Contents

SL No. TOPICS PAGE No.

1 Command Line Interface 2

2 Static Routing 5

3 Wan Protocols 10

4 RIP and IGRP Protocols 14

5 TELNET 21

6 SDM – Security
SDM – Security Device Manager 24

7 ACL- Access Control List 27

8 NAT – Network
NAT – Network Address Translation 31

9 OSPF and EIGRP 35

10 RIP V2 43

11 Frame relay 50

12 Switching 59

13 Intervlan 63

14 Virtual Private Network 69

15 Internet Protocol Version 6 71

16 Wireless LAN 79

17 Booting 81

COMMAND LINE INTERFACE (CLI)

 To enter the hyper terminal

Programs  Accessories  Communication HyperTerminal

(HyperTerminal window opens)
-prompts for the screen name (not the router name)
Michael Odongo short notes
-1-
 -connect to window  select com1  ok 
-com1 properties window  select restore default  ok 

 Switch ON the router (if new router that is not configured it will ask -----

Would u like to enter initial configuration dialog[yes/no]: no

Press return to get started (enter)

Router>
* User Mode/User
Mode/User Executable Mode
Mode

Router> enable (enter)

Router#

* Privileged Mode/Enable Mode – Executable Mode.

The following commands can be executed in this mode

Router#show running-config(enter)
Router#debug xxx
Router#copy xxx

Router#configure
Router#configure terminal(enter)
Router(config)#

* Global Configuration Mode - Any configuration change in this mode affects the
t he
whole router.

Router(config)#interface
Router(config)#interface e 0/fastethernet
0/fastethernet 0/ S0 / S 1(enter)
Router(config-if)#

* Specific Configuration Mode – configuration changes

changes to specific part of the
router like lines and interfaces.

 Setting User mode Password

Router(config)#Line
Router(config)#Line console 0(enter)
0(enter)
Router(config-line)#password
Router(config-line)#password xxxx
Router(config-line)#login
Router(config-line)#login

 To set username & password for the user mode

Router(config)#username
Router(config)#username xxxx password xxxx
Router(config)#Line
Router(config)#Line console 0

-2-
 -connect to window  select com1  ok 
-com1 properties window  select restore default  ok 

 Switch ON the router (if new router that is not configured it will ask -----

Would u like to enter initial configuration dialog[yes/no]: no

Press return to get started (enter)

Router>
* User Mode/User
Mode/User Executable Mode
Mode

Router> enable (enter)

Router#

* Privileged Mode/Enable Mode – Executable Mode.

The following commands can be executed in this mode

Router#show running-config(enter)
Router#debug xxx
Router#copy xxx

Router#configure
Router#configure terminal(enter)
Router(config)#

* Global Configuration Mode - Any configuration change in this mode affects the
t he
whole router.

Router(config)#interface
Router(config)#interface e 0/fastethernet
0/fastethernet 0/ S0 / S 1(enter)
Router(config-if)#

* Specific Configuration Mode – configuration changes

changes to specific part of the
router like lines and interfaces.

 Setting User mode Password

Router(config)#Line
Router(config)#Line console 0(enter)
0(enter)
Router(config-line)#password
Router(config-line)#password xxxx
Router(config-line)#login
Router(config-line)#login

 To set username & password for the user mode

Router(config)#username
Router(config)#username xxxx password xxxx
Router(config)#Line
Router(config)#Line console 0

-2-
 Router(config-line)#login
Router(config-line)#login local

 To change the hostname

Router(config)#hostname
Router(config)#hostname HOR(enter)
HOR(enter)
HOR(config)#

 T o encrypt all the passwords

Router(config)#service
Router(config)#service password-encryption
password-encryption

 To set password for the privileged mode

Router(config)#enable
Router(config)#enable password/secret xxxx

QUESTIONS

1 . What are
are the different modes
modes in a router?
router?

o Router> ------------- User mode or the user executable mode

Enable (enter)

o Router# ---------- Privileged mode/Enable mode

Show running-config
Debug xxx

-3-
 Ping A.B.C.D

o Router# configure terminal (enter)

Router(config)# ----------- Global configuration mode

o Router(config)#interface
Router(config)#interface ethernet 0/fastethernet 0/serial 0/ serial 1(enter)
o Router(config)# line console 0
Router(config-if/line)# ---------- Specific configuration mode

2 . Difference between
between Login and Login
Login Local?

o Login activates the usermode entry password for a single user without username.

o Login local activates the username and password for the same usermode, incase of 
multiple users.

3 . How to encrypt our passwords?

o Router(config)#service
Router(config)#service password-encryption
password-encryption  – Encrypts all the passwords at a time. The
passwords once encrypted, cannot be decrypted by any command.

4 . How to set password

password to the user mode?
mode?

o Router(config)#Line
Router(config)#Line console 0(enter)
Router(config-line)#password
Router(config-line)#password xxxx
Router(config-line)#login
Router(config-line)#login - Login activates the usermode entry password for a single user
without username.

5 . How to set password

password to the privilege mode?
mode?

o Router(config)#enable
Router(config)#enable password/secret
password/secret xxxx

6 . How to set username and password

password to the user mode?
mode?

o Router(config)#username
Router(config)#username xxxx password xxxx
o Router(config-line)#login
Router(config-line)#login local - Login local activates the username and password for the
same usermode, incase of multiple users.

STATIC ROUTING

DTE DCE
10.0.0.1 20.0.0.1 20.0.0.2
30.0.0.1
10n/w
30 n/w
E0 S0 S0 E0

-4-
 HOR BOR

R1(config)#interface e 0 R2(config)#interface e 0
R1(config-if)#ip address 10.0.0.1 255.0.0.0 R2(config-if)#ip address 30.0.0.1 255.0.0.0
R1(config-if)#no shutdown * R2(config-if)#no shutdown

R1(config)#interface s 0 R2(config)#interface s 0
R1(config-if)#ip address 20.0.0.1 255.0.0.0 R2(config-if)#ip address 20.0.0.2 255.0.0.0
R1(config-if)#no shutdown R2(config-if)#clock rate 64000
R2(config-if)#no shutdown

R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2 **

R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1 **

* All interfaces are administratively down when the router is switched on. We change their
status to up by using the command ‘no shutdown’.

** In static routing, we are manually adding the destination network to our Routing table.

 Router(config-if)# ip route <dest. N/W> <DSNM> <next hop addr>

Next hop address refers to the address of the next router that receives the packet and then
forwards it to the remote location.

Commands

1 . Router#show running-config
This will display the current configuration of the router.

-5-
2 . Router#show controllers serial 0
To identify the DCE & DTE ends of the Serial cable.

3 . Router#show interface ethernet 0

This will displays the details of ethernet interface.

4 . Router#show interface serial 0

This will display the details of serial interface.

5. Router#show ip interface brief 

This will display the interface & line protocol status in a tabular format.

Outputs

Router#sh running-config

interface Ethernet0
ip address 10.0.0.1 255.0.0.0
!
interface Ethernet1
no ip address
shutdown
!
interface Serial0
ip address 20.0.0.2 255.0.0.0
clockrate 64000
!
interface Serial1
no ip address
shutdown
!
IP route 30.0.0.0 255.0.0.0 20.0.0.1
!
line con 0
line aux 0
line vty 0 4
login
!
End

Router#sh int e0

Ethernet0 is up, line protocol is up

Hardware is Lance, address is 0010.7b80.c3c6 (bia 0010.7b80.c3c6)
Internet address is 10.0.0.1/8

-6-
 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)

Router#sh int s0

Serial0 is up, line protocol is up

Hardware is HD64570
Internet address is 20.0.0.2/8
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keep alive set (10 sec)

Router#show ip int brief 

State 1 - When both no shutdown and clock rate is applied to corresponding interfaces

Interface IP-Address OK? Method Status Protocol

Ethernet0 30.0.0.1 YES manual up up

Serial0 20.0.0.2 YES manual up up

Router#show ip int brief 

State 2 - When clock rate is not given on DCE end & layer 1 problem

Interface IP-Address OK? Method Status Protocol

Ethernet0 30.0.0.1 YES manual up up

Serial0 20.0.0.2 YES manual up down

Router#show ip int brief 

State 3 - When the other end serial interface is shut down

Interface IP-Address OK? Method Status Protocol

Ethernet0 30.0.0.1 YES manual up up

Serial0 20.0.0.2 YES manual down down

Router#show controllers s 0

HD unit 0, idb = 0xB883C, driver structure at 0xBDB98

buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000

-7-
Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is not set

C 20.0.0.0/8 is directly connected, Serial0

C 10.0.0.0/8 is directly connected, Ethernet0
S 30.0.0.0/8 [1/0] via 20.0.0.1

Router#sh protocols
Global values:
Internet Protocol routing is enabled
Ethernet0 is up, line protocol is up
Internet address is 10.0.0.1/8
Ethernet1 is administratively down, line protocol is down
Serial0 is up, line protocol is up
Internet address is 20.0.0.2/8
Serial1 is administratively down, line protocol is down

Questions

1 . How to assign an IP address to the Router and configure it?

o Router(config)interface e 0 / s 0

-8-
 Router(config-if)ip address <IP addr> <SNM>
Router(config-if)no shutdown

 We assign our default-gateway as the IP address to the ethernet port.

 When the router is switched ON, by default all the interfaces are administratively
down. To make the interfaces up we give no shutdown

2 . Why and where we use the clock rate?

o The serial line has two ends DTE and DCE. This line goes up and down when IP address
and no shutdown is configured on both sides and will be in asynchronous state always. To
synchronize the link clock rate should be configured at DCE end.

3 . How to find out the DCE end?

o Router#sh controllers s 0

4 . Difference between
Request timed out
Destination host unreachable
Reply from <ip add> : <byte= > time<xms TTL=xxx

o Request timed out

When the packet is lost in transition, we will get “request timed out” message.

o Destination host unreachable

If the host doesn’t know the route to the destination - “Destination unreachable”
message is displayed i.e., the specified address is not present in the routing table

o Reply from <ip add> : <byte= > time<xms TTL=xxx

Reply from the destination indicates that the connection exists

 Time To Live (TTL) – a field in an IP header that indicates the no. of routers (hops) the
packet can cross. TTL for systems is 128 and for routers it is 255. If the destination is
not reached before the TTL expires, then the packet is dropped. This stops IP packets
from continuously circling around in the network looking for a home.

WAN PROTOCOLS

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

R1 R2
10 N/w
30 N/w

-9-
 E0 S0 S0 E0

 Make sure you are able to ping the destination network before you configure WAN
Protocols

R1(config)#int s 0
R1(config-if)#encapsulation PPP
R1(config-if)#exit

 When line protocol is not same on both routers, then the state of the link goes up and
down i.e. the encapsulation on R1 --- PPP, R2 --- HDLC.

