN and WAN

LAN Data Link Sublayer

LLC refers upward to higher-layer software functions

MAC refers downward to lower-layer hardware functions

Network

Data Link

PhysicalMedia Access Control

LLC

MAC

Logical Link Control

Packet or Datagram802.2 LLCMAC Frame

LLC Sublayer Functions

Enable upper layer to gain independence over

LAN media access

Allow service access point (SAPs) from interface

sublayers to upper-layer functions

Provide optional connection, flow control, and

sequencing service

MAC Address

MAC address is burned into ROM on a network interface

card

0000.0c12.3456

Vendor Code Serial Number

24 bits 24 bits

ROM

RAM

Finding the MAC address

An Example:TCP/IP Address Resolution Protocol (ARP) ARP find the MAC address for a data-link connection

Host Z MAC ?

Host Y Host ZARP Request

Broadcast

Example 1: TCP/IP destination local

Host Z

Host Z MAC

ARP Reply

Host Y MAC

Host Z MAC ?

ARP Request

Broadcast Host Z

Host Y Host Z

Router MAC

ARP Reply

Host Y MAC

Example 2: TCP/IP destination not local


Common LAN Technologies

LAN Technology Overview

TokenRing

FDDI Dual Ring

FDDI Dual Ring

Ethernet

Token Ring

FDDI

Ethernet and IEEE 802.s

Several framing variations exist for this common LAN

technology

Physical Layer: Ethernet/802.3

MacPC Sun Sun

10BaseT- Twisted Pair

10Base2 - Thin Ethernet

10Base5 - Thick EthernetHUB

The Ethernet/802.3 Interface

Cisco router’s data link to Ethernet/802.3 uses an interface

named E plus a number (for example, E0)

0800.089c.34d5 0800.2006.1a56E0

Ethernet/802.3 Operation

A B C D

ApplicationPresentationSessionTransportNetworkData LinkPhysical


D B and C

Ethernet/802.3 Broadcast





Ethernet Frame Variations

Preamble DA SA Type Data FCS

8 6 6 2 4

Ethernet Frame

Preamble DA SA Length 802.2 Header FCS

8 6 6 2 4and Data

802.3 Frame

Ethernet/802.3 Reliability

Carrier sense multiple access collision detect

(CSMA/CD)

A B C D

Collosion

A B C D

JAM JAM JAM JAM JAM JAM

High-Speed Ethernet Options

100BaseFX,100BaseTX

100BaseVG AnyLAN

1000BaseSX,1000BaseLX

1000BaseCX

Token Ring and IEEE 802.5

IBM’s Token Ring is equivalent to IEEE 802.5

TokenRing

Physical Layer: Token Ring/802.5

Logically a ring, but physically a star configuration to MAU relays

MAU

Shielded or Unshielded Twisted Pair

Logical Technology

The Token Ring/802.5 Interface

Cisco router’s data link to Token Ring/802.5 uses interface named To

plus a number (for example, To0)

TokenRing To0

Token Ring/802.5 Operation

Token Ring LANs continuously pass a token or a Token

Ring frame

T = 0

T = 1

T = 0

T

T

T Data

Token Ring/802.5 Media Control

Fields in a frame determine priority and reservation

for sharing media

Access Control Field

P Priority bits

T Token bit

M Monitor bit

R Reservation bits

P P P T M R R R

Token Ring/802.5 Active Monitor

Active monitor ensure token operation on the ring for media access

XT

M = 1M = 0

M = 1

T Data

Token Ring/802.5 Reliability

Sending station receives status information in a frame

A

A C r r A C r r

Frame Status Field

0 0 Destination not found

0 1 Copied but not acknowledged

1 0 Unable to copy data from frame

1 1 Station found or frame copied to another ring by a bridge

Fiber Distributed Data Interface (FDDI)

Devices on FDDI maintain connectivity on dual counter-

rotating rings

FDDI Dual Ring

100 Mbps

Physical Layer: FDDI

Devices attached to FDDI use token passing

DAC

DAC

Dual-HomedSAS

SAS

DAS

The FDDI Interface

Cisco router’s data link to FDDI uses an interface named F

plus a number (for example, F0)

FDDI Dual Ring

F0

FDDI Dual-Ring Reliability

1. When a failure domain occurs ...

2. … wrap primary and secondary rings ...

2. … wrap primary and secondary rings ...

3. … maintaining network integrity

X


Common WAN Technologies

WAN Technology Overview

SDLC

HDLC LAPB PPP

X.25 Frame RelayISDN

Physical Layer: WAN

DSU/CSU

EIA/TIA-232V.35X.21HSSI

others

DTE DCE

(Modem)

Data Terminal Equipment End of the user’s device on

the WAN link

Data Circuit-Terminal Equipment End of the WAN provider’s side of

the communication facility

DTE to DCEInterface Standards

Data Link Layer: WAN protocols

SDLC - Synchronous Data Link Control

HDLC - High-Level Data Link Control

LAPB - Link Access Procedure Balanced

Frame Relay - Simplified version of HDLC framing

PPP - Point-to-Point Protocol

X.25 - Packet level protocol (PLP)

ISDN - Integrated Services Digital Network (data-link signaling)

DSU/CSUDSU/CSU

(Modem) (Modem)

Summary

The physical layer provides access to the wires of an internetwork

The data link layer provides support for communication over several types of data links:

LAN (Ethernet/IEEE 802.3, Token Ring/IEEE 802.5, FDDI)

Dedicated WAN (SDLC, HDLC, PPP, LAPB)

Switched WAN (X.25, Frame Relay, ISDN)


Network Layer and Path Determination

Objectives

Upon completion of this chapter, you will be able to:

List the key internetworking functions of the OSI network layer and how they are performed in a router

Describe the two parts of network addressing, then identify the parts in specific protocol address examples

Contrast the network discovery and update processes in distance vector routing with those in link-state routing

List problems that each routing type encounters when dealing with topology changes, and describe techniques to reduce the number of these problems

Explain the services of separate and integrated multiprotocol routing


Network Layer Basics

Network Layer: Path Determination

Layer 3 functions to find the best path through

the internetwork

Which Path?

Network Layer: Communicate Path

Addresses represent the path of media

connections

1

2

3

4

5

6

7

8

9

1011

Addressing: Network and Host

Network address - Path part used by the router

Host address - Specific port or device on the network

Network Host

1

2

3

1

1

123

1.3

1.2

1.1 3.1

2.1

Protocol Addressing Variations

Network Node

1 1

Network Node

10. 8.2.48

Network Node

1ac.eb0b 0000.0c00.6e25

GeneralExample

TCP/IPExample

Novell IPXExample

(Mask 255.0.0.0)

• Routing = building maps and giving directions

• Switching = moving packets between interfaces

Router Functions

198.113.181.0198.113.181.0 [170/304793][170/304793]192.150.42.177192.150.42.177 02:03:5002:03:50 DD

198.113.178.0198.113.178.0

192.168.96.0192.168.96.0

192.168.97.0192.168.97.0

[110/9936][110/9936]192.150.42.177192.150.42.177 02:03:5002:03:50 OO

192.150.42.177192.150.42.177 00:00:2000:00:20 RR

CC

[120/3][120/3]

Ethernet0Ethernet0

Ethernet0Ethernet0

Ethernet0Ethernet0

Ethernet0Ethernet0

Network #Network # InterfaceInterface Next HopNext Hop MetricMetric AgeAge SourceSource

Routing Table

Routing protocols need to handle issues associated with larger networks:• Maintain route information• Select routes

Routing in Internetworks

Routing protocols need to handle issues associated with larger networks:• Support flexible network address management• Redistribute routes• Route multiple protocols

Routing in Internetworks (cont.)

TokenRing

FDDI Dual Ring

FDDI Dual Ring

Source

Dest.

• Which is the best path from Source to Destination?

Route selection: Metrics

Route selection: Load Balancing

FDDI Dual Ring

FDDI Dual Ring

TokenRing

• Load balancing can provide increased bandwidth and redundancy

Route selection: Routing Hierarchy

• A hierarchical network can reflect the corporation’s organization

Hierarchical Network

Corporate Headquarters

National Office

Remote Office

Static Route

Uses a protocol route that a network

administrators enters into the router

Static Route

Uses a protocol route that a network

administrators enters into the router

Dynamic Route

Uses a route that a network routing protocol adjusts automatically for topology or

traffic changes

Dynamic Route

Uses a route that a network routing protocol adjusts automatically for topology or

traffic changes

Static versus Dynamic Routes

AA

BB

Point-to-point or circuit-switched

connection

Only a single network connection with no need for

routing updates “Stub” Network

• Fixed route to address reflects administrator’s knowledge

Static Route Example

• Use if next hop is not explicitly listed in the routing table

AA BB CC192.34.56.0

10.0.0.0

Company X Internet

Routing Table

No entry for destination net

Try router B deafult route

Default Route Example

CC

BBAA

DD

X

• Can alternate route substitute for a failed route ?

Adapting to Topology Change

• Routing protocol maintains and distributes routing information

NetworkNetwork Routing ProtocolRouting Protocol Routing ProtocolRouting Protocol

Routingtable

Routingtable

Routingtable

Routingtable

Dynamic Routing Operations

• Information used to select the best path for routing

BB

AA

E1

E1

64

64

Bandwidth

Delay

Load

Reliability

Bandwidth

Delay

Load

Reliability

Hop count

Ticks

Cost

Hop count

Ticks

Cost

Representing Distance with Metrics


Routing Protocols

CC

BBAA

DD

CC

BBAA

DD

Distance VectorDistance Vector

Hybrid RoutingHybrid Routing

Link StateLink State

Classes of Routing Protocols

Convergence occurs when all routers use a consistent perspective of network topology

Convergence occurs when all routers use a consistent perspective of network topology

After a topology changes, routers must recompute routes, which disrupts routing

After a topology changes, routers must recompute routes, which disrupts routing

The process and time required for router reconvergence varies in routing protocols

The process and time required for router reconvergence varies in routing protocols

One Issue: Time to Convergence

• Pass periodic copies of routing table to neighbor routers and accumulate distance vectors

CC

BBAA

DD

DD CC BB AA

RoutingTable

RoutingTable

RoutingTable

RoutingTable

RoutingTable

RoutingTable

RoutingTable

RoutingTable

Distance Vector Concept

BBAA CC

W X Y Z

Routing Table

X 0

Y 0

Z 1

W 1

Routing Table

X 0

Y 0

Z 1

W 1

Routing Table

Y 0

Z 0

X 1

W 2

Routing Table

Y 0

Z 0

X 1

W 2

• Routers discover the best path to destinations from each neighbor

Routing Table

W 0

X 0

Y 1

Z 2

Routing Table

W 0

X 0

Y 1

Z 2

Distance Vector Network Discovery

• Updates proceed step-by-step from router to router

BB AA

TopologyTopologyChangeChangeCausesCausesRoutingRoutingTableTableUpdateUpdate

Process to Update This Routing Table


Router ARouter ASends Sends

Out ThisOut ThisUpdatedUpdatedRoutingRoutingTableTable



Distance Vector Topology Changes

AA EE

DD

CC

BB

X1

Alternate Route:Network 1, Distance 3

Alternate Route:Network 1, Distance 3

Network 1, UnreachableNetwork 1, Unreachable

Alternate Route: Use ANetwork 1, Distance 4

Alternate Route: Use ANetwork 1, Distance 4

• Alternate routes, slow convergence, inconsistent routing

Network 1Down

Problem: Routing Loops

AA EE

DD

CC

BB

X1

Network 1, Distance 5Network 1, Distance 5




• Routing loops increment the distance vector

Network 1Down

Problem: Counting to Infinity

Routing TableMaximum metric is 16

Network 1 is Unreachable

Routing TableMaximum metric is 16

Network 1 is Unreachable

AA EE

DD

CC

BB

X1





• Specify a maximum distance vector metric as infinity

Network 1Down

Solution: Defining a Maximum

Network 1, unreachableNetwork 1, unreachable

• If you learn a protocol’s route on an interface, do not send information about that route back out that interface

