Easy Peasy Switching and Routing version 2020 Norwahida Saamri ● Safinah Nawawi ● Ruzanna Ramli Easy Peasy Switching and Routing Politeknik Muadzam Shah, Lebuhraya Tun Abdul Razak, Muadzam Shah, 26700 Pahang Darul Makmur No Tel: 09-4502005/2006/2007 No Fax: 09-4502009 Website: www.pms.edu.my FIRST PUBLISHED JAN 2021 eISBN 978-967-2498-11-7 version 2020 Page All rights reserved. This book or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of the publisher i Copyright © 2021 by Politeknik Muadzam Shah (PMS) Easy Peasy Switching and Routing More on the authors Preface Learning configuration for networking devices should not be complicated. Designed to cater the needs of user within TVET institution, this eBook is suitable for students who study in Information Technology area such as networking, security and computer. Complete with step-by-step configuration and various exercise for user to master the commands for network device configuration especially switch and router. Unlike traditional book, users of this eBook are served with various learning material such as video, links for interactive activity and not to forget complete configuration in written form. By watching the videos provided plus the reading, this eBook will definitely set a new experience for all, enhancing their learning process. Furthermore, at the end of each topic, students could test their understanding by following the links provided for interactive activities. SAFINAH NAWAWI. Lecturer at Department of Information Technology and Communication (JTMK), Politeknik Malaysia since 2008. She earned Msc. in Computer Networking from University Teknologi MARA (2019). She is an active person as a Cisco Instructor since 2009 and as a skill trainer for IT Network Server Administration (ITNSA). RUZANNA RAMLI. Lecturer at Department of Information Technology and Communication (JTMK), Politeknik Kuala Terengganu since 2010. She earned Msc. Cyber Security from University Kebangsaan Malaysia (2018) and BSc. Computer Science (Networking) from UTEM (2009). She is an active person as a Cisco Instructor since 2015 and as a skill trainer for IT Network Server Administration (ITNSA). Page ii The materials selected for this book covered the syllabus from Introduction to Networks, Switching and Routing, Scaling Network and WAN Connectivity courses offered at Polytechnic Malaysia. It is our sincerely hope that the valuable information presented within this eBook will be definitely useful to the students. NORWAHIDA SAAMRI. Lecturer at Department of Information Technology and Communication (JTMK), Politeknik Malaysia since 2005. She earned Msc. in IT from Unimelb (2017) and Bachelor in CS from UPM (2003). She is an active person as a Cisco Instructor since 2008 and as a skill trainer for IT Network Server Administration (ITNSA). version 2020 Easy Peasy Switching and Routing Table of Contents EasyPeasy .................................................................................. i Configuring multi area OSPFv3 ............................................. 22 Preface....................................................................................... ii Configuring OSPF advanced features ..................................... 24 More on the authors .................................................................. ii TRY THIS! (A) ....................................................................... 25 Table of Contents ...................................................................... ii TRY THIS! (B) ....................................................................... 26 Legend Icon .............................................................................. v CHAPTER 1: BASIC INITIAL SETTINGS........................ 1 Switch Initial Settings ............................................................... 2 Router Initial Settings ............................................................... 3 More initial settings .................................................................. 4 TRY THIS! ............................................................................... 7 CHAPTER 3: SWITCHED TECHNOLOGY NETWORK ................................................................................................. 27 Configuring Switch Security ................................................... 28 Virtual Local Area Network (VLAN) ..................................... 29 Configuring Link Aggregation (EtherChannel) ...................... 31 First Hop Redundancy Protocols (FHRP) ............................... 34 First Hop Redundancy Protocols (FHRP) ............................... 35 CHAPTER 2: STATIC AND DYNAMIC ROUTING PROTOCOL............................................................................ 8 Access Control List (ACL) ..................................................... 36 Dynamic Host Configuration Protocol (DHCP) ..................... 39 IPv4 static routing protocol ....................................................... 9 TRY THIS! (A) ....................................................................... 42 IPv6 static routing protocol ..................................................... 10 TRY THIS! (B) ....................................................................... 42 Configuring RIP version 2 ...................................................... 11 Configuring EIGRP for IPv6 .................................................. 15 Configuring EIGRP advanced features ................................... 17 Configuring single area OSPFv2 ............................................ 18 Configuring single area OSPFv3 ............................................ 19 Configuring multi area OSPFv2 ............................................. 21 Wide Area Network (WAN) encapsulation ............................ 44 Configuring VPN with GRE tunneling ................................... 47 Configuring eBGP................................................................... 49 TRY THIS! (A) ....................................................................... 50 TRY THIS! (B) ....................................................................... 50 version 2020 iii Configuring EIGRP for IPv4 .................................................. 14 CHAPTER 4: WAN TECHNOLOGIES AND PROTOCOL ................................................................................................. 43 Page Configuring RIPng .................................................................. 12 Easy Peasy Switching and Routing CHAPTER 5: FULL TOPOLOGY CONFIGURATION . 51 Initials configuration with static routing protocols ................. 52 RIP and RIPng ........................................................................ 54 EIGRP for IPv4 and EIGRP for IPv6 ..................................... 58 Single area OSPFv2 and OSPFv3 ........................................... 62 Multiarea OSPFv2 and OSPFv3 ............................................. 66 VLAN and inter-VLAN .......................................................... 70 Configuring PPP and GRE tunneling (VPN) .......................... 74 CHAPTER 6: EXERCISE ................................................... 78 Static Routing Protocols ......................................................... 79 RIP and RIPng Dynamic Routing Protocol ............................ 81 EIGRP for IPv4 and EIGRP for IPv6 ..................................... 83 Single area OSPFv2 and OSPFv3 ........................................... 85 Multiarea OSPFv2 .................................................................. 87 VLAN and inter-VLAN .......................................................... 90 Configuring Router as DHCP Server ...................................... 91 Access Control Lists (ACLs) .................................................. 92 PPP encapsulation ................................................................... 94 Configuring VPN with GRE tunneling ................................... 95 Page iv GLOSSARY........................................................................... 96 version 2020 Easy Peasy Switching and Routing LEGENDS ICON LAYER 2 SWITCH VIDEO ON WEB ROUTER FUN CHALLENGE ON WEB PERSONAL COMPUTER INFO ON WEB SERVER LAN NETWORK ATTACHED TO INTERFACE G0/0 LAN NETWORK REPRESENTED BY LOOPBACK INTERFACE Page v LEASED LINE version 2020 Easy Peasy Switching and Routing Basic Router Configuration ▪ A router connects one network to another network. ▪ The router is responsible for the routing of traffic between networks. ▪ The primary functions of a router are to: ▪ Determine the best path to send packets ▪ Forward packets toward their destination ▪ Basics tasks that should be first configured on a Cisco Router and Cisco Switch: ▪ Name the device – Distinguishes it from other routers ▪ Secure management access – Secures privileged EXEC, user EXEC, and Telnet access, and encrypts passwords to their highest level ▪ Configure a banner – Provides legal notification of unauthorized access. ▪ Save the Configuration ▪ To be available, a router interface must be: ▪ Configured with an address and subnet mask. ▪ Must be activated using no shutdown command. By default, LAN and WAN interfaces are not activated. ▪ Serial cable end labelled DCE must be configured with the clock rate command. ▪ Optional description can be included. Page Basic Switch Configuration ▪ Switches are used to connect multiple devices together on the same network. ▪ LAN switches are responsible for directing and controlling the data flow at the access layer to networked resources. ▪ Cisco switches run Cisco IOS, and can be manually configured to better meet the needs of the network. ▪ Cisco switches can be managed both locally and remotely. ▪ A switch for remote management access, the switch must be configured with an IP address and a subnet mask. ▪ To manage the switch from a remote network, the switch must be configured with a default gateway. ▪ The SVI (switch virtual interface) is a virtual interface, not a physical port on the switch. ▪ By default, the switch is configured to have the management of the switch controlled through VLAN 1. 1 Chapter 1: BASIC INITIAL SETTINGS version 2020 Easy Peasy Switching and Routing Configuring initial settings on switch SW-A Enter privileged EXEC mode Switch>enable Switch# Enter global configuration mode Switch#configure terminal Switch(config)# Configure the switch name as SW-A Switch(config)#hostname SW-A SW-A(config)# Disable DNS lookup SW-A(config)#no ip domain-lookup Configure the plain text EXEC mode password SW-A(config)#enable password polytechnic Configure the encrypted EXEC mode password SW-A(config)# enable secret polytechnic_encrypt Configure message-of-the-day banner SW-A(config)#banner motd # Enter TEXT message. End with the character ‘#’ ******Authorized user only******# Encrypt ALL password SW-A(config)#service password-encryption Configure console password on the switch SW-A(config)#line console 0 SW-A(config-line)#password consolePASS SW-A(config-line)#login Verification View all settings SW-A#show running-config SW-A#show startup-config click for more : version 2020 2 (1) Keep terminal output from interrupting input and to keep your privilege session from logging out SW-A(config-line)#logging synchronous SW-A(config-line)#exec-timeout 5 0 SW-A(config-line)#exit Configure password for the virtual terminal lines (to allow up to 5 simultaneously virtual connections such as Telnet and SSH) SW-A(config)#line vty 0 4 SW-A(config-line)#password vtyPASS SW-A(config-line)#login SW-A(config-line)#logging synchronous SW-A(config-line)#exec-timeout 5 0 SW-A(config-line)#end Save running configuration as startup configuration SW-A#copy running-config startup-config Page Switch Initial Settings Easy Peasy Switching and Routing Configuring initial settings on router RA Enter privileged EXEC mode Router>enable Router# Enter global configuration mode Router#configure terminal Router(config)# Configure the switch name as RA Router(config)#hostname RA RA(config)# Disable DNS lookup RA(config)#no ip domain-lookup Configure the plain text EXEC mode password RA(config)#enable password polytechnic Configure the encrypted EXEC mode password R(config)# enable secret polytechnic_encrypt Configure message-of-the-day banner RA(config)#banner motd # Enter TEXT message. End with the character ‘#’ ******Authorized user only******# Encrypt ALL password RA(config)#service password-encryption Configure console password on the router RA(config)#line console 0 RA(config-line)#password consolePASS RA(config-line)#login Verification View all settings RA#show running-config RA#show startup-config click for more : version 2020 3 (2) Keep terminal output from interrupting input and to keep your privilege session from logging out RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config-line)#exit Configure password for the virtual terminal lines (to allow up to 5 simultaneously virtual connections such as Telnet and SSH) RA(config)#line vty 0 4 RA(config-line)#password vtyPASS RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config-line)#exit Save running configuration as startup configuration RA#copy running-config startup-config Page Router Initial Settings Easy Peasy Switching and Routing More initial settings (1) RB Configure the GigaEthernet0/0 interface RB(config)#interface gigaethernet 0/0 RB(config-if)#ip address 172.16.1.1 255.255.255.0 RB(config-if)#description Link to LAN RB(config-if)#no shutdown RB(config-if)#exit Configure the Serial0/0/1 interface RB(config)#interface serial 0/0/1 RB(config-if)#ip add 10.10.10.2 255.255.255.252 RB(config-if)#description Link to RA RB(config-if)#no shutdown RB(config-if)#exit Configuring active interfaces Verification View all settings RA#show ip interface brief RA#show ip interface RA#show ip interface G0/0 RA#show ip interface S0/0/0 RA#show controllers RA#show ip route click for more : Page 4 RA Configure the GigaEthernet0/0 interface RA(config)#interface gigaethernet 0/0 RA(config-if)#ip address 192.168.1.1 255.255.255.0 RA(config-if)#description Link to LAN RA(config-if)#no shutdown RA(config-if)#exit Configure the Serial0/0/0 interface RA(config)#interface serial 0/0/0 RA(config-if)#ip add 10.10.10.1 255.255.255.252 RA(config-if)#clock rate 128000 *only for DCE interface RA(config-if)#description Link to RB RA(config-if)#no shutdown RA(config-if)#exit version 2020 Easy Peasy Switching and Routing More initial settings (2) (3) Configuring default-gateway on Switch to manage it remotely using Telnet / SSH Configuring default-gateway on PC to be able to communicate with different networks SW-A Create VLAN for management SW-A(config)#interface VLAN 1 SW-A(config-if)#description VLAN use for management SW-A(config-if)#ip address 192.168.1.1 255.255.255.0 SW-A(config-if)#no shutdown SW-A(config-if)#exit Create default gateway to SW-A Use IP from VLAN 1 SW-A(config)#ip default-gateway 192.168.1.1 Configure DNS domain name SW-A(config)#ip domain-name example.com Configure a username and password click for more : SW-A(config)#username admin password adminPASS Generate encryption keys using 1024 bit SW-A(config)#crypto key generate rsa How many bits in the modulus [512]: 1024 Define SSH version to use SW-A(config)#ip ssh version 2 Enable vty lines to use Telnet / SSH Page 5 SW-A(config)#line vty 0 4 SW-A(config-line)#login local SW-A(config-line)#transport input ssh version 2020 Easy Peasy Switching and Routing More initial settings Performing show commands to verify configuration RA#show arp RA#show running-config RA#startup-config SW-A Command SW-A#show cdp neighbors SW-A#show history SW-A#show hosts SW-A#show interfaces or SW-A#show interface [type] e.g. SW-A#show interface fa 0/1 SW-A#show ip interface brief SW-A#show mac-addresstable SW-A#show port-security SW-A#show running-config RA#show version Purpose Display information on directly connected devices including Device ID. Display the session command history. Display IP domain-name, lookup style, nameservers and host table. Display one or all interfaces with line (protocol) status, bandwidth, delay, reliability, encapsulation, duplex and I/O statistics. Display all interfaces with IP address, interface status (up/down/admin down) and line protocol status (up/down). Display all MAC addresses the switch has learned, how learned (dynamic/static), the port number and VLAN the port is in. Display any ports where security has been activated along with max address allowed, current count, security violation count and action to take (normally shutdown) Display the current config running in RAM. Includes host name, passwords, interface IP addresses, port numbers and characteristics SW-A#startup-config Display backup config in NVRAM. May be different if running config has not been copied to backup. SW-A#show users SW-A#show version Display information about terminal lines. Display IOS version, ROM version, switch uptime, system image file name, boot method, number and type of interfaces installed, amount of RAM, NVRAM and flash. Config register. RA#show interfaces or RA#show interfaces [type] RA#show ip interface brief RA#show mac-addresstable RA#show cdp neighbors RA#show history RA#show users RA#show hosts RA#show RA#show RA#show RA#show clock controllers debugging dhcp RA#show dot11 RA#show file RA#show flash: RA#show RA#show RA#show RA#show ip ipv6 logging login RA#show protocols RA#show sessions RA#show ssh RA#show tcp version 2020 Purpose Display ARP table Display the current operating configuration. Display contents of startup configuration. Display system hardware and software status. Display interface status and configuration. Display brief summary of IP status and configuration. Display MAC forwarding table. Display information on directly connected devices including Device ID. Display the session command history. Display information about terminal lines Display IP domain-name, lookup style, nameservers and host table. Display the system clock. Display interface controller’s status Display state of each debugging option Display dynamic Host Configuration Protocol status Display IEEE 802.11 show information Display filesystem information Display information about flash: file system Display IP information Display IPv6 information Display the contents of logging buffers Display Secure Login Configurations and State Display active network routing protocols Display information about Telnet connections Display status of SSH server connections Display status of TCP connections 6 Command Page (4) RA Easy Peasy Switching and Routing TRY THIS! (3) Configure basic router settings. Addressing Table Device R1 Interface IP Address Default Gateway Subnet Mask - Hostname - Privilege EXEC mode password - Console password - Remote password - Banner - Password encryption - Disable DNS lookup (4) Configure the remote access to accept only SSH. G0/0 192.168.0.1 255.255.255.0 N/A G0/1 192.168.1.1 255.255.255.0 N/A Task 2: Configure active interfaces PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 (1) Configure basic interfaces settings. PC-B NIC 192.168.0.3 255.255.255.0 192.168.0.1 Task 1: Configure Switch initial settings (1) Configure basic switch settings. - IP address - Description - Enable the interfaces using no shutdown command (2) Assign IPv4 address to the PCs interface. - Hostname - Privilege EXEC mode password - Console password Task 3: Display Router Information - Remote password - Banner (1) Retrieve hardware and software information from the router/switch using show command. - Password encryption (2) Interpret the output from the startup configuration. - Disable DNS lookup (3) Verify the status of the interfaces. (2) Configure the remote access to accept only SSH. Task 4: Verify Connectivity Page 7 Ping between PCs. version 2020 Easy Peasy Switching and Routing Dynamic Routing Protocol ▪ Purpose of dynamic routing protocols includes: • Discovery of remote networks • Maintaining up-to-date routing information • Choosing the best path to destination networks • Ability to find a new best path if the current path is no longer available ▪ The main components of dynamic routing protocols include: • Data structures - tables or databases kept in RAM. • Routing protocol messages - to discover neighboring routers, exchange routing information • Algorithms – to facilitate learning routing information and for best path determination. ▪ Types of dynamic routing: • Interior Gateway Protocols Distance Vector – IPv4: RIPv2 and EIGRP | IPv6: RIPng and EIGRP for IPv6 Link-State – IPv4: OSPFv2 and IS-IS | IPv6: OSPFv3 and IS-IS for IPv6 • Exterior Gateway Protocols IPv4: BGP-4 | IPv6: BGP-MP version 2020 Page Static Routing Protocol ▪ A router learns about remote networks in two ways: • Manually entered into the route table using static routes - are not automatically updated and must be reconfigured when topology changes • Dynamically (Automatically) learned using a routing protocol Three uses for static routes: ▪ Smaller networks that are not expected to grow ▪ Routing to and from stub networks accessed by a single route and has one neighbor ▪ A single default route to represent a path to any network not found in the routing table Types of static routes: ▪ Standard static route ▪ Default static route – matches all packets and is used when a packet does not match a specific route in the routing table. ▪ Summary static route – multiple static routes can be summarized into a single network address. ▪ Floating static route = used to provide a backup path 8 Chapter 2: STATIC AND DYNAMIC ROUTING PROTOCOL Easy Peasy Switching and Routing IPv4 static routing protocol (2) Configuring IPv4 static route Configuring IPv4 default static route RA Configure default static route from RA to RB *Syntax: (1) Static route ip route destNetwork destSubnetMask nextHopIpAddress or ip route destNetwork destSubnetMask exitInterface RA(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2 Or RA(config)#ip route 0.0.0.0 0.0.0.0 S0/0/1 (2) Default Static route ip route 0.0.0.0 0.0.0.0 nextHopIpAddress or ip route 0.0.0.0 0.0.0.0 exitInterface RB Configure default static route from RB to RA RA Configure static route from RA to LAN-B RA(config)#ip route 10.10.20.0 255.255.255.0 172.16.1.2 Or RA(config)#ip route 10.10.20.0 255.255.255.0 S0/0/1 Configure static route from RA to LAN-C RA(config)#ip route 10.10.10.0 255.255.255.0 172.16.1.2 Or RA(config)#ip route 10.10.10.0 255.255.255.0 S0/0/1 RB Configure static route from RB to LAN-A RB(config)#ip route 0.0.0.0 0.0.0.0 0 172.16.1.1 Or RB(config)#ip route 0.0.0.0 0.0.0.0 S0/0/0 Verification View all settings RA#show ip route RA#show ip route static RB(config)#ip route 192.168.10.0 255.255.255.0 172.16.1.1 Or RB(config)#ip route 192.168.10.0 255.255.255.0 S0/0/0 version 2020 9 click for more : Page (1) Easy Peasy Switching and Routing IPv6 static routing protocol (1) Configuring IPv6 static route *Syntax: (1) Static route ipv6 route destNetwork destSubnetMask nextHopIpAddress or ipv6 route destNetwork destSubnetMask exitInterface (2) Default Static route ipv6 route 0.0.0.0 0.0.0.0 nextHopIpAddress or ipv6 route 0.0.0.0 0.0.0.0 exitInterface RA Configure static route from RA to LAN-B RA(config)#ipv6 route 2001:DB8:FEED:1::/64 2001:DB8:CAFE:2::2 Or RA(config)# ipv6 route 2001:DB8:FEED:1::/64 S0/0/1 Configure static route from RA to LAN-C RA(config)#ipv6 route 2001:DB8:FEED:2::/64 2001:DB8:CAFE:2::2 Or RA(config)# ipv6 route 2001:DB8:FEED:2::/64 S0/0/1 RB Configure static route from RB to LAN-A (2) Configuring IPv6 default static route RA Configure default static route from RA to RB RA(config)#ipv6 route ::/64 2001:DB8:CAFE:2::2 Or RA(config)#ipv6 route ::/64 S0/0/1 RB Configure default static route from RB to RA RB(config)#ipv6 route ::/64 2001:DB8:CAFE:2::1 Or RB(config)#ipv6 route ::/64 S0/0/0 Verification View all settings RA#show ipv6 route click for more : Page 10 RB(config)#ipv6 route 2001:DB8:CAFE:1::/64 2001:DB8:CAFE:2::1 Or RB(config)# ipv6 route 2001:DB8: CAFE:1::/64 S0/0/0 version 2020 Easy Peasy Switching and Routing Configuring RIP version 2 RC Configure RIPv2 and include all directly attached networks on RC RC(config)#router rip RC(config-rtr)#version 2 RC(config-rtr)#network 10.2.2.0 RC(config-rtr)#network 192.168.1.0 Verification View all settings RA#show ip route RA#show ip route rip RA#show ip protocol RA#show ip rip database *Syntax: Router(config)#router rip Router(config-rtr)#version 2 Router(config-rtr)#network netAdd RA Configure RIPv2 and include all directly attached networks on RA click for more : RA(config)#router rip RA(config-rtr)#version 2 RA(config-rtr)#network 172.16.0.0 RA(config-rtr)#network 10.1.1.0 RB Configure RIPv2 and include all directly attached networks on RB Page 11 RB(config)#router rip RB(config-rtr)#version 2 RB(config-rtr)#network 10.1.1.0 RB(config-rtr)#network 10.2.2.0 version 2020 Easy Peasy Switching and Routing Configuring RIPng RB Enable IPv6 routing RB(config)#ipv6 unicast-routing Configure interfaces with IPv6 address *Syntax: Router(config)#ipv6 router rip NAME Router(config)#interface ? Router(config-if)#ipv6 rip NAME enable RA Enable IPv6 routing RA(config)#ipv6 unicast-routing Configure interfaces with IPv6 address RA(config)#interface g0/0 RA(config-if)#ipv6 address 2001:DB8:CAFE:1::1/64 RA(config-if)#no shutdown RA(config-if)#exit RA(config)#interface s0/0/0 RA(config-if)#ipv6 address 2001:DB8:CAFE:A001::1/64 RA(config-if)#clock rate 128000 RA(config-if)#no shutdown RA(config-if)#exit Declare RIPng process name RA(config)#ipv6 router rip RIPngNAME RA(config-rtr)#exit RB(config)#interface g0/0 RB(config-if)#ipv6 address 2001:DB8:CAFE:2::1/64 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#interface s0/0/0 RB(config-if)#ipv6 address 2001:DB8:CAFE:A001::2/64 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#interface s0/0/1 RB(config-if)#ipv6 address 2001:DB8:CAFE:A002::2/64 RB(config-if)#clock rate 128000 RB(config-if)#no shutdown RB(config-if)#exit Declare RIPng process name RB(config)#ipv6 router rip RIPngNAME RB(config-rtr)#exit Enable RIPng on all connected interfaces RB(config)#interface g0/0 RB(config-if)#ipv6 rip RIPngNAME enable RB(config-if)#exit RB(config)#interface s0/0/0 RB(config-if)#ipv6 rip RIPngNAME enable RB(config-if)#exit RB(config)#interface s0/0/1 RB(config-if)#ipv6 rip RIPngNAME enable Enable RIPng on all connected interfaces Page 12 RA(config)#interface g0/0 RA(config-if)#ipv6 rip RIPngNAME enable RA(config-if)#exit RA(config)#interface s0/0/0 RA(config-if)#ipv6 rip RIPngNAME enable version 2020 Easy Peasy Switching and Routing RC Enable IPv6 routing RC(config)#ipv6 unicast-routing Configure interfaces with IPv6 address RC(config)#interface g0/0 RC(config-if)#ipv6 address 2001:DB8:CAFE:3::1/64 RC(config-if)#no shutdown RC(config-if)#exit RC(config)#interface s0/0/1 RC(config-if)#ipv6 address 2001:DB8:CAFE:A002::1/64 RC(config-if)#no shutdown RC(config-if)#exit Declare RIPng process name RC(config)#ipv6 router rip RIPngNAME RC(config-rtr)#exit Enable RIPng on all connected interfaces RC(config)#interface g0/0 RC(config-if)#ipv6 rip RIPngNAME enable RC(config-if)#exit RC(config)#interface s0/0/1 RC(config-if)#ipv6 rip RIPngNAME enable Verification View all settings RA#show ipv6 route RA#show ipv6 rip RA#show ipv6 protocol RA#show ipv6 rip database Page 13 click for more : version 2020 Easy Peasy Switching and Routing Verification Configuring EIGRP for IPv4 View all settings RA#show ip protocol RA#show ip route RA#show ip route eigrp RA#show ip eigrp topology RA#show ip eigrp neighbor click for more : *Notes: (1) Use wildcard instead of subnet mask in EIGRP declaration (2) Use any valid (1-65535) Autonomous System Number. Example = 88 (3) Syntax: Router(config)#router eigrp ASNumber Router(config-rtr)#eigrp router-id x.x.x.x Router(config-rtr)#network netAddress netWildcard RA Configure EIGRP and include all directly attached networks on RA RA(config)#router EIGRP 88 RA(config-rtr)#eigrp router-id 1.1.1.1 RA(config-rtr)#network 10.1.1.0 0.0.0.255 RA(config-rtr)#network 10.1.2.0 0.0.0.255 RA(config-rtr)#network 192.168.100.0 0.0.0.3 RB Configure EIGRP and include all directly attached networks on RB Page 14 RB(config)#router EIGRP 88 RB(config-rtr)#eigrp router-id 2.2.2.2 RB(config-rtr)#network 172.16.1.0 0.0.0.255 RB(config-rtr)#network 172.16.2.0 0.0.0.255 RB(config-rtr)#network 192.168.100.0 0.0.0.3 version 2020 Easy Peasy Switching and Routing Configuring EIGRP for IPv6 RA(config-if)#clock rate 128000 RA(config-if)#no shutdown RA(config-if)#exit Declare EIGRP for IPv6 RA(config)#ipv6 router eigrp 88 RA(config-rtr)#eigrp router-id 1.1.1.1 RA(config-rtr)#no shutdown RA(config-rtr)#exit Enable EIGRP for IPv6 on all connected interfaces RA(config)#interface g0/0 RA(config-if)#ipv6 eigrp 88 RA(config-if)#exit RA(config)#interface s0/0/0 RA(config-if)#ipv6 eigrp 88 RB Enable IPv6 routing RB(config)#ipv6 unicast-routing *Notes: (1) Use any valid (1-65535) Autonomous System Number. Example = 88 (2) Use any valid router-id (3) By