R2(config)#int s 0
R2(config-if)#encapsulation PPP
R2(config-if)#exit

CHAP

R1(config)#username R2 password 123

R1(config)#int s 0
R1(config-if)#PPP authentication CHAP

R2(config)#username R1 password 123

R2(config)#int s 0
R2(config-if)#PPP authentication CHAP

 In case of CHAP, the user password should be the same. Here 3-way handshake takes
place.

PAP

R1(config)#username R2 password 123

R1(config)#int s 0
R1(config-if)#PPP authentication PAP
R1(config-if)#PPP PAP sent-username R1 password 321

R2(config)#username R1 password 321

R2(config)#int s 0
R2(config-if)#PPP authentication PAP
R2(config-if)#PPP PAP sent-username R2 password 123

 In PAP, the username and password is sent manually.

COMMANDS

1. Router#sh int s 0

- 10 -
 To check the encapsulation in the serial interface

2. R1#debug PPP authentication

To debug PPP authentication

OUTPUTS

Router#sh int s0

Serial0 is up, line protocol is up

Hardware is HD64570
Internet address is 20.0.0.1/8
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP

hor#debug ppp authentication ( PAP )

Se0 PPP: Treating connection as a dedicated line

Se0 PPP: Phase is AUTHENTICATING, by both
Se0 PAP: O AUTH-REQ id 2 len 12 from "hor"
Se0 PAP: I AUTH-REQ id 2 len 12 from "bor"
Se0 PAP: Authenticating peer bor
Se0 PAP: O AUTH-ACK id 2 len 5
Se0 PAP: I AUTH-ACK id 2 len 5

HOR#debug ppp authentication ( CHAP )

Se0 PPP: Treating connection as a dedicated line

Se0 PPP: Phase is AUTHENTICATING, by both
Se0 CHAP: O CHALLENGE id 21 len 24 from "HOR"
Se0 CHAP: I CHALLENGE id 20 len 24 from "BOR"
Se0 CHAP: O RESPONSE id 20 len 24 from "HOR"
Se0 CHAP: I RESPONSE id 21 len 24 from "BOR"
Se0 CHAP: O SUCCESS id 21 len 4
Se0 CHAP: I SUCCESS id 20 len 4

Questions

1 . Different WAN Protocols?

o HDLC – High level Data Link Control

- 11 -
 o PPP – Point-to-Point Protocol
o Frame-Relay

2 . Difference between PPP and HDLC?

PPP HDLC

Open Protocol Cisco Proprietary

Authentication is allowed. Authentication is not possible

PAP CHAP

3 . What are the advantages of using PPP encapsulation over ISDN links?

o PPP authentication prevents unauthorized callers from establishing an ISDN circuit.

o PPP can be implemented among different equipment vendors.

4 . How PAP and CHAP works?

o PAP

Username is xxx and password xxxx

HOR BOR
Authentication Request

Authentication Acknowledgement
HOR BOR

 When the username and password are matched in the HOR Database, BOR is allowed.

o CHAP

HOR Can I Talk to you BOR

Challenge

Response

Success / Failure

 Message Digest (Message Integrity) is one of the forms of Encryption

- 12 -
 Packet + Hash Function =Message Digest
1. MD 5 is one-way process.
2. It is always constant.
3. A small change will result in a big change in MD.

5 . What command would you enter to display the CHAP authentication as it occurs in
real time?

o debug PPP authentication

6 . Difference between PAP and CHAP?

o CHAP is more secure than PAP as the password is encrypted here using MD5,
while in PAP the clear text password is sent over the link.

7 . The output shown below was taken from two directly connected routers. Based on the
output of these two routers, What happen when the below command Router#show interface
serial 0 is entered?

Corp#show running-config
!
Isdn switch-type basic-5ess
Username Remote password cisco
!
interface s0
ip address 192.168.0.1 255.255.255.0
encapsulation ppp

Remote#show running-config
!
Isdn switch-type basic-5ess
Username Corp password Cisco
!
interface s0
ip address 192.168.0.2 255.255.255.0
encapsulation ppp
ppp authentication chap

o The passwords in the username do not match, so the link will not come up and the line
protocol will be down, which would make LCP closed. Both the usernames and the
passwords are case sensitive.

RIP AND IGRP Protocols

- 13 -
 DCE DTE
10.0.0.1 20.0.0.1 20.0.0.2
30.0.0.1

10 n/w E0 S0 S0 E0
30 n/w

HOR BOR

RIP

R1(config)#router RIP * R2(config)#router RIP

R1(config-router)#network 10.0.0.0 R2(config-router)#network 20.0.0.0
R1(config-router)#network 20.0.0.0 R2(config-router)#network 30.0.0.0

IGRP

R1(config)#router IGRP 123 ** R2(config)#router IGRP 123

R1(config-router)#network 10.0.0.0 R2(config-router)#network 20.0.0.0
R1(config-router)#network 20.0.0.0 R2(config-router)#network 30.0.0.0

* In RIP, we specify only those networks that belong to us. RIP sends routing table updates to
its neighbors for every 30secs. RIP uses hop count as a unit of metric. The administrative distance
of RIP is 120

** IGRP uses autonomous number system. Here, only the networks that come under the same
autonomous system number will communicate with each other. Autonomous number is provided
by ISP. (By default, networks in different Autonomous system will not communicate, for different
Autonomous systems to communicate redistribution should be done - CCNP concept).

IGRP sends updates for every 90secs and uses bandwidth and delay as unit of metric. IGRP has
an administrative distance of 100

- 14 -
 Time Intervals RIP IGRP

Update Interval 30 90

Hold-down timer 180 280

Invalid after 180 270

Flushed after 240 630

Commands

1 . Router#debug ip rip
It shows the updates sent to the neighbor routers for every 30 sec.

2. Router#Clear ip route *
This allows the routing table to switch to the new updates by clearing the old entries.

3 . Router#debug ip igrp transactions

Displays the routing table updates that is sent for every 90sec

4 . Router#Undebug all (u all)

To stop all debug commands those are active.

5 . Router#debug ip routing
Displays the dynamic changes made in the routing table

Outputs

- 15 -
Router#debug ip rip

RIP protocol debugging is on

Router#
00:29:26: RIP: received v1 update from 20.0.0.1 on Serial0
00:29:26: 30.0.0.0 in 1 hops
00:29:30: RIP: sending v1 update to 255.255.255.255 via Ethernet0 (10.0.0.1)
00:29:30: network 20.0.0.0, metric 1
00:29:30: network 30.0.0.0, metric 2
00:29:30: RIP: sending v1 update to 255.255.255.255 via Serial0 (20.0.0.2)
00:29:30: network 10.0.0.0, metric 1
00:29:55: RIP: received v1 update from 20.0.0.1 on Serial0
00:29:55: 30.0.0.0 in 1 hops

Router#debug ip igrp transactions

IGRP protocol debugging is on

Router#
00:26:16: IGRP: sending update to 255.255.255.255 via Ethernet0 (10.0.0.1)
00:26:16: network 20.0.0.0, metric=8476
00:26:16: network 30.0.0.0, metric=8576
00:26:16: IGRP: sending update to 255.255.255.255 via Serial0 (20.0.0.2)
00:26:16: network 10.0.0.0, metric=1100
00:26:32: IGRP: received update from 20.0.0.1 on Serial0
00:26:32: network 30.0.0.0, metric 8576 (neighbor 1100)

Router#debug ip igrp events

IGRP event debugging is on

Router#
00:22:47: IGRP: received update from 20.0.0.1 on Serial0
00:22:47: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.
00:22:47: IGRP: Total routes in update: 1
00:23:40: IGRP: sending update to 255.255.255.255 via Ethernet0 (10.0.0.1)
00:23:40: IGRP: Update contains 0 interior, 2 system, and 0 exterior routes.
00:23:40: IGRP: Total routes in update: 2
00:23:40: IGRP: sending update to 255.255.255.255 via Serial0 (20.0.0.2)
00:23:40: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.
00:23:40: IGRP: Total routes in update: 1

- 16 -
Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 20.0.0.0/8 is directly connected, Serial0
C 10.0.0.0/8 is directly connected, Ethernet0
R 30.0.0.0/8 [120/1] via 20.0.0.1, 00:00:06, Serial0

E:\ftp 30.0.0.10
connected to 30.0.0.10
220 mohan Microsoft FTP service <version 5.0>.
user <30.0.0.10:<none>>:anonymous
331 Anonymous access allowed, send identity <e-mail name> as password.
Password:
230 Anonymous user logged in
ftp> dir
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
09-17-07 07:41PM 26 Frame.txt
09-17-07 07:41PM 9 Igrp.txt
09-17-07 07:41PM 32 Isdn.txt
09-17-07 07:40PM 10 Rip.txt
226 Transfer complete.
ftp:247 bytes received in 0.00seconds 284000.00kbytes/sec.
ftp>get frame.txt
200 PORT command successful.
226 Transfer complete.
ftp:28 bytes received in 0.00seconds 26000.00kbytes/sec.
ftp>bye

Questions

- 17 -
1. Difference between Static Routing & Dynamic Routing?

o In static routing, we are manually adding the destination network to our Routing table.

o In Dynamic Routing, the protocols build the routing table automatically.

2. Difference between RIP and IGRP?

Interior Gateway Routing Protocol Routing Information Protocol

Uses autonomous number system. Does not use autonomous number system.

Works only on Cisco routers. Works on multi-vendor routers.

Sends updates for every 90secs. Sends updates for every 30secs.

Bandwidth, delay and distance as a unit of  Hop count as a unit of metric.
metric.

Administrative distance is 100 Administrative distance is 120

Has a maximum hop count of 100 Has a maximum hop count of 16

Time Intervals RIP IGRP

Update Interval 30 90

Hold-down timer 180 280

Invalid after 180 270

Flushed after 240 630

3 . What is Routing loop and when it occurs?

- 18 -
 Distance-vector routing protocols sends routing table updates at regular intervals to keep
track of any changes in the Internetwork. Routing loops can occur when a network outage happens
and no router is updated with the change in routing table.

Ra Rb Rc Re

n/w 3 n/w 4 n/w 5

Rd

o Assume that the first update has been received by every router and now they are in the due
of 29sec.

o Now, the interface to Network 5 is down and also all routers know about Network 5.
Then Re prompts Rc to stop routing to Network 5 through it. But Ra, Rb and Rd don’t
know about Network 5 yet, so they keep sending the updates.

o Rc will be sending its update and cause Rb to stop routing to Network 5, but Ra and Rd
are not updated. To them, it appears that Network 5 is still available through Rb.

o Ra will continue to send its updates for every 30secs and unfortunately Rb and Rd
receives a message that Network 5 can be reached from Ra. So Rb and Rd sends the
information that Network 5 is available.

o Any packet destined for Network 5 will go from Ra to Rb and then back to Ra. This leads
to a routing loop.

3. Methods to avoid Routing loop?

Maximum hop count:

When the routing loop occurs, the hop count increases indefinitely each time a packet
passes through a router. To resolve this  maximum hop count was defined. RIP permits hop count
up to 15, so anything that requires 16th hop will be considered as unreachable.

