Saturday 27 February 2010

Configure a Router on a Stick

In this post I will configure a router to route traffic between VLANs using just one router interface, this is commonly referred to as a Router on a Stick.

Below is a diagram of the network I'll be working with in this post.





My goal is for UserA in VLAN 64 to communicate with UserB in VLAN 128. To do this my router and switch must use a fastethernet port running at 100Mb full duplex.

To begin with I will configure the ports on Switch1 to be in the correct VLANs. These commands will also create the VLANs because the don't already exist. I have named the VLANs to be the same as the networks to keep things simple.


Switch1

switch1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)#interface range fastEthernet 0/9 - 16
switch1(config-if-range)#switchport access vlan 64
% Access VLAN does not exist. Creating vlan 64
switch1(config-if-range)#exit

switch1(config)#interface range fastEthernet 0/17 - 23
switch1(config-if-range)#switchport access vlan 128
% Access VLAN does not exist. Creating vlan 128
switch1(config-if-range)#end


I have now created the VLANs and I check this with a show command.


switch1#sh vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8
2 dmz active
64 VLAN0064 active Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16
128 VLAN0128 active Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active


On switch2 I configure the port that will be connected to the router as a trunk port. I also configure the port to be fixed at 100Mb full duplex.


Switch2

switch2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch2(config)#interface fastEthernet 0/2
switch2(config-if)#speed 100
switch2(config-if)#duplex full
switch2(config-if)#switchport mode trunk
switch2(config-if)#end


I check the configuration using a show command. This tells me which interfaces are trunking and for which VLANs.


switch2#sh interfaces trunk

Port Mode Encapsulation Status Native vlan
Fa0/2 on 802.1q trunking 1
Po5 desirable 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/2 1-4094
Po5 1-4094

Port Vlans allowed and active in management domain
Fa0/2 1-2,64,128
Po5 1-2,64,128

Port Vlans in spanning tree forwarding state and not pruned
Fa0/2 1-2,64,128
Po5 1-2,64,128



On Router2 I create 2 sub-interfaces off the FastEthernet interface (fa0). I name these the same as the VLANs, again to keep thing simple. I also configure the sub-interfaces to support dot1q trunking.


Router2

Router2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface fastEthernet 0.64
Router2(config-subif)#encapsulation dot1Q 64
Router2(config-subif)#ip address 192.168.1.62 2 55.255.255.192
Router2(config-subif)#no shut
Router2(config-subif)#exit

Router2(config)#interface fastEthernet 0.128
Router2(config-subif)#encapsulation dot1Q 128
Router2(config-subif)#ip address 192.168.1.190 2 55.255.255.192
Router2(config-subif)#no shut
Router2(config-subif)#exit


Once the hosts are configured with valid IP addresses and subnet masks (as shown in the diagram) they are given the default gateway of the IP address that the sub-interface was configured with.


UserA
IP Address - 192.168.1.65
Subnet Mask - 255.255.255.192
Default Gateway - 192.168.1.126

UserB
IP Address - 192.168.1.129
Subnet Mask - 255.255.255.192
Default Gateway - 192.168.1.190


Now I will be able communicate between the hosts in the 2 VLANs.

Friday 26 February 2010

Configuring EIGRP

In this post I will configure the network in the diagram below to use EIGRP as its routing protocol.





Before I get into the config I'll just mention that EIGRP is a Cisco proprietary hybrid routing protocol. It has all the features of OSPF but can be easily set up like RIP. The downside is that it can only run on Cisco routers. With that said, lets get on with the fun stuff.

I have subnetted the 192.168.1.0 network using VLSM to cater or networks of the following sizes:

192.168.1.0 - 60 Hosts
192.168.1.64 - 40 Hosts
192.168.1.128 - 30 Hosts
192.168.1.160 - 25 Hosts


First I configure EIGRP on R1 on just one interface (linked to R2).


R1

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router eigrp 10
R1(config-router)#network 192.168.1.193 0.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#end


I have used 10 as the AS for EIGRP, this must be the same for all the routers. I have turned off auto-summary so I can have better control of summarisation. I use some show commands to check its running on just the specified interface.


R1#sh ip eigrp interfaces
IP-EIGRP interfaces for process 10

Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Et0/0 0 0/0 0 0/1 0 0


I can also see that there are currently no neighbors.


