Cisco CCNA: IOS Configuration
Unit 1. Passwords, Identification, and Banners
Now that you know some basic IOS commands, it's time to begin configuring. In this course we'll show you how to configure many aspects of your router — from the router name to specific interfaces and protocols.
In this first unit, you'll examine the commands to configure these general aspects of your router: router name, passwords, and a banner that appears every time a user logs in.
After completing this unit, you should be able to:
- Name a router
- Configure passwords
- Add banners
This unit provides information that is relevant to the following CCNA exam objectives:
- Control router passwords, identification, and banner
Topic 1.1: Introduction
*Name and Passwords Are NecessitiesUsually, the router name and passwords are first configured in setup mode during router startup. But router names and passwords can be reconfigured anytime thereafter. The banners, and the descriptions that are similar to banners, are not configured in setup mode because they are entirely optional.
In this unit we'll limit our discussions to post-startup configurations.
*Name, Passwords, and Banners Are Global
You need to be in the global configuration mode or one of the submodes when configuring router name, passwords, and banners. As you learned in an earlier course, you can use the code shown here to enter global configuration from privileged EXEC mode.
Our first configuration will be the router name.
Topic 1.2: Router Name
*Name That RouterYou don't have to give your router a name, but it helps, especially if you are responsible for multiple routers. It is especially helpful when configuring routers at a remote location.
Generally, most people name their routers after the host. If you don't name your router, it assumes the default name Router. The router name appears as part of the EXEC mode prompts.
*Router As Host
The procedure for naming a router is simple. First, you must be in the global configuration mode. Once there, you follow this command format:
Router(config)#hostname newName
As soon as you enter the hostname command, the prompt changes to reflect the new hostname. In the example shown here, the hostname in the prompt changes immediately from router1 to routerC.
Topic 1.3: Passwords
*Types of PasswordsPasswords improve, but do not guarantee, network security. You can set passwords in global configuration mode at the router console or at a vty (virtual terminal) line. IOS supports these types of passwords:
- Line-access
- Privileged EXEC mode
- Encrypted
*Line-Access Passwords
Line-access passwords apply to all router lines. This means both vty lines and the console.
*Privileged EXEC Passwords
Privileged EXEC mode passwords allow a user to proceed from user EXEC mode to privileged EXEC mode.
These passwords are also called enable passwords, because you enter enable at the user EXEC prompt to bring up the password prompt for the privileged EXEC mode.
*Encrypted Passwords
When any password — encrypted or not — is entered at the password prompt, the cursor does not move and the password does not appear as you type it in. But, unencrypted passwords do appear in clear text in show running-config and show startup-config displays. Therefore, encrypting passwords is another way to increase network security.
Question 1
Topic 1.3.1: Line-Access Passwords
*Configuring Line-Access PasswordsSetting up console line-access passwords is slightly different than setting up vty line-access passwords. The difference is how you access the line submode of global configuration.
This is the general format for both types of connections:
Router(config)#line [aux|console|vty] line-number [ending line number]
Router(config-line)#password password
*Configuring Vty Lines
The commands shown in the code block apply the line-access password command syntax specifically to vty lines. This is the general format:
Router(config)#line vty line-number [ending line number]
Router(config-line)#password password
*Configure Vtys the Same or Individually
Typically, routers have five vty lines, which means a router can have five simultaneous Telnet sessions. The lines are numbered 0, 1, 2, 3, 4. Passwords can all be different or they can all be the same. Sometimes network administrators set four passwords that are identical and one that is unique — the purpose for this is to allow four lines for administrators to access, and one line for router recovery in emergency situations.
The configuration shown here assigns one password — pasvty04 — to all five vty lines.
*Passwords Optional
If you do not need passwords for the virtual terminals, disable the default with this command:
no login
*Instant Access
Consequently, the next time you establish a Telnet session, the user EXEC mode appears instead of the login password prompt.
*Console Sets Up Like Vty
Here are the command formats for setting a console password.
Router(config)#line con line-number
Router(config-line)#login
Router(config-line)#password password
The login command is needed if no password has ever been set, or if the no login command has previously been executed.
*Console Passwords
The console password is optional. In the example shown here, the password for the console has been disabled.
If your console is accessible to others, you may want the added router security that comes with setting a password. If your console is in a room that only you can access, a password may not be necessary. This is the format for disabling the console password:
Router(config)#line con line-number
Router(config-line)#no password password
*Save Passwords for Future
As soon as a password is set, it is usable until you reboot your router.
If you want the password to be permanent, i.e., valid after future router reboots, you must copy your running-config to your startup-config file.
Question 2
Question 3
Question 4
Question 5
Topic 1.3.2: Privileged EXEC Mode Passwords
*Configuring Privileged EXEC PasswordsNow it's time to discuss another type of password — the password that allows access to privileged EXEC mode. Set up a new password into privileged EXEC mode with this command:
Router(config)#enable password password
*Why Protect Privileged EXEC?
Because any router command can be issued from privileged EXEC mode, certain security guidelines apply to the enable password:
- Only one enable password can be created.