default, EIGRP process in IPv6 network is disable, so don’t forget to enable it using ‘no shutdown’ command (4) Syntax: Router(config)#ipv6 router eigrp ASNumber Router(config-rtr)#eigrp router-id x.x.x.x Router(config-rtr)#no shutdown Router(config)#interface ? Router(config-if)#ipv6 eigrp ASNumber RA(config)#ipv6 unicast-routing Configure interfaces with IPv6 address RA(config)#interface g0/0 RA(config-if)#ipv6 address 2001:DB8:CAFE:2::1/64 RA(config-if)#no shutdown RA(config-if)#exit RA(config)#interface s0/0/0 RA(config-if)#ipv6 address 2001:DB8:CAFE:A001::1/64 Declare EIGRP for IPv6 RB(config)#ipv6 router eigrp 88 RB(config-rtr)#eigrp router-id 2.2.2.2 RB(config-rtr)#no shutdown RB(config-rtr)#exit version 2020 15 Enable IPv6 routing RB(config)#interface g0/0 RB(config-if)#ipv6 address 2001:DB8:CAFE:1::1/64 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#interface s0/0/0 RB(config-if)#ipv6 address 2001:DB8:CAFE:A001::2/64 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#interface s0/0/1 RB(config-if)#ipv6 address 2001:DB8:CAFE:A002::2/64 RB(config-if)#clock rate 128000 RB(config-if)#no shutdown RB(config-if)#exit Page RA Configure interfaces with IPv6 address Easy Peasy Switching and Routing Enable EIGRP for IPv6 on all connected interfaces RB(config)#interface g0/0 RB(config-if)#ipv6 eigrp 88 RB(config-if)#exit RB(config)#interface s0/0/0 RB(config-if)#ipv6 eigrp 88 RB(config-if)#exit RB(config)#interface s0/0/1 RB(config-if)#ipv6 eigrp 88 Verification View all settings RA#show ipv6 protocol RA#show ipv6 route RA#show ipv6 route eigrp RA#show ipv6 eigrp topology RA#show ipv6 eigrp neighbor RC click for more : Enable IPv6 routing RC(config)#ipv6 unicast-routing Configure interfaces with IPv6 address RC(config)#interface g0/0 RC(config-if)#ipv6 address 2001:DB8:CAFE:3::1/64 RC(config-if)#no shutdown RC(config-if)#exit RC(config)#interface s0/0/1 RC(config-if)#ipv6 address 2001:DB8:CAFE:A002::1/64 RC(config-if)#no shutdown RC(config-if)#exit Declare EIGRP for IPv6 RC(config)#ipv6 router eigrp 88 RC(config-rtr)#eigrp router-id 3.3.3.3 RC(config-rtr)#no shutdown RC(config-rtr)#exit Enable EIGRP for IPv6 on all connected interfaces Page 16 RC(config)#interface g0/0 RC(config-if)# ipv6 eigrp 88 RC(config-if)#exit RC(config)#interface s0/0/1 RC(config-if)# ipv6 eigrp 88 version 2020 Easy Peasy Switching and Routing Configuring EIGRP advanced features Create key chain for EIGRP MD5 authentication RA(config)#key chain keychainName RA(config-keychain)#key 1 RA(config-keychain-key)#key-string keystringPass Implement EIGRP authentication on Serial interface RA(config)#int s0/0/0 RA(config-if)#ip authentication mode eigrp 88 md5 RA(config-if)#ip authentication key-chain eigrp 88 keychainName Implement default route propagation for EIGRP RA(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0 RA(config)# router eigrp 88 RA(config-rtr)#redistribute static RB Change bandwidth for Serial interface RA(config)#interface s0/0/0 RA(config-if)#bandwidth 512 Change EIGRP bandwidth utilization for Serial interface RA(config-if)#ip bandwidth percent eigrp 88 20 Change EIGRP Hello and Hold Timers RA(config-if)#ip hello-interval eigrp 88 60 RA(config-if)# ip hold-time eigrp 88 180 Change EIGRP equal-cost load balancing RA(config)#router eigrp 88 RA(config-rtr)#maximum-paths 8 Change EIGRP bandwidth utilization for Serial interface RB(config-if)#ip bandwidth percent eigrp 88 20 Change EIGRP Hello and Hold Timers RB(config-if)#ip hello-interval eigrp 88 60 RB(config-if)# ip hold-time eigrp 88 180 Change EIGRP equal-cost load balancing RB(config)#router eigrp 88 RB(config-rtr)#maximum-paths 8 Create key chain for EIGRP MD5 authentication RB(config)#key chain keychainName RB(config-keychain)#key 1 RB(config-keychain-key)#key-string keystringPass Implement EIGRP authentication on Serial RB(config)#int s0/0/0 RB(config-if)#ip authentication mode eigrp 88 md5 RB(config-if)#ip authentication key-chain eigrp 88 keychainName 17 RA Change bandwidth for Serial interface RB(config)#interface s0/0/0 RB(config-if)#bandwidth 512 Page *Notes: (1) interface bandwidth (2) EIGRP bandwidth utilization (3) EIGRP Hello and Hold timers (4) EIGRP equal-cost load balancing (5) EIGRP MD5 authentication (6) Default static route propagation for EIGRP network (7) Implement static routing protocol from ISP to all internal LAN version 2020 Easy Peasy Switching and Routing Verification Configuring single area OSPFv2 View all settings RA#show ip route RA#show ip route ospf RA#show ip protocol RA#show ip ospf neighbor RA#show ip ospf database RA#show ip ospf interface click for more : *Notes: (1) Use wildcard instead of subnet mask in OSPF declaration (2) Use any valid (1-65535) process ID. Example = 88 (3) Syntax: Router(config)#router ospf processID Router(config-rtr)#router-id x.x.x.x Router(config-rtr)#network netAddress netWildcard area areaID RA Configure OSPF Area 0 and include all directly attached networks on RA. RA(config)#router OSPF 88 RA(config-rtr)#router-id 1.1.1.1 RA(config-rtr)#network 10.1.1.0 0.0.0.255 area 0 RA(config-rtr)#network 10.1.2.0 0.0.0.255 area 0 RA(config-rtr)#network 192.168.100.0 0.0.0.3 area 0 RB Configure OSPF Area 0 and include all directly attached networks on RB. Page 18 RB(config)#router OSPF 88 RB(config-rtr)#router-id 2.2.2.2 RB(config-rtr)#network 172.16.1.0 0.0.0.255 area 0 RB(config-rtr)#network 172.16.2.0 0.0.0.255 area 0 RB(config-rtr)#network 192.168.100.0 0.0.0.3 area 0 version 2020 Easy Peasy Switching and Routing Configuring single area OSPFv3 Declare OSPFv3 RA(config)#ipv6 router ospf 88 RA(config-rtr)#router-id 1.1.1.1 RA(config-rtr)#exit Enable OSPFv3 on all connected interfaces RA(config)#interface g0/0 RA(config-if)#ipv6 ospf 88 area 0 RA(config-if)#exit RA(config)#interface s0/0/0 RA(config-if)#ipv6 ospf 88 area 0 RB Enable IPv6 routing RB(config)#ipv6 unicast-routing Configure interfaces with IPv6 address Enable IPv6 routing RA(config)#ipv6 unicast-routing Configure interfaces with IPv6 address RA(config)#interface g0/0 RA(config-if)#ipv6 address 2001:DB8:CAFE:2::1/64 RA(config-if)#no shutdown RA(config-if)#exit RA(config)#interface s0/0/0 RA(config-if)#ipv6 address 2001:DB8:CAFE:A001::1/64 RA(config-if)#clock rate 128000 RA(config-if)#no shutdown RA(config-if)#exit Declare OSPFv3 RB(config)#ipv6 router ospf 88 RB(config-rtr)#router-id 2.2.2.2 RB(config-rtr)#exit Enable OSPFv3 on all connected interfaces RB(config)#interface g0/0 RB(config-if)#ipv6 ospf 88 area 0 RB(config-if)#exit RB(config)#interface s0/0/0 RB(config-if)#ipv6 ospf 88 area 0 version 2020 19 RA Page *Notes: (1) Use any valid (1-65535) process ID. Example = 88 (2) Use any valid router-id (3) Syntax: Router(config)#ipv6 router ospf processID Router(config-rtr)#router-id x.x.x.x Router(config)#interface ? Router(config-if)#ipv6 ospf processID area areaID RB(config)#interface g0/0 RB(config-if)#ipv6 address 2001:DB8:CAFE:1::1/64 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#interface s0/0/0 RB(config-if)#ipv6 address 2001:DB8:CAFE:A001::2/64 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#interface s0/0/1 RB(config-if)#ipv6 address 2001:DB8:CAFE:A002::2/64 RB(config-if)#clock rate 128000 RB(config-if)#no shutdown RB(config-if)#exit Easy Peasy Switching and Routing RB(config-if)#exit RB(config)#interface s0/0/1 RB(config-if)#ipv6 ospf 88 area 0 click for more : RC Enable IPv6 routing RC(config)#ipv6 unicast-routing Configure interfaces with IPv6 address RC(config)#interface g0/0 RC(config-if)#ipv6 address 2001:DB8:CAFE:3::1/64 RC(config-if)#no shutdown RC(config-if)#exit RC(config)#interface s0/0/1 RC(config-if)#ipv6 address 2001:DB8:CAFE:A002::1/64 RC(config-if)#no shutdown RC(config-if)#exit Declare OSPFv3 RC(config)#ipv6 router ospf 88 RC(config-rtr)#router-id 3.3.3.3 RC(config-rtr)#exit Enable OSPFv3 on all connected interfaces RC(config)#interface g0/0 RC(config-if)# ipv6 ospf 88 area 0 RC(config-if)#exit RC(config)#interface s0/0/1 RC(config-if)# ipv6 ospf 88 area 0 Verification Page 20 View all settings RA#show ipv6 route RA#show ipv6 route ospf RA#show ipv6 protocol RA#show ipv6 ospf neighbor RA#show ipv6 ospf database RA#show ipv6 ospf interface version 2020 Easy Peasy Switching and Routing Configuring multi area OSPFv2 RA Configure OSPF Area 1 with its network RA(config)#router OSPF 88 RA(config-rtr)#network 192.168.13.0 0.0.0.255 area 1 RC Configure OSPF Area 1 with its network RC(config)#router OSPF 88 RC(config-rtr)#router-id 3.3.3.3 RC(config-rtr)#network 192.168.13.0 0.0.0.255 area 1 RC(config-rtr)#network 172.16.1.0 0.0.0.255 area 1 RB Configure OSPF Area 2 with its network RB(config)#router OSPF 88 RB(config-rtr)#network 192.168.24.0 0.0.0.255 area 2 RD Configure OSPF Area 2 with its network RD(config)#router OSPF 88 RD(config-rtr)#router-id 4.4.4.4 RD(config-rtr)#network 192.168.24.0 0.0.0.255 area 2 RD(config-rtr)#network 172.16.2.0 0.0.0.255 area 2 Verification *Notes: (1) Use any valid (1-65535) Process ID. Example = 88 (2) Use any valid area ID. Example = 0 as backbone area ID, 1 as other area ID RA(config)#router OSPF 88 RA(config-rtr)#router-id 1.1.1.1 RA(config-rtr)#network 192.168.12.0 0.0.0.255 area 0 RB Configure OSPF Area 0 with its network click for more : 21 RA Configure OSPF Area 0 with its network View all settings RA#show ip route RA#show ip route ospf RA#show ip protocol RA#show ip ospf neighbor RA#show ip ospf database RA#show ip ospf interface Page RB(config)#router OSPF 88 RB(config-rtr)#router-id 2.2.2.2 RB(config-rtr)#network 192.168.12.0 0.0.0.255 area 0 version 2020 Easy Peasy Switching and Routing Configuring multi area OSPFv3 Declare OSPFv3 RA(config)#ipv6 router ospf 88 RA(config-rtr)#router-id 1.1.1.1 RA(config-rtr)#exit Enable OSPFv3 on all connected interfaces RA(config)#interface g0/0 RA(config-if)#ipv6 ospf 88 area 1 RA(config-if)#exit RA(config)#interface s0/0/0 RA(config-if)#ipv6 ospf 88 area 0 RB Enable IPv6 routing RB(config)#ipv6 unicast-routing Configure interfaces with IPv6 address *Notes: (1) Use any valid (1-65535) Process ID. Example = 88 (2) Use any valid area ID. Example = 0 as backbone area ID, 1 as other area ID Configure interfaces with IPv6 address RA(config)#interface g0/0 RA(config-if)#ipv6 address 2001:DB8:CAFE:1::1/64 RA(config-if)#no shutdown RA(config-if)#exit RA(config)#interface s0/0/0 RA(config-if)#ipv6 address 2001:DB8:CAFE:A001::1/64 RA(config-if)#clock rate 128000 RA(config-if)#no shutdown RA(config-if)#exit Declare OSPFv3 RB(config)#ipv6 router ospf 88 RB(config-rtr)#router-id 2.2.2.2 RB(config-rtr)#exit Enable OSPFv3 on all connected interfaces RB(config)#interface g0/0 RB(config-if)#ipv6 ospf 88 area 0 RB(config-if)#exit RB(config)#interface s0/0/0 RB(config-if)#ipv6 ospf 88 area 0 version 2020 22 RA(config)#ipv6 unicast-routing Page RA Enable IPv6 routing RB(config)#interface g0/0 RB(config-if)#ipv6 address 2001:DB8:CAFE:2::1/64 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#interface s0/0/0 RB(config-if)#ipv6 address 2001:DB8:CAFE:A001::2/64 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#interface s0/0/1 RB(config-if)#ipv6 address 2001:DB8:CAFE:A002::2/64 RB(config-if)#clock rate 128000 RB(config-if)#no shutdown RB(config-if)#exit Easy Peasy Switching and Routing RB(config-if)#exit RB(config)#interface s0/0/1 RB(config-if)#ipv6 ospf 88 area 0 RC Enable IPv6 routing RC(config)#ipv6 unicast-routing Configure interfaces with IPv6 address RC(config)#interface g0/0 RC(config-if)#ipv6 address 2001:DB8:CAFE:3::1/64 RC(config-if)#no shutdown RC(config-if)#exit RC(config)#interface s0/0/1 RC(config-if)#ipv6 address 2001:DB8:CAFE:A002::1/64 RC(config-if)#no shutdown RC(config-if)#exit Verification View all settings RA#show ipv6 route RA#show ipv6 protocol RA#show ipv6 ospf neighbor RA#show ipv6 ospf database RA#show ipv6 ospf interface click for more : Declare OSPFv3 RC(config)#ipv6 router ospf 88 RC(config-rtr)#router-id 3.3.3.3 RC(config-rtr)#exit Enable OSPFv3 on all connected interfaces Page 23 RC(config)#interface g0/0 RC(config-if)# ipv6 ospf 88 area 2 RC(config-if)#exit RC(config)#interface s0/0/1 RC(config-if)# ipv6 ospf 88 area 0 version 2020 Easy Peasy Switching and Routing Configuring OSPF advanced features Implement default route propagation for OSPF RA(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0 RA(config)#router ospf 88 RA(config-rtr)#default-information originate RB Change bandwidth for Serial interface RB(config)#interface s0/0/0 RB(config-if)#bandwidth 512 Change OSPF Hello and Dead Interval RB(config-if)#ip ospf hello-interval 60 RB(config-if)# ip ospf dead-interval 240 Implement OSPF MD5 authentication on serial interface (interface level authentication) RB(config)#int s0/0/0 RB(config-if)#ip ospf message-digest-key 1 md5 myPassword RB(config-if)#ip ospf authentication message-digest Verification *Notes: (1) interface bandwidth (2) OSPF Hello and Dead interval (3) OSPF MD5 authentication (4) Default static route propagation for OSPF network (5) Implement static routing protocol from ISP to all internal LAN View all settings RA#show ip route RA#show ip route ospf RA#show ip protocol RA#show ip ospf neighbor RA#show ip ospf database RA#show ip ospf interface RA Change bandwidth for Serial interface RA(config)#interface s0/0/0 RA(config-if)#bandwidth 512 Change OSPF Hello and Dead Interval click for more : RA(config-if)#ip ospf hello-interval 60 RA(config-if)# ip ospf dead-interval 240 version 2020 Page RA(config)#int s0/0/0 RA(config-if)#ip ospf message-digest-key 1 md5 myPassword RA(config-if)#ip ospf authentication message-digest 24 Implement OSPF MD5 authentication on serial interface (interface level authentication) Easy Peasy Switching and Routing TRY THIS! (A) Addressing Table Device Interface IP Address Default Gateway 192.168.0.1/25 2001:DB8:ACAD::1/64 HQ G0/1 FE80::1 link-local S0/0/0 (DCE) 10.1.1.2/30 2001:DB8:ACAD::20:2/64 N/A N/A 192.168.0.253/30 S0/0/1 2001:DB8:ACAD:2::1/30 N/A 172.16.3.1/24 2001:DB8:ACAD:30::1/64 Task 1: Initial Settings ISP G0/0 (1) Configure ALL Basic Device Settings. FE80::3 link-local N/A 10.1.1.1/30 S0/0/0 (2) Configure interfaces with IPv4/IPv6 addresses and activate them. 2001:DB8:ACAD:1::1/64 BRANCH (1) Configure static route from ISP to LAN on HQ and LAN on BRANCH. (2) Configure static route from BRANCH to LAN on HQ. (3) Configure default static route from HQ to Server LAN. N/A 192.168.1.1/24 (3) Configure IPv4/IPv6 addresses on PCs and server. Task 2: IPv4 network 2001:DB8:ACAD:20::/64 PC-A G0/1 FE80::2 link-local S0/0/0 (DCE) 