New Ccna 200-120 Topics

AHMED NABIL

Arranged by:Eng. AHMED NABIL

CCNA

Routing &

Switching

E T WO R K E R S

AHMED NABIL

New Cisco

Certifications model

AHMED NABIL

The Golden Redundancy

Rule

(One is none, Two

yadobak One)

- Link redundancy (EC)

- Router/Switch redundancy

(FHRP)

AHMED NABIL

Switch Port Aggregation with Ether Channels

Switches can use Ethernet, FastEthernet & Gigabit Ethernet to scale link

speeds.

Cisco offers another method of scaling link BW by aggregating or bundling

parallel links termed as the EtherChannel technology.

Two to eight links of FE or GE are bundled as one logical link of FEC

(FastEtherChannel) or GEC (GigaEtherChannel), that can provide a full

duplex BW up to 1600Mbps or 16Gbps

EtherChannelswill provide the

switching devices with the ability

of:

Logical aggregation of similar links

Viewed as one logical port

Switch-level load balancing (Load

distribution)

Link Level Redundancy

Bundle C/C's

All bundled ports must be

1- In the same VLAN (if they are access ports)

2- In the same Trunk mode (if they are trunk ports)

3- All ports must be configured with identical STP settings

4- Ports must have the same Duplex & Speed

Use the show interface capabilities command to check the switch for

EtherChannelfeature.

AHMED NABIL

Avoidance of switching loops with ECOrdinarily, having multiple or parallel links between switches create

possibility of bridging loops, a special protection method is used with EC to

avoid bridging loops "no inbound (received) broadcast, multicasts or any

flooded traffic is sent back out over any of the remaining ports in the

channel, outbound flooded frames are load balanced like any other traffic,

so flooded traffic becomes part of the hashing calculation to choose an

outbound channel link", also STP treat EC as one physical link, and if a link

fail it does not recalculate STP & no TCN BPDU is sent.

EtherChannel Dynamic Negotiation protocols

To provide some dynamic link configuration, we can allow dynamic creation

of EC between switches using either PAgP (Port Aggregation Protocol) or

LACP (Link Aggregation Control Protocol)

The three major aspects to EtherChannel are as follows:

- Frame distribution

- Management of EtherChannel

- Logical port

An EtherChannel protocol has to satisfy all these aspects

Traffic Distribution

Actually EtherChannel make "Traffic Distribution" among the available

links of the bundle, so load may not be equally balanced across

EtherChannel links, as a result there must be an algorithm or criteria for

selecting certain users to use certain link in the EtherChannel bundle

This load balancing criteria on an EC is not done on a frame-by-frame or

packet-by-packet basis, instead address in the frame or packet run

through an algorithm, which results in a binary value, this value is then

matched up with one of the connections in the EC, all traffic with this

binary value is then transported across this connection in the EC

AHMED NABIL

1)PAgP

Port Aggregation Protocol

PAgPis a Cisco propeiateryprotocol, where PAgPpackets are exchanged between switches over EtherChannelscapable ports

PAgPlearn the neighbordevice id & port capabilities, ports that have same neighbordevice id & port group capability of my local switch are bundled together as a bidirectional point-to-point EtherChannelLink

The PAgPaids in the automatic creation of Fast EtherChannellinks. PAgPpackets are sent between Fast EtherChannelcapable ports to negotiate the forming of a channel. When PAgPidentifies matched Ethernet links, it groups the links into an EtherChannel. The EtherChannelis then added to the spanning tree as a single bridge port.

The last component of EtherChannelis the creation of the logical port. The logical port, or Agport, is composed of all the links that make up the EtherChannel. The actual functionality and behaviour of the Agport is not different than that of any other port. For instance, the spanning tree algorithm treats Agport as a single port.

for example:

if VLAN, speed, duplex of an established port in the bundle changes, PAgPchanges that parameter for all the ports of the bundle

2)LACP

Link Aggregation Control Protocol

It is a standard based alternative to PAgPdefined in IEEE 802.3ad, also

known as IEEE 802.3 clause 43"link aggregation"

LACP also learn the neighborid & port group capabilities & compare it with

its local switch capability.

A set of up to 16 link for EC, through LACP can be negotiated, only 8 of the

links will be active & other 8 links are used as standby for active links.

Configuring EC

(config)#interface

(config-if)#channel-protocol {pagp/lacp}

(config-if)#channel-group mode {on/desirable/auto/off}

AHMED NABIL

Troubleshooting

The status of the port channel shows the

EtherChannellogical interface as a

whole. This should show SU (Layer 2

channel, in use) if the channel is

operational. You also can examine the

status of each port within the channel.

Notice that most of the channel ports

have flags (P), indicating that they are

active in the port-channel. One port

shows because it is physically not

connected or down. If a port is connected

but not bundled in the channel, it will

have an independent, or (I), flag.

AHMED NABIL

FHRP(First Hop Redundancy

Protocols)

AHMED NABIL

Redundancy within the network (between devices)

Router redundancy in a multilayer switched network:

- Redundancy is one method for creating highly available networks.

- Cisco supports:

1- HSRP (Hot Standby Router Protocol)

2- VRRP (Virtual Router Redundancy Protocol)

3- GLBP (Gateway Load Balancing Protocol)

to provide failover in case of a gateway failure.

When the host tries to communicate with a

device outside its network, it needs a

gateway.

Router Redundancy Protocols

(First Hop Redundancy Protocols)

= FHRP

Hosts will see multiple

Gateways as a single

Virtual Gateway

AHMED NABIL

- The routers exchange HSRP hello messages at regular intervals so they can remain aware of each other existence.

