How to Configure OSPF in CISCO

OSPF Tropology

OSPF Tropology

Configuration Command Line on R2:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int g0/0
Router(config-if)#ip address 172.16.0.193 255.255.255.224
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

Router(config-if)#
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int s0/3/0
Router(config-if)#ip address 172.16.0.226 255.255.255.252
Router(config-if)#no shutdown

%LINK-5-CHANGED: Interface Serial0/3/0, changed state to down
Router(config-if)#exit
Router(config)#int s0/3/1
Router(config-if)#ip address 172.16.0.229 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#no shutdown

%LINK-5-CHANGED: Interface Serial0/3/1, changed state to down
Router(config-if)#
Router(config-if)#
Router(config-if)#exit

Router(config)#router ospf 1
Router(config-router)#network 172.16.0.192 0.0.0.31 area 0
Router(config-router)#network 172.16.0.224 0.0.0.3 area 0
Router(config-router)#network 172.16.0.228 0.0.0.3 area 0
Router(config-router)#passive-interface g0/0

Router#show ip ospf int g0/0
Router#show ip ospf

Configuration Command Line on R1:

Router(config)#hostname R1
R1(config)#
R1(config-if)#int g0/0
R1(config-if)#ip address 172.16.0.1 255.255.255.128
R1(config-if)#no shutdown

R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

R1(config-if)#exit
R1(config-if)#exit
R1(config)#int s0/1/0
R1(config-if)#ip address 172.16.0.225 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown

R1(config-if)#
%LINK-5-CHANGED: Interface Serial0/1/0, changed state to up

R1(config-if)#exit
R1(config)#int s0/1/1
R1(config-if)#ip address 172.16.0.234 255.255.255.252
R1(config-if)#no shutdown

R1(config-if)#router ospf 1
R1(config-router)#network 172.16.0.0 0.0.0.127
% Incomplete command.
R1(config-router)#network 172.16.0.0 0.0.0.127 area 0
R1(config-router)#network 172.16.0.224 0.0.0.3 area 0
R1(config-router)#network 172.16.0.232 0.0.0.3 area 0
R1(config-router)#exit
Router(config-router)#

Configuration Command Line on R3:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R3
R3#config t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int g0/0
R3(config-if)#ip address 172.16.0.129 255.255.255.192
R3(config-if)#no shutdown
R3(config-if)#
R3(config-if)#

R3(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

R3(config-if)#exit
R3(config)#int s0/3/1
R3(config-if)#ip address 172.16.0.230 255.255.255.252
R3(config-if)#no shutdown

R3(config-if)#
%LINK-5-CHANGED: Interface Serial0/3/1, changed state to up
R3(config-if)#exit
R3(config)#int
% Incomplete command.
R3(config)#int s0/3/0
R3(config-if)#ip address 172.16.0.233 255.255.255.252
R3(config-if)#clock rate 64000
R3(config-if)#no shutdown

R3(config-if)#
%LINK-5-CHANGED: Interface Serial0/3/0, changed state to up

R3(config-if)#exit
R3(config)#

R3(config)#router ospf 1
R3(config-router)#network 172.16.0.128 0.0.0.63 area 0
R3(config-router)#network 172.16.0.228 0.0.0.3 area 0

R3(config-router)#network 172.16.0.232 0.0.0.3 area 0
R3(config-router)#exit

Now Test the connection through PC: 

PC>ping 172.16.0.194

Pinging 172.16.0.194 with 32 bytes of data:

Request timed out.
Reply from 172.16.0.194: bytes=32 time=1ms TTL=126
Reply from 172.16.0.194: bytes=32 time=2ms TTL=126
Reply from 172.16.0.194: bytes=32 time=1ms TTL=126

ping test

Ping Testing

Thank you

Momataj Momo

Advertisements

Virtual local area networks (Vlans) Concepts

A VLAN is a group of logically network devices. such as a set of networked computers and printers for a department or building floor.and can seperate networks “guests” and trusted users traffic. A logically separate subnetwork which device on vlan 20 and Vlan 30 can not communicate without a layer 3 device.