192.168.0.254/30 NIC Task 3: IPv6 network Web Server NIC (1) Configure static route from ISP to LAN on HQ and LAN on BRANCH. PC-C NIC N/A 2001:DB8:ACAD:2::2/64 N/A 192.168.0.3/25 192.168.0.1 2001:DB8:ACAD::3/64 FE80::1 172.16.3.3/24 172.16.3.1 2001:DB8:ACAD:30::3/64 FE80::3 192.168.1.3/24 192.168.1.1 2001:DB8:ACAD:1::3/64 FE80::2 25 (2) Configure static route from BRANCH to LAN on HQ. Page (3) Configure default static route from HQ to Server LAN. version 2020 Easy Peasy Switching and Routing TRY THIS! (B) Addressing Table Device Interface IP Address Default Gateway 192.168.1.1/24 2001:DB8:CAFÉ:1::1/64 RA G0/0 FE80::1 link-local S0/0/0 (DCE) 10.1.1.2/30 2001:DB8:CAFE:A001::1/64 N/A N/A 10.1.1.5/30 S0/0/1 2001:DB8:CAFE:A003::1/64 N/A 172.16.3.1/24 2001:DB8: CAFÉ:2::1/64 RB G0/0 FE80::2 link-local N/A 10.1.1.1/30 Task 1: Initial Settings S0/0/0 2001:DB8:CAFE:A001::2/64 S0/0/1 10.1.1.9/30 (DCE) 2001:DB8:CAFE:A002::1/64 (1) Configure ALL Basic Device Settings. N/A 2.2.2.1/30 2001:DB8:FEED:1::2/64 (2) Configure interfaces with IPv4/IPv6 addresses and activate them. (3) Configure IPv4/IPv6 addresses on PCs and server. Task 2: IPv4 network FE80::4 link-local 192.168.8.1/24 2001:DB8:CAFÉ:3::1/64 RC internal G0/0 FE80::3 link-local S0/0/0 (DCE) 10.1.1.6/30 2001:DB8:CAFE:A003::2/64 N/A N/A 10.1.1.10/30 S0/0/1 (2) Configure default static route from RB to ISP and propagate it. (3) Configure static route from ISP to internal LANs. (1) Configure EIGRP for IPv6 routing protocol for internal networks. Use any valid AS number. (2) Configure default static route from RB to ISP and propagate it. (3) Configure static route from ISP to internal LANs. version 2020 N/A 2.2.2.2/30 ISP Task 3: IPv6 network 2001:DB8:CAFE:A002::2/64 S0/1/0 2001:DB8:FEED:1::1/64 (DCE) FE80::4 link-local N/A 192.168.1.2/25 192.168.1.1 2001:DB8:CAFÉ:1::2/64 FE80::1 172.16.3.2/24 172.16.3.1 2001:DB8:CAFÉ:2::2/64 FE80::1 192.168.8.2/24 192.168.8.1 2001:DB8:CAFÉ:3::2/64 FE80::1 PC-A NIC PC-B NIC PC-C NIC 26 for S0/1/0 Page (1) Configure EIGRP routing protocol networks. Use any valid AS number. N/A Easy Peasy Switching and Routing VLAN ▪ VLANs can segment LAN devices without regard for the physical location of the user or device. ▪ A VLAN is a logical partition of a Layer 2 network. ▪ VLANs are mutually isolated and packets can only pass between VLANs via a router. ▪ Types of VLANs: ▪ Default VLAN ▪ Data VLAN ▪ Native VLAN ▪ Management VLAN Access Control Lists (ACLs) ▪ An ACL is a sequential list of permit or deny statements, known as access control entries (ACEs). ▪ Every ACL should be placed where it has the greatest impact on efficiency. ▪ Extended ACLs – Configure extended ACLs as close as possible to the source of the traffic to be filtered. ▪ Standard ACLs – Since standard ACLs do not specify destination addresses, they should be configured as close to the destination as possible. version 2020 Page Secure Remote Access ▪ Secure Shell (SSH) • An alternative protocol to Telnet. Telnet uses unsecure plaintext of the username and password as well as the data transmitted. • SSH is more secure because it provides an encrypted management connection. Switch Port Security ▪ Port security limits the number of valid MAC addresses allowed to transmit data through a switch port. • If a port has port security enabled and an unknown MAC address sends data, the switch presents a security violation. ▪ Methods use to configure MAC addresses within port security: ▪ Static secure MAC addresses – manually configure ▪ Dynamic Secure MAC addresses – dynamically learned and removed if the switch restarts ▪ Sticky secure MAC addresses dynamically learned and added to the running configuration 27 Chapter 3: SWITCHED TECHNOLOGY NETWORK Easy Peasy Switching and Routing Configuring Switch Security *Notes: To verify the SSH: On the PC, connect to the switch using SSH. click for more : SW-A(config)#interface fastethernet 0/18 Set the interface mode to access SW-A(config-if)#switchport mode access Enable port security on the interface SW-A(config-if)#switchport port-security Configure Sticky Port Security SW-A Specify the interface to be configured for port security SW-A(config)#interface fastethernet 0/19 Set the interface mode to access SW-A(config-if)#switchport mode access Enable port security on the interface SW-A(config-if)#switchport port-security Set the maximum number of secure addresses allowed on the port SW-A(config-if)#switchport port-security maximum 10 Enable sticky learning SW-A(config-if)#switchport port-security mac-address sticky version 2020 28 SW-A(config)#ip domain-name polytechnic.com Generate the IP domain name SW-A(config)#crypto key generate rsa The name for the keys will be: S1.politeknik.com … How many bits in the modulus [512]: 1024 … Configure user authentication SW-A(config)#username admin secret poly2020 Configure the vty lines SW-A(config-line)#line vty 0 4 SW-A(config-line)#transport input ssh SW-A(config-line)#login local SW-A(config-line)#exit Enable SSH version 2 SW-A(config)#ip ssh version 2 SW-A Specify the interface to be configured for port security Page SW-A Configure the IP domain name Easy Peasy Switching and Routing Switch Port Assignment Specifications for both SWITCH Virtual Local Area Network (VLAN) Ports (1) Configure VLAN on SWITCH Addressing Table R1 G0/1 IP Address Subnet Mask Default Gateway Status UP G0/1.10 192.168.10.1 255.255.255.0 N/A G0/1.20 192.168.20.1 255.255.255.0 N/A PC-A NIC 192.168.10.2 255.255.255.0 192.168.10.1 PC-B NIC 192.168.20.2 255.255.255.0 192.168.20.1 SW-A F0/1 802.1Q Trunk N/A SW-B F0/1 802.1Q Trunk N/A SW-A F0/24 802.1Q Trunk N/A SW-A F0/5 VLAN 10 – Students 192.168.10.0/24 SW-B F0/10 VLAN 20 – Teachers 192.168.20.0/24 SW-A Create new VLAN and give name SW-A(config)#vlan 10 SW-A(config-vlan)#name Students SW-A(config)#vlan 20 SW-A(config-vlan)#name Teachers Assign an access interface to access specific VLAN SW-A(config)#interface fa0/5 SW-A(config-if)#switchport mode access SW-A(config-if)#switchport access vlan 10 SW-A(config)#interface fa0/10 SW-A(config-if)#switchport mode access SW-A(config-if)#switchport access vlan 20 Assign trunk interface to allow traffic from specific VLANs shared the interface SW-A(config)#interface fa0/24 SW-A(config-if)#switchport trunk encapsulation dot1q SW-A(config-if)#switchport mode trunk SW-A(config-if)#switchport trunk allowed vlan 10,20 SW-A(config)#interface fa0/1 SW-A(config-if)#switchport mode trunk SW-A(config-if)#switchport trunk allowed vlan 10,20 version 2020 29 Interface Network Page Device Assignment Easy Peasy Switching and Routing SW-B Create new VLAN and give name SW-B(config)#vlan 10 SW-B(config-vlan)#name Students SW-B(config)#vlan 20 SW-B(config-vlan)#name Teachers Assign an access interface to access specific VLAN SW-B(config)#interface fa0/5 SW-B(config-if)#switchport mode access SW-B(config-if)#switchport access vlan 10 SW-B(config)#interface fa0/10 SW-B(config-if)#switchport mode access SW-B(config-if)#switchport access vlan 20 Assign trunk interface to allow traffic from specific VLANs shared the interface SW-B(config)#interface fa0/1 SW-B(config-if)#switchport mode trunk SW-B(config-if)#switchport trunk allowed vlan 10,20 (2) Configure sub-interface for VLAN 20 RA(config)#interface G0/1.20 RA(config-subif)#encapsulation dot1q 20 RA(config-subif)#ip address 192.168.20.1 255.255.255.0 Verification View all settings SW-A#show vlan SW-A#show interfaces SW-A#show interfaces switchport SW-A#show interfaces trunk SW-A#show interfaces vlan [X] click for more : Configure router-on-a-stick inter-VLAN using 802.1Q trunk Page 30 RA Enable the G0/0 interface RA(config)#interface G0/1 RA(config-if)#no shutdown Configure sub-interface for VLAN 10 RA(config)#interface G0/1.10 RA(config-subif)#encapsulation dot1q 10 RA(config-subif)#ip address 192.168.10.1 255.255.255.0 version 2020 Easy Peasy Switching and Routing Configuring Link Aggregation (EtherChannel) Addressing Table Device Interface IP Address Subnet Mask VLAN 99 192.168.99.11 255.255.255.0 SW-B VLAN 99 192.168.99.12 255.255.255.0 SW-C VLAN 99 192.168.99.13 255.255.255.0 PC-A NIC 192.168.10.1 255.255.255.0 PC-B NIC 192.168.10.2 255.255.255.0 PC-C NIC 192.168.10.3 255.255.255.0 SW-A Configure VLAN 99 as native VLAN & name it Mgmt SW-A(config)#vlan 99 SW-A(config-vlan)#name Mgmt SW-A(config-vlan)#exit SW-A(config)#interface vlan 99 SW-A(config-if)#ip add 192.168.99.11 255.255.255.0 SW-B Configure VLAN 99 as native VLAN & name it Mgmt SW-B(config)#vlan 99 SW-B(config-vlan)#name Mgmt SW-B(config-vlan)#exit SW-B(config)#interface vlan 99 SW-B(config-if)#ip add 192.168.99.12 255.255.255.0 SW-C Configure VLAN 99 as native VLAN & name it Mgmt SW-C(config)#vlan 99 SW-C(config-vlan)#name Mgmt SW-C(config-vlan)#exit SW-C(config)#interface vlan 99 SW-C(config-if)#ip add 192.168.99.13 255.255.255.0 Page 31 SW-A Configure VLAN 99 as native VLAN on all Switch version 2020 Easy Peasy Switching and Routing (1) Configure PAgP (Cisco proprietary) between SWA to SW-C Configure LACP (open-source protocol) between SW-A to SW-B SW-A Configure LACP on SW-A SW-A(config)#interface range f0/1-2 SW-A(config-if-range)#channel-group 2 mode active Creating a port-channel interface Port-channel 2 SW-A(config-if-range)#no shutdown Configure interface port-channel as trunk port and assign to native VLAN 99 SW-A(config)#interface port-channel 2 SW-A(config-if)#switchport mode trunk SW-A(config-if)#switchport trunk native vlan 99 SW-B Configure LACP on SW-B SW-B(config)#interface range f0/1-2 SW-B(config-if-range)#channel-group 2 mode passive Creating a port-channel interface Port-channel 2 SW-B(config-if-range)#no shutdown Configure interface port-channel as trunk port and assign to native VLAN 99 SW-B(config)#interface port-channel 2 SW-B(config-if)#switchport mode trunk SW-B(config-if)#switchport trunk native vlan 99 Page 32 SW-A Configure PAgP on SW-A SW-A(config)#interface range f0/3-4 SW-A(config-if-range)#channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 SW-A(config-if-range)#no shutdown Configure interface port-channel as trunk port and assign to native VLAN 99 SW-A(config)#interface port-channel 1 SW-A(config-if)#switchport mode trunk SW-A(config-if)#switchport trunk native vlan 99 SW-C Configure PAgP on SW-C SW-C(config)#interface range f0/3-4 SW-C(config-if-range)#channel-group 1 mode auto Creating a port-channel interface Port-channel 1 SW-C(config-if-range)#no shutdown Configure interface port-channel as trunk port and assign to native VLAN 99 SW-C(config)#interface port-channel 1 SW-C(config-if)#switchport mode trunk SW-C(config-if)#switchport trunk native vlan 99 (2) version 2020 Easy Peasy Switching and Routing (3) Configure LACP between SW-B to SW-C SW-B Configure LACP on SW-B SW-B(config)#interface range f0/3-4 SW-B(config-if-range)#channel-group 3 mode active Creating a port-channel interface Port-channel 3 SW-B(config-if-range)#no shutdown Configure interface port-channel as trunk port and assign to native VLAN 99 SW-B(config)#interface port-channel 3 SW-B(config-if)#switchport mode trunk SW-B(config-if)#switchport trunk native vlan 99 SW-C Configure LACP on SW-C SW-C(config)#interface range f0/1-2 SW-C(config-if-range)#channel-group 3 mode passive Creating a port-channel interface Port-channel 3 SW-C(config-if-range)#no shutdown Configure interface port-channel as trunk port and assign to native VLAN 99 SW-C(config)#interface port-channel 3 SW-C(config-if)#switchport mode trunk SW-C(config-if)#switchport trunk native vlan 99 click for more : Verification Page 33 View all settings SW-A#show run interface [X] SW-A#show interfaces [X] switchport SW-A#show etherchannel SW-A#show etherchannel summary SW-A#show interfaces trunk version 2020 (1) Configure FHRP using HSRP (Hot Standby Routing Protocol) Addressing Table Device Interface IP Address Subnet Mask Default Gateway RA G0/1 192.168.1.1 255.255.255.0 N/A S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A S0/0/0 10.1.1.2 255.255.255.252 N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A S0/1/0 209.165.200.225 255.255.255.224 N/A G0/1 192.168.1.2 255.255.255.0 N/A RB RC S0/0/1 10.2.2.1 255.255.255.252 N/A ISP S0/1/0 (DCE) 209.165.200.226 255.255.255.224 N/A PC-A NIC 192.168.1.31 255.255.255.0 192.168.1.1 PC-C NIC 192.168.1.33 255.255.255.0 192.168.1.3 Step 1: Configure OSPF on all routers RA Configure OSPF for area 0 with process ID = 88 RA(config)#router ospf 88 RA(config-rtr)#network 192.168.1.0 0.0.0.255 area 0 RA(config-rtr)#network 10.1.1.0 0.0.0.3 area 0 RB Configure OSPF for area 0 with process ID = 88 RB(config)#router ospf 88 RB(config-rtr)#network 10.1.1.0 0.0.0.3 area 0 RB(config-rtr)#network 10.2.2.0 0.0.0.3 area 0 *exclude ISP network from the OSPF process Configure default route to access ISP and redistribute it into the OSPF process RB(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0 RB(config)#router ospf 88 RB(config-rtr)#default-information originate RC Configure OSPF for area 0 with process ID = 88 RC(config)#router ospf 88 RC(config-rtr)#network 10.2.2.0 0.0.0.3 area 0 RC(config-rtr)#network 192.168.1.0 0.0.0.255 area 0 Step 2: Configure HSRP on RA and RC RA Configure HSRP on RA RA(config)#interface g0/1 RA(config-if)#standby 1 ip 192.168.1.254 RA(config-if)#standby 1 priority 150 RA(config-if)#standby 1 preempt RC Configure HSRP on RC RC(config)#interface g0/1 RC(config-if)#standby 1 ip 192.168.1.254 tracert 209.165.200.225 ping –t 209.165.200.225 show standby show standby brief version 2020 Page First Hop Redundancy Protocols (FHRP) 34 Easy Peasy Switching and Routing (2) Configure FHRP using GLBP (Gateway Load Balancing Protocol) Addressing Table Device Interface IP Address Subnet Mask Default Gateway RA G0/1 192.168.1.1 255.255.255.0 N/A S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A S0/0/0 10.1.1.2 255.255.255.252 N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A S0/1/0 209.165.200.225 255.255.255.224 N/A G0/1 192.168.1.2 255.255.255.0 N/A RB RC S0/0/1 10.2.2.1 255.255.255.252 N/A ISP S0/1/0 (DCE) 209.165.200.226 255.255.255.224 N/A PC-A NIC 192.168.1.31 255.255.255.0 192.168.1.1 PC-C NIC 192.168.1.33 255.255.255.0 192.168.1.3 Step 1: Configure OSPF on all routers RA Configure OSPF for area 0 with process ID = 88 RA(config)#router ospf 88 RA(config-rtr)#network 192.168.1.0 0.0.0.255 area 0 RA(config-rtr)#network 10.1.1.0 0.0.0.3 area 0 RB Configure OSPF for area 0 with process ID = 88 RB(config)#router ospf 88 RB(config-rtr)#network 10.1.1.0 0.0.0.3 area 0 RB(config-rtr)#network 