Split horizon:
Split horizon defines that the routing information cannot be sent back in the direction from
which it was received i.e., the routing protocol determines which interface a network route was
learned on and it won’t advertise the route back to that same interface.

Route poisoning:

- 19 -
 This helps to avoid routing loops in a meshed structure even if split horizon works out. E.g.
when Network 5 goes down, Re initiates route poisoning by advertising Network 5 as 16 hops or
unreachable, this poisoning of the route to Network 5 keeps Rc from being susceptible to
incorrect updates about the route to Network 5. When Rc receives a route poisoning from Re; it
sends an update, called “Poison reverse”  back to Re. This ensures all routes on the segment have
received the poisoned route information.

4. Define Hold down timer

o This sets the amount of time for which the routing information is suppressed. Routes will
enter into the hold down state, when an update packet is received indicating the route as
unreachable. This continues, either till it receives an update packet with a better metric or
till the hold down timer is expired. By default Hold down timer is for 180 seconds.

5. You type “debug ip rip ” on your router console and see that 172.16.10.0 is being
advertised to you with a metric of 16. What does this mean?

o The route is inaccessible.

6. What command is used to stop RIP routing updates from exiting out an interface but still
receive RIP route updates?

o Router(config-router)#passive-interface s0

7. A network that is advertised by both RIP and IGRP appears in the routing table flagged
as an IGRP route. Why is the RIP route to this network not used in the routing table?

o IGRP has a lower administrative distance

8. Which parameters does IGRP use to find out the best path to a remote network?

o Bandwidth and Delay.

9. Which command displays RIP routing updates?

o Router#debug ip rip

TELNET

- 20 -
 10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10 n/w 20 n/w 30
n/w

 Make sure you are able to ping the destination network before you configure WAN
Protocols

R1(config)#line vty 0 4 R2(config)#line vty 0 4

R1(config-line)#password xxx R2(config-line)#password xxx
R1(config-line)#Login R2(config-line)#Login
R1(config)#enable password xxx R2(config)#enable password xxx

 If vty password is not configured in R2

R1#telnet 20.0.0.2

Password required, but none set

Connection to 20.0.0.2 is closed

 After password is configured on R2, try to telnet R2(20.0.0.2)

R1>telnet 20.0.0.2

User access verification

Password:

 If password is not enabled for the privileged mode

R2>enable
%No password set

 If the password is set

R2>enable
Password:
R2#

 R2>exit
R1# ----------- Will disconnect the session.

 R2>(Press) ctrl + shift + 6 and x

R1# ----------- Will suspend the session.

Commands

- 21 -
 1. R1#sh sessions - To display the sessions opened by a particular user.

2. R1#(enter)(enter) - To move to the lastly opened session

3. R1#sh users - To display the users logged on

4. R1#clear line 3 - To disconnect a user

[Confirm]
R1#

5. R1#sh cdp - Works only on directly connected Cisco routers

CDP runs every 60 sec.
6. Hold time – 180 sec.

7. R1#sh cdp neighbors

R1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

Router Ser 0 143 R 2500 Ser 0

8. R1#show cdp neighbors detail

-------------------------
Device ID: Router
Entry address(es):
IP address: 20.0.0.2
Platform: cisco 2500, Capabilities: Router
Interface: Serial0, Port ID (outgoing port): Serial0
Holdtime : 122 sec

Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(13), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 10-Feb-05 11:49 by ssearch
advertisement version: 2

9. R1(config)#ip host <NAME> 20.0.0.2 – Creates Host Table.

Outputs

Router#sh sessions

- 22 -
Conn Host Address Byte Idle Conn Name
1 20.0.0.1 20.0.0.1 0 0 20.0.0.1
* 2 20.0.0.1 20.0.0.1 0 0

Router#sh users

Line User Host(s) Idle Location

* 0 con 0 20.0.0.1 00:06:03
20.0.0.1 00:05:42
2 vty 0 idle 00:07:45 20.0.0.1

Security Device Manager (SDM) – GUI

- 23 -
 Security Device Manager (SDM) is a web-based device-management tool for Cisco
routers that can simplify router deployments by allowing us to manage and troubleshoot complex
network and connectivity issues and also supports a wide range of Cisco IOS Software releases to
set up advanced configurations. It is used to configure a router through a HTTP service. To do
this make sure your router is configured with atleast one ip address on a LAN interface and
connects a host to the router.

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#ip address 1.1.1.1 255.255.255.0
Router(config-if)#no shut

Router(config-if)#do ping 1.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!

From here, you just open a browser & type http://1.1.1.1, SDM gets loaded and open a window.

Clicking the Configure button at the top of the page, choose the type of interface we want to
configure and then click the Create New Connection button at the bottom of the page (fig.1a). This
opens the LAN or WAN wizard, depending on which interface we chose to configure. By clicking
the Edit Interface/Connection tab, you get to see your interface status. (fig.1b).

- 24 -
 Fig.1a

Fig.1b

You can double-click to edit that particular interface. Click on the Additional Tasks Button at the
bottom left portion and then select Router properties icon. Here, you can set the hostname, MOTD
banner, and enable secret password.

You can also create a DHCP pool on your router. Click on the DHCP folder, then the DHCP pool
icon and then click Add button.

Questions

- 25 -
1. Difference between exit and using ctrl+shift+6 x?

 Using exit command will disconnect the current session

 Using ctrl+shift +6 x command we can suspend a session without disconnecting that
session

2. Differentiate between show sessions and show users?

 Show sessions will show the sessions we opened by telnet ting to the corresponding
Destinations.
 Show users will show the sessions opened by other destinations to us.

3. What are two characteristics of Telnet? (Choose two.)

 It sends data in clear text format.

 It is no longer supported on Cisco network devices.
 It is more secure than SSH.
 It requires an enterprise license in order to be i mplemented.
 It requires that destination device be configured to support Telnet connections.

 A and E

th
4. What happens if we try to open a 6 session to a destination?

th
 If 6 session is opened an error message is displayed.

R1#telnet <destination IP address>

Trying Telnet < destination IP address >
% connection refused by remote host.

5. What are two reasons a network administrator would use CDP? (Choose two.)

 to verify the type of cable interconnecting two devices

 to determine the status of network services on a remote device
 to obtain VLAN information from directly connected switches
 to verify Layer 2 connectivity between two devices when Layer 3 fails
 to obtain the IP address of a connected device in order to telnet to the device
 to determine the status of the routing protocols between directly connected routers

 D and E

ACCESS CONTROL LISTS (ACL)

- 26 -
 In Out
R R
E0 S0 S0 E0
Out In

LAN1
LAN2
30.0.0.0
10.0.0.0

 An access list is a list of conditions that classify the packets (or) the packet definition).
Unauthorized access can be blocked by using access list. These lists can be used to
control the traffic passing through the router. Following are different types of access lists.

 Standard ACL - Access-list No.1-99

Action, ACL number, Source IP, SWCM (Source Wild Card Mask) are the parameters to
be considered while configuring standard ACL which considers only the source address when rules
are defined and to be checked.

Syntax:

R1(config)#Access-list <Al No> <Action> <SIP> <SWCM>

R1(config)#Access-list 5 deny 30.0.0.10 0.0.0.0

R1(config)#Access-list 5 permit 30.0.0.15 0.0.0.0 -  Here it considers the source address only

 Once you have defined the access-list, binding should be done at the interface
required (E0 or S0).

 For an interface at any time there are maximum of two binding (in and out).

R1(config)#int e 0 / s0
R1(config-if)#ip Access-group 5 in/out

 For binding we consider two directions: In & Out. This specifies the direction in which the
data packets are moving with respect to the Router.

 Extended ACL - Access-list No. 100-199

Action, ACL number, Source IP, SWCM (Source Wild Card Mask), Destination IP, DWCM,
Protocol, interface and the destination port number are the parameters considered while
configuring Extended ACL.

- 27 -
Syntax:

R1(config)#Access-list<AlNo><Action><protocol><SIP><SWCM><DIP><DWCM>eq
<PORT No./Name>

 Port no - can be replaced by the port names.

 Source IP – From IP address.
  Destination IP – To IP address.
  Eq – equivalent to.
  Action – permit or deny.

R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 80

R1(config)#Access-list 101 permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 23
R1(config)#Access-list 101 deny ICMP any any

Syntax:

R1(config)#Access-list<AlNo><Action><protocol><SIP><SWCM><DIP><DWCM>eq
<PORT No./Name>log

R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq ftp log

  Log - gives information about the port no of source, number of packets send, number of 
matches made etc.,

NAMED ACCESS LIST

 Standard

R1(config)#IP Access-list standard <Name>

R1(config)#IP access-list standard moon

R1(config-std-nacl)# <Action> <SIP> <SWCM>

R1(config-std-nacl)#deny 30.0.0.10 0.0.0.0
R1(config-std-nacl)# permit 30.0.0.15 0.0.0.0

 Extended

R1(config)#IP Access-list Extended <Name>

R1(config)#ip access-list extended sun

R1(config-ext-nacl)#<Action><protocol><SIP><SWCM><DIP><DWCM>eq<PORT
No./Name>
R1(config-ext-nacl)#deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq www
R1(config-ext-nacl)#permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq telnet
R1(config-ext-nacl)#deny ICMP any any

- 28 -
 Command

1 . Show access-lists
This displays all the access lists created.

Output

Router#sh access-lists
Extended access-list 123
10 deny tcp host 10.0.0.10 host 30.0.0.10 eq telnet

Questions

1 . Different types of Access lists?

o Standard Access Lists - Standard access list considers only the source address.
Deny/Permit actions are applied on the source address. Once the access list is defined,
binding can be done at any one of the interface (Ethernet or serial).

o Extended Access Lists - This considers source address, Destination address, protocol,
destination ports etc .In Extended access list we can specify the applications that are to be
permitted or denied from the source to destination.

o Named Access Lists - As the name suggests, we can define an access list using a
name instead of number wherein we can modify (or delete) the list by individual
conditions which is not possible in the numbered lists.

2 . Difference between numbered access lists and named access lists?

o In numbered access lists, if we try to delete an individual statement from the access list,
the whole list will be deleted. In named access lists, we can edit the list by individual
statement.

