Cisco Troubleshooting training 1. day IP addressing, routing and bridging basics OSPF routing protocol BGP routing protocol 2. day Cisco 2600 and 7200.

Slides:



Advertisements
Similar presentations
Configuring and Troubleshooting ACLs
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 9: Access Control Lists
Interconnecting Networks with TCP/IP
Implementing Inter-VLAN Routing
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
1 CCNA 2 v3.1 Module 9. 2 Basic Router Troubleshooting CCNA 2, Module 9.
WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
CCNA 2 v3.1 Module 11.
WXES2106 Network Technology Semester /2005 Chapter 7 TCP/IP Suite Error and Control Messages CCNA2: Module 8, 9.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen
1 Semester 2 Module 6 Routing and Routing Protocols YuDa college of business James Chen
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
Chapter 5 IP Address Configuration Connecting People To Information.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.
CISCO NETWORKING ACADEMY Chabot College ELEC IP Routing Protocol Highlights.
TCOM 515 Lecture 6.
Herramientas para diagnósticos. Ping USO: Ping nombre.dominio o dirección IP Options: -t Ping the specifed host until interrupted. -a Resolve addresses.
Network Certification Preparation. Module - 5 Basic troubleshooting of IP addressing issues Basic troubleshooting of RIP and IGRP Basic troubleshooting.
© 2002, Cisco Systems, Inc. All rights reserved..
Routing and Routing Protocols Routing Protocols Overview.
Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 10 IP Addressing.
Cisco – Chapter 11 Routers All You Ever Wanted To Know But Were Afraid to Ask.
Seminar ON CISCO ROUTER CONFIGURATION. CONTENT Introduction to Router Series of Router Interfaces of Router Types of Router Protocols used in Router Configuring.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Cisco – S1C10 Routers All You Ever Wanted To Know But Were Afraid to Ask.
Chapter 9 & 10 TCP/IP. TCP/IP Model Application Transport Internet Internet Access.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 9 Basic Router Troubleshooting.
Access Control Lists (ACLs)
Sybex CCNA Chapter 12: Security Instructor & Todd Lammle.
E /24 LAN /24LAN – / /8 S0 S /8 Head Office Branch Office E /16.
Access Control List (ACL)
1 Pertemuan 26 Integrating Network using Routing Protocol.
Chapter 11 Configuring Enhanced IGRP. Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe Enhanced IGRP.
Access-Lists Securing Your Router and Protecting Your Network.
ACLs ACLs are hard. Read, read, read. Practice, practice, practice ON TEST4.
Access Control List ACL’s 5/26/ What Is an ACL? An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer.
1 What Are Access Lists? –Standard –Checks Source address –Generally permits or denies entire protocol suite –Extended –Checks Source and Destination address.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
Sem 3 Access Control Lists. Summary of Access Lists Access lists perform serveral functions within a Cisco router, including: ** Implement security /
© 2002, Cisco Systems, Inc. All rights reserved. 1 Routing Overview.
Cisco proprietary protocol Classless routing protocol Metric (32 bit) : Composite Metric (BW + Delay) by default. Administrative distance is 90 Updates.
Routing and Routing Protocols
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 3 Managing IP Traffic. Objectives Upon completion of this chapter you will be able to perform the following tasks: Configure IP standard access.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 10 Routing Fundamentals and Subnets.
Cisco Systems Networking Academy S2 C 12 Routing Protocols.
Semester 2v2 Chapter 8: IP Addressing. Describe how IP addressing is important in routing. IP addresses are specified in 32-bit dotted-decimal format.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Sybex CCNA Chapter 10: Security Instructor & Todd Lammle.
 RIP — A distance vector interior routing protocol  IGRP — The Cisco distance vector interior routing protocol (not used nowadays)  OSPF — A link-state.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 Module 10 Routing Fundamentals and Subnets.
LSNDI RMRA 1 Design and troubleshooting M Clements.
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
Extended Access Control Lists. Extended ACLs Can Filter on One or Many Data Fields.
Instructor Materials Chapter 7: Access Control Lists
Access Control Lists.
Routing and Routing Protocols: Routing Static
Managing IP Traffic with ACLs
© 2002, Cisco Systems, Inc. All rights reserved.
CCNA 2 v3.1 Module 6 Routing and Routing Protocols
Routing and Routing Protocols: Routing Static
Chapter 4: Access Control Lists
ACCESS CONTROL LIST Slides Prepared By Adeel Ahmed,
Presentation transcript:

