ADI SHANKARA INSTITUTE OF ENGINEERING

AND TECHNOLOGY
Department of Information Technology

July-October 2013

Semester VII

INTERNETWORKING LAB

ADI SHANKARA INSTITUTE OF

ENGINEERING AND TECHNOLOGY
DEPARTMENT OF INFORMATION TECHNOLOGY
 IT010 707 INTERNETWORKING LAB
Teaching scheme Credits: 2
3 hours practical per week

 Familiarization of Network hardware such as NIC, Hub, Bridge, Switch, Router etc.

 Familiarization of different Network Cables- Color coding - Crimping.

 Familiarization of Wireless Access Point.

 LAN Configuration – IP Addressing – Host name - Domain Name – Setting up –

Configuring – testing and troubleshooting.

 Wireless LAN Configuration.

 Experiments using Router and Switch

 Basic router configuration.
 Implementing static routing.
 Implementing dynamic routing using RIP.
 Implementing dynamic routing using OSPF.
 Implementing dynamic routing using EIGRP.
 Basic switch configuration.
 VLAN configuration.
 VTP, VTP pruning.
 Implement inter-VLAN routing.
 Backup and recovery of configuration files of a router using TFTP server.
 Access Control List (Standard and Extended).
 Configuring PPP.

 Design, Configure and implement a WAN scenario which explains all concepts discussed
above.

􀂾 Basic router configuration.

 Objectives
How to configure router step by step guide

Basic router configuration commands are the essential part of router configuration.

Basic Show Commands

Router#show running-config
Building configuration...

Current configuration : 419 bytes

!
version 12.4
no service password-encryption
!
hostname Router
!
ip ssh version 1
!
interface FastEthernet0/0
[output is Omitted]
Active configuration is known as running-configuration. You can view it from router
command line interface. showrunning-config command will display active configuration from
memory. You can run this command from privileged mode. On a Cisco router active
configuration is not saved automatically. So it would lost automatically in the event of power
failure. To avoid it you need to save it manually with copy command.
Router#show flash
System flash directory:
File Length Name/status
1 33591768 c1841-advipservicesk9-mz.124-15.T1.bin
[33591768 bytes used, 30424616 available, 64016384 total]
63488K bytes of processor board System flash (Read/Write)
Flash memory is a special kind of memory on the router that contains the operating system
image file(s). Unlike regular router memory, Flash memory continues to maintain the file
image even after power is lost.

Router#show history
The routers Command Line Interface (CLI) maintains by default the last 10 commands you
have entered in memory .
You can retrieve previous commands by pressing UP Arrow Key
You can retrieve next commands by pressing Down Arrow Key
Router#show protocols
Use this command to view the status of the current layer 3 routed protocols running on your
router
Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version
12.4(15)T1,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team

ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)

System returned to ROM by power-on

System image file is "flash:c1841-advipservicesk9-mz.124-15.T1.bin"
[output is Omitted]
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
1 Low-speed serial(sync/async) network interface(s)
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

This command will give you critical information, such as: router platform type, operating
system revision, operating system last boot time and file location, amount of memory, number
of interfaces, and configuration register
Router#show clock
*1:46:13.169 UTC Mon Nov 1 2009
Will show you Router clock
Router#show hosts
will display a cached list of hosts and all of their interfaces IP addresses
Router#show users
Will show a list of all users who are connected to the router
Router#show interfaces
will give you detailed information about each interface
Router#show protocols
will show the global and interface-specific status of any layer 3 protocols
Router#show ip interface brief
Interface IP-Address OK? Method Status
Protocol

FastEthernet0/0 10.0.0.1 YES manual up

up

FastEthernet0/1 unassigned YES manual administratively

down down

Serial0/0/0 20.0.0.1 YES manual up

up

Vlan1 unassigned YES manual administratively

down down
Router#
This command will show brief descriptions about interface. This command mostly used in
troubleshooting. There may be three possible conditions of status. 
UP :- interface is up and operational 
DOWN :- physical link is detected but there are some problem in configurations. 
Administratively down :- port is disable by shutdown command ( Default mode of any port
on router.)
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 10.0.0.0/8 is directly connected, FastEthernet0/0

C 20.0.0.0/8 is directly connected, Serial0/0/0
D 30.0.0.0/8 [90/40514560] via 20.0.0.2, 00:02:55, Serial0/0/0
D 40.0.0.0/8 [90/41026560] via 20.0.0.2, 00:02:54, Serial0/0/0
D 50.0.0.0/8 [90/41029120] via 20.0.0.2, 00:02:50, Serial0/0/0
R1#
This command will give a detail about known route. Router will not forward packet if route is
not shown here for that packet. Router’s routing decision is made by this routing table.
R1#show controllers serial 0/0/0
Interface Serial0/0/0
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 64000
idb at 0x81081AC4, driver data structure at 0x81084AC0
Most common use of this command is to find out whether the port is DCE end or DTE. If the
port is DCE end then clock rate and bandwidth command will require. As you can see in
output that port is DCE.
R1#show ip protocols

Routing Protocol is "eigrp 1 "

Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 1
Automatic network summarization is in effect
Automatic address summarization:
Maximum path: 4
Routing for Networks:
10.0.0.0
20.0.0.0
Routing Information Sources:
Gateway Distance Last Update
20.0.0.2 90 16
Distance: internal 90 external 170

Use this command to know about running routing protocols. This will give the complete status
about routing protocols likes on which interface its receiving updates and on which interface
its broadcasting update what is time intervals
press enter to get back router prompt

Router>
You are now in User mode. Type ? to view all the available commands at this prompt.
Router>?
From privilege mode you can enter in configuration mode by typing configure terminal you
can exit configuration mode type exit or <CTL>+z
Router>enable
Router#config terminal
Router(config)#exit
Router#
To view all commands available from this mode type: ? and press: enter This will give you the
list of all available commands for the router in your current mode. You can also use the
question mark after you have started typing a command. For example if you want to use a
show command but you do not remember which one it uses 'show ?' will output all commands
that you can use with the show command.
Router#show ?
access-expression List access expression
access-lists List access lists
backup Backup status
cdp CDP information
clock Display the system clock
cls DLC user information
compress Show compression statistics
configuration Contents of Non-Volatile memory

How to configure Cisco router in CCNA step by step

guide

Click inside the Router and select CLI and press Enter to get started. Setup mode start
automatically if there is no startup configuration present. The answer inside the square
brackets [ ], is the default answer. If this is the answer you want, just press enter.
Pressing CTRL+C at any time will end the setup process, shut down all interfaces, and take
you to user mode(Router>).
You cannot use setup mode to configure an entire router. It does only the basics. For
example, you can only turn on either RIPv1 or Interior Gateway Routing Protocol (IGRP), but
not Open Shortest Path First Protocol (OSPF) or Enhanced Interior Gateway Routing Protocol
(EIGRP). You cannot create access control lists (ACL) here or enable Network Address
Translation (NAT). You can assign an IP address to an interface, but not to a subinterface. All
in all, setup mode is very limiting.
--- System Configuration Dialog --- Continue with configuration
dialog? [yes/no]:
Write no and press enter. To get router prompt
You are now connected to Router and are in user mode prompt. The prompt is broken down
into two parts, the hostname and the mode. "Router" is the
Router0's hostname and ">" means you are in user mode.
Press RETURN to get started
Router>
User mode is indicated with the '>' next to the router name. in this mode you can look at
settings but can not make changes. 
In Privilege mode(indicated by the '#', you can do anything). To get into privilege mode the
keyword is enable.
Next type the command enable to get to the privileged mode prompt.
Router > enable
Router#
To get back to the user mode, simply type disable. From the user mode
type logout or exit to leave the router.
Router#disable
Router>
Router>exit
Router con0 is now available
Press RETURN to get started
press enter to get back router prompt
Router>
You are now in User mode. Type ? to view all the available commands at this prompt.
Router>?
From privilege mode you can enter in configuration mode by typing configure terminal you
can exit configuration mode type exit or <CTL>+z
Router>enable
Router#config terminal
Router(config)#exit
Router#
To view all commands available from this mode type ? and press enter This will give you the
list of all available commands for the router in your current mode. You can also use the
question mark after you have started typing a command. For example if you want to use
a show command but you do not remember which one it uses 'show ?' will output all
commands that you can use with the show command.
Router#show ?
access-expression List access expression
access-lists List access lists
backup Backup status
cdp CDP information
clock Display the system clock
cls DLC user information
compress Show compression statistics
configuration Contents of Non-Volatile memory
--More--
Basic Global Configurations mode Commands
Configuring a Router Name
This command works on both routers and switches
Router(config)#hostname Lucknow Lucknow(config)#
You could choose any descriptive name for your cisco devices
Configuring Passwords
This command works on both routers and switches

Router(config)#enable password test Sets enable password to test

Router(config)#enable secret Vinita Sets enable secret password to vinita

Router(config)#line console 0 Enters console line mode

Router(config-line)#password console Sets console line mode password to console

Router(config-line)#login Enables password checking at login

Router(config)#line vty 0 4 Enters vty line mode for all five vty lines

Router(config-line)#password telnet Sets vty password to telnet

Router(config-line)#login Enables password checking at login

Router(config)#line aux 0 Enters auxiliary line mode

Router(config-line)#password aux Sets auxiliary line mode password to aux

Router(config-line)#login Enables password checking at login

CAUTION: The enable secret password is encrypted by default. The enable password is not.
For this reason, recommended practice is that you never use the enable password command.
Use only the enable secret password command in a router or switch configuration.
You cannot set both enable secret password and enable password to the same password.
Doing so defeats the use of encryption.
Configuring a Fast Ethernet Interface

Moves to Fast Ethernet 0/0 interface

Router(config)#interface fastethernet 0/0
configuration mode

Optional descriptor of the link is locally

Router(config-if)#description Student Lab LAN
significant

Router(config-if)#ip address 192.168.20.1 Assigns address and subnet mask to

255.255.255.0 interface

Router(config-if)#no shutdown Turns interface on

Creating a Message of the Day Banner

Router(config)#banner motd # Next Schedule metting with manager is
Postponed #
Router(config)#
The MOTD banner is displayed on all terminals and is useful for sending messages that affect
all users. Use the no banner motd command to disable the MOTD banner. The MOTD
banner displays before the login prompt and the login banner, if one has been created.
Creating a Login Banner
Router(config)#banner login # Unauthorized access is prohibited !
Please enter your username and password. #
Router(config)#
The login banner displays before the username and password login prompts. Use the no
banner login command to disable the login banner. The MOTD banner displays before the
login banner.
# is known as a delimiting character. The delimiting character must surround the banner and
login message and can be any character so long as it is not a character used within the body
of the message
Assigning a Local Host Name to an IP Address
Router(config)#ip host Lucknow 172.16.1.1
Assigns a host name to the IP address. After this assignment, you can use the host name
rather than an IP address when trying to Telnet or ping to that address
The no ip domain-lookup Command
Router(config)#no ip domain-lookup
Router(config)#
Turns off trying to automatically resolve an unrecognized command to a local host name
Ever type in a command incorrectly and are left having to wait for a minute or two as the
router tries to translate your command to a domain server of 255.255.255.255? The router is
set by default to try to resolve any word that is not a command to a Domain Name System
(DNS) server at address 255.255.255.255. If you are not going to set up DNS, turn off this
feature to save you time as you type, especially if you are a poor typist

The logging synchronous Command

Router(config)#line console 0
Router(config-line)#exec-timeout 0 0
Router(config-line)#
Sets the time limit when the console automatically logs off. Set to 0 0 (minutes seconds)
means the console never logs off.
The command exec-timeout 0 0 is great for a lab environment because the console never
logs out. This is considered to be bad security and is dangerous in the real world. The default
for the exec-timeout command is 10 minutes and zero (0) seconds (exec-timeout 10 0).
Saving and erasing configurations

Router(config)#exit Bring you back in Privilege exec mode

Router#copy running-config startup-config Saves the running configuration to local NVRAM

Saves the running configuration remotely to a

Router#copy running-config tftp
TFTP server

Router#erase startup-config Deletes the startup configuration file from NVRAM

Types of Routes - Static Routes and Dynamic Routes  

Routing is the process of selecting paths in a network along which to send network
traffic and route is the path to send the network traffic. There are two ways a router
learn a route: static and dynamic. A static route is a route that is manually configured
on the router. Simply we can say a static route is a route that is created manually by a
network administrator. The information about the networks that are
directly connected to the active router interfaces is added to the routing table initially
and they are known as connected routes. The second way that the router can learn
static routes are by configuring the routes manually. Dynamic routes are routes that a
router learns by using a routing protocol. Routing protocols will learn about routes
from other neighbouring routers running the same routing protocol. Dynamic routing
protocols share network numbers a router knows about and how to reach these
 networks. Through this sharing process, a router can learn about all of the reachable
network numbers in the network.

Cisco Router Configuration Commands

Requirement Cisco Command

Set a console password to cisco Router(config)#line con 0

Router(config-line)#login
Router(config-line)#password cisco

Set a telnet password Router(config)#line vty 0 4

Router(config-line)#login
Router(config-line)#password cisco

Stop console timing out Router(config)#line con 0

Router(config-line)#exec-timeout 0 0

Set the enable password to cisco Router(config)#enable password cisco

Set the enable secret password to peter. Router(config)#enable secret peter

This password overrides the enable password 

and is encypted within the config file

Enable an interface Router(config-if)#no shutdown

To disable an interface Router(config-if)#shutdown

Set the clock rate for a router with a DCE cable to 64K Router(config-if)clock rate 64000

Set a logical bandwidth assignment of 64K to the serial interface Router(config-if)bandwidth 64

Note that the zeroes are not missing

To add an IP address to a interface Router(config-if)#ip addr 10.1.1.1

255.255.255.0

To enable RIP on all 172.16.x.y interfaces Router(config)#router rip

Router(config-router)#network 172.16.0.0

Disable RIP Router(config)#no router rip

To enable IRGP with a AS of 200, to all interfaces Router(config)#router igrp 200

Router(config-router)#network 172.16.0.0

Disable IGRP Router(config)#no router igrp 200

Static route the remote network is 172.16.1.0, with a mask of 255.255.255.0, Router(config)#ip route 172.16.1.0
the next hop is 172.16.2.1, at a cost of 5 hops 255.255.255.0 172.16.2.1 5

Disable CDP for the whole router Router(config)#no cdp run

Enable CDP for he whole router Router(config)#cdp run

Disable CDP on an interface Router(config-if)#no cdp enable

Cisco Router Show Commands

Requirement Cisco Command

View version information show version

View current configuration (DRAM) show running-config

View startup configuration (NVRAM) show startup-config

Show IOS file and flash space show flash

Shows all logs that the router has in its memory show log

View the interface status of interface e0 show interface e0

Overview all interfaces on the router show ip interfaces brief

View type of serial cable on s0 show controllers 0 (note the space between the 's' and
the '0')

Display a summary of connected cdp devices show cdp neighbor

Display detailed information on all devices show cdp entry *

Display current routing protocols show ip protocols

Display IP routing table show ip route

Display access lists, this includes the number of displayed show access-lists
matches

Check the router can see the ISDN switch show isdn status

Check a Frame Relay PVC connections show frame-relay pvc

show lmi traffic stats show frame-relay lmi

Display the frame inverse ARP table show frame-relay map

Cisco Router Basic Operations

Requirement Cisco Command

Enable Enter privileged mode

Return to user mode from privileged disable

Exit Router Logout or exit or quit

Recall last command up arrow or <Ctrl-P>

Recall next command down arrow or <Ctrl-N>

Suspend or abort <Shift> and  <Ctrl> and 6 then x

Refresh screen output <Ctrl-R>

Compleat Command TAB

Cisco Router Copy Commands

Requirement Cisco Command

Save the current configuration from DRAM to copy running-config startup-config

NVRAM

Merge NVRAM configuration to DRAM copy startup-config running-config

Copy DRAM configuration to a TFTP server copy runing-config tftp

Merge TFTP configuration with current router copy tftp runing-config

configuration held in DRAM

Backup the IOS onto a TFTP server copy flash tftp

Upgrade the router IOS from a TFTP server copy tftp flash

Cisco Router Debug Commands

Requirement Cisco Command

Enable debug for RIP debug ip rip

Enable summary IGRP debug information debug ip igrp events

Enable detailed IGRP debug information debug ip igrp transactions

Debug IPX RIP debug ipx routing activity

Debug IPX SAP debug IPX SAP

Enable debug for CHAP or PAP debug ppp authentication

Switch all debugging off no debug all 

undebug all
 􀂾 Implementing static routing.
How to configure Static Route on router
Create a topology as shown in figure.

A static route is a manually configured route on your router. Static routes are typically
used in smaller networks and when few networks or subnets exist, or with WAN links
that have little available bandwidth. With a network that has hundreds of routes, static
routes are not scalable, since you would have to configure each route and any
redundant paths for that route on each router.
1841 Series Router0 (R1)
FastEthernet0/0 Serial0/0/0
IP address 10.0.0.1 20.0.0.1
Connected With Pc0 R2 on Serial 0/0
2811 Series Router0 (R4)
FastEthernet0/0 Serial0/0/0
IP address 50.0.0.1 40.0.0.2
Connected With Pc1 R3 on Serial 0/0
2621XM Series Router0 (R3)
FastEthernet0/0 Serial0/0/0
IP address 30.0.0.2 40.0.0.1
Connected R4 on Serial
FastEthernet0/0
With 0/0/0
2620XM Series Router1 (R2)
 FastEthernet0/0 Serial0/0
IP address 30.0.0.1 20.0.0.2
Connected R3 on R1 on Serial
With FastEthernet0/0 0/0/0
PC-PT PC0
Default
FastEthernet0
Gateway
IP address 10.0.0.2 10.0.0.1
Connected R1 on
With FastEthernet0/0
PC-PT PC1
Default
FastEthernet0
Gateway
IP address 50.0.0.2 50.0.0.1
Connected R4 on
With FastEthernet0/0
To configure any router double click on it and select CLI.To configure this topology use this
step by step guide.
(1841Router0) Hostname R1
To configure and enable static routing on R1 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface fastethernet 0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R1(config-if)#exit
R1(config)#interface serial 0/0/0
R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#bandwidth 64
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down
R1(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
R1(config)#ip route 40.0.0.0 255.0.0.0 20.0.0.2
R1(config)#ip route 50.0.0.0 255.0.0.0 20.0.0.2
(2620XM-Router1) Hostname R2
To configure and enable static routing on R2 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 0/0
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R2(config-if)#exit
R2(config)#interface fastethernet 0/0
R2(config-if)#ip address 30.0.0.1 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R2(config-if)#exit
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1
R2(config)#ip route 40.0.0.0 255.0.0.0 30.0.0.2
R2(config)#ip route 50.0.0.0 255.0.0.0 30.0.0.2
(2620XM-Router2)Hostname R3
To configure and enable static routing on R3 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R3
R3(config)#interface fastethernet 0/0
R3(config-if)#ip address 30.0.0.2 255.0.0.0
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R3(config-if)#interface serial 0/0
R3(config-if)#ip address 40.0.0.1 255.0.0.0
R3(config-if)#clock rate 64000
R3(config-if)#bandwidth 64
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to down
R3(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R3(config)#ip route 10.0.0.0 255.0.0.0 30.0.0.1
R3(config)#ip route 20.0.0.0 255.0.0.0 30.0.0.1
R3(config)#ip route 50.0.0.0 255.0.0.0 40.0.0.2
(2811Router3) Hostname R4
To configure and enable static routing on R4 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 40.0.0.2 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed
state to up
Router(config-if)#exit
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 50.0.0.1 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
Router(config-if)#exit
Router(config)#ip route 10.0.0.0 255.0.0.0 40.0.0.1
Router(config)#ip route 20.0.0.0 255.0.0.0 40.0.0.1
Router(config)#ip route 30.0.0.0 255.0.0.0 40.0.0.1
PC-1
PC>ipconfig

IP Address......................: 10.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 10.0.0.1

PC>ping 50.0.0.2

Pinging 50.0.0.2 with 32 bytes of data:

Reply from 50.0.0.2: bytes=32 time=156ms TTL=124

Reply from 50.0.0.2: bytes=32 time=127ms TTL=124
Reply from 50.0.0.2: bytes=32 time=156ms TTL=124
Reply from 50.0.0.2: bytes=32 time=140ms TTL=124

Ping statistics for 50.0.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 156ms, Average = 144ms
PC>
PC-2
PC>ipconfig

IP Address......................: 50.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 50.0.0.1

PC>ping 10.0.0.2

Pinging 10.0.0.2 with 32 bytes of data:

Reply from 10.0.0.2: bytes=32 time=140ms TTL=124

Reply from 10.0.0.2: bytes=32 time=141ms TTL=124
Reply from 10.0.0.2: bytes=32 time=157ms TTL=124
Reply from 10.0.0.2: bytes=32 time=156ms TTL=124

Ping statistics for 10.0.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 157ms, Average = 148ms

To test static routing do ping from pc1 to pc2 and vice versa.
 􀂾 Implementing dynamic routing using RIP
RIP Routing information protocol
Routing Information Protocol (RIP) is a standards-based, distance-vector, interior gateway
protocol (IGP) used by routers to exchange routing information. RIP uses hop count to
determine the best path between two locations. Hop count is the number of routers the packet
must go through till it reaches the destination network. The maximum allowable number of
hops a packet can traverse in an IP network implementing RIP is 15 hops.
it has a maximum allowable hop count of 15 by default, meaning that 16 is deemed
unreachable. RIP works well in small networks, but it's inefficient on large networks with slow
WAN links or on networks with a large number of routers installed.
In a RIP network, each router broadcasts its entire RIP table to its neighboring routers every
30 seconds. When a router receives a neighbor's RIP table, it uses the information provided
to update its own routing table and then sends the updated table to its neighbors.