R1#sh ip eigrp neighbors
IP-EIGRP neighbors for process 10


I now enable EIGRP on R2 and I see the adjacency form.

R2

R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router eigrp 10
R2(config-router)#network 192.168.1.194 0.0.0.0
R2(config-router)#network 192.168.1.197 0.0.0.0
R2(config-router)#
*Mar 1 00:42:40.399: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.1.193 (Ethernet0/3) is up: new adjacency


Back on R1 i check the neighbor table.


R1

R1#sh ip eigrp neighbors
IP-EIGRP neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.1.194 Et0/0 12 00:00:39 13 200 0 3


Checking the route table on R1 i can also see the EIGRP route.


R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.1.0/30 is subnetted, 3 subnets
C 192.168.1.204 is directly connected, Ethernet0/1
C 192.168.1.192 is directly connected, Ethernet0/0
D 192.168.1.196 [90/307200] via 192.168.1.194, 00:04:36, Ethernet0/0


On R4 I enable EIGRP.


R4

R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router eigrp 10
R4(config-router)#network 192.168.1.198 0.0.0.0
R4(config-router)#network 192.168.1.202 0.0.0.0


And on R3 I enable EIGRP.


R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router eigrp 10
R3(config-router)#network 192.168.1.201 0.0.0.0
R3(config-router)#network 192.168.1.206 0.0.0.0
R3(config-router)#network 192.168.1.161 0.0.0.0


From R3 I check the routing table and I can see routes to the all the other networks I have configured so far.


R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 5 subnets, 2 masks
C 192.168.1.200/30 is directly connected, Ethernet0/1
C 192.168.1.204/30 is directly connected, Ethernet0/0
D 192.168.1.192/30 [90/332800] via 192.168.1.202, 00:00:09, Ethernet0/1
D 192.168.1.196/30 [90/307200] via 192.168.1.202, 00:00:09, Ethernet0/1
C 192.168.1.160/27 is directly connected, Ethernet0/2


What is missing from my routing table is routes for all the networks hanging off R2. This is because I used the wildcard mask of 0.0.0.0 to specify that EIGRP only ran on certain interfaces. To enable EIGRP for all networks on R2 I will add a new network with no wildcard mask. This is similar to commands used when setting up RIP.


R2

R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router eigrp 10
R2(config-router)#network 192.168.1.0


Now when I check the routing table on R3 i can see all the new networks attached to R2.


R3

R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 8 subnets, 3 masks
D 192.168.1.64/26 [90/332800] via 192.168.1.202, 00:02:14, Ethernet0/1
D 192.168.1.0/26 [90/332800] via 192.168.1.202, 00:02:14, Ethernet0/1
C 192.168.1.200/30 is directly connected, Ethernet0/1
C 192.168.1.204/30 is directly connected, Ethernet0/0
D 192.168.1.192/30 [90/332800] via 192.168.1.202, 00:04:25, Ethernet0/1
D 192.168.1.196/30 [90/307200] via 192.168.1.202, 00:04:25, Ethernet0/1
C 192.168.1.160/27 is directly connected, Ethernet0/2
D 192.168.1.128/27 [90/332800] via 192.168.1.202, 00:02:14, Ethernet0/1


Now I can see all the networks.

I want to test my reliance between R3 and R2. To do this I will test connectivity and then shut down an interface on R4. Hopefully routing will continue.


R3

R3#ping r2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.197, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/9/16 ms


R3 can ping R2 successfully. Now I shutdown R4's interface.


R4

R4(config)#int ethernet 0/0
R4(config-if)#shut


R3

R3#ping r2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.197, timeout is 2 seconds:
..
*Mar 1 01:16:28.347: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.1.202 (Ethernet0/1) is down: holding time expired...
Success rate is 0 percent (0/5)


Pings fail! I check R1 and find that it is only routing for network 192.168.1.192 (on interface 192.168.1.193).


R1

R1#sh ip protocols
Routing Protocol is "eigrp 10"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 10
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.1.193/32
Routing Information Sources:
Gateway Distance Last Update
192.168.1.194 90 00:01:37
Distance: internal 90 external 170


I add the other interface into EIGRP for AS 10.


R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router eigrp 10
R1(config-router)#network 192.168.1.205 0.0.0.0


Back on R3 I attempt to contact R2 again.