- Hello is sent on 224.0.0.2 3 sec. with hold down time = 10 sec. using UDP port no. 1985.

- HSRP router election:

The active router is the router that have the highest:

1- HSRP priority (0-255) by default=100.

2- Highest IP address of interface facing the LAN segment.

The standby router is the second highest priority or IP address.

HSRP: (RFC 2281)

(Cisco proprietary)

- HSRP was developed to allow several routers to appear as a single gateway (Virtual router).

- The routers that provide redundancy for a given gateway address are assigned to a common HSRP group no. (0-255).

- If multiple routers exist,

One router is elected as an active router,

One router is elected as a standby router,

The other routers are listeners.

Gateway routers

CL1 CL2 CL3

HSRP ACTIVE HSRP STANDBY HSRP LISTEN

Clients

R1 R2 R3

R1- Active, forwarding traffic; R2, R3 - hot standby, idle

IP: 10.0.0.254

MAC: 0000.0c12.3456

vIP: 10.0.0.10

vMAC: 0000.0c07acxx

IP: 10.0.0.253

MAC: 0000.0C78.9abc

vIP:

vMAC:

IP: 10.0.0.252

MAC: 0000.0cde.f123

vIP:

vMAC:

IP: 10.0.0.1

MAC: aaaa.aaaa.aa01

GW: 10.0.0.10

ARP: 0000.0c07.acxx

IP: 10.0.0.2

MAC: aaaa.aaaa.aa02

GW: 10.0.0.10

ARP: 0000.0c07.acxx

IP: 10.0.0.3

MAC: aaaa.aaaa.aa03

GW: 10.0.0.10

ARP: 0000.0c07.acxx

This will be the typical addresses learned by the hosts

AHMED NABIL

HSRP tracking system (conceding the election):

The active router has many links to outside. If all /or any link failed, the router remains active and still all hosts forward traffic to it.

HSRP has a mechanism to detect link failures, this is called interface tracking.

When an interface fail, HSRP reduce the router priority by a certain value (default=10).

If the pre-emptive effect is enabled and the priority of the active router is less than the standby router, the standby router will be the active router.

The Gigabit Ethernet link between the active forwarding router for the standby group and

the other building experiences a failure. Without HSRP enabled, router A would detect the

failed link and send an Internet Control Message Protocol (ICMP) redirect to router B.

However, when HSRP is enabled, ICMP redirects are disabled. Therefore, neither router A

nor the virtual router sends an ICMP redirect. In addition, although the G1 interface on

router A is no longer functional, router A still communicates hello messages out interface

E0, indicating that router A is still the active router. Packets sent to the virtual router for

forwarding to headquarters cannot be routed. Interface tracking enables the priority of a

standby group router to be automatically adjusted,

based on availability of the interfaces of that router. When a tracked interface becomes

unavailable, the HSRP priority of the router is decreased. When properly configured, the

HSRP tracking feature ensures that a router with an unavailable key interface will

relinquish the active router role.

In this example, the E0 interface on router A tracks the G1 interface. If the link between

the G1 interface and the other building fails, the router automatically decrements the

priority on that interface and stops transmitting hello messages out interface E0. Router B

assumes the active router role when no hello messages are detected for the specific

holdtime period.

In this example, router A and router B reside in one building. Each of these routers supports a

Gigabit Ethernet link to the other building. Router A has the higher priority and is the active

forwarding router for standby group 1. Router B is the standby router for that group. Routers

A and B are exchanging hello messages through their E0 interfaces.

G1

G1

G1

G1

AHMED NABIL

HSRP configuration:

Configuration can take place on any layer 3 port as router port, SVI (Switched Virtual Interface) MLS interface, Ether Channel port

(config-if)# standby ip

(config-if)# standby priority

(config-if)# standby track

Configuring an HSRP Standby Interface

Configuring HSRP Standby Priority

Troubleshooting:

#show standby [brief]

#debug standby

AHMED NABIL

Switch# show standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active addr Standby addr Group addr

Vl 11 11 100 Active local 172 . 16. 11. 112 172 . 16. 11. 115

Switch# debug standby

* Mar 1 00 : 22: 30. 443 : SB 11: Vl 11 Hello out 172 . 16. 11. 111 Active pri 100 ip 172 . 16. 11. 115

* Mar 1 00 : 22: 32. 019 : SB 11: Vl 11 Hello in 172 . 16. 11. 112 Standby pri 50 ip 172 . 16. 11. 115











Troubleshooting

AHMED NABIL

VRRP: (RFC 2338)

- IETF standard alternative to HSRP.

- VRRP group has one Master router & all other routers are in the backup state.

- The master router has the highest priority (1-255) default=100

- If equal priorities, the highest IP address will break the tie.

- VRRP master only sends hellos on multicast address 224.0.0.18 every 1sec. By default on IP protocol 112.

VRRP configuration:

(config-if)# vrrp priority

(config-if)# vrrp ip

- Troubleshooting :

#show vrrp [brief ]

AHMED NABIL

GLBP (Gateway Load Balancing Protocol): : (Cisco proprietary)

- HSRP & VRRP provide gateway resiliency but HSRP & VRRP can accomplish load balancing by configuring multiple groups.

- GLBP is like HSRP & VRRP but with a more dynamic and robust behavior.

- Rather than having just one active router performing forwarding, all routers in the group can participate and offer load balancing by forwarding portion of the overall traffic.

- So, GLBP will fully utilize resources without extra administrative burden.

- GLBP group members multicast hellos every 3 seconds to IP address 224.0.0.102, UDP port 3222.