The term VLAN stands for ‘Virtual LAN’ and Cisco defines a VLAN as a broadcast domain. Basically, what that means is that you can segregate certain ports on a single physical switch into logical switches (VLANs).VLAN’s allow a network manager to logically segment a LAN into different broadcast domains. Since this is a logical segmentation and not a physical one, workstations do not have to be physically located together. Users on different floors of the same building, or even in different buildings can now belong to the same LAN.VLAN’s also allow broadcast domains to be defined without using routers. Bridging software is used instead to define which workstations are to be included in the broadcast domain. Routers would only have to be used to communicate between two VLAN’s.Moreover , Virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

20070725_120904_image001_207817_1285_0 16751

VLAN can do :

-Create smaller broadcast domains, and therefore less wasted bandwidth.
-Increase security, as VLANS are not visible to outside traffice
-Decrease Costs: Building with multile companies can use a single network infrastructure.
-Effecient use of bandwidth (2 trunks for a high traffic VlAN)
-Simplify management
– VLANs can also be used to help route traffice. A seperate VLAN can used for VoIP phones.
-It is also possible to seperate Wireless traffic using Wireless VLANs
– Unsecured traffic could be on a ” guest” VLAN
– Secure traffic could be on nn”Staff” VLAN

Types of Connections : 

Devices on a VLAN can be connected in three ways based on whether the connected devices are VLAN-aware or VLAN-unaware. Recall that a VLAN-aware device is one which understands VLAN memberships (i.e. which users belong to a VLAN) and VLAN formats.

1) Trunk Link: All the devices connected to a trunk link, including workstations, must be VLAN-aware. All frames on a trunk link must have a special header attached. These special frames are called tagged frames.

pic3

2) Access Link

An access link connects a VLAN-unaware device to the port of a VLAN-aware bridge. All frames on access links must be implicitly tagged (untagged).The VLAN-unaware device can be a LAN segment with VLAN-unaware workstations or it can be a number of LAN segments containing VLAN-unaware devices

pic4

3) Hybrid Link

This is a combination of the previous two links. This is a link where both VLAN-aware and VLAN-unaware devices are attached. A hybrid link can have both tagged and untagged frames, but allthe frames for a specific VLAN must be either tagged or untagged.

pic5

How to Add VLAN TO network:
Using the CL1, we enter the following on Switch: Lets it CORE1 Switch
CORE1(config) # vlan 10
CORE1(config-vlan) # name student
CORE1(config-vlan) #exit
CORE1(config) #vlan 20
CORE1(config-vlan) # name Faculty
CORE1(config-vlan) #exit
CORE1(config) #vlan 30
CORE1(config-vlan) #name struff
CORE1(config-vlan) #exit
CORE1(config) #vlan40
CORE1(config-vlan) #name guest
CORE1(config-vlan) # exit

VLANs Configuring Ports:
On each switch, identify which device is supposed to be on which VLAN. Suppose,  Student_server_core needs to be on VLAN 10. It is connected to fast ethernet interface 0/2

SWITCH(config)# int fa0/2
SWITCH(config-if)# switchport mode access
SWITCH(config-if)# switchport access vlan 20
SWITCH(config-if)# exit

* Do the same on all switches , setting the correct ports to the correct VLAN. On the device end, the only note is that all devices on a VLAN must be on the same subnet.

Trunk Link: A trunk is a point to point link between the device and another networking device. Trunk carry the traffic of multiple VLANs over single link and allow user to extend VLAN access on entire network. By default, A trunk port send traffic to add receives from all VLANS. All VLAN IDs are allowed on each trunk.

Configuration syntax for Trunk link:

Switch(config)#vlan 99

Switch(config -vlan)#exit

Switch#config t

SWITCH(config) # Interface fa0/1

Switch(config -if)# switchport mode trunk

Switch(config -if)# Switchport access trunk native vlan 99

Native VLAN: A native vlan is the untagged vlan on an 802.1q trunked switchport.  The native vlan and management vlan could be the same, but it is better security practice that they aren’t.  Basically if a switch receives untagged frames on a trunkport, they are assumed to be part of the vlan that are designated on the switchport as the native vlan.  Frames egressing a switchport on the native vlan are not tagged.