Differences between RIPv1 or RIPv2

RIPv1
 A classful protocol, broadcasts updates every 30 seconds, hold-down period 180
seconds. Hop count is metric (Maximum 15).
 RIP supports up to six equal-cost paths to a single destination, where all six paths
can be placed in the routing table and the router can load-balance across them. The default is
actually four paths, but this can be increased up to a maximum of six. Remember that an
equal-cost path is where the hop count value is the same. RIP will not load-balance across
unequal-cost paths
RIPv2
 RIPv2 uses multicasts, version 1 use broadcasts,
 RIPv2 supports triggered updates—when a change occurs, a RIPv2 router will
immediately propagate its routing information to its connected neighbors.
 RIPv2 is a classless protocol. RIPv2 supports variable-length subnet masking (VLSM)
 RIPv2 supports authentication. You can restrict what routers you want to participate
in RIPv2. This is accomplished using a hashed password value.

RIP Timers
RIP uses four different kinds of timers to regulate its performance:
Route update timer
Sets the interval (typically 30 seconds) between periodic routing updates in which the router
sends a complete copy of its routing table out to all neighbors.
Route invalid timer
Determines the length of time that must elapse (180 seconds) before a router determines that
a route has become invalid. It will come to this conclusion if it hasn’t heard any updates about
a particular route for that period. When that happens, the router will send out updates to all its
neighbors letting them know that the route is invalid.
Holddown timer
This sets the amount of time during which routing information is suppressed. Routes will enter
into the holddown state when an update packet is received that indicated the route is
unreachable. This continues either until an update packet is received with a better metric or
until the holddown timer expires. The default is 180 seconds.
Route flush timer
Sets the time between a route becoming invalid and its removal from the routing table (240
seconds). Before it's removed from the table, the router notifies its neighbors of that route's
impending failure. The value of the route invalid timer must be less than that of the route flush
timer. This gives the router enough time to tell its neighbors about the invalid route before the
local routing table is updated.
RIP is a dynamic, distance vector routing protocol based around the Berkely BSD application routedand
was developed for smaller IP based networks. RIP uses UDP port 520 for route updates. RIP calculates
the best route based on hop count. Like all distance vector routing protocols, RIP takes some time to
converge. While RIP requires less CPU power and RAM than some other routingprotocols, RIP does
have some limitations:
Metric: Hop Count
Since RIP calculates the best route to a destination based solely on how many hops it is to the
destination network, RIP tends to be inefficient in network using more than one LANprotocol, such as
Fast Ethernet and serial orToken Ring. This is because RIP prefers paths with the shortest hop count.
The path with the shortest hop count might be over the slowest link in the network.
Hop Count Limit
RIP cannot handle more than 15 hops. Anything more than 15 hops away is considered unreachable by
RIP. This fact is used by RIP to prevent routing loops.
Classful Routing Only
RIP is a classful routing protocol. RIP cannot handle classless routing. RIP v1 advertises allnetworks it
knows as classful networks, so it is impossible to subnet a network properly viaVLSM if you are running
RIP v1, which
However, it must be pointed out that RIP is the only routing protocol that all routing devices and
software support, so in a mixed equipment environment, RIP may be your only option fordynamic
routing. This is changing with the widespread use of OSPF.
RIP is a relatively old but still commonly used interior gateway protocol created for use in small,
homogeneous networks. It is a classical distance-vector routing protocol. RIP is documented in
RFC 1058.
RIP uses broadcast User Datagram Protocol (UDP) data packets to exchange routing information.
Cisco IOS software sends routing information updates every 30 seconds, which is termed advertising. If
a router does not receive an update from another router for 180 seconds or more, it marks the routes
served by the nonupdating router as being unusable. If there is still no update after 240 seconds, the
router removes all routing table entries for the nonupdating router.
The metric that RIP uses to rate the value of different routes is hop count. The hop count is the number
of routers that can be traversed in a route. A directly connected network has a metric of zero; an
unreachable network has a metric of 16. This small range of metrics makes RIP an unsuitable routing
protocol for large networks.
A router that is running RIP can receive a default network via an update from another router that is
running RIP, or the router can source (generate) the default network itself with RIP. In both cases, the
default network is advertised through RIP to other RIP neighbors.
Cisco IOS software will source the default network with RIP if one of the following conditions is met:
• The ip default-network command is configured.
• The default-information originate command is configured.
• The default route is learned via another routing protocol or static route and then redistributed into
RIP.
 RIP sends updates to the interfaces in the specified networks. If the network of an interface network is
not specified, it will not be advertised in any RIP update.
The Cisco implementation of RIP Version 2 supports plain text and Message Digest 5 (MD5)
authentication, route summarization, classless interdomain routing (CIDR), and variable-length subnet
masks (VLSMs).

Configuring Routing Information Protocol

RIP is a relatively old but still commonly used interior gateway protocol created for use in small,
homogeneous networks. It is a classical distance-vector routing protocol. RIP is documented in
RFC 1058.
RIP uses broadcast User Datagram Protocol (UDP) data packets to exchange routing information.
Cisco IOS software sends routing information updates every 30 seconds, which is termed advertising. If
a router does not receive an update from another router for 180 seconds or more, it marks the routes
served by the nonupdating router as being unusable. If there is still no update after 240 seconds, the
router removes all routing table entries for the nonupdating router.
The metric that RIP uses to rate the value of different routes is hop count. The hop count is the number
of routers that can be traversed in a route. A directly connected network has a metric of zero; an
unreachable network has a metric of 16. This small range of metrics makes RIP an unsuitable routing
protocol for large networks.
A router that is running RIP can receive a default network via an update from another router that is
running RIP, or the router can source (generate) the default network itself with RIP. In both cases, the
default network is advertised through RIP to other RIP neighbors.
Cisco IOS software will source the default network with RIP if one of the following conditions is met:
• The ip default-network command is configured.
• The default-information originate command is configured.
• The default route is learned via another routing protocol or static route and then redistributed into
RIP.
RIP sends updates to the interfaces in the specified networks. If the network of an interface network is
not specified, it will not be advertised in any RIP update.
The Cisco implementation of RIP Version 2 supports plain text and Message Digest 5 (MD5)
authentication, route summarization, classless interdomain routing (CIDR), and variable-length subnet
masks (VLSMs).

RIP ROUTING UPDATES

Routers running IP RIP broadcast the full list of all the routes they know every 30
seconds. When a router running RIP hears a broadcast it runs the distance
vector algorithm to create a list of best routes.

RIP TIMERS
TIMER DEFAULT CONTROLS

Update 30 sec. Interval between route update advertisements

Hold- 90 sec. Period a route is withdrawn from the table to prevent a

Down routing loop.

Timeout 180 sec. Interval a route should stay 'live' in the routing table. This
counter is reset every time the router hears an update for
this route.
 Flush 120 sec. How long to wait to delete a route after it has timed out.
The routing-update timer controls the time between routing updates. Default is
usually 30 seconds, plus a small random delay to prevent all RIP routers from
sending updates simultaneously.
The route-timeout timer controls when a route is no longer available. The
default is usually180 seconds. If a router has not seen the route in an update
during this specified interval, it is dropped from the router's announcements. The
route is maintained long enough for therouter to advertise the route as down
(hop count of 16).
The route-flush timer controls how long before a route is completely flushed
from therouting table. The default setting is usually 120 seconds.

RIP Configuration Task List

To configure RIP, perform the tasks described in the following sections. The tasks in the first two
sections are required; the tasks in the remaining sections are optional.
• Enabling RIP (Required)
• Allowing Unicast Updates for RIP (Required)
• Applying Offsets to Routing Metrics (Optional)
• Adjusting Timers (Optional)
• Specifying a RIP Version (Optional)
• Enabling RIP Authentication (Optional)
• Configuring Route Summarization on an Interface (Optional)
• Verifying IP Route Summarization (Optional)
• Disabling Automatic Route Summarization (Optional)
• Running IGRP and RIP Concurrently (Optional)
• Disabling the Validation of Source IP Addresses (Optional)
• Enabling or Disabling Split Horizon (Optional)
• Configuring Interpacket Delay (Optional)
• Connecting RIP to a WAN (Optional)

Enabling RIP
To enable RIP, use the following commands beginning in global configuration mode:
  Command Purpose
Step 1  Router(config)# router rip Enables a RIP routing process,
which places you in router
configuration mode.

Step 2  Router(config-router)# netwo Associates a network with a RIP

rk ip-address
 routing process.

Allowing Unicast Updates for RIP

Because RIP is normally a broadcast protocol, in order for RIP routing updates to
reach nonbroadcast networks, you must configure the Cisco IOS software to permit
this exchange of routing information. To do so, use the following command in router
configuration mode:
Command Purpose
Router(config-router)# neighbor Defines a neighboring router with which
ip-address to exchange routing information.

To control the set of interfaces with which you want to exchange routing updates, you can disable the
sending of routing updates on specified interfaces by configuring the passive-interface router
configuration command. See the discussion on filtering in the "Filter Routing Information" section in the
"Configuring IP Routing Protocol-Independent Features" chapter.

Applying Offsets to Routing Metrics

An offset list is the mechanism for increasing incoming and outgoing metrics to
routes learned via RIP. Optionally, you can limit the offset list with either an access
list or an interface. To increase the value of routing metrics, use the following
command in router configuration mode:
Command Purpose
Router(config-router)# offset-list [access-list- Applies an
number | access-list- offset to
name] {in | out} offset [interface-type interface- routing
number] metrics.

Adjusting Timers
Routing protocols use several timers that determine such variables as the frequency of routing updates,
the length of time before a route becomes invalid, and other parameters. You can adjust these timers to
tune routing protocol performance to better suit your internetwork needs. You can make the following
timer adjustments:
• The rate (time in seconds between updates) at which routing updates are sent
• The interval of time (in seconds) after which a route is declared invalid
• The interval (in seconds) during which routing information regarding better paths is suppressed
• The amount of time (in seconds) that must pass before a route is removed from the routing table
• The amount of time for which routing updates will be postponed
It also is possible to tune the IP routing support in the software to enable faster convergence of the
various IP routing algorithms, and, hence, quicker fallback to redundant routers. The total effect is to
minimize disruptions to end users of the network in situations where quick recovery is essential.
In addition, an address family can have explicitly specified timers that apply to that address-family (or
VRF) only. The timers basic command must be specified for an address family or the system defaults
for the timers basic command are used regardless of what is configured for RIP routing. The VRF does
not inherit the timer values from the base RIP configuration. The VRF will always use the system default
timers unless explicitly changed using the timers basic command.
To adjust the timers, use the following command in router configuration mode:
Command Purpose
Router(config-router)# timers basic update Adjusts routing
 invalid holddown flush[sleeptime] protocol timers.

Specifying a RIP Version

The Cisco implementation of RIP Version 2 supports authentication, key management, route
summarization, CIDR, and VLSMs. Key management and VLSM are described in the chapter
"Configuring IP Routing Protocol-Independent Features."
By default, the software receives RIP Version 1 and Version 2 packets, but sends only
Version 1 packets. You can configure the software to receive and send only Version 1
packets. Alternatively, you can configure the software to receive and send only
Version 2 packets. To configure the software to send and receive packets from only
one version, use the following command in router configuration mode:
Command Purpose
Router(config-router)# versio Configures the software to receive and
n {1 | 2} send only RIP Version 1 or only RIP
Version 2 packets.

The preceding task controls the default behavior of RIP. You can override that behavior by configuring a
particular interface to behave differently. To control which RIP version an interface sends, use the
following commands in interface configuration mode, as needed:
:

Command Purpose
Router(config-if)# ip rip Configures an interface to send only RIP
send version 1 Version 1 packets.

Router(config-if)# ip rip Configures an interface to send only RIP

send version 2 Version 2 packets.

Router(config-if)# ip rip Configures an interface to send RIP

send version 1 2 Version 1 and Version 2 packets.

Similarly, to control how packets received from an interface are processed, use the
following commands in interface configuration mode, as needed:
Command Purpose
Router(config-if)# ip rip Configures an interface to accept only
receive version 1 RIP Version 1 packets.

Router(config-if)# ip rip Configures an interface to accept only

receive version 2 RIP Version 2 packets.

Router(config-if)# ip rip Configures an interface to accept either

receive version 1 2 RIP Version 1 or 2 packets.

An example of Rip Routing configurations. We will use four different series router so you can
get familiar with all different platform. Create a topology as shown in figure.
IP RIP comes in two different versions: 1 and 2. Version 1 is a distance vector protocol and is
defined in RFC 1058. Version 2 is a hybrid protocol and is defined in RFCs 1721 and 1722.
The CCNA exam now primarily focuses on version 2. There are no major differences between
RIPv1 or RIPv2 so far configurations concern.

1841 Series Router0 (R1)

FastEthernet0/0 Serial0/0/0
IP address 10.0.0.1 20.0.0.1
Connected With Pc0 R2 on Serial 0/0
2811 Series Router0 (R4)
FastEthernet0/0 Serial0/0/0
IP address 50.0.0.1 40.0.0.2
Connected With Pc1 R3 on Serial 0/0
2621XM Series Router0 (R3)
FastEthernet0/0 Serial0/0/0
IP address 30.0.0.2 40.0.0.1
Connected R4 on Serial
FastEthernet0/0
With 0/0/0
2620XM Series Router1 (R2)
FastEthernet0/0 Serial0/0
IP address 30.0.0.1 20.0.0.2
Connected R3 on R1 on Serial
With FastEthernet0/0 0/0/0
PC-PT PC0
Default
FastEthernet0
Gateway
IP address 10.0.0.2 10.0.0.1
Connected R1 on
With FastEthernet0/0
PC-PT PC1
 Default
FastEthernet0
Gateway
IP address 50.0.0.2 50.0.0.1
Connected R4 on
With FastEthernet0/0
To configure any router double click on it and select CLI. To configure this topology use this
step by step guide.
(1841Router0) Hostname R1
To configure and enable rip routing on R1 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface fastethernet 0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R1(config-if)#exit
R1(config)#interface serial 0/0/0
R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#bandwidth 64
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down
R1(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
R1(config)#router rip
R1(config-router)#network 10.0.0.0
R1(config-router)#network 20.0.0.0
R1(config-router)#exit
R1(config)#
(2620XM-Router1) Hostname R2
To configure and enable rip routing on R2 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 0/0
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R2(config-if)#exit
R2(config)#interface fastethernet 0/0
R2(config-if)#ip address 30.0.0.1 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R2(config-if)#exit
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R2(config)#router rip
R2(config-router)#network 20.0.0.0
R2(config-router)#network 30.0.0.0
R2(config-router)#exit
R2(config)#
(2620XM-Router2)Hostname R3
To configure and enable rip routing on R3 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R3
R3(config)#interface fastethernet 0/0
R3(config-if)#ip address 30.0.0.2 255.0.0.0
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R3(config-if)#interface serial 0/0
R3(config-if)#ip address 40.0.0.1 255.0.0.0
R3(config-if)#clock rate 64000
R3(config-if)#bandwidth 64
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to down
R3(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R3(config)#router rip
R3(config-router)#network 30.0.0.0
R3(config-router)#network 40.0.0.0
R3(config-router)#exit
R3(config)#
(2811Router3) Hostname R4
To configure and enable rip routing on R4 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 40.0.0.2 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed
state to up
Router(config-if)#exit
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 50.0.0.1 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
Router(config-if)#exit
R4(config)#router rip
R4(config-router)#network 40.0.0.0
R4(config-router)#network 50.0.0.0
R4(config-router)#exit
R4(config)#
PC-1
PC>ipconfig

IP Address......................: 10.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 10.0.0.1

PC>ping 50.0.0.2

Pinging 50.0.0.2 with 32 bytes of data:

Reply from 50.0.0.2: bytes=32 time=156ms TTL=124

Reply from 50.0.0.2: bytes=32 time=127ms TTL=124
Reply from 50.0.0.2: bytes=32 time=156ms TTL=124
Reply from 50.0.0.2: bytes=32 time=140ms TTL=124

Ping statistics for 50.0.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 156ms, Average = 144ms
PC>
PC-2
PC>ipconfig

IP Address......................: 50.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 50.0.0.1

PC>ping 10.0.0.2

Pinging 10.0.0.2 with 32 bytes of data:

Reply from 10.0.0.2: bytes=32 time=140ms TTL=124

Reply from 10.0.0.2: bytes=32 time=141ms TTL=124
Reply from 10.0.0.2: bytes=32 time=157ms TTL=124
Reply from 10.0.0.2: bytes=32 time=156ms TTL=124

Ping statistics for 10.0.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 157ms, Average = 148ms
You can verify that RIP is running successfully via show ip protocols command in privilege
mode.
R1#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 2 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Triggered RIP Key-chain
FastEthernet0/0 1 2 1
Serial0/0/0 1 2 1
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
20.0.0.0
Passive Interface(s):
Routing Information Sources:
Gateway Distance Last Update
20.0.0.2 120 00:00:20
Distance: (default is 120)
R1#
You can use show ip route command to troubleshoot rip network. If you did not see
information about any route checks the router attached with that network.
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 10.0.0.0/8 is directly connected, FastEthernet0/0

C 20.0.0.0/8 is directly connected, Serial0/0/0
R 30.0.0.0/8 [120/1] via 20.0.0.2, 00:00:01, Serial0/0/0
R 40.0.0.0/8 [120/2] via 20.0.0.2, 00:00:01, Serial0/0/0
R 50.0.0.0/8 [120/3] via 20.0.0.2, 00:00:01, Serial0/0/0
R1#
To test rip routing do ping from pc1 to pc2 and vice versa. If you get replay then you have
successfully configured rip routing but if you did not get replay double check this configuration
and try to troubleshoot. I have uploaded a configured and tested topology in case you are
unable to locate the problem spot then download this configuration file. And try to find out
where have you committed mistake
rip routing configurations
Configure RIP Routing command cheat sheet
Commands Descriptions

Router(config)#router rip Enables RIP as a routing protocol

w.x.y.z is the network number of the directly connected

Router(config-router)#network w.x.y.z
network you want to advertise.

Router(config)#no router rip Turns off the RIP routing process

Router(config-router)#no network w.x.y.z Removes network w.x.y.z from the RIP routing process.

Router(config-router)#version 2 RIP will now send and receive RIPv2 packets globally.

Router(config-router)#version 1 RIP will now send and receive RIPv1 packets only

RIPv2 summarizes networks at the classful boundary.

Router(config-router)#no auto-summary
This command turns autosummarization off.

Router(config-router)#passive-interface s0/0/0 RIP updates will not be sent out this interface.

Router(config-router)#no ip split-horizon Turns off split horizon (on by default).

Router(config-router)#ip split-horizon Re-enables split horizon

Changes timers in RIP: 30 = Update timer (in seconds)

Router(config-router)#timers basic 30 90 180 270 90 = Invalid timer (in seconds) 180 = Hold-down timer (in

360 seconds) 270 = Flush timer (in seconds) 360 = Sleep

time (in milliseconds)

Router#debug ip rip Displays all RIP activity in real time

Router#show ip rip database Displays contents of the RIP database

CISCO ROUTERS - CONFIGURING RIP

Configuring a Cisco router for RIP requires a series of configuration steps. First
you must turn on the RIP routing protocol, then you must identify
the network that will be advertised and which interfaces will advertise it with
the network statement.

