Router

• Router:
• Connects one network to another network
• Determines the best route to the destination before forwarding traffic to the
next router along the path
• Responsible for routing traffic between network
• Routing table used to determine the most efficient path to reach the
destination
• The primary functions of a router are to:
• Determine the best path to send packets
• Forward packets toward their destination
• Routes • Routing Table • Bandwidth • Delay • Cost • Administrative
Distance • Default Route • Static Route

Trace a Route
tracert google.com
• Part 1: Set Up the Topology and Initialize Devices
• Cable equipment to match the network topology.
• Initialize and restart the router and switch.
• Part 2: Configure Devices and Verify Connectivity
• Assign static IPv4 information to the PC interfaces.
• Configure basic router settings.
• Verify network connectivity.
• Configure the router for SSH.
• Part 3: Display Router Information
• Retrieve hardware and software information from the router.
• Interpret the output from the startup configuration.
• Interpret the output from the routing table.
• Verify the status of the interfaces.
 • Router> enable
• Router#
• Router# config terminal
• Router(config)#
• Router(config)# hostname R1

• Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as though they
were hostnames
• R1(config)# no ip domain-lookup
• Require that a minimum of 10 characters be used for all passwords
• R1(config)# security passwords min-length 10
• R1(config)# enable secret cisco12345
• R1(config)# line con 0
• R1(config-line)# password ciscoconpass
• R1(config-line)# exec-timeout 5 0 (The session will timeout in 5 minutes and 0 seconds)
• R1(config-line)# login
• R1(config-line)# logging synchronous
• R1(config-line)# exit
• R1(config)#
• R1(config)# line vty 0 4
• R1(config-line)# password ciscovtypass
• R1(config-line)# exec-timeout 5 0
• R1(config-line)# transport input telnet
• R1(config-line)# login
• R1(config-line)# logging synchronous
• R1(config-line)# exit
• R1(config)#
• R1(config)# service password-encryption
• R1(config)# banner motd #Unauthorized access prohibited!#
• R1(config)# int g0/0
• R1(config-if)# description Connection to PC-B
• R1(config-if)# ip address 192.168.0.1 255.255.255.0
• R1(config-if)# no shutdown R1(config-if)# int g0/1
• R1(config-if)# description Connection to S1
• R1(config-if)# ip address 192.168.1.1 255.255.255.0
• R1(config-if)# no shutdown
• R1(config-if)# exit
• R1# clock set 17:00:00 18 Feb 2013
• R1# copy running-config startup-config
• R1#
• R1# configure terminal
• R1(config)# ip domain-name CCNA-lab.com
• R1(config)# username admin privilege 15 secret adminpass1
• R1(config)# line vty 0 4
• R1(config-line)# transport input ssh
• R1(config-line)# login local R1(config-line)# exit
• R1(config)# crypto key generate rsa modulus 1024
• R1(config)# exit
• R1#
• R1# show ip route
• R1# show ip interface brief
• A router learns about remote networks in two ways :
• Manually entered into the route table using static routes
• Static routes are not automatically updated and must be reconfigured when topology changes
• Dynamically (Automatically) learned using a routing protocol
 Default static routes are commonly used when connecting:
• An edge router to a service provider network
• A stub router (a router with only one upstream neighbor router)
 Default route is used when no other routes in the routing table match the destination IP
 • R3(config)# interface s0/0/0
• R3(config-if)# ip address 10.1.1.2 255.255.255.252
• R3(config-if)# clock rate 128000
• R3(config-if)# no shutdown
• R1# show ip interface brief
• R1(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.2
• R3(config)# ip route 192.168.0.0 255.255.255.0 s0/0/0
• R1(config)# ip route 198.133.219.0 255.255.255.0 S0/0/1
• RR1(config)# no ip route 209.165.200.224 255.255.255.224 10.1.1.2
• R1(config)# no ip route 198.133.219.0 255.255.255.0 S0/0/1
• Note: A static route can be removed with the no command without specifying the exit
interface or nexthop ip address as displayed below.
• R1(config)# no ip route 209.165.200.224 255.255.255.224
• R1(config)# no ip route 198.133.219.0 255.255.255.01(config)# ip route 198.133.219.0
255.255.255.0 10.1.1.2
• Default route
• R1(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1
Exercise …
 Dynamic Routing Protocol Overview
Dynamic Routing Protocol Overview