3 . what are the benefits provided by access control lists (ACLs)?

o ACL helps to define the packet parameters

o ACLs classify and organize network traffic
o ACLs provide IP route filtering

4 . Which command is required to apply an access list on a virtual terminal line of a

router?

o Router(config-line)# access-class 10 in

5 . Which single access list statement will combine all four of these statements into a

- 29 -
 single statements that will have exactly the same effect?

access-list 15 permit 172.29.16.0 0.0.0.255

access-list 15 permit 172.29.17.0 0.0.0.255
access-list 15 permit 172.29.18.0 0.0.0.255
access-list 15 permit 172.29.19.0 0.0.0.255

o access-list 10 permit 172.29.16.0 0.0.3.255

6 . If you want to deny all Telnet connections to the network 192.168.10.0, which
Command will you use?

o access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23

7 . What are the possible ways to refer to a host 172.16.30.55 in an IP access list?

o 172.16.30.55 0.0.0.0
o host 172.16.30.55

8 . Which access lists will allow only HTTP traffic into network 196.15.7.0?

o access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www

9. Which command connect access list 110 inbound to interface ethernet0?

o Router(config)#interface ethernet 0
o Router(config-if)#ip access-group 110 in

- 30 -
 NETWORK ADDRESS TRANSLATION (NAT)

20.0.0.2
R

Private
10.0.0.10 Public
30.0.0.20

Inside local Inside global

R1(config)#Ip route 0.0.0.0 0.0.0.0 S0 -------------- Default Network 

R1(config)#access-list 15 permit 10.0.0.0 0.255.255.255 -------- Defining the range of hosts
R1(config)#int e 0
R1(config-if)#ip NAT inside
R1(config)#int s 0
R1(config-if)#ip NAT outside

1. Dynamic NAT configuring

R1(config)#IP NAT inside source list 15 int S0 overload *

2. Pool NAT

R1(config)#IP NAT pool MOHAN 20.0.0.30 20.0.0.35 netmask 255.0.0.0

R1(config)#IP NAT inside source list 15 pool MOHAN overload **

3. Static NAT

R1(config)#IP NAT inside source static 10.0.0.10 20.0.0.5 ***

* Router translates source addresses reaching inside (say e0) if it matches the list, to the same
public address at serial interface.

** Router translates source addresses reaching inside (say e0) if it matches the list, from the range
of addresses mentioned in the pool.

*** When a packet comes from 10.0.0.10 through inside source, then source is always translated
to only one address (20.0.0.5) and vice versa.

- 31 -
 Commands

1. Router#debug ip nat ------------- To debug NAT

2. Router#sh ip nat translations ----------- To display translations( Displays Inside

local, Inside Global, Outside local and Outside Global )

3. R1#clear ip nat translations * ----------- To clear translations

OUTPUTS

Router#debug ip nat

IP NAT debugging is on
Router#
01:10:59: NAT*: s=10.0.0.10->20.0.0.5, d=30.0.0.1 [205]
01:10:59: NAT*: s=30.0.0.1, d=20.0.0.5->10.0.0.10 [205]
01:11:00: NAT*: s=10.0.0.10->20.0.0.5, d=30.0.0.1 [206]
01:11:00: NAT*: s=30.0.0.1, d=20.0.0.5->10.0.0.10 [206]

Router#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

ICMP 20.0.0.5 10.0.0.10 --- ---

- 32 -
 Questions

1. What is NAT?

 Network Address Translation involves re-writing the source and destination address
of packets as they pass through a router. NAT is done in order to enable multiple hosts on
a private network to access the Internet using a single public IP address.

2. What does the Inside Global address represent in the configuration of NAT?

 A registered address that represents an inside host to an outside network 

3. Why we use access-list in NAT?

 Access-list defines the range of the hosts that can access the global address.

4. A network technician at Mohans would like to implement NAT in the network shown
in the exhibit. Inside hosts are allowed to use a private addressing scheme. Where NAT
should be configured?

R3 R2 R1
Internet

Pc1 Pc2 Pc3 Pc4

 Router R3

5 . Type of NAT that utilizes different ports to map multiple IP addresses to a single globally
registered IP address?

 Overloading

6. What is the function of the Cisco IOS command ip nat inside source static 10.1.1.5
172.35.16.5?
 It creates a global address pool for all outside NAT transactions.
 It establishes a dynamic address pool for an inside static address.
 It creates dynamic source translations for all inside local PAT transactions.
 It creates a one-to-one mapping between an inside local address and an inside
 global address.

 D

- 33 -
7. What flavor of Network Address Translation can be used to have one IP address
allow many users to connect to the global Internet?

 NAT
 Static
 Dynamic
 PAT
 Overloading

 E

8. Which of the following are disadvantages of using NAT? (Choose three.)

 Translation introduces switching path delays.

 Conserves legally registered addresses.
 Causes loss of end-to-end IP traceability.
 Increases flexibility when connecting to the Internet.
 Certain applications will not function with NAT enabled.
 Reduces address overlap occurrence.

 A,C and E

- 34 -
 OSPF & EIGRP

10.0.0.0 10.0.0.1 R 20.0.0.1 20.0.0.2 30.0.0.1

R2
30.0.0.0

OSPF

Router(config)#router OSPF <process-id> ------- [Process-id  1 to 65535]

Router(config-router)#network <NID> <WCM>area <area no>

R1(config)#router OSPF 15
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#network 20.0.0.0 0.255.255.255 area 0

R2(config)#router OSPF 12
R2(config-router)#network 30.0.0.0 0.255.255.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0

 Between two OSPF routers the process-ids need not be the same

EIGRP

R1(config)#router EIGRP <autonomous-no> ---------- [autonomous-no  1 to 65535]

R1(config-router)#network <NID>

R1(config)#router EIGRP 123

R1(config-router)#network 10.0.0.0
R1(config-router)#network 20.0.0.0

R2(config)#router EIGRP 123

R2(config-router)#network 30.0.0.0
R2(config-router)#network 20.0.0.0

 The autonomous system numbers should be the same while communicating between
EIGRPs

 In OSPF, area should be same.

- 35 -
Loop back interface

It’s a logical interface i.e., not a real router interface. When the Router ID of a router-
interface with the highest address, goes up and down, re-election for the new DR will not get
completed. Loop back interface resolves this problem, as it never goes down & router id never
changes.

Types of network using OSPF

 Broadcast (multi-access) networks provide a  broadcast ability in which every single

broadcast is delivered to all nodes on the network. This can be avoided in OSPF by electing a DR
and BDR for each broadcast multi-access networks.

LSA   LSA

LSA

 Non-broadcast multi-access network allows for multi-access, but have no broadcast

ability. So, NBMA networks require special OSPF configuration to function properly and neighbor
relationships must be defined.

Here,
Information of Ra is not sent to Rc
Information of Rc is not sent to Ra
But Rb knows about Ra and Rc

 Point-to-point refers to a type of network topology consisting of a direct connection

between two routers that provides a single communication path. This type of configuration
eliminates the need for DRs or BDRs, but neighbors are discovered automatically.

R R

- 36 -
 Commands

OSPF

 Router#sh ip ospf interface e 0

 Router#sh ip ospf int f 0
 Router#sh ip ospf int s 0
 Router#sh ip ospf neighbor  shows neighbor router-id.
 Router#sh ip protocols

EIGRP

 Router#sh ip eigrp neighbors

 Router#sh ip eigrp topology
 Router#sh ip eigrp traffic

- 37 -
 OUTPUTS

Router#debug ip ospf events

OSPF events debugging is on
Router#
OSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2
OSPF: End of hello processing
OSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2
OSPF: End of hello processing
OSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2
OSPF: End of hello processing

Router#sh ip ospf int e0

Ethernet0 is up, line protocol is up
Internet Address 30.0.0.1/8, Area 0
Process ID 5, Router ID 30.0.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 30.0.0.1, Interface address 30.0.0.1
No backup designated router on this network 
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)

Router#sh ip ospf int s0

Serial0 is up, line protocol is up
Internet Address 20.0.0.1/8, Area 0
Process ID 5, Router ID 30.0.0.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 100.0.0.1
Suppress hello for 0 neighbor(s)

Router#sh ip eigrp topology

IP-EIGRP Topology Table for process 5

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
P 20.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
P 30.0.0.0/8, 1 successors, FD is 281600
via Connected, Ethernet0
P 100.0.0.0/8, 1 successors, FD is 2195456
via 20.0.0.2 (2195456/281600), Serial0

- 38 -
 Questions

1. Differentiate between Distance vector and Link state Protocol?

Sl. Distance vector Link state

No

1 Considers only distance. Bandwidth, delay, load, Reliability and MTU.

2 Sends the routing table. Sends the state of the link.

3 Learns about the adjacent routers. Learns the entire topology.

2. Differentiate between OSPF and EIGRP?

Sl.
No OSPF EIGRP
1 Link state. Hybrid(DV + LS).

2 Open protocol (multi-vendor). Cisco Proprietary Protocol.

3 Supports multiple protocols like

Supports only IP protocol.
4 Cost = 10  / Bandwidth.
5 Link State Advertisement (LSA) is
made. (State of Link is broadcasted).
6 For every 10 sec a Hello packet is sent.
7 For every 30 min LSA is broadcasted.
8 When the Link goes down OSPF needs
to run the SPF algorithm again.
9 Area is used for administrative
convenience of a large network  administrative convenience of a large
IP, IPX, Apple Talk etc.,
Cost is calculated based on the
Bandwidth, Delay etc.,
Routing Table is sent.
For every 5 sec a Hello packet is sent.
Broadcast is sent only when there is a
change in the Routing table.
When the link goes down EIGRP
proceeds with the Next Best Path
(Feasible Successor).
Autonomous System is used for
network 

10 Uses Dijsktra algorithm to find the best Uses DUAL (Diffusing Update
path (Shortest path). Algorithm) is used to find the best path.

- 39 -
 Backbone Router
Switch
3. How OSPF works out? ABR

Area 1

Area
1
ABR
Area 0
ABR

Area 3 Area 2

ASBR Internal Router AS 100

AS 200

Area 1
 ABR – Area Border Router.
 ASBR – Autonomous System Border Router.
 AS – Autonomous System.

 OSPF is designed to have a hierarchical structure as large networks are a bit difficult to
manage. This allows to decrease routing overhead and to confine n/w instability to single
area of n/w.

 OSPF must have an area 0 (backbone area) and all routers should connect to this area. But
routers (i.e., ABRs) that connect other areas to backbone area should have at least one
interface connecting to area 0.

4. Show commands that will display the state of the OSPF DR/BDR election process?

 Router# show ip ospf interface

- 40 -
5. Which command will display all the EIGRP feasible successor routes known to a router?

 Router# show ip eigrp topology

6. When designing OSPF networks; what is the purpose of using a hierarchical design?

 To speed up convergence
 To confine network instability to single areas of the network 
 To reduce routing overhead

7. If routers in a single area are configured with the same priority value, what value does a
router use for the OSPF Router ID?

 The highest IP address of any physical interface

8. Which one of the following EIGRP commands can check the IP addresses of the
adjacent neighbors?

 R1#show ip eigrp neighbors

9 . Which commands will place network 10.2.3.0/24 into area 0?

 Router(config)# router ospf 10

Router (config_router) # network 10.2.3.0 0.0.0.255 area 0

10. With which network type will OSPF establish router adjacencies but not perform the
DR/BDR election process?

 Point-to-point

11. Which is true regarding EIGRP successor routes?

 A successor route may be backed up by a feasible successor route.