BASIC RIP CONFIGURATION (CISCO)

According to the recollection of InetDaemon, configuring a Cisco router for a basic
RIP configuration would look something like this:
router> enable
Password:
router# conf t
router(config)#interface ethernet 0
router(config-if)# ip address 192.168.42.1
router(config-if)# interface ethernet 1
router(config-if)# ip address 192.168.43.1
router(config-if)# exit
router(config)# router rip
router(config-router)# network 192.168.42.0
router(config-router)# network 192.168.43.0
router(config-router)# exit
router(config-router)# ^z
router#
The example above assumes that the interfaces that will be running RIP
have IP addresses on them that fall within the 204.191.42.0, and 204.191.43.0
class C ranges.
 􀂾 Implementing dynamic routing using OSPF
OSPF Open Shortest Path First Routing protocol
Biggest advantage of OSPF over EIGRP is that it will run on any device as its based on open
standard
OSPF is a link-state routing protocol that:
• Provides network topology discovery within a group of routers and networks called an autonomous
system (AS)
• Calculates the shortest path to destinations within the AS
As a link-state protocol, OSPF routers flood any change in routing information throughout the network.
This action differs from a distance vector protocol, such as RIP, which periodically exchanges routing
information only with its neighbors.
Within an AS, each OSPF router builds and synchronizes a database of the AS network topology. The
routers synchronize their databases by requesting information from other AS routers. Each router sends
its information as link-state advertisements (LSAs) that include information about the state of each
router and link in the AS. A link is an interface on the router. The state of the link is the description of the
interface, including its IP address and subnet mask, and its relationship to its neighboring router.
Then, the router uses its database and the Shortest Path First (SPF) algorithm to calculate the shortest
path to every destination in the AS and stores this information in a dynamic table. When changes occur,
the router calculates new paths.
The CSS as an OSPF router provides:
• Intra-area route support for routing in a single area between other OSPF routers
• Inter-area route support for routing between multiple OSPF areas
• Route summarization between areas as an Area Border Router (ABR)
• Stub area and AS boundary router support
• Redistribution of local, RIP, static, and firewall routes into an OSPF domain
• Advertisement of VIP addresses for content as AS external routes
• Simple authentication

Advantages
1. It will run on most routers, since it is based on an open standard.

2. It uses the SPF algorithm, developed by Dijkstra, to provide a loop-free topology.

3. It provides fast convergence with triggered, incremental updates via Link State Advertisements
(LSAs).

4. It is a classless protocol and allows for a hierarchical design with VLSM and route
summarization.
Disadvantages:
1. It requires more memory to hold the adjacency (list of OSPF neighbors), topology and routing
tables.

2. It requires extra CPU processing to run the SPF algorithm

3. It is complex to configure and more difficult to troubleshoot.

 Features
1. OSPF implements a two-layer hierarchy: the backbone (area 0) and areas off of the backbone
(areas 1– 65,535)

2. To provide scalability OSPF supports two important concepts: autonomous systems and areas.

3. Synchronous serial links, no matter what the clock rate of the physical link is, the bandwidth
always defaults to 1544 Kbps.

4. OSPF uses cost as a metric, which is the inverse of the bandwidth of a link.

Figure 4-1 Basic OSPF Network Topology

Autonomous System
The autonomous system (AS) is a collection of networks, under the same administrative control, that
share the same routing information with each other. An AS is also referred to as a routing
domain. Figure 4-1 shows two ASs: AS A and AS B. An AS can consist of one or more OSPF areas.

Areas
Areas allow the subdivision of an AS into smaller, more manageable networks or sets of adjacent
networks. As shown in Figure 4-1, AS A consists of three areas: area 0.0.0.0, 1.1.1.1, and 1.1.1.2.
OSPF hides the topology of an area from the rest of the AS. An area's network topology is visible only to
routers inside that area; it is not visible to routers outside that area. When OSPF routing is within an
area, it is called intra-area routing. This routing limits the amount of link-state information flooding onto
the network, thereby reducing routing traffic. It also reduces the size of the topology information in each
router, which conserves processing and memory requirements in each router.
Conversely, the routers within an area cannot see detailed network structures outside the area.
Because of this restriction of topological information, you can control traffic flow between areas and
reduce routing traffic when the entire autonomous system is a single routing domain.

Backbone Area
A backbone area is responsible for distributing routing information between the areas of an autonomous
system. When OSPF routing occurs outside of an area, it is called inter-area routing.
The backbone itself has all the properties of an area. It consists of area border routers, and routers and
networks only on the backbone. As shown in Figure 4-1, area 0.0.0.0 is an OSPF backbone area. Note
that any OSPF backbone area has a reserved ID of 0.0.0.0.
 Area Border Routers
Area border routers (ABRs) are routers with multiple interfaces that connect directly to networks in two
or more areas. An ABR runs a separate copy of the OSPF algorithm and maintains separate routing
data for each area that is connected to it, including the backbone area. Area border routers also send
configuration summaries for their attached areas to the backbone area, which distributes this
information to other OSPF areas in the autonomous system. In Figure 4-1, there are two ABRs. ABR 1
interfaces area 1.1.1.1 to the backbone area. ABR 2 interfaces the backbone area to area 1.1.1.2, a
stub area.

Note ABRs are always backbone routers. You must configure them to the backbone area.

Stub Area
A stub area is an area that does not accept or distribute detailed network information external to the
area. A stub area has only one router that interfaces the area to the rest of the AS. The area border
router attached to the stub area advertises a single default external route into the area. Routers within a
stub area use this route for destinations outside the autonomous system, as well as for inter-area
routes. This relationship conserves link-state advertisement (LSA) database space that would otherwise
be used to store external LSAs flooded into the area. In Figure 4-1, area 1.1.1.2 is a stub area that is
reached only through area border router 2.

Autonomous System Boundary Routers

Autonomous system boundary routers (ASBRs) provide connectivity from one autonomous system to
another system. ASBRs exchange their autonomous system routing information with boundary routers
in other autonomous systems. Every router inside an autonomous system knows how to reach the
boundary routers for its autonomous system.
ASBRs can import external routing information from other protocols like RIP and redistribute them as
AS-external LSAs to the OSPF network. If the CSS is an ASBR, you can configure it to advertise VIP
addresses for content as AS external routes. In this way, ASBRs flood information about external
networks to routers within the OSPF network.
ASBR routes can be advertised as type1 or type2 ASE. The difference between type1 and type2 is how
the cost is calculated. For a type2 ASE, only the external cost (metric) is considered when comparing
multiple paths to the same destination. For type1 ASE, the combination of the external cost and the cost
to reach the ASBR is used.

Link-State Databases
OSPF routers advertise routes using LSAs. The link-state database stores the link-state advertisements
from routers throughout the area. The advertisements depict the topology of the autonomous system.
They could include:
• Router links that describe the state and cost of each router's interface to an area
• Network links from the designated router that describe all routes on a segment for multi-access
segments with more than one attached router
• Summarized links from ABRs, that describe networks in the AS but outside an area
• External links from ASBRs that describe destinations external to the AS
All routers that are connected to an area maintain identical routing databases about the area. Routers
that are connected to multiple areas maintain a separate routing database for each attached area.
Instead of each router sending routing information to every other router on the network, OSPF routers
establish adjacencies among neighboring routers. When the link-state databases of two neighboring
routers are synchronized, they are considered adjacent.
OSPF routers collect raw topological data from the LSAs that they receive. Each router then prunes this
data down to a tree of the shortest network paths centered on itself. The router examines the total cost
to reach each router or network node in its domain. By discarding all but the lowest-cost path to each
destination, the router builds a shortest-path tree to each destination, which it uses until the network
topology changes. It is possible to have multiple lowest-cost paths to a destination.
OSPF offers the following features, that are found in a
number of routing protocols:

 A standards-based routing protocol that works is very interoperable between

different vendors routers and firewalls
 Supports variable length subnet masks (VLSM), making it a classless routing
protocols
 Authentication of routing updates are supported
 Route redistribution is supported between different routing protocols
 OSPF works well in point to point and point to multipoint, broadcast or non-
broadcast configurations
 OSPF also offers a number of OSPF-specific features such as stub areas,
virtual links, and OSPF on demand circuits.

How do you configure OSPF in the Cisco IOS?

To configure OSPF in the Cisco IOS, just follow these steps:

Set the bandwidth on your interfaces using the bandwidth

command Router (config-if)#bandwidth XX (where XX
signifies the bandwidth of the WAN connection)

Start the OSPF routing process and specify your process number.
The process number is an arbitrary number. It is recommended
that the number match on all routers but it is not required. The
process ID number does not have to be the AS number, although
many people confuse that it is.

Router (config)# router ospf {process-ID#}

Next, instruct the router to advertise the networks that are

directly linked to it by entering network statments with the area
ID number for that network, like this:

Router (config-router)# network {X.X.X.X} {Y.Y.Y.Y} area

{z}

In this example, the X.X.X.X is the network id of a network that

is linked directly to the router. The Y.Y.Y.Y is the wildcard mask
for that network. The wildcard mask is the inverse mask of the
subnet mask. The "z" parameter is the area id number. For small
networks, this can always be zero (0) but for larger networks,
the area IDs need to be properly planned as all routing updates
must traverse area 0.

You should enter a network statement for every network directly

attached to the router.
Once OSPF is configured, you can check the status using
the show ip route and show ip ospfcommands.

Configuration Examples
Here is an example of a router configured with the OSPF routing
protocol:

Interface Gigabit Ethernet 0/0 ip address 10.1.1.1

255.255.255.0

Interface Serial 3/0 ip address 10.2.1.1 255.255.255.0

router(config)# router ospf 1 router(config-router)#

network 10.1.1.1 0.0.0.255 area 0 router(config-router)#
network 10.2.1.1 0.0.0.255 area 0

How to configure open shortest path first routing

protocol
Create a topology as shown in figure.

1841 Series Router0 (R1)

FastEthernet0/0 Serial0/0/0
IP address 10.0.0.1 20.0.0.1
Connected With Pc0 R2 on Serial 0/0
2811 Series Router0 (R4)
FastEthernet0/0 Serial0/0/0
IP address 50.0.0.1 40.0.0.2
Connected With Pc1 R3 on Serial 0/0
 2621XM Series Router0 (R3)
FastEthernet0/0 Serial0/0/0
IP address 30.0.0.2 40.0.0.1
Connected R4 on Serial
FastEthernet0/0
With 0/0/0
2620XM Series Router1 (R2)
FastEthernet0/0 Serial0/0
IP address 30.0.0.1 20.0.0.2
Connected R3 on R1 on Serial
With FastEthernet0/0 0/0/0
PC-PT PC0
Default
FastEthernet0
Gateway
IP address 10.0.0.2 10.0.0.1
Connected R1 on
With FastEthernet0/0
PC-PT PC1
Default
FastEthernet0
Gateway
IP address 50.0.0.2 50.0.0.1
Connected R4 on
With FastEthernet0/0
Configuring OSPF is slightly different from configuring RIP. When configuring OSPF, use the
following syntax:
Router(config)# router ospf process_ID
Router(config-router)# network IP_address wildcard_mask area area_#
The process_ID is locally significant and is used to differentiate between OSPF processes
running on the same router. Your router might be a boundary router between two OSPF
autonomous systems, and to differentiate them on your router, you will give them unique
process IDs. Note that these numbers do not need to match between different routers so they
have nothing to do with autonomous system numbers.
To configure any router double click on it and select CLI.To configure this topology use this
step by step guide.
(1841Router0) Hostname R1
To configure and enable ospf routing on R1 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface fastethernet 0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R1(config-if)#exit
R1(config)#interface serial 0/0/0
R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#bandwidth 64
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down
R1(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
R1(config)#router ospf 1
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#network 20.0.0.0 0.255.255.255 area 0
R1(config-router)#exit
R1(config)#
(2620XM-Router1) Hostname R2
To configure and enable ospf routing on R2 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 0/0
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R2(config-if)#exit
R2(config)#interface fastethernet 0/0
R2(config-if)#ip address 30.0.0.1 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R2(config-if)#exit
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R2(config)#router ospf 2
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0
R2(config-router)#network 3
00:03:10: %OSPF-5-ADJCHG: Process 2, Nbr 20.0.0.1 on Serial0/0 from
LOADING to FULL, Loading Done0.0.0.0 0.255.255.255 area 0
R2(config-router)#network 30.0.0.0 0.255.255.255 area 0
R2(config-router)#exit
R2(config)#
(2620XM-Router2)Hostname R3
To configure and enable ospf routing on R3 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R3
R3(config)#interface fastethernet 0/0
R3(config-if)#ip address 30.0.0.2 255.0.0.0
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R3(config-if)#interface serial 0/0
R3(config-if)#ip address 40.0.0.1 255.0.0.0
R3(config-if)#clock rate 64000
R3(config-if)#bandwidth 64
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to down
R3(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R3(config)#router ospf 3
R3(config-router)#network 40.0.0.0 0.255.255.255 area 0
R3(config-router)#network 30.0.0.0 0.255.255.255 area 0
00:04:53: %OSPF-5-ADJCHG: Process 3, Nbr 30.0.0.1 on FastEthernet0/0
from
LOADING to FULL, Loading D
R3(config-router)#exit
R3(config)#
%SYS-5-CONFIG_I: Configured from console by console
R3#
(2811Router3) Hostname R4
To configure and enable ospf routing on R4 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 40.0.0.2 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed
state to up
Router(config-if)#exit
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 50.0.0.1 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
Router(config-if)#exit
R4(config)#router ospf 4
R4(config-router)#network 50.0.0.0 0.255.255.255 area 0
R4(config-router)#network 40.0.0.0 0.255.255.255 area 0
R4(config-router)#
00:06:32: %OSPF-5-ADJCHG: Process 4, Nbr 40.0.0.1 on Serial0/0/0 from
LOADING to FULL, Loading Done
R4(config-router)#exit
R4(config)#
PC-1
PC>ipconfig

IP Address......................: 10.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 10.0.0.1

PC>ping 50.0.0.2

Pinging 50.0.0.2 with 32 bytes of data:

Reply from 50.0.0.2: bytes=32 time=156ms TTL=124

Reply from 50.0.0.2: bytes=32 time=127ms TTL=124
Reply from 50.0.0.2: bytes=32 time=156ms TTL=124
Reply from 50.0.0.2: bytes=32 time=140ms TTL=124
Ping statistics for 50.0.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 156ms, Average = 144ms
PC>
PC-2
PC>ipconfig

IP Address......................: 50.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 50.0.0.1

PC>ping 10.0.0.2

Pinging 10.0.0.2 with 32 bytes of data:

Reply from 10.0.0.2: bytes=32 time=140ms TTL=124

Reply from 10.0.0.2: bytes=32 time=141ms TTL=124
Reply from 10.0.0.2: bytes=32 time=157ms TTL=124
Reply from 10.0.0.2: bytes=32 time=156ms TTL=124

Ping statistics for 10.0.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 157ms, Average = 148ms
You can verify that ospf is running successfully via show ip protocols command in privilege
mode.
R4#show ip protocols

Routing Protocol is "ospf 4"

Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 50.0.0.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
50.0.0.0 0.255.255.255 area 0
40.0.0.0 0.255.255.255 area 0
Routing Information Sources:
Gateway Distance Last Update
40.0.0.1 110 00:01:26
Distance: (default is 110)

R4#
You can use show ip route command to troubleshoot ospf network. If you did not see
information about any route checks the router attached with that network.
R4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

O 10.0.0.0/8 [110/1564] via 40.0.0.1, 00:02:37, Serial0/0/0
O 20.0.0.0/8 [110/1563] via 40.0.0.1, 00:02:37, Serial0/0/0
O 30.0.0.0/8 [110/782] via 40.0.0.1, 00:02:37, Serial0/0/0
C 40.0.0.0/8 is directly connected, Serial0/0/0
C 50.0.0.0/8 is directly connected, FastEthernet0/0
R4#
To test ospf routing do ping from pc1 to pc2 and vice versa. If you get replay then you have
successfully configured ospf routing but if you did not get replay double check this
configuration and try to troubleshoot. I have uploaded a configured and tested topology in
case you are unable to locate the problem spot then download this configuration file. And try
to find out where have you committed mistake
Configuration command of OSPF

Commands Descriptions

Starts OSPF process 1. The process ID is any positive integer value between 1
Router(config)#router ospf 1
and 65,535.

Router(config-router)#network OSPF advertises interfaces, not networks. Uses the wildcard mask to determin

172.16.0.0 0.0.255.255 area 0 which interfaces to advertise.

Router(config-if)#ip ospf
Changes the Hello Interval timer to 20 seconds.
hellointerval timer 20

Router(config-if)#ip ospf
Changes the Dead Interval timer to 80 seconds.
deadinterval 80

NOTE: Hello and Dead Interval timers must match for routers to become neighbors

Router#show ip protocol Displays parameters for all protocols running on the router

Router#show ip route Displays a complete IP routing table

Router#show ip ospf Displays basic information about OSPF routing processes

Router#show ip ospf interface Displays OSPF info as it relates to all interfaces

Router#show ip ospf interface

Displays OSPF information for interface fastethernet 0/0
fastethernet 0/0

Router#show ip ospf border-

Displays border and boundary router information
routers

Router#show ip ospf neighbor Lists all OSPF neighbors and their states
Router#show ip ospf neighbor
Displays a detailed list of neighbors
detail

Router#clear ip route * Clears entire routing table, forcing it to rebuild

Router#clear ip route a.b.c.d Clears specific route to network a.b.c.d

Router#clear ip opsf counters Resets OSPF counters

Resets entire OSPF process, forcing OSPF to re-create neighbors, database,

Router#clear ip ospf process
and routing table

Router#debug ip ospf events Displays all OSPF events

Router#debug ip ospf adjacency Displays various OSPF states and DR/ BDR election between adjacent routers

Router#debug ip ospf packets Displays OPSF packets

 􀂾 Implementing dynamic routing using EIGRP
Enhanced Interior Gateway Routing Protocol
Configurations
EIGRP is the advance version of Cisco's earlier version IGRP. Before you learn more about EIGRP let
be familiar with IGRP.

Interior Gateway Routing Protocol (IGRP)

The Interior Gateway Routing Protocol (IGRP) is a Cisco-proprietary routing protocol for IP. it is a
distance vector protocol.
 It uses a sophisticated metric based on bandwidth and delay.
 It uses triggered updates to speed-up convergence.
 It supports unequal-cost load balancing to a single destination.
IGRP is Cisco proprietary uses bandwidth, delay, reliability, load, and MTU as its metrics (bandwidth
and delay be default).
IGRP's routing update period is every 90 seconds. Its hold-down period is 280 seconds, and its flush
period is 630 seconds.
It also supports triggered updates and load balancing across unequal-cost paths.
IGRP requires an AS number in its router command; plus, when entering network numbers for the
network command, they are entered as the classful network number, as they are for RIP.
IGRP supports both equal- and unequal-cost paths for load balancing to single destination Equal-cost
paths are enabled by default, where IGRP supports up to six equal-cost paths (four by default) to a
single destination in the IP routing table. IGRP, however, also supports unequal-cost paths, but this
feature is disabled by default.

Enhanced Interior Gateway Routing Protocol

The Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary routing protocol for IP.
These characteristics include:

 Fast convergence

 Loop-free topology

 VLSM and route summarization

 Multicast and incremental updates

 Routes for multiple routed protocols

Here is a brief comparison of EIGRP and IGRP:
 Both offer load balancing across six paths (equal or unequal).
 They have similar metric structures.
 EIGRP has faster convergence (triggered updates and saving a neighbor's routing table
locally).
 EIGRP has less network overhead, since it uses incremental updates.
Interesting point about these protocols is that if you have some routers in your network running IGRP
and others running EIGRP and both sets have the same autonomous system number, routing
information will automatically be shared between the two.

 EIGRP uses a 32-bit metric, while IGRP uses a 24-bit metric.

 EIGRP uses the Diffusing Update Algorithm (DUAL) to update the routing table.
 One really unique feature of EIGRP is that it supports three routed protocols: IP, IPX, and
AppleTalk

 Hello packets are generated every five seconds on LAN interfaces as multicasts (224.0.0.10).
For EIGRP routers to become neighbors, the following information must match:
 The AS number
 The K-values (these enable/disable the different metric components)
When two routers determine whether they will become neighbors, they go through the following
process:
 The first router generates a Hello with configuration information.
 If the configuration information matches, the second router responds with an Update message
with topology information.
 The first router responds with an ACK message, acknowledging the receipt of the second's
ACK.
 The first router sends its topology to the second router via an Update message.
 The second router responds back with an ACK.
You must specify the AS number when configure EIGRP. Even though EIGRP is classless, you must
configure it as a classful protocol when specifying your network numbers with the network command.