Cisco Troubleshooting training 1. day IP addressing, routing and bridging basics OSPF routing protocol BGP routing protocol 2. day Cisco 2600 and 7200 family overview Troubleshooting techniques on Cisco routers Configuration analysis

IP Address Configuration

TCP/IP Address Overview

IP Addressing Network Host 32 Bits 8 Bits

n Class A: n Class B: n Class C: n Class D: for multicast n Class E: for research N= Network number assigned by NIC H= Host number assigned by network administrator IP Address Classes NHHH NNHH NNNH

Recognizing Classes in IP Addresses (First Octet Rule) High Order Bits Octet in Decimal Address Class ABCABC

Configuring IP Addresses

Host Addresses IP: IP: Network Host. Routing Table Network Interface E E1 E0E1

Subnetting Addressing IP: IP: Network 2 Subnet. New Routing Table Network Interface E E1 E0E Host

Subnet Mask IP Adresses Default Subnet Mask 8-bit Subnet Mask NetworkHost NetworkHost NetworkHostSubnet Use host bits, starting at the high order bit position

Broadcast Address (Directed broadcast) (Local Network broadcast)

n Assigns an address and subnet mask n Start IP processing on an interface ip address ip-address subnet-mask term ip netmask-format n Sets format of network mask as seen in show commands Router (config) # Router (config-if) # IP Address Configuration

n Define statics host name to IP address mapping ip host name [tcp-port-number] address [address]... ip host tokyo ip host tokyo ip host tokyo ip host tokyo n Hosts/interfaces selectable by name or IP address Router (config) # IP Host Names

n Specifies one or more hosts that supply host name information ip name-server server-address1 [[server-address2]... [server-address6] Router (config) # Name Server Configuration

n DNS enables by default n Turns off the name service ip domain-lookup Router (config) # no ip domain-lookup Name System

n Test IP network connectivity Router> ping Type escape sequence to abort timeout is 2 second Success rate is 80 percent, round-trip min/avg/max = 6/6/6 ms Router> Router> ping Type escape sequence to abort timeout is 2 second Success rate is 80 percent, round-trip min/avg/max = 6/6/6 ms Router> Sending 5, 100-byte ICMP Echos to ,. ! ! ! ! Simple Ping

n Ping supported for several protocols Router# ping Repeat count [5]: Datagram size [100]: Timeout in second [2]: Extended commands [n] : z Source address: Type of service [0]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of siyes [n]: Tzpe escape sequence to abort. Sending 5, 100/bzte ICMP Echos to , timeout is 2 second: ! ! ! ! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms Router# Router# ping Repeat count [5]: Datagram size [100]: Timeout in second [2]: Extended commands [n] : z Source address: Type of service [0]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of siyes [n]: Tzpe escape sequence to abort. Sending 5, 100/bzte ICMP Echos to , timeout is 2 second: ! ! ! ! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms Router# Protocol [ip]: Target IP address: Set DF bit in IP header? [no] : yes Extended Ping

n Shows interface addresses used to reach the destination Router# trace aba.nyc.mil Type escape sequence to abort. 1 debris.cisco.com ( ) 1000 msec 8 msec 4 msec 2 barrnet-gw.cisco.com ( ) 8 msec 8 msec 8 msec 3 externa-a-gateway.stanford.edu ( ) 8 msec 4 msec 4 msec 4 bb2.su.barrnet.net ( ) 8msec 8 msec 8 msec 5 su.arc.barrnet.net ( ) 12 msec 12 msec 8 msec 6 moffett-fld-mb.in.mil ( ) 216 msec 120 msec 132 msec Router# trace aba.nyc.mil Type escape sequence to abort. 1 debris.cisco.com ( ) 1000 msec 8 msec 4 msec 2 barrnet-gw.cisco.com ( ) 8 msec 8 msec 8 msec 3 externa-a-gateway.stanford.edu ( ) 8 msec 4 msec 4 msec 4 bb2.su.barrnet.net ( ) 8msec 8 msec 8 msec 5 su.arc.barrnet.net ( ) 12 msec 12 msec 8 msec 6 moffett-fld-mb.in.mil ( ) 216 msec 120 msec 132 msec 7 aba.nyc.mil ( ) 412 msec * 664 msec Tracing the route to aba.nyc.mil ( ) IP Trace