AA EE

DD

CC

BB

X1

Network 1Down

B:Do not update router Aabout routes to network 1

D: Do not update router Aabout routes to network 1

Solution: Split Horizon

Network 1route to network 1has infinite Cost

Network 1route to network 1has infinite Cost

• Router keeps an entry for the network down state, allowing time for other routers to recompute for this topology change

AA EE

DD

CC

BB

X1

Network 1Down

Solution: Route Poisoning

• Routers ignore network update information for some period

AA EE

DD

CC

BB

?,X1

Network 1 DownNetwork 1 Down

Update afterHold-Down Time


Network 1Down







Solution: Hold Down Timers

• After initial flood, pass small event-triggered link-state updates to all other routers

AA

DD

CC

BB

Link-State Packets

TopologicalDatabase

Shortest Path First Tree

RoutingTable

RoutingTable

SPFAlgorithm

Link-State Concept

BBAA CC

W X Y Z

Link-State Packet

W 0

X 0

Link-State Packet

W 0

X 0

Link-State Packet

X 0

Y 0

Link-State Packet

X 0

Y 0

Link-State Packet

Y 0

Z 0

Link-State Packet

Y 0

Z 0

TopologicalDatabase

TopologicalDatabase

TopologicalDatabaseSPF SPF SPF

A RoutingTable

A RoutingTable B Routing

Table

B RoutingTable

C RoutingTable

C RoutingTable

SPF Tree SPF Tree SPF Tree

• Routers calculate the shortest path to destinations in paralell

Link-State Network Discovery

Topology Topology Change in Change in Link- Link- State State UpdateUpdate Process to

Update This Routing Table


• Update processes proceed using the same link-state update





Link-State Topology Changes

TopologicalDatabase

SPF

RoutingTable

RoutingTable

SPF Tree

• Processing and memory required for link-state routing

• Bandwidth consumed for initial link state „flood”

Link-State Concerns

AA

DD

CC

BB

Network 1, Back Up NowNetwork 1, Back Up Now




X,ok

Slow path update Slow path update arrives last

Network 1goes down then comes up

Fast path updates arrive first

Which SPF tree to use for routing?

• Unsynchronized updates, inconsistent path decisions

Problem: Link-State Updates

• Synchronizing large networks-which network topology updates are correct?

• Router startup-order of start alters the topology learned

• Partitioned regions-slow updating part separated from fast updating part

Link State Update Problems (cont.)

• Reduce the need for resources

”Dampen” update frequency

Target link-state updates to multicast

Use link-state area hierarchy for topology

Exchange route summaries at area borders

• Reduce the need for resources

”Dampen” update frequency

Target link-state updates to multicast

Use link-state area hierarchy for topology

Exchange route summaries at area borders

• Coordinate link-state updates

Use time stamps

Update numbering and counters

Manage partitioning using an area hierarchy

• Coordinate link-state updates

Use time stamps

Update numbering and counters

Manage partitioning using an area hierarchy

Solution: Link State Mechanisms

Distance Vector Link-State Views net topology from Gets common view ofneighbor’s perspective entire network topology

Adds distance vectors Calculates the shortestfrom router to router path to other routers

Frequent, periodic updates: Event-triggered updates:slow convergence faster convergence

Passes copies of routing Passes link-state routing updatestable to neighbor routers to other routers

Distance Vector Link-State Views net topology from Gets common view ofneighbor’s perspective entire network topology

Adds distance vectors Calculates the shortestfrom router to router path to other routers

Frequent, periodic updates: Event-triggered updates:slow convergence faster convergence

Passes copies of routing Passes link-state routing updatestable to neighbor routers to other routers

Comparing Distance Vector Routing to Link-State Routing

Choose a

routing path based

on distance vectors

Convergence rapidly using

change-based

updates

Ballanced Hybrid RoutingBallanced Hybrid Routing

• Share attributes of both distance-vector and link-state routing

EIGRP

Hybrid Routing

Summary

•Internetworking functions of the network layer include network addressing and best path selection for traffic

•Network addressing uses one part to identify the path used by the router and one part for ports or devices on the net

•Routed protocols direct user traffic, while routing protocols work between routers to maintain path tables

•Network discovery for distance vector involves exchange of routing tables; problems can include slower convergence

•For link-state, routers calculate the shortest paths to other routers; problems can include inconsistent updates

•Balanced hybrid routing uses attributes of both link-state and distance vector, applying paths to several protocols


Basic Router Operations

External Configuration Sources

Configuraion information can come from many sources

Virtual Terminal

VTY 0-4

TFTP Server

Network Management Statio

InterfacesConsole port

Auxiliary port

RAM NVRAM Flash ROM

Console

Auxiliary Interfaces

Internal Configuration Components

Check hardware

Find and load Cisco IOSsoftware image

Find and apply routerconfiguration information

Check hardware

Find and load Cisco IOSsoftware image

Find and apply routerconfiguration information

• System startup routines initiate router software• Fallback routines provide startup alternatives as needed

An Overview of System Startup

Bootstrap

RAM

CiscoInternetworking

OperatingSystem

ConfigurationFile

Load Bootstrap

Locate and LoadOperating System

Locate and LoadConfiguration File orEnter „setup” mode

ROM

Flash

NVRAM

TFTP Server

ROM

TFTP Server

Console

Startup Sequence

RAM

Command

ExecutiveInternetwork Operation System

ActivePrograms Configuration Tables Buffers

File

BootstrapProgramExecutes

RAM for Working Storage

User EXEC ModeLimited examination ofrouter. Remote access.

Router>

Privileged EXEC ModeDetailed examination of

router. Debugging and testing. File manipulation. Remote access

Router#

SETUP ModePrompted dialog used to establish an

initial configuration.

Global Configuration ModeSimple configuration commands.

Router (config)#

Other Configuration ModeComlex and multiline configuration.

Router (config - mode)#

RXBOOT ModeRecovery from a catastrophe in the

case of a lost password or the operating system being accidentally

erased from Flash

Router Modes

Router con0 is now available

Press RETURN to get started

User Access VerificationPassword:Router>Router> enablePassword:Router#Router# disableRouter>Router> exit

User-mode promptUser-mode prompt

Privileged-mode promptPrivileged-mode prompt

Console

Logging in to the Router:Cisco IOS

Symbolic translation Keyword completion Last command recall <Ctrl>

Command prompting

Syntax checking

Router# clockTranslating „CLOCK”%Unknown command or computer name, or unable to find computer address

Router# clock clear clock

Router# clock%Incomplete command

Router# clock?Set set the time and date

Router# clock set%Incomplete command

Router# clock set?Current time (hh:mm:ss)

Router# clock set 19:56:00%Incomplete command

Router# clock set 19:56:00 ?<1-31> Day of the monthMONTH Month of the year

Router# clock set 19:56:00 04 8.%Invalid input detected at the ‘^ ‘ maker

Router# clock set 19:56:00 04 August%Incomplete command

Router# clock set 19:56:00 04 August ?<1993-2035> Year

Context-Sensitive Help

Router> $ value for our customers, emplyees, investors, and partnersRouter> $ value for our customers, emplyees, investors, and partners

Automatic scrolling of long lines.

<Ctrl><A> Move to the begenning of the command line

<Ctrl><E> Move to the end of the command line

<Esc> Move back one word

<Ctrl><F> Move forward one character

<Ctrl> Move back one character

<Esc><F> Move forward one character

<Ctrl> Refresh line

Automatic scrolling of long lines.

<Ctrl><A> Move to the begenning of the command line

<Ctrl><E> Move to the end of the command line

<Esc> Move back one word

<Ctrl><F> Move forward one character

<Ctrl> Move back one character

<Esc><F> Move forward one character

<Ctrl> Refresh line

Using Editing Commands

<Ctrl> or Up arrow Last (previous) command recall

<Ctrl><N> or Down arrow More recent command recall

Router> show history Show command buffer

Router>terminal history size number-of-lines

Set command buffer size

Router> no terminal editing Disable advanced editing features

Router> terminal editing Reenable advanced editing

<tab> Entry completion

<Ctrl> or Up arrow Last (previous) command recall

<Ctrl><N> or Down arrow More recent command recall

Router> show history Show command buffer

Router>terminal history size number-of-lines

Set command buffer size

Router> no terminal editing Disable advanced editing features

Router> terminal editing Reenable advanced editing

<tab> Entry completion

Reviewing Command History

Summary

Using the routerLog in with user passwordEnter privileged mode with enable passwordDisable or quit

Advanved help featuresCommand completion and promptingSyntax checking

Advanced editing featuresAutomatic line scrollingCursor controlsHistory buffer with command recallCopy and paste using most laptop computers


Examining Router Status

RAM NVRAM Flash

Internetwork Operating System

Active Tables Backup Operating

Programs Configuration and Configuration System

File Buffer File

Interfaces

Router# show processes CPURouter# show protocols

Router# show processes CPURouter# show protocols

Router# show memRouter# show stackRouter# show buffers

Router# show memRouter# show stackRouter# show buffers Router# show startup-config

Router# show config

Router# show startup-configRouter# show config

Router# show versionRouter# show version Router# show flashRouter# show flash Router# show interfaceRouter# show interface

Router Status Commands

Router# show running-congifRouter# write term

Router# show running-congifRouter# write term

Router# show versionCisco Internetwork Operating System SoftwareIOS ™ 4500 Software (C4500-J-M), Experimental Version 11.2 (199600626:214907)Copyright © 1986-1996 by cisco System, Inc.Complied Fri 28-Jun-96 16:32 by rbeachImage test-base: 0x600088A0, data-base: 0x6076E000

ROM: System Bootstrap, Version5.1 (1) [daveu 1], RELEASE SOFTWARE (fc1)ROM: 4500-XBOOT Bootstrap Software, Version 10.1(1), RELEASE SOFTWARE (fc1)

router uptime is 1 week, 3 days, 32 minutesSystem restarted by reloadSystem image file is „c4500-j-mz”, booted via tftp from 171.69.1.129

- - - More - - -

Router# show versionCisco Internetwork Operating System SoftwareIOS ™ 4500 Software (C4500-J-M), Experimental Version 11.2 (199600626:214907)Copyright © 1986-1996 by cisco System, Inc.Complied Fri 28-Jun-96 16:32 by rbeachImage test-base: 0x600088A0, data-base: 0x6076E000

ROM: System Bootstrap, Version5.1 (1) [daveu 1], RELEASE SOFTWARE (fc1)ROM: 4500-XBOOT Bootstrap Software, Version 10.1(1), RELEASE SOFTWARE (fc1)

router uptime is 1 week, 3 days, 32 minutesSystem restarted by reloadSystem image file is „c4500-j-mz”, booted via tftp from 171.69.1.129

- - - More - - -

show version Command

Use write terminal with

Release 10.3 and earlier

Use show config with

Release 10.3 and earlier

Router# show running-configBuilding configuration . . .

Current configuration:

!

Version 11.2

!

- - - More - - -

Router# show running-configBuilding configuration . . .

Current configuration:

!

Version 11.2

!

- - - More - - -

Router# show startup-configUsing 1108 out of 130048 bytes

!

Version 11.2

!