EIGRP Terms
Term Definition

Successor The best path to reach a destination within the topology table.

The best backup path to reach a destination within the topology table—multiple successors can
Feasible successor
be feasible for a particular destination.

This is all of the successor routes from the topology table. There is a separate routing table for
Routing table
each routed protocol.

Advertised distance The distance (metric) that a neighboring router is advertising for a specific route.

The distance (metric) that your router has computed to reach a specific route: the advertised
Feasible distance
distance from the neighboring router plus the local router's interface metric.

Contains a list of the EIGRP neighbors and is similar to the adjacencies that are built in OSPF

Neighbor table between the designated router/backup DR and the other routers on a segment. Each routed

protocol (IP, IPX, and AppleTalk) for EIGRP has its own neighbor table.

Similar to OSPF's database, contains a list of all destinations and paths the EIGRP router

Topology table learned—it is basically a compilation of the neighboring routers' routing tables. A separate

topology table exists for each routed protocol.

How to configure enhanced interior gateway routing

protocol
EIGRP is a Cisco-proprietary routing protocol for TCP/IP. It's actually based on Cisco's
proprietary IGRP routing protocol, with many enhancements built into it. Because it has its
roots in IGRP, the configuration is similar to IGRP; however, it has many link state
characteristics that were added to it to allow EIGRP to scale to enterprise network sizes. To
know these characteristics read our pervious article.
In this article I will demonstrate an example of EIGRP Routing configurations. We will use
four different series router so you can get familiar with all different platform covered in CCNA
exam. Create a topology as shown in figure.

1841 Series Router0 (R1)

FastEthernet0/0 Serial0/0/0
IP address 10.0.0.1 20.0.0.1
Connected With Pc0 R2 on Serial 0/0
2811 Series Router0 (R4)
FastEthernet0/0 Serial0/0/0
IP address 50.0.0.1 40.0.0.2
Connected With Pc1 R3 on Serial 0/0
2621XM Series Router0 (R3)
FastEthernet0/0 Serial0/0/0
IP address 30.0.0.2 40.0.0.1
Connected R4 on Serial
FastEthernet0/0
With 0/0/0
2620XM Series Router1 (R2)
FastEthernet0/0 Serial0/0
IP address 30.0.0.1 20.0.0.2
Connected R3 on R1 on Serial
With FastEthernet0/0 0/0/0
PC-PT PC0
Default
FastEthernet0
Gateway
IP address 10.0.0.2 10.0.0.1
Connected R1 on
With FastEthernet0/0
PC-PT PC1
Default
FastEthernet0
Gateway
IP address 50.0.0.2 50.0.0.1
Connected R4 on
With FastEthernet0/0
To configure any router double click on it and select CLI.To configure this topology use this
step by step guide.
(1841Router0) Hostname R1
To configure and enable eigrp routing on R1 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface fastethernet 0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R1(config-if)#exit
R1(config)#interface serial 0/0/0
R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#bandwidth 64
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down
R1(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
R1(config)#router eigrp 1
R1(config-router)#network 10.0.0.0
R1(config-router)#network 20.0.0.0
R1(config-router)#exit
R1(config)#
(2620XM-Router1) Hostname R2
To configure and enable eigrp routing on R2 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 0/0
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R2(config-if)#exit
R2(config)#interface fastethernet 0/0
R2(config-if)#ip address 30.0.0.1 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R2(config-if)#exit
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R2(config)#router eigrp 1
R2(config-router)#network 20.0.0.0
R2(config-router)#network 30.0.0.0
R2(config-router)#exit
R2(config)#
(2620XM-Router2)Hostname R3
To configure and enable eigrp routing on R3 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R3
R3(config)#interface fastethernet 0/0
R3(config-if)#ip address 30.0.0.2 255.0.0.0
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R3(config-if)#interface serial 0/0
R3(config-if)#ip address 40.0.0.1 255.0.0.0
R3(config-if)#clock rate 64000
R3(config-if)#bandwidth 64
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to down
R3(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R3(config)#router eigrp 1
R3(config-router)#network 30.0.0.0
R3(config-router)#network 40.0.0.0
R3(config-router)#exit
R3(config)#
(2811Router3) Hostname R4
To configure and enable eigrp routing on R4 follow these commands exactly.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 40.0.0.2 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed
state to up
Router(config-if)#exit
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 50.0.0.1 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
Router(config-if)#exit
R3(config)#router eigrp 1
R3(config-router)#network 30.0.0.0
R3(config-router)#network 40.0.0.0
R3(config-router)#exit
R3(config)#
PC-1
PC>ipconfig

IP Address......................: 10.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 10.0.0.1

PC>ping 50.0.0.2

Pinging 50.0.0.2 with 32 bytes of data:

Reply from 50.0.0.2: bytes=32 time=156ms TTL=124

Reply from 50.0.0.2: bytes=32 time=127ms TTL=124
Reply from 50.0.0.2: bytes=32 time=156ms TTL=124
Reply from 50.0.0.2: bytes=32 time=140ms TTL=124

Ping statistics for 50.0.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 156ms, Average = 144ms
PC>
PC-2
PC>ipconfig

IP Address......................: 50.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 50.0.0.1

PC>ping 10.0.0.2

Pinging 10.0.0.2 with 32 bytes of data:

Reply from 10.0.0.2: bytes=32 time=140ms TTL=124

Reply from 10.0.0.2: bytes=32 time=141ms TTL=124
Reply from 10.0.0.2: bytes=32 time=157ms TTL=124
Reply from 10.0.0.2: bytes=32 time=156ms TTL=124

Ping statistics for 10.0.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 157ms, Average = 148ms
You can verify that eigrp is running successfully via show ip protocols command in privilege
mode.
R4#show ip protocols

Routing Protocol is "ospf 4"

Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 50.0.0.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
50.0.0.0 0.255.255.255 area 0
40.0.0.0 0.255.255.255 area 0
Routing Information Sources:
Gateway Distance Last Update
40.0.0.1 110 00:01:26
Distance: (default is 110)
R4#
You can use show ip route command to troubleshoot eigrp network. If you did not see
information about any route checks the router attached with that network.
R4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

O 10.0.0.0/8 [110/1564] via 40.0.0.1, 00:02:37, Serial0/0/0

O 20.0.0.0/8 [110/1563] via 40.0.0.1, 00:02:37, Serial0/0/0
O 30.0.0.0/8 [110/782] via 40.0.0.1, 00:02:37, Serial0/0/0
C 40.0.0.0/8 is directly connected, Serial0/0/0
C 50.0.0.0/8 is directly connected, FastEthernet0/0
R4#
To test eigrp routing do ping from pc1 to pc2 and vice versa. If you get replay then you have
successfully configured eigrp routing but if you did not get replay double check this
configuration and try to troubleshoot. I have uploaded a configured and tested topology in
case you are unable to locate the problem spot then download this configuration file. And try
to find out where have you committed mistake
Configuration command of EIGRP
Commands Descriptions

Turns on the EIGRP process. 1 is the autonomous system number, which

Router(config)#router eigrp 1
can be a number between 1 and 65,535.

Note:- All routers in the same autonomous system must use the same autonomous system number.

Router(config-router)#network
Specifies which network to advertise in EIGRP.
10.0.0.0

Sets the bandwidth of this interface to x kilobits to allow EIGRP to make a

Router(config-if)#bandwidth x
better metric calculation

TIP: The bandwidth command is used for metric calculations only. It does not change interface performance.

Router(config-router)#no network
Removes the network from the EIGRP process.
10.0.0.0

Router(config)#no router eigrp 1 Disables routing process 1

Router(config-router)#auto-
Enables auto-summarization for the EIGRP process.
summary
Router(config-router)#no
Turns off the auto-summarization feature.
autosummary

include routes with a metric less than or equal to n times the minimum

Router(config-router)#variance n metric route for that destination, where n is the number specified by the

variance command

NOTE: If a path is not a feasible successor, it is not used in load balancing. EIGRP supports up to six unequal-
cost paths.

Router(config)#interface serial
Enters interface configuration mode.
0/0

Sets the bandwidth of this interface to 256 kilobits to allow EIGRP to make
Router(config-if)#bandwidth 256
a better metric calculation.

Router#show ip eigrp neighbors Displays the neighbor table.

Router#show ip eigrp neighbors

Displays a detailed neighbor table.
detail

Router#show ip eigrp interfaces Shows information for each interface

Router#show ip eigrp interfaces

Shows information for a specific interface
serial 0/0

Router#show ip eigrp interfaces 1 Shows information for interfaces running process 1.

Router#show ip eigrp topology Displays the topology table

Router#show ip eigrp traffic Shows the number and type of packets sent and received

Router#show ip route eigrp Shows a routing table with only EIGRP entries

Displays events/actions related to EIGRP feasible successor metrics

Router#debug eigrp fsm
(FSM)

Router#debug eigrp packet Displays events/actions related to EIGRP packets

Router#debug eigrp neighbor Displays events/actions related to your EIGRP neighbors

Router#debug ip eigrp neighbor Displays events/actions related to your EIGRP neighbors

Router#debug ip eigrp Displays EIGRP event notifications

 notifications

What features does EIGRP offer?

 Automatic redistribution of routes between IGRP and EIGRP.
 Ability to turn off and on EIGRP and IGRP on individual interfaces of the
router.
 Fast network convergence thanks to EIGRP's DUAL algorithm (convergence is
when all routers know about all the networks that every other router is offering).
 Incremental Updates that save network bandwidth and speed convergence.
 Reduced router CPU load, as compared to IGRP.
 EIGRP uses neighbor discovery to find and keep track of neighboring routers.
Neighbor discovery uses multicast IP and is not tied to whether or not the the IP
network is properly configured.
 EIGRP prevents routing loops on the network
 Supports variable length subnet masks (VLSM)
 Automatic Route Summarization

How do you configure EIGRP in the Cisco IOS?

To configure EIGRP in the Cisco IOS, just follow these steps:

1. Set the bandwidth on your interfaces using the bandwidth command

Router (config-if)# bandwidth XX

(where XX signify the bandwidth of the WAN connection)

2. Start the EIGRP routing process and specify your AS number

Router (config)# router eigrp AS

Where the "AS" in the above-mentioned command stands for Autonomous System
number. This number should be the same on all routers.

3. Once you are through this stage, next step is to instruct the router in order to
advertise the networks that are directly linked to it. You can do it with the help of
command

Router (config-router)# network X.X.X.X

Where X.X.X.X is the network id of a network that is linked directly to the router. You
should enter this command for each network directly attached to the router. However, you
can, in a single statement, enter the supernet of a group of subnets. When you do that,
the router will automatically identify the subnets.
 Optionally, you can configure the amount of WAN link bandwidth
that an EIGRP router will use with this command:

Router(config-if)# ip bandwidth-percent eigrp XX

Once EIGRP is configured, you can check the status using

the show ip route and show ip eigrp commands. Here are
some examples:

Router# show ip route

207.71.26.0/28 is subnetted, 1 subnets D 207.71.26.128

[90/8199936] via 10.6.199.1, 1w1d, Serial0/0 10.0.0.0/8 is
variably subnetted, 217 subnets, 4 masks D 10.110.100.0/30
[90/6535936] via 10.6.199.1, 5w1d, Serial0/0

Notice the "D" on the left side of the output. All "D" routes are
EIGRP routes.

There are a number of show ip eigrp xxxx commands. Here is

an example of the "neighbors" version:

Router# show ip eigrp neighbors IP-EIGRP neighbors for

process 100 H Address Interface Hold Uptime SRTT RTO Q Seq
Type (sec) (ms) Cnt Num 0 10.6.199.1 Se0/0 11 5w1d 20 282 0
887645 Router#

EIGRP Configuration Task List

To configure EIGRP, perform the tasks described in the following sections. The tasks in the first section
are required; the tasks in the remaining sections are optional:
• Enabling EIGRP (Required)
• Making the Transition from IGRP to EIGRP (Optional)
• Logging EIGRP Neighbor Adjacency Changes (Optional)
• Configuring the Percentage of Link Bandwidth Used (Optional)
• Adjusting the EIGRP Metric Weights (Optional)
• Applying Offsets to Routing Metrics (Optional)
• Disabling Route Summarization (Optional)
• Configuring Summary Aggregate Addresses (Optional)
• Configuring Floating Summary Routes (Optional)
• Configuring EIGRP Route Authentication (Optional)
• Configuring EIGRP Protocol-Independent Parameters (Optional)
• Configuring EIGRP Stub Routing (Optional)
• Monitoring and Maintaining EIGRP(Optional)

Enabling EIGRP
To create an EIGRP routing process, use the following commands beginning in global
configuration mode:
   Command Purpose
Step 1  Router(config)# router Enables an EIGRP routing
eigrpautonomous-system process in global configuration
mode.

Step 2  Router(config-router)# networ Associates networks with an

knetwork-number EIGRP routing process in router
configuration mode.

EIGRP sends updates to the interfaces in the specified networks. If you do not specify the network of an
interface, the interface will not be advertised in any EIGRP update.

Making the Transition from IGRP to EIGRP

If you have routers on your network that are configured for IGRP, and you want to make a transition to
routing EIGRP, you must designate transition routers that have both IGRP and EIGRP configured. In
these cases, perform the tasks as noted in the previous section, "Enabling EIGRP," and also see the
chapter "Configuring IGRP" in this document. You must use the same autonomous system number in
order for routes to be redistributed automatically.

Logging EIGRP Neighbor Adjacency Changes

By default, the system logs EIGRP neighbor adjacency changes to help you monitor
the stability of the routing system and detect problems. If you disabled logging of
such changes and want to reenable the logging, use the following command in router
configuration mode:
Command Purpose
Router(config-router)# eigrp log- Enables logging of EIGRP neighbor
neighbor-changes adjacency changes.

Configuring the Percentage of Link Bandwidth Used

By default, EIGRP packets consume a maximum of 50 percent of the link bandwidth, as configured with
the bandwidth interface configuration command. You might want to change that value if a different level
of link utilization is required or if the configured bandwidth does not match the actual link bandwidth (it
may have been configured to influence route metric calculations).
To configure the percentage of bandwidth that may be used by EIGRP on an
interface, use the following command in interface configuration mode:
Command Purpose
Router(config-if)# ip Configures the percentage of bandwidth
bandwidth-percent that may be used by EIGRP on an
eigrp percent interface.

Adjusting the EIGRP Metric Weights

EIGRP uses the minimum bandwidth on the path to a destination network and the total delay to
compute routing metrics. You can use theeigrp metric weights command to adjust the default behavior
of EIGRP routing and metric computations. For example, this adjustment allows you to tune system
behavior to allow for satellite transmission. EIGRP metric defaults have been carefully selected to
provide optimal performance in most networks.

To adjust the EIGRP metric weights, use the following command in router
configuration mode:
Command Purpose
 Router(config-router)# met Adjusts the EIGRP metric or K value. EIGRP
ric weights tos k1 k2 k3 uses the following formula to determine the
k4 k5 total metric to the network:
metric = [K1*bandwidth + (K2*bandwidth)/(256
- load) + K3*delay] * [K5/(reliability + K4)]

By default, the EIGRP composite metric is a 32-bit quantity that is a sum of the segment delays and the
lowest segment bandwidth (scaled and inverted) for a given route. For a network of homogeneous
media, this metric reduces to a hop count. For a network of mixed media (FDDI, Ethernet, and serial
lines running from 9600 bits per second to T1 rates), the route with the lowest metric reflects the most
desirable path to a destination.

Mismatched K Values
Mismatched K values (EIGRP metrics) can prevent neighbor relationships from being established and
can negatively impact network convergence. The following example explains this behavior between 2
EIGRP peers (ROUTER-A and ROUTER-B).
The following error message is displayed in the console of ROUTER-B because the K values are
mismatched:
*Apr 26 13:48:41.811: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.1.1 (Ethernet0/0) is
down: K-value mismatch

There are two scenarios where this error message can be displayed:
• The two routers are connected on the same link and configured to establish a neighbor relationship.
However, each router is configured with different K values.
The following configuration is applied to ROUTER-A. The K values are changed with the metric
weights command. A value of 2 is entered for the k1 argument to adjust the bandwidth calculation.
The value of 1 is entered for the k3 argument to adjust the delay calculation.
hostname ROUTER-A!
interface serial 0
 ip address 10.1.1.1 255.255.255.0
 exit
router eigrp 100
 network 10.1.1.0 0.0.0.255
 metric weights 0 2 0 1 0 0
The following configuration is applied to ROUTER-B. However, the metric weights command is not
applied and the default K values are used. The default K values are 1, 0, 1, 0, and 0.
hostname ROUTER-B!
interface serial 0
 ip address 10.1.1.2 255.255.255.0!
 exit
router eigrp 100
 network 10.1.1.0 0.0.0.255
The bandwidth calculation is set to 2 on ROUTER-A and set to 1 (by default) on ROUTER-B. This
configuration prevents these peers from forming a neighbor relationship.
• The K-value mismatch error message can also be displayed if one of the two peers has transmitted
a "goodbye" message, and the receiving router does not support this message. In this case, the
receiving router will interpret this message as a K-value mismatch.

The Goodbye Message

The goodbye message is a feature designed to improve EIGRP network convergence. The
goodbye message is broadcast when an EIGRP routing process is shutdown to inform adjacent
peers about the impending topology change. This feature allows supporting EIGRP peers to
synchronize and recalculate neighbor relationships more efficiently than would occur if the peers
discovered the topology change after the hold timer expired.
The goodbye message is supported in Cisco IOS Release 12.3(2), 12.3(3)B, and 12.3(2)T and later
releases. The following message is displayed by routers that run a supported release when a
goodbye message is received:
*Apr 26 13:48:42.523: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.1.1
(Ethernet0/0) is down: Interface Goodbye received

A Cisco router that runs a software release that does not support the goodbye message can
misinterpret the message as a K-value mismatch and display the following message:
 *Apr 26 13:48:41.811: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.1.1
(Ethernet0/0) is down: K-value mismatch

Note The receipt of a goodbye message by a nonsupporting peer does not disrupt normal network operation.
The nonsupporting peer will terminate session when the hold timer expires. The sending and receiving
routers will reconverge normally after the sender reloads.

Applying Offsets to Routing Metrics

An offset list is the mechanism for increasing incoming and outgoing metrics to
routes learned via EIGRP. An offset list provides a local mechanism for increasing the
value of routing metrics. Optionally, you can limit the offset list with either an access
list or an interface. To increase the value of routing metrics, use the following
command in router configuration mode:
Command Purpose
Router(config-router)# offset-list [access-list- Applies an
number | access-list-name] offset to routing
{in | out} offset [interface-type interface-number] metrics.

Disabling Route Summarization

You can configure EIGRP to perform automatic summarization of subnet routes into network-level
routes. For example, you can configure subnet 131.108.1.0 to be advertised as 131.108.0.0 over
interfaces that have subnets of 192.31.7.0 configured. Automatic summarization is performed when
there are two or more network router configuration commands configured for the EIGRP process. By
default, this feature is enabled.
To disable automatic summarization, use the following command in router
configuration mode:
Command Purpose
Router(config-router)# no auto- Disables automatic
summary summarization.

Route summarization works in conjunction with the ip summary-address eigrp interface configuration

command, in which additional summarization can be performed. If automatic summarization is in effect,
there usually is no need to configure network level summaries using the ip summary-
address eigrp command.