Troubleshooting

#show glbp

A Comparison of Router Redundancy Protocols

0007.b4xx.xxyy

GLBP Operation:

- The trick behind GLBP load balancing lies in electing an AVG (Active Virtual Gateway) router that has a management role by distributing the load among all routers (Gateways or also called AVFs (Active Virtual Forwarders))

- The AVG router has the highest priority (1-255) if equal the highest IP address.

- AVG router answers all ARP requests for the virtual router & every time it will reply with a MAC of one of the routers (AVFs)

AHMED NABIL

Figure shows a typical network where three multilayer switches are

participating in a common GLBP group. Catalyst A is elected the AVG, so

it coordinates the entire GLBP process. The AVG answers all ARP requests

for the virtual router 192.168.1.1. It has identified itself, Catalyst B, and

Catalyst C as AVFs for the group.

Multilayer Switches in a GLBP Group

In this figure, round robin load balancing is being used. Each of the client PCs

look for the virtual router address in turn, from left to right. Each time the AVG

replies, the next sequential virtual MAC address is sent back to a client. After the

fourth PC sends a request, all three virtual MAC addresses (and AVF routers)

have been used, so the AVG cycles back to the first virtual MAC address.

Notice that only one GLBP group has been configured, and all clients know of

only one gateway IP address 192.168.1.1. However, all uplinks are being

utilized, and all routers are proportionately forwarding traffic.

Redundancy is also inherent in the GLBP groupCatalyst A is the AVG, but the

next-highest priority router can take over if the AVG fails. All routers have been

given an AVF role for a unique virtual MAC address in the group. If one AVF

fails, some clients remember the last known virtual MAC address that was

handed out. Therefore, another of the routers also takes over the AVF role for

the failed router, causing the virtual MAC address to remain alive at all times.

AHMED NABIL

STP Enhancements and

Per-VLAN STP

VLAN Ranges and Mappings

VLAN Range Range Usage

Reserved For system use only0, 4095

Normal Cisco default1

Normal For Ethernet VLANs2-1001

NormalCisco defaults for FDDI and

Token Ring1002-1005

Extended For Ethernet VLANs only1025-4094

AHMED NABIL

Types of STP

1) CST (Common Spanning Tree)

Single STP instance run for all VLANs, all BPDUs will be transmitted over native VLAN using dot1q trunks, but any redundant links will not ever be used.

2)PVST (Per-VLAN Spanning Tree)

Cisco provided that proprietary version of STP that offer more flexibility than CST, this allows the STP on each VLAN to be configured independently by run STP instance for each VLAN, this could allow using redundant links in a load sharing attitude, due to proprietary nature of PVST, ISL must be used for trunking

So no interoperability between CST & PVST (no BPDUs exchange will take place).

3)PVST+ (PVST plus)

Cisco introduced that version of STP, but it allow CST and PVST to interoperate, to do this PVST+ act as a translator between CST & PVST

PVST+ exchange BPDUs with PVST using ISL trunks, while it communicate with CST by sending BPDUs as untagged frames, BPDUs from other instances of STP (other VLANs) are propagated across CST network by tunnelling (PVST+ send these BPDU by using unique multicast address so that the CST switch will not interpret them and forward them to down stream neighbor, these tunnelled BPDUs reach other PVST+ switches where they are understood.

AHMED NABIL

Optimizing Spanning Tree ProtocolBy default, STP is enabled for every port on the switch.

If for some reason STP has been disabled, you can re-enable it.

1) Activating Spanning tree:

If an entire instance of STP has been disabled, you can re-enable it with the

following global configuration command:

Switch(config)# spanning-tree vlan vlan-id

If STP has been disabled for a specific VLAN on a specific port, you can re-

enable it with the following interface configuration command:

Switch (config-if)# spanning-tree vlan vlan-id

2) Root Bridge Placement

Although STP is wonderfully automatic with its default values and election

processes, the resulting tree structure might perform quite differently than

expected.

To force certain switch to be the root or backup root:

Switch(config)#spanning-tree vlan vlan-list root {primary/secondary}

Switch(config)#spanning-tree vlan 5, 70-77 root primary

Switch(config)#spanning-tree vlan 5, 70-77 root secondary

Or

Switch(config)#spanning-tree vlan 1 priority priority

4096).

AHMED NABIL

AHMED NABIL

STP considerations & Enhancements

There are many configuration needed to optimize the operation of

STP, also Cisco has introduced many enhancements, to speed up the

convergence of STP

Enhancing STP convergence

Port Fast: Access Layer nodes

On switch ports that connect only to single workstations or specific devices, bridging loops should never be possible

Catalyst switches offer the PortFastfeature that shortens the Listening and Learning states to a negligible amount of time. When a workstation link comes up, the switch immediately moves the PortFastport into the Forwarding state

One other benefit of PortFastis that topology change notification (TCN) BPDUs are not sent when a switch port in PortFastmode goes up or down

Activate portFast by that command

On specific interface:

(config-if)# spanning-tree portfast

On all interfaces:

(config)#spanning-tree portfast default

2)BPDU Guard

By definition, if you enable PortFast, you are never expecting to find anything that can cause a bridging loopespecially another switch or device that produces BPDUs. Suppose that a switch is connected by mistake to a port where PortFastis enabled. Now, there is a potential for a bridging loop to form. An even greater consequence is that the potential now exists for a new device to advertise itself and become the new Root Bridge.

Configuring BPDU Guard

Switch(config)# spanning-tree portfast bpduguard default

-On interface: (config-if)# spanning-tree bpduguard enable

The BPDU guard feature was developed to further protect the integrity of switch ports that have PortFast enabled. If any BPDU (whether superior to the current Root or not) is received on a port where BPDU guard is enabled, that port is immediately put into the errdisable state. The port is shut down in an error condition and must either be manually re-enabled or automatically recovered through the errdisable timeout function.