- The password must be less than 25 characters, and cannot begin with a number.
- The privileged EXEC mode can only be accessed from the router console if the enable password has not yet been configured.
- The enable password can be encrypted. As you'll soon learn, however, there are additional encryption commands that can further increase network security.
Topic 1.3.3: Encrypted Passwords
*Configuring Encrypted PasswordsAlthough the command enable password can be encrypted, the enable secret command provides better encryption. This is the enable secret command format:
Router(config)#enable secret [level level] {password|encryption-type encrypted-password}
The level ranges from 0–15, and the default is 15 (without specifying the argument level and its value of 15) for customary EXEC privileges.
*A Bigger Blanket of Security
You can configure an even higher level of encryption that uses a different algorithm and makes the password harder to de-encrypt. This is the command, which takes no arguments:
Router(config)#service password-encryption
By using the service password-encryption command, you prevent others from viewing all of your router passwords after entering show startup-config or show running-config commands.
Question 6
Topic 1.4: Using Passwords
*How the User Sees PasswordsNow that we've configured passwords, let's look at how they work.
From the user's side, once the password has been configured, the user has three tries to correctly enter a password at the password prompt. Shown here is the line-access password prompt for a Telnet connection over a vty line.
*Three Strikes and You're Temporarily Out
If the user enters three incorrect passwords, IOS tells the user that the passwords are bad.
*Time Out
Similarly, if the user does not enter anything at the password prompt, IOS times out of the system after a specified time interval, which by default is ten minutes. If the router times out, either the password prompt reappears or the user can press Enter to begin the login process again.
*Turning Back, from the Administrator's Side
From the administrator's side, once a password has been configured, it can be disabled by placing a no in front of the original. For example, the following commands enable a password, then disable it.
enable password password
...
no enable password
Question 7
Question 8
Topic 1.5: Banners
*Types of BannersBanners are messages that appear on the screens of the console and all vty terminals that are connected to a router. Banners do not require user input. There are four types of banners:
- Motd (message of the day)
- Exec
- Incoming
- Idle
*Uses for Banners
Banners have no length limit, and can be tailored for your purposes. Banners can:
- Show maintenance schedules.
- Warn users that they will need a password to proceed.
- Display a company logo.
*Configuring the Motd Banner
The message of the day banner appears when you are logging in. It is easily configured with the command format shown here:
Router(config)#banner motd delimiter banner text delimiter
The delimiter is a character that you choose to separate your banner text. The delimiter shown here is #. The banner text is whatever you want to be displayed.
*Configuring the Exec Banner
An exec banner is displayed whenever a line is activated or an incoming connection to a virtual terminal is made. This is the command format:
Router(config)#banner exec delimiter banner text delimiter
The delimiter shown here is #.
*Configuring the Incoming Banner
An incoming banner is sent from the router to an incoming connection. In other words, it is displayed on terminals that are considered to be reverse Telnet lines.
The command format is this:
Router(config)#banner incoming delimiter banner text delimiter
The delimiter shown here is %.
*Configuring the Idle Banner
Idle banners appear only when a terminal or console is not being used. This is the command format for idle banners.
Router(config-line)#vacant-message [delimiter message delimiter]
Topic 1.6: Descriptions
*Describing a DescriptionA description is similar to a banner, but can be configured for a specific interface. The description must be added at the interface configuration prompt. Here is the command to add a description:
Router(config-if)#description description text
Question 9
Question 10
* Exercise 1
Try configuring passwords and a banner on your Cisco router.
| Step | Action |
|---|---|
| 1 | If you have access to a router, you may want to practice this exercise by actually reconfiguring the passwords and banners on your router. But, before making any changes, make sure you have an updated startup-config file just in case you need to re-establish normal router configurations. If you don't have access to a router, just list the commands and the expected output. |
| 2 | Before executing any reconfiguration, use the show running-config command to display your current configuration values. |
| 3 | Set up the console for your Cisco router with the password myCon |
| 4 | Set up four vty lines for your Cisco router with the password allAdmin |
| 5 | Set up the fifth vty line with the password privyAdmin |
| 6 | Set the enable password to enter the privileged EXEC mode as privilege |
| 7 | Set the enable secret password to enter the privileged EXEC mode as privilegeSecret |
| 8 | Use the service password-encryption command to better encrypt your passwords. |
| 9 | Set the router hostname as myTest |
| 10 | Add this motd banner CCNA Test Banner |
| 11 | Use the show running-config command to display the current values that you just reconfigured in this exercise. Compare these values to those shown prior to this reconfiguration. If necessary, reload the startup-config file to reset your configuration parameters. |
Topic 1.7: Unit 1 Summary
In this unit you gave your router an identifiable name and examined the commands for passwords. Passwords help prevent others from taking unauthorized looks.Then you examined how to configure informational banners. Banners allow you to communicate to anyone accessing your router's IOS.
In essence, you dressed the router for success; now you have to make it work for you.
In the next unit you'll analyze some basic interface configurations.