 A successor route is used by EIGRP to forward traffic to a destination.

o A

12. A network administrator typed the following into his router:

- 41 -
 Router(config)# router ospf 1
Router(config-router)#network 10.0.0.0 255.0.0.0 area 0

But still he can’t see any routes in the routing table. What configuration error did the
administrator make?

 The wildcard mask is incorrect. The wildcard should have been 0.255.255.255.

13 . Which EIGRP information is held in RAM and maintained through the use of 
Hello and update packets?

 Neighbor table
 Topology table

o A

ROUTING INFORMATION PROTOCOL VERSION 2

- 42 -
 10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

R R
10.0.0.0 30.0.0.0
E0 S0 S0 E0

R1(config)#router RIP R2(config)#router RIP

R1(config-router)#version 2 R2(config-router)#version 2
R1(config-router)#network 10.0.0.0 R2(config-router)#network 20.0.0.0
R1(config-router)#network 20.0.0.0 R2(config-router)#network 30.0.0.0

Here the command ‘version 2’ is added to the RIP protocol to change it to RIPv2.

Authenticating Packets using RIPv2

R1(config)#Key chain ABC  // Key chain <name>

R1(config-keychain)#key 2 // Key Identifier
R1(config-keychain-key)#key-string 123 // Key-string Line

R2(config)#Key chain XYZ 
R2(config-keychain)#key 2
R2(config-keychain-key)#key-string 123

The Key identifier and the Key-string should be same on the both end routers.

R1(config)#int s0
R1(config-if)#ip rip authentication key-chain ABC 
R1(config-if)#ip rip authentication mode text / md5

R2(config)#int s0
R2(config-if)#ip rip authentication key-chain XYZ 
R2(config-if)#ip rip authentication mode text / md5

Text and md5 are the two authentication methods used in RIPv2. By default RIPv2
can send & receive only version 2 updates. RIPv2 also allows sending and receiving
version 1 updates on any of the interface.

R1(config)#int s0
R1(config-if)#ip rip send / receive version 1 2
R2(config)#int s0
R2(config-if)#ip rip send / receive version 1 2

RIP version 2 has all its characteristics same as RIPv1 except some changes.

- 43 -
Difference between Routing Protocols:

RIPv1 IGRP OSPF EIGRP RIPv2

Protocol Distance Distance vector Link state Hybrid Distance
vector ( DV + LS ) vector
Multi Yes No Yes No yes
vendor
support

Metric Hop count Bandwidth & Cost Bandwidth & Hop count
Delay Delay

Sends Routing table Routing table Link state Routing table Routing
updates updates advertiseme updates table
nt updates

Routing 30 sec 90 sec 30 min Whenever a 30 sec

table change occurs
Update
intervals

Supports No No Yes Yes Yes

VLSM
Supports Classful Classful Classless Classless Classless

Uses 255.255.255.2 255.255.255.255 224.0.0.5 224.0.0.10 224.0.0.9

55 224.0.0.6

Outputs

- 44 -
 After RIPv2 is configured on both the routers

Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Ethernet0/0 (10.0.0.1)
RIP: build update entries
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
30.0.0.0/8 via 0.0.0.0, metric 2, tag 0
RIP: sending v2 update to 224.0.0.9 via Serial0/1 (20.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: received v2 update from 20.0.0.2 on Serial0/1
30.0.0.0/8 via 0.0.0.0 in 1 hops

 RIPv2 on one router & the other end is configured with RIPv1

Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: ignored v1 packet from 20.0.0.1 (illegal version)

 Using debug command on the other end.

Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v1 update to 255.255.255.255 via Ethernet0/0(30.0.0.1)
RIP: build update entries
network 10.0.0.0 metric 2
network 20.0.0.0 metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0/1 (20.0.0.2)
RIP: build update entries
network 30.0.0.0 metric 1
RIP: received v2 update from 20.0.0.1 on Serial0/1
10.0.0.0/8 via 0.0.0.0 in 1 hops

 Router#show ip protocols
Routing Protocol is "rip"

- 45 -
 Sending updates every 30 seconds, next due in 21 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Ethernet0/0 2 2
Serial0/1 2 2
Routing for Networks:
20.0.0.0
30.0.0.0
Routing Information Sources:
Gateway Distance Last Update
20.0.0.1 120 00:00:03
Distance: (default is 120)
[ By default RIPv2 can send & receive only version 2 updates ]

 Authentication modes is text on both routers

Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: received packet with text authentication abc
RIP: received v2 update from 20.0.0.1 on Serial0
10.0.0.0/8 via 0.0.0.0 in 1 hops
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0

 md5 is the authentication mode on both routers

Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0

RIP: received packet with  MD5 authentication

RIP: received v2 update from 20.0.0.1 on Serial0

- 46 -
 10.0.0.0/8 via 0.0.0.0 in 1 hops

 Different Authentication modes on both ends i.e., md5 authentication on one end &
text on the other end.

Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: ignored v2 packet from 20.0.0.1 (invalid authentication)
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0

Questions

1. Which three statements are correct about RIPv2?

- 47 -
  It has the same maximum hop count as version 1
 It uses broadcasts for its routing updates
 It is a classless routing Protocol
 It has a lower administrative distance than RIPv1
 It supports authentication

o It has the same maximum hop count as version 1

o It is a classless routing Protocol
o It supports authentication

2. Which statement is true regarding classless routing protocols? (Choose two.)

 The use of discontinuous networks is not allowed.

 The use of variable length subnet masks is permitted.
 RIPv1 is a classless routing protocol.
 IGRP supports classless routing within the same autonomous system.
 RIPv2 supports classless routing.

o The use of variable length subnet masks is permitted

o RIPv2 supports classless routing.

3. RIPv2 uses ---- to send the routing table updates

 Broadcast
 Multicast
 Unicast

o Multicast

4. The network shown in the exhibit is running the RIPv2 routing protocol. The
fastEthernet0/0 interface on R1 goes down. In which two ways will the routers in this
network respond to this change? (Choose two.)

A. All routers will reference their topology database to determine if any backup routes
to the 192.168.1.0 network are known.

- 48 -
B. Routers R2 and R3 mark the route as inaccessible and will not accept any further
routing updates from R1 until their hold down timers expire.

C. Because of the split-horizon rule, router R2 will be prevented from sending

erroneous information to R1 about connectivity to the 192.168.1.0 network.

D. When router R2 learns from R1 that the link to the 192.168.1.0 network has been
lost, R2 will respond by sending a route back to R1 with an infinite metric to the
192.168.1.0 network.

E. R1 will send LSAs to R2 and R3 informing

informing them of this change, and then all
routers will send periodic updates at an increased rate

o C and D

5. What does the below output depicts?

Router#debug
Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: ignored v1 packet from 20.0.0.1 (illegal version)

o The above output depicts that the other end router is using RIPv1 and the routing
protocol used on this router is RIPv2. As RIPv2 cannot receive version 1 by default, it is
ignoring version1 packets sent by the router that is configured with RIPv1
R IPv1

Frame Relay

- 49 -
 X X

HO hor bor HO
Frame-relay switch
Y Y

 Frame-relay is an example of a Packet Switched Network. This network enables

end-stations to dynamically share the existing connection

Frame relay connections are often given a Committed Information Rate (CIR)
(CIR) and an allowance
of burstable bandwidth known as the Extended Information Rate (EIR).
of burstable (EIR ). The provider guarantees
that the connection will always support the CIR rate, and sometimes the EIR rate. Frames that are
sent in excess of the CIR are marked as " discard eligible"
eligible" (DE) which means they can be dropped
when congestion occurs within the frame relay network. Frames sent in excess of the EIR are
dropped immediately.
Congestions in the network are reported by

1. FECN=Forward
FECN=Forward Explicit Congestion Notification bit
2. BECN=Backward
BECN=Backward Explicit Congestion Notification bit
3. DE=Discard
DE=Discard Eligibility bit provides the network with a signal to determine which
frames to be discarded, when there is a congestion on the line. The Frame-relay
switch will discard frames with a DE value of 1 before discarding other frames.

R(config)#int
R(config)#int s 0
R(config)#encapsula
R(config)#encapsulation
tion frame-relay
 // Defining
 // Defining the wan protocol

Once Encapsulation Frame-relay is given, serial interface requests the Frame-relay switch for
the LMI type it uses and accordingly it changes. Then a DLCI is allocated to the l ink by the
Frame Relay Switch. Then inverse arp maps destination ip address to the link’s DLCI No.
.

Frame Relay mapping

- 50 -
 R3
S0 s1

100 200

20.0.0.1 20.0.0.2
R1 R2

R(config)#int S 0
R(config-if)#frame-relay map ip 20.0.0.2 100 broadcast

Frame-relay mapping can be used in partially meshed topology or Hub & Spoke. If R1
wants to communicate with R2, which is not directly connected, we map R1 to R2 through the
source DLCI number i.e, 100.

Point-to-point (Sub-interface)

R3

Frame Switch

100 200

R1 R2

We can have multiple virtual circuits on a single serial interface, treating each and every
single virtual circuit as a separate interface. This is achieved by creating  sub interfaces in a Frame
Relay network to avoid split horizon issues from preventing routing updates. We can configure
separate sub interfaces for each PVC with a unique DLCI and subnet assigned to the sub interface.

. R3(config)#int S 0
R3(config-if)#no ip address
R3(config-if)#exit
R3(config)#int S 0.5 point-to-point
 // logically dividing the physical interface
R3(config-subif)#ip address 20.0.0.1 255.0.0.0
 // Assigning the IP address to the sub-interface
R3(config-subif)#frame-relay interface-DLCI 100

- 51 -
 Lab Setup :

S1 Frame switch S0
DCE DCE

20 .0.0.1 20.0.0.2
DTE S0 S0 DTE
E0 E0
HOR BOR

Step : 1

Configure Frame-Relay Switch

FRSW (config)#Frame-relay switching

Frsw(config)#int S 0
Frsw(config-if)#encapsulation frame-relay *
Frsw(config-if)#frame-relay intf-type dce **
Frsw(config-if)#frame-relay route 100 int S 1 200 ***
Frsw(config-if)#clock rate 64000
Frsw(config-if)#no shutdown

Frsw(config)#int S 1
Frsw(config-if)#encapsulation frame-relay
Frsw(config-if)#frame-relay intf-type dce
Frsw(config-if)#frame-relay route 200 int S 0 100
Frsw(config-if)#clock rate 64000
Frsw(config-if)#no shutdown

* FRSW (config-if )#encapsulation frame-relay ietf ( for non Cisco routers)

** By default Router’s serial interface is DTE.
*** Routing the packets from S0 (DLCI=100) to S1 (DLCI no=200)

Step : 2

Configuring Head Office & Branch Office Routers

Configure HOR & BOR using routing protocols. Then

HOR(config)#int s0 BOR(config)#int s0
HOR(config-if)#encapsulation frame-relay BOR(config-if)#encapsulation frame-relay

- 52 -
Step : 3

HOR#sh frame-relay map

Serial0 (up): ip 20.0.0.2 dlci 100(0xC8,0x3080), dynamic,
broadcast,, status defined, active

BOR#sh frame-relay map

Serial0 (up): ip 20.0.0.1 dlci 200(0xC8,0x3080), dynamic,
broadcast,, status defined, active

Step : 4

Statically mapping - IP address to DLCI number (frame-mapping)

HOR(config)#int s0 BOR(config)#int s0
HOR(config-if)#no frame-relay inverse-arp BOR(config-if)#no frame-relay inverse-arp
HOR(config-if)# ^z BOR(config-if)# ^z
HOR#clear frame-relay-inarp BOR#clear frame-relay-inarp

 This will remove the dynamic address resolution done by Frame Relay Switch

HOR(config)#int s0
HOR(config-if)#frame-relay map ip 20.0.0.2 100 broadcast *
BOR(config)#int s0
BOR(config-if)#frame-relay map ip 20.0.0.1 200 broadcast

* Here we are mapping Branch office IP address to the Head office DLCI number manually. If 
dynamic routing protocols are used, we use the keyword ‘broadcast’ .