Hostname router

- - - More - - -

Router# show startup-configUsing 1108 out of 130048 bytes

!

Version 11.2

!

Hostname router

- - - More - - -

show running-config Command and show startup-config Command


Configuring a Router

Objectives

Upon completion of this chapter, you will be able to

perform the following tasks:

Load an existing configuration file

Change the router identification

Assign a password to both the user and privileged

EXEC modes

Configure a serial interface

Save the changes to NVRAM

Cisco IOS software version

Router identification

Boot file locations

Protocols information

Interface configurations

Router Configuration Overview

Global Configuration ModeRouter# config termRouter (config)# : : :Router (config) # (command)Router (config)#Router (config)# exitRouter#

Router# config term : : :Router (config)# router protocolRouter (config-router) # : : :Router (config-router) # (command)Router (config-router) # : : :Router (config-router) # exitRouter (config) # interfacetype portRoute (config-if) # : : :Router (config-if) # (command)Router (config-if) # : : :Router (config-if) # exitRouter (config) # exitRouter#

Router# config termRouter (config)# : : :Router (config) # (command)Router (config)#Router (config)# exitRouter#

Router# config term : : :Router (config)# router protocolRouter (config-router) # : : :Router (config-router) # (command)Router (config-router) # : : :Router (config-router) # exitRouter (config) # interfacetype portRoute (config-if) # : : :Router (config-if) # (command)Router (config-if) # : : :Router (config-if) # exitRouter (config) # exitRouter#

• Other Configuration Mode

Used for system-wide configuration requiring one command line. Includes commands to enter other configuration modes

Usedforother configurations requiring multiple command lines

Configuration Modes

Use these commands for routers running Cisco IOS Release 11.0 or later

NVRAM

show startup-configshow startup-config

erase startup-configerase startup-config

Copy tftp startup-config

Copy tftp startup-config

show running-configshow running-config

copy running-config tftpcopy running-config tftp

copy tftp running-configcopy tftp running-config

copy running-config startup-config

copy running-config startup-config

config termconfig term

config memoryconfig memory

RAM

TFTP Server (IP Only)

Console or Terminal

Bit bucket

Working with 11.x Config Files

Tokyo# copy running-config tftpRemote host []? 131.108.3.155name of configuration file to write [tokzo-confg] ? Tokyo.2Write file tokyo.2 to 131.108.2.155? [confirm] yWriting tokyo.2 ! ! ! ! ! ! ! ! [OK]tokyo#

Tokyo# copy running-config tftpRemote host []? 131.108.3.155name of configuration file to write [tokzo-confg] ? Tokyo.2Write file tokyo.2 to 131.108.2.155? [confirm] yWriting tokyo.2 ! ! ! ! ! ! ! ! [OK]tokyo#

Router# copy tftp running-configHost or network configuration file [host]?IP address of remote host [255.255.255.255]? 131.108.2.155Name of configuration file [router-confg] ? Tokyo.2configure using tokyo.2 from 131.108.2.155? [confirm] yBooting tokyo.2 from 131.108.2.155: ! ! [OK - 874/16000 bytes]tokyo#

Router# copy tftp running-configHost or network configuration file [host]?IP address of remote host [255.255.255.255]? 131.108.2.155Name of configuration file [router-confg] ? Tokyo.2configure using tokyo.2 from 131.108.2.155? [confirm] yBooting tokyo.2 from 131.108.2.155: ! ! [OK - 874/16000 bytes]tokyo#

RAM

RAM

Using a TFTP Server

User EXEC mode

Privileged EXEC mode

Global configuration mode

Router>

Router#

Router(config)#

<Ctrl><z>

Exit

Other configuration modes

Configuration Mode Prompt

InterfaceSubinterfaceControllerMap-list

Map-classLine

RouterIPX-routerRoute-map

Router (config.if)#Router (config-subif)#Router (config-controllr) #Router (config-map-list) #Router (config-map-class)#Router (config-line)#Router (config-router) #Router (config-ipx-router)#Router (config-route-map)#

Overview of Router Modes

Sets local identify or message for the accessed router or interface

Router (config) # hostname TokyoTokyo#

Router (config) # hostname TokyoTokyo#

Tokyo (config) # banner motd# Welcome to router Tokyo Accounting Department 3rd Floor

Tokyo (config) # banner motd# Welcome to router Tokyo Accounting Department 3rd Floor

Tokyo (config) # interface e 0Tokyo (config-if) # description EngineeringLAN, Bldg. 18

Tokyo (config) # interface e 0Tokyo (config-if) # description EngineeringLAN, Bldg. 18

Router Name

Login Banner

Interface Decsription

Configuring Router Identification

Router (config) # line console 0Router (config-line) # loginRouter (config-line) # password cisco

Router (config) # line console 0Router (config-line) # loginRouter (config-line) # password cisco

Router (config) # line vty 0 4Router (config-line) # loginRouter (config-line) # password cisco

Router (config) # line vty 0 4Router (config-line) # loginRouter (config-line) # password cisco

Router (config) # enable-password san-franRouter (config) # enable-password san-fran

Router (config) # service password-encryption(set password here)

Router (config) # no service password-encryption

Router (config) # service password-encryption(set password here)

Router (config) # no service password-encryption

Console Password

Virtual Terminal Password

Enable Password

Perform PasswordEncryption

Password Configuration

• Type includes serial, ethernet, tokenring, fddi, hssi, loopback, dialer null async atm bri and tunnel

Router (config) # interface type portRouter (config) # interface type slot/port

Router (config) # interface type portRouter (config) # interface type slot/port

Router (config-if) # shutdownRouter (config-if) # shutdown

• Use this commadn to administratively turn off an interface without altering its other configuration entries

Router (config-if) # exitRouter (config-if) # exit

• Turn on an interface that has been shutdown

Router (config-if) # no shutdownRouter (config-if) # no shutdown

• Quit from current config-interface mode

Router (config) # interface type number.subinterfaceRouter (config) # interface type number.subinterface

• After designating the primary interface, use this to establish virtual interfaces on the single physical interface

Interface Configuration Mode

Make changes in configuration modes

Examine resultsRouter# show running-config

Intended results?

Save changes to backupRouter# copy running-config startup-configRouter# copy running-config tftp

Examine backup fileRouter# show startup-config

Remove changes

Router (config) # no . . . .

Router# config mem

Router# copy tftp running-config

Router# erase startup-configRouter# reload

Yes

No

Verifying Configuration Changes

Using NVRAM with Release 11.x

Router# configure memory[OK]Router#

Router# configure memory[OK]Router#

Router# erase startup-config[OK]Router#

Router# erase startup-config[OK]Router#

Router# copy runnning-config startup-configRouter#

Router# copy runnning-config startup-configRouter#

Router# show startup-config

using 5057 out of 32768 bytes!Enable-password san-fran!Interface Ethernet 0ip address 131.108.100.5 255.255.255.0!----More ----

Router# show startup-config

using 5057 out of 32768 bytes!Enable-password san-fran!Interface Ethernet 0ip address 131.108.100.5 255.255.255.0!----More ----

NVRAM

NVRAM

NVRAM

NVRAM

RAM

RAM

Bit bucket

Summary

Configuration files can come from the console, NVRAM, or a TFTP server

The router has several modes:

Privileged mode used for copying and managing entire configuration files

Global configuration mode used for one-line commands and commands that change the entire router

Other configuration modes used for multiple command lines and detailed configurations

The router provides a host name, a banner, and interface descriptions to aid in identification


Managing the Configuration Environment

Configuration registersRegisters in NVRAM for modifying fundamental Cisco IOS software

Identifies where to boot Cisco IOS image (for examle, use config-mode commands)

Configuration registersRegisters in NVRAM for modifying fundamental Cisco IOS software

Identifies where to boot Cisco IOS image (for examle, use config-mode commands)

Router# configure terminalRouter(config)# boot system flash IOS_filenameRouter(config)# boot system tftp IOS_filename tftp_addressRouter(config)# boot system rom[Ctrl-Z]Router# copy running-config startup-config

Router# configure terminalRouter(config)# boot system flash IOS_filenameRouter(config)# boot system tftp IOS_filename tftp_addressRouter(config)# boot system rom[Ctrl-Z]Router# copy running-config startup-config

Boot system commands not found in NVRAMBoot system commands not found in NVRAM

Get default Cisco IOS software from flashGet default Cisco IOS software from flash

Flash memory emptyFlash memory empty

Get default Cisco IOS software from tftp serverGet default Cisco IOS software from tftp server

Locating the Cisco IOS Software

Router>show versionCisco Internetwork Operating System Software

Copyright (c) 1986-1998 by cisco Systems, Inc.Compiled Tue 26-May-98 17:50 by dschwartImage text-base: 0x60010900, data-base: 0x60974000

ROM: System Bootstrap, Version 11.1(8)CA1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)BOOTFLASH: RSP Software (RSP-BOOT-M), Version 11.2(14)P, RELEASE SOFTWARE (fc1)

Router uptime is 23 hours, 24 minutesSystem restarted by reload at 15:44:39 CET-DST Tue Sep 1 1998

--More--

Router>show versionCisco Internetwork Operating System Software

Copyright (c) 1986-1998 by cisco Systems, Inc.Compiled Tue 26-May-98 17:50 by dschwartImage text-base: 0x60010900, data-base: 0x60974000

ROM: System Bootstrap, Version 11.1(8)CA1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)BOOTFLASH: RSP Software (RSP-BOOT-M), Version 11.2(14)P, RELEASE SOFTWARE (fc1)

Router uptime is 23 hours, 24 minutesSystem restarted by reload at 15:44:39 CET-DST Tue Sep 1 1998

--More--

IOS (tm) RSP Software (RSP-ISV-M), Version 11.2(14)P, RELEASE SOFTWARE (fc1)

System image file is "slot0:rsp-isv-mz.112-14.P", booted via slot0

show version Command

cisco RSP4 (R5000) processor with 32768K/2072K bytes of memory.R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)Last reset from power-onG.703/E1 software, Version 1.0.Channelized E1, Version 1.0.Bridging software.X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.Chassis Interface.4 VIP2 controllers (2 FastEthernet)(12 E1).2 FastEthernet/IEEE 802.3 interface(s)218 Serial network interface(s)123K bytes of non-volatile configuration memory.

20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).8192K bytes of Flash internal SIMM (Sector size 256K).

cisco RSP4 (R5000) processor with 32768K/2072K bytes of memory.R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)Last reset from power-onG.703/E1 software, Version 1.0.Channelized E1, Version 1.0.Bridging software.X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.Chassis Interface.4 VIP2 controllers (2 FastEthernet)(12 E1).2 FastEthernet/IEEE 802.3 interface(s)218 Serial network interface(s)123K bytes of non-volatile configuration memory.

20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).8192K bytes of Flash internal SIMM (Sector size 256K).

Configuration register is 0x102

show version Command (cont.)