Thank you

Momataj Momo

Practice Skills Assessment – Packet Tracer (Module One Exam Solution )

You will practice and be assessed on the following skills:

  • Configuration of initial IOS device settings
  • Design and calculation of IPv4 addressing
  • Configuration of IOS device interfaces including IPv4 and IPv6 addressing when appropriate
  • Addressing of network hosts with IPv4 and IPv6 addresses
  • Enhancing device security, including configuration of the secure transport protocol for remote device configuration
  • Configuration of a switch management interface

Requirements by device:

  • Town Hall router:
  • Configuration of initial router settings
  • Interface configuration and IPv4 and IPv6 addressing
  • Device security enhancement or “device hardening”
  • Secure transport for remote configuration connections as covered in the labs.
  • Backup of the configuration file to a TFTP server
  • Administration Switch:
  • Enabling basic remote management by Telnet
  • PC and Server hosts:
  • IPv4 full addressing
  • IPv6 addressing
Skill Test Exam Solution

Fig : Topology (Skill Test Exam Solution)

ccna-1-skill-final-1

Step 1:

Design an IPv4 addressing scheme and complete the Addressing Table based on the following requirements. Use the table above to help you organize your work.

a. Subnet the 192.168.1.0/24 network to provide 30 host addresses per subnet while wasting the fewest addresses.

b. Assign the fourth subnet to the IT Department LAN.

c. Assign the last network host address (the highest) in this subnet to the G0/0 interface on Town Hall.

d. Starting with the fifth subnet, subnet the network again so that the new subnets will provide 14 host addresses per subnet while wasting the fewest addresses.

e. Assign the second of these new 14-host subnets to the Administration LAN.

f. Assign the last network host address (the highest) in the Administration LAN subnet to the G0/1 interface of the Town Hall router.

g. Assign the second to the last address (the second highest) in this subnet to the VLAN 1 interface of the Administration Switch.

h. Configure addresses on the hosts using any of the remaining addresses in their respective subnets.

Step 2: Configure the Town Hall Router.

a. Configure the Town Hall router with all initial configurations that you have learned in the course so far:

· Configure the router hostname: Middle

· Protect device configurations from unauthorized access with the encrypted password.

· Secure all of the ways to access the router using methods covered in the course and labs.

· Newly-entered passwords must have a minimum length of 10 characters.

· Prevent all passwords from being viewed in clear text in device configuration files.

· Configure the router to only accept in-band management connections over the protocol that is more secure than Telnet, as was done in the labs. Use the value 1024 for encryption key strength.

· Configure user authentication for in-band management connections.

b. Configure the two Gigabit Ethernet interfaces using the IPv4 addressing values you calculated and the IPv6 values provided in the addressing table.

· Reconfigure the link local addresses as was practiced in the labs. The IPv6 link-local Interface ID should match the IPv6 unicast Interface ID as is practiced in the labs.

· Document the interfaces in the configuration file.

Step 3: Configure the Administration Switch.

Configure Administration Switch for remote management.

Step 4: Configure and Verify Host Addressing.

a. Use the IPv4 addressing from Step 1 and the IPv6 addressing values provided in the addressing table to configure all host PCs with the correct addressing.

b. Use the router interface link-local addresses as the IPv6 default gateways on the hosts.

c. All hosts should be able to ping each other over IPv4.

Step 5: Backup the Configuration of the Town Hall Router to TFTP.

a. Complete the configuration of the TFTP server using the IPv4 addressing values from Step 1 and the values in the addressing table.

b. Backup the running configuration of Town Hall to the TFTP Server. Use the default file name.