10.2.2.0 0.0.0.3 area 0 *exclude ISP network from the OSPF process Configure default route to access ISP and redistribute it into the OSPF process RB(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0 RB(config)#router ospf 88 RB(config-rtr)#default-information originate RC Configure OSPF for area 0 with process ID = 88 RC(config)#router ospf 88 RC(config-rtr)#network 10.2.2.0 0.0.0.3 area 0 RC(config-rtr)#network 192.168.1.0 0.0.0.255 area 0 Step 2: Configure GLBP on RA and RC RA Configure GLBP on RA RA(config)#interface g0/1 RA(config-if)#glbp 1 ip 192.168.1.254 RA(config-if)#glbp 1 priority 150 RA(config-if)#glbp 1 preempt RA(config-if)#glbp 1 load-balancing round-robin RC Configure GLBP on RC RC(config)#interface g0/1 RC(config-if)#glbp 1 ip 192.168.1.254 RC(config-if)#glbp 1 load-balancing round-robin show glbp show glbpy brief version 2020 Page First Hop Redundancy Protocols (FHRP) 35 Easy Peasy Switching and Routing Easy Peasy Switching and Routing Access Control List (ACL) (1) Configuring ACL for IPv4 network RA Configure Standard ACL to (1) Allow all traffic from 192.168.10.0/24 to access 192.168.20.0/24 (2) Block all other traffic (3) Implement it on the interface nearest to destination RA(config)#access-list 1 permit 192.168.10.0 0.0.0.255 RA(config)#access-list 1 deny any RA(config)#interface g0/1 RA(config-if)#ip access-group 1 out Configure Standard ACL to (1) Block all traffic from 192.168.20.0/24 to access 192.168.30.0/24 (2) Permit all other traffic (3) Implement it on the interface nearest to destination RA(config)#access-list 2 deny 192.168.20.0 0.0.0.255 RA(config)#access-list 2 permit any RA(config)#interface g0/2 RA(config-if)#ip access-group 2 out click for more : Page Extended ACL Router(config)#access-list aclNumber [deny/permit] protocol sourceAdd sourceWildcard destAdd destWildcard Router(config)#interface ? Router(config-if)#ip access-group aclNumber [in/out] 36 *Notes: (1) Use any valid ACL number (1-99 for standard ACL) (100-199 for extended ACL) (2) Implement standard ACL on the interface nearest to the destination (3) Implement extended ACL on the interface nearest to the source (4) Syntax: Standard ACL Router(config)#access-list aclNumber [deny/permit] sourceAdd sourceWildcard [log] Router(config)#interface ? Router(config-if)#ip access-group aclNumber [in/out] Standard ACL version 2020 Easy Peasy Switching and Routing (2) Configure Extended ACL to (1) Allow all traffic from 192.168.30.0/24 to access 192.168.20.0/24 (2) Deny all traffic from 192.168.30.0/24 to access 192.168.10.0/24 (3) Permit all other traffic (4) Implement it on the interface nearest to source RA(config)#access-list 102 permit ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 RA(config)#access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 RA(config)#access-list 102 permit ip any any RA(config)#interface g0/2 RA(config-if)#ip access-group 102 in Extended ACL Verification View all settings RA#show access-lists RA#show ip interfaces RA# show ip access-lists version 2020 37 click for more : Page RA Configure Extended ACL to (1) Allow all traffic from 192.168.10.0/24 to access 192.168.20.0/24 (2) Deny all traffic from 192.168.10.0/24 to access 192.168.30.0/24 (3) Permit all other traffic (4) Implement it on the interface nearest to source RA(config)#access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 RA(config)#access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255 RA(config)#access-list 101 permit ip any any RA(config)#interface g0/0 RA(config-if)#ip access-group 101 in Easy Peasy Switching and Routing Configuring ACL for IPv6 network Verification View all settings RA#show access-lists RA#show ipv6 interfaces RA# show ipv6 access-lists version 2020 38 click for more : Configure IPv6 ACL to (1) Deny all traffic from 2001:DB8:CAFÉ:10::/64 to access 2001:DB8:CAFÉ:20::/64 (2) Permit all other traffic (3) Implement it on the interface nearest to source RA(config)#ipv6 access-list DENY10TO20 RA(config-ipv6-acl)#deny ipv6 2001:DB8:CAFE:10::/64 2001:DB8:CAFE:20::/64 RA(config-ipv6-acl)#permit ipv6 any any RA(config)#interface g0/0 RA(config-if)#ipv6 traffic-filter DENY10TO20 in Configure IPv6 ACL to (1) Permit all traffic from 2001:DB8:CAFÉ:20::/64 to access 2001:DB8:CAFÉ:30::/64 (2) Deny all other traffic (3) Implement it on the interface nearest to source RA(config)#ipv6 access-list ALLOW20TO30 RA(config-ipv6-acl)#permit ipv6 2001:DB8:CAFE:20::/64 2001:DB8:CAFE:30::/64 RA(config-ipv6-acl)#deny ipv6 any any RA(config)#interface g0/1 RA(config-if)#ipv6 traffic-filter ALLOW20TO30 in Page *Notes: (1) ACL for IPv6 uses same syntax as Named ACL (2) Similar in functionality to IPv4 Extended ACL (3) Implement ACL for IPv6 on the interface nearest to the source (4) Syntax: Router(config)#ipv6 access-list aclName Router(config-ipv6-acl)#[deny/permit] protocol ipv6sourceAdd/prefixLength ipv6destAdd/prefixLength Router(config)#interface ? Router(config-if)#ipv6 traffic-filter aclName [in/out] RA Easy Peasy Switching and Routing Dynamic Host Configuration Protocol (DHCP) (1) RA Exclude reserved ip address/addresses RA(config)#ip dhcp excluded-address 192.168.1.254 RA(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10 Create a DHCP pool and named it accordingly RA(config)#ip dhcp pool poolName Assign the network to be used by DHCP RA(dhcp-config)#network 192.168.1.0 255.255.255.0 Assign default gateway and DNS server Configuring router as DHCP Server RA(dhcp-config)# default-router 192.168.1.1 RA(dhcp-config)# dns-server 192.168.1.10 Assign a lease time of 3 days RA(dhcp-config)# lease 3 Addressing Table Device Interface IP Address Subnet Mask RA G0/1 192.168.1.1 255.255.255.0 DNS server - 192.168.1.10 255.255.255.0 Overall configuration RA(config)#ip dhcp excluded-address 192.168.1.254 RA(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10 RA(config)#ip dhcp pool poolName RA(dhcp-config)#network 192.168.1.0 255.255.255.0 RA(dhcp-config)# default-router 192.168.1.1 RA(dhcp-config)# dns-server 192.168.1.10 RA(dhcp-config)# lease 3 View all settings RA#show ip dhcp pool RA#show ip dhcp binding version 2020 Page click for more : 39 Verification Easy Peasy Switching and Routing (2) Configuring switch as DHCP Server SW-A Configure DHCP for VLAN 10 SW-A(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10 SW-A(config)#ip dhcp pool poolNameVLAN10 SW-A(dhcp-config)#network 192.168.10.0 255.255.255.0 SW-A(dhcp-config)# default-router 192.168.10.1 SW-A(dhcp-config)# dns-server 192.168.10.9 SW-A(dhcp-config)# lease 3 Configure DHCP for VLAN 20 SW-A(config)#ip dhcp excluded-address 192.168.20.1 192.168.20.10 SW-A(config)#ip dhcp pool poolNameVLAN20 SW-A(dhcp-config)#network 192.168.20.0 255.255.255.0 Device Interface IP Address Subnet Mask RA G0/1 192.168.1.1 255.255.255.0 SW-A VLAN 10 192.168.1.10 255.255.255.0 VLAN 20 192.168.2.10 255.255.255.0 version 2020 Page Addressing Table SW-A(dhcp-config)# dns-server 192.168.20.9 SW-A(dhcp-config)# lease 3 Assign default gateway for VLANs SW-A(config)#interface vlan 10 SW-A(config-if)#ip address 192.168.10.1 255.255.255.0 SW-A(config)#interface vlan 20 SW-A(config-if)#ip address 192.168.20.1 255.255.255.0 Assign access port for specific VLAN SW-A(config)#interface fa0/5 SW-A(config-if)#switchport mode access SW-A(config-if)#switchport access vlan 10 SW-A(config)#interface fa0/10 SW-A(config-if)#switchport mode access SW-A(config-if)#switchport access vlan 20 Assign trunk ports SW-A(config)#interface fa0/1 SW-A(config-if)#switchport mode trunk SW-A(config-if)#switchport trunk allowed vlan 10,20 SW-A(config)#interface fa0/24 SW-A(config-if)#switchport mode trunk SW-A(config-if)#switchport trunk allowed vlan 10,20 40 SW-A(dhcp-config)# default-router 192.168.20.1 Easy Peasy Switching and Routing SW-B Configure as DHCP relay / helper SW-B(config)# ip dhcp relay information trust-all Assign access port for specific VLAN SW-B(config)#interface fa0/5 SW-B(config-if)#switchport mode access SW-B(config-if)#switchport access vlan 10 SW-B(config)#interface fa0/10 SW-B(config-if)#switchport mode access SW-B(config-if)#switchport access vlan 20 Assign trunk ports SW-B(config)#interface fa0/1 SW-B(config-if)#switchport mode trunk SW-B(config-if)#switchport trunk allowed vlan 10,20 Verification View all settings SW-A#show ip dhcp pool SW-A# show ip dhcp binding Page 41 click for more : version 2020 Easy Peasy Switching and Routing TRY THIS! (A) TRY THIS! (B) Addressing Table Device IP Address Subnet Mask Default Gateway G0/1.10 172.17.10.1 255.255.255.0 N/A VLAN 10 VLAN G0/1.30 172.17.30.1 255.255.255.0 N/A VLAN 30 PC-A NIC 172.17.10.10 255.255.255.0 172.17.10.1 VLAN 10 PC-C NIC 172.17.30.10 255.255.255.0 172.17.30.1 VLAN 30 Task 1: Initial Settings (1) Configure ALL Basic Device Settings. Task 1: Initial Settings (2) Configure IPv6 addresses on interfaces and devices. (1) Configure ALL Basic Device Settings. Task 2: Single area OSPFv3 Task 2: VLAN (1) Configure single area OSPF. Use any valid value for Process ID. (2) Configure interfaces as trunk and access mode accordingly. Task 3: Inter-VLAN routing (1) Configure sub-interfaces with IPv4 addresses and activated them. (2) Implement configuration for router-on-a-stick. (3) Set IP addresses on devices and test the connectivity using Ping command. version 2020 Task 3: ACL for IPv6 (1) Configure ACL for these rules: a. Deny traffic from 2001:DB8:CAFÉ:10::/64 to access 2001:DB8:CAFÉ:11::/64 b. Allow traffic from 2001:DB8:CAFÉ:30::/64 to access only 2001:DB8:CAFÉ:10::/64 42 (1) Create VLAN on switches. Page RA Interface Easy Peasy Switching and Routing Chapter 4: WAN TECHNOLOGIES AND PROTOCOL Generic Routing Encapsulation (GRE) ▪ The GRE is a non-secure, site-to-site VPN tunneling protocol developed by Cisco. ▪ It manages the transportation of multiprotocol and IP multicast traffic between two or more sites ▪ GRE encapsulation uses a protocol type field in the GRE header to support the encapsulation of any OSI Layer 3 protocol. ▪ GRE does not include any strong security mechanisms. version 2020 43 eBGP ▪ External BGP (eBGP) – External BGP is the routing protocol used between routers in different autonomous systems. ▪ BGP is used when an AS has connections to multiple autonomous systems. This is known as multi-homed. ▪ A misconfiguration of a BGP router could have negative effects throughout the Internet Page WAN Encapsulation Protocols ▪ Data is encapsulated into frames before crossing the WAN link and must be configured for the Layer 2 protocol. ▪ Two types of WAN protocols: ▪ HDLC encapsulation ▪ A synchronous data link layer protocol developed by the International Organization for Standardization (ISO). ▪ Defines a Layer 2 framing structure that allows flow and error control through acknowledgments ▪ PPP encapsulation ▪ Should be used when there is a need to connect to a non-Cisco router. ▪ Encapsulates data frames for transmission over Layer 2 physical links. ▪ Establishes a direct connection using serial cables, phone lines, trunk lines, cellular telephones, specialized radio links, or fiberoptic links. ▪ Supports PAP and CHAP authentication. Easy Peasy Switching and Routing Wide Area Network (WAN) encapsulation (2) Configuring HDLC encapsulation RA Configure Serial interface to use PPP encapsulation RA(config)#interface s0/0/0 RA(config-if)#encapsulation PPP RB Configure Serial interface to use PPP encapsulation RB(config)#interface s0/0/0 RB(config-if)#encapsulation PPP 44 RA Configure Serial interface to use HDLC encapsulation RA(config)#interface s0/0/0 RA(config-if)#encapsulation HDLC RB Configure Serial interface to use HDLC encapsulation RB(config)#interface s0/0/0 RB(config-if)#encapsulation HDLC Configuring PPP encapsulation Page (1) version 2020 Easy Peasy Switching and Routing (3) Configuring PPP with PAP authentication Verification View all settings RA# show interfaces s0/0/0 RA# debug ppp negotiation RA# debug ppp packet RA# undebug all click for more : NOTES# (1) 1st router hostname: RA (2) 2nd router hostname: RB (3) PAP password: PAPpass (4) Type of encapsulation: PPP (5) Type of authentication: PAP RB Configure neighbor username with predefined password RB(config)#username RA password PAPpass Configure Serial interface to use PPP encapsulation RB(config)#interface S0/0/0 RB(config-if)#ip address 10.10.10.2 255.255.255.252 RB(config-if)#no shutdown RB(config-if)#encapsulation PPP Configure PAP authentication RB(config-if)#PPP authentication PAP RB(config-if)#PPP PAP sent-username RB password PAPpass Page 45 RA Configure neighbor username with predefined password RA(config)#username RB password PAPpass Configure Serial interface to use PPP encapsulation RA(config)#interface S0/0/0 RA(config-if)#ip address 10.10.10.1 255.255.255.252 RA(config-if)#no shutdown RA(config-if)#encapsulation PPP Configure PAP authentication RA(config-if)#PPP authentication PAP RA(config-if)#PPP PAP sent-username RA password PAPpass version 2020 Easy Peasy Switching and Routing (4) Configuring PPP with CHAP authentication click for more : NOTES# (1) 1st router hostname: RA (2) 2nd router hostname: RB (3) PAP password: CHAPpass (4) Type of encapsulation: PPP (5) Type of authentication: CHAP RB Configure neighbor username with predefined password RA(config)#username RB password CHAPpass RB(config)#username RA password CHAPpass Configure Serial interface to use PPP encapsulation Configure Serial interface to use PPP encapsulation RA(config)#interface S0/0/0 RA(config-if)#ip address 10.10.10.1 255.255.255.252 RA(config-if)#no shutdown RA(config-if)#encapsulation PPP RB(config)#interface S0/0/0 RB(config-if)#ip address 10.10.10.2 255.255.255.252 RB(config-if)#no shutdown RB(config-if)#encapsulation PPP Configure PAP authentication Configure PAP authentication RA(config-if)#PPP authentication CHAP RB(config-if)#PPP authentication CHAP Page 46 RA Configure neighbor username with predefined password version 2020 Easy Peasy Switching and Routing Step 1: Configuring VPN with GRE tunneling BranchA Configure default static route to ISP BranchA(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.2 BranchB Configure default static route to ISP BranchB(config)#ip route 0.0.0.0 0.0.0.0 2.2.2.2 Step 2: BranchA Configure GRE tunnel interface BranchA(config)#interface tunnel 0 BranchA(config-if)#ip add 172.16.12.1 255.255.255.252 BranchA(config-if)#tunnel source s0/0/0 BranchA(config-if)#tunnel destination 2.2.2.1 BranchB Configure GRE tunnel interface Addressing table Device Interface IP Address Subnet