R3

R3#ping r2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.197, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/9/12 ms


And looking at my routing table I can see that the next hop to get to R2 is R1 whereas before it was R4


R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 8 subnets, 3 masks
D 192.168.1.64/26 [90/332800] via 192.168.1.205, 00:01:22, Ethernet0/0
D 192.168.1.0/26 [90/332800] via 192.168.1.205, 00:01:22, Ethernet0/0
C 192.168.1.200/30 is directly connected, Ethernet0/1
C 192.168.1.204/30 is directly connected, Ethernet0/0
D 192.168.1.192/30 [90/307200] via 192.168.1.205, 00:01:22, Ethernet0/0
D 192.168.1.196/30 [90/332800] via 192.168.1.205, 00:01:22, Ethernet0/0
C 192.168.1.160/27 is directly connected, Ethernet0/2
D 192.168.1.128/27 [90/332800] via 192.168.1.205, 00:01:22, Ethernet0/0

Monday 22 February 2010

Configure OSPF Routing

In this post I will configure the network below to use OSPF routing.



OSPF uses areas to define it's structure, i'll be configuring a single area in this post so I will use area 0. OSPF runs under a process on each router, this does not have to be the same but i'll keep thing simple and use process 10 on each router.

Currently all routers can only see directly connected routers. Here is the routing table on R0.


R0

R0#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

195.211.64.0/30 is subnetted, 1 subnets
C 195.211.64.0 is directly connected, Serial1/1
C 192.168.1.0/24 is directly connected, Serial1/0
S* 0.0.0.0/0 is directly connected, Serial1/1


I enable OSPF and configure it to advertise the 192.168.1.0 network.


R0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0(config)#router ospf 10
R0(config-router)#network 192.168.1.1 0.0.0.0 area 0
R0(config-router)#end


By specifying the interface with a wilcard of 0.0.0.0 I am telling OSPF to only advertise out of that single interface.

I configure OSPF on R1, R2 and R3 for the networks they are connected to. After configuration I check routing tables.

R0

R0#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

192.168.4.0/32 is subnetted, 1 subnets
O 192.168.4.1 [110/85] via 192.168.1.2, 00:00:56, Serial1/0
195.211.64.0/30 is subnetted, 1 subnets
C 195.211.64.0 is directly connected, Serial1/1
C 192.168.1.0/24 is directly connected, Serial1/0
O 192.168.2.0/24 [110/74] via 192.168.1.2, 00:00:56, Serial1/0
O 192.168.3.0/24 [110/84] via 192.168.1.2, 00:00:56, Serial1/0
S* 0.0.0.0/0 is directly connected, Serial1/1


So on each router I have advertised each interface into the OSPF area. Now I would like to advertise the default route and check it on R3.


R0

I first configure a static route pointing towards the interface I want traffic to go and then I advertise that into OSPF.

R0(config)#ip route 0.0.0.0 0.0.0.0 serial 1/1
R0(config)#router ospf 10
R0(config-router)#default-information originate
R0(config-router)#end


Now I check the routing tables across the routers finishing with R3.


R3

R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.3.1 to network 0.0.0.0

C 192.168.4.0/24 is directly connected, Loopback0
O 192.168.1.0/24 [110/84] via 192.168.3.1, 00:05:49, Ethernet0/0
O 192.168.2.0/24 [110/20] via 192.168.3.1, 00:05:49, Ethernet0/0
C 192.168.3.0/24 is directly connected, Ethernet0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.3.1, 00:05:49, Ethernet0/0


Below are some show commands which are useful when troubleshooting OSPF.


R3#sh ip ospf
Routing Process "ospf 10" with ID 192.168.4.1
Start time: 00:38:51.280, Time elapsed: 00:33:41.280
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 1. Checksum Sum 0x008F40
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
Area BACKBONE(0)
Number of interfaces in this area is 2 (1 loopback)
Area has no authentication
SPF algorithm last executed 00:09:44.096 ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 6. Checksum Sum 0x03A79E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0



R3#sh ip ospf interface
Ethernet0/0 is up, line protocol is up
Internet Address 192.168.3.2/24, Area 0
Process ID 10, Router ID 192.168.4.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 192.168.3.1, Interface address 192.168.3.1
Backup Designated router (ID) 192.168.4.1, Interface address 192.168.3.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:09
Supports Link-local Signaling (LLS)
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.3.1 (Designated Router)
Suppress hello for 0 neighbor(s)
Loopback0 is up, line protocol is up
Internet Address 192.168.4.1/24, Area 0
Process ID 10, Router ID 192.168.4.1, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host

Sunday 21 February 2010

Configure Default Routing

In this post I will create a default route and distribute it using RIP.