Router# configure terminalRouter(config)# config-register 0x10F[Ctrl-Z]

Router# configure terminalRouter(config)# config-register 0x10F[Ctrl-Z]

• Configuration register bits 3,2,1, and 0 set boot option

Configuration-Register Value Meaning

0x0 Use ROM monitor mode(Manually boot using the bcommand

0x1 Automatically boot from ROM(default if router has no flash)

0x2 to 0xF Examine NVRAM for boot systemcommands (0x2 default if router hasFlash)

Configuration-Register Value Meaning

0x0 Use ROM monitor mode(Manually boot using the bcommand

0x1 Automatically boot from ROM(default if router has no flash)

0x2 to 0xF Examine NVRAM for boot systemcommands (0x2 default if router hasFlash)

• Check configuration register setting with show version

Configuration Register Values

Router> show flash (dir)-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. unknown 81E4BFDC 64D114 19 6475924 Jun 11 1998 09:32:10 rsp-isv-mz.112-14.P

14102252 bytes available (6476052 bytes used)

Router> show flash (dir)-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. unknown 81E4BFDC 64D114 19 6475924 Jun 11 1998 09:32:10 rsp-isv-mz.112-14.P


Router> show flash bootflash: (show flash device:)-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. unknown D607A4A1 3FCDD4 20 3919188 Jun 11 1998 10:13:04 rsp-boot-mz.112-14.P


Router> show flash bootflash: (show flash device:)-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. unknown D607A4A1 3FCDD4 20 3919188 Jun 11 1998 10:13:04 rsp-boot-mz.112-14.P


• Display the layout and contents of current device

• Display the layout and contents of the specified device

show flash Command

Router>show flash devicesslot0, slot1, bootflash, slaveslot0, slaveslot1, slavebootflash,slavenvram, nvram, tftp, rcp

Router>show flash devicesslot0, slot1, bootflash, slaveslot0, slaveslot1, slavebootflash,slavenvram, nvram, tftp, rcp

Router> pwdslot0

Router> pwdslot0

• List possible devices

• Display current directory

• Change directory

Router> cd device:Router> cd device:

Flash devices

Flash

RAM

TFTPServercopy device: tftp

Router# copy slot0: tftpEnter source file name: rsp-isv-mz.112-14.PEnter destination file name [rsp-isv-mz.112-14.P]:CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCAddress or name of remote host [sun]? 192.168.7.120!

Router# copy slot0: tftpEnter source file name: rsp-isv-mz.112-14.PEnter destination file name [rsp-isv-mz.112-14.P]:CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCAddress or name of remote host [sun]? 192.168.7.120!

• Back up files from flash devices

Creating a Software Image Backup

Flash

RAM

TFTPServercopy tftp device:

Tozsde_1#copy tftp slot0:Enter source file name: rsp-isv-mz.112-15a.P14102124 bytes available on device slot0, proceed? [confirm]Address or name of remote host [sun]?Accessing file "rsp-isv-mz.112-15a.P" on sun ...FOUNDLoading rsp-isv-mz.112-15a.P from 192.168.7.120 (via FastEthernet4/0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!![OK - 6480440/9797440 bytes]CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

Tozsde_1#copy tftp slot0:Enter source file name: rsp-isv-mz.112-15a.P14102124 bytes available on device slot0, proceed? [confirm]Address or name of remote host [sun]?Accessing file "rsp-isv-mz.112-15a.P" on sun ...FOUNDLoading rsp-isv-mz.112-15a.P from 192.168.7.120 (via FastEthernet4/0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!![OK - 6480440/9797440 bytes]CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

Downloading the Image from the Net

Summary

Create running and startup configuration

Configure interface

Determine the load location of the Cisco IOS image


Access to Other Routers

Media and protocol interaction

TCP/IP Novell AppleTalk Others IPX

CDP discovers and show Information about directly connected Cisco devices

LANs Frame ATM Others Relay

TCP/IP Novell AppleTalk Others IPX

CDP discovers and show Information about directly connected Cisco devices

LANs Frame ATM Others Relay

Upper Layer Entry Addresses

Cisco Proprietary Data-Link Protocol

Media Supporting SNAP

Cisco Discovery Protocol (CDP) Overview

Single command summarizes protocols and adresses on target (for example, neighboring Cisco router)

IP, IPXRouterIP, AppleTalk

CDPRouterIP, CLNS, DECnet

CDP

RouterIP, CLNS

#sho cdp

Show CDP Neighbor Entries

Enable CDP on each interface

Router A

Router B

S0E0

S0E0

Frame RelayWAN routerA (confi-if)# cdp enablerouterA (confi-if)# cdp enable

routerA# show cdp interfaceSerial0 is up, line protocol is up, encapsulation is Frame Relay Sending CDP packets every 60 seconds Holdtime is 180 secondsEthernet0 is up, line protocol is up, encapsulation is ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds

routerA# show cdp interfaceSerial0 is up, line protocol is up, encapsulation is Frame Relay Sending CDP packets every 60 seconds Holdtime is 180 secondsEthernet0 is up, line protocol is up, encapsulation is ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds

CDP Configuration Example

routerA#sho cdp neighborsCapabality Codes: R - Router, T - Trans Bridge,

B - Source-Route Bridge, S - Switch, H - Host, I - IGMP

Device ID Local Intrfce Holdtime Capabality Platform Port IDrouterB.cisco.com Eth0 151 R T AGS Eth0routerB.cisco.com Ser0 165 R T AGS Ser3

routerA#show cdp neighbors detail------------------------------------------Device ID: routerB.cisco.comEntry aaddress(es): IP address: 196.92.68.18 CLNS address: 490001.1111.1111.1111.00 Appletalk address: 10.1Platform: AGS, Capabalities: Router Trans-BridgeInterface: Ethernet0, port ID (outgoing port): Ethernet0Holdtime: 143 sec

routerA#sho cdp neighborsCapabality Codes: R - Router, T - Trans Bridge,

B - Source-Route Bridge, S - Switch, H - Host, I - IGMP

Device ID Local Intrfce Holdtime Capabality Platform Port IDrouterB.cisco.com Eth0 151 R T AGS Eth0routerB.cisco.com Ser0 165 R T AGS Ser3

routerA#show cdp neighbors detail------------------------------------------Device ID: routerB.cisco.comEntry aaddress(es): IP address: 196.92.68.18 CLNS address: 490001.1111.1111.1111.00 Appletalk address: 10.1Platform: AGS, Capabalities: Router Trans-BridgeInterface: Ethernet0, port ID (outgoing port): Ethernet0Holdtime: 143 sec

Showing CDP Neighbors

routerA#sho cdp entry routerB---------------------------------Device ID: routerBEntry address(es): IP address: 198.92.68.18 CLNS address: 490001.1111.1111.1111.00 APPLETALK ADDRESS: 10.1Platform: AGS, Capabalities: Router Trans-BridgeInterface: Ethernet0, Port ID (outgouing port): Ethernet0Holdtime: 155 sec

Version:IOS ™ GS Software (GS3), 11.2(13337) [asastry]Copyright © 1986-1996 by cisco System, Inc.complied Tue 14-May-96 1:04

routerA#sho cdp entry routerB---------------------------------Device ID: routerBEntry address(es): IP address: 198.92.68.18 CLNS address: 490001.1111.1111.1111.00 APPLETALK ADDRESS: 10.1Platform: AGS, Capabalities: Router Trans-BridgeInterface: Ethernet0, Port ID (outgouing port): Ethernet0Holdtime: 155 sec

Version:IOS ™ GS Software (GS3), 11.2(13337) [asastry]Copyright © 1986-1996 by cisco System, Inc.complied Tue 14-May-96 1:04

Showing CDP Entries for a Device


TCP/IP Overview

Objectives

Upon completion of this chapter, you will be able to

perform the following tasks:

Describe how the TCP/IP implementation relates to the OSI

reference Model

Identify the functions of the TCP/IP transport-layer protocols

Identify the functions of the TCP/IP network-layer protocols

Identify the functions performed by ICMP

TCP/IP Protocol Stack

Application

Presentation

Session

Transport

Network

Data Link

Physical

7

6

5

4

3

2

1

Application

Transport

Internet

Network Interface

OSI Reference Model TCP/IP Conceptual Layers

Ethernet, 802.3, 802.5, FDDI, and so on

Application Layer Overview

*Used by the router

Application

Transport

Internet

Network Interface

Hardware

File Transfer•TFTP*•FTP•NFS

E-mail•SMTP

Remote Login•Telnet*•rLogin

Network Management•SNMP*

Name Management•DNS*


Transport Layer

Transport Layer Overview

*Used by the router

Application

Transport

Internet

Network Interface

Hardware

Transmission Control Protocol (TCP)

User Datagram Protocol (UDP)

TCP Segment Format

Source Port

Dest. Port

Sequence Number

Acknowledgment Number

HLEN Reserved Code Bits

#Bits 16 16 32 32 4 66

Window Check-sum

Urgent Pointer

Option Data...

16 16 16 0 or 32

Port Numbers

161

FTP

TELNET

SMTP

DNS

TFTP

SNMP

TCP UDP

21 23 25 53 69Port

Numbers

Application Layer

Transport Layer

TCP Port Numbers

Source Port

Dest. Port

...

Dest.port = 23 Send packet to

my Telnet application.

1028 ……...23

SP DP

Host A Host ZTelnet Z

TCP Handshake/Open Connection

Host A Host Z

Receive SYN (seq = y, ack = x+1)

Send SYN (seq = x)

Send ACK (ack = y+1)

Receive SYN (seq = x)

Send SYN (seq = y, ack = x+1)

Receive ACK (ack = y+1)

TCP Simple Acknowledgement

Sender

Send ACK 2

• Window size = 1

Receiver

Send 1

Send 2

Send 3Receive 3

Receive 1

Receive 2Send ACK 3

Send ACK 4

Receive ACK 2

Receive ACK 3

Receive ACK 4

TCP Sliding Window

Sender

Send ACK 7

• Window size = 3

ReceiverSend 1

Send 2Send 3

Receive 3

Receive 1

Receive 2

Send ACK 4Receive ACK 4

Send 4

Send 5

Send 6

Receive ACK 7

Receive 4

Receive 5

Receive 6

UDP Segment Format

No sequence or acknowledgement fields

Source Port

Destination Port

Length Data ….

#Bits 16 16 16 16

Checksum


Network Layer

Internet Layer Overview

OSI network layer corresponds to the TCP/IP

Internet layer

Application

Transport

Internet

Network Interface

Hardware

Internet Protocol (IP)

Internet Control Message Protocol (ICMP)

Address Resolution Protocol (ARP)

Reserve Address resolution Protocol (RARP)

IP Diagram

VERS HLEN Type of service

Total Length Identification Flags Frag Offset

#Bits 4 4 8 16 16 3 13 8

ProtocolHeader

ChecksumDestination IP Address

IP Option

Data...

8 16 32 32 var

TTL

Source IP Address

Protocol Field

Determines destination upper-layer protocol

TCP UDP

IP

176

Transport Layer

Internet Layer

Protocol Numbers

Internet Control Message Protocol (ICMP)

Application

Transport

Internet

Network Interface

Hardware

Destination Unreachable

Echo (Ping)

Other

ICMP

ICMP Testing

Destination unreachable– Host or port unreachable

– Network unreachable

I do not know how to get to Z!

Send ICMP

Send data to Z Host A

To Z

Destination unreachable

Data Network

ICMP Testing (cont.)

Generated by the ping command

Is B reachable ?Host A

ICMP Echo Reply

Yes, I am here.Host B

ICMP Echo Request

Address Resolution Protocol (ARP)

Map IP Ethernet Local ARP

I need the Ethernet

address of 172.16.3.2 172.16.3.1

IP: 12.16.3.2 = Ethernet: 0800.0020.1111

I heard that broadcast, that is me. Here is my

Ethernet address.Host B

IP: 172.16.3.2 = ???

Reserve ARP (RARP)

Map Ethernet IP ARP and RARP are implemented directly on

top of the data link layer

What is my IP address?

Ethernet: 0800.0020.1111 IP: 12.16.3.25

I heard thatbroadcast.

IP address is172.16.3.25

Ethernet: 0800.0020.1111 IP = ???