Unit 2. Configuring Interfaces
As you progress through this course, you'll explore more and more configuration commands.
In this unit you'll begin to examine interface configuration. You'll examine the commands to configure some general, but important interface parameters. These parameters include bandwidth, keepalive intervals, and interface delay. You'll also analyze how to temporarily shut down an interface.
Armed with more knowledge about configuration parameters, you'll take a closer look at the show interfaces command.
After completing this unit, you should be able to:
- List the types of interfaces that routers can configure
- Know the commands that are useful when configuring interfaces
- Shut down an interface
- Understand more about the show interfaces output
This unit provides information that is relevant to the following CCNA exam objectives:
- Examine router elements
- Manage configuration files from the privilege EXEC mode
Topic 2.1: Types of Interfaces
*Many Router InterfacesYou can configure many interfaces with Cisco routers.
*A List of Interfaces
Listed here are some of the types of interfaces that you can configure.
- ATM
- Channelized E, channelized T1
- Dialer
- Ethernet
- FDDI
- HSSI
- ISDN BRI, ISDN MBRI (MultiBasic Rate Interface), ISDN PRI
- LAN Extender
- Loopback
- Null
- Synchronous serial, asynchronous serial
- Token Ring
- Tunnel
*Two More Categories
These interfaces can be classified into two categories:
- Physical
- Virtual
The virtual types depend on how you tailor your network to work best for you.
*Types of Virtual Interfaces
Virtual interfaces can be divided further:
- Subinterfaces — These are one or multiple virtual interfaces that exist on a physical interface. They are used in protocols such as ATM, Frame Relay, SMDS, X.25 and Novell IPX.
- Tunnels — Encapsulation of a specific protocol within a data packet so that a network can transport data from multiple network protocols.
Topic 2.2: Some Configuration Parameters
*Eight Interface ParametersCertain configuration parameters are handy to know. Most are not specific to one interface. These parameters, each of which we'll discuss separately, include:
- Bandwidth
- Delay
- Description
- Hold-queue limits
- Keepalive timers
- MOP (Maintenance Operation Protocol)
- MTU (Maximum Transmission Size)
- Transmit queue size
*Bandwidth
Although bandwidth is a measurable physical commodity, available bandwidth can be optimized with the use of certain protocols and routing configurations. For example, the protocol IGRP incorporates available bandwidth into its routing metric, and TCP uses the bandwidth of the sending interface to aid data transmission.
Similarly, you can configure your router to set a bandwidth value for an interface. The physical bandwidth does not change. To do this, use the command shown here.
Router(config-if)#bandwidth kilobits
Question 11
*Delay
Configuring an interface delay helps some protocols like IGRP function. For example, IGRP might incorporate the delay value in its routing metric to differentiate a satellite link from a serial link. However, this configured delay is a "dummy" value that doesn't actually occur. Use this command to set an interface delay:
Router(config-if)#delay tensOfMicroseconds
*Description
We discussed descriptions previously in this course.
Here is the format for adding a description:
Router(config-if)#description descriptionText
*Showing the Description
The configured description appears as part of the output for these commands:
- show running-config
- show startup-config
- show interfaces
*Hold-Queue Limit
A hold-queue limit is the maximum number of data packets that an interface can store. If the hold-queue limit is reached, the interface does not accept more packets. The minimum value is 0, and the maximum is version-dependent. The maximum is 65535 packets on IOS 11.3, but 4096 packets on IOS 12.0.
This is the format for setting the hold-queue limit:
Router(config-if)#hold-queue number [in|out]
The option in represents the number of acceptable incoming packets and out represents the number of acceptable outgoing packets.
*Keepalive Timers
You can use the keepalive command to adjust how frequently the router sends updates verifying that a network interface or another specific interface is alive. The router may send update messages to itself for LAN connections, or to outside destinations for serial HDLC or PPP connections.
The command format is shown here. The default interval is ten seconds.
Router(config-if)#keepalive [intervalInSeconds]
*Why Keep Keepalives?
The keepalive parameter is particularly useful for the transmission of update messages sent on low-bandwidth serial lines, because large data packets can delay the passage of update messages.
If three update intervals pass without an update message sent by the router, an interface is assumed to be down.
*MOP Enabled
MOP (Maintenance Operation Protocol) is a DECnet protocol that is used for primitive maintenance operations, such as downloading a system image to a diskless station.
Here is the command to enable MOP:
Router(config-if)#mop enabled
*MOP Sysid
This is the command if you want an interface to send out periodic MOP system identification messages. This command does not take arguments:
Router(config-if)#mop sysid
*MTU
The MTU (Maximum Transmission Unit) is the maximum packet size (in bytes) that can be handled by an interface. The default MTU is usually 1500 bytes for Ethernet and serial interfaces, 4464 for Token Ring, and 4470 for ATM, FDDI and HSSI. The default may differ from the true maximum size.