Below is a diagram of the network I'll be using in this post.





Currently on R0 I have no default route.


R0

R0#sh ip route
Gateway of last resort is not set
R 192.168.4.0/24 [120/1] via 192.168.1.2, 00:00:08, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/0
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:08, Serial1/0
R 192.168.3.0/24 [120/1] via 192.168.1.2, 00:00:08, Serial1/0


I will configured interface S1/1 on R0 as being the interface that is connected to my ISP.


R0(config)#interface serial 1/1
R0(config-if)#ip address 195.211.64.2 255.255.255.252
R0(config-if)#no keepalive
R0(config-if)#no shut
R0(config-if)#end


I also check the default route on R3


R3

R3#sh ip route
Gateway of last resort is not set
C 192.168.4.0/24 is directly connected, Loopback0
R 192.168.1.0/24 [120/1] via 192.168.3.1, 00:00:25, Ethernet0/0
R 192.168.2.0/24 [120/1] via 192.168.3.1, 00:00:25, Ethernet0/0
C 192.168.3.0/24 is directly connected, Ethernet0/0


Back on R0 I create a default route pointing to Serial 1/1 and distribute it with RIP.


R0

R0(config)#ip route 0.0.0.0 0.0.0.0 s1/1
R0(config)#router rip
R0(config-router)#default-information originate
R0(config-router)#end


Checking my route table I can see I have a gateway of last resort set and a default route is set.


R0#sh ip route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
R 192.168.4.0/24 [120/1] via 192.168.1.2, 00:00:15, Serial1/0
195.211.64.0/30 is subnetted, 1 subnets
C 195.211.64.0 is directly connected, Serial1/1
C 192.168.1.0/24 is directly connected, Serial1/0
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:16, Serial1/0
R 192.168.3.0/24 [120/1] via 192.168.1.2, 00:00:16, Serial1/0
S* 0.0.0.0/0 is directly connected, Serial1/1


On R3 I check the routing table to make sure it has a default route set and it is sending the packets out the right interface.


R3

R3#sh ip route
Gateway of last resort is 192.168.3.1 to network 0.0.0.0
C 192.168.4.0/24 is directly connected, Loopback0
R 192.168.1.0/24 [120/1] via 192.168.3.1, 00:00:26, Ethernet0/0
R 192.168.2.0/24 [120/1] via 192.168.3.1, 00:00:26, Ethernet0/0
C 192.168.3.0/24 is directly connected, Ethernet0/0
R* 0.0.0.0/0 [120/3] via 192.168.3.1, 00:00:26, Ethernet0/0

Wednesday 17 February 2010

Configuring RIP

In this post I will configure a small network with RIP routing.



Currently all routers can only communicate with the routers they are directly connected to. I will enable RIP v2 across all routers and perform some troubleshooting steps along the way.


R0

On R0 I enable RIP and turn on debugging to view the RIP updates when RIP is enabled on a connected router.

R0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0(config)#router rip
R0(config-router)#version 2
R0(config-router)#network 192.168.1.0
R0(config-router)#end

R0#debug ip rip


R1

On R1 I enable RIP.

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 192.168.1.0
R1(config-router)#network 192.168.2.0
R1(config-router)#end


R0

Back on R0 I can see the R0 sending updates to the multicast address and I can see it receive updates RIP updates from R1.