Step : 5

HOR#sh frame-relay map

Serial0 (up): ip 20.0.0.2 dlci 100(0xC8,0x3080), Static,
broadcast,, status defined, active

BOR#sh frame-relay map

Serial0 (up): ip 20.0.0.1 dlci 200(0xC8,0x3080), Static,
broadcast,, status defined, active

Step : 6

- 53 -
 Creating Sub-interface

HOR(config)#int s0
HOR(config-if)#no ip address
HOR(config-if)#exit
HOR(config)#int s0.100 point-to-point
HOR(config-subif)#ip address 20.0.0.1 255.0.0.0
HOR(config-subif)#frame-relay interface-dlci 100
BOR(config)#int s0
BOR(config-if)#no ip address
BOR(config-if)#exit
BOR(config)#int s0.200 point-to-point
BOR(config-subif)#ip address 20.0.0.2 255.0.0.0
BOR(config-subif)#frame-relay interface-dlci 200

Commands

 Router#sh frame-relay LMI

To show frame-relay LMI type (CISCO, ANSI, Q933a)

 Router#sh frame-relay PVC

To show frame-relay PVC
(Shows the FECN, BECN, DE, etc bits in the frame )

 Router#sh frame-relay map

To show frame-relay mapping (Shows the DLCI number assigned)

Outputs

Router#sh frame-relay map

Serial0 (up): ip 20.0.0.2 dlci 200(0xC8,0x3080), dynamic,

broadcast,, status defined, active

Router#sh frame-relay lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Information ID 0 Invalid Report IE Len 0
Num Status Enq. Sent 13 Num Status msgs Rcvd 9

Router#sh frame-relay pvc

- 54 -
PVC Statistics for interface Serial0 (Frame Relay DTE)
Active Inactive Deleted Static
Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0

DLCI = 200, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0

input pkts 13 output pkts 12 in bytes 1104

out bytes 1090 dropped pkts 1 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 7 out bcast bytes 570
pvc create time 00:02:21, last time pvc status changed 00:02:01

Questions

- 55 -
1 . What is frame-relay?

o Frame-relay is an example of a Packet Switched Network. This network enables end-

stations to dynamically use the available bandwidth and share the connection. Frame relay
connections are often given a Committed Information Rate (CIR) and an allowance of 
burst able bandwidth known as the Extended Information Rate (EIR). Frames that are sent
in excess of the CIR are marked as discard eligible(DE) which means they can be dropped
when congestion occur in the network 

2 . What is Link Management Interface (LMI)?

o LMI manages the link between frame switch and the router WAN port. Once the line is
encapsulated to frame-relay, it requests frame switch which LMI it is using and accordingly
WAN port also changes.

3 . Difference between Inverse ARP, ARP & RARP

o Inverse ARP helps to map destination IP address to local DLCI number at the frame Switch
o ARP helps to get the MAC address from the corresponding IP address.
o RARP helps to get the IP address from the corresponding MAC address

4 . What is DLCI (Data Link Connection Identifier)?

o The DLCI serves to identify the virtual connection so that the receiving end knows which
information connection a frame belongs to.(Range=16 to 1007). This helps in Layer 2
identification.

5 . You are troubleshooting a frame relay connection and wish to view the LMI traffic status.
Which command should you issue?

o Show frame-relay lmi

6 . When setting up Frame Relay for point-to-point subinterface, what should not
be configured?

o An IP address on the physical interface.

7 . You need to configure a router for a Frame Relay connection to a non-Cisco

- 56 -
router. Which command will prepare the WAN interface of the router for this
connection?

o Router(config-if)#encapsulation frame-relay ietf 

8 . How should a router that is being used in a Frame Relay network be configured to
avoid split horizon issues from preventing routing updates?

o Configure a separate subinterface for each PVC with a unique DLCI and subnet
assigned to the subinterface.

9 . What does the term ‘dynamic’ in the below output refers to :

Router#sh frame-relay map

Serial0 (up): ip 20.0.0.2 dlci 200(0xC8,0x3080), dynamic,
broadcast,, status defined, active

o The mapping between DLCI 100 and the end station IP address 20.0.0.2 was learned
through Inverse ARP

10. In Frame Relay; what is the purpose of Inverse ARP?

o It is used to map a known DLCI to an IP address

11. By looking at the graphic below, what functions does the Frame Relay DLCI provide
with respect to Router A?

DLCI 100 DLCI 200

Router A RouterB

o Router A would use DLCI 100 to get to the RouterB networks. RouterB would use DLCI
200 to get to the Router A networks.

12 . What does the STATUS=ACTIVE refers to in the output of the show frame-relay

- 57 -
pvc command?

Router#sh frame-relay pvc

pvc statistics for interface serial0 (frame relay dte)

dlci = 200, dlci usage = local, pvc status = active

o Active state - Indicates that the connection is active and that routers can exchange data.
This is the state of an operational Permanent virtual Connection

13 . A default Frame Relay WAN is classified as what type of physical network?

o Non-broadcast multi-access

SWITCHING

- 58 -
 Trunk Port

Trunk Link 

Switches
Hosts Access Link 

Would you like to start initial configuration [yes/no]: no

Press return to get started

Switch>enable
Switch#configure terminal
Switch (config) #int vlan 1
* By default all ports are in the VLAN1
Switch (config-if) #ip address 10.0.0.5 255.0.0.0
Switch (config-if) #no shutdown
Switch (config-if) #exit
Switch (config) #ip default gateway 10.0.0.1

Configuring different VLANs

Switch (config) #vlan 2 // Creating the vlan

Switch (config-vlan) #name finance
Switch (config-vlan) #exit

Switch (config) #vlan 3

Switch (config-vlan) #name production
Switch (config-vlan) #exit
 [VLAN-no ranges from 2 to 1001]
 [VLAN name (xxx) is optional]

Allocating the ports to the VLANs

Switch(config)#int f 0/1
Switch(config-if)#switchport access vlan 3 // allocating ports to vlan
Switch(config-if)#exit
Switch(config)#int f 0/2
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit

Configuring the trunk Port

- 59 -
 ** Switch(config)#int f 0/24
Switch(config-if)#switchport mode trunk // creating the trunk port
Switch(config-if)#exit

 By default, trunk port of the switch is in VLAN1. So this port should be configured as
trunk port to carry all Vlan information.

Domain Name

Switch(config)#VTP domain <domain name>

Switch(config-if)#VTP domain MOHAN

 All the switches should be in the same domain

Switch’s operating mode

Switch(config)#VTP server/client/transparent

Commands

- 60 -
1. Switch#sh MAC-address-table

Displays the MAC address of the device and the corresponding port nos. to which
the devices are connected.

2. Switch#sh vlan
Displays the vlan information including port nos. that are in use, existing vlans &
which port belongs to which vlan.

3. Switch#sh VTP status

Displays configuration register, operating mode, domain name, etc..,

4. Switch#sh spanning-tree
Displays priority, Root ID, Bridge ID, Mac address, Root Bridge

- 61 -
 OUTPUTS
Switch#sh vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default
1002 fddi-default
1003 token-ring-default
1004 fddinet-default
active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
act/unsup
act/unsup
act/unsup

SwX#sh vtp status

Switch#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0014.a845.7280
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0014.a845.7280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/4 Desg FWD 100 128.4 Shr
Fa0/17 Desg FWD 100 128.17 Shr

Intervlan Routing

- 62 -
 By default, only hosts that are within the same VLAN can communicate. To allow inter-VLAN
communication, we need a router or a layer 3 switch.

 Intervlan switching using two fast Ethernet interfaces of the Router

Router

f 0/0 f 0/1

f 0/4 f 0/9
Switch
PC 1 PC 2
f 0/3 f 0/8

IP address: 10.1.0.10 IP address: 10.2.0.10

SNM : 255.255.0.0 SNM : 255.255.0.0
DG : 10.1.0.1 DG : 10.2.0.1
Vlan 2 Vlan 3

Configuring Switch

Switch(config)#vlan 2 Switch(config)#vlan 3
Switch(config-vlan)#name Fin Switch(config-vlan)#name mktg

Allocating Ports

Switch(config)#int f0/3 Switch(config)#int f0/8

Switch(config-if)#switchport access vl 2 Switch(config-if)#switchport access vl 3
Switch(config)#int f0/4 Switch(config)#int f0/9
Switch(config-if)#switchport access vl 2 Switch(config-if)#switchport access vl 3

Configuring Router

Router(config)#int f0/0
Router (config-if)#ip add 10.1.0.1 255.255.0.0
Router (config-if)#no shutdown

Router(config)#int f0/1
Router (config-if)#ip add 10.2.0.1 255.255.0.0
Router (config-if)#no shutdown

- 63 -
  Intervlan communication using single fast Ethernet interface of the Router is achieved by
creating sub interfaces.
Router

f 0/0

f 0/5

PC 1 f 0/3 f 0/8 PC 2

IP address: 10.1.0.10 IP address: 10.2.0.10

SNM : 255.255.0.0 SNM : 255.255.0.0
DG : 10.1.0.1 DG : 10.2.0.1
Vlan 2 Vlan 3

Configuring Switch

Switch(config)#vlan 2 Switch(config)#vlan 3
Switch(config-vlan)#name Fin Switch(config-vlan)#name mktg

Allocating Ports

Switch(config)#int f0/3 Switch(config)#int f0/8

Switch(config-if)#switchport access vl 2 Switch(config-if)#switchport access vl 3

Switch(config)#int f0/5
Switch(config-if)#switchport mode trunk 

Configuring Router

Router(config)#int f0/0
Router (config-if)#no ip address
Router (config-if)#no shutdown
Router (config-if)#exit

Router(config)#int f0/0 .1
Router(config-subif)#encapsulation dot1q <vlan no.>
Router(config-subif)#encapsulation dot1q 2
Router(config-subif)#ip add 10.1.0.1 255.255.0.0

Router(config)#int f0/0 .2
Router(config-subif)#encapsulation dot1q <vlan no.>
Router(config-subif)#encapsulation dot1q 3
Router(config-subif)#ip add 10.2.0.1 255.255.0.0

- 64 -
 Questions

1. Difference between Switch and Hub?

Switch Hub

 Switch is a layer-2 component Hub is a layer-1 component

 Switch learn MAC address Hub doesn’t learn MAC address
 Has one Broadcast Domain Has one Broadcast domain
 Has multiple collision domain Has only one collision domain

2 . Different forwarding trends in switch?

o Store & forward-- stores the frame, checks for the errors and forwards only the error
free frames.

o Cut-through – No error checking; just receives and forwards the frames.

o Fragment free  –  is also called as Modified Cut-through. The minimum ip packet size
st
is of 64 bytes. The 1 64 bytes of frame is checked for errors, where this 64 bytes
include the frame header, Destination MAC add (DMAC), Source MAC add (SMAC)
and some data. So, if these 64 bytes seem to be a good frame set then it is forwarded or
else it dumps the packets.