Mask Default Gateway BranchA G0/1 192.168.1.1 255.255.255.0 N/A S0/0/0 (DCE) 1.1.1.1 255.255.255.252 N/A Tunnel0 172.16.12.1 255.255.255.252 N/A S0/0/0 1.1.1.2 255.255.255.252 N/A S0/0/1 (DCE) 2.2.2.2 255.255.255.252 N/A G0/1 192.168.2.1 255.255.255.0 N/A S0/0/1 2.2.2.1 255.255.255.252 N/A Tunnel0 172.16.12.2 255.255.255.252 N/A PC-A NIC 172.16.1.3 255.255.255.0 172.16.1.1 PC-C NIC 172.16.2.3 255.255.255.0 172.16.2.1 version 2020 47 BranchB *Note: For the tunnel source command, either the interface name or the IP address can be used as the source Page ISP BranchB(config)#interface tunnel 0 BranchB(config-if)#ip add 172.16.12.2 255.255.255.252 BranchB(config-if)#tunnel source s0/0/1 BranchB(config-if)#tunnel destination 1.1.1.1 Easy Peasy Switching and Routing Step 3: click for more : BranchA Enable routing over the GRE tunnel *Notes: In this example, use OSPF routing protocol BranchA(config)#router ospf 1 BranchA(config-rtr)#network 192.168.1.0 0.0.0.255 area 0 BranchA(config-rtr)#network 172.16.12.0 0.0.0.3 area 0 BranchB Enable routing over the GRE tunnel *Notes: In this example, use OSPF routing protocol BranchB(config)#router ospf 1 BranchB(config-rtr)#network 192.168.2.0 0.0.0.255 area 0 BranchB(config-rtr)#network 172.16.12.0 0.0.0.3 area 0 Verification GRE tunnel Verify the status of the tunnel interface BranchA#show ip interface brief BranchA#show interfaces tunnel 0 BranchA#ping 172.16.12.2 BranchA#traceroute 192.168.2.1 OSPF routing Verify the accessiblity between LANs BranchA#show ip route Ping between PCs Page 48 Traceroute between PCs version 2020 Easy Peasy Switching and Routing Step 2: Configuring eBGP RB Configure BGP RB(config)#router bgp 65000 RB(config-rtr)#bgp router-id 2.2.2.2 RB(config-rtr)#bgp log-neighbor-changes RB(config-rtr)#network 198.133.219.0 mask 255.255.255.240 RB(config-rtr)#neighbor 209.165.200.1 remote-as 65001 RA Configure Default Static Route to direct traffic Addressing table IP Address Subnet Mask RA S0/0/0 (DCE) 198.133.219.1 255.255.255.240 RB S0/0/0 198.133.219.2 255.255.255.240 S0/0/1 209.165.200.2 255.255.255.252 S0/0/1 (DCE) 209.165.200.1 255.255.255.252 G0/0 10.10.10.1 255.255.255.0 NIC 10.10.10.10 255.255.255.0 ISP-RC Web Server RA(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0 ISP-RC Configure Default Static Route to direct traffic ISP-RC(config)#ip route 0.0.0.0 0.0.0.0 G0/0 Verification BGP routing protocol Verify the status of BGP Step 1: ISP-RC Enable BGP with valid AS number ISP-RC(config)#router bgp 65001 Assign valid router-ID ISP-RC(config-rtr)#bgp router-id 1.1.1.1 Log neighbor up/down and reset reason ISP-RC(config-rtr)#bgp log-neighbor-changes Specify a network to announce via BGP ISP-RC(config-rtr)#network 10.10.10.0 mask 255.255.255.0 Specify a BGP neighbor router ISP-RC(config-rtr)#neighbor 209.165.200.2 remote-as 65000 RB#show RB#show RB#show RB#show ip ip ip ip route bgp bgp neighbors bgp summary OSPF routing Verify the accessiblity between LANs Ping between RA and Web Server click for more : version 2020 49 Interface Page Device Easy Peasy Switching and Routing TRY THIS! (A) TRY THIS! (B) Task 1: Initial Settings (1) Configure ALL Basic Device Settings. (2) Configure IPv4 addresses on interfaces. Task 2: VPN using GRE (1) Configure tunnel interface and implement GRE to support VPN connection between the internal LANs. Task 3: RIP Task 1: Initial Settings (1) Configure RIP on RA. Advertised only LANs network. (1) Configure ALL Basic Device Settings. (2) Configure RIP on RB. Advertised only LANs network. (2) Configure IPv4 addresses on interfaces. (3) Test connectivity between LANs using ping. Task 2: BGP (1) Configure BGP on the border routers. Page 50 (2) Test connectivity between RA and RB using ping. version 2020 Easy Peasy Switching and Routing Chapter 5: FULL TOPOLOGY CONFIGURATION All the examples within this chapter are supported by full configuration: 51 Initials configuration with static routing protocols RIP and RIPng dynamic routing protocol EIGRP dynamic routing protocol for both IPv4 and IPv6 networks Single area OSPF dynamic routing protocol for both IPv4 and IPv6 networks Multi area OSPF dynamic routing protocol for both IPv4 and IPv6 networks VLAN and inter-VLAN dynamic routing protocol using router-on-a-stick approach Configuring PPP encapsulation with CHAP authentication and GRE tunneling (VPN) Page (1) (2) (3) (4) (5) (6) (7) version 2020 Easy Peasy Switching and Routing Addressing Table Interface IP Address Subnet Mask Default Gateway RA G0/1 192.168.1.1 255.255.255.0 N/A S0/0/1 10.1.1.1 255.255.255.252 N/A G0/1 S0/0/0 (DCE) Lo0 192.168.2.1 255.255.255.0 N/A 10.1.1.2 255.255.255.252 N/A 209.165.200.225 255.255.255.224 N/A Lo1 198.133.219.1 255.255.255.0 N/A PC-A NIC 192.168.1.10 255.255.255.0 192.168.1.1 PC-B NIC 192.168.2.10 255.255.255.0 192.168.2.1 RB Page Device Basic Configuration Router(config)#hostname RA RA(config)#enable password myPass RA(config)#enable secret secPass RA(config)#line console 0 RA(config-line)#password conPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#line vty 0 4 RA(config-line)#password vtyPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#banner motd #Authorized Only# RA(config)#no ip domain-lookup RA(config)#service password-encryption Assign IP addresses on intefaces RA(config)#int g0/1 RA(config-if)#ip address 192.168.1.1 255.255.255.0 RA(config-if)#no shutdown RA(config)#int s0/0/1 RA(config-if)#ip address 10.1.1.1 255.255.255.252 RA(config-if)#no shutdown Configure recursive static route from RA to access LAN on interface G0/1 @ RB RA(config)#ip route 192.168.2.0 255.255.255.0 10.1.1.2 Configure default static route from RA to access LAN on interface lo0 and lo1 @ RB RA(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1 52 RA Initials configuration with static routing protocols version 2020 Easy Peasy Switching and Routing version 2020 Page Basic Configuration Router(config)#hostname RB RB(config)#enable password myPass RB(config)#enable secret secPass RB(config)#line console 0 RB(config-line)#password conPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#line vty 0 4 RB(config-line)#password vtyPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#banner motd #Authorized Only# RB(config)#no ip domain-lookup RB(config)#service password-encryption Assign IP addresses on intefaces RB(config)#int g0/1 RB(config-if)#ip address 192.168.2.1 255.255.255.0 RB(config-if)#no shutdown RB(config)#int s0/0/0 RB(config-if)#ip address 10.1.1.2 255.255.255.252 RB(config-if)#clock rate 128000 RB(config-if)#no shutdown RB(config)#int lo0 RB(config-if)#ip address 209.165.200.225 255.255.255.224 RB(config)#int lo1 RB(config-if)#ip address 198.133.219.1 255.255.255.0 Configure directly connected static route from RB to LAN on RA RB(config)#ip route 192.168.1.0 255.255.255.0 s0/0/0 53 click for more : RB Easy Peasy Switching and Routing RIP and RIPng Addressing Table Device Interface RA G0/1 S0/0/0 (DCE) RB G0/0 S0/0/0 S0/0/1 (DCE) RC G0/1 S0/0/1 PC-A NIC PC-B NIC PC-C NIC IP Address 172.30.10.1 2001:DB8:ACAD:A::1/64 FE80::1 link-local 10.1.1.1 2001:DB8:ACAD:12::1/64 FE80::1 link-local 209.165.201.1 2001:DB8:ACAD:B::1/64 FE80::2 link-local 10.1.1.2 2001:DB8:ACAD:12::2/64 FE80::2 link-local 10.2.2.2 2001:DB8:ACAD:23::1/64 FE80::2 link-local 172.30.30.1 2001:DB8:ACAD:C::1/64 FE80::3 link-local 10.2.2.1 2001:DB8:ACAD:23::2/64 FE80::3 link-local 172.30.10.3 2001:DB8:ACAD:A::A/64 209.165.201.2 2001:DB8:ACAD:B::B/64 172.30.30.3 2001:DB8:ACAD:C::C/64 Subnet Mask Default Gateway 255.255.255.0 N/A 255.255.255.252 N/A 255.255.255.0 N/A 255.255.255.252 N/A 255.255.255.252 N/A 255.255.255.0 N/A 255.255.255.252 N/A 255.255.255.0 172.30.10.1 FE80::1 255.255.255.0 209.165.201.1 FE80::2 255.255.255.0 172.30.30.1 FE80::3 Task 1: Configure basic device settings Task 2: Configure and verify RIPv2 Routing 54 Task 3: Configure and verify RIPng Routing Page Task 4: Configure default route and propagate it version 2020 Easy Peasy Switching and Routing RA Page 55 Basic Configuration Router(config)#hostname RA RA(config)#enable password myPass RA(config)#enable secret secPass RA(config)#line console 0 RA(config-line)#password conPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#line vty 0 4 RA(config-line)#password vtyPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#banner motd #Authorized Only# RA(config)#no ip domain-lookup RA(config)#service password-encryption Assign IP addresses on interfaces RA(config)#int g0/1 RA(config-if)#ip address 172.30.10.1 255.255.255.0 RA(config-if)#ipv6 address 2001:DB8:ACAD:A::1/64 RA(config-if)#ipv6 address fe80::1 link-local RA(config-if)#no shutdown RA(config)#int s0/0/0 RA(config-if)#ip address 10.1.1.1 255.255.255.252 RA(config-if)#ipv6 address 2001:DB8:ACAD:12::1/64 RA(config-if)#ipv6 address fe80::1 link-local RA(config-if)#clock rate 128000 RA(config-if)#no shutdown Configure RIPv2 RA(config)#router rip RA(config-rtr)#version 2 RA(config-rtr)#network 172.30.10.0 RA(config-rtr)#network 10.1.1.0 RA(config-rtr)#no auto-summary Configure RIPng. Use TEST1 as the process name RA(config)#ipv6 unicast-routing RA(config)#ipv6 router rip TEST1 RA(config-rtr)#exit Enable RIPng on interfaces RA(config)#int g0/1 RA(config-if)# ipv6 rip TEST1 enable RA(config)#int s0/0/0 RA(config-if)# ipv6 rip TEST1 enable version 2020 Easy Peasy Switching and Routing RB Basic Configuration Router(config)#hostname RB RB(config)#enable password myPass RB(config)#enable secret secPass RB(config)#line console 0 RB(config-line)#password conPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#line vty 0 4 RB(config-line)#password vtyPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#banner motd #Authorized Only# RB(config)#no ip domain-lookup RB(config)#service password-encryption Page 56 Assign IP addresses on interfaces RB(config)#int g0/0 RB(config-if)#ip address 209.165.201.1 255.255.255.0 RB(config-if)#ipv6 address 2001:DB8:ACAD:B::1/64 RB(config-if)#ipv6 address fe80::2 link-local RB(config-if)#no shutdown RB(config)#int s0/0/0 RB(config-if)#ip address 10.1.1.2 255.255.255.252 RB(config-if)#ipv6 address 2001:DB8:ACAD:12::2/64 RB(config-if)#ipv6 address fe80::2 link-local RB(config-if)#no shutdown RB(config)#int s0/0/1 RB(config-if)#ip address 10.2.2.2 255.255.255.252 RB(config-if)#ipv6 address 2001:DB8:ACAD:23::1/64 RB(config-if)#ipv6 address fe80::2 link-local RB(config-if)#clock rate 128000 RB(config-if)#no shutdown Configure RIPv2 RB(config)#router rip RB(config-rtr)#version 2 RB(config-rtr)#network 10.1.1.0 RB(config-rtr)#network 10.2.2.0 RB(config-rtr)#no auto-summary Configure RIPng. Use TEST1 as the process name RB(config)#ipv6 unicast-routing RB(config)#ipv6 router rip TEST1 RB(config-rtr)#exit Enable RIPng on interfaces RB(config)#int s0/0/0 RB(config-if)# ipv6 rip TEST1 enable RB(config)#int s0/0/1 RB(config-if)# ipv6 rip TEST1 enable Configure default static route to forwards any unknown destination address traffic to the RB G0/0 toward PC-B, simulating the Internet by setting a Gateway of Last Resort on the RB router RB(config)#ip route 0.0.0.0 0.0.0.0 g0/0 or RB(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.1 Advertise default route to other routers RB(config)#router rip RB(config-rtr)#default-information originate version 2020 Easy Peasy Switching and Routing click for more: version 2020 57 Basic Configuration Router(config)#hostname RC RC(config)#enable password myPass RC(config)#enable secret secPass RC(config)#line console 0 RC(config-line)#password conPass RC(config-line)#login RC(config-line)#logging synchronous RC(config-line)#exec-timeout 5 0 RC(config)#line vty 0 4 RC(config-line)#password vtyPass RC(config-line)#login RC(config-line)#logging synchronous RC(config-line)#exec-timeout 5 0 RC(config)#banner motd #Authorized Only# RC(config)#no ip domain-lookup RC(config)#service password-encryption Assign IP addresses on interfaces RC(config)#int g0/1 RC(config-if)#ip address 172.30.30.1 255.255.255.0 RC(config-if)#ipv6 address 2001:DB8:ACAD:C::1/64 RC(config-if)#ipv6 address fe80::3 link-local RC(config-if)#no shutdown RC(config)#int s0/0/1 RC(config-if)#ip address 10.2.2.1 255.255.255.252 RC(config-if)#ipv6 address 2001:DB8:ACAD:23::2/64 RC(config-if)#ipv6 address fe80::3 link-local RC(config-if)#no shutdown Configure RIPv2 RC(config)#router rip RC(config-rtr)#version 2 RC(config-rtr)#network 172.30.30.0 RC(config-rtr)#network 10.2.2.0 RC(config-rtr)#no auto-summary Configure RIPng. Use TEST1 as the process name RC(config)#ipv6 unicast-routing RC(config)#ipv6 router rip TEST1 RC(config-rtr)#exit Enable RIPng on interfaces RC(config)#int g0/1 RC(config-if)# ipv6 rip TEST1 enable RC(config)#int s0/0/1 RC(config-if)# ipv6 rip TEST1 enable Page RC Easy Peasy Switching and Routing EIGRP for IPv4 and EIGRP for IPv6 Addressing Table Device Interface RA G0/0 S0/0/0 (DCE) S0/0/1 RB G0/0 S0/0/0 S0/0/1 (DCE) RC G0/0 S0/0/0 (DCE) S0/0/1 PC-A NIC PC-B NIC PC-C NIC IP Address Subnet Mask 192.168.1.1 2001:DB8:CAFÉ:A::1/64 FE80::1 link-local 10.1.1.1 2001:DB8:CAFÉ:B::1/64 FE80::1 link-local 10.3.3.1 2001:DB8:CAFÉ:C::1/64 FE80::1 link-local 192.168.2.1 2001:DB8:CAFÉ:D::1/64 FE80::2 link-local 10.1.1.2 2001:DB8:CAFÉ:B::2/64 FE80::2 link-local 10.2.2.2 2001:DB8:CAFÉ:E::1/64 FE80::2 link-local 192.168.3.1 2001:DB8:CAFÉ:F::1/64 FE80:3 link-local 10.3.3.2 2001:DB8:CAFÉ:C::2/64 FE80::3 link-local 10.2.2.1 2001:DB8:CAFÉ:E::2/64 FE80::3 link-local 192.168.1.3 2001:DB8:CAFÉ:A::2/64 192.168.2.3 2001:DB8:CAFÉ:D::2/64 192.168.3.3 2001:DB8:CAFÉ:F::2/64 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.0 255.255.255.0 Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A N/A 192.168.1.1 FE80::1 192.168.2.1 FE80::2 192.168.3.1 FE80::3 Task 1: Configure basic device settings 58 Task 2: Configure and verify EIGRP Routing Page Task 3: Configure Serial interface Bandwidth Task 4: Configure EIGRP Passive Interfaces version 2020 Easy Peasy Switching and Routing RA Configure EIGRP. Use AS = 88 RA(config)#router eigrp 88 RA(config-rtr)#eigrp router-id 1.1.1.1 RA(config-rtr)#network 192.168.1.0 0.0.0.255 RA(config-rtr)#network 10.1.1.0 0.0.0.3 RA(config-rtr)# network 10.3.3.0 0.0.0.3 Basic Configuration Router(config)#hostname RA RA(config)#enable password myPass RA(config)#enable secret secPass RA(config)#line console 0 RA(config-line)#password conPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#line vty 0 4 RA(config-line)#password vtyPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#banner motd #Authorized Only# RA(config)#no ip