R0#
*Mar 1 00:26:29.483: RIP: sending v2 update to 224.0.0.9 via Serial1/0 (192.168.1.1)
*Mar 1 00:26:29.487: RIP: build update entries - suppressing null update
R0#
*Mar 1 00:26:35.091: RIP: received v2 request from 192.168.1.2 on Serial1/0
*Mar 1 00:26:35.095: RIP: sending update with long TTL
*Mar 1 00:26:35.099: RIP: sending v2 update to 192.168.1.2 via Serial1/0 (192.168.1.1)
*Mar 1 00:26:35.099: RIP: build update entries - suppressing null update
R0#
*Mar 1 00:26:44.539: RIP: received v2 update from 192.168.1.2 on Serial1/0
*Mar 1 00:26:44.543: 192.168.2.0/24 via 0.0.0.0 in 1 hops
R0#
*Mar 1 00:26:46.543: RIP: sending v2 flash update to 224.0.0.9 via Serial1/0 (192.168.1.1)
*Mar 1 00:26:46.547: RIP: build flash update entries - suppressing null update
R0#
*Mar 1 00:26:58.951: RIP: sending v2 update to 224.0.0.9 via Serial1/0 (192.168.1.1)
*Mar 1 00:26:58.955: RIP: build update entries - suppressing null update


I know check the routing table.

R0#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.1.0/24 is directly connected, Serial1/0
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:07, Serial1/0

I can see the RIP route to the 192.168.2.0 network listed.

I can verify connectivity with ping.


R0#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms


I can also check details of my routing protocols.

R0#sh ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 2 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial1/0 2 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
Routing Information Sources:
Gateway Distance Last Update
192.168.1.2 120 00:00:03
Distance: (default is 120)


Here I can see information on the timers, the protocols and version and the interfaces RIP is enabled on.

Now I configure RIP on the rest of the network and test connectivity.

R2

R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 192.168.2.0
R2(config-router)#network 192.168.3.0
R2(config-router)#end

R2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/16 ms

R2#sh ip route
--cut--
R 192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:24, Ethernet0/0
C 192.168.2.0/24 is directly connected, Ethernet0/0
C 192.168.3.0/24 is directly connected, Ethernet0/1

All good. R2 can communicate with R0 so RIP is working fine.


R3

Finally I enable RIP and test connectivity.

R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router rip
R3(config-router)#network 192.168.3.0
R3(config-router)#end

R3#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/18/36 ms


Great that all works. But wait a minute. Lets add another interface in a new network and see if R0 can see it. I'll just use a loopback interface to simulate a network.

R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int loopback 0
R3(config-if)#ip address 192.168.4.1 255.255.255.0
R3(config-if)#no keepalive
R3(config-if)#end


R3#sh ip route
--cut--
C 192.168.4.0/24 is directly connected, Loopback0
R 192.168.1.0/24 [120/1] via 192.168.3.1, 00:00:11, Ethernet0/0
R 192.168.2.0/24 [120/1] via 192.168.3.1, 00:00:11, Ethernet0/0
C 192.168.3.0/24 is directly connected, Ethernet0/0

R3#ping 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms


Now I add the new route in.

R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router rip
R3(config-router)#network 192.168.4.0
R3(config-router)#end


Great. And back on R0....

R0

R0#ping 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


Strange. I'll try the other interface...

R0#ping 192.168.3.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms


Well I can get to that one. What does the routing table on R0 show?

R0#sh ip route
--cut--
C 192.168.1.0/24 is directly connected, Serial1/0
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:02, Serial1/0
R 192.168.3.0/24 [120/1] via 192.168.1.2, 00:00:02, Serial1/0


Well there is no route for the 192.168.4.0 network. Lets do some debugging.

Ah here we are ...

R2

R2#debug ip rip
*Mar 1 02:34:39.755: RIP: ignored v1 packet from 192.168.3.2 (illegal version)
R2#
*Mar 1 02:34:48.511: RIP: sending v2 update to 224.0.0.9 via Ethernet0/1 (192.168.3.1)


R3 is still configured to send RIP version 1 updates. A closer look at the the output of show ip protocols tells us this.


R3

R3#sh ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 24 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Triggered RIP Key-chain
Ethernet0/0 1 1 2
Loopback0 1 1 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
192.168.3.0
192.168.4.0
Routing Information Sources:
Gateway Distance Last Update
192.168.3.1 120 00:00:11
Distance: (default is 120)

Line 7 of the output tells us that it will only send version 1 but will receive any version. Unfortunately RIP version 2 will only send and receive RIP version 2 so the RIP v1 updates will not be added to the route table.

I fix the problem on R3 by changing the version to RIP v2 and recheck connectivity from R0.