3 . Facts of Vlans

o Vlan is created to avoid unnecessary broadcasts

o Vlans are created without changing the physical set up
o By default each switch is in vlan 1
o Only systems in same vlan will communicate
o For inter-vlan communication we need Router/Layer 3 Switch
o VLAN setup is controlled by VTP(VLAN Trunk Protocol)

4 . Difference between Access link and Trunk link?

o Systems are connected to the switch through the access link and the switches are
connected each other through the trunk links.

- 65 -
5 . Different Operating modes in switch?

o Server — By default, all switches are in Server mode.Vlans can configured in created in
this mode.

o Clients — No changes can be made in client mode.

o Transparent — will not take any condition; it just forwards the conditions to the other
switches.

6. Why spanning-tree Protocol is used?

o Spanning-tree Protocol is been run to avoid the routing loops in a switched network. It
elects the Root Bridge and the Non-Root Bridge with the help of bpdu. The one with the
lesser bpdu will be elected as the Root Bridge. Root Bridge will be having every port in
forwarding mode of a frame on interface.

7 . What does a switch do when it receives a frame on interface and destination address is
unknown?

o It floods the network with the frame looking for the device

8 . How to manually elect a switch as root bridge?

o We could manually elect a switch as root bridge by changing the priority as

Switch(config)#spanning-tree vlan1 priority<value>

8 . Different Spanning-tree port states?

o Blocking: It won’t forward frames, pr event looping and by defaults all ports are blocked.
o Listening: Listens no loop has formed on N/W before passing frame.
o Learning: Listens and learns all paths in the N/W and updates MAC table.
o Forwarding: Sends and receives frames.
o Disabled: Does not participate in forwarding frame.

9 . What are the different functions of Switch?

o Address Learning: Learns the source hardware/Mac address of each frame received and
stores it in MAC address table.

o Forwarding/Filtering Decision: When received a frame on an interface, switch looks the

destination hardware address and finds the exit interface in the MAC table.

o Loop Avoidance: When more connection are made on switch for redundancy, BC loops
occur. Spanning-tree Protocol is used to stop BC loops.

- 66 -
10 . What is the result of segmenting a network with a switch?

o It increases the number of collision domains and will be smaller collision domains

11 . What will occur if two Cisco LAN switches are connected with a single crossover cable?

o The switch port link lights will be green, indicating normal operation.

12 . What are the three distinct functions of layer 2 switching that increase available
bandwidth on the network?

 Address learning
 Forwarding and filtering
 Loop avoidance

o A

13 . What technology is used by Catalyst switches to resolve topology loops and ensure that
data flows properly through a single network path?

o Spanning Tree Protocol (STP )

14 . Your core switch needs to be set as the root bridge of your network. What will make our
core switch the root bridge?

o Setting the bridge priority to less than 32,768

15 . What purpose in a switched LAN does STP perform?

o Prevent switching loops in a network with redundant switched paths.

16 . Which LAN switch type waits for the collision window to pass before looking up the
destination hardware address in the MAC filter table and forwarding the frame?

o Fragment Free looks at the first 64 bytes of a frame to make sure a collision does not
occur. It is sometimes referred to as modified cut-through.

17 . When a new trunk link is configured on an IOS-based switch, which VLANs are allowed
over the link?

o By default, all Vlans are allowed on the trunk.

18 . What VTP mode allows you to change VLAN information on the switch?

o Server

- 67 -
19 . These two switches are not sharing VLAN information. From the output below,
what is the reason. why these switches are not sharing VTP messages?

SwitchA#sh vtp status

VTP Version :2
Configuration Revision :0
Maximum VLANs supported locally : 64
Number of existing VLANs :7
VTP Operating Mode : Server
VTP Domain Name : RouterSim
VTP Pruning Mode : Disabled

SwitchB#sh vtp status

VTP Version :2
Configuration Revision :1
Maximum VLANs supported locally : 64
Number of existing VLANs :7
VTP Operating Mode : Server
VTP Domain Name : GlobalNet
VTP Pruning Mode : Disabled

o The VTP domain names are not configured correctly.

20 . What is the benefit of creating Vlans?

o They allow logical grouping of users by function.

o They can enhance network security.
o They increase the number of broadcast domains while decreasing the size of the
Broadcast domains.
 A

21 . How many broadcast domain exist in the exhibited topology?

o Three

- 68 -
 VIRTUAL PRIVATE NETWORK (VPN)

A virtual private network (VPN) allows the creation of private networks across the
Internet. VPNs are used daily to give remote users and disjointed networks connectivity over a
public medium like the Internet instead of using more expensive permanent means.

Virtual private network is a method of encrypting point-to-point logical connections across a

public network, such as the Internet. This allows secure communications across a public network.

- 69 -
 Questions

1. What are the two security appliances that can be installed in a network? (choose 2)

A. ATM (Asynchronous Transfer Mode)

B. IDS (Intrusion Detection System)
C. IOS (Internetwork Operating System)
D. IOX
E. IPS (Intrusion Prevention System)
F. SDM (Security Device Manager)

o B and E

2. What are the 3 typical categories of VPNs?

Remote access VPNs

Site-to-site VPNs
Extranet VPNs

 Remote access VPNs allow remote users like telecommuters to securely access the corporate
network wherever and whenever they need to.

 Site-to-site VPNs or intranet VPNs, allow a company to connect its remote sites to the
corporate backbone securely over a public medium like the Internet instead of requiring more
expensive WAN connections like Frame Relay.

 Extranet VPNs allow an organization’s suppliers, partners, and customers to be connected

to the corporate network in a limited way for business-to-business (B2B) communications.

3. To provide security in your VPN tunnel, what protocol suite would you use?

o IPSec

IPSec is an industry-wide standard suite of protocols and algorithms that allows for secure
data transmission over an IP-based network that functions at the layer 3 Network layer of the OSI
model.

4. Which of the following describes the creation of private networks across the Internet,
enabling privacy and tunneling of non-TCP/IP protocols?

A. HDLC
B. Cable
C. VPN
D. IPSec
E. xDSL

o C

- 70 -
 Internet Protocol Version 6 (IPv6)

Ipv4 is a 32 bit addressing scheme, whereas IPv6 is a 128 bit hexa decimal addressing
scheme, represented in 8 combinations of 4 hexa decimal numbers each separated by a colon.
Hence IPV6 is called a 16-bit Hexadecimal Colon-delimited Block.

Representation:

An IPV6 address is represented as shown below:

2003:1234:ABCD:0001:5678:DCBA:4321:EFGH

Global Interface ID
Unicast
Subnet

Global Prefix

1. Global Unicast recognizes the particular Region or Zone. It is a publicly routable address.

2. Global Prefix is provided by ISP, it’s of 48 bits.

3. Subnet tells you to which particular organization it belongs.

4. Interface id is of 64 bits, where the 48 bit MAC address is padded with FFFE which is of 16
bits and is placed exactly in the middle of the MAC address to make it a 64 bit interface id.

 Ex: 2000:12ab:34cd:00ef:1234:4295:0000:00cd

 In the above expression ‘00ef ‘ can be represented as ‘ef ‘ and the continuous z eros can be
replaced by double colons( :: ).It can be re-written as

2000:12ab:34cd:ef:1234:4295::cd

 Ex : 2000:0000:0000:00ef:1234:kf34:eef0:cd4e
=>
2000::ef: 1234:kf34:eef0:cd4e

- 71 -
 Ex : 2001:0000:0000:0012:0000:0000:1234:56ab

And you can’t do this:

2001::12::1234:56ab
Instead, the best way you can do is
2001::12:0:0:1234:56ab

Difference between IPv4 & IPv6:

0:0:0:0:0:0:0:0
This is the equivalent of IPv4’s 0.0.0.0

0:0:0:0:0:0:0:1
The equivalent of 127.0.0.1 in IPv4

2000::/3
The global Unicast address range.

FC00::/7
The unique local Unicast range.

FE80::/10
The link-local Unicast range.

FF00::/8
The multicast range.

3FFF:FFFF::/32
Reserved for examples and documentation.

2001:0DB8::/32
Also reserved for examples and documentation.

Extended Uniform Identification (eui-64):

You can specify the entire 128-bit global IPv6 address or you can use the eui-64 option.
The eui-64 format allows the device to use its MAC address and pad it to m ake the interface ID.

Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64

The Globe is divided into 5 Zones and each zone will be assigned a number range to i dentify them.
Here the ‘/64’ represents the identification of the Zone and the IP of the company in that zone.Eui -
64 will pad an extra FFFE to the MAC address exactly to its center.

- 72 -
E.g. MAC address 0060.d673.1987 after padding would look like  – 0260.d6ff.fe73.1987

In the above e.g.

0 0 6 0 D 6 7 3 1 9 8 7
0000 0000

th
7 bit is 0 then the address is locally unique.

0 2 6 0 D 6 F F F E 7 3 1 9 8 7
0000 0010

th
After padding the 7 bit changes to 1, now the address is Link local address. It is globally unique
address.

This padding process is called as EUI-64 i.e. Extended Uniform Identifier. EUI-64 is an IEEE
standard that is given to the MAC address of any particular system where eve ry system’s MAC
address will be automatically assigned. MAC address is the part of IPV6 address which makes it a
unique address.