This is the command format:
Router(config-if)#mtu bytes
*MTUs Depend on Protocols
There are protocol-specific mtu commands, such as ip mtu. If you change the mtu value with the mtu command, then the value for the protocol-specific mtu command is changed as well. But the opposite is not true — changing the protocol-specific mtu value does not change the mtu value.
*Transmit Queue Size
The transmit queue size command sets the size of the transmit queue available to the interface specified on SCI and MCI serial interface cards. Here is the format:
Router(config-if)#tx-queue-limit [number]
Defaults vary, depending on the size of the interface routing patterns and the transmit buffer pool. The show controllers command displays the default.
* Exercise 1
Try identifying some of the configuration parameters used in interface configuration.
| Step | Action |
|---|---|
| 1 | List the eight configuration parameters discussed in this unit. |
| 2 | For each parameter, list its use and its default value, if any. |
| 3 | List the command syntax for each parameter. |
| 4 | List the commands and optimal values that are especially useful for your network. |
Topic 2.3: Shutting Down an Interface
*ShutdownSometimes you may want to temporarily shut down an interface. For example, you may want to perform hardware maintenance or reconfigure an interface as a different type.
Use this command to shut down, or disable, an interface:
Router(config-if)#shutdown
*No Shutdown
To bring the interface back up, use this command:
Router(config-if)#no shutdown
*Showing the Shutdown
Once you shut down an interface, dynamic routing protocols inform other network servers of its unavailability. Also, when you type show interfaces, the output reflects that the interface has been "administratively" disabled.
*Status for Two
The first line of output displays the interface status in two parts:
- Interface
- Line
*Interface Status
The first part refers to the status of the interface hardware. The possibilities are:
- Up
- Down
- Administratively Down
*Interface Possibilities
Usually an interface is down because of hardware problems. Nonetheless, these are the reasons for each down status:
- Administratively down — this occurs if the administrator has shut down the interface with the shutdown command, as previously described.
- Down — this occurs if the router hardware has experienced too many keepalive errors in the designated time interval. Usually this means 5000 keepalive errors occurred in the default ten-second interval.
*Line Status
The second part of the show interfaces output identifies the line hardware and whether the hardware is up or down.
*Line Possibilities
The options for the line are:
- Up
- Down
- Administratively down
*Reasons to Be Down
Once again, the reasons for the down line status are hardware-specific, but these are the two general categories:
- Down — this occurs if the keepalives are not usable
- Administratively down — this occurs if the administrator shuts down the interface hardware
*Specifically for Serial
For serial interfaces, the down line status results from problems at the Data Link layer such as:
- Carrier equipment is not detectable.
- A wrong connector lies somewhere in the setup.
- Clock rate is not detectable.
- The destination system is down, administratively or otherwise.
Serial1 is up, line protocol is down
*If Serial Is Down on Both Interface and Line
This is the reason for the serial interface output shown here:
- A cable is physically disconnected
Serial1 is down, line protocol is down
Question 12
Question 13
Question 14
Topic 2.4: Unit 2 Summary
In this unit you discovered some of the interfaces that can be configured, then you examined some of the commands that help you optimize router performance.In the next unit, we'll mix in some more general interface commands, then proceed on to specific interfaces.
Unit 3. Sample Interface Configurations
In this unit you will examine the steps to configure some common interfaces. First, you will configure a serial interface. Then you'll configure this interface with PPP (Point-to-Point Protocol) as the method of encapsulation.
Next, you will establish the DCE/DTE status for a serial interface. The DCE/DTE status is necessary for the types of WANs that utilize a clocking signal, such as X.25 and Frame Relay.
After completing this unit, you should be able to:
- Configure a serial interface
- Configure PPP encapsulation
- Configure a DCE/DTE interface
This unit provides information that is relevant to the following CCNA exam objective:
- Identify PPP operations to encapsulate WAN data on Cisco routers
Topic 3.1: Synchronous Serial Interfaces
*Configuring Serial InterfacesTo configure a serial interface, enter one of these commands to enter the interface submode. Your router determines which command you should use.
| Command | Router Type |
|---|---|
| Router(config)#interface serial number | Older routers |
| Router(config)#interface serial slot/port | Cisco 7200 and Cisco 7500 series |
| Router(config)#interface serial slot/port-adapter/port | Cisco 7500 series |
| Router(config)#interface serial slot/port:channel-group | T1 or E1 configuration on Cisco 7000 series routers |
| Router(config)#interface serial number:channel-group | T1 or E1 configuration on Cisco 4000 |
*Determining Encapsulation
Next you configure the type of encapsulation. HDLC is the default.
The command syntax for encapsulation is shown here. The braces around the possible encapsulations indicate that you must choose one type. You choose the encapsulation that works for your particular network.
For now, we will concentrate on PPP encapsulation.
router(config-if)#encapsulation {atm-dxi|hdlc|frame-relay|ppp|sdlc-primary|sdlc-secondary|smds|stun|x25}
Question 15
Question 16
Topic 3.2: PPP Encapsulation
*PPP, for ExamplePPP is a common configuration on synchronous and asynchronous serial interfaces.