R3

R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#end


R0

R0#sh ip route
--cut--
R 192.168.4.0/24 [120/1] via 192.168.1.2, 00:00:09, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/0
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:09, Serial1/0
R 192.168.3.0/24 [120/1] via 192.168.1.2, 00:00:09, Serial1/0

R0#ping 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/14/20 ms


There we go. Everything working just fine.

Finally a few things about RIP for my exam:


RIP v1
  • Distance Vector Protocol
  • Classfull Routing Protocol
  • Uses Broadcast to send updates
  • Administrative Distance is 120
  • Max Hops 15
  • Sends Updates Every 30 Seconds
  • Holddown Timer is 180 Seconds
  • Invalid after 180 Seconds
  • Route Flushed after 240 Seconds

RIP v2
  • Distance Vector Protocol
  • Classless Routing Protocol (supports VLSM)
  • Uses Multicast to send updates (224.0.0.9)
  • Administrative Distance is 120
  • Supports Authentication
  • Max Hops 15
  • Sends Updates Every 30 Seconds
  • Holddown Timer is 180 Seconds
  • Invalid after 180 Seconds
  • Route Flushed after 240 Seconds


Loop Prevention

Rip uses the follow mechanisms to prevent routing loops:

  • Maximum Distance (15 hops)
  • Poison Reverse
  • Holddown Timers
  • Split Horizen
  • Triggered Updates

Monday 15 February 2010

Creating Static Routes

In this post I will create a static route to route traffic from R0 (192.168.1.0/30 network) to R2 (192.168.1.4/30 network).


To begin with I check my routing table on R0.


R0#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, Serial1/0


Currently I can only see directly connected interfaces. Without any static routes or routing protocols traffic from one network cannot reach the other.


R0#ping 192.168.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/11/24 ms


R0#ping 192.168.1.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


I can ping the R1 interface on my network but not the interface on the other network. This is because R0 does not know where 192.168.1.5 is. By creating a static route I tell R0 which interface to send packets out of.


R0(config)#ip route 192.168.1.4 255.255.255.252 192.168.1.3
R0(config)#end


Now when I examine the route table I can see the static route I have created.


R0#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.1.0/30 is subnetted, 2 subnets
C 192.168.1.0 is directly connected, Serial1/0
S 192.168.1.4 [1/0] via 192.168.1.3


Now If I attempt to ping the ethernet interface on R1 I get a response.


R0#ping 192.168.1.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms


So what about R2?


R0#ping 192.168.1.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.6, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


Well R2 is receiving the ICMP ping packets but it doesn't know how to get them back to me. By going to R2 and giving it a route to get back it will know which direction to send packets back.


R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 192.168.1.0 255.255.255.252 192.168.1.4


Because R1 know which networks it is directly connect to it happily passes the packets to the correct interface.


R1#sh ip route connected
192.168.1.0/30 is subnetted, 2 subnets
C 192.168.1.0 is directly connected, Serial0/0
C 192.168.1.4 is directly connected, Ethernet1/0


Attempting to ping R2 from R0 now produces the desired result.

R0#ping 192.168.1.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/12/24 ms

Saturday 13 February 2010

Documenting a Network with CDP

In this post I will use the information available from CDP to help me create a logical network diagram.

CDP is the Cisco Discovery Protocol and is enabled on all router and switch interfaces by default. The switch or router sends a CDP packet out of each interface every 60 seconds, any connected device records the delivery of these packets into a CDP table for a holdtime period of 180 seconds. If after 180 seconds the device has not received any more CDP packets on that interface it removes the entry from the table. CDP can be disabled entirely or on any individual interface.


I begin by connecting to my switch and I check the CDP settings.

switch1#sh cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled


From the output I can see the CDP time settings and the version. Next I look at the connected devices.

switch1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch2.lab.localFas 0/1 160 S I WS-C2950-2Fas 0/1
switch2.lab.localFas 0/24 160 S I WS-C2950-2Fas 0/24


Here I can see that I have 2 ports (1 & 24) connected to switch2 (also using ports 1 & 24). I can also see that switch2 is a Catalyst 2950.