AHMED NABIL

Rapid Spanning Tree Protocol (RSTP)

IEEE802.1wThe IEEE 802.1w standard was developed to take 802.1concepts and make the resulting convergence much faster. This is also known as the Rapid Spanning Tree Protocol (RSTP).

RSTP defines how switches must interact with each other to keep the network topology loop free, in a very efficient manner. Like 802.1D,

instances. and also as the Cisco-proprietary, Rapid Per-VLAN Spanning Tree Protocol (RPVST+).

RSTP operates consistently in each, but replicating RSTP as multiple instances requires different approach.

RSTP calculates final topology using exactly the same criteria as 802.1d.

There is now a difference between the role the protocol has determined for a port and its current state.

RSTP Port BehaviorRoot Port The one switch port on each switch that has the best root path cost to the Root. This is identical to 802.1D. (By definition, the Root Bridge has no Root Ports.)

Designated Port The switch port on a network segment that has the best root path cost to the Root.

Alternate Port A port that has an alternate path to the Root, different than the path the Root Port takes. This path is less desirable than that of the Root Port. (An example of this is an access layer switch with two uplink ports; one becomes the Root Port, the other is an Alternate Port.)

Backup Port A port that provides a redundant (but less desirable)

connection to a segment where another switch port already connects. If

that common segment is lost, the switch might or might not have a path

back to the Root.

AHMED NABIL

RSTP port states

Discarding Incoming frames are simply dropped; no MAC addresses

are learned. (This state combines the 802.1D Disabled, Blocking,and

Listening states,as all three did not effectively forward anything. The

Listening state is not needed, because RSTP can quickly negotiate a state

change without listening for BPDUs first.)

Learning Incoming frames are dropped, but MAC addresses are

learned.

Forwarding Incoming frames are forwarded according to MAC

addresses that have been (and are being) learned.

RSTP Port State

Discarding

STP Port State

Disabled

Port Included in

Active Topology?

No

Port Learning MAC

Addresses?

No

DiscardingBlocking No No

DiscardingListening No No

LearningLearning No Yes

ForwardingForwarding Yes Yes

AHMED NABIL

Rapid Per-VLAN Spanning Tree Protocol

In PVST+, one spanning tree instance is created and used for each active

VLAN that is defined on the switch. Each STP instance behaves according

to the traditional 802.1D STP rules.

You can improve the efficiency of each STP instance by configuring a

switch to begin using RSTP instead. This means that each VLAN will have

its own independent instance of RSTP running on the switch. This mode is

known as Rapid PVST+ (RPVST+).

You need only one configuration step to change the STP mode and begin

using RPVST+. You can use the following global configuration command

to accomplish this:

Switch(config)# spanning-tree mode rapid-pvst

Be careful when you use this command on a production network because

any STP process that currently is running must be restarted. This can cause

functioning links to move through the traditional STP states, preventing

data from flowing for a short time.

Important note: RSTP is compatible with STP (but will work slower to

adapt to STP)

AHMED NABIL

Native VLAN concept:

Dot1q also introduced the concept of native VLAN on a trunk,

where frames belonging to this VLAN are not tagged with any

VLAN id, using this feature 802.1q tagging device & non-

802.1q devices can co-exist on a 802.1q trunk.

Native VLAN is by default VLAN 1, which is also called the

management VLAN (management VLAN is the VLAN that

native VLAN can be changed by configuration.

To identify native VLAN

(config-if)#switchport trunk native vlan

default is VLAN 1, this is used only with dot1q & trunkingmode

AHMED NABIL26

Securing and Managing

network devices

AHMED NABIL27

CDP Vulnerabilities

Telnet Vulnerabilities

The Telnet connection sends text

unencrypted and potentially readable.

SSH replaces the Telnet session

with an encrypted connection.

Disable CDP whenever possible

(config)#no cdp run

(config-if)#no cdp enable

Use SSH (Secure Shell) whenever possible,

it can encrypt data

(config)# hostname name

(config)# ip domain-name name

(config)# ip ssh[version 1 |version 2]

(config)#crypto key generate rsa

(config)#line vty 0 15

(config-line)#transport input ssh

AHMED NABIL28

Describing vty ACLs

Set up standard IP ACL.

Use line configuration mode to filter

access with the access-class

command.

Set identical restrictions on every

vty line.

Configures a standard IP access list

Switch(config)#access-list access-list-number

{permit | deny | remark} source [mask]

Enters configuration mode for a vty or vty range

Restricts incoming or outgoing vty connections to addresses

in the ACL

Switch(config-line)#access-class access-list-number in|out

Switch(config)#line vty {vty# | vty-range}

AHMED NABIL

Syslog (System Message Logging):

Syslogis a protocol that is used to permit network devices to

send their system messages across the network to a

syslogserver, so events as interface up or down, routing

protocol neighborshipestablished or tear down, or any

debug lines can be saved to that server.

Also syslogmessages can be sent to the logging buffer inside

a router or a switch, and it can be displayed using

# show logging or famously #show log

And to order the device to buffer logs in internal memory of

router or switch use (config)#logging buffer

To tell router or switch the IP address of a syslogserver, use

(config)#logging ip of server

One of the very famous syslogserver softwaresis called

KIWI

Syslogmessages have 7 types called:

Emergency, Alert, Critical, Error, Warning, Notification,

Informational and Debugging

AHMED NABIL

SNMP (Simple Network Management Protocol):

It is an application that provide a mean of sending management

messages (called SNMP traps) from various network device

needed to be monitored to a SNMP server, the device which

is needed to be managed is called SNMP agent, and the

managing device is called Manager, and the database

collected is called MIB (Management Information Base) and

the software installed on Manager is called NMS (Network

Management Station Software), of the most famous NMSs

are Cisco Works, Cisco Prime, HP open view, IBM Tivoli.