Configuring Summary Aggregate Addresses

You can configure a summary aggregate address for a specified interface. If any more specific routes
are in the routing table, EIGRP will advertise the summary address out the interface with a metric equal
to the minimum of all more specific routes.
To configure a summary aggregate address, use the following command in interface
configuration mode:
Command Purpose
Router(config-if)# ip summary-address Configures a summary
eigrp autonomous-system-number ip-address aggregate address.
mask

Configuring Floating Summary Routes

You can also use a floating summary route when configuring the ip summary-address
eigrp command. This enhancement was introduced in Cisco IOS Release 12.2. The floating summary
route is created by applying a default route and administrative distance at the interface level. The
following scenarios illustrates the behavior of this enhancement.
Figure 46 shows a network with three routers, Router-A, Router-B, and Router-C. Router-A learns a
default route from elsewhere in the network and then advertises this route to Router-B. Router-B is
configured so that only a default summary route is advertised to Router-C. The default summary route is
applied to interface 0/1 on Router-B with the following configuration:
Router(config)# interface Serial 0/1
Router(config-if)# ip summary-address eigrp 100 0.0.0.0 0.0.0.0

Figure 46 Floating Summary Route is Applied to Router-B

The configuration of the default summary route on Router-B sends a 0.0.0.0/0 summary route to Router-
C and blocks all other routes, including the 10.1.1.0/24 route, from being advertised to Router-C.
However, this also generates a local discard route on Router-B, a route for 0.0.0.0/0 to the null 0
interface with an administrative distance of 5. When this route is created, it overrides the EIGRP learned
default route. Router-B will no longer be able to reach destinations that it would normally reach through
the 0.0.0.0.0/0 route.
This problem is resolved by applying a floating summary route to the interface on Router-B that
connects to Router-C. The floating summary route is applied by applying an administrative distance to
the default summary route on the interface of Router-B with the following statement:
Router(config-if)# ip summary-address eigrp 100 0.0.0.0 0.0.0.0 250
The administrative distance of 250, applied in the above statement, is now assigned to the discard route
generated on Router-B. The 0.0.0.0/0, from Router-A, is learned through EIGRP and installed in the
local routing table. Routing to Router-C is restored.
If Router-A loses the connection to Router-B, Router-B will continue to advertise a default route to
Router-C, which allows traffic to continue to reach destinations attached to Router-B. However, traffic
destined to networks to Router-A or behind Router-A will be dropped when it reaches Router-B.
Figure 47 shows a network with two connections from the core, Router-A and Router-D. Both routers
have floating summary routes configured on the interfaces connected to Router-C. If the connection
between Router-E and Router-C fails, the network will continue to operate normally. All traffic will flow
from Router-C through Router-B to the hosts attached to Router-A and Router-D.

Figure 47
 􀂾 Basic switch configuration
Basic Switch configurations commands
You will need to logon to a switch and become familiar with the different levels of access on
the switch.
User vs. Privileged Mode
User mode is indicated with the > next to the switch name. You can look at settings but can
not make changes from user mode. In Privilege mode, indicated by the #, you can do
anything. To get into privilege mode the keyword is enable.
HELP
To view all commands available from this mode type:?This will give you the list of all available
commands for the switch in your current mode. You can also use the question mark after you
have started typing a command. For example if you want to use a show command but you do
not remember which one it is, use the ? as this will output all commands that you can use with
the show command.
Configuration Mode
From privilege mode you can enter configuration mode by typing config term command you
can exit configuration mode type type end or <CTL>+z
Configuration of Cisco 2960 Switch
To practically implement these command either create a simple topology
 

Now click on any switch and configure it as given below

To know all available command on user exec mode type ? and press enter
Switch>?
Exec commands:
[1-99] Session number to resume
connect Open a terminal connection
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
logout Exit from the EXEC
ping Send echo messages

[Output is omitted]
Three command can be used to logout from terminal.
Switch>enable
Switch#disable
Switch>exit

Switch con0 is now available

Press RETURN to get started.
show version Command will display the device platform, detected interface, ios name
Switch>enable
Switch#show version
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version
12.2(25)FX, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 12-Oct-05 22:05 by pt_team
ROM: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX,
RELEASE SOFTWARE (fc4)
System returned to ROM by power-on
Cisco WS-C2960-24TT (RC32300) processor (revision C0) with
21039K bytes of memory.
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

[Output is omitted]
show mac address Command will show all detected mac address dynamically and manually
Switch#show mac-address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 0001.643a.5501 DYNAMIC Gig1/1

To view run time configuration of RAM use show running-config command
Switch#show running-config
Building configuration...
Current configuration : 925 bytes
version 12.2
no service password-encryption
!
hostname Switch

[Output is omitted]
To view startup configuration [ Stored in NVRAM] use show startup-config command
Switch#show startup-config
Current configuration : 925 bytes
version 12.2
no service password-encryption
!
hostname Switch

[Output is omitted]
To get information about VLAN configuration use show vlan command
Switch#show vlan

VLAN Name Status Ports

---- -------------------------------- ---------
-----------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11,
Fa0/12
Fa0/13, Fa0/14, Fa0/15,
Fa0/16
Fa0/17, Fa0/18, Fa0/19,
Fa0/20
 Fa0/21, Fa0/22, Fa0/23,
Fa0/24
[Output is omitted]
show interface command will show all detected interface with their hardware description and
configuration
Switch#show interfaces
FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Lance, address is 0060.2f9d.9101 (bia 0060.2f9d.9101)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
[Output is omitted]
interface vlan 1 is used to assign ip address and default gateway to switch. Show interface
vlan 1 will give a over view of vlan1.
Switch#show interface vlan1
Vlan1 is administratively down, line protocol is down
Hardware is CPU Interface, address is 0060.5c23.82ae
(bia 0060.5c23.82ae)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00

[Output is omitted]
delete command is used to delete all vlan configuration from switch Don’t add space between
flash and vlan.dat Run this exactly shown here adding a space could erase flash entirely
leaving switch blank
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]
%deleting flash:/vlan.dat
Startup configuration can be removed by erase commands
Switch#erase startup-config
Erasing the nvram filesystem will remove all configuration files!
Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Basic Switch Configuration Step by Step
use configure terminal command to go in global configuration mode
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Now change default switch name to switch 1
Switch(config)#hostname Switch1
Set enable password to vinita and secret to nikki
Switch1(config)#enable password vinita
Switch1(config)#enable secret nikki
Set console password to vinita and enable it by login command. Order of command is
important. Set password before you enable it.
Switch1(config)#line console 0
Switch1(config-line)#password vinita
Switch1(config-line)#login
Switch1(config-line)#exit
Enable 5 telnet session [ vty0 - vty4] for router and set their password to vinita
Switch1(config)#line vty 0 4
Switch1(config-line)#password vinita
Switch1(config-line)#login
Switch1(config-line)#exit
Now set switch ip address to 192.168.0.10 255.255.255.0 and default gateway to 192.168.0.5
Switch1(config)#interface vlan1
Switch1(config-if)#ip address 192.168.0.10 255.255.255.0
Switch1(config-if)#exit
Switch1(config)#ip default-gateway 192.168.0.5
Set a description finance VLAN to interface fast Ethernet 1
Switch1(config)#interface fastEthernet 0/1
Switch1(config-if)#description finance VLAN
By default switch automatically negotiate speed and duplex but you can adjust it manually
Switch1(config-if)#duplex full
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to downSwitch1
(config-if)#duplex auto
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
Switch1(config-if)#duplex half
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to down
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
Switch1(config-if)#duplex auto
Switch1(config-if)#speed 10
Switch1(config-if)#speed 100
Switch1(config-if)#speed auto
Switch1(config-if)#exit
Switch1(config)#exit
mac address table can be wiped out by clear commands
Switch1#show
Switch1#show mac-address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 0001.643a.5501 DYNAMIC Gig1/1

Switch1#clear mac-address-table
Switch1#clear mac-address-table ?
dynamic dynamic entry type
Switch1#clear mac-address-table dynamic
To restart switch use reload command [ running configuration will be erased so copy it first to
startup configuration ]
Switch1#reload
Proceed with reload? [confirm]
Switch con0 is now available
Press RETURN to get started.
 CCNA basic switch configuration commands sheet
Command Descriptions

The ? works here the same as in a router Used to get the list of all
switch>?
available commands

switch>enable User mode, same as a router

switch# Privileged mode

switch#disable Leaves privileged mode

switch>exit Leaves user mode

switch#show version Displays information about software and hardware.

Displays information about flash memory (will work only for the
switch#show flash:
2900/2950 series).

switch#show mac-address-table Displays the current MAC address forwarding table

.

switch#show running-config Displays the current configuration in DRAM.

switch#show startup-config Displays the current configuration in NVRAM.

switch#show vlan Displays the current VLAN configuration.

Displays the interface configuration and status of line: up/up, up/down,

switch#show interfaces
admin down.

Displays setting of virtual interface VLAN 1, the default VLAN on the

switch#show interface vlan1
switch.

To Reset Switch Configuration

Switch#delete flash:vlan.dat Removes the VLAN database from flash memory.

Delete filename [vlan.dat]? Press Enter

Delete flash:vlan.dat? [confirm] Press Enter

Switch#erase startup-config Erases the file from NVRAM.

Switch#reload Restarts the switch.

 To Set Host Names

Switch#configure terminal Moves to global configuration mode

Creates a locally significant host name of the switch. This is the same
Switch(config)#hostname Switch1
command as the router.

Switch1(config)#

To Set Passwords

Switch(config)#enable password
Vinita Sets the enable password to vinita

Switch(config)#enable secret nikki Sets the encrypted secret password to nikki

Switch(config)#line console 0 Enters line console mode

Switch(config-line)#login Enables password checking

Switch(config-line)#password vinita Sets the password to vinita

Switch(config-line)#exit Exits line console mode

Switch(config-line)#line vty 0 4 Enters line vty mode for all five virtual ports

Switch(config-line)#login Enables password checking

Switch(config-line)#password vinita Sets the password to vinita

Switch(config-line)#exit Exits line vty mode

Switch(config)#

To Set IP Addresses and Default Gateways

Switch(config)#interface vlan1 Enters the virtual interface for VLAN 1, the default VLAN on the switch

Switch(config-if)#ip address Sets the IP address and netmask to allow for remote access to the
192.168.0.10 255.255.255.0
switch

Switch(config-if)#exit

Switch(config)#ip default-gateway
192.168.0.5 Allows IP information an exit past the local network

To Set Interface Descriptions

Switch(config)#interface
fastethernet 0/1 Enters interface configuration mode
 Switch(config-if)#description
Finance VLAN Adds a description of the interface

To Set Duplex Operation

Switch(config)#interface
fastethernet 0/1 Moves to interface configuration mode

Switch(config-if)#duplex full Forces full-duplex operation

Switch(config-if)#duplex auto Enables auto-duplex config

Switch(config-if)#duplex half Forces half-duplex operation

To Set Operation Speed

Switch(config)#interface
fastethernet 0/1

Switch(config-if)#speed 10 Forces 10-Mbps operation

Switch(config-if)#speed 100 Forces 100-Mbps operation

Switch(config-if)#speed auto Enables autospeed configuration

MAC Address Table

switch#show mac address-table Displays current MAC address forwarding table

switch#clear mac address-table Deletes all entries from current MAC address forwarding table

switch#clear mac address-table

dynamic Deletes only dynamic entries from table

CCNA basic switch configuration commands

Command descriptions

switch>? The ? works here the same as in a router Used to get the list of all
available commands

switch>enable User mode, same as a router

switch# Privileged mode

switch#disable Leaves privileged mode

switch>exit Leaves user mode

switch#show version Displays information about software and hardware.

switch#show flash: Displays information about flash memory (will work only for the
 2900/2950 series).

switch#show mac- Displays the current MAC address forwarding table

address-table .

switch#show running- Displays the current configuration in DRAM.

config

switch#show startup- Displays the current configuration in NVRAM.

config

switch#show vlan Displays the current VLAN configuration.

switch#show interfaces Displays the interface configuration and status of line: up/up, up/down,
admin down.

switch#show interface Displays setting of virtual interface VLAN 1, the default VLAN on the
vlan1 switch.

To Reset Switch Configuration

Switch#delete Removes the VLAN database from flash memory.

flash:vlan.dat

Delete filename [vlan.dat]? Press Enter

Delete flash:vlan.dat? Press Enter

[confirm]

Switch#erase startup- Erases the file from NVRAM.

config

Switch#reload Restarts the switch.

To Set Host Names

Switch#configure terminal Moves to global configuration mode

Switch(config)#hostname Creates a locally significant host name of the switch. This is the same
Switch1 command as the router.

Switch1(config)#
To Set Passwords

Switch(config)#enable Sets the enable password to vinita

password vinita

Switch(config)#enable Sets the encrypted secret password to nikki

secret nikki

Switch(config)#line Enters line console mode

console 0

Switch(config-line)#login Enables password checking

Switch(config- Sets the password to vinita

line)#password vinita

Switch(config-line)#exit Exits line console mode

Switch(config-line)#line Enters line vty mode for all five virtual ports
vty 0 4

Switch(config-line)#login Enables password checking

Switch(config- Sets the password to vinita

line)#password vinita

Switch(config-line)#exit Exits line vty mode

Switch(config)#

To Set IP Addresses and Default Gateways

Switch(config)#interface Enters the virtual interface for VLAN 1, the default VLAN on the switch
vlan1

Switch(config-if)#ip Sets the IP address and netmask to allow for remote access to the switch
address 192.168.0.10
255.255.255.0

Switch(config-if)#exit

Switch(config)#ip default- Allows IP information an exit past the local network

gateway 192.168.0.5

To Set Interface Descriptions

Switch(config)#interface Enters interface configuration mode

fastethernet 0/1

Switch(config- Adds a description of the interface

if)#description Finance
VLAN

To Set Duplex Operation

Switch(config)#interface Moves to interface configuration mode

fastethernet 0/1

Switch(config-if)#duplex Forces full-duplex operation

full

Switch(config-if)#duplex Enables auto-duplex config

auto

Switch(config-if)#duplex Forces half-duplex operation

half

To Set Operation Speed

Switch(config)#interface
fastethernet 0/1

Switch(config-if)#speed 10 Forces 10-Mbps operation

Switch(config-if)#speed Forces 100-Mbps operation

100

Switch(config-if)#speed Enables autospeed configuration

auto

MAC Address Table

switch#show mac address- Displays current MAC address forwarding table

table

switch#clear mac address- Deletes all entries from current MAC address forwarding table
table

switch#clear mac address- Deletes only dynamic entries from table

table dynamic
 􀂾 VLAN configuration
VLAN advantages disadvantage Membership and VTP
A virtual LAN (VLAN) is a logical grouping of network devices in the same broadcast domain
that can span multiple physical segments.
Advantages of VLANs:
 Increase the number of broadcast domains while reducing their size.

 Provide additional security.

 Increase the flexibility of network equipment.

 Allow a logical grouping of users by function, not location.

 Make user adds, moves, and changes easier.

Subnets and VLANs
Logically speaking, VLANs are also subnets. A subnet, or a network, is a contained broadcast
domain. A broadcast that occurs in one subnet will not be forwarded, by default, to another
subnet. Routers, or layer-3 devices, provide this boundary function. Switch provide this
function at layer 2 by VLAN.
Scalability
VLANs provide for location independence. This flexibility makes adds, changes, and moves of
networking devices a simple process. It also allows you to group people together, which also
makes implementing your security policies straightforward.
IP protocols supports 500 devices per vlans.
VLAN Membership
A device's membership in a VLAN can be determined by one of two methods: static or
dynamic

 Static: - you have to assign manually

 Dynamic:- Configure VTP server and it will automatically do rest

VLAN Connections
two types of connections: access links and trunks.
Access-Link Connections An access-link connection is a connection between a switch and
a device with a normal Ethernet NIC, where the Ethernet frames are transmitted unaltered.
Trunk Connections trunk connections are capable of carrying traffic for multiple VLANs.
Cisco supports two Ethernet trunking methods:

 Cisco's proprietary Inter Switch Link (ISL) protocol for Ethernet

 IEEE's 802.1Q, commonly referred to as dot1q for Ethernet

ISL is Cisco-proprietary trunking method that adds a 26-byte header and a 4-byte trailer to the
original Ethernet frame. Cisco's 1900 switch supports only ISL
802.1Q is a standardized trunking method that inserts a four-byte field into the original
Ethernet frame and recomputed the FCS. The 2950 only supports 802.1Q. 802.1Q trunks
support two types of frames: tagged and untagged.
 An untagged frame does not carry any VLAN identification information in it—
basically, this is a standard, unaltered Ethernet frame.
 A tagged frame contains VLAN information, and only other 802.1Q-aware devices
on the trunk will be able to process this frame

Trunk Tagging[important]
For VLANs to span across multiple switches, you obviously need to connect the switches to
each other. Although it is possible to simply plug one switch into another using an Access port
just as you would plug in a host or a hub, doing so kills the VLAN-spanning feature and a
bunch of other useful stuff too. A switch-to-switch link must be set up as a trunk link in order
for the VLAN system to work properly. A trunk link is a special connection; the key difference
between an ordinary connection (an Access port) and a Trunk port is that although an Access
port is only in one VLAN at a time, a Trunk port has the job of carrying traffic for all VLANs
from one switch to another. Any time you connect a switch to another switch, you want to
make it a trunk.
Trunking methods create the illusion that instead of a single physical connection between
the two trunking devices, a separate logical connection exists for each VLAN between them.
When trunking, the switch adds the source port's VLAN identifier to the frame so that the
device (typically a switch) at the other end of the trunk understands what VLAN originated this
frame and the destination switch can make intelligent forwarding decisions on not just the
destination MAC address, but also the source VLAN identifier. Since information is added to
the original Ethernet frame, normal NICs will not understand this information and will typically
drop the frame. Therefore, you need to ensure that when you set up a trunk connection on a
switch's interface, the device at the other end also supports the same trunking protocol and
has it configured. If the device at the other end doesn't understand these modified frames or
is not set up for trunking, it will, in most situations, drop them. The modification of these
frames, commonly called tagging.
By default, all VLANs are permitted across a trunk link. Switch-to-Switch trunk links
always require the use of a crossover cable, never a straight-through cable.
Key feature about DTP

 A trunk can be created only on a Fast Ethernet or Gigabit Ethernet connection; 10Mb
Ethernet ports are not fast enough to support the increased traffic from multiple VLANs, so
the commands are not available for a regular Ethernet port.

 By default, traffic from all VLANs is allowed on a trunk. You can specify which VLANs
are permitted (or not) to cross a particular trunk if you have that requirement, but these
functions are not covered in the CCNA exam.

 Switches (whether trunked or not) are always connected with crossover cables, not
straight-through cables.
Dynamic Trunk Protocol (DTP) DTP supports five trunking modes
 On or Trunk interface always assumes the connection is a trunk, even if the remote
end does not support trunking.
 Desirable the interface will generate DTP messages on the interface, but it make the
assumption that the other side is not trunk-capable and will wait for a DTP message from the
remote side. In this state, the interface starts as an access-link connection. If the remote side
sends a DTP message, and this message indicates that trunking is compatible between the
two switches, a trunk will be formed and the switch will start tagging frames on the interface. If
the other side does not support trunking, the interface will remain as an access-link
connection
 Auto-negotiate interface passively listens for DTP messages from the remote side
and leaves the interface as an access-link connection. If the interface receives a DTP
 message, and the message matches trunking capabilities of the interface, then the interface
will change from an access-link connection to a trunk connection and start tagging frames
 No-negotiate, interface is set as a trunk connection and will automatically tag frames
with VLAN information; however, the interface will not generate DTP messages: DTP is
disabled. This mode is typically used when connecting trunk connections to non-Cisco
devices that don't understand Cisco's proprietary trunking protocol and thus won't understand
the contents of these messages.
 Off If an interface is set to off, the interface is configured as an access link. No DTP
messages are generated in this mode, nor are frames tagged.