- 73 -
 LAB

DTE DCE
E0 S0 S0 E0

R1 R2

R1(config)#ipv6 unicast-routing // By default ipv6 is disabled

R1(config)#int e0
R1(config-if)#ipv6 add 2004:abcd:1234:0001::/64 eui-64
R1(config-if)#ipv6 rip 1 enable
R1(config-if)#no shutdown
R1(config)#int s0
R1(config-if)#ipv6 add 2005:abcd:1234:0002::/64 eui-64
R1(config-if)#ipv6 rip 1 enable
R1(config-if)#no shutdown

R2(config)#ipv6 unicast-routing
R2(config)#int e0
R2(config-if)#ipv6 add 2003:abcd:1234:0001::/64 eui-64
R2(config-if)# ipv6 rip 1 enable
R2(config-if)#no shutdown
R2(config)#int s0
R2(config-if)#ipv6 add 2005:abcd:1234:0002::/64 eui-64
R2(config-if)#no shutdown
R2(config-if)# ipv6 rip 1 enable
R2(config-if)#clock rate 64000

- 74 -
 Outputs

 R2#sh ipv6 int brief 

Ethernet0 [up/up]
FE80::210:7BFF:FE7F:B8EA
2003:ABCD:1234:1:210:7BFF:FE7F:B8EA
Serial0 [up/up]
FE80::210:7BFF:FE7F:B8EA
2005:ABCD:1234:2:210:7BFF:FE7F:B8EA
Serial1 [administratively down/down]

 For each interface IPv6 will create a Link local & Global Unicast address.

Global unicast addresses

These are publicly routable addresses, and they’re the same as they are in IPv4.
Link-local addresses
These are like the private addresses in IPv4, that means they’re not routable on a public
network.

R2#sh ipv6 int e0

Ethernet0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::210:7BFF:FE7F:B8EA
Global unicast address(es):
2003:ABCD:1234:1:210:7BFF:FE7F:B8EA, subnet is 2003:ABCD:1234:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF7F:B8EA
MTU is 1500 bytes

R2#sh ipv6 int s0

Serial0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::210:7BFF:FE7F:B8EA
Global unicast address(es):
2005:ABCD:1234:2:210:7BFF:FE7F:B8EA, subnet is 2005:ABCD:1234:2::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF17:2
FF02::1:FF7F:B8EA
MTU is 1500 bytes

- 75 -
 R2#sh ipv6 route ( without configuring RIP )
IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
C 2003:ABCD:1234:1::/64 [0/0]
via ::, Ethernet0
L 2003:ABCD:1234:1:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Ethernet0
C 2005:ABCD:1234:2::/64 [0/0]
via ::, Serial0
L 2005:ABCD:1234:2:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Serial0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0

 R2#sh ipv6 route (configuring RIP )

IPv6 Routing Table - 6 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
C 2003:ABCD:1234:1::/64 [0/0]
via ::, Ethernet0
L 2003:ABCD:1234:1:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Ethernet0
R 2004:abcd:1234:1::/64 [120/2]
Via FE80::200:CFF:FE91:811E, serial 0
C 2005:ABCD:1234:2::/64 [0/0]
via ::, Serial0
L 2005:ABCD:1234:2:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Serial0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0

 R2#debug ipv6 rip

RIP Routing Protocol debugging is on
R2#
RIPng: response received from FE80::200:CFF:FE91:811E on Serial0 for 1
src=FE80::200:CFF:FE91:811E (Serial0)
dst=FF02::9 …….. Multicast address
sport=521, dport=521, length=52
command=2, version=1, mbz=0, #rte=2
tag=0, metric=1, prefix=2003:ABCD:1234:2::/64
tag=0, metric=1, prefix=2003:ABCD:1234:3::/64

- 76 -
 RIPng: Sending multicast update on Ethernet0 for 1
src=FE80::210:7BFF:FE7F:B8EA
dst=FF02::9 (Ethernet0)
sport=521, dport=521, length=72
command=2, version=1, mbz=0, #rte=3
tag=0, metric=1, prefix=2003:ABCD:1234:1::/64
tag=0, metric=1, prefix=2003:ABCD:1234:2::/64
tag=0, metric=2, prefix=2003:ABCD:1234:3::/64

RIPng: Sending multicast update on Serial0 for 1

src=FE80::210:7BFF:FE7F:B8EA
dst=FF02::9 (Serial0)
sport=521, dport=521, length=52
command=2, version=1, mbz=0, #rte=2
tag=0, metric=1, prefix=2003:ABCD:1234:1::/64
tag=0, metric=1, prefix=2003:ABCD:1234:2::/64

Dual Stacking :

It allows our devices to communicate using either IPv4 or IPv6. It’ll look something li ke this:
Router(config)#ipv6 unicast-routing
Router(config)#interface fastethernet 0/0
Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64
Router(config-if)#ip address 192.168.255.1 255.255.255.0

- 77 -
 Questions

1. How long is an IPv6 address?

A. 32 bits
B. 128 bytes
C. 64 bits
D. 128 bits

D

2. To enable RIPng, which of the following would you use?

A. Router1(config-if)# ipv6 ospf 10 area 0.0.0.0
B. Router1(config-if)#ipv6 rip 1 enable
C. Router1(config)# ipv6 router eigrp 10
D. Router1(config-rtr)#no shutdown
E. Router1(config-if)#ipv6 eigrp 10

B

3. What two statements about IPv6 addresses are true? (Choose two.)
A. Leading zeros are required.
B. Two colons (::) are used to represent successive hexadecimal fields of zeros.
C. Two colons (::) are used to separate fields.
D. A single interface will have multiple IPv6 addresses of different t ypes.

 B,D

4. What two statements about IPv4 and IPv6 addresses are true?
A. An IPv6 address is 32 bits long, represented in hexidecimal.
B. An IPv6 address is 128 bits long, represented in decimal.
C. An IPv4 address is 32 bits long, represented in decimal.
D. An IPv6 address is 128 bits long, represented in hexidecimal.

 C,D

- 78 -
 WIRELESS LAN (WLAN)

1. A single 802.11g access point has configured and installed in the center of a square office. A
few wireless users are experiencing slow performance and drops while most users are operating at
peak efficiency. What are three likely causes?

A. mismatched TKIP encryption

B. cordless phones
C. mismatched SSID
D. metal file cabinets
E. antenna type or direction

 B,D,E

2. Which two statements best describe the wireless security standard that is defined by WPA?
(Choose two.)
A. It specifies use of a static encryption key that must be changed frequently to
enhance security.
B. It requires use of an open authentication method.
C. It specifies the use of dynamic encryption keys that change each time a client
establishes a connection.
D. It requires that all access points and wireless devices use the same encryption
key.
E. It includes authentication by PSK.

 C, E

3. You and a co-worker have established wireless communication directly between your wireless
laptops. What type of wireless topology has been created?

A. BSS
B. ESS
C. IBSS
D. SSID

C

4. Which two devices can interfere with the operation of a wireless network because they operate
on similar frequencies? (Choose two.)
A. copier
B. microwave oven
C. toaster
D. cordless phone
E. IP phone

 B, D

- 79 -
5. What is the maximum data rate specified for IEEE 802.11b WLANs?
A. 10 Mbps
B. 11 Mbps
C. 54 Mbps
D. 100 Mbps

B

6. Which spread spectrum technology does the 802.11b standard define for operation?
A. IR
B. DSSS
C. FHSS
D. DSSS and FHSS
E. IR, FHSS and DSSS

B

7. What is one reason that WPA encryption is preferred over WEP?

A. A WPA key is longer and requires more special characters than the WEP key.
B. The access point and the client are manually configured with different WPA key values.
C. WPA key values remain the same until the client configuration is changed.
D. The values of WPA keys can change dynamically while the system is used.

D

8. What two facts can be determined from the WLAN diagram (choose 2)?

A. The area of overlap of the two cells represents a basic service set (BSS)
B. The network diagram represents an extended service set (ESS)
C. Access points in each cell must be configured to use channel 1
D. The area of overlap must be less than 10% of the area to ensure connectivity
E. The two APs should be configured to operate on different channels

 B and E

- 80 -
 BOOTING

1. Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location
that is shown(choose two)?

A. Router 1 has specific boot system commands that instruct it to load IOS from a TFTP server
B. Router 1 is acting as a TFTP server for other routers.
C. Router 1 cannot locate a valid IOS image in the flash memory.
D. Router 1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server.
E. Cisco routers will first attempt to load an image from TFTP for management purpose

 A and C

2. During startup, the router displays the following error message.

Boot cannot open “flash”.
What will the router do next?

A. because of damaged flash memory, router will fail the POST.

B. It will attempt to locate the IOS from a TFTP server, if it fails it will initiate the setup dialog.
C. It will attempt to locate the IOS from a TFTP server, it will load a limited IOS from ROM.
D. It will attempt to locate the configuration file from a TFTP server, if it fails it will initiate the
setup dialog
E. It will attempt to locate the configuration file from a TFTP server, if it fails it will load a
limited configuration from ROM

C

- 81 -
3. When upgrading the IOS image, the network administrator receives the exhibited
Error message. What could be the cause of error?

A. The new IOS image is too large for the router flash memory.
B. The TFTP server is unreachable from the router
C. The new IOS is not correct for this router platform.
D. The IOS image on the TFTP server is corrupt.
E. There is not enough disk space on the TFTP server for the IOS image.

B

4. There are no boot system commands in a router configuration in NVRAM. What is the fallback 
sequence that the router will use to find an IOS during reload?

A. TFTP server,Flash,NVRAM
B. ROM,NVRAM,TFTP server
C. NVRAM,TFTP server,ROM
D. Flash,TFTP server<ROM
E. Flash,NVRAM,ROM

D

5. What does the command o/r 0x2142 provide?

A. It is used to restart the router.

B. It is used to bypass the configuration in NVRAM.
C. It is used to enter ROM Monitor mode.
D. It is used to view the lost password.

B

6. Which command will copy the IOS to a backup host on your network?

A. transfer IOS to 172.16.10.1

B. copy run start
C. copy tftp flash
D. copy start tftp
E. copy flash tftp

E

- 82 -
7. The corporate office sends you a new router to connect, but upon connecting the console
cable,you see that there is already a configuration on the router. What should be done before a new
configuration is entered in the router?

A. RAM should be erased and the router restarted.

B. Flash should be erased and the router restarted.
C. NVRAM should be erased and the router restarted.
D. The new configuration should be entered and saved.

C

8. What should the configuration register value be after you successfully complete the password
recovery procedure and return the router to normal operation?

A. 0x2100
B. 0x2101
C. 0x2102
D. 0x2142

C

9. Which command displays the configuration register setting?

A. show ip route
B. show boot version
C. show version
D. show flash

C

10. The configuration register setting of 0x2102 provides what f unction to a router?
A. Tells the router to boot into ROM monitor mode
B. Provides password recovery
C. Tells the router to look in NVRAM for the boot sequence
D. Boots the IOS from a TFTP server
E. Boots an IOS image stored in ROM

C

11. You copy a configuration from a network host to a router’s RAM. The configuration looks
correct, yet it’s not working at all. What could the problem be?

A. You copied the wrong configuration into RAM.

B. You copied the configuration into flash memory instead.
C. The copy did not override the shutdown command in running-config.
D. The IOS became corrupted after the copy command was initiated.

C

- 83 -