As you learned in an earlier course, PPP encapsulates Network-layer protocols for point-to-point connections. It uses the LCP protocol to configure authentication, compression, error detection, and multi-linking; each one of these LCP options involves yet another protocol.
*Configuring PPP
Now you'll investigate the steps to configure PPP using the CHAP protocol for authentication, the Stacker protocol for compression and the MP protocol for multilinking.
You must be in the interface submode of global configuration for these commands.
*Encapsulation
These are the commands that identify the interface and the method of encapsulation.
Router#config t
Router(config)#interface serial 1/0
Router(config-if)#encapsulation ppp
*The Authentication Commands
Next, we will configure CHAP as the authentication protocol. As you may remember from an earlier course, CHAP is generally preferred over PAP.
*Configuring CHAP
This is the command format for authentication:
Router(config-if)#ppp authentication [chap|chap pap|pap chap|pap]
Tip: If you choose the option [chap pap] or [pap chap], the second protocol is used if the first protocol cannot be successfully configured.
Router(config-if)#ppp authentication chap
*CHAP Needs Hostname and Password
CHAP configuration requires a hostname and a password. This is the format for the command requesting a hostname.
Router(config-if)#ppp chap hostname hostname
When a hostname is identified, all routers in a network will be known by this same name.
Router(config-if)#ppp chap hostname allrout
*Configuring a Common Hostname
The default for PPP encapsulation is no common hostname. Therefore, by default, an individual router's hostname is added to each CHAP challenge when PPP is in actual operation.
This is the format to disable the common hostname and return to the default:
Router(config-if)#no ppp chap hostname hostname
Router(config-if)#no ppp chap hostname allrout
*Configuring the CHAP Password
This is the command format for assigning a CHAP password:
Router(config-if)#ppp chap password secret
This command supplies a password for challenges from unknown remote routers that do not have a password. Usually, routers that lack a password are simply older routers with older IOS software images.
The default is no secret password.
Router(config-if)#ppp chap password ok5678
Question 17
Question 18
*The Compression Command
Compression is disabled by default. But you may choose to enable it with a specified algorithm such as Predictor or Stacker.
*Configuring Compression
Choose one of these formats:
Router(config-if)#compress [predictor|stac]
or
Router(config-if)#ppp compress [predictor|stac]
*Compression Algorithms Vary with IOS Versions
In IOS versions 11.3 and later, two additional compression arguments can be used. One is for the compression protocol MPPC. The other is a flag to disregard the flag that is in the protocol field of the PPP frame.
These new arguments are reflected in the command format:
Router(config-if)#compress [predictor|stac|mppc[ignore-pfc]]
Router(config-if)#compress stac
*No Error Detection Command
The Magic Number protocol for error detection is used on all serial interfaces and does not need to be configured.
*The Multilinking Command
Multilinking with the MP protocol is disabled by default. This is because multilinking isn't compatible with LAPB Numbered Mode negotiation, which is configured with the following command:
ppp reliable-link
The multilink command is shown here. It carries no arguments.
Router(config-if)#ppp multilink
*The LQM Command
Link Quality Monitoring (LQM) is also used by default on all serial PPP interfaces. LQM replaces the keepalive messages.
LQM requires a percentage value, which is the link quality threshold. If the interface, i.e., link, does not meet the specified percentage, it is taken down.
This is the format for specifying a LQM percentage:
Router(config-if)#ppp quality percentage
Router(config-if)#ppp quality 75
*PPP All Together
The complete interface configuration that you just walked through is shown here.
Because the configuration is finished, you can type Ctrl-z or exit to return to privileged EXEC mode. At this time, you should verify your configuration with the command show interfaces.
Router(config)#interface serial 1/0
Router(config-if)#encapsulation ppp
Router(config-if)#ppp authentication chap
Router(config-if)#ppp chap allrout
Router(config-if)#ppp chap password ok5678
Router(config-if)#compress stac
Router(config-if)#ppp multilink
Router(config-if)#ppp quality 75
Question 19
Question 20
Question 21
Question 22
Topic 3.3: Configuring DCE/DTE Status
*DCE/DTE for Certain Serial InterfacesNow it's time to examine the steps to configure the DCE/DTE status of a serial interface.
The DCE/DTE interface is necessary for the types of WANs that utilize a clocking signal, such as X.25 and Frame Relay.
*Configuration Outline
Here are the general steps that our configuration will follow:
- Determine the DCE/DTE status of the interface, i.e., determine whether this interface will act as a DCE or DTE.
- Enter global configuration mode.
- Identify the interface to be configured.
- If the interface is serving as the DCE, you must configure the clock rate.
- Configure the bandwidth for the interface. This is an optional step.
Topic 3.3.1: Determining DCE/DTE Status
*Choose DCE or DTEYou must ascertain whether your interface is a DCE or DTE before you actually configure your serial interface. The router is set as a DTE by default. If you are not using a modem, you need to configure your router as a DCE device; this is called a back-to-back cable configuration.
To configure your router as a DCE, you must configure the clock signal.