domain-lookup RA(config)#service password-encryption Configure EIGRP for IPv6 RA(config)#ipv6 unicast-routing RA(config)#ipv6 router eigrp 88 RA(config-rtr)#eigrp router-id 1.1.1.1 RA(config-rtr)#no shutdown Enable EIGRP for IPv6 on interfaces RA(config)#int g0/0 RA(config-if)# ipv6 eigrp 88 RA(config)#int s0/0/0 RA(config-if)# ipv6 eigrp 88 RA(config)#int s0/0/1 RA(config-if)# ipv6 eigrp 88 Assign IP addresses on interfaces Change bandwidth on serial intefaces RA(config)#int g0/0 RA(config-if)#ip address 192.168.1.1 255.255.255.0 RA(config-if)#ipv6 address 2001:DB8:CAFE:A::1/64 RA(config-if)#ipv6 address fe80::1 link-local RA(config-if)#no shutdown RA(config)#int s0/0/0 RA(config-if)#ip address 10.1.1.1 255.255.255.252 RA(config-if)#ipv6 address 2001:DB8:CAFÉ:B::1/64 RA(config-if)#ipv6 address fe80::1 link-local RA(config-if)#clock rate 128000 RA(config-if)#no shutdown RA(config)#int s0/0/1 RA(config-if)#ip address 10.3.3.1 255.255.255.252 RA(config-if)#ipv6 address 2001:DB8:CAFÉ:C::1/64 RA(config-if)#ipv6 address fe80::1 link-locaL RA(config-if)#no shutdown RA(config)#int s0/0/0 RA(config-if)# bandwidth 2048 RA(config)#int s0/0/1 RA(config-if)# bandwidth 64 Assign LAN interface as EIGRP passive interface RA(config)#router eigrp 88 RA(config-rtr)#passive-inteface g0/0 version 2020 Page 59 RA(config)#ipv6 router eigrp 88 RA(config-rtr)#passive-inteface g0/0 Easy Peasy Switching and Routing RB Configure EIGRP. Use AS = 88 RB(config)#router eigrp 88 RB(config-rtr)#eigrp router-id 2.2.2.2 RB(config-rtr)#network 192.168.2.0 0.0.0.255 RB(config-rtr)#network 10.1.1.0 0.0.0.3 RB(config-rtr)# network 10.2.2.0 0.0.0.3 Basic Configuration Router(config)#hostname RB RB(config)#enable password myPass RB(config)#enable secret secPass RB(config)#line console 0 RB(config-line)#password conPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#line vty 0 4 RB(config-line)#password vtyPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#banner motd #Authorized Only# RB(config)#no ip domain-lookup RB(config)#service password-encryption Configure EIGRP for IPv6 RB(config)#ipv6 unicast-routing RB(config)#ipv6 router eigrp 88 RB(config-rtr)#eigrp router-id 2.2.2.2 RB(config-rtr)#no shutdown Enable EIGRP for IPv6 on interfaces RB(config)#int g0/0 RB(config-if)# ipv6 eigrp 88 RB(config)#int s0/0/0 RB(config-if)# ipv6 eigrp 88 RB(config)#int s0/0/1 RB(config-if)# ipv6 eigrp 88 Assign IP addresses on interfaces Change bandwidth on serial intefaces RB(config)#int g0/0 RB(config-if)#ip address 192.168.2.1 255.255.255.0 RB(config-if)#ipv6 address 2001:DB8:CAFE:A::1/64 RB(config-if)#ipv6 address fe80::2 link-local RB(config-if)#no shutdown RB(config)#int s0/0/0 RB(config-if)#ip address 10.1.1.2 255.255.255.252 RB(config-if)#ipv6 address 2001:DB8:CAFÉ:B::2/64 RB(config-if)#ipv6 address fe80::2 link-local RB(config-if)#no shutdown RB(config)#int s0/0/1 RB(config-if)#ip address 10.2.2.2 255.255.255.252 RB(config-if)#ipv6 address 2001:DB8:CAFÉ:E::1/64 RB(config-if)#ipv6 address fe80::2 link-locaL RB(config-if)#clock rate 128000 RB(config-if)#no shutdown RB(config)#int s0/0/0 RB(config-if)# bandwidth 2048 RB(config)#int s0/0/1 RB(config-if)# bandwidth 2048 Assign LAN interface as EIGRP passive interface RB(config)#router eigrp 88 RB(config-rtr)#passive-inteface g0/0 version 2020 Page 60 RB(config)#ipv6 router eigrp 88 RB(config-rtr)#passive-inteface g0/0 Easy Peasy Switching and Routing RC Configure EIGRP. Use AS = 88 RC(config)#router eigrp 88 RC(config-rtr)#eigrp router-id 3.3.3.3 RC(config-rtr)#network 192.168.2.0 0.0.0.255 RC(config-rtr)#network 10.2.2.0 0.0.0.3 RC(config-rtr)# network 10.3.3.0 0.0.0.3 Basic Configuration Router(config)#hostname RC RC(config)#enable password myPass RC(config)#enable secret secPass RC(config)#line console 0 RC(config-line)#password conPass RC(config-line)#login RC(config-line)#logging synchronous RC(config-line)#exec-timeout 5 0 RC(config)#line vty 0 4 RC(config-line)#password vtyPass RC(config-line)#login RC(config-line)#logging synchronous RC(config-line)#exec-timeout 5 0 RC(config)#banner motd #Authorized Only# RC(config)#no ip domain-lookup RC(config)#service password-encryption Configure EIGRP for IPv6 RC(config)#ipv6 unicast-routing RC(config)#ipv6 router eigrp 88 RC(config-rtr)#eigrp router-id 3.3.3.3 RC(config-rtr)#no shutdown Enable EIGRP for IPv6 on interfaces RC(config)#int g0/0 RC(config-if)# ipv6 eigrp 88 RC(config)#int s0/0/0 RC(config-if)# ipv6 eigrp 88 RC(config)#int s0/0/1 RC(config-if)# ipv6 eigrp 88 Assign IP addresses on interfaces Change bandwidth on serial intefaces RC(config)#int g0/0 RC(config-if)#ip address 192.168.3.1 255.255.255.0 RC(config-if)#ipv6 address 2001:DB8:CAFE:F::1/64 RC(config-if)#ipv6 address fe80::3 link-local RC(config-if)#no shutdown RC(config)#int s0/0/0 RC(config-if)#ip address 10.3.3.2 255.255.255.252 RC(config-if)#ipv6 address 2001:DB8:CAFÉ:C::2/64 RC(config-if)#ipv6 address fe80::3 link-local RC(config-if)#clock rate 128000 RC(config-if)#no shutdown RC(config)#int s0/0/1 RC(config-if)#ip address 10.2.2.1 255.255.255.252 RC(config-if)#ipv6 address 2001:DB8:CAFÉ:E::2/64 RC(config-if)#ipv6 address fe80::3 link-locaL RC(config-if)#no shutdown RC(config)#int s0/0/0 RC(config-if)# bandwidth 64 RC(config)#int s0/0/1 RC(config-if)# bandwidth 2048 Assign LAN interface as EIGRP passive interface RC(config)#router eigrp 88 RC(config-rtr)#passive-inteface g0/0 RC(config)#ipv6 router eigrp 88 RC(config-rtr)#passive-inteface g0/0 version 2020 Page 61 click for more : Easy Peasy Switching and Routing Single area OSPFv2 and OSPFv3 AREA 0 Addressing Table Device Interface RA G0/0 S0/0/0 (DCE) S0/0/1 RB G0/0 S0/0/0 S0/0/1 (DCE) RC G0/0 S0/0/0 (DCE) S0/0/1 PC-A NIC PC-B NIC PC-C NIC IP Address Subnet Mask 192.168.1.1 2001:DB8:CAFÉ:A::1/64 FE80::1 link-local 10.1.1.1 2001:DB8:CAFÉ:B::1/64 FE80::1 link-local 10.3.3.1 2001:DB8:CAFÉ:C::1/64 FE80::1 link-local 192.168.2.1 2001:DB8:CAFÉ:D::1/64 FE80::2 link-local 10.1.1.2 2001:DB8:CAFÉ:B::2/64 FE80::2 link-local 10.2.2.2 2001:DB8:CAFÉ:E::1/64 FE80::2 link-local 192.168.3.1 2001:DB8:CAFÉ:F::1/64 FE80:3 link-local 10.3.3.2 2001:DB8:CAFÉ:C::2/64 FE80::3 link-local 10.2.2.1 2001:DB8:CAFÉ:E::2/64 FE80::3 link-local 192.168.1.3 2001:DB8:CAFÉ:A::2/64 192.168.2.3 2001:DB8:CAFÉ:D::2/64 192.168.3.3 2001:DB8:CAFÉ:F::2/64 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.0 255.255.255.0 Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A N/A 192.168.1.1 FE80::1 192.168.2.1 FE80::2 192.168.3.1 FE80::3 Task 1: Configure basic device settings Page 62 Task 2: Configure and verify OSPF Single Area Routing Task 3: Configure OSPF Passive Interfaces version 2020 Easy Peasy Switching and Routing RA Configure OSPFV2 single area. Use AREA ID = 0, PROCESS ID = 88 Basic Configuration RA(config)#router ospf 88 RA(config-rtr)# router-id 1.1.1.1 RA(config-rtr)#network 192.168.1.0 0.0.0.255 area 0 RA(config-rtr)#network 10.1.1.0 0.0.0.3 area 0 RA(config-rtr)#network 10.3.3.0 0.0.0.3 area 0 Router(config)#hostname RA RA(config)#enable password myPass RA(config)#enable secret secPass RA(config)#line console 0 RA(config-line)#password conPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#line vty 0 4 RA(config-line)#password vtyPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#banner motd #Authorized Only# RA(config)#no ip domain-lookup RA(config)#service password-encryption Configure OSPFv3 RA(config)#ipv6 router ospf 88 RA(config-rtr)# router-id 1.1.1.1 Enable OSPFv3 on interfaces RA(config)#int g0/0 RA(config-if)# ipv6 ospf 88 area 0 RA(config)#int s0/0/0 RA(config-if)# ipv6 ospf 88 area 0 RA(config)#int s0/0/1 RA(config-if)# ipv6 ospf 88 area 0 Assign LAN interface as OSPF passive interface RA(config)#router ospf 88 RA(config-rtr)#passive-inteface g0/0 RA(config)#ipv6 router ospf 88 RA(config-rtr)#passive-inteface g0/0 version 2020 63 RA(config)#int g0/0 RA(config-if)#ip address 192.168.1.1 255.255.255.0 RA(config-if)#ipv6 address 2001:DB8:CAFE:A::1/64 RA(config-if)#ipv6 address fe80::1 link-local RA(config-if)#no shutdown RA(config)#int s0/0/0 RA(config-if)#ip address 10.1.1.1 255.255.255.252 RA(config-if)#ipv6 address 2001:DB8:CAFÉ:B::1/64 RA(config-if)#ipv6 address fe80::1 link-local RA(config-if)#clock rate 128000 RA(config-if)#no shutdown RA(config)#int s0/0/1 RA(config-if)#ip address 10.3.3.1 255.255.255.252 RA(config-if)#ipv6 address 2001:DB8:CAFÉ:C::1/64 RA(config-if)#ipv6 address fe80::1 link-locaL RA(config-if)#no shutdown Page Assign IP addresses on interfaces Easy Peasy Switching and Routing RB Configure OSPFV2 single area. Use AREA ID = 0, PROCESS ID = 88 Basic Configuration RB(config)#router ospf 88 RB(config-rtr)#router-id 2.2.2.2 RB(config-rtr)#network 192.168.2.0 0.0.0.255 area 0 RB(config-rtr)#network 10.1.1.0 0.0.0.3 area 0 RB(config-rtr)#network 10.2.2.0 0.0.0.3 area 0 Router(config)#hostname RB RB(config)#enable password myPass RB(config)#enable secret secPass RB(config)#line console 0 RB(config-line)#password conPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#line vty 0 4 RB(config-line)#password vtyPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#banner motd #Authorized Only# RB(config)#no ip domain-lookup RB(config)#service password-encryption Configure OSPFv3 RB(config)#ipv6 router ospf 88 RB(config-rtr)# router-id 2.2.2.2 Enable OSPFv3 on interfaces RB(config)#int g0/0 RB(config-if)# ipv6 ospf 88 area 0 RB(config)#int s0/0/0 RB(config-if)# ipv6 ospf 88 area 0 RB(config)#int s0/0/1 RB(config-if)# ipv6 ospf 88 area 0 Assign LAN interface as OSPF passive interface RB(config)#router ospf 88 RB(config-rtr)#passive-inteface g0/0 RB(config)#ipv6 router ospf 88 RB(config-rtr)#passive-inteface g0/0 version 2020 64 RB(config)#int g0/0 RB(config-if)#ip address 192.168.2.1 255.255.255.0 RB(config-if)#ipv6 address 2001:DB8:CAFE:A::1/64 RB(config-if)#ipv6 address fe80::2 link-local RB(config-if)#no shutdown RB(config)#int s0/0/0 RB(config-if)#ip address 10.1.1.2 255.255.255.252 RB(config-if)#ipv6 address 2001:DB8:CAFÉ:B::2/64 RB(config-if)#ipv6 address fe80::2 link-local RB(config-if)#no shutdown RB(config)#int s0/0/1 RB(config-if)#ip address 10.2.2.2 255.255.255.252 RB(config-if)#ipv6 address 2001:DB8:CAFÉ:E::1/64 RB(config-if)#ipv6 address fe80::2 link-locaL RB(config-if)#clock rate 128000 RB(config-if)#no shutdown Page Assign IP addresses on interfaces Easy Peasy Switching and Routing RC Configure OSPFV2 single area. Use AREA ID = 0, PROCESS ID = 88 Basic Configuration RC(config)#router ospf 88 RC(config-rtr)#router-id 3.3.3.3 RC(config-rtr)#network 192.168.2.0 0.0.0.255 area 0 RC(config-rtr)#network 10.2.2.0 0.0.0.3 area 0 RC(config-rtr)#network 10.3.3.0 0.0.0.3 area 0 Router(config)#hostname RC RC(config)#enable password myPass RC(config)#enable secret secPass RC(config)#line console 0 RC(config-line)#password conPass RC(config-line)#login RC(config-line)#logging synchronous RC(config-line)#exec-timeout 5 0 RC(config)#line vty 0 4 RC(config-line)#password vtyPass RC(config-line)#login RC(config-line)#logging synchronous RC(config-line)#exec-timeout 5 0 RC(config)#banner motd #Authorized Only# RC(config)#no ip domain-lookup RC(config)#service password-encryption Configure OSPFv3 RC(config)#ipv6 router ospf 88 RC(config-rtr)# router-id 3.3.3.3 Enable OSPFv3 on interfaces RC(config)#int g0/0 RC(config-if)# ipv6 ospf 88 area 0 RC(config)#int s0/0/0 RC(config-if)# ipv6 ospf 88 area 0 RC(config)#int s0/0/1 RC(config-if)# ipv6 ospf 88 area 0 Assign LAN interface as OSPF passive interface RC(config)#router ospf 88 RC(config-rtr)#passive-inteface g0/0 RC(config)#ipv6 router ospf 88 RC(config-rtr)#passive-inteface g0/0 click for more : version 2020 65 RC(config)#int g0/0 RC(config-if)#ip address 192.168.3.1 255.255.255.0 RC(config-if)#ipv6 address 2001:DB8:CAFE:F::1/64 RC(config-if)#ipv6 address fe80::3 link-local RC(config-if)#no shutdown RC(config)#int s0/0/0 RC(config-if)#ip address 10.3.3.2 255.255.255.252 RC(config-if)#ipv6 address 2001:DB8:CAFÉ:C::2/64 RC(config-if)#ipv6 address fe80::3 link-local RC(config-if)#clock rate 128000 RC(config-if)#no shutdown RC(config)#int s0/0/1 RC(config-if)#ip address 10.2.2.1 255.255.255.252 RC(config-if)#ipv6 address 2001:DB8:CAFÉ:E::2/64 RC(config-if)#ipv6 address fe80::3 link-locaL RC(config-if)#no shutdown Page Assign IP addresses on interfaces Easy Peasy Switching and Routing Multiarea OSPFv2 and OSPFv3 Addressing Table Interface S0/0/0 (DCE) Lo0 AREA 0 RA Lo1 G0/0 G0/1 AREA 1 AREA 2 S0/0/0 RB S0/0/1 (DCE) Lo99 (ISP) Task 1: Configure basic device settings S0/0/1 Task 2: Configure and verify OSPF Multi Area Routing Lo4 RC Lo5 click for more : G0/0 Subnet Mask Default Gateway 10.10.10.1 2001:DB8:ACAD:12::1/64 FE80::1 link-local 192.168.1.1 2001:DB8:ACAD:1::1/64 FE80::1 link-local 192.168.2.1 2001:DB8:ACAD:2::1/64 FE80::1 link-local 192.168.3.1 2001:DB8:ACAD:3::1/64 FE80::1 link-local 192.168.4.1 2001:DB8:ACAD:4::1/64 FE80::1 link-local 10.10.10.2 2001:DB8:ACAD:12::2/64 FE80::2 link-local 10.20.20.1 2001:DB8:ACAD:23::1/64 FE80::2 link-local 209.188.99.1 2001:DB8:ACAD:99::1/64 10.20.20.2 2001:DB8:ACAD:23::2/64 FE80::3 link-local 192.168.5.1 2001:DB8:ACAD:5::1/64 FE80::3 link-local 192.168.6.1 2001:DB8:ACAD:6::1/64 FE80::3 link-local 192.168.7.1 2001:DB8:ACAD:7::1/64 FE80::3 link-local 192.168.8.1 2001:DB8:ACAD:8::1/64 FE80::3 link-local 255.255.255.252 N/A 255.255.255.255 N/A 255.255.255.255 N/A 255.255.255.0 N/A 255.255.255.0 N/A 255.255.255.252 N/A 255.255.255.252 N/A 255.255.255.255 N/A 255.255.255.252 N/A 255.255.255.255 N/A 255.255.255.255 N/A 255.255.255.0 N/A 255.255.255.0 N/A Page G0/1 IP Address 66 Device version 2020 Basic Configuration Router(config)#hostname RA RA(config)#enable password myPass RA(config)#enable secret secPass RA(config)#line console 0 RA(config-line)#password conPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#line vty 0 4 RA(config-line)#password vtyPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#banner motd #Authorized Only# RA(config)#no ip domain-lookup RA(config)#service password-encryption RA(config)#ipv6 unicast-routing Assign IP addresses on interfaces RA(config)# int s0/0/0 RA(config-if)#ip address 10.10.10.1 255.255.255.252 RA(config-if)#ipv6 address 2001:DB8:ACAD:12::1/64 RA(config-if)#ipv6 address fe80::1 link-local RA(config-if)#clock rate 128000 RA(config-if)#no shutdown RA(config)#int lo0 RA(config-if)#ip address 192.168.1.1 255.255.255.255 RA(config-if)#ipv6 address 2001:DB8:ACAD:1::1/64 RA(config-if)#ipv6 address fe80::1 link-locaL RA(config)#int lo1 RA(config-if)#ip address 192.168.2.1 