Most commonly a network administrator gathers and stores

statistics over time using NMS, this info may contain devices

processing(#show process cpu), memory utilization(#show

process memory), interface status changes, any protocol state,

also SNMP can used to make remote configuration.

SNMP versions:

The three main versions are ver1, ver2c and ver 3.

Version 1 is extremely legacy, and often used today.

SNMP ver2c main enhancements were improvements in the

messaging system to make obtaining large amount of

statistics more efficient, but both version 1 and 2c have no

much to do with security, specially what is termed SNMP

community string in other words authentication of agents,

manager and administrator.

These community strings are really just clear text.

AHMED NABIL

In SNMP there are two types of community strings

(authentication):

Read-only (RO): Proviodesaccess to MIB, but doesnotallow

to change.

Read-Write (RW): provides read and modify for all MIB

objects and variables.

\

SNMP v3 most visible enhancement is security, by providing

Confidentiality (Encryption), Integrity, and secured

Authentication.

By configuration you can choose which of the CIA options

you want to activate

On a managed device to configure the community string:

(config)#snmp-server community community-string

{RO/RW}

This string should be exact on the SNMP server

AHMED NABIL

Routing Advanced

Features

AHMED NABIL

Floating Static (using Static as backup path):

(config)# ip route {o/p interface / ip

address of next hop} [ Admin. Dist.]

- Floating static configured by changing the admin. Dist. Of

static route to be least preferred over a dynamic routing

protocol, so the static route will be backup for the dynamic

protocol, in an immediate convergence fashion

AHMED NABIL

OSPF

in

Multiple Areas

AHMED NABIL

Single VS. Multiple Areas OSPF

Problems with OSPF in single area:

1-Frequent calculation of SPF algorithm (in a large sized topology a

single network instability will cause instability to the whole

topology)

2-Large link-state table (due to large network size)

3-Large routing table (due to large network size)

So routers will need high CPU power & big memory size,

The solution if you require to scale your network using OSPF, is to

use hierarchical design.

Multiple Area OSPF1-Reduced Rate of SPF calculations.

2-Smaller routing and topology table.

3-Reduced LSU overhead by confining network instability.

AHMED NABIL

Types of Routers

Internal Router:

Router that has all its interfaces in the same area, it has full LSDB for its area

(config)#router ospf

(config-router)#network area

ABR (Area Border Router):

Router that is responsible for connecting two or more areas, it must has at least one interface in the backbone area (area 0), it has full database for all areas to which it is connected and send summary database updates between these areas

(config)#router ospf

(config-router)#network area 0

(config-router)#network area

ASBR (Autonomous System Boundary Router):Router that has at least one interface into an external internetwork (another AS) or other non-OSPF network

Backbone Router:

Router that has at least one link in area 0, it could be an internal router, ABR or ASBR

AHMED NABIL

Types of LSAs

Type 1 LSA:(router link LSA)

Intra -area LSA "O in routing

table"

Every router generate router link

advertisements and flood it to all

routers for each area to which it

belong.

Type 2 LSA: (Network Link LSA)

Intra-area "O in routing table"

generated by DR and flooded inside its

area, its function is that DR advertise

its existence to all its area.

Type3 LSA:(Network Link Summary LSA)

inter -area "O-IA in routing table"

generated by ABR, ABR take type1 LSA and type2 LSA from area

and summarize theses LSAs to type3 LSA and flood it to all AS, it

describes network ips and their masks.

AHMED NABIL

Type4 LSA:(ASBR summary LSA)

inter-area "O-IA in routing table"

generated by ABR to advertise how to reach an ASBR inside an area to all AS,

it describe path and cost to reach ASBR, so it contains RID of ASBR &

cost.

Type5 LSA (AS External link LSA)

"OE 1, OE2" in routing table

generated by ASBR and flood to all AS, it describe routes to

destination networks in an external AS

-external type 2 (OE2

external cost (default)

-external type 1(OE1): add internal cost to external cost

Type6 LSA (Multicast OSPF-Not supported by Cisco)

AHMED NABIL

Interpreting the Routing Table: Types of Routes

Link-State Advertisement Types

Interpreting the OSPF Database

(Future use)

Link count: Total number of directly attached links, used only on router LSAs..

AHMED NABIL

Advertise default route:

(config-router)#default-information originate [always] [metric value]

default-information originate is used to dynamically advertise a default

route, only if a default route exist in the routing table, otherwise use always

keyword which is used to advertise a default router even if no default route

exist in the table.

This command is valid for OSPF and RIP ver2, for Eigrp another command

is used to give the same effect

(Config)#router eigrp222

(config-router)#ip default-network 0.0.0.0

Note that the path

through R1 is

preferred to Internet

until R1 path fail, then

R2 will be the

alternative

AHMED NABIL41

Enhanced

Interior Gateway

Routing Protocol

(EIGRP)

AHMED NABIL42

EIGRP Neighborship:

Every router discover its neighbors (begin establishing adjacency) using hello protocol.

EIGRP routers to be neighbors:

1- they must have the same AS no.

2- they must have the same K-values.