This is a great summary but for my diagram I could do with knowing the IP address of switch2.


switch1#sh cdp entry *
-------------------------
Device ID: switch2.lab.local
Entry address(es):
IP address: 10.0.1.211
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/1
Holdtime : 142 sec

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 04-Mar-03 02:14 by yenanh

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01022505000000000000000CCE3E3EC0FF0000
VTP Management Domain: 'lab.local'
Native VLAN: 1
Duplex: full

-------------------------
Device ID: switch2.lab.local
Entry address(es):
IP address: 10.0.1.211
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/24, Port ID (outgoing port): FastEthernet0/24
Holdtime : 142 sec

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 04-Mar-03 02:14 by yenanh

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01022505000000000000000CCE3E3EC0FF0000
VTP Management Domain: 'lab.local'
Native VLAN: 1
Duplex: full


This detailed output gives me additional useful information such as the VLAN and the IOS version.

Next I head over to switch2 and look at it's CDP information.


switch2#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch1 Fas 0/24 168 S I WS-C2950-2Fas 0/24
switch1 Fas 0/1 168 S I WS-C2950-2Fas 0/1
router1.lab.localFas 0/2 175 R Cisco C831Eth 0
router1.lab.localFas 0/23 175 R Cisco C831Eth 1


Here I can see the connections to switch1 and additional connections to router1. Again I look at the detailed information to get the IP address of the router.


switch2#sh cdp entry *
-------------------------
Device ID: switch1
Entry address(es):
IP address: 10.0.1.210
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/24, Port ID (outgoing port): FastEthernet0/24
Holdtime : 152 sec

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01022505000000000000000C8582C600FF0000
VTP Management Domain: 'lab.local'
Native VLAN: 1
Duplex: full

-------------------------
Device ID: switch1
Entry address(es):
IP address: 10.0.1.210
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/1
Holdtime : 152 sec

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01022505000000000000000C8582C600FF0000
VTP Management Domain: 'lab.local'
Native VLAN: 1
Duplex: full

-------------------------
Device ID: router1.lab.local
Entry address(es):
IP address: 10.0.2.254
Platform: Cisco C831, Capabilities: Router
Interface: FastEthernet0/23, Port ID (outgoing port): Ethernet1
Holdtime : 176 sec

Version :
Cisco IOS Software, C831 Software (C831-K9O3Y6-M), Version 12.4(4)T1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Thu 22-Dec-05 01:39 by ccai

advertisement version: 2
Duplex: half

-------------------------
Device ID: router1.lab.local
Entry address(es):
IP address: 10.0.1.254
Platform: Cisco C831, Capabilities: Router
Interface: FastEthernet0/2, Port ID (outgoing port): Ethernet0
Holdtime : 176 sec

Version :
Cisco IOS Software, C831 Software (C831-K9O3Y6-M), Version 12.4(4)T1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Thu 22-Dec-05 01:39 by ccai

advertisement version: 2
Duplex: full


From the output I am able to determine the IP addresses of the connected router interfaces and I can also see that one interface is configured to half duplex. Now I have some good information to begin populating my diagram with.



From here I would probably move to the router and look at the CDP table. But supposing I want to prevent CDP packets from leaving an interface? After all, quite detailed information is included in CDP that you might not want everyone to view.

I connect to the device that I want to stop sending CDP packets and turn CDP off on that particular interface. In my case I would like to stop router1 from sending CDP packets on interface ethernet 1.

router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#int ethernet 1
router1(config-if)#no cdp enable
router1(config-if)#end

Now when I check the switch that router1 is connected to I see that the holdtime decreases as the switch receives no CDP packet on the interface until after 180 seconds it reaches 0 and the entry is removed from the table.


switch2#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch1 Fas 0/24 159 S I WS-C2950-2Fas 0/24
switch1 Fas 0/1 159 S I WS-C2950-2Fas 0/1
router1.lab.localFas 0/23 6 R Cisco C831Eth 1
router1.lab.localFas 0/2 126 R Cisco C831Eth 0

switch2#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch1 Fas 0/24 153 S I WS-C2950-2Fas 0/24
switch1 Fas 0/1 152 S I WS-C2950-2Fas 0/1
router1.lab.localFas 0/23 0 R Cisco C831Eth 1
router1.lab.localFas 0/2 179 R Cisco C831Eth 0

switch2#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
switch1 Fas 0/24 147 S I WS-C2950-2Fas 0/24
switch1 Fas 0/1 147 S I WS-C2950-2Fas 0/1
router1.lab.localFas 0/2 174 R Cisco C831Eth 0