255.255.255.255 RA(config-if)#ipv6 address 2001: DB8:ACAD:2::1/64 RA(config-if)#ipv6 address fe80::1 link-locaL RA(config)# int g0/0 RA(config-if)#ip address 192.168.3.1 255.255.255.0 RA(config-if)#ipv6 address 2001:DB8:ACAD:3::1/64 RA(config-if)#ipv6 address fe80::1 link-local RA(config-if)#no shutdown RA(config)# int g0/1 RA(config-if)#ip address 192.168.4.1 255.255.255.0 RA(config-if)#ipv6 address 2001:DB8:ACAD:4::1/64 RA(config-if)#ipv6 address fe80::1 link-local RA(config-if)#no shutdown Configure OSPFV2 multi area. Use PROCESS ID = 88 RA(config)#router ospf 88 RA(config-rtr)# router-id 1.1.1.1 RA(config-rtr)# network 10.10.10.0 0.0.0.3 area 0 RA(config-rtr)# network 192.168.1.1 0.0.0.0 area 1 RA(config-rtr)# network 192.168.2.1 0.0.0.0 area 1 RA(config-rtr)# network 192.168.3.0 0.0.0.255 area 1 RA(config-rtr)# network 192.168.4.0 0.0.0.255 area 1 Configure OSPFv3 RA(config)#ipv6 router ospf 88 RA(config-rtr)# router-id 1.1.1.1 Enable OSPFv3 on interfaces RA(config)#int s0/0/0 RA(config-if)# ipv6 ospf 88 area 0 RA(config)#int lo0 RA(config-if)# ipv6 ospf 88 area 1 RA(config)#int lo1 RA(config-if)# ipv6 ospf 88 area 1 RA(config)#int g0/0 RA(config-if)# ipv6 ospf 88 area 1 RA(config)#int g0/1 RA(config-if)# ipv6 ospf 88 area 1 version 2020 Page RA 67 Easy Peasy Switching and Routing Easy Peasy Switching and Routing RB RB(config)#ipv6 route ::/64 lo99 Advertise default route to other routers RB(config)#router ospf 88 RB(config-rtr)#default-information originate Page 68 Basic Configuration Router(config)#hostname RB RB(config)#enable password myPass RB(config)#enable secret secPass RB(config)#line console 0 RB(config-line)#password conPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#line vty 0 4 RB(config-line)#password vtyPass RB(config-line)#login RB(config-line)#logging synchronous RB(config-line)#exec-timeout 5 0 RB(config)#banner motd #Authorized Only# RB(config)#no ip domain-lookup RB(config)#service password-encryption RB(config)#ipv6 unicast-routing Assign IP addresses on interfaces RB(config)# int s0/0/0 RB(config-if)#ip address 10.10.10.2 255.255.255.252 RB(config-if)#ipv6 address 2001:DB8:ACAD:12::2/64 RB(config-if)#ipv6 address fe80::2 link-local RB(config-if)#no shutdown RB(config)# int s0/0/1 RB(config-if)#ip address 10.20.20.1 255.255.255.252 RB(config-if)#ipv6 address 2001:DB8:ACAD:23::1/64 RB(config-if)#ipv6 address fe80::2 link-local RB(config-if)#clock rate 128000 RB(config-if)#no shutdown RB(config)#int lo99 RB(config-if)#ip address 209.188.99.1 255.255.255.255 RB(config-if)#ipv6 address 2001:DB8:ACAD:99::1/64 RB(config-if)#ipv6 address fe80::2 link-locaL Configure OSPFV2 multi area. Use PROCESS ID = 88 RB(config)#router ospf 88 RB(config-rtr)# router-id 2.2.2.2 RB(config-rtr)# network 10.10.10.0 0.0.0.3 area 0 RB(config-rtr)# network 10.20.20.0 0.0.0.3 area 0 Configure OSPFv3 RB(config)#ipv6 router ospf 88 RB(config-rtr)# router-id 2.2.2.2 Enable OSPFv3 on interfaces RB(config)#int s0/0/0 RB(config-if)# ipv6 ospf 88 area 0 RB(config)#int s0/0/1 RB(config-if)# ipv6 ospf 88 area 0 Configure default static route to forwards any unknown destination address traffic to the Lo99 interface, simulating the Internet by setting a Gateway of Last Resort on the RB router RB(config)#ip route 0.0.0.0 0.0.0.0 lo99 version 2020 Basic Configuration Router(config)#hostname RC RC(config)#enable password myPass RC(config)#enable secret secPass RC(config)#line console 0 RC(config-line)#password conPass RC(config-line)#login RC(config-line)#logging synchronous RC(config-line)#exec-timeout 5 0 RC(config)#line vty 0 4 RC(config-line)#password vtyPass RC(config-line)#login RC(config-line)#logging synchronous RC(config-line)#exec-timeout 5 0 RC(config)#banner motd #Authorized Only# RC(config)#no ip domain-lookup RC(config)#service password-encryption RC(config)#ipv6 unicast-routing Assign IP addresses on interfaces RC(config)# int s0/0/1 RC(config-if)#ip address 10.20.20.2 255.255.255.252 RC(config-if)#ipv6 address 2001:DB8:ACAD:23::2/64 RC(config-if)#ipv6 address fe80::3 link-local RC(config-if)#no shutdown RC(config)#int lo4 RC(config-if)#ip address 192.168.5.1 255.255.255.255 RC(config-if)#ipv6 address 2001:DB8:ACAD:5::1/64 RC(config-if)#ipv6 address fe80::3 link-locaL RC(config)#int lo5 RC(config-if)#ip address 192.168.6.1 255.255.255.255 RC(config-if)#ipv6 address 2001: DB8:ACAD:6::1/64 RC(config-if)#ipv6 address fe80::3 link-locaL RC(config)# int g0/0 RC(config-if)#ip address 192.168.7.1 255.255.255.0 RC(config-if)#ipv6 address 2001:DB8:ACAD:7::1/64 RC(config-if)#ipv6 address fe80::3 link-local RC(config-if)#no shutdown RC(config)# int g0/1 RC(config-if)#ip address 192.168.8.1 255.255.255.0 RC(config-if)#ipv6 address 2001:DB8:ACAD:8::1/64 RC(config-if)#ipv6 address fe80::3 link-local RC(config-if)#no shutdown Configure OSPFV2 multi area. Use PROCESS ID = 88 RC(config)#router ospf 88 RC(config-rtr)# router-id 3.3.3.3 RC(config-rtr)# network 10.20.20.0 0.0.0.3 area 0 RC(config-rtr)# network 192.168.5.1 0.0.0.0 area 2 RC(config-rtr)# network 192.168.6.1 0.0.0.0 area 2 RC(config-rtr)# network 192.168.7.0 0.0.0.255 area 2 RC(config-rtr)# network 192.168.8.0 0.0.0.255 area 2 Configure OSPFv3 RC(config)#ipv6 router ospf 88 RC(config-rtr)# router-id 3.3.3.3 Enable OSPFv3 on interfaces RC(config)#int s0/0/1 RC(config-if)# ipv6 ospf 88 area 0 RC(config)#int lo4 RC(config-if)# ipv6 ospf 88 area 2 RC(config)#int lo5 RC(config-if)# ipv6 ospf 88 area 2 RC(config)#int g0/0 RC(config-if)# ipv6 ospf 88 area 2 RC(config)#int g0/1 RC(config-if)# ipv6 ospf 88 area 2 version 2020 Page RC 69 Easy Peasy Switching and Routing Easy Peasy Switching and Routing VLAN and inter-VLAN Addressing Table Device RA SW-A SW-B Task 1: Configure basic device settings Interface / Port Status Name / IP Address Subnet Mask G0/0 G0/0.10 Trunk 172.16.10.1 255.255.255.0 G0/0.20 Fa0/5 Fa0/6 Fa0/7 Fa0/8 Fa0/1 Fa0/2 Other ports Fa0/5 Fa0/6 Fa0/7 Fa0/8 Fa0/1 Other ports 172.16.20.1 Staff 255.255.255.0 VLAN 10 (Access) VLAN 20 (Access) Trunk Trunk Guest VLAN 1 172.16.1.1 VLAN 10 (Access) VLAN 20 (Access) Trunk Staff VLAN 1 172.16.1.2 255.255.255.0 Guest 255.255.255.0 Task 2: Configure VLAN Page 70 Task 3: Configure inter-VLAN routing protocol using router-on-a-stick approach version 2020 Easy Peasy Switching and Routing SW-A Basic Configuration Switch(config)#hostname SW-A SW-A(config)#enable password myPass SW-A(config)#enable secret secPass SW-A(config)#line console 0 SW-A(config-line)#password conPass SW-A(config-line)#login SW-A(config-line)#logging synchronous SW-A(config-line)#exec-timeout 5 0 SW-A(config)#line vty 0 4 SW-A(config-line)#password vtyPass SW-A(config-line)#login SW-A(config-line)#logging synchronous SW-A(config-line)#exec-timeout 5 0 SW-A(config)#banner motd #Authorized Only# SW-A(config)#no ip domain-lookup SW-A(config)#service password-encryption Create VLAN for management SW-A(config)#interface VLAN 1 SW-A(config-if)#description VLAN use for management SW-A(config-if)#ip address 172.16.1.1 255.255.255.0 SW-A(config-if)#no shutdown SW-A(config-if)#exit Create default gateway to SW-A Use IP from VLAN 1 SW-A(config)#ip default-gateway 172.16.1.1 Configure DNS domain name SW-A(config)#ip domain-name example.com Define SSH version to use SW-A(config)#ip ssh version 2 Enable vty lines to use SSH SW-A(config)#line vty 0 4 SW-A(config-line)#login local SW-A(config-line)#transport input ssh Create VLAN 10, 20 and give name SW-A(config)#vlan 10 SW-A(config-vlan)#name Staff SW-A(config)#vlan 20 SW-A(config-vlan)#name Guest Assign an access interface to access specific VLAN SW-A(config)#interface range fa0/5-6 SW-A(config-if-range)#switchport mode access SW-A(config-if-range)#switchport access vlan 10 SW-A(config)#interface range fa0/7-8 SW-A(config-if-range)#switchport mode access SW-A(config-if-range)#switchport access vlan 20 Assign trunk interface to allow traffic from specific VLANs shared the interface SW-A(config)#interface fa0/1 SW-A(config-if)#switchport trunk encapsulation dot1q SW-A(config-if)#switchport mode trunk SW-A(config-if)#switchport trunk allowed vlan 10,20 SW-A(config)#interface fa0/2 SW-A(config-if)#switchport mode trunk SW-A(config-if)#switchport trunk allowed vlan 10,20 Configure a username and password SW-A(config)#username admin password adminPASS 71 Generate encryption keys using 1024 bit Page SW-A(config)#crypto key generate rsa How many bits in the modulus [512]: 1024 version 2020 Easy Peasy Switching and Routing SW-B Basic Configuration Switch(config)#hostname SW-B SW-B(config)#enable password myPass SW-B(config)#enable secret secPass SW-B(config)#line console 0 SW-B(config-line)#password conPass SW-B(config-line)#login SW-B(config-line)#logging synchronous SW-B(config-line)#exec-timeout 5 0 SW-B(config)#line vty 0 4 SW-B(config-line)#password vtyPass SW-B(config-line)#login SW-B(config-line)#logging synchronous SW-B(config-line)#exec-timeout 5 0 SW-B(config)#banner motd #Authorized Only# SW-B(config)#no ip domain-lookup SW-B(config)#service password-encryption Create VLAN for management SW-B(config)#interface VLAN 1 SW-B(config-if)#description VLAN use for management SW-B(config-if)#ip address 172.16.1.2 255.255.255.0 SW-B(config-if)#no shutdown SW-B(config-if)#exit Define SSH version to use SW-B(config)#ip ssh version 2 Enable vty lines to use SSH SW-B(config)#line vty 0 4 SW-B(config-line)#login local SW-B(config-line)#transport input ssh Create VLAN 10, 20 and give name SW-B(config)#vlan 10 SW-B(config-vlan)#name Staff SW-B(config)#vlan 20 SW-B(config-vlan)#name Guest Assign an access interface to access specific VLAN SW-B(config)#interface range fa0/5-6 SW-B(config-if-range)#switchport mode access SW-B(config-if-range)#switchport access vlan 10 SW-B(config)#interface range fa0/7-8 SW-B(config-if-range)#switchport mode access SW-B(config-if-range)#switchport access vlan 20 Assign trunk interface to allow traffic from specific VLANs shared the interface SW-B(config)#interface fa0/1 SW-B(config-if)#switchport trunk encapsulation dot1q SW-B(config-if)#switchport mode trunk SW-B(config-if)#switchport trunk allowed vlan 10,20 Create default gateway to SW-A Use IP from VLAN 1 SW-B(config)#ip default-gateway 172.16.1.2 Configure DNS domain name SW-B(config)#ip domain-name example.com Configure a username and password SW-B(config)#username admin password adminPASS 72 Generate encryption keys using 1024 bit Page SW-B(config)#crypto key generate rsa How many bits in the modulus [512]: 1024 version 2020 Easy Peasy Switching and Routing RA Basic Configuration Router(config)#hostname RA RA(config)#enable password myPass RA(config)#enable secret secPass RA(config)#line console 0 RA(config-line)#password conPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#line vty 0 4 RA(config-line)#password vtyPass RA(config-line)#login RA(config-line)#logging synchronous RA(config-line)#exec-timeout 5 0 RA(config)#banner motd #Authorized Only# RA(config)#no ip domain-lookup RA(config)#service password-encryption Enable the G0/0 interface RA(config)#interface G0/0 RA(config-if)#no shutdown Configure sub-interface for VLAN 10 RA(config)#interface G0/0.10 RA(config-subif)#encapsulation dot1q 10 RA(config-subif)#ip address 172.16.10.1 255.255.255.0 Configure sub-interface for VLAN 20 RA(config)#interface G0/0.20 RA(config-subif)#encapsulation dot1q 20 RA(config-subif)#ip address 172.16.20.1 255.255.255.0 Page 73 click for more : version 2020 Easy Peasy Switching and Routing Configuring PPP and GRE tunneling (VPN) Addressing Table Device Interface IP Address Subnet Mask Default Gateway G0/0 192.168.1.1 255.255.255.0 N/A S0/0/0 209.133.8.2 255.255.255.252 N/A Tunnel0 192.168.3.1 255.255.255.252 N/A 209.133.8.1 255.255.255.252 N/A S0/0/1 (DCE) 209.133.9.1 255.255.255.252 N/A G0/0 192.168.2.1 255.255.255.0 N/A S0/0/1 209.133.9.2 255.255.255.252 N/A Tunnel0 192.168.3.2 255.255.255.252 N/A PC-A NIC 192.168.1.2 255.255.255.0 192.168.1.1 PC-C NIC 192.168.2.2 255.255.255.0 192.168.2.1 Branch-A S0/0/0 ISP Branch-B (DCE) Task 1: Configure Basic Device Settings Task 2: Configure PPP Encapsulation Task 3: Configure PPP CHAP Authentication Page 74 Task 4: Configure VPN using GRE tunneling between Branch-A dan Branch-B version 2020 Easy Peasy Switching and Routing Configure neighbor username with predefined password Branch-A(config)#username ISP password CHAPpass version 2020 75 Configure Serial interface to use PPP encapsulation Branch-A(config)#interface S0/0/0 Branch-A(config-if)#encapsulation PPP Configure PAP encapsulation with CHAP authentication Branch-A(config-if)#PPP authentication CHAP Page Branch-A Basic Configuration Router(config)#hostname Branch-A Branch-A(config)#enable password myPass Branch-A(config)#enable secret secPass Branch-A(config)#line console 0 Branch-A(config-line)#password conPass Branch-A(config-line)#login Branch-A(config-line)#logging synchronous Branch-A(config-line)#exec-timeout 5 0 Branch-A(config)#line vty 0 4 Branch-A(config-line)#password vtyPass Branch-A(config-line)#login Branch-A(config-line)#logging synchronous Branch-A(config-line)#exec-timeout 5 0 Branch-A(config)#banner motd #Authorized Only# Branch-A(config)#no ip domain-lookup Branch-A(config)#service password-encryption Assign IP addresses on interfaces Branch-A(config)# int s0/0/0 Branch-A(config-if)#ip address 209.133.8.2 255.255.255.252 Branch-A(config-if)#no shutdown Branch-A(config)# int g0/0 Branch-A(config-if)#ip address 192.168.1.1 255.255.255.0 Branch-A(config-if)#no shutdown Configure GRE tunnel interface Branch-A(config)#interface tunnel 0 Branch-A(config-if)#ip address 192.168.3.1 255.255.255.252 Branch-A(config-if)#tunnel source s0/0/0 Branch-A(config-if)#tunnel destination 209.133.9.2 Configure OSPFV2 single area. Include only G0/0 and Tunnel0 LAN. Use AREA ID = 0, PROCESS ID = 88 Branch-A(config)#router ospf 88 Branch-A(config-rtr)# router-id 1.1.1.1 Branch-A(config-rtr)# network 192.168.1.0 0.0.0.255 area 0 Branch-A(config-rtr)# network 192.168.3.0 0.0.0.3 area 0 Configure default static route to ISP Branch-A(config)#ip route 0.0.0.0 0.0.0.0 209.133.8.1 Easy Peasy Switching and Routing version 2020 76 Configure neighbor username with predefined password Branch-B(config)#username ISP password CHAPpass BranchConfigure Serial interface to use PPP encapsulation B(config)#interface S0/0/1 Branch-B(config-if)#encapsulation PPP Configure PAP encapsulation with CHAP authentication Branch-B(config-if)#PPP authentication CHAP Page Branch-B Basic Configuration Router(config)#hostname Branch-B Branch-B(