VLAN Trunk Protocol (VTP)

VTP is a Layer 2 protocol that takes care of the steps of creating and naming VLANs on all
switches in the system. We still have to set port membership to VLANs at each switch, which
we can do either statically or using a VMPS. VTP works by establishing a single switch as
being in charge of the VLAN information for a domain. In this case, a domain is simply a
group of switches that all have the same VTP domain name. This simply puts all the switches
into a common administrative group.
The VLAN Trunk Protocol (VTP) is a proprietary Cisco protocol used to share VLAN
configuration information between Cisco switches on trunk connections When you are setting
up VTP, you have three different modes: Server client and transparent.
Server mode—
This is the one switch that is in charge of the VLAN information for the VTP domain. You may
add, delete, and change VLAN information on this switch, and doing so affects the entire VTP
domain. This way, we only have to enter our VLAN information once, and the Server mode
switch propagates it to all the other switches in the domain.
Client mode— 
Client mode switches get VLAN information from the Server. You cannot add, delete, or
change VLAN information on a Client mode switch; in fact, the commands to do so are
disabled.
Transparent mode— 
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN
information from the Server, but it will forward those changes to other switches in the system.
You can add, delete, and change VLANs—but those changes only affect the Transparent
mode switch and are not sent to other switches in the domain.
VTP Messages
An advertisement request message is a VTP message a client generates When the server
responds to a client's request, it generates a subset advertisement A summary
advertisement is also generated by a switch in VTP server mode. Summary advertisements
are generated every five minutes by default (300 seconds), or when a configuration change
takes place on the server switch
VTP Pruning
VTP gives you a way to preserve bandwidth by configuring it to reduce the amount of
broadcasts, multicasts, and unicast packets. This is called pruning. VTP pruning enabled
switches sends broadcasts only to trunk links that actually must have the information.
VTP pruning is used on trunk connections to dynamically remove VLANs not active between
the two switches. It requires all of the switches to be in server mode
 How to Configure VLAN, STP, DTP step by step guide
In this tutorial I will demonstrate that how can you

 Configure Access or Trunk links

 Create VLAN

 Assign VLAN membership

 Configure Intra VLAN routing

 Configure VTP Server

 Make VTP Clients

 Show STP Static

 Configure DTP port

PC configurations 2960 – 24 TTL Switch 1 Configuration

Devices IP Address VLAN Connected With Port Connected to VLAN LINK STA

PC0 10.0.0.2 VLAN10 Switch1 on F0/1 F0/1 With PC0 VLAN10 Access OK

PC1 20.0.0.2 VLAN20 Switch1 on F0/2 F0/2 With PC1 VLAN20 Access OK

PC2 10.0.0.3 VLAN10 Switch2 on F0/1 VLAN

Gig1/1 With Router Trunk OK
10,20
PC3 20.0.0.3 VLAN20 Switch2 on F0/2
Gig 1/2 With VLAN
PC4 10.0.0.4 VLAN10 Switch3 on F0/1 Trunk OK
Switch2 10,20
PC5 20.0.0.4 VLAN20 Switch3 on F0/2
F0/24 Witch VLAN Trunk OK
 Switch2 10,20
2960 – 24 TTL Switch 2 Configuration 2960 – 24 TTL Switch 3 Configuration

F0/1 With PC0 VLAN10 Access OK F0/1 With PC0 VLAN10 Access OK

F0/2 With PC1 VLAN20 Access OK F0/2 With PC1 VLAN20 Access OK

Gig 1/2 With VLAN Gig 1/1 With VLAN

Trunk OK Trunk OK
Switch1 10,20 Switch2 10,20

Gig 1/1 With VLAN F0/24 Witch VLAN

Trunk OK Trunk Bl
Switch3 10,20 Switch1 10,20

F0/24 Witch VLAN

Trunk Blocked
Switch1 10,20

F0/23 Witch VLAN

Trunk OK
Switch3 10,20
Task
You are the administrator at ComputerNetworkingNotes.com. company have two
department sales and management. You have given three pc for sales and three pc in
management. You created two VLAN. VLAN 10 for sales and VLAN20 for management. For
backup purpose you have interconnected switch with one extra connection. You have one
router for intera VLAN communications.
Let's start configuration first assign IP address to all pc's
To assign IP address double click on pc and select ip configurations from desktop tab and
give ip address as shown in table given above

VLAN Trunking Protocol

Configure VTP Server
We will first create a VTP Server so it can automatically propagate VLAN information to other
switch. Double click on Switch1 and select CLI. Set hostname to S1 and create VTP domain
name example and set password to vinita ( Remember password is case sensitive ).
Switch 1
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain example
Changing VTP domain name from NULL to example
S1(config)#vtp password vinita
Setting device VLAN database password to vinita
Configure VTP clients
Once you have created a VTP domain. Configure remaining Switch to Client mode.
Switch 2
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp domain example
Changing VTP domain name from NULL to example
S2(config)#vtp password vinita
Setting device VLAN database password to vinita
S2(config)#
Switch 3
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S3
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#vtp domain example
Changing VTP domain name from NULL to example
S3(config)#vtp password vinita
Setting device VLAN database password to vinita
S3(config)#

Dynamic Trunking Protocol

Configure DTP port
All Switch ports remain by default in access mode. Access port can not transfer the trunk
frame. Change mode to trunk on all the port those are used to interconnect the switches
Switch 1
S1(config)#interface fastEthernet 0/24
S1(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24,
changed state to up
S1(config-if)#exit
S1(config)#interface gigabitEthernet 1/1
S1(config-if)#switchport mode trunk
S1(config-if)#exit
S1(config)#interface gigabitEthernet 1/2
S1(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/2,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/2,
changed state to up
S1(config-if)#exit
S1(config)#
Switch 2
S2(config)#interface gigabitEthernet 1/1
S2(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1,
changed state to up
S2(config-if)#exit
S2(config)#interface gigabitEthernet 1/2
S2(config-if)#switchport mode trunk
S2(config-if)#exit
S2(config)#interface fastEthernet 0/23
S2(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,
changed state to up
S2(config-if)#exit
S2(config)#interface fastEthernet 0/24
S2(config-if)#switchport mode trunk
S2(config-if)#exit
Switch 3
S3(config)#interface fastEthernet 0/24
S3(config-if)#switchport mode trunk
S3(config-if)#exit
S3(config)#interface gigabitEthernet 1/1
S3(config-if)#switchport mode trunk
S3(config-if)#exit

Virtual LAN (VLAN)

Create VLAN
After VTP server configuration its time to organize VLAN. We need only to create VLAN on
VTP server and reset will be done by VTP Server automatically.
Switch 1
S1(config)#vlan 10
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#exit
S1(config)#
As we have already configure VTP server in our network so we don't need to create VLAN on
S2 or S3. We need only to associate VLAN with port.
Assign VLAN membership
Switch 1
S1(config)#interface fastEthernet 0/1
S1(config-if)#switchport access vlan 10
S1(config-if)#interface fastEthernet 0/2
S1(config-if)#switchport access vlan 20
Switch 2
S2(config)#interface fastEthernet 0/1
S2(config-if)#switchport access vlan 10
S2(config-if)#interface fastEthernet 0/2
S2(config-if)#switchport access vlan 20
Switch 3
S3(config)#interface fastEthernet 0/1
S3(config-if)#switchport access vlan 10
S3(config-if)#interface fastEthernet 0/2
S3(config-if)#switchport access vlan 20
Now we have two working vlan. To test connectivity do ping form 10.0.0.2 to 10.0.0.3 and
10.0.0.4. if you get successfully replay then you have successfully created VLAN and VTP
server.

Spanning-Tree Protocol
In this configuration STP will block these ports F0/24 of S1 , F0/23 and F0/24 of S2 and F0/24
of S3 to avoid loop at layer to two. Verify those ports blocked due to STP functions
Verify STP ports
Switch 2
S2#show spanning-tree active
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0002.174D.7794
Cost 4
Port 26(GigabitEthernet1/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 00D0.FF08.82E1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- --------
---------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
Gi1/1 Desg FWD 4 128.25 P2p
Gi1/2 Root FWD 4 128.26 P2p
[Output is omitted]
S2#
You can test STP protocols status on S1 and S3 also with
show spanning-tree active command

Router on Stick
At this point of configuration you have two successfully running VLAN but they will not
connect each other. To make intra VLAN communications we need to configure router . To do
this double click on router and select CLI.
Configure intra VLAN
Router
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface fastEthernet 0/0
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fastEthernet 0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 10.0.0.1 255.0.0.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 20.0.0.1 255.0.0.0
Router(config-subif)#exit
To test connectivity between different vlan do ping form any pc to all reaming pc. it should be
ping successfully.
 VLAN VTP Server STP DTP command reference sheet

Creates VLAN 10 and enters VLAN configuration mode for further

Switch(config)#vlan 10
definitions.

Switch(config-vlan)#name Assigns a name to the VLAN. The length of the name can be from 1 to 32
Sales
characters.

Applies changes, increases the revision number by 1, and returns to global

Switch(config-vlan)#exit
configuration mode.

Switch(config)#interface
fastethernet 0/1 Moves to interface configuration mode

Switch(config-if)#switchport
mode access Sets the port to access mode

Switch(config-if)#switchport
access vlan 10 Assigns this port to VLAN 10

Switch#show vlan Displays VLAN information

Switch#show vlan brief Displays VLAN information in brief

Switch#show vlan id 10 Displays information about VLAN 10 only

Switch#show vlan name sales Displays information about VLAN named sales only

Switch#show interfaces vlan x Displays interface characteristics for the specified VLAN

Removes the entire VLAN database from flash.

Make sure there is no space between the colon (:) and the characters
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]? vlan.dat. You can potentially erase the entire contents of the flash with this
Delete flash:vlan.dat? [confirm]
command if the syntax is not correct. Make sure you read the output from
Switch#
the switch. If you need to cancel, press ctrl+c to escape back to privileged

mode:

Switch(config)#interface
fastethernet 0/5 Moves to interface configuration mode.

Switch(config-if)#no switchport
access vlan 5 Removes port from VLAN 5 and reassigns it to VLAN 1—the default VLAN.

Switch(config-if)#exit Moves to global configuration mode.

Switch(config)#no vlan 5 Removes VLAN 5 from the VLAN database.

Switch#copy running-config
startupconfig Saves the configuration in NVRAM

Switch(config-if) #switchport Puts the interface into permanent trunking mode and negotiates to convert
mode trunk
the link into a trunk link.

Switch(config)#vtp mode
server Changes the switch to VTP server mode.

Switch(config)#vtp mode client Changes the switch to VTP client mode.

Switch(config)#vtp mode
transparent Changes the switch to VTP transparent mode.

Switch(config)#no vtp mode Returns the switch to the default VTP server mode.

Switch(config)#vtp domain Configures the VTP domain name. The name can be from 1 to 32
domain-name
characters long.

Switch(config)#vtp password Configures a VTP password

password .

Switch(config)#vtp pruning Enables VTP pruning

Switch#show vtp status Displays general information about VTP configuration

Switch#show vtp counters Displays the VTP counters for the switch
 􀂾 VTP, VTP pruning
Home → Workbooks → CCNA → Transparent VTP and VTP Pruning
Real World Application & Core Knowledge
Unlike VTP Server/Client, Transparent mode does not participate in the VTP domain at all however it
transparent mode will pass VTP frame from one switch to the next.
Transparent switches are a perfect solution when placing a managed Cisco switch in the transit path of
two VTP enabled switches, this way The VTP Server and VTP client(s) can still communicate through
the transparent switch and operate correctly

The downfall to transparent switches is that they must have the same VLAN’s IF they are a transit
switch in a VTP domain. A common implementation with a transparent switch in the transit path of
two VTP enabled switches is the requirement for security. The transparent switch needs to have a
specific layer2 or layer 3 enabled VLAN that cannot be anywhere else on the network but still need
access to all other VLAN’s.
Another example being a simple edge transparent switch that is considered strictly an access switch and
does not trunk nor participate in VTP.

For an example lets say you have a three tier network with Core/Distro/Access layers and you have the
VTP server configured on the distribution switches and the VLAN information propagates down to 24
access switches. To get more detailed lets say a twelve floor building with two access switches per
floor. Lets say VLAN 112 is configured on the twelfth floor however due to VTP propagating the
VLAN information to every single access switch, even switches on the first floor will have VLAN 112.
So the big question is, when a host on VLAN 112 sends broadcast traffic, does every single switch
receive the broadcast? The simple answer is yes, as the distro will forward the broadcast out every
trunk link to every access switch except the one it was received on. If you think about it, that is a big
waste of resources. However VTP addresses this issue by a feature called VTP Pruning.

VTP Pruning will “prune” VLAN traffic on inter-switch trunk links if the neighboring switch is not
requesting any traffic destined to that switch. If a switch does not have any ports in VLAN 401, why
does it need the broadcast traffic from 401?, the simple answer is that it doesn’t and when it receive
such traffic; its just a waste of switch resources.
 Familiarize yourself with the following commands;

Command Description

This command is executed in global configuration mode on a Cisco Catalyst switch and sets the switch
vtp mode transparent to transparent mode so it does not participate in VTP at all but it does however pass VTP traffic.

This command is executed in global configuration mode on on a Catalyst switch to configure the VTP
server to enable the VTP Pruning feature through out the VTP Domain, this setting is also propagated
vtp pruning to all VTP clients in the domain.

This command can be executed in user or privileged mode to view the current pruning list on a per link
show interface basis.

This command can be executed from user or privileged mode to view the current settings configured
show vtp status for VTP.

This command can be executed from user or privileged mode to view which VLAN’s are being
show interface trunk forwarded down the trunk links and not pruned.

To configure SW2 as a VTP transparent switch you’ll use the vtp mode transparent command in
global configuration; to verify your configuration change you’ll use the show vtp status command in
user or privileged mode as shown below;
SW2 con0 is now available

Press RETURN to get started.

SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#vtp mode transparent
SW2(config)#vtp version 2
Setting device to VTP TRANSPARENT mode.
SW2(config)#end
SW2#show vtp status
SW2#show vtp status
VTP Version : running VTP2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Transparent
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x06 0x97 0x82 0xDA 0x39 0x52 0x1E
0xF2
Configuration last modified by 192.168.255.252 at 0-0-00 00:00:00
SW2#

Step 2. – Configure VTP Pruning on the VTP server verify and that the configuration was propagated
to the VTP Client.

To configure VTP pruning you’ll use the vtp pruning command in global configuration on the VTP
Server only. this setting gets propagated to all VTP clients in the same VTP domain as shown below;
SW1 con0 is now available

Press RETURN to get started.

SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vtp pruning
Pruning switched on
SW1(config)#end
SW1#show vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 36
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : CISCO
VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x2E 0x9F 0x5E 0x57 0xE3 0x87 0x46
0xFA
Configuration last modified by 10.1.5.1 at 3-1-02 00:10:56
Local updater ID is 10.1.5.1 on interface Vl5 (lowest numbered VLAN
interface found)
SW1#

Show below is the verification that VTP Pruning is being properly propagated to SW3 from the VTP
Server (SW1);

SW3#show vtp status

VTP Version : 2
Configuration Revision : 3
Maximum VLANs supported locally : 36
Number of existing VLANs : 8
VTP Operating Mode : Client
VTP Domain Name : CISCO
VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x77 0xF2 0x86 0xA4 0x3C 0x21 0x09
0xC0
Configuration last modified by 10.1.5.1 at 3-1-02 00:17:21
SW3#

Step 3. – Verify that VTP Pruning is functioning properly by viewing the pruning list on SW1.

To view this information you can use the show interface trunk command in user or privileged mode
as shown below;
SW3#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/13 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/13 1-4094

Port Vlans allowed and active in management domain

Fa0/13 1,10,20,30

Port Vlans in spanning tree forwarding state and not pruned

Fa0/13 1,10
SW3#

As shown above from the SW3 show interface trunk output you can see that on port Fa1/13 the
VLAN’s that are forwarding and not pruned on that trunk link are VLAN’s 1 and 10.
When having a transparent switch in a VTP Transit path you obviously must have IP connectivity.
Keep in mind for traffic to pass through the transparent switch, the transparent switch must have the
VLAN configure for the traffic. For example, Traffic from SW1 VLAN 10 going to SW2 VLAN 20,
SW3 must have VLAN10 configured on it or the traffic would get dropped.

You can verify this by pinging SW3′s VLAN 10 interface from SW1 as shown below;

SW1#ping 10.10.13.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.13.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
SW1#

The ping is successful because VLAN 10 is already configured on SW2 as per the lab prerequisites.
However if you remove VLAN 10 from SW2 and try to ping SW3′s VLAN10 interface from SW1
again it will fail as shown below;

SW2#configure terminal
 SW2(config)#no vlan 10
SW2(config)#end
SW2#
SW1#ping 10.10.13.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.13.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW1#

VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the
addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations
and configuration inconsistencies that can cause several problems, such as duplicate VLAN names,
incorrect VLAN-type specifications, and security violations.
Before you create VLANs, you must decide whether to use VTP in your network. Using VTP, you can
make configuration changes centrally on one or more switches and have those changes automatically
communicated to all the other switches in the network. Without VTP, you cannot send information about
VLANs to other switches. VTP configuration information is saved in the VTP VLAN database. VTP
learns about the normal-range VLANs (VLAN IDs 1 to 1005).
This section contains information about these VTP parameters:
• The VTP Domain
• VTP Modes
• VTP Advertisements
• VTP Version 2
• VTP Pruning

The VTP Domain

A VTP domain (also called a VLAN management domain) consists of one switch or several
interconnected switches under the same administrative responsibility sharing the same VTP domain
name. A switch can be in only one VTP domain.You make global VLAN configuration changes for the
domain by using the command-line interface (CLI), Cluster Management Suite (CMS) software, or
Simple Network Management Protocol (SNMP).
By default, the switch is in VTP no-management-domain state until it receives an advertisement for a
domain over a trunk link (a link that carries the traffic of multiple VLANs) or until you configure a domain
name. Until the management domain name is specified or learned, you cannot create or modify VLANs
on a VTP server, and VLAN information is not propagated over the network.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name
and the VTP configuration revision number. The switch then ignores advertisements with a different
domain name or an earlier configuration revision number.

Caution Before adding a VTP client switch to a VTP domain, always verify that its VTP configuration revision
number is lower than the configuration revision number of the other switches in the VTP domain.
Switches in a VTP domain always use the VLAN configuration of the switch with the highest VTP
configuration revision number. If you add a switch that has a revision number higher than the revision
number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to all
switches in the VTP domain. VTP advertisements are sent over all IEEE 802.1Q trunk connections. VTP
maps VLANs dynamically across multiple LAN types with unique names and internal index associates.
Mapping eliminates excessive device administration required from network administrators.
If you configure a switch for VTP transparent mode, you can create and modify VLANs, but the changes
are not sent to other switches in the domain, and they affect only the individual switch. However,
configuration changes made when the switch is in this mode are saved in the switch running
configuration and can be saved to the switch startup configuration file.
 VTP Modes
You can configure a supported switch to be in one of the VTP modes listed in Table 14-1.

Table 14-1 VTP Modes 

VTP
Mode Description
VTP server In VTP server mode, you can create, modify, and delete VLANs and
specify other configuration parameters (such as the VTP version) for
the entire VTP domain. VTP servers advertise their VLAN
configurations to other switches in the same VTP domain and
synchronize their VLAN configurations with other switches based on
advertisements received over trunk links.
In VTP server mode, VLAN configurations are saved in nonvolatile
RAM (NVRAM). VTP server is the default mode.

VTP client A VTP client behaves like a VTP server, but you cannot create,
change, or delete VLANs on a VTP client.
In VTP client mode, VLAN configurations are not saved in NVRAM.

VTP VTP transparent switches do not participate in VTP. A VTP

transparent transparent switch does not advertise its VLAN configuration and
does not synchronize its VLAN configuration based on received
advertisements. However, in VTP version 2, transparent switches do
forward VTP advertisements that they receive from other switches
from their trunk interfaces. You can create, modify, and delete
VLANs on a switch in VTP transparent mode.
When the switch is in VTP transparent mode, the VTP and VLAN
configurations are saved in NVRAM, but they are not advertised to
other switches. In this mode, VTP mode and domain name are
saved in the switch running configuration and you can save this
information in the switch startup configuration file by entering
the copy running-config startup-config privileged EXEC
command.

When the network is configured with the maximum four VLANs, the switch automatically changes from
VTP server or client mode to VTP transparent mode. The switch then operates with the VLAN
configuration that preceded the one that sent it into transparent mode.

VTP Advertisements
Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port
to a reserved multicast address. Neighboring switches receive these advertisements and update their
VTP and VLAN configurations as necessary.

Note Because trunk ports send and receive VTP advertisements, you must ensure that at
least one trunk port is configured on the switch and that this trunk port is connected to
the trunk port of a second switch. Otherwise, the switch cannot receive any VTP
advertisements.
VTP advertisements distribute this global domain information:
• VTP domain name
• VTP configuration revision number
• Update identity and update timestamp
• MD5 digest VLAN configuration, including maximum transmission unit (MTU) size for each VLAN.
• Frame format
 VTP advertisements distribute this VLAN information for each configured VLAN:
• VLAN IDs
• VLAN name
• VLAN type
• VLAN state
• Additional VLAN configuration information specific to the VLAN type

VTP Version 2
If you use VTP in your network, you must decide whether to use version 1 or version 2. By default, VTP
operates in version 1.
VTP version 2 supports these features not supported in version 1:
• Token Ring support—VTP version 2 supports Token Ring Bridge Relay Function (TrBRF) and
Token Ring Concentrator Relay Function (TrCRF) VLANs.
• Unrecognized Type-Length-Value (TLV) support—A VTP server or client propagates configuration
changes to its other trunks, even for TLVs it is not able to parse. The unrecognized TLV is saved in
NVRAM when the switch is operating in VTP server mode.
• Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent switch inspects VTP
messages for the domain name and version and forwards a message only if the version and
domain name match. Because VTP version 2 supports only one domain, it forwards VTP messages
in transparent mode without inspecting the version and domain name.
• Consistency Checks—In VTP version 2, VLAN consistency checks (such as VLAN names and
values) are performed only when you enter new information through the CLI, the Cluster
Management Software (CMS), or SNMP. Consistency checks are not performed when new
information is obtained from a VTP message or when information is read from NVRAM. If the MD5
digest on a received VTP message is correct, its information is accepted.