Summary

The TCP/IP protocol stack has the following

components:Protocols to support file transfer, e-mail, remote login, and other

applications

Reliable and “unreliable” transports

Connectionless datagram delivery at the network layer

ICMP provides control and message functions at the

network layer


IP Address Configuration

Objectives

Upon completion of this chapter, you will be able

to perform the following tasks:

Describe the different classes of IP addresses

Configure IP addresses

Verify IP addresses


TCP/IP Address Overview

IP Addressing

Network Host

32 Bits

8 Bits 8 Bits 8 Bits 8 Bits

172 . 16 . 122 . 204

Class A:

Class B:

Class C:

Class D: for multicast

Class E: for research

N= Network number assigned by NIC

H= Host number assigned by network administrator

IP Address Classes

N H H H

N N H H

N N N H

Recognizing Classes in IP Addresses (First Octet Rule)

High OrderBits

Octet in Decimal

AddressClass

0

10

110

1 - 126

128 - 191

192 - 223

A

B

C


Configuring IP Addresses

Host Addresses

172.16.200.1

172.16.3.10

172.16.12.12

10.1.1.1

10.250.8.11

10.180.30.118

IP:172.16.2.1 IP:10.6.24.2

172.16

Network12 . 12

Host

. Routing TableNetwork Interface172.16.0.0 E0 10.0.0.0 E1

E0 E1

Subnetting Addressing

172.16.2.200

172.16.2.2

172.16.2.160

172.16.3.5

172.16.3.100

172.16.3.150

IP:172.16.2.1 IP:172.16.3.1

172.16

Network

2

Subnet

. New Routing TableNetwork Interface172.16.2.0 E0 172.16.3.0 E1

E0 E1

. 160

Host

Subnet Mask

IP Adresses

DefaultSubnet Mask

8-bitSubnet

Mask

172 16 0 0

255 255 0 0

255 255 255 0

Network Host

Network Host

Network HostSubnet

Use host bits, starting at the high order bit position

Broadcast Address

172.16.3.0

172.16.3.0

172.16.1.0

172.16.3.255 (Directed broadcast)

172.16.2.0

255.255.255.255(Local Network broadcast) XX

Assigns an address and subnet mask Start IP processing on an interface

ip address ip-address subnet-maskip address ip-address subnet-mask

term ip netmask-formatterm ip netmask-format

Sets format of network mask as seen in show commands

Router (config) #

Router (config-if) #

IP Address Configuration

Define statics host name to IP address mapping

ip host name [tcp-port-number] address [address] . . .ip host name [tcp-port-number] address [address] . . .

ip host tokyo 1.0.0.5 2.0.0.8ip host tokyo 1.0.0.4

ip host tokyo 1.0.0.5 2.0.0.8ip host tokyo 1.0.0.4

Hosts/interfaces selectable by name or IP address

Router (config) #

IP Host Names

Specifies one or more hosts that

supply host name information

ip name-server server-address1 [[server-address2] . . . [server-address6]

ip name-server server-address1 [[server-address2] . . . [server-address6]

Router (config) #

Name Server Configuration

DNS enables by default

Turns off the name service

ip domain-lookupip domain-lookup

Router (config) #

Router (config) #

no ip domain-lookupno ip domain-lookup

Name System

Test IP network connectivity

Router> ping 172.16.101.1Type escape sequence to abort

timeout is 2 second Success rate is 80 percent, round-trip min/avg/max = 6/6/6 msRouter>

Router> ping 172.16.101.1Type escape sequence to abort

timeout is 2 second Success rate is 80 percent, round-trip min/avg/max = 6/6/6 msRouter>

Sending 5, 100-byte ICMP Echos to 172.16.101.1,

. ! ! ! !

Simple Ping

Ping supported for several protocols

Router# ping

Repeat count [5]:Datagram size [100]:Timeout in second [2]:Extended commands [n] : zSource address:Type of service [0]:

Data pattern [0xABCD]:Loose, Strict, Record, Timestamp, Verbose[none]:Sweep range of siyes [n]:Tzpe escape sequence to abort.Sending 5, 100/bzte ICMP Echos to 192.168.101.162, timeout is 2 second:! ! ! ! !Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 msRouter#

Router# ping

Repeat count [5]:Datagram size [100]:Timeout in second [2]:Extended commands [n] : zSource address:Type of service [0]:

Data pattern [0xABCD]:Loose, Strict, Record, Timestamp, Verbose[none]:Sweep range of siyes [n]:Tzpe escape sequence to abort.Sending 5, 100/bzte ICMP Echos to 192.168.101.162, timeout is 2 second:! ! ! ! !Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 msRouter#

Protocol [ip]:Target IP address: 192.168.101.162

Set DF bit in IP header? [no] : yes

Extended Ping

Shows interface addresses used to reach the

destination

Router# trace aba.nyc.milType escape sequence to abort.

1 debris.cisco.com (172.16.1.6) 1000 msec 8 msec 4 msec 2 barrnet-gw.cisco.com (172.16.16.2) 8 msec 8 msec 8 msec 3 externa-a-gateway.stanford.edu (192.42.110.225) 8 msec 4 msec 4 msec 4 bb2.su.barrnet.net (131.119.254.6) 8msec 8 msec 8 msec 5 su.arc.barrnet.net (131.119.3.8) 12 msec 12 msec 8 msec 6 moffett-fld-mb.in.mil (192.52.195.1) 216 msec 120 msec 132 msec

Router# trace aba.nyc.milType escape sequence to abort.

1 debris.cisco.com (172.16.1.6) 1000 msec 8 msec 4 msec 2 barrnet-gw.cisco.com (172.16.16.2) 8 msec 8 msec 8 msec 3 externa-a-gateway.stanford.edu (192.42.110.225) 8 msec 4 msec 4 msec 4 bb2.su.barrnet.net (131.119.254.6) 8msec 8 msec 8 msec 5 su.arc.barrnet.net (131.119.3.8) 12 msec 12 msec 8 msec 6 moffett-fld-mb.in.mil (192.52.195.1) 216 msec 120 msec 132 msec

7 aba.nyc.mil (26.0.0.73) 412 msec * 664 msec

Tracing the route to aba.nyc.mil (26.0.0.73)

IP Trace

Summary

IP addresses are specified in 32-bit dotted decimal format

Router interface can be configured with an IP address

ping and trace commands can be used to verify IP address configuration


IP Routing Configuration

Objectives

Upon completion of this chapter, you will be able to perform the following tasks:

Perform the initial configuration of your router and enable IP

Add the RIP routing protocol to your configuration

Add the EIGRP routing to your configuration

• Static routes

• Default routes

• Dynamic routing

• Static routes

• Default routes

• Dynamic routing

IP Routing Learns Destinations

Define a path to an IP destination network or

subnet

ip route network [mask] {address | interface } [distance]ip route network [mask] {address | interface } [distance]

Router (config) #

Static Route Configuration

Cisco BCisco A

S1

S0S2 S0

E0

172.16.2.1

172.16.2.2

ip route 172.16.1.0 255.255.255.0 172.16.2.1ip route 172.16.1.0 255.255.255.0 172.16.2.1

Static Route Configuration

Define a default route

Router (config) #

ip default-network network-numberip default-network network-number

Default Route Configuration

Network 172.16.0.0Subnet Mask 255.255.255.0

Company X Public Network

192.168.17.0

router ripnetwork 172.16.0.0network 192.168.17.0ip default-network 192.168.17.0

router ripnetwork 172.16.0.0network 192.168.17.0ip default-network 192.168.17.0

Cisco A

Cisco A

Default Route Example

RIP

IGRP

Interior Routing Protocols:

Exterior Routing Protocols

Autonomous System 100 Autonomous System 200

Interior or Exterior Routing Protocols

Router (config)# router ?bgp Border Gateway Protocol (BGP)egp Exterior Gateway Protocol (EGP)eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)igrp Interior Gateway Routing Protocol (IGRP)sisis ISO-IS ISiso-igrp IGRP for OSI networkmobile Mobile routerodr On Demand stub Routerospf Open Shorted Path First (OSPF)rip Routing Information Protocol (RIP)static Static routes

Router (config) # router rip

Router configuration commands: default-information control distribution of default information default-metric Set metric of redistrative router distance Define an administrative distance distance-list Filter network in routing updates exit Exit from routing protocol configuration mode--- More ---

Router (config)# router ?bgp Border Gateway Protocol (BGP)egp Exterior Gateway Protocol (EGP)eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)igrp Interior Gateway Routing Protocol (IGRP)sisis ISO-IS ISiso-igrp IGRP for OSI networkmobile Mobile routerodr On Demand stub Routerospf Open Shorted Path First (OSPF)rip Routing Information Protocol (RIP)static Static routes

Router (config) # router rip

Router configuration commands: default-information control distribution of default information default-metric Set metric of redistrative router distance Define an administrative distance distance-list Filter network in routing updates exit Exit from routing protocol configuration mode--- More ---

Router (config-router) # ?

IP Routing Protocol Mode

Application

Transport

Internet

Network InterfaceHardware

Routing Information Protocols (RIP)

Interior Gateway Routing Protocols (IGRP)

Open Shorted Path First Protocols (OSPF)

Enhanced IGRP (EIGRP)

Interior IP Routing Protocols

Global configuration– Select routing protocol(s)

– Specify network(s)

Interface configuration– Verify address/subnet mask

Network 172.30.0.0

Network 172.16.0.0

IGRP

RIP

RIP

IGRP, RIP

Network 160.89.0.0

IP Routing Configuration Tasks

Defines an IP routing protocol

Router (config) #

router protocol [keyword]router protocol [keyword]

Router (config-router) #

Network network-numberNetwork network-number

The network subcommand is a mandatory configuration command for each IP routing process

Dynamic Routing Configuration


Routing Information Protocol

Hop count metric selects the path

19.2 kbps

T1T1

T1

RIP Overview

• Starts the RIP routing process

Router (config) #

router riprouter rip


network network-numbernetwork network-number

• Selects participating attached networks

RIP Configuration

Cisco E

Cisco A

Cisco B Cisco CCisco D

T0

S0S1

S2

Token Ring

Token Ring

1.4.0.0

1.1.0.0

1.2.0.0

3.3.0.0

2.3.0.0

2.2.0.0

2.7.0.0

2.6.0.0

2.5.0.0

2.1.0.0

2.4.0.0

Cisco A

router ripnetwork 1.0.0.0network 2.0.0.0

router ripnetwork 1.0.0.0network 2.0.0.0

RIP Configuration Example

Router> show ip protocolRouting Protocol is „rip”

Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing : rip

Routing Information Sources: Gateway Distance Last Update 183.8.128.12 120 0:00:14 183.8.64.130 120 0:00:19 183.8.128.130 120 0:00:03

Router> show ip protocolRouting Protocol is „rip”

Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing : rip


Routing for Network: 183.8.0.0. 144.253.0.0

Sending update every 30 seconds, next due in 13 seconds

Distance: (default is 120)

Monitoring IP

Router> show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, E1 - OSPF external type1, E2 - OSPF external type 2, E - EGP, I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is not set

144.253.0.0 is subnetted (mask is 255.255.255.0), 1 subnetsC 144.253.100.0 is directly connected, Ethernet0R 153.50.0.0 [120/1] via 183.8.128.12, 00:00:09, Ethernet0 183.8.0.0. Is subnetted (mask is 255.255.255.128), 4 subnetsR 183.8.0.128 [120/1] via 183.8.128.130, 00:00:17, Serial0

[120/1] via 183.8.64.130, 00:00:17, Serial1C 183.8.128.0 is directly connected, Ethernet0C 183.8.64.128 is directly connected, Serial1C 183.8.128.128 is directly connected, Serial0R 192.3.63.0