Solution : 

Router>
Router>enable
Router#configure terminal
Router(config)#interface g0/0
Router(config-if)#ip address 192.168.1.126 255.255.255.224
Router(config-if)#description IT Department LAN
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface g0/1
Router(config-if)#ip address 192.168.1.158 255.255.255.240
Router(config-if)#description Administration LAN
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#ipv6 unicast-routing
Router(config)#interface g0/0
Router(config-if)#ipv6 address 2001:db8:acad:A::1/64
Router(config-if)#ipv6 address FE80::1 link-local
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface g0/1
Router(config-if)#ipv6 address 2001:db8:acad:B::1/64
Router(config-if)#ipv6 address FE80::1 link-local
Router(config-if)#no shutdown
Router(config-if)#exit

Router(config)#
Router(config)#hostname Middle
Middle(config)#Enable secret class12345
Middle(config)#line console 0
Middle(config-line)#password cisconet2014
Middle(config-line)#login
Middle(config-line)#exit
Middle(config)#line vty 0 15
Middle(config-line)#password cisconet2014
Middle(config-line)#login
Middle(config-line)#exit
Middle(config)#line aux 0
Middle(config-line)#password cisconet2014
Middle(config-line)#login
Middle(config-line)#exit
Middle(config)#
Middle(config)#Banner motd “Authorized Access Only”
Middle(config)#security password min-length 10
Middle(config)#service password-encryption
Middle(config)#ip domain-name ccna.net
Middle(config)#username cisco secret cisconet2014
Middle(config)#crypto key generate rsa
The name for the keys will be: Middle.cisco.local
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

Middle(config)#line vty 0 15
Middle(config-line)#login local
Middle(config-line)#transport input ssh
Middle(config-line)#exit
Middle(config)#

—————————————–
Switch1 ip default gateway 192.168.1.158

—————————————–

Reception Host
default gateway FE80::1
default gateway 192.168.1.126

IP address 192.168.1.97/27
IPv6 address 2001:DB8:ACAD:A::FF/64

—————————————–

Operator Host

default gateway FE80::1
default gateway 192.168.1.126

IP address 192.168.1.98/27
IPv6 address 2001:DB8:ACAD:A::15/64

—————————————–

IT Host

default gateway FE80::1
default gateway 192.168.1.158

IP address 192.168.1.145/28
IPv6 address 2001:DB8:ACAD:B::FF/64

—————————————–

SERVER TFTP

default gateway FE80::1
default gateway 192.168.1.158

IP address 192.168.1.146/28
IPv6 address 2001:DB8:ACAD:B::15/64

—————————————–

Backup the Configuration of the Town Hall Router to TFTP.

Middle#copy running-config tftp
Address or name of remote host []? 192.168.1.146
Destination filename [Router-confg]? [Press Enter]

—————————————–

Momataj Momo

 

Skill Test in Packet tracer : Step by Step Basic Global Configuration commands for new learner (CISCO MODULE 1)

cablling

Different Type Device Connection Router to Router ( Fastethernet Interface or Interface Serial Port, Copper Cross over connection) PC to Router ( Copper Crossed Over Connection , Fastethernet interfae ) PC to Switch or Switch to Router ( Copper Straight – through , Interface Fastethernet)

Continue with configuration dialog? [yes/no]: no

Press RETURN to get started!

Router > 

In User Mode: Router > ‘ User mode is indicated with “>” next to the router name . In this mode you can look at setting but can not make changes

In Privilege Mode: Router # To get into Privilege mode the keyword is enable.

To get back user mode from privilege: Router # exit or Disable 

Router > 

From user mode type logout or exit to leave the router 

router > logout or exit

Press Enter to get back Router Prompt 

Router > ? You are now user mode. Type ? to view all the available command at this prompt .

From privilege mode you can enter in configuration mode by typing configure terminal . You can exit configuration mode type Exit or <ctl>+Z

Router > enable

Router #

Router # config t or terminal

router<config> # exit

Router #

To view all commands available from this mode type ?  and press enter. This will give you list of all available command for the router in your current mode.

For example : If you want to use a show command but you do not remember which one it uses “Show ?”

Router # show ? will output all command that you can use with the show command.