VTP Pruning [IMPORTANT]*******

VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links that
the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast,
multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving
switches might discard them. VTP pruning is disabled by default.
VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-
eligible list. Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through
1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the
flooding continues. VTP pruning is supported with VTP version 1 and version 2.
Figure 14-1 shows a switched network without VTP pruning enabled. Port 1 on Switch 1 and Port 2 on
Switch 4 are assigned to the Red VLAN. If a broadcast is sent from the host connected to Switch 1,
Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3, 5,
and 6 have no ports in the Red VLAN.

Figure 14-1 Flooding Traffic without VTP Pruning

 Figure 14-2 shows a switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is
not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links
shown (Port 5 on Switch 2 and Port 4 on Switch 4).

Figure 14-2 Optimized Flooded Traffic with VTP Pruning

Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making
VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that device
only (not on all switches in the VTP domain). See the "Enabling VTP Pruning" section. VTP pruning
takes effect several seconds after you enable it. VTP pruning does not prune traffic from VLANs that are
pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these
VLANs cannot be pruned.
VTP pruning is not designed to function in VTP transparent mode. If one or more switches in the
network are in VTP transparent mode, you should do one of these:
• Turn off VTP pruning in the entire network.
• Turn off VTP pruning by making all VLANs on the trunk of the switch upstream to the VTP
transparent switch pruning ineligible.
To configure VTP pruning on an interface, use the switchport trunk pruning vlan interface
configuration command (see the "Changing the Pruning-Eligible List" section). VTP pruning operates
when an interface is trunking. You can set VLAN pruning-eligibility, whether or not VTP pruning is
enabled for the VTP domain, whether or not any given VLAN exists, and whether or not the interface is
currently trunking.

Configuring VTP
This section includes guidelines and procedures for configuring VTP. These sections are included:
• Default VTP Configuration
• VTP Configuration Options
• VTP Configuration Guidelines
• Configuring a VTP Server
 • Configuring a VTP Client
• Disabling VTP (VTP Transparent Mode)
• Enabling VTP Version 2
• Enabling VTP Pruning
• Adding a VTP Client Switch to a VTP Domain

Default VTP Configuration

Table 14-2 shows the default VTP configuration.

Table 14-2 Default VTP Configuration 

Feature Default Setting

VTP domain name Null

VTP mode Server

VTP version 2 enable state Version 2 is disabled

VTP password None

VTP pruning Disabled

 􀂾 Implement Inter-VLAN routing

Introduction
VLANs divide broadcast domains in a LAN environment. Whenever hosts in one VLAN need to
communicate with hosts in another VLAN, the traffic must be routed between them. This is known as
inter-VLAN routing. On Catalyst switches it is accomplished by creating Layer 3 interfaces (Switch
virtual interfaces (SVI) ). This document provides the configuration and troubleshooting steps applicable
to this capability.

Note: This document uses a Catalyst 3550 as an example. However, the concepts can also be applied
to other Layer 3 switches that run Cisco IOS® (for example, Catalyst 3560, 3750, Catalyst 4500/4000
Series with Sup II+ or later, or Catalyst 6500/6000 Series that run Cisco IOS System software).

Prerequisites
Requirements
Catalyst switch models 3560, 3750, Catalyst 4500/4000 Series with Sup II+ or later, or Catalyst
6500/6000 Series that run Cisco IOS system software support basic InterVLAN routing features in all
their supported software versions. Before you attempt this configuration on a 3550 series switch, ensure
that you meet these prerequisites:

 InterVLAN routing on the Catalyst 3550 has certain software requirements to

support interVLAN routing on the switch. See this table to determine whether
your switch can support interVLAN routing.
InterVLAN
Image Type and Version Routing
Capability
Enhanced Multilayer Image
Yes
(EMI) - All Versions
Standard Multilayer Image
(SMI) - prior to Cisco IOS No
Software Release12.1(11)EA1
Standard Multilayer Image
(SMI) - Cisco IOS Software Yes
Release 12.1(11)EA1 and later
 For more information on the differences between SMI and EMI, refer to Upgrading Software
Images on Catalyst 3550 Series Switches Using the Command Line Interface. This document also
provides the procedure to upgrade the IOS code to a version that supports interVLAN routing.

 This document assumes that Layer 2 has been configured and that the devices within the
same VLAN connected to the 3550 communicate with one another. If you need information on
configuring VLANs, access ports and trunking on the 3550, refer to Creating Ethernet VLANs on
Catalyst Switches or the Catalyst 3550 Software Configuration Guide for the specific IOS version
you run on the switch.
Components Used
The information in this document is based on these software and hardware versions:

 Catalyst 3550-48 that runs Cisco IOS Software Release 12.2(44)SE6 EMI

The information presented in this document was created from devices in a specific lab environment. All
of the devices used in this document started with a cleared (default) configuration. If you are working in
a live network, ensure that you understand the potential impact of any command before using it.

Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configure InterVLAN Routing

Task
In this section, you are presented with the information to configure the features described in this
document.

This logical diagram explains a simple interVLAN routing scenario. The scenario can be expanded to
include a multi-switch environment by first configuring and testing inter-switch connectivity across the
network before configuring the routing capability.

Step-by-Step Instructions
Complete these steps to configure a switch to perform interVLAN routing.

1. Enable routing on the switch by using the ip routing command. Even if IP routing was
previously enabled, this step ensures that it is activated.
2. Switch(config)#ip routing

Note: If the switch does not accept the ip routing command, upgrade to either SMI image
Cisco IOS Software Release12.1(11)EA1 or later, or an EMI image, and repeat this step.

Tip: Check the show running-configuration . Verify whether ip routing is enabled. The

command, if enabled, appears towards the top of the output.

hostname Switch
!
!
ip subnet-zero
ip routing
!
vtp domain Cisco
vtp mode transparent

3. Make note of the VLANs that you want to route between. In this example, you want to route
traffic between VLANs 2, 3 and 10.
4. Use the show vlan command to verify that the VLANs exist in the VLAN database. If they do
not exist, add them on the switch. This is an example of adding VLANs 2, 3, and 10 to the
switch VLAN database

5. Switch#vlan database
6. Switch(vlan)#vlan 2
7. VLAN 2 added:
8. Name: VLAN0002
9. Switch(vlan)#vlan 3
10. VLAN 3 added:
11. Name: VLAN0003
12. Switch(vlan)#vlan 10
13. VLAN 10 added:
14. Name: VLAN0010
15. Switch(vlan)#exit
16. APPLY completed.
Exiting....

Tip: You can use VLAN Trunking Protocol (VTP) to propagate these VLANs to other switches.

17. Determine the IP addresses you want to assign to the VLAN interface on the switch. For the
switch to be able to route between the VLANs, the VLAN interfaces must be configured with an
IP address. When the switch receives a packet destined for another subnet/VLAN, the switch
looks at the routing table to determine where to forward the packet. The packet is then passed
to the VLAN interface of the destination. It is in turn sent to the port where the end device is
attached.
18. Configure the VLAN interfaces with the IP address identified in step 4.

19. Switch#configure terminal

20. Enter configuration commands, one per line. End with
CNTL/Z.
21. Switch(config)#interface Vlan2
22. Switch(config-if)#ip address 10.1.2.1 255.255.255.0
 23. Switch(config-if)#no shutdown

Repeat this process for all VLANs identified in step 1.

24. Configure the interface to the default router. In this scenario you have a Layer 3 FastEthernet
port.
25. Switch(config)#interface FastEthernet 0/1
26. Switch(config-if)#no switchport
27. Switch(config-if)#ip address 200.1.1.1 255.255.255.0
28. Switch(config-if)#no shutdown

The no switchport command makes the interface Layer 3 capable. The IP address is in the
same subnet as the default router.

Note: This step can be omitted if the switch reaches the default router through a VLAN. In its
place, configure an IP address for that VLAN interface.

29. Configure the default route for the switch.

30. Switch(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2

From the diagram in the Task section, note that the IP address of the default router is
200.1.1.2. If the switch receives a packet for a network not in the routing table, it forwards it to
the default gateway for further processing. From the switch, verify that you can ping the default
router.

Note: The ip default-gateway command is used to specify the default gateway when routing is

not enabled. However, in this case, routing is enabled (from step 1). Therefore, the ip default-
gateway command is unnecessary.

31. Configure your end devices to use the respective Catalyst 3550 VLAN interface as their default
gateway. For example, devices in VLAN 2 should use the interface VLAN 2 IP address as its
default gateway. Refer to the appropriate client configuration guide for more information on
how to designate the default gateway.

Verify
This section provides the information to confirm that your configuration works properly.

Certain show commands are supported by the Output Interpreter Tool (registered customers only) . This

allows you to view an analysis of showcommand output.

 show ip route - Provides a snapshot of the routing table entries.

 Cat3550#show ip route
 Codes: C - connected, S - static, I - IGRP, R - RIP, M
- mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA -
OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA
external type 2
 E1 - OSPF external type 1, E2 - OSPF external
type 2,
 i - IS-IS, su - IS-IS summary, L1 - IS-IS
level-1, L2 - IS-IS level-2,
  ia - IS-IS inter area, * - candidate default, U
- per-user static route,
 o - ODR, P - periodic downloaded static route

 Gateway of last resort is 200.1.1.2 to network 0.0.0.0

 200.1.1.0/30 is subnetted, 1 subnets
 C 200.1.1.0 is directly connected,
FastEthernet0/48
 10.0.0.0/24 is subnetted, 3 subnets
 C 10.1.10.0 is directly connected, Vlan10
 C 10.1.3.0 is directly connected, Vlan3
 C 10.1.2.0 is directly connected, Vlan2
 S* 0.0.0.0/0 [1/0] via 200.1.1.2

Note that the routing table has an entry for each VLAN interface subnet. Therefore, devices in
VLAN 3 can communicate with devices in VLAN 10, VLAN 2 and vice versa. The default route
with the next hop 200.1.1.2 allows the switch to forward traffic to the gateway of last resort (for
traffic the switch cannot route).

 show ip interface brief - Lists a brief summary of an interface's IP information and status. This
command is used to verify that the VLAN interfaces and ports on the switch are up/up.

Implementing Inter-VLAN Routing

A switch with multiple VLANs requires a means of passing Layer 3 traffic between those VLANs. This module describes
the process and methods of routing traffic from VLAN to VLAN. A router that is external to the Layer 2 switch hosting
the VLANs can provide the inter-VLAN routing. When routing occurs within a Catalyst multilayer switch, Cisco Express
Forwarding (CEF) is deployed to facilitate Layer 3 switching through hardware-based tables, providing an optimal packet
forwarding process. On a multilayer switch, routing is enabled between VLANs through the configuration of switch
virtual interfaces (SVIs) associated with the various VLANs on the multilayer switch. 

Describing Routing Between VLANs 

Inter-VLAN Routing Using an External Router

If a switch supports multiple VLANs but has no Layer 3 capability to route packets between those VLANs, the
switch must be connected to a router external to the switch. This setup is accomplished most efficiently by
providing a single trunk link between the switch and the router that can carry the traffic of multiple VLANs and
which, in turn, can be routed by the router. This single physical link must be Fast Ethernet or greater to
support Inter-Switch Link (ISL) encapsulation, but 802.1Q is supported on 10-Mbps Ethernet router interfaces. 

In Figure , the clients on VLAN10 need to establish sessions with a server that is in VLAN20, which requires
that traffic be routed between the VLANs. Figure describes the actions necessary for traffic to be routed
between VLANs using an external router. 

With inter-VLAN routing, the router receives frames from the switch with the source VLAN tagged (for example
VLAN10). It associates the frames with the proper subinterface and then decodes the frame payload (the IP
packet). The router then performs Layer 3 processing based on the destination network address contained in
the IP packet to determine which subinterface should forward the IP packet. The IP packet is now
encapsulated in a dot-1Q (or ISL) frame that is tagged with the VLAN identification (for example VLAN20) of
the forwarding subinterface and transmitted across the trunk toward the switch. 
In Figure , the router can receive packets on one VLAN and forward them to another. To perform inter VLAN
routing functions, the router must know how to reach all VLANs that are being interconnected. The router must
have a separate logical connection (subinterface) for each VLAN and ISL or 802.1Q trunking must be enabled
on the single physical interface between the router and the switch. The routing table lists all the subnets
associated with the VLANs that are configured on the router subinterfaces as directly connected. The router
must learn routes to networks that are not configured on directly connected interfaces through dynamic routing
protocols or static routes. 

There are advantages and disadvantages of inter-VLAN routing on an external router.  

The advantages are as follows: 

The advantages are as follows:

 Implementation is simple.
 Layer 3 services are not required on the switch.

 The router provides communications between VLANs.

The disadvantages are as follows:

 The router is a single point of failure.

 The single traffic path between the switch and the router may become congested.


o Latency is higher than on a Layer 3 switch.

Describing Inter-VLAN Routing Using External Router Configuration Commands

You can configure inter-VLAN routing using an external router over either ISL or 802.1Q trunks. The
commands for configuring the trunk interface on the router are shown in Figure   . Figure   provides a
description of the commands.

Configuring Inter-VLAN Routing Using an External Router

A router interface providing inter-VLAN routing on a trunk link must be configured with a subinterface for each
VLAN that will be serviced across the link. Each subinterface on the physical link must then be configured with
the same trunk encapsulation protocol. That protocol, either 802.1Q or ISL, is typically determined by what
was configured on the switch side of the link.

Use the encapsulation dot1q subinterface configuration command to enable 802.1Q encapsulation on a

router subinterface. The subinterface number does not have to match the dot-1Q VLAN number, but it is good
practice to do so.

Since traffic on the native VLAN is not tagged, all native VLAN frames are received as normal Ethernet
frames, so it is not necessary to define a specific encapsulation tag for those networks. Some versions of
Cisco IOS allow for the creation of a subinterface for the native VLAN. If the native VLAN is configured as a
subinterface, you should use the encapsulation dot1q native command. All other non-native VLANs have an
802.1Q tag inserted into their frames. These non-native VLANs should always be configured as subinterfaces
on the router, and the VLANs must be defined as 802.1Q tagged frames and have the VLAN associated to
them identified. The subinterface command encapsulation dot1q accomplishes this task. 

The VLAN subnets are directly connected to the router. Routing between these subnets does not require a
dynamic routing protocol, because the subnets are directly connected. Routes to the subnets associated with
each VLAN appear in the routing table as directly connected interfaces.

Use the encapsulation isl vlan_id subinterface configuration command to enable ISL trunking on a router

subinterface. 

The native keyword is not used with the encapsulation ISL subinterface command, because ISL does not
have the concept of a native VLAN.

Figure   describes the actions needed to perform ISL encapsulation on external routers.

After the router is properly configured and connected to the network, the router or the switch can communicate
with other nodes on the network.

To test connectivity to remote hosts, use the ping command from privileged mode :

Switch#ping destination-ip-address

Step 1 From the router, ping a host address on each VLAN to verify router connectivity.

Step 2 From a host on a particular VLAN, ping a host on another VLAN to verify routing across the external
router.

The ping command returns one of these responses:

 Success rate is 100 percent or ip-address is alive: This response occurs in 1 to 10 ms,

depending on network traffic and the number of Internet Control Message Protocol (ICMP) packets
sent.
 Destination does not respond: No answer message is returned if the host does not respond.

 Unknown host: This response occurs if the targeted host cannot be resolved.

 Destination unreachable: This response occurs if the default gateway cannot reach the specified
network or is being blocked.

 Network or host unreachable: This response occurs if the Time to Live (TTL) times out. The
default is 2 seconds.

Use show commands to display the current (running) configuration, IP routing information, and IP protocol
information to verify whether the routing table represents the subnets of all VLANs. 

Router#show vlans 
Virtual LAN ID: 10 (Inter Switch Link Encapsulation) 
vLAN Trunk Interface: FastEthernet0/0.10 
Protocols Configured: Address: Received: Transmitted: 
IP 10.10.1.1 0 20 

Virtual LAN ID: 20 (Inter Switch Link Encapsulation) 

vLAN Trunk Interface: FastEthernet0/0.20 
Protocols Configured: Address: Received: Transmitted: 
IP 10.20.1.1 0 20 

Router#show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 
Gateway of last resort is not set 
10.0.0.0/24 is subnetted, 2 subnets 
C 10.10.1.0 is directly connected, FastEthernet0/0.10 
C 10.20.1.0 is directly connected, FastEthernet0/0.20

  Explaining Multilayer Switching

Traditionally, a switch makes forwarding decisions by looking at the Layer 2 header, whereas a router makes
forwarding decisions by looking at the Layer 3 header.

A multilayer switch combines the functionality of a switch and a router into one device, therefore enabling the
device to switch traffic when the source and destination are in the same VLAN and to route traffic when the
source and destination are in different VLANs (that is, different subnets).

In Figure  , traffic between PC A and PC B are switched at Layer 2, whereas traffic between PC B and PC C
are switched at Layer 3.

Multilayer switches forward frames and packets at wire speed by using application-specific integrated circuit
(ASIC) hardware. Specific Layer 2 and Layer 3 components, such as routing tables or access control lists
(ACLs), are cached into hardware. These tables are stored in content-addressable memory (CAM) and ternary
content-addressable memory (TCAM).

Layer 2 forwarding in hardware is based on the destination MAC address. The Layer 2 switch learns and
records the source MAC addresses from all frames that it receives. The MAC address table lists MAC
addresses paired with the associated VLANs and interfaces. When a frame is received on an interface, the
switch determines which VLAN the frame originated from, searches all interfaces that belong to that VLAN for
the destination MAC, and forwards the frame out the appropriate interface. 

Figure   describes how a Layer 2 switch forwards packets.

Layer 3 forwarding is based on the destination IP address. Layer 3 forwarding occurs when a packet is routed
from a source in one subnet to a destination in another subnet. When a multilayer switch (MLS) sees its own
MAC address in the Layer 2 header, it recognizes that the packet is either destined for itself or is to be routed.
If the packet is not destined for the MLS, the destination IP address is compared against the Layer 3
forwarding table for the longest match. In addition, router ACL checks are performed. In this case, the frame
header needs to be rewritten with new source and destination MAC addresses.

Figures   and   describe how a Layer 3 switch forwards packets.

Frame Rewrite

Figure   shows how the frame and packet header would be altered if CEF is used to forward frames. When
frames are received on an interface, the trailer checksum is first calculated to verify accurate delivery of the
frame. The frame is discarded if the calculation is not accurate. Next the payload is extracted. The IP header
checksum is tested to verify that it is an accurate IP header. Once the packet is processed, IP unicast packets
are rewritten on the output interface as follows:

 The source MAC address changes from the sender MAC address to the router MAC address.
 The destination MAC address changes from the router MAC to the next-hop MAC address.

 The TTL is decremented by one and, as a result, the IP header checksum is recalculated.

 The frame checksum is recalculated.

Routing, switching, ACL, and QoS tables are stored in a high-speed table memory so that forwarding
decisions and restrictions can be made in high-speed hardware. Cisco Catalyst switches create and use two
primary table architectures:

 CAM table: Primary table used to make Layer 2 forwarding decisions. The table is built by recording
the source address and inbound port of all frames. When a frame arrives at the switch with a
destination MAC address of an entry in the CAM table, the frame is forwarded out only through the
port associated with that specific MAC address. 
 TCAM table: Stores ACL, QoS, and other information generally associated with upper-layer
processing.

Table lookups are done with efficient search algorithms. A “key” is created to compare the frame to the table
content. For example, the destination MAC address and VLAN ID (VID) of a frame constitute the key for a
Layer 2 table lookup. This key is fed into a hashing algorithm, which produces a pointer into the table. The
system uses the pointer to access a smaller specific area of the table without requiring searching the entire
table.

In a Layer 2 table, all bits of all information are significant for frame forwarding (for example, VLANs,
destination MAC addresses, and destination protocol types). However, in more complicated tables associated
with upper-layer forwarding criteria, some bits of information may be too inconsequential to analyze. For
example, an ACL may require a match on the first 24 bits of an IP address, but the last 8 bits may be
insignificant information.
In specific high-end switch platforms, the TCAM is a portion of memory designed for rapid, hardware-based
table lookups of Layer 3 and Layer 4 information. In the TCAM, a single lookup provides all Layer 2 and Layer
3 forwarding information for frames, including CAM and ACL information.

Figure   displays the ACL information stored in the TCAM table that would result in a packet being permitted
or denied.

TCAM matching is based on three values: 0, 1, or X (where X is either number), hence the term “ternary.” The
memory structure is broken into a series of patterns and masks. Masks are shared among a specific number
of patterns and are used as wildcards in some content fields.