Router> show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, E1 - OSPF external type1, E2 - OSPF external type 2, E - EGP, I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is not set

144.253.0.0 is subnetted (mask is 255.255.255.0), 1 subnetsC 144.253.100.0 is directly connected, Ethernet0R 153.50.0.0 [120/1] via 183.8.128.12, 00:00:09, Ethernet0 183.8.0.0. Is subnetted (mask is 255.255.255.128), 4 subnetsR 183.8.0.128 [120/1] via 183.8.128.130, 00:00:17, Serial0

[120/1] via 183.8.64.130, 00:00:17, Serial1C 183.8.128.0 is directly connected, Ethernet0C 183.8.64.128 is directly connected, Serial1C 183.8.128.128 is directly connected, Serial0R 192.3.63.0

Displaying the IP Routing Table


Internet Gateway Routing Protocol

IGRP Overview

CC

Composite metric selectss the path

Speed is the primary consideration

19.2 kbps

T1T1 T1

IGRP Configuration

• Defines IGRP as an IP routing process

Router (config) #

router igrp autonomous-systemrouter igrp autonomous-system


network network-numbernetwork network-number

• Selects participating attached networks

IGRP Configuration Example

Cisco E

Cisco A

Cisco B Cisco CCisco D

T0

S0S1

S2

Token Ring

Token Ring

1.4.0.0

1.1.0.0

1.2.0.0

3.3.0.0

2.3.0.0

2.2.0.0

2.7.0.0

2.6.0.0

2.5.0.0

2.1.0.0

2.4.0.0

Cisco A

router igrp 109network 1.0.0.0network 2.0.0.0

router igrp 109network 1.0.0.0network 2.0.0.0

show ip protocol Command

Router> show ip protocol Routing Protocol is „igrp 300”

Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default netwworks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing : igrp 300


--More--

Router> show ip protocol Routing Protocol is „igrp 300”

Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default netwworks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing : igrp 300


--More--

Routing for Network: 183.8.0.0. 144.253.0.0

Sending update every 30 seconds, next due in 55 seconds

Distance: (default is 120)

Summary

Routers can be configured to use one or more IP routing protocols

Two IP routing protocols are:

RIP

IGRP


Configuring Novell IPX

Objectives


Describe the Novell IPX protocol stack

Describe key features of Novell IPX

List the required IPX address and encapsulation type

Enable the Novell IPX protocol and configure interfaces

Monitor Novell IPX operation on the router


IPX Routing Overview

Novell IPX Protocol Stack

Upper Layer Protocols

Transport

Network

Data Link

Physical

7

6

5

4

3

2

1

OSI Reference Model NetWare 3.x/4.x Protocols

Internetwork Packet Exchange (IPX)

RIP SAP NCP NLSP Other

Protocols

SPX

Open Data-Link Interface (ODI)

Medium Access Protocols (Ethernet, Token Ring, WAN, others)

Key Novell IPX Features

Address is 80 bits (network.node)

Interface MAC address is part of logical address

Multiple encapsulations per interface

Default routing protocol is Novell RIP

Novell service advertisements in SAP traffic

NetWare clients find servers with GNS packets

Novell IPX Addressing

Each interface has a unique address

48 bits (from MAC)

Network.Node

Up to 32 bitsNetwork 4a1d

4a1d.0000.0c56.de33 2c.0000.0c56.de33

3f.0000.0c56.de34

Network 2c

Network 3f

S0E0

E1

Multiple Novell Encapsulations

For example, four types of Ethernet framing

• Ethernet_II

Novell IPX Name Framing Structure

• Ethernet_802.2

• Ethernet_SNAP

• Ethernet_802.3

Default for NetWare 3.11 or earlier

Default for NetWare 3.12 or later

Ethernet IPX

802.3 IPX 802.2 LLC

802.3 IPX 802.2 LLC 802.2 LLC SNAP

802.3 IPX

Cisco Encapsulation Names

Specify encapsulation when you configure IPX network

Novell IPX Name Cisco IOS

Name Ethernet_II arpa

Ethernet_802.2 sap

Ethernet_SNAP snap

Ethernet_802.3 novell-ether

Token-Ring token

Token-Ring_SNAP snap

Exercise: IPX Parameter Planning

R2 Interface Network Name Address Encapsulation

S0S1E1

Network c0b0 S0 hdlc

Network d100Network b001 Network b1b0

arpa

hdlc

snap

arpa S1E0

E0

E1

E0

S1

S0

• Write the IPX addresses and encapsulation types for R2

R1 R2

R0 R3

RIP - The IPX Routing Protocol

Uses ticks (about 1/18 sec.) and hop count (maximum of 15 hops) Broadcasts routing information to neighbor routers every 60 seconds

RIP Table

RIP Table

RIP Table

RIP Table

RIP Table

RIP Table

RIP Table

RIP Table

A

B

C

D

D C B A

SAP - Service Advertisement

SAP packets advertise all NetWare services Can add excessive broadcast traffic to the network

SAP

SAP

SAP tableAdvertiseses

print service

Listens to SAP

Advertiseses file service

GNS - Clients Get Nearest Server

GNS is a broadcast from a client needing a server

File server and Cisco router get this SAP packet

File server provides GNS response

SAP

GNS request

File Server

GNS response

NetWare Client


Configuring IPX Routing

Novell IPX Configuration Tasks

Global configuration

– IPX routing

– Load sharing

Interface configuration

– Network numbers

– Encapsulation type

Network 9e encap arpa

RIP

RIP

IPX

Network 4a encap arpa

Novell IPX Global Configuration

Configures round-robin load sharing over multiple equal metric paths

Router (config) #

Router (config) #

IPX routing [ node ]IPX routing [ node ]

Enables Novell IPX routing

IPX maximum-path pathIPX maximum-path path

Novell IPX Interface Configuration


IPX network number [encapsulation encapsulation-type] [secondary]

IPX network number [encapsulation encapsulation-type] [secondary]

Assigns primary and secondary network

number and encapsulation


Verifying and Monitoring IPX Routing

Verifying IPX Operation

Monitoring Commands Troubleshooting Commands

Show ipx interface debug ipx routing activity

Show ipx route debug ipx sap

Show ipx servers

Show ipx traffic

Monitoring IPX Status

Router# show ipx interface ethernet 0Ethernet0 is up, line protocol is up

IPX address is 3010.aa00.0400.0284, NOVELL-ETHER [up] line-up, RIPPQ: 0, SAPPQ: 0Delay of this Novell network, in ticks is 1IPXWAN processing not enabled on this interfaceIPX SAP update interval is 1 minute(s)IPX type 20 propagation packet forwarding is disabledOutgoing access list is not setIPX helper access list is not setSAP Input filter list is not setSAP Output filter list is not setSAP Router filter list is not setSAP GNS output filter list is not setInput filter list is not setOutput filter list is not setRouter filter list is not setNetbios Input host access list is not setNetbios Input bytes access list is not setNetbios Output host access list is not setNetbios Output bytes access list is not setUpdate time is 60 seconds

-- More --

Router# show ipx interface ethernet 0Ethernet0 is up, line protocol is up

IPX address is 3010.aa00.0400.0284, NOVELL-ETHER [up] line-up, RIPPQ: 0, SAPPQ: 0Delay of this Novell network, in ticks is 1IPXWAN processing not enabled on this interfaceIPX SAP update interval is 1 minute(s)IPX type 20 propagation packet forwarding is disabledOutgoing access list is not setIPX helper access list is not setSAP Input filter list is not setSAP Output filter list is not setSAP Router filter list is not setSAP GNS output filter list is not setInput filter list is not setOutput filter list is not setRouter filter list is not setNetbios Input host access list is not setNetbios Input bytes access list is not setNetbios Output host access list is not setNetbios Output bytes access list is not setUpdate time is 60 seconds

-- More --

Monitoring IPX Routing Tables

Router# show ipx routeCodes: C - Connected primary network, C - Connected secondary network

R - RIP, E - EIGRP, S - static, W - IPXWAN connected5 Total IPX routes

Up to 2 parallel paths allowed Novell routing algorithm variant in use

R Net 3030 [6/1] via 3021.0000.0c03.13d3, 23 sec, 1 uses, Serial1via 3020.0000.0c03.13d3, 23 sec, 0 uses, Serial0

C Net 3020 (x25), is directly connected, 15 uses, Serial0C Net 3021 (HDLC), is directly connected, 15 uses, Serial1C Net 3010 (NOVELL_ETHER), is directly connected, 15 uses, Ethernet0C Net 3000 (NOVELL_ETHER), is directly connected, 15 uses, Ethernet1

Router# show ipx routeCodes: C - Connected primary network, C - Connected secondary network

R - RIP, E - EIGRP, S - static, W - IPXWAN connected5 Total IPX routes

Up to 2 parallel paths allowed Novell routing algorithm variant in use

R Net 3030 [6/1] via 3021.0000.0c03.13d3, 23 sec, 1 uses, Serial1via 3020.0000.0c03.13d3, 23 sec, 0 uses, Serial0

C Net 3020 (x25), is directly connected, 15 uses, Serial0C Net 3021 (HDLC), is directly connected, 15 uses, Serial1C Net 3010 (NOVELL_ETHER), is directly connected, 15 uses, Ethernet0C Net 3000 (NOVELL_ETHER), is directly connected, 15 uses, Ethernet1

Router> show ipx serversCodes: P - Periodic, I - Incremental, H- Holddown, S - static1 Total IPX Servers

Table ordering is based on routing and server info

Type Name Net Address Port RouteHops ItfP4 MAXINE AD33000.0000.1b04.0288:0451 332800/1 2

Et3

Router> show ipx serversCodes: P - Periodic, I - Incremental, H- Holddown, S - static1 Total IPX Servers

Table ordering is based on routing and server info

Type Name Net Address Port RouteHops ItfP4 MAXINE AD33000.0000.1b04.0288:0451 332800/1 2

Et3

Monitoring IPX Servers List

Monitoring IPX Traffic

Router# show ipx trafficSystem Traffic for 2018.0000.0000.0001 System-Name: dtp-18Rcvd: 23916 total, 13785 format errors, 0 checksum errors, 0 bad hopcount,

0 packets pitched, 23916 local dastinatio, 0 multicastBcast: 17111 received, 9486 sentSent: 16067 generated, 0 forwarded

0 encapsulation failed, 0 no routeSAP: 6 SAP request, 6 SAP replies, 2309 servers

0 SAP Nearest Name requests, 0 replies0 SAP General Name requests, 0 replies1521 SAP advertisements received, 2212 sent0 SAP flash updates sent, 0 SAP format errors

RIP: 6 RIP request, 6 RIP replies, 2979 routes8033 RIP advertisements received, 4300 sent154 Rip flash updates sent, 0 RIP format eroors

Echo: Rcvd 0 request, 0 repliesSent 0 request, 0 replies0 unknown: 0 no socket, 0 filtered, 0 no helper0 SAPs throttled, freed NDB len 0

-- More --

Router# show ipx trafficSystem Traffic for 2018.0000.0000.0001 System-Name: dtp-18Rcvd: 23916 total, 13785 format errors, 0 checksum errors, 0 bad hopcount,

0 packets pitched, 23916 local dastinatio, 0 multicastBcast: 17111 received, 9486 sentSent: 16067 generated, 0 forwarded

0 encapsulation failed, 0 no routeSAP: 6 SAP request, 6 SAP replies, 2309 servers

0 SAP Nearest Name requests, 0 replies0 SAP General Name requests, 0 replies1521 SAP advertisements received, 2212 sent0 SAP flash updates sent, 0 SAP format errors