Summary IP addresses are specified in 32-bit dotted decimal format Router interface can be configured with an IP address ping and trace commands can be used to verify IP address configuration

IP Routing Configuration

Static routes Default routes Dynamic routing Static routes Default routes Dynamic routing IP Routing Learns Destinations

n Define a path to an IP destination network or subnet ip route network [mask] {address | interface } [distance] Router (config) # Static Route Configuration

Cisco B Cisco A S1 S0 S2 S0 E ip route Static Route Configuration

n Define a default route Router (config) # ip default-network network-number Default Route Configuration

Network Subnet Mask Company X Public Network router rip network network ip default-network router rip network network ip default-network Cisco A Default Route Example

n RIP n IGRP Interior Routing Protocols: Exterior Routing Protocols Autonomous System 100 Autonomous System 200 Interior or Exterior Routing Protocols

Router (config)# router ? bgpBorder Gateway Protocol (BGP) egpExterior Gateway Protocol (EGP) eigrpEnhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) isisISO-IS IS iso-igrpIGRP for OSI network mobileMobile router odrOn Demand stub Router ospfOpen Shorted Path First (OSPF) ripRouting Information Protocol (RIP) staticStatic routes Router (config) # router rip Router configuration commands: default-informationcontrol distribution of default information default-metricSet metric of redistrative router distanceDefine an administrative distance distance-listFilter network in routing updates exitExit from routing protocol configuration mode --- More --- Router (config)# router ? bgpBorder Gateway Protocol (BGP) egpExterior Gateway Protocol (EGP) eigrpEnhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) isisISO-IS IS iso-igrpIGRP for OSI network mobileMobile router odrOn Demand stub Router ospfOpen Shorted Path First (OSPF) ripRouting Information Protocol (RIP) staticStatic routes Router (config) # router rip Router configuration commands: default-informationcontrol distribution of default information default-metricSet metric of redistrative router distanceDefine an administrative distance distance-listFilter network in routing updates exitExit from routing protocol configuration mode --- More --- Router (config-router) # ? IP Routing Protocol Mode

Application Transport Internet Network Interface Hardware Routing Information Protocols (RIP) Interior Gateway Routing Protocols (IGRP) Open Shorted Path First Protocols (OSPF) Enhanced IGRP (EIGRP) Interior IP Routing Protocols

n Global configuration –Select routing protocol(s) –Specify network(s) n Interface configuration –Verify address/subnet mask Network Network IGRP RIP IGRP, RIP Network IP Routing Configuration Tasks

n Defines an IP routing protocol Router (config) # router protocol [keyword] Router (config-router) # Network network-number n The network subcommand is a mandatory configuration command for each IP routing process Dynamic Routing Configuration

Summary Routers can be configured to use one or more IP routing protocols Two IP routing protocols are: RIP IGRP

TCP/IP Access Lists

Limit traffic and restrict network use Enable directed forwarding of broadcasts FTP Broadcast Managing IP Traffic Overview

n Access lists control packet movement through a network Transmission of packets on an interface Virtual terminal line access ( IP) Access List Application

n Access lists are multipurpose Route filtering Routing table Dial-on-demand routingQueue List Priority and custom queuing Other Access List Uses

n Standard lists (1 to 99) test conditions of all IP packets from source addresses n Extended lists (100 to 199) can test conditions of –Source and destination addresses –Specific TCP/IP-suite protocols –Destination n Wildcard bits indicate how to check the corresponding address bits (0=check, 1=ignore) Key Concepts for IP Access Lists

n 0 means check corresponding bit value n 1 means ignore value of corresponding bit = = = = = Octet bit position and address value for bit Check all address bits (match all) Ignore last 6 address bits Ignore last 4 address bits Ignore last 2 address bits Do not check address (ignore bits in octet) Examples How to Use Wildcard Mask Bits

n Address and wildcard mask: IP access list test conditions: Check for IP subnets to network.host Wildcard mask to match bits: check ignore How to Use Wildcard Mask Bits (cont.)