*Checking Your DTE/DCE Status
To check whether your router has DTE or DCE cabling, use the command shown here.
Notice that this command is executed in privileged EXEC mode.
Router#show controllers serial
Question 23
Question 24
Topic 3.3.2: Configuration Commands
*Configuring for DTE or DCENow that you know whether your router is a DTE or a DCE, you are ready to configure your interface.
First, you access the interface submode of the global configuration mode.
Router#configure term
Router(config)#interface serial 1
*Setting the Clock Rate
If configuring your router as a DCE on a serial interface, you must set the clock rate. The format for this command is this:
Router(config-if)#clock rate bps
The default rate is 1.544 Mbps. This is the rate for T1 on a serial interface.
These are the possible clock rates in bits per second: 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 62000, 125000, 148000, 500000, 800000, 1000000, 2000000, 4000000.
Router(config-if)#clock rate 4800
*Disabling Clock Rate for DTE
If you wish to change the status from a DCE to a DTE, use this command to disable the clock rate.
Router(config-if)#no clock rate
*Optional Bandwidth Configuration
The last configuration is optional. You can set the bandwidth. As you remember, this command was discussed in a previous unit. This is the format:
Router(config-if)#bandwidth kilobits
Router(config-if)#bandwidth 44736
Question 25
Question 26
Question 27
Question 28
* Exercise 1
Try configuring PPP in a Cisco router and checking interface parameters.
| Step | Action |
|---|---|
| 1 | Assume you want to set up a PPP serial connection. List the commands that you would use. Assume that you are using the CHAP and Predictor protocols. |
| 2 | List the interface parameters that you might want to check. |
| 3 | List the show commands that will verify your PPP connection. |
Topic 3.4: Unit 3 Summary
In this unit you ventured into some specific interface configurations. You configured one of the most common encapsulations — PPP — for a serial interface.Then, as a sample foray into another form of WAN configurations, you examined how to set up your router as either a DCE or DTE.
In the next unit, you'll investigate the steps to configure the common protocols CDP, RIP, and IGRP.
Unit 4. Configuring Protocols
In this unit you'll change your configuration focus from interfaces to protocols. The protocols you'll examine are CDP, RIP, and IGRP.
CDP is Cisco's proprietary protocol that provides information about routers directly connected to your router.
RIP and IGRP are distance vector protocols that can be used in autonomous network systems.
After completing this unit, you should be able to:
- Configure CDP parameters
- Show CDP routing statistics
- Configure the RIP and IGRP routing protocols
- Show RIP and IGRP statistics and debug information
This unit provides information that is relevant to the following CCNA exam objectives:
- Examine router elements
- Add the RIP routing protocol to your configuration
- Add the IGRP routing protocol to your configuration
Topic 4.1: Cisco Discovery Protocol
*What Is CDP?The Cisco Discovery Protocol (CDP) allows you to view interface parameters on your local router. It also lets you find protocol addresses and platform information about directly connected routers.
CDP uses Data-Link layer frames to exchange information between directly connected routers. CDP itself works independently of Network-layer protocols, but aids routers in the discovery of Network-layer protocols in neighboring routers.
*CDP and Cisco
CDP is functional on all Cisco equipment: routers, access and communications servers, bridges, and workgroup switches.
However, it only works on physical media that use Data-Link layer encapsulation with the SNAP (Subnetwork Access Protocol) protocol. This includes Frame Relay, SMDS WANs, ATM networks, and all LANs.
*CDP Address Format
The hexadecimal SNAP format that is used for CDP frames is: aaaa03.00000c.2000
This is what each portion represents:
- aaaa03 represents the Logical Link Control (LLC) portion. The LLC is the upper sublayer of the OSI Data Link layer. The LLC, as you learned in an earlier course, is responsible for error control, flow control, framing and MAC addressing.
- 00000c is the Cisco organization ID.
- 2000 is the HDLC protocol type for CDP.
Question 29
Question 30
Question 31
Topic 4.1.1: Configuring CDP
*Disabling on the RouterCDP is set by default on the global level of your router and on each interface. If you want to disable CDP on the router, enter this command:
Router(config)#no cdp run
*Disabling on the Interface
If you want to disable CDP on an interface, enter this in the interface configuration mode.
Router(config-if)#no cdp enable
*Configuration Options
As shown here in the context-sensitive help, you can configure the following for CDP:
- Advertisements
- Timer
- Holdtime
*Configuring the Timer
The sending time is the interval at which CDP frames are sent.
It is set with the CDP timer in global configuration:
Router(config)#cdp timer [seconds]
*The Timer Default
If no time is specified, the default of 60 seconds is used.
If your network status changes often, you can shorten the CDP timer interval to send more updates. However, bandwidth usage increases with a shorter timer interval.
*Configuring Holdtime
Set the holdtime with this command in global configuration:
Router(config)#cdp holdtime [seconds]
The default holdtime is 180 seconds. As shown here, we have reset the holdtime to 100 seconds.