RIP: 6 RIP request, 6 RIP replies, 2979 routes8033 RIP advertisements received, 4300 sent154 Rip flash updates sent, 0 RIP format eroors

Echo: Rcvd 0 request, 0 repliesSent 0 request, 0 replies0 unknown: 0 no socket, 0 filtered, 0 no helper0 SAPs throttled, freed NDB len 0

-- More --

Troubleshooting IPX Routing

Router# debug ipx routing activityIPX routing debugging is onRouter#IPXRIP: positing full update to 3010.ffff.fffff.fffff via Ethernet0 (broadcast)IPXRIP: positing full update to 3000.ffff.fffff.fffff via Ethernet1 (broadcast)IPXRIP: positing full update to 3020.ffff.fffff.fffff via Serial0 (broadcast)IPXRIP: positing full update to 3021.ffff.fffff.fffff via Serial1 (broadcast)IPXRIP: sending update to 3020.ffff.fffff.fffff via Serial0 IPXRIP: src=3020.0000.0c23.14d8, dst=3020.ffff.ffff.ffff, packet sent

network 3021, hops 1, delay 6 network 3010, hops 1, delay 6 network 3000, hops 1, delay 6

IPXRIP: sending update to 3021.ffff.fffff.fffff via Serial1IPXRIP: src=3021.0000.0c03.14d8, dst=3021.ffff.ffff.ffff, packet sent


IPXRIP: sending update to 3010.ffff.fffff.fffff via Ethernet0IPXRIP: src=3021.0000.0c03.14d8, dst=3010.ffff.ffff.ffff, packet sent

network 3020, hops 2, delay 7 network 3010, hops 1, delay 1

-- More --

Router# debug ipx routing activityIPX routing debugging is onRouter#IPXRIP: positing full update to 3010.ffff.fffff.fffff via Ethernet0 (broadcast)IPXRIP: positing full update to 3000.ffff.fffff.fffff via Ethernet1 (broadcast)IPXRIP: positing full update to 3020.ffff.fffff.fffff via Serial0 (broadcast)IPXRIP: positing full update to 3021.ffff.fffff.fffff via Serial1 (broadcast)IPXRIP: sending update to 3020.ffff.fffff.fffff via Serial0 IPXRIP: src=3020.0000.0c23.14d8, dst=3020.ffff.ffff.ffff, packet sent


IPXRIP: sending update to 3021.ffff.fffff.fffff via Serial1IPXRIP: src=3021.0000.0c03.14d8, dst=3021.ffff.ffff.ffff, packet sent


IPXRIP: sending update to 3010.ffff.fffff.fffff via Ethernet0IPXRIP: src=3021.0000.0c03.14d8, dst=3010.ffff.ffff.ffff, packet sent

network 3020, hops 2, delay 7 network 3010, hops 1, delay 1

-- More --

Troubleshooting IPX SAP

Router# debug ipx sapIPX sap debugging is onRouter#NovellSAP: at 0023F778I SAP response type 0x2 len 160 src:160.0000.0c00.070d dest: 160.ffff.ffff.ffff(452)

type 0x4, “HELLO2”, 199.0002.0004.0006 (451), 2 hopstype 0x4, “HELLO1”, 199.0002.0004.0006 (451), 2 hops

NovellSAP: sending update to 160NovellSAP: at 00169080

0 SAP Update type 0x2 len 96 ssoc:0x452 dest: 160.ffff.ffff.ffff(452)Novell: type 0x4 “Magnolia”, 42.0000.0000.0001 (451), 2 hops

Router# debug ipx sapIPX sap debugging is onRouter#NovellSAP: at 0023F778I SAP response type 0x2 len 160 src:160.0000.0c00.070d dest: 160.ffff.ffff.ffff(452)

type 0x4, “HELLO2”, 199.0002.0004.0006 (451), 2 hopstype 0x4, “HELLO1”, 199.0002.0004.0006 (451), 2 hops

NovellSAP: sending update to 160NovellSAP: at 00169080

0 SAP Update type 0x2 len 96 ssoc:0x452 dest: 160.ffff.ffff.ffff(452)Novell: type 0x4 “Magnolia”, 42.0000.0000.0001 (451), 2 hops

Summary

Address is network.node

Logical address contains interface MAC address

IPX interface configuration supports multiple data-link

encapsulations

Rip uses the distance vectors of ticks and hops

SAPs and GNS broadcasts function to connect client

and server


Basic Traffic Management with Access Lists

Objectives


Describe the use, value, and processes of access lists

Configure standard and extended access lists to filter IP traffic

Monitor and verify selected access list operations on the router

IPX and AppleTalk access lists later


Access Lists Overview

Deny traffic you do not want based on packet tests (for example, addressing or traffic type)

Specify packet traffic for dialing remote sites using dial-on-demand routing (DDR)

FDDI Dual Ring

FDDI Dual Ring

TokenRing

Internet172.16.0.0

172.17.0.0

Why use Access Lists?

Standard– Simpler address specifications

– Generally permits or denies entire protocol suite

Access List ProcessesProtocol

Source and Destination

Permit? S0

E0

Optional Dialer

Incoming Packet

Outgoing Packet

Extended– More complex address specification

– Generally permits or denies specific protocols

What Are Access Lists?

Choose Interface

Route/bridge

?

Table Entry

?

Access List?

Permit?

Notify Sender

Unwanted Packet

Packet Discard Bucket

Packet

Packet

Inbound Interfaces

Outbound Interfaces

Packet

Y

Y

Y

Y

N

N N N

Firewall

Test Access List

Statements

How Access Lists Work

Permit

Permit

Permit

Deny

Deny

Deny

Deny

Match Last Test?

Match First Test?

Match Next Test?

Packet Discard Bucket

Destination Interface(s)

Packet to Interface(s) in the Access Group

Y Y

Y

YY

Y

N

N

NImplicit

Deny

A List of Tests: Deny or Permit

Access lists are numbered (for IP, numbered or named)

Step 1: Set parameters for this access list test statement (which can be one of several statements)Router (config) #

access-list access-list-number {permit|deny}{test conditions} access-list access-list-number {permit|deny}{test conditions}

Step 2: Enable an interface to become part of the group that uses the specified access listRouter (config-if) #

{protcol} access-group access-list-number {in|out}{protcol} access-group access-list-number {in|out}

Access List Command Overview

Number identifies the protocol and type Other number ranges for most protocols

Access List Type Number Range/Identifier

IP Standard 1-99Extended 100-199

Named (Cisco IOS 11.2 and later)

IPX Standard 800-899SAP filters 1000-1099

AppleTalk 600-699

Access List Type Number Range/Identifier

IP Standard 1-99Extended 100-199

Named (Cisco IOS 11.2 and later)

IPX Standard 800-899SAP filters 1000-1099

AppleTalk 600-699

How to identify Access Lists


TCP/IP Access Lists

• Limit traffic and restrict network use

• Enable directed forwarding of broadcasts

FTP X

XBroadcast

Managing IP Traffic Overview

Access lists control packet movement through a network

Transmission of packets on an interface

Virtual terminal line access ( IP)

Access List Application

Access lists are multipurpose

Route filteringRoutingtable

Dial-on-demand routingQueueList

Priority and custom queuing

Other Access List Uses

Standard lists (1 to 99) test conditions of all IP packets from

source addresses

Extended lists (100 to 199) can test conditions of – Source and destination addresses

– Specific TCP/IP-suite protocols

– Destination

Wildcard bits indicate how to check the corresponding

address bits (0=check, 1=ignore)

Key Concepts for IP Access Lists

0 means check corresponding bit value

1 means ignore value of corresponding bit

128 64 32 16 8 4 2 1

0 0 0 0 0 0 0 0 =

0 0 1 1 1 1 1 1 =

0 0 0 0 1 1 1 1 =

0 0 0 0 0 0 1 1 =

1 1 1 1 1 1 1 1 =

Octet bit position and address value for bit

Check all address bits (match all)

Ignore last 6 address bits



Do not check address (ignore bits in octet)

Examples

How to Use Wildcard Mask Bits

Address and wildcard mask: 172.30.16.0 0.0.15.255

IP access list test conditions:Check for IP subnets 172.30.16.0 to 172.30.31.0

network.host 172.30.16.00

0 0 0 1 0 0 0 0

Wildcard mask to match bits: 0000 1111 check ignore

How to Use Wildcard Mask Bits (cont.)

Accept any address: 0.0.0.0 255.255.255.255; abbreviate the expression using the keyword any

Test conditions: Ignore all the address bits (match any)

Any IP address 0 . 0 . 0 . 0

Wildcard mask: 255.255.255.255(ignore all)

How to Use the Wildcard any

Abbreviate the wildcard using the IP address followed by the keyword host. For example, 172.30.16.29 host

Example 172.30.16.29 0.0.0.0 checks all the address bits

Test conditions: Check all the address bits (match all)

An IP host address, for example:172.30.16.29

Wildcard mask: 0.0.0.0(check all bits)

How to Use the Wildcard host

• Sets parameters for this list entry

• IP standard access lists use 1 to 99

Router (config) #

access-list access-list-number { permit | deny } source [source-mask] access-list access-list-number { permit | deny } source [source-mask]

Router (config) #

ip access-group access-list-number { in | out } ip access-group access-list-number { in | out }

• Activates the list on an interface

IP Standard Access List Configuration

For Standard IP Access Lists

Incoming packet Access list?

Next entry in list Does sourceaddress match?

Apply condition

More entries?

Route tointerfaceDeny Permit

No

No

No

Yes

Yes

Yes

ICMP Message Forward Packet

Inbound Access List Processing

For Standard IP Access Lists

Incoming packet Access list?

Next entry in list Does sourceaddress match?

Apply condition

More entries?

Deny Permit

No

No

No

Yes

Yes

Yes

ICMP Message Forward Packet

Route tointerface

Outbound Access List Processing

Permit my network only

E0 E1S0 172.16.4.13

172.16.3.0 Non- 172.16.0.0

172.16.4.0

access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255)

interface ethernet 0ip accress-group 1 outinterface ethernet 1ip access-group 1 out

access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255)

interface ethernet 0ip accress-group 1 outinterface ethernet 1ip access-group 1 out

Standard Access List Example

Allow more precise filtering conditions

– check source and destination IP address

– Specify an optional IP protocol port number

– Use access list number range 100 to 199

Extended IP Access Lists

• Activates the extended list on an interface

• Sets parameters for this list entry

• IP uses a list number in range 100 to 199

Router (config) #

access-list access-list-number { permit | deny } protocol source source-mask destination destination-mask [operator operand] [established]

access-list access-list-number { permit | deny } protocol source source-mask destination destination-mask [operator operand] [established]

ip access-group access-list-number { in | out } ip access-group access-list-number { in | out }

Extended Access List Configuration

Filters based on icmp messages

Router (config) #

access-list access-list-number { permit | deny } {source source-wildcard |any}

{destination destination-wildcard | any }


{destination destination-wildcard | any } [icmp-type [ icmp-code] | icmp-message ]

icmp

ICMP Command Syntax

Filters based on tcp/tcp port number or name

access-list access-list-number { permit | deny } [ operator source-port| source-port] {destination destination-wildcard | any }

access-list access-list-number { permit | deny } [ operator source-port| source-port] {destination destination-wildcard | any }

Router (config) #

[operator destination-port | destination-port ][established]

{source source-wildcard |any}tcp

TCP Syntax

Filters based on udp protocol or udp port number or name


[ operator source-port| source-port ] {destination destination-wildcard | any }


[ operator source-port| source-port ] {destination destination-wildcard | any }

Router (config) #

udp

[operator destination-port | destination-port ]

UDP Syntax

Access list?