n Accept any address: ; abbreviate the expression using the keyword any Test conditions: Ignore all the address bits (match any) Any IP address Wildcard mask: (ignore all) How to Use the Wildcard any

n Abbreviate the wildcard using the IP address followed by the keyword host. For example, host n Example checks all the address bits Test conditions: Check all the address bits (match all) An IP host address, for example: Wildcard mask: (check all bits) How to Use the Wildcard host

Sets parameters for this list entry IP standard access lists use 1 to 99 Router (config) # access-list access-list-number { permit | deny } source [source-mask] Router (config) # ip access-group access-list-number { in | out } Activates the list on an interface IP Standard Access List Configuration

For Standard IP Access Lists Incoming packetAccess list? Next entry in list Does source address match? Apply condition More entries? Route to interface DenyPermit No Yes ICMP MessageForward Packet Inbound Access List Processing

For Standard IP Access Lists Incoming packet Access list? Next entry in list Does source address match? Apply condition More entries? DenyPermit No Yes ICMP MessageForward Packet Route to interface Outbound Access List Processing

n Permit my network only E0E1 S Non access-list 1 permit (implicit deny all - not visible in the list) (access-list 1 deny ) interface ethernet 0 ip accress-group 1 out interface ethernet 1 ip access-group 1 out access-list 1 permit (implicit deny all - not visible in the list) (access-list 1 deny ) interface ethernet 0 ip accress-group 1 out interface ethernet 1 ip access-group 1 out Standard Access List Example

n Allow more precise filtering conditions –check source and destination IP address –Specify an optional IP protocol port number –Use access list number range 100 to 199 Extended IP Access Lists

Activates the extended list on an interface Sets parameters for this list entry IP uses a list number in range 100 to 199 Router (config) # access-list access-list-number { permit | deny } protocol source source-mask destination destination-mask [operator operand] [established] ip access-group access-list-number { in | out } Extended Access List Configuration

n Filters based on icmp messages Router (config) # access-list access-list-number { permit | deny } {source source-wildcard |any} {destination destination-wildcard | any } [icmp-type [ icmp-code] | icmp-message ] icmp ICMP Command Syntax

n Filters based on tcp/tcp port number or name access-list access-list-number { permit | deny } [ operator source-port| source-port] {destination destination-wildcard | any } Router (config) # [operator destination-port | destination-port ] [established] {source source-wildcard |any} tcp TCP Syntax

n Filters based on udp protocol or udp port number or name access-list access-list-number { permit | deny } {source source-wildcard |any} [ operator source-port| source-port ] {destination destination-wildcard | any } Router (config) # udp [operator destination-port | destination-port ] UDP Syntax

Access list? Source address Destination address Protocol? * Protocol options ? Apply condition DenyPermit Next entry in list ICMP Message Match Yes Forward Packet Does not match No * If present in access list packet Extended Access List Processing

n Deny FTP for E0 E0E1 S Non access-list 101 deny tcp eq 21 access-list 101 deny tcp eq 20 access-list 101 permit ip (implicit deny all) (access-list 101 deny ip ) interface ethernet0 ip address-group 101 out access-list 101 deny tcp eq 21 access-list 101 deny tcp eq 20 access-list 101 permit ip (implicit deny all) (access-list 101 deny ip ) interface ethernet0 ip address-group 101 out Extended Access List Example