*Holdtime
The holdtime is the time interval after which CDP packets are discarded from a neighboring receiving device. The CDP packets contain information about the sending device. The holdtime is also called the Time To Live.
If a receiving device receives a CDP packet that is more recent, or if the holdtime value expires, the receiving device discards the CDP packet. Therefore, if your network frequently changes configuration files, you should configure the CDP holdtime to be less than the time specified by the CDP timer.
Question 32
Question 33
Question 34
Question 35
Question 36
Topic 4.1.2: Showing CDP Parameters
*CDP show CommandsThese are the show cdp commands, which are used in privileged EXEC mode. We will each one discuss separately:
- show cdp
- show cdp entry
- show cdp interface
- show cdp neighbors
- show cdp traffic
show cdp
The show cdp command displays the timer and holdtime parameters that you just examined earlier in this unit.
There are no arguments for this command.
*The show cdp entry Format
The command syntax for the show cdp entry command is:
Router#show cdp entry entry-name [protocol|version]
The entry-name is the neighbor router. The two [protocol|version] options narrow the output down to protocol or version information. For entry-name, you can specify one or all routers.
Tip: The entry-name is case-sensitive!
show cdp entry
show cdp entry contains specific information for all neighbors or for a specific neighbor:
- Device ID
- Entry Address
- Platform
- Capabilities
- Interface
- Port ID
- Holdtime
- IOS version
- Advertisement version
- Protocol Hello
*The show cdp interface Format
When you want to check CDP interface status and configuration, use the following command format:
Router#show cdp interface [type number]
The type and number are the interface for which you want to display output.
show cdp interface
The interface parameters include:
- Line status
- Encapsulation type
- CDP timer
- Holdtime
*The show cdp neighbors Format
Use the show cdp neighbors command format, without the [detail] option, to display information about the routers directly connected to you. This information comes from the CDP update packets. This is the format:
Router#show cdp neighbors [type number] [detail]
The type and number refer to the interface. The detail option displays more detail about the neighbor routers. We'll discuss this option shortly.
show cdp neighbors
The show cdp neighbors command displays this information for each neighbor device:
- Device ID
- Local interface type and number
- Holdtime
- Device capability code
- Hardware platform
- Remote port type and number
*The show cdp neighbors detail Format
Use the detail option to display information about the routers directly connected to you. This information comes from the CDP update packets. This is the format:
Router#show cdp neighbors [type number] [detail]
*Neighbors Detail
This is what the detail option provides:
- Network address
- Enabled protocols
- Configured holdtime
- IOS software version
*The show traffic Format
There are no arguments for the show traffic command.
show traffic
The command show traffic displays information from the CDP table. The output includes counters for:
- Input and output packets
- Errors
- Version 1 and Version 2 CDP advertisements
Question 37
Question 38
Question 39
* Exercise 1
Try reconfiguring CDP on your Cisco router.
| Step | Action |
|---|---|
| 1 | Assume you have CDP disabled on your router and interface. List the commands that will enable both. |
| 2 | Reconfigure the timer and holdtime so that your bandwidth is increased. |
| 3 | Write down all the show commands you have learned in this unit, and list what you expect to see displayed. |
Topic 4.2: RIP and IGRP Protocols
*Onward to RIP and IGRPAs you learned in an earlier course, RIP (Routing Information Protocol) and IGRP (Interior Gateway Routing Protocol) work in autonomous routing systems. They are both distance vector algorithms that use hop counts to determine the best route.
RIP can accommodate a maximum of 15 hops, whereas IGRP can accommodate 255.
Topic 4.2.1: Configuring RIP
*Configure RIP GloballyConfiguration of RIP begins in global configuration. Use this command format:
Router(config)#router protocol
Router#(config-router)#network number
As you can see, we have configured RIP for our network, which has the number 20.0.0.0.
Router(config)#router rip
Router#(config-router)#network 20.0.0.0
*Things to Know
Here are a few facts and rules that you should know:
- The network number cannot have any subnet numbers. However, the subnets in the specified network will be advertised.
- To be included, each network must be specified; consequently, you may need multiple network commands.
- Your router broadcasts information to all the interfaces included in the network specified.
- You must specify this information for every router that is using RIP.
Router(config)#router rip
Router#(config-router)#network 20.0.0.0
...
Router#(config-router)#network 10.0.0.0
Question 40
Topic 4.2.2: Configuring IGRP
*IGRPIGRP (Interior Gateway Routing Protocol) is also a distance vector protocol that uses hop counts for path determination. It is different from RIP in the following respects:
- The maximum number of hops is 255.
- IGRP can accommodate multiple path connections to a single network.
- IGRP uses hops as well as MTU, Delay, level of reliability, and link load when determining the best path.
- IGRP configuration should include the autonomous system number.
*Two Commands for Configuring IGRP
These are the command formats for configuring IGRP:
Router(config)#router igrp autonomous-system
Router#(config-router)#network network-number
The router command moves you from global configuration to the router submode. We'll show you a log-file example on the next page.