Source address

Destination address

Protocol? *

Protocol options ?

Apply condition

Deny Permit

Next entry in listNext entry in list

ICMP Message

Match

Match

Match

Match

Yes

Forward Packet

Does not match

No

* If present in access list

packet

Extended Access List Processing

Deny FTP for E0

E0 E1S0 172.16.4.13

172.16.3.0 Non- 172.16.0.0

172.16.4.0

access-list 101 deny tcp 172.16.4.0 0.0.0.255. 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip 172.16.4.0 0.0.0.255 0.0.0.0 255.255.255.255 (implicit deny all)

(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)

interface ethernet0ip address-group 101 out

access-list 101 deny tcp 172.16.4.0 0.0.0.255. 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip 172.16.4.0 0.0.0.255 0.0.0.0 255.255.255.255 (implicit deny all)

(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)

interface ethernet0ip address-group 101 out

Extended Access List Example

Router# show ip interface

Ethernet 0 is up, line protocol is up Internet address is 192.54.222.2, subnet mask is 255.255.255.0 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 byte Helper address is 192.52.71.4 Secondary address 131.182.115.2, subnet mask 255.255.255.0

Proxy ARP is enabled Security level is default Slit horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent Ip fast switching is enabled Gateway Discovery is disabled IP accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Router #

Router# show ip interface

Ethernet 0 is up, line protocol is up Internet address is 192.54.222.2, subnet mask is 255.255.255.0 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 byte Helper address is 192.52.71.4 Secondary address 131.182.115.2, subnet mask 255.255.255.0

Proxy ARP is enabled Security level is default Slit horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent Ip fast switching is enabled Gateway Discovery is disabled IP accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Router #

Outgoing access list 10 is setInbound access list is not set

Monitoring Access Lists

• Display access lists from all protocols

Router #

show access-listsshow access-lists

• Display a specific IP access lists

Router #

show ip access-lists [access-list-number]show ip access-lists [access-list-number]

• Clear packet counts

Router #

clear access-lists counters [ access-list-number]clear access-lists counters [ access-list-number]

• Display line configuration

Router #

show lineshow line

Access List show Command

Router> show access-lists

Standard IP access list 19permit 172.16.19.0

Standard Ip access list 49permit 172.16.31.0 wildcard bits 0.0.0.255permit 172.16.194.0 wildcard bits 0.0.0.255permit 172.16.195.0 wildcard bits 0.0.0.255permit 172.16.196.0 wildcard bits 0.0.0.255permit 172.16.197.0 wildcard bits 0.0.0.255

Extended IP access list 101permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 23

Type code access list 201permit 0x6001 0x0000

Type code access list 202permit 0x6004 0x0000deny 0x0000 0xFFFF

Router>

Router> show access-lists

Standard IP access list 19permit 172.16.19.0

Standard Ip access list 49permit 172.16.31.0 wildcard bits 0.0.0.255permit 172.16.194.0 wildcard bits 0.0.0.255permit 172.16.195.0 wildcard bits 0.0.0.255permit 172.16.196.0 wildcard bits 0.0.0.255permit 172.16.197.0 wildcard bits 0.0.0.255

Extended IP access list 101permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 23

Type code access list 201permit 0x6001 0x0000

Type code access list 202permit 0x6004 0x0000deny 0x0000 0xFFFF

Router>

deny 0.0.0.0, wildcard bits 255.255.255.255

Monitoring Access List Statements


Restricting Virtual Terminal Access

Standard and extended access lists will not block access from the router

For security, virtual terminal (vty) access can be blocked to or from the router

XX

Router#Router#

Virtual Terminal Access Overview

Five virtual terminal lines (0-4)

Set identical restrictions on all the virtual terminal lines

Router#Router#

01 2 3

4 Virtual port (vty 0 4)

Physical port (E0)

How to Control vty Access

Restricts incoming and outgoing connections between a particular virtual terminal line into a device (and the addresses in an access list)

Router (config) #

Line { vty number | vty-range}Line { vty number | vty-range}

• Enters configuration mode for a terminal line or a range of lines

Router (config/line) #

access-class access-list-number { in | out } access-class access-list-number { in | out }

Virtual Terminal Line Commands

Virtual Terminal Access Example

Permits only hosts in netwrok 192.89.55.0 to

connect to the virtual terminal ports on the

router

Controlling Inbound Access

Access-list 12 permit 192.89.55.0 0.0.0.255!Line vty 0 4access-class 12 in

Access-list 12 permit 192.89.55.0 0.0.0.255!Line vty 0 4access-class 12 in


Novell IPX Access Lists

Key Concepts for IPX Access Lists

IPX addressing uses a network.node and a socket number

Standard lists (800 to 899) can filter source and destination

address

Access list (1000 to 1099) are SAP filters for service types and

servers on one or more networks

Other access list number ranges offer additional Novell

software filters (examples: GNS, RIP, NLSP)

IPX Standard Access List Configuration

Activates the IPX standard access list on an interface

Router (config) #

Router (config) #

Access-list access-list-number { deny| permit} source-network [. Source-node] [ source-node-mask] [destination-network] [.destination-node] [destination-node-mask]

Access-list access-list-number { deny| permit} source-network [. Source-node] [ source-node-mask] [destination-network] [.destination-node] [destination-node-mask]

Sets parameters for this list entry

Standard access list uses list-number in range 800 to 899

ipx access-group access-list-numberipx access-group access-list-number

Standard IPX Access List Example

ipx routingaccess-list 800 permit 2b 4d(implicit deny all)int e 0ipx network 4dipx access-group 800int e 1ipx network 2bint e 2ipx network 3c

ipx routingaccess-list 800 permit 2b 4d(implicit deny all)int e 0ipx network 4dipx access-group 800int e 1ipx network 2bint e 2ipx network 3c

E2

Cilent

Cilent

Server

network 4d

network 2b

network 3c

E0E1

E2

Why to Control IPX Overhead

Frequent updates reduce the bandwidth for user traffic

WAN Link Flooded with Overhead Traffic

server

server

server

server

client

Advertising Routing

Find Server

Advertising Routing

Advertising Routing

Advertising Routing C

A B

SAP Table

SAP Table

Normal IPX SAP Operation

Router does not forward SAP broadcasts

IPX routers send SAP table every 60 seconds

Server/RouterA Server/RouterB

Server/RouterC

Server/RouterD

Client1

Client2

SAP Table

SAP Table

SAP TableSAP

Table

SAP TableSAP

Table

SAP TableSAP

Table

A Big IPX Network

How to Use SAP Filters

Plan for SAP filters and enter global command Note. Must set up SAP filters on all routers

SAP Filter Goalsdeny type 7 (print server) SAP from 2adeny type 98 (access server) SAP from 5bdeny type 24 (router) SAP to 7cdeny type 4 (file server) SAP from 4adeny type 26a (NMS)deny type 7a (NetWare for VMS) SAP from *8permit the remaining SAPs

SAP Filter Goalsdeny type 7 (print server) SAP from 2adeny type 98 (access server) SAP from 5bdeny type 24 (router) SAP to 7cdeny type 4 (file server) SAP from 4adeny type 26a (NMS)deny type 7a (NetWare for VMS) SAP from *8permit the remaining SAPs

Access-list 1000-1099

How to Use SAP Filters (cont.)

Apply the access list to the interface as an input or output SAP filter

SAP TableSAP

Table

SAP TableSAP

TableSAPSAP

SAPSAP

SAP

SAP

SAP

SAP

SAP

SAP SAP

Input filter: Do not add filtered SAPs to SAP table

Output filter: Do not add filtered SAPs to the SAP table sent

SAP Filter Configuration

Router (config) #

access-list access-list-number { deny| permit} network [.node] [ network-mask-node-mask] [server-type [server-name]]

access-list access-list-number { deny| permit} network [.node] [ network-mask-node-mask] [server-type [server-name]]

Creates an entry in a SAP filter list


ipx input -sap-filter access-list-numberipx input -sap-filter access-list-number

Activates the input SAP filter on the interface


ipx output -sap-filter access-list-numberipx output -sap-filter access-list-number

Activates the output SAP filter on the interface

SAP Filter Example 1

TokenRing

access-list 1000 deny 9e.1234.5678.1212 4access-list 1000 permit -1interface ethernet 0ipx network 9einterface ethernet 1ipx network 4ainterface serial 0ipx network 1ipx output-sap-filter 1000

access-list 1000 deny 9e.1234.5678.1212 4access-list 1000 permit -1interface ethernet 0ipx network 9einterface ethernet 1ipx network 4ainterface serial 0ipx network 1ipx output-sap-filter 1000

File services from Novell server C are not advertised to A or B

Network 3d

Network 1

Network 4a

Network 9e

1234.5678.1212

E0 S0

S0 T0E1

A

B

C

D

Cisco B

SAP Filter Example 2

TokenRing

access-list 1001 deny -1 7access-list 1001 permit -1interface ethernet 0ipx network 9einterface ethernet 1ipx network 4ainterface serial 0ipx network 1ipx output-sap-filter 1001

access-list 1001 deny -1 7access-list 1001 permit -1interface ethernet 0ipx network 9einterface ethernet 1ipx network 4ainterface serial 0ipx network 1ipx output-sap-filter 1001

Print services from Novell server C and D are not entered into the SAP table

Network 3d

Network 1

Network 4a

Network 9e

1234.5678.1212

E0 S0

S0 T0E1

A

B

C

D

Cisco B

dtp -19# sh ipx int et1/1Ethernet0 is up, line protocol is up

IPX address is 10.0000.0c0d.724f, NOVELL-ETHER [up] line-upDelay of this IPXl network, in ticks is 1 throughput 0 link delay 0IPXWAN processing not enabled on this interfaceIPX SAP update interval is 1 minute(s)IPX type 20 propagation packet forwarding is disabledIncoming access list is not setOutgoing access list is not setIPX helper access list is not setSAP GNS processing enabled, delay 0 ms, output filter list is not setSAP Input filter list is not setSAP Output filter list is not setSAP Router filter list is not setInput filter list is not setOutput filter list is not setRouter filter list is not setNetbios Input host access list is not setNetbios Input bytes access list is not setNetbios Output host access list is not setNetbios Output bytes access list is not setUpdate time is 60 seconds, aging multiples RIP: 3 SAP: 3

-- More --

dtp -19# sh ipx int et1/1Ethernet0 is up, line protocol is up

IPX address is 10.0000.0c0d.724f, NOVELL-ETHER [up] line-upDelay of this IPXl network, in ticks is 1 throughput 0 link delay 0IPXWAN processing not enabled on this interfaceIPX SAP update interval is 1 minute(s)IPX type 20 propagation packet forwarding is disabledIncoming access list is not setOutgoing access list is not setIPX helper access list is not setSAP GNS processing enabled, delay 0 ms, output filter list is not setSAP Input filter list is not setSAP Output filter list is not setSAP Router filter list is not setInput filter list is not setOutput filter list is not setRouter filter list is not setNetbios Input host access list is not setNetbios Input bytes access list is not setNetbios Output host access list is not setNetbios Output bytes access list is not setUpdate time is 60 seconds, aging multiples RIP: 3 SAP: 3

-- More --

Monitoring IPX Access List

dtp-19# sh access-listsIPX access list 800

deny 8000IPX access list 801

deny FFFFFFFF

dtp-19# sh access-listsIPX access list 800

deny 8000IPX access list 801

deny FFFFFFFF

Documents

Bevezetés a Cisco routerek konfigurálásába. Szemmelveisz András E-mail: [email protected]