The following two ACL entries are referenced in Figure  , which shows how their values are stored in the
TCAM:

access-list 101 permit ip host 10.1.1.1 any 

access-list 101 deny ip 10.1.1.0 0.0.0.255 any

The TCAM table entries in Figure   consist of the following types of regions:

 Longest match region: Each longest match region consists of groups of Layer 3 address entries
(“buckets”) organized in decreasing order by mask length. All entries within a bucket share the same
mask value and key size. The buckets can change their size dynamically by borrowing address
entries from neighboring buckets. Although the size of the whole protocol region is fixed, you can
reconfigure it. The reconfigured size of the protocol region takes effect only after the next system
reboot.
 First-match region: The first-match region consists of ACL entries. Lookup stops after the first
match of the entry.
 􀂾 Backup and recovery of configuration files of
a router using TFTP server
Use TFTP to Backup your Cisco Router
Configurations
Just like any important server on your network, Cisco routers and switches need to be
periodically backed up. You don’t want your router to crash one day, get a replacement,
and spend days trying to recreate the configuration file. To prevent this, make sure you
backup your configurations with TFTP. Let’s find out how to do this.

What is TFTP?

TFTP stands for Trivial File Transfer Protocol. TFTP uses UDP, not
TCP for transferring of files (like FTP does). Because it uses UDP
and UDP is connectionless, TFTP file transfers are not meant for
networks with a lot of latency, like the Internet. However,
because UDP doesn’t use any kind of acknowledgements, it is
also faster than TCP.

Obtaining a TFTP server

You can make a Cisco router a TFTP server and copy files from
other routers to that router.  However, storing your backups on a
router isn’t the best idea.  You really want your Cisco device
backups on a PC or server that can be backed up to tape.  So,
let’s find out how to obtain a Windows TFTP server.

Backing up your Router Configuration with TFTP

Now that the TFTP server is running, go to the router that you
want to backup the configuration from.

Step 1

Make sure that you can ping the IP address shown on the TFTP
server application from the router.  If you cannot, you have a
networking issue and you need to resolve that before you
continue.
Step 2

On the router’s console, type this:

Router# copy running-config tftp

Step 3

When asked for the name of the TFTP server, type the IP address
shown on the TFTP server console application, like this:

Address or name of remote host []? 10.253.15.72

Step 4

When asked for the name of the destination file, you can take the
default by pressing enter, like this:

Destination filename [router-confg]? [press enter]

You should see exclamation points scroll across the screen and a
message that the file was copied, like this:

!!!!!!!!!!
44647 bytes copied in 1.692 secs (26387 bytes/sec)
Router#

You can also back up your router’s IOS file by using a command
like this:

copy flash:c3845-ipbase-mz.123-11.T7.bin tftp

On the TFTP server console, you should see a record that the
transfer completed, like this:
 How To Back Up and Restore
Configuration on CISCO Devices
Performing backups often is importnat but also testing them can be invaluable because
you need to make sure that you can rely on them when needed. So let’s start by learning
how to connect to a Cisco router by using telnet and console access. Then we will see
how to perform configuration backup to a TFTP server and how to restore the backup in
case it is needed.
 
Connecting to a Cisco Router Using Console
Step 1: Attach a console cable to the console port (Rj-45) located at the back of the
router.
Step 2: Open a new HyperTerminal instance from Start-All Programs-Accessories-
Communications-HyperTerminal, enter a random name to this connection and choose
the com port to use for connecting to the router. Adjust the following port settings to the
com port:
Bits per second: 9600 
Data bits: 8 
Parity: none 
Stop bits: 1 
Flow control: Hardware
Step 3: After pressing [Enter] a few times you will see the Router> prompt. Go to menu
view-font of the hyperterminal and select courier font with font size 14.
Write enable to enter into privileged mode (after issuing the correct enable secret). Here
are the steps:
[Router name]>
[Router name]>enable
Password: ……….
[Router name]#
Connecting to a Cisco Router Using Telnet
Note that in order to be able to telnet onto a router, a telnet password must have been
configured on the router and also telnet access should not be disabled on the specific
router.
Before installing a new router you must provide a password for the telnet access on the
router, otherwise you will not be able to telnet to it.
Use the console to connect to the router:
[Router name] enable
Password: ……….[insert enable secret here]
[Router name]# sh run
Press [enter] until you see a sentence like: line vty 0 4 (see the example below). Below
this sentence you should see a password. If not then you should  provide a password. If a
password is set but no exec line is seen like in the example below, then telnet is blocked
and you shouldunblock it.
Example:
Line vty 0 4
Password surpass
No exec
a. To Provide a telnet Password
Router#config t
Router(Config)#line vty 0 4
Router(Config)#login
Router(Config)#password [password name]
Press [Ctrl][z] and issue sh run to ensure that password has been set
b. To Unblock telnet Access on Router
Router#config t
Router(Config)#line vty 0 4
Router(Config)#exec
C:\>telnet 10.176.100.2
Password: ……….
[Router name]>enable
Password: ……….
[Router name]#
Backing Up Router Configuration
To copy the configuration from the router to the TFTP server you can use the copy run
tftpcommand. It will backup the router configuration thats stored in DRAM. Then you will
be asked to enter the address of the TFTP server and the name of the destination file on
TFTP server like this:
[Router name] #copy run tftp — to copy the running configuration to TFTP server
Address or name of remote host []? 172.16.10.2 — the ip address of TFTP server
Destination filename [routername-confg]? /Backup/Router01.cfg — the folder path on
the server where the configuration file will be stored)

Restoring Router Configuration

In this section I’ll show you how to restore a running router with basic configuration and
also how to restore a new router with no basic configuration — both of which scenarios
you’ll probably run into.

1. Restoring a Running Router with Basic Configuration

In case the router has the basic configuration (i.e. router ports are assigned to subnet),
use the command copy TFTP run and then complete the rest of the requirements like
this:
[router name]# show run — to see the running configuration

[router name]#copy tftp run — to copy the configuration file from TFTP server to the
running configuration of the router

Address or name of remote host []?172.16.10.2 — TFTP server address

Source filename[]?/Backup/Router01.cfg — the configuration file to be copied to the

router

[router name]#show run

[router name]#show interfaces

[router name]#copy run start

We issue show run command to verify that the configuration has been copied to the
router. Useshow interfaces command to ensure that the interfaces where we have
cables connected to them are up. Issue the command copy run start to copy the
configuration from running configuration (DRAM) to Startup configuration (NVRAM).
The following is an example of what you will see on the screen when you issue the show
interfaces command:
Vlan1 is up, line protocol is up
.
.
.
fastethernet 0/1 is up, line protocol is up
.
.
.
fastethernet 0/2 is down, line protocol is down
.
.
.
Usually fastethernet ports are brought up on their own as soon as the ethernet cable is
attached to them. In case a certain port is still down after we have connect a cable in it
we use:
[Router name]#config t
[Router name](config)#int fastethernet0/[router port]
[Router name](config-if)#no shutdown
2. Restoring a New Router with No Basic Configuration
a. Provide basic router configuration
In case we install a new router with no configuration, then we have to incorporate this
router into the subnet before restoring the final configuration. We have to assign an IP
address and subnet mask to interface Vlan1.
First we have to go through the old configuration files either from the old router or from
the tfrp server and look for the IP address and subnet that the router was configured with,
on its previous location. This information will look like this:
interface vlan1
ip address [ip address] [subnet]
Make a note of both IP address and subnet and then log onto your new router with the
console cable using a hyperterminal. Issue passwords and then issue the following:
[Router name]#config t
[Router name](Config)#int vlan1
[Router name](Config-if)#ip address [ip address] [subnet]
[Router name](Config-if)#no shutdown
Press [CTRL][Z]
[Router name]# show run — to see that IP address on vlan1 has been set
b. Copy configuration from TFTP server to the router
[Router name] #copy TFTP run
Address or name of remote host []?172.16.10.2
Source filename[]?/Backup/Router01.cfg
[router name]#show run
[router name]#show interfaces
[router name]#copy run start
 􀂾 Access Control List (Standard and Extended)
Access Control List Standard and Extended
ACLs are basically a set of commands, grouped together by a number or name that is used to
filter traffic entering or leaving an interface.
When activating an ACL on an interface, you must specify in which direction the traffic should
be filtered:
1. Inbound (as the traffic comes into an interface)
2. Outbound (before the traffic exits an interface)
Inbound ACLs:
Incoming packets are processed before they are routed to an outbound interface. An inbound
ACL is efficient because it saves the overhead of routing lookups if the packet will be
discarded after it is denied by the filtering tests. If the packet is permitted by the tests, it is
processed for routing.
Outbound ACLs:
Incoming packets are routed to the outbound interface and then processed through the
outbound ACL.
Universal fact about Access control list
 ACLs come in two varieties:Numbered and named
 Each of these references to ACLs supports two types of filtering: standard and
extended.
 Standard IP ACLs can filter only on the source IP address inside a packet.
 Whereas an extended IP ACLs can filter on the source and destination IP
addresses in the packet.
 There are two actions an ACL can take: permit or deny.

 Statements are processed top-down.

 Once a match is found, no further statements are processed—therefore, order is

important.
 If no match is found, the imaginary implicit deny statement at the end of the
ACL drops the packet.

 An ACL should have at least one permit statement; otherwise, all traffic will be
dropped because of the hidden implicit deny statement at the end of every ACL.
 No matter what type of ACL you use, though, you can have only one ACL per
protocol, per interface, per direction. For example, you can have one IP ACL inbound
on an interface and another IP ACL outbound on an interface, but you cannot have
two inbound IP ACLs on the same interface.
Access List Ranges
Type Range

IP Standard 1–99

IP Extended 100–199

IP Standard Expanded Range 1300–1999

IP Extended Expanded Range 2000–2699

 Standard ACLs
A standard IP ACL is simple; it filters based on source address only. You can filter a source
network or a source host, but you cannot filter based on the destination of a packet, the
particular protocol being used such as the Transmission Control Protocol (TCP) or the User
Datagram Protocol (UDP), or on the port number. You can permit or deny only source traffic.
Extended ACLs:
An extended ACL gives you much more power than just a standard ACL. Extended IP ACLs
check both the source and destination packet addresses. They can also check for specific
protocols, port numbers, and other parameters, which allow administrators more flexibility and
control.
Named ACLs
One of the disadvantages of using IP standard and IP extended ACLs is that you reference
them by number, which is not too descriptive of its use. With a named ACL, this is not the
case because you can name your ACL with a descriptive name. The ACL named DenyMike is
a lot more meaningful than an ACL simply numbered 1. There are both IP standard and IP
extended named ACLs. 
Another advantage to named ACLs is that they allow you to remove individual lines out of an
ACL. With numbered ACLs, you cannot delete individual statements. Instead, you will need to
delete your existing access list and re-create the entire list.

Configuration Guidelines
 Order of statements is important: put the most restrictive statements at the top of the
list and the least restrictive at the bottom.
 ACL statements are processed top-down until a match is found, and then no more
statements in the list are processed.
 If no match is found in the ACL, the packet is dropped (implicit deny).
 Each ACL needs either a unique number or a unique name.
 The router cannot filter traffic that it, itself, originates.
 You can have only one IP ACL applied to an interface in each direction (inbound and
outbound)—you can't have two or more inbound or outbound ACLs applied to the same
interface. (Actually, you can have one ACL for each protocol, like IP and IPX, applied to an
interface in each direction.)
 Applying an empty ACL to an interface permits all traffic by default: in order for an
ACL to have an implicit deny statement, you need at least one actual permit or deny
statement.
 Remember the numbers you can use for IP ACLs.Standard ACLs can use numbers
ranging 1–99 and 1300–1999, and extended ACLs can use 100–199 and 2000–2699.
 Wildcard mask is not a subnet mask. Like an IP address or a subnet mask, a wildcard
mask is composed of 32 bits when doing the conversion; subtract each byte in the subnet
mask from 255.
There are two special types of wildcard masks:
0.0.0.0 and 255.255.255.255
A 0.0.0.0 wildcard mask is called a host mask
255.255.255.255. If you enter this, the router will cover the address and mask to the keyword
any.
Placement of ACLs
Standard ACLs should be placed as close to the destination devices as possible.
Extended ACLs should be placed as close to the source devices as possible.
Commands for Checking (Standard)Access control list in
routers:
A-L 10 deny host
1. A-L 10 deny 10.0.0.2
2. A-L 10 permit any
3. interface e0
4. ip access-group 10 out
A-L 10 deny network
1. A-L 10 deny 10.0.0.0 255.0.0.0
Commands for Checking (Extended)Access control list in
routers:
A-L 111 deny tcp any host
1. A-L 111 permit ip any any
2. interface e0/0
3. IP access-group 111 in
 􀂾 Configuring PPP

How to configure PPP on Cisco Router.

You can configure point-to-point encapsulation, software compression, link quality
monitoring, load balancing across links (multilinks) on R1, R2 and R3 serial
interface below.

Before you actually configure PPP on a serial interface, we will look at the
commands and the syntax of these commands as shown below. This series of
examples shows you how to configure PPP and some of the options.
 

 
 
1: How to enable PPP on an Interface

To set PPP as the encapsulation method used by a serial or ISDN interface, use
the encapsulation ppp interface configuration command.

The following example enables PPP encapsulation on serial interface 0/0/0:

R1#config t
R1(config)#interface se 0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#end

 The encapsulation ppp command has no arguments, however, you must first

configure the router with an IP routing protocol (RIP, EIGRP or OSPF) to use PPP
encapsulation. You should recall that if you do not configure PPP on a Cisco
router, the default encapsulation for serial interfaces is HLDC.

 
2: How to configure Compression

You can configure point-to-point software compression on serial interfaces after

you have enabled PPP encapsulation. Because this option invokes a software
compression process, it can affect system performance. If the traffic already
consists of compressed files (.zip, .tar, or .mpeg, for example), do not use this
option.

To configure compression over PPP, enter the following commands:

R1(config)#interface serial 0/0/0

R1(config-if)#encapsulation ppp
R1(config-if)#compress [predictor |
stac]
R1(config-if)#end
 

3: How to configure Link Quality Monitoring

One of the primary functions of LCP when establishing a PPP session includes
testing of a link to determine whether the link quality is sufficient to use Layer 3
protocols. The command ppp quality{percentage} ensures that the link meets
the quality requirement you set; otherwise, the link closes down.
 

How Link Percentage is calculated

The percentages are calculated for both incoming and outgoing directions. The
outgoing quality is calculated by comparing the total number of packets and bytes
sent to the total number of packets and bytes received by the destination node.
The incoming quality is calculated by comparing the total number of packets and
bytes received to the total number of packets and bytes sent by the destination
node.

If the link quality percentage is not maintained, the link is deemed to be of poor
quality and is taken down. Link Quality Monitoring (LQM) implements a time lag
so that the link does not bounce up and down.

Use the configuration commands below to monitor the data traffic on the link and
avoids frame looping:

R1(config)#interface serial 0/0/0

R1(config-if)#encapsulation ppp
R1(config-if)#ppp quality 80
R1(config-if)#end
Use the no ppp quality command to disable LQM.
 
4:How to Configure Load Balancing Across Links (MultiLinks)

Multilink PPP (also referred to as MP, MPPP, MLP, or Multilink) provides a method
for spreading traffic across multiple physical WAN links while providing packet
fragmentation and reassembly, proper sequencing, multivendor interoperability,
and load balancing on inbound and outbound traffic.

MPPP allows packets to be fragmented and sends these fragments simultaneously

over multiple point-to-point links to the same remote address. The multiple
physical links come up in response to a user-defined load threshold. MPPP can
measure the load on just traffic into the network, or on just traffic going out, but
not on the combined load of both inbound and outbound traffic.

Use the following commands to perform load balancing across multiple links:

R1#config t
R1(config)#interface se0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp multilink
R1(config-if)#end
The multilink command has no arguments. To disable PPP multilink, use the no
ppp multilinkcommand.
How to Configure PPP on a Cisco Router
When would you need this: When you are creating a WAN link. And also when the other
end of a WAN link is NOT a Cisco router. Point-to-Point Protocol can be used in synchronous,
asynchoronous, HSSI, and ISDN links.
Special Requirements: None.
1. Get to the interface configuration mode and issue the following command,
Router(config-if)#encapsulation ppp

2. If you want to configure authentication (which is almost always the case), go through the
following steps:
a. Choose the authentication type; Password Authentication Protocol (PAP), or
Challenge Handshake Authentication Protocol (CHAP).
Router(config-if)#ppp authentication XXX
where XXX is the authentication type which can be: pap, chap, pap chap, orchap
pap. The last two choices are to use the other authentication type when the first one

fails.
CHAP is strongly recommended over PAP for two reasons. First, PAP sends the
username and password in plaintext, while CHAP sends hashed challenges only.
Second is that CHAP does an operation similar to periodic re-authentication in the
middle of the communication session such that it provides more security than PAP.
b. Set a username and a password that the remote router would use to connect to your
local router. You can define many username-password pairs for many PPP
connections to the same router.
Router(config)#username USER password PASS
where USER is the host name of the remote router, and PASS is its password. Issue

this command once for each PPP connection. For example if you are connecting
RouterA to RouterB and RouterC, on RouterA issue this command once for each
remote router.
How to configure HDLC and PPP step by step guide and
example
In this article I will demonstrate how can you configure wan encapsulation protocols. HDLC is
the default encapsulation for synchronous serial links on Cisco routers. You should only use
the encapsulation hdlc command to return the link to its default state.
For practical example of HDLC PPP create a simple topology as shown in figure or download
this pre configured topology and load it in packet tracer.
 Pre configured topology for PPP and HDLC

Double click on R1 and check the default encapsulation

Router>
Router#show interfaces serial 0/0/0
Serial0/0/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 20.0.0.1/8
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
[output is omited]
As you can verify that default encapsulation on router is HDLC. A wan link work only when it
detects same protocols on same sides. To check it change the default encapsulation to PPP.
Router#configure terminal
Router(config)#interface serial 0/0/0
Router(config-if)#encapsulation ppp
Router(config)#exit
Router#show interfaces serial 0/0/0
Serial0/0/0 is up, line protocol is down (disabled)
Hardware is HD64570
Internet address is 20.0.0.1/8
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
[output is omited]
as you can see that line protocols is disable. To enable it set the encapsulation back to HDLC
and restart the port with shut down command
Router#configure terminal
Router(config)#interface serial 0/0/0
Router(config-if)#encapsulation hdlc
Router(config-if)#shutdown
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#exit
Router#show interfaces serial 0/0/0
Serial0/0/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 20.0.0.1/8
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
[output is omited]

Configuration of PPP
Now we will configure PPP encapsulations on both router. We will also authenticate it with
CHAP. Hostname of Router are R1 and R2 and password is vinita.
Double Click on R1 and configure it
Router>enable
Router#configure terminal
Router(config)#hostname R1
R1(config)#username R2 password vinita
R1(config)#interface serial 0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#exit
R1(config)#
Now configure R2 for PPP
Router>enable
Router#configure terminal
Router(config)#hostname R2
R2(config)#username R1 password vinita
R2(config)#interface serial 0/0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#exit
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0,
changed state to up
R2(config)#

HDLC PPP command reference sheet

Router(config)#interface serial 0/0/0 Moves to interface configuration mode

Router(config-if)#encapsulation hdlc Sets the encapsulation mode for this interface to HDLC

Router(config)#interface serial 0/0/0 Moves to interface configuration mode

Router(config-if)#encapsulation ppp Changes encapsulation from default HDLC to PPP

Sets a username of R1 and a password of vinita for authentication

Router(config)#username R1 password
vinita from the other side of the PPP serial link. This is used by the local

router to authenticate the PPP peer

Router(config)#interface serial 0/0/0 Moves to interface configuration mode.

Router(config-if)#ppp authentication
pap Turns on Password Authentication Protocol (PAP) authentication only

Router(config-if)#ppp authentication Turns on Challenge Handshake Authentication Protocol (CHAP)

chap
authentication only.

Router(config-if)#ppp authentication Defines that the link will use PAP authentication, but will try CHAP if
pap chap
PAP fails or is rejected by other side.

Router(config-if)#ppp authentication Defines that the link will use CHAP authentication, but will try PAP if
chap pap
CHAP fails or is rejected by other side.

Router(config-if)#ppp pap
This command must be set if using PAP in Cisco IOS Software
sentusername R1 password vinita
 Release 11.1 or later

Router#show interfaces serial x Lists information for serial interface x

Tells you what type of cable (DCE/DTE) is plugged into your interface
Router#show controllers serial x
and whether a clock rate has been set

Router#debug serial interface Displays whether serial keepalive counters are incrementing

Router#debug ppp Displays any traffic related to PPP

Router#debug ppp packet Displays PPP packets that are being sent and received

Router#debug ppp negotiation Displays PPP packets related to the negotiation of the PPP link