- The routers will form adjacency even if hello & dead intervals

The debug output below will display that action

RouterA# debug eigrp packets

Mismatched adjacency values

01: 39: 13: EIGRP: Received HELLO on Serial 0/ 0 nbr 10. 1. 1. 2

01: 39: 13: AS 200 , Flags 0x0, Seq 0/ 0 idbQ 0/ 0 iidbQ un/rely 0/ 0 peerQ un/rely 0/ 0

01: 39: 13: K- value mismatch

AHMED NABIL43

EIGRP terminologies :

1- Neighbor table

(list of all neighbors)

#show ip eigrp neighbors

2- Topology table

(list of all routes to all destination network, as a matter of fact, it is routing tables of all neighbors)

#show ip eigrp topology [all-links]

3- Routing table

(best routes to all destination networks)

#show ip route [eigrp]

4-

(the best route)

5-

(the backup route)

6-

(the metric from source to destination)

7-

(the metric from my neighbor to destination)

AHMED NABIL44

Route selection:- By applying DUAL on the topology table to get the RTG table.

- DUAL:

1- Track all routes advertised by neighbors.

2-

3- If a S is lost, FS is used.

4- If no FS available, it queries neighbors and recalculate S.

5- It can hold up to 4 routes by default and 16 as max. for the

same destination network in the RTG table.

6- It can differentiate between different types of paths :

- internal path (Admin. Dist.=90

-external path (Admin. Dist. =170 & symbol in RTG table is

How to choose S?

- S is the route that have the least metric.

Metric = 256* [k1*BW + (k2*BW / 256-load) + k3*delay + (k5 /

reliability+k4)]

By default, k1=k3=1 , k2=k4=k5=0

BW=107

/BWi, BWi=Bandwidth of interface in units of Kbps

Delay=delayi * 10, delayi=delay of interface in microseconds

These values can be observed from the #show interface command

How to choose FS?

The route that satisfy that inequality FD (S) > AD ( FS) , is eligible

to be the FS

AHMED NABIL45

Configuration:

(config)# router eigrp

! Up to 32 process (AS) can be configured on the same router !

(config-router)# network []

Note that wild card mask is now optional in new IOS for

EIGRP, but with OSPF is a must.

Example 2

Example 1

AHMED NABIL46

172.16.2.0

Auto and Manual summary:

(config-router)# no auto-summary

(config-if)# ip summary-address eigrp

RouterC#show ip route

Gateway of last resort is not set

172 . 16. 0. 0/ 16 is variably subnetted, 3 subnets, 2 masks

D 172 . 16. 0. 0/ 16 is a summary, 00: 00: 04, Null 0

D 172 . 16. 1. 0/ 24 [ 90/ 156160 ] via 10. 1. 1. 2, 00: 00: 04, FastEthernet 0/ 0

D 172 . 16. 2. 0/ 24 [ 90/ 20640000 ] via 10. 2. 2. 2, 00: 00: 04, Serial 0/ 0/ 1

C 192 . 168 . 4. 0/ 24 is directly connected, Serial 0/ 0/ 0

10. 0. 0. 0/ 8 is variably subnetted, 3 subnets, 2 masks

C 10. 2. 2. 0/ 24 is directly connected, Serial 0/ 0/ 1

C 10. 1. 1. 0/ 24 is directly connected, FastEthernet 0/ 0

D 10. 0. 0. 0/ 8 is a summary, 00: 00: 05, Null 0

AHMED NABIL47

EIGRP load sharing:

(config-router)# maximum-paths maximum-pathDefault 4, max 16 or more

.

Router E chooses router C as Successor to get to network Z because FD =

20

Router B could be a Feasible Successor because it satisfy Feasibility

Condition

Router D (is not Feasible)is not used to get to network Z (45 > 40).

Note: Feasibility Condition

(AD (FS)

AHMED NABIL48

Troubleshooting:

#show ip route

RouterA# show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP,

D - EIGRP, EX - EIGRP external, O - OSPF,

(text omitted)

* - candidate default,

Gateway of last resort is not set

172 . 16. 0. 0/ 24 is subnetted, 1 subnets

D 172 . 16. 1. 0 [ 90/ 10639872 ] via 10. 1. 2. 2, 06: 04: 01, Serial 0/ 0

10. 0. 0. 0/ 24 is subnetted, 4 subnets

D 10. 1. 3. 0 [ 90/ 10514432 ] via 10. 1. 2. 2, 05: 54: 47, Serial 0/ 0

D 10. 3. 1. 0 [ 90/ 10639872 ] via 10. 1. 2. 2, 06: 19: 41, Serial 0/ 0

C 10. 1. 2. 0 is directly connected, Serial 0/ 0

C 10. 1. 1. 0 is directly connected, Ethernet 0/ 0

#show ip eigrptopology [all-links]

RouterA# show ip eigrp topology

IP - EIGRP Topology Table for AS( 100 )/ID( 10. 1. 2. 1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status

P 10. 1. 3. 0/ 24, 1 successors, FD is 10514432

via 10. 1. 2. 2 ( 10514432 / 28160 ), Serial 0/ 0


via 10. 1. 2. 2 ( 10639872 / 384000 ), Serial 0/ 0


via Connected, Serial 0/ 0


via Connected, Ethernet 0/ 0

P 172 . 16. 1. 0/ 24, 1 successors, FD is 10639872

via 10. 1. 2. 2 ( 10639872 / 384000 ), Serial 0/ 0

AHMED NABIL49

#show ip eigrp traffic

#debug eigrp packet [query / reply / update]

#debug ip eigrp

#show ip protocols

RouterA# show ip protocols

Routing Protocol is "eigrp 100"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Default networks flagged in outgoing updates