Router# show ip interface Ethernet 0 is up, line protocol is up Internet address is , subnet mask is Broadcast address is Address determined by non-volatile memory MTU is 1500 byte Helper address is Secondary address , subnet mask Proxy ARP is enabled Security level is default Slit horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent Ip fast switching is enabled Gateway Discovery is disabled IP accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Router # Router# show ip interface Ethernet 0 is up, line protocol is up Internet address is , subnet mask is Broadcast address is Address determined by non-volatile memory MTU is 1500 byte Helper address is Secondary address , subnet mask Proxy ARP is enabled Security level is default Slit horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent Ip fast switching is enabled Gateway Discovery is disabled IP accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Router # Outgoing access list 10 is set Inbound access list is not set Monitoring Access Lists

Display access lists from all protocols Router # show access-lists Display a specific IP access lists Router # show ip access-lists [access-list-number] Clear packet counts Router # clear access-lists counters [ access-list-number] Display line configuration Router # show line Access List show Command

Router> show access-lists Standard IP access list 19 permit Standard Ip access list 49 permit wildcard bits permit wildcard bits permit wildcard bits permit wildcard bits permit wildcard bits Extended IP access list 101 permit tcp eq 23 Type code access list 201 permit 0x6001 0x0000 Type code access list 202 permit 0x6004 0x0000 deny 0x0000 0xFFFF Router> Router> show access-lists Standard IP access list 19 permit Standard Ip access list 49 permit wildcard bits permit wildcard bits permit wildcard bits permit wildcard bits permit wildcard bits Extended IP access list 101 permit tcp eq 23 Type code access list 201 permit 0x6001 0x0000 Type code access list 202 permit 0x6004 0x0000 deny 0x0000 0xFFFF Router> deny , wildcard bits Monitoring Access List Statements

Restricting Virtual Terminal Access

Standard and extended access lists will not block access from the router n For security, virtual terminal (vty) access can be blocked to or from the router Router# Virtual Terminal Access Overview

n Five virtual terminal lines (0-4) n Set identical restrictions on all the virtual terminal lines Router# Virtual port (vty 0 4) Physical port (E0) How to Control vty Access

n Restricts incoming and outgoing connections between a particular virtual terminal line into a device (and the addresses in an access list) Router (config) # Line { vty number | vty-range} Enters configuration mode for a terminal line or a range of lines Router (config/line) # access-class access-list-number { in | out } Virtual Terminal Line Commands

Virtual Terminal Access Example n Permits only hosts in netwrok to connect to the virtual terminal ports on the router Controlling Inbound Access Access-list 12 permit ! Line vty 0 4 access-class 12 in Access-list 12 permit ! Line vty 0 4 access-class 12 in

Bridging Overview

Introduction to Bridging n Bridges interconnect LANs to form the appearance of a single larger LAN OSI Model 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical

Nonrouted Protocol Support n Cisco routers support many bridging options including: –Transparent bridging –Encapsulated bridging –Integrated routing and bridging (IRB) –Source-route bridging (SRB) –Source-route transparent bridging (SRT) –Source-route translational bridging (SR/TLB)

Routing and Bridging Network Address MAC Address Nonroutable protocols Routable protocols

Basic Route/Bridge Operation Bridging software Incoming packet Routing software Routable? Network- layer protocol running? Configured for Bridging? Yes No

Transparent Bridging n Bridge is transparent to end stations

Encapsulated Bridging n Bridge frames use serial or FDDI encapsulations Frame Serial Frame C A B

Integrated Routing and Bridging Protocol A Concurrent Routing and Bridging B B B R R R IRB R = Routed Interface B = Bridging Interface

Source-Route Bridging n Source responsible for determining path to destination before sending data Ring 500: B1: Ring 501 SourceDestination B1

n Performs SRB or transparent bridging n Provides no translation Source-Route Transparent Bridging Token Ring

n Translates between bridging domains Source-Route Transparent Bridging Token Ring B SRB TB Ethernet A

Summary Cisco routers offer several kinds of nonrouted protocol support: Transparent bridging Integrated routing and bridging (IRB) for transparently bridged networks Source-route bridging (SRB) Source-route transparent bridging (SRT) Source-route translational bridging (SR/TLB)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.