Configuration Router or switch  host name : This command works on both routers and switches

Router (config)# hostname R1

R1(config)#

Configuration Password: This command also work on both router and switch

router (conffig) # enable password cisco(Sets enable password to cisco)

Router (config)# enable secret cisco (sets enable secret pw to cisco)

note: The enable secret password is encrypted by default . The enable password is not encrypted . For this reason, Recommended practice is that you never use the enable password command. Use only the enable secret password command in a router or switch configuration .

you can not use / set both enable password or enable secret password to the same time. So by default use encryption password.

Console configuration:  

Router (Config) # line console 0 (enter console line mode)

router (config-line)# password console (sets console line mode pw to console)

router (config-line)# login (enable pw checking at login)

routern(config-line) # exit

Telnet Configuration : 

router (config) # line vty 0 4 (enter vty line mode for all five vty lines)

router(config-line)# password telnet (set vty pw to telnet)

router(config-line)# login (enable pw checking at login)

router(config-line)# exit

Auxiliary configuration : 

router(config)# line aux 0 (enter auxiliary line mode)

router(config-line)# password aux (sets auxiliary line mode pw to aux)

router(config-line)#login (enable pw aux line checking at login)

router(config-line)# exit

Configuration Fast Ethernet Interface :  

router(config)# interface fastethernet 0/0 (move to fastethernet 0/0 interface config mode)

router(config-if)# description #student lab LAN# (optional description of the link is locally significant)

router(config-if)# ip address 10.0.0.0 255.0.0.0 (assign ip address and subnet mask to interface)

router(config-if)#  no shutdown ( turn interface on)

router(config-if)#  exit

Configuration Serial port Interface : 

router(config)# interface serial 0/0 (move to serial 0/0 interface config mode)

router(config-if)# ip address 20.0.0.0 255.0.0.0 (assign ip address and subnet mask to interface)

router (config-if) #clock rate 64000 (if DCE serial port, need to assign clock rate and band width)

router (config-if)#band width 6400

router(config-if)#  no shutdown ( turn interface on)

router(config-if)#  exit

Creating a message of the Day Banner : 

router (config)# banner motd #next schedule meeting with manage is postpone # 

router (config)# 

The MOTD banner is display on all terminals and is useful for sending message that affect all users. use the no banner motd command to disable the motd banner.

router (config)# no banner motd

The MOTD banner displays before the login prompt and the login banner, if one has been created.

Creating a Login Banner : 

router (config)# banner login #unauthorized access is prohibited ! please enter your username and password#

router (config)#

The login banner displays before the username and password login prompts. Use the no banner login command to disable the login banner . The MOTD banner display before the login banner.

#….. # is known as a delimiting character . The delimiting character must surround the banner and login message and can be any character so long as it is not a character used within the body of the message.

Assigning a local host name to an IP address :

router (config)# IP host R2 172.16.1.1 <IP host Hostname IP address )

Assign a host name to the IP address . After this assignment , you can use the host name rather than an IP address when trying to Telnet or Ping to address.

The No IP Domain-looup command: 

router (config)# no ip domain-lookup

router (config)#

Turn off to automatically resolve an unrecognized command to a local lost name. The router is set  by default try to resolve any word that is not a command to a doman name system(DNS) server  address  255..255.255.255

If you are not going to setup DNS, turn off this feature to save your time as you type. 

The Logging synchronous command :  

router (config)# line console

router (config)# exce-timeout 0 0

router (config)#

sets the time limit when the console automatically logs off. sets to 0 0 (minutes seconds) means the console never logs off

The command exce-timeout 0 0 is great for a lab environment because the console never logs out. This is considered to be bad security and is dangerous in the real world. The default for the exce-timeout is 10 minutes and zero (0) seconds .

Saving and erasing configurations:  

router (config)# exit ( during you back in privilage exec-mode)

router (config)# copy running-config startup-config (Saves the running configuration to local NVRAM)

router (config)# copy running-config iftp (saves the running config remotely to a TFTP server)

router (config)# erase startu-config (Delete the startup configuration file from NVRAM)

Thank you

Momtaj Momo