Default networks accepted from incoming updates

EIGRP metric weight K 1=1, K 2=0, K 3=1, K 4=0, K 5=0

EIGRP maximum hopcount 100

EIGRP maximum metric variance 1

Redistributing: eigrp 100

Automatic network summarization is not in effect

Maximum path: 4

Routing for Networks:

10. 1. 0. 0/ 16

10. 0. 0. 0

Routing Information Sources:

Gateway Distance Last Update

10. 1. 2. 2 90 05 : 50: 13

Distance: internal 90 external 170

#show ip eigrp neighbors

AHMED NABIL

Redistributing

Multiple Routing

Protocols

AHMED NABIL

Redistribution

It is the mechanism that allow to connect different domains, so as the

different Routing protocol can exchange and advertise routing updates

as if they are a single protocol

The redistribution is performed on the router that lies at the boundary

between different domains or runs multiple protocols

Redistributing VS. Redistributed protocol

Redistributing protocol:

It is the native protocol that will transform another protocol to its form

Redistributed Protocol:

It is the non-native protocol that will be transformed to another protocol form

- note: in order for any routes to be redistributed it must exist in the routing

table of the redistributing router

AHMED NABIL

Configuring Redistribution

Redistribution supports all protocols

RIP, IGRP, EIGRP, OSPF, IS-IS, ISO-IGRP, ODR, BGP,

Static and Connected

RtrA ( Config )# Router protocol

RtrA ( config - router )# redistribute ?

bgp Border Gateway Protocol (BGP)

eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)

igrp Interior Gateway Routing Protocol (IGRP)

isis ISO IS - IS

ospf Open Shortest Path First (OSPF)

rip Routing Information Protocol (RIP)

static Static routes

But consider the following:

1-Redistribution vary slightly among different protocols

2-Only protocols that support the same stack are redistributed

-IP RIP AND OSPF

-IPX RIP cannot with OSPF

-IP EIGRP cannot with IPX EIGRP or Apple Talk EIGRP

3-Redistribution occur automatically between:

-IGRP & EIGRP if both in same AS

-Static into RIP

-Connected into any protocol using network command

4-Redistribution of classless updates to a classfullprotocol could cause problems

AHMED NABIL

IPv6 Routing

AHMED NABIL

IP routingprotocolssupportingIPv6 :

IntegratedIS-IS for IPv6

BGP extensions for IPv6

RIP for IPv6

Staticroutes

EIGRP for IPv6

OSPF for IPv6

IPv6 Routing Protocols

Configuring IPv6:

(config)#ipv6 unicast-routing

(config)#ipv6 route {interface / next hop ip}

(config)#interface fa0/0

(config-if)#ipv6 address [eui-64]

The eui-64 parameter forces the router to complete the address low-order 64-

bits by using an EUI-64 interface ID.

Example:

AHMED NABIL55

R2# show ipv6 interface brief

FastEthernet0/0 [up/up]

FE80::213:19FF:FE7B:5004

2000::4:213:19FF:FE7B:5004

FastEthernet0/1 [up/up]

FE80::213:19FF:FE7B:5005

2000:0:0:2::2

Serial0/0/0 [administratively down/down]

unassigned

Serial0/0/1 [up/up]

FE80::213:19FF:FE7B:5004

2000::1:213:19FF:FE7B:5004


unassigned


Unassigned

R2# show ipv6 route

IPv6 Routing Table - Default - 7 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1

I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP

EX - EIGRP external

O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

C 2000:0:0:1::/64 [0/0] via Serial0/0/1, directly connected

L 2000::1:213:19FF:FE7B:5004/128 [0/0] via Serial0/0/1, receive

C 2000:0:0:2::/64 [0/0] via FastEthernet0/1, directly connected

L 2000:0:0:2::2/128 [0/0] via FastEthernet0/1, receive

C 2000:0:0:4::/64 [0/0] via FastEthernet0/0, directly connected

L 2000::4:213:19FF:FE7B:5004/128 [0/0] via FastEthernet0/0, receive

L FF00::/8 [0/0] via Null0, receive

AHMED NABIL56

RIPng (RIP next Generation)Theory and Comparisons to RIP-2

The RIPng RFC states that the protocol uses many of the same concepts and

conventions as the original RIP-1 specification, also drawing on some RIP-2

concepts. However, knowing that many of you might not remember a lot of

details about RIP-2, particularly because

RIP-2 is included in the CCNA certification rather than CCNP,

variety of facts about RIP-2 and RIPng.

The overall operation of RIPng closely matches RIP-2. In both, routers send

periodic full updates with all routes, except for routes omitted due to Split

Horizon rules. No neighbor relationships occur; the continuing periodic

Updates, on a slightly-variable 30 second period,

also serve the purpose of confirming that the neighboring router still works.

AHMED NABIL57

EIGRP for IPv6Cisco originally created EIGRP to advertise routes for IPv4, IPX, and AppleTalk.

This original EIGRP architecture easily allowed for yet another Layer 3 protocol,

IPv6, to be added. As a result, Cisco did not have to change EIGRP significantly

to support IPv6, so many similarities exist between the IPv4 and IPv6 versions of

EIGRP.

Note: Many documents, including this chapter, refer to the IPv6 version of

EIGRP as EIGRP for IPv6. However, some documents at www.cisco.com also

refer to this protocol as EIGRPv6, not because it is the sixth version of the

protocol, but because it implies a relationship with IPv6.

RIPng

with a discussion of the similarities and differences between the IPv4 and IPv6

versions of EIGRP. The remaining coverage of EIGRP focuses on the changes to

EIGRP configuration

and verification in support of IPv6.