*Network Number
The network number is the IP address of a directly connected network.
As with RIP configuring, this address cannot contain subnets, and you can execute multiple commands for multiple networks. IGRP sends updates to interfaces in whatever networks you have specified.
Router(config)#router igrp 112
Router(config-router)#network 192.168.0.0
Router(config-router)#network 116.22.5.0
*Commands for Each Network Number
The two networks shown here are now isolated and the autonomous systems 10 and 20 are associated with IGRP.
Tip: IGRP and RIP can be used at the same time.
Router(config)#router igrp 10
Router#(config-router)#network 192.168.0.0
Router(config)#router igrp 20
Router#(config-router)#network 164.210.0.0
Question 41
Question 42
Question 43
Topic 4.2.3: Showing RIP and IGRP Information
*Showing and DebuggingTo verify your RIP or IGRP configuration, use these commands:
- show ip route
- show ip protocols
- debug ip igrp
show ip route
The command show ip route displays current information about the routing table. The format is as follows:
Router#show ip route [address [mask] [longer-prefixes]] | [protocol [process-id]]
The address refers to the one for which you want to display information, the mask is a subnet mask. The argument longer-prefixes turns the address and mask into a prefix used to search matching addresses and masks. The protocol is the routing protocol name and its associated process-id.
Router#show ip route
*Output for show ip route
Shown here is typical output for the show ip route command.
Router#show ip route
Codes: I - IGRP derived, R - RIP derived, O - OSPF derived
C - connected, S - static, E - EGP derived, B - BGP derived
* - candidate default route, IA - OSPF inter area route
E1 - OSPF external type 1 route, E2 - OSPF external type 2 route
Gateway of last resort is not set
192.168.0.0 255.255.255.0 is subnetted, 5 subnets
I 192.168.50.0 [100/128] via 192.168.10.2, 0:02:22, Serial0
I 192.168.30.0 [100/128] via 192.168.10.2, 0:02:22, Serial0
...
*Explanation of Output
This is what the output displays, with the values from our sample output:
- Routing protocol — IGRP
- Type of route — no value shown
- Address of remote network — 192.168.0.0
- Administrative distance/metric — 100/28
- Address of next router — 192.168.10.2
- Last update — 0:02:22
- Interface for reaching network — Serial0
Router#show ip route
Codes: I - IGRP derived, R - RIP derived, O - OSPF derived
C - connected, S - static, E - EGP derived, B - BGP derived
* - candidate default route, IA - OSPF inter area route
E1 - OSPF external type 1 route, E2 - OSPF external type 2 route
Gateway of last resort is not set
192.168.0.0 255.255.255.0 is subnetted, 5 subnets
I 192.168.50.0 [100/128] via 192.168.10.2, 0:02:22, Serial0
I 192.168.30.0 [100/128] via 192.168.10.2, 0:02:22, Serial0
...
show ip protocols
The command show ip protocols displays routing timers and network information. This information can be used to troubleshoot bad routing information. There are no arguments for this command.
Router#show ip protocols
Routing Protocol is "igrp 102"
Sending updates every 90 seconds, next due in 44 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 120
IGRP maximum metric variance 1
Redistributing: igrp 102
Routing for Networks:
192.168.1.0
Routing Information Sources:
Gateway Distance Last Update
192.168.1.27 100 0:56:41
Distance: (default is 100)
*Two debug ip commands for IGRP
Two debug commands display IGRP routing information.
The command syntax for them is:
Router#debug ip igrp events [ip-address]
Router#debug ip igrp transactions [ip-address]
debug ip igrp events
The command debug ip igrp events lists the source and destination of routing updates, and the number of routes in each update.
Router#debug ip igrp events
IGRP: sending update to 255.255.255.255 via FastEthernet1 (192.168.1.27)
IGRP: Update contains 16 interior, 23 system, and 1 exterior routes.
IGRP: Total routes in update: 40
IGRP: received update from 192.67.23.4 on Ethernet0
IGRP: Update contains 2 interior, 1 system, and 0 exterior routes.
IGRP: Total routes in update: 3
debug ip igrp transactions
The command debug ip igrp transactions can cause flooding because it includes additional updates and messages. The messages relay information about neighbors' updates. This command also includes metric information.
Router#debug ip igrp transactions
IGRP: received update from 192.168.70.50 on FastEthernet
subnet 192.168.3.0, metric 7676 [neighbor 1800]
network 192.82.152.0, metric 158550 [neighbor 158450]
exterior network 129.140.0.0, metric 9676 [neighbor 1115411]
IGRP: sending update to 255.255.255.255 via Serial1 (192.168.244.14)
subnet 192.168.22.0, metric=4397
Question 44
Question 45
Question 46
Topic 4.3: Unit 4 Summary
In this unit you discovered how to change and view the default configurations for CDP. You also configured the distance vector protocols RIP and IGRP.In this course, you first studied the configuration of basic router functions, such as passwords and banners, but you quickly moved on to more difficult but useful configurations, such as interface and protocol configurations.
No comments:
Post a Comment