• RIP protocol was updated to RIPv2 to accommodate growth in the network environment
• RIPv2 does not scale to current larger network implementations
• Both versions of RIP, RIPv1 and RIPv2, are Distance Vector Routing Protocols that use router hop counts as
their metrics. They support a maximum hop count value of 15. Any router farther than 15 hops away is
considered to be unreachable.
• Routing Protocols developed to meet the need of larger networks include:
• Open Shortest Path First (OSPF)
• Intermediate System-to-Intermediate System (IS-IS).
• Enhanced IGRP (EIGRP)
• Border Gateway Protocol (BGP) is used between Internet service providers (ISPs)
 Dynamic Routing Protocols
• Purpose of dynamic routing protocols includes:
• Discovery of remote networks
• Maintaining up-to-date routing information
• Choosing the best path to destination networks
• Ability to find a new best path if the current path is no longer available
 R1# show ip protocols
R2# show ip route
R1(config)# router rip
R1(config-router)# no auto-summary
Issue the clear ip route * command to clear the routing
table.
R1# clear ip route *
Port Security: Operation
• Port security limits the number of valid MAC addresses allowed to
transmit data through a switch port.
• If a port has port security enabled and an unknown MAC address sends data,
the switch presents a security violation.
• Default number of secure MAC addresses allowed is 1.
 • S1(config)# interface range fa0/1 - 2
• S1(config-if-range)# switchport port-security
• S1(config-if-range)# switchport port-security maximum 1

• Secure the ports so that the MAC address of a device is dynamically

learned and added to the running configuration.
• S1(config-if-range)# switchport port-security mac-address sticky
• S1(config-if-range)# switchport port-security violation restrict
• S1(config-if-range)# interface range fa0/3 - 24 , gi1/1 - 2
• S1(config-if-range)# shutdown
• S1# show port-security interface fa0/2
 • S1(config)# vlan 99
• S1(config-vlan)# exit
• S1(config)# interface vlan99
• S1(config-if)# ip address 192.168.1.2 255.255.255.0
• S1(config-if)# no shutdown
• S1(config-if)# exit
• S1(config)#

• Assign all user ports to VLAN 99.

• S1(config)# interface range f0/1 – 24,g0/1 – 2
• S1(config-if-range)# switchport access vlan 99
• S1(config-if-range)# exit
• S1(config)#
• S1# show interface vlan brief
• S1(config)# ip default-gateway 192.168.1.1
S1(config)# vlan 99
S1(config)# interface vlan 99
S1(config-if)# ip address 172.16.99.11 255.255.255.0
S1(config-if)# no shutdown
S1(config-if)# end
S1#
S1# config t
S1(config)# interface f0/5
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 99
S1(config-if)# interface f0/6
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 99
• S1(config)# interface range f0/1 – 4
• S1(config-if-range)# shutdown
• S1(config-if-range)# interface range f0/7 – 24
• S1(config-if-range)# shutdown
• S1(config-if-range)# interface range g0/1 – 2
• S1(config-if-range)# shutdown
• S1(config-if-range)# end
• S1#
Vlan

S1(config)# interface f0/24
S1(config-if)# no switchport access vlan
S1(config-if)# end
S1(config)# no vlan 30
S1(config)# end
• S1(config)# vlan 10
• S1(config-vlan)# name Student
• S1(config-vlan)# vlan 20
• S1(config-vlan)# name Faculty
• S1(config-vlan)# vlan 99
• S1(config-vlan)# name Management
• S1(config-vlan)# end
• S1# show vlan
• S1(config)# interface f0/6
• S1(config-if)# switchport mode access
• S1(config-if)# switchport access vlan 10
• S1(config)# interface vlan 1
• S1(config-if)# no ip address
• S1(config-if)# interface vlan 99
• S1(config-if)# ip address 192.168.1.11 255.255.255.0
• S1(config-if)# end
• S1(config)# interface range f0/11-24
• S1(config-if-range)# switchport mode access
• S1(config-if-range)# switchport access vlan 10
• S1(config)# interface range f0/11, f0/21
• S1(config-if-range)# switchport access vlan 20
• S1(config-if-range)# end
Trunk ports are generally
used in switch to switch
communication or switch to Router (Router on a stick). ... Using
the “Switchport mode access” command forces the port to be
an access port while and any device plugged into this port will
only be able to communicate with other devices that are in the
same VLAN
Exercise….
• Switch S1 S1(config)# vlan 10 S1(config-vlan)# name Student S1(config-vlan)# exit S1(config)#
vlan 20 S1(config-vlan)# name Faculty-Admin S1(config-vlan)# exit S1(config)# interface f0/1
S1(config-if)# switchport mode trunk S1(config-if)# interface range f0/5 – 6 S1(config-if-
range)# switchport mode access
• S1(config-if-range)# switchport access vlan 10 S1(config-if-range)# interface vlan 10 S1(config-
if)# ip address 192.168.10.11 255.255.255.0 S1(config-if)# no shut S1(config-if)# exit
S1(config)# ip default-gateway 192.168.10.1 Switch S2 S2(config)# vlan 10 S2(config-vlan)#
name Student S2(config-vlan)# exit S2(config)# vlan 20 S2(config-vlan)# name Faculty-Admin
S2(config-vlan)# exit S2(config)# interface f0/1 S2(config-if)# switchport mode trunk S2(config-
if)# interface f0/11 S2(config-if)# switchport mode access S2(config-if)# switchport access vlan
20 S2(config-if)# interface f0/18 S2(config-if)# switchport mode access S2(config-if)#
switchport access vlan 20 S2(config-if-range)# interface vlan 10 S2(config-if)#ip address
192.168.10.12 255.255.255.0 S2(config-if)# no shut S2(config-if)# exit S2(config)# ip default-
gateway 192.168.10.1
• Router R1 R1#show run
A subinterface is a virtual interface created by dividing one
physical interface into multiple logical interfaces. A sub-
interface in a Cisco Router uses the parent physical interface
for sending and receiving data. Subinterfaces are used for a
variety of purposes.
• Switch S1
• S1(config)# vlan 10 S1(config-vlan)# name Students S1(config-vlan)# vlan 20 S1(config-vlan)# name
Faculty S1(config-vlan)# exit S1(config)# interface f0/1 S1(config-if)# switchport mode trunk S1(config-if)#
interface f0/5 S1(config-if)# switchport mode trunk S1(config-if)# interface f0/6 S1(config-if)# switchport
mode access S1(config-if)# switchport access vlan 10

• Switch S2
• S2(config)# vlan 10 S2(config-vlan)# name Students S2(config-vlan)# vlan 20 S2(config-vlan)# name
Faculty S2(config)# interface f0/1 S2(config-if)# switchport mode trunkS2(config-if)# interface f0/18
S2(config-if)# switchport mode access S2(config-if)# switchport access vlan 20
• Router R1
• R1(config)# interface g0/1.1 R1(config-subif)# encapsulation dot1Q 1 R1(config-subif)# ip address
192.168.1.1 255.255.255.0 R1(config-subif)# interface g0/1.10 R1(config-subif)# encapsulation
dot1Q 10 R1(config-subif)# ip address 192.168.10.1 255.255.255.0 R1(config-subif)# interface
g0/1.20 R1(config-subif)# encapsulation dot1Q 20 R1(config-subif)# ip address 192.168.20.1
255.255.255.0 R1(config-subif)# exit R1(config)# interface g0/1 R1(config-if)# no shutdown
ACL Operation

• ACLs do not act on packets that

originate from the router itself.
• ACLs define the set of rules that give
added control for packets that enter
inbound interfaces, packets that relay
through the router, and packets that
exit outbound interfaces of the router.
• ACLs can be configured to apply to
inbound traffic and outbound traffic:
• Inbound ACLs – Incoming packets are
Extended ACLs – Configure extended ACLs as close as processed before they are routed to
the outbound interface.
possible to the source of the traffic to be filtered. This
• Outbound ACLs – Incoming packets
will prevent undesirable traffic as close to the source are routed to the outbound interface,
without it crossing the network infrastructure. and then they are processed through
Standard ACLs – Since standard ACLs do not specify the outbound ACL.
destination addresses, they should be configured as
close to the destination as possible. standard ACL with a number in the range of 1 through 99.
R1(config)# ip access-list standard ADMIN-MGT
R1(config-std-nacl)#
R1(config-std-nacl)# permit host 192.168.1.3
R1(config-std-nacl)# permit 192.168.1.4 0.0.0.3
R1(config-std-nacl)# exit
R1# show ip access-lists
• R1(config)# router rip R1(config-router)# version 2 R1(config-router)# network
192.168.10.0 R1(config-router)# network 192.168.20.0 R1(config-router)# network
10.1.1.0

• ISP(config)# router rip ISP(config-router)# version 2 ISP(config-router)# network

209.165.200.224 ISP(config-router)# network 10.1.1.0 ISP(config-router)# network
10.2.2.0
• R3(config)# router RIP R1(config-router)# version 2 R3(config-router)# network
192.168.30.0 R3(config-router)# network 192.168.40.0 R3(config-router)# network
10.2.2.0
• R3(config)# access-list 1 remark Allow R1 LANs Access
• R3(config)# access-list 1 permit 192.168.10.0 0.0.0.255 R3(config)# access-list 1 permit
192.168.20.0 0.0.0.255 R3(config)# access-list 1 deny any
• R3(config)# interface g0/1 R3(config-if)# ip access-group 1 out
• R3# show access-lists
• R1(config)# ip access-list standard BRANCH-OFFICE-POLICY R1(config-std-nacl)# permit
host 192.168.30.3 R1(config-std-nacl)# permit 192.168.40.0 0.0.0.255 R1(config-std-
nacl)# end
• R1(config)# interface g0/1 R1(config-if)# ip access-group BRANCH-OFFICE-POLICY out