EIGRP for IPv4 and IPv6 Theory and Comparisons

For the most part, EIGRP for IPv4 and for IPv6 have many similarities. The

following list outlines some of the key differences:

EIGRP for IPv6 advertises IPv6 prefixes/lengths, rather than IPv4 subnet/mask

information.

EIGRP for IPv6 -hop IP

address.

EIGRP for IPv6 encapsulates its messages in IPv6 packets, rather than IPv4

packets.

Like RIPngand OSPFv3, EIGRP for IPv6 authentication relies on IPv6 -

in authentication and privacy features (IPsec).

EIGRP for IPv6 has no concept of classfulnetworks, so EIGRP for IPv6 cannot

perform any automatic summarization.

EIGRP for IPv6 does not require neighbors to be in the same IPv6 subnet as a

requirement to become neighbors.

Other than these differences, most of the details of EIGRP for IPv6 works like

EIGRP for IPv4.

AHMED NABIL58

Configuring EIGRP for IPv6

EIGRP for IPv6 follows the same basic configuration style as for RIPng, plus a

few additional steps, as follows:

Step 1. Enable IPv6 routing with the ipv6 unicast-routing global command.

Step 2. Enable EIGRP using the ipv6 router eigrp {1 65535} global

configuration command.

Step 3. Enable IPv6 on the interface, typically with one of these two methods:

Configure an IPv6 unicast address on each interface, using the ipv6

address address/prefix-length [eui-64] interface command.

Configure the ipv6 enable command, which enables IPv6 and causes the router to

derive its link local address.

Step 4. Enable EIGRP on the interface with the ipv6 eigrp asn interface

subcommand (where the name matches the ipv6 router eigrp asn global

configuration command).

Step 5. Enable EIGRP for IPv6 with a no shutdown command while in EIGRP

configuration mode.

Step 6. If no EIGRP router ID has been automatically chosen, due to not having

at least one working interface with an IPv4 address, configure an EIGRP router

ID with the eigrp router-id rid command in EIGRP configuration mode.

FF02::A

AHMED NABIL59

R1# show running-config

! output is edited to remove lines not pertinent to this example

! Configuration step 1: enabling IPv6 routing

ipv6 unicast-routing

! Next, configuration steps 3 and 4, on 5 different interfaces

interface FastEthernet0/0.1

ipv6 address 2012::1/64

ipv6 eigrp9

!



ipv6 eigrp9

!



ipv6 eigrp9

!

interface Serial0/0/0.3


ipv6 eigrp9

!



ipv6 eigrp9

!



ipv6 eigrp9

!

! Configuration steps 2, 5, and 6

ipv6 router eigrp9

no shutdown

Router-id 10.10.34.3

AHMED NABIL60

#sh ip route

D 2005::/64 [90/2684416]

via FE80::11FF:FE11:1111, Serial0/0/0.1


D 2012::/64 [90/2172416]



D 2014::/64 [90/2681856]


D 2015::/64 [90/2681856]


! lines omitted for brevity...

D 2099::/64 [90/2174976]



! show ipv6 protocols displays less info than its IPv4 cousin.

R3# show ipv6 protocols

IPv6 9

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100

EIGRP maximum metric variance 1

Interfaces:

FastEthernet0/0

Serial0/0/0.1

Serial0/0/0.2

Redistribution:

None

Maximum path: 16

Distance: internal 90 external 170

R3# show ipv6 eigrp neighbors

IPv6-EIGRP neighbors for process 9

H Address Interface Hold Uptime SRTT RTO Q Seq

1 Link-local address: Se0/0/0.2 14 01:50:51 3 200 0 82

FE80::22FF:FE22:2222

AHMED NABIL61

R3# show ipv6 eigrp topology

IPv6-EIGRP Topology Table for AS(9)/ID(10.10.34.3)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status

P 2005::/64, 2 successors, FD is 2684416

via FE80::11FF:FE11:1111 (2684416/2172416), Serial0/0/0.1






via Connected, Serial0/0/0.1

! lines omitted for brevity




AHMED NABIL

How OSPF for IPv6 Works

Similar to IPv4

Updated features for IPv6

6 currently an IETF proposed standard

OSPF is a routing protocol for IP. It is a link-state protocol, as opposed to a

distance vector protocol. Think of a link as being an interface on a networking

device. A link-state protocol makes its routing decisions based on the states of the

links that connect source and destination machines.

The state of a link is a description of that interface and its relationship to its

neighboring networking devices. The interface information includes the IPv6

prefix of the interface, the network mask, the type of network that it is connected

to, the routers connected to that network, and so on.

This information is propagated in various types of link-state advertisements

(LSAs). A collection of LSA data on a router is stored in a link-state database

(LSDB). The contents of the

OSPF routing table.

The difference between the database and the routing table is that the database

contains a complete collection of raw data; the routing table contains a list of

shortest paths to known

destinations via specific router interface ports.

OSPFv3, which is described in RFC 2740, supports IPv6.

AHMED NABIL

OSPFv3 Hierarchical Structure

from outside of the area:

LSA flooding is bounded by area.

SPF calculation is performed

separately for each area.

a connection to the backbone:

Otherwise a virtual

link must be used to

connect to the backbone.

OSPFv3 messages

3 uses the same basic packet types as OSPFv2:

Hello

Link state update (LSU)

Link state acknowledgment (ACK)

Neighbor discovery and adjacency formation mechanism are identical.

LSA flooding and aging mechanisms are identical.

AHMED NABIL

OSPFv3 vs OSPF v2

64

Documents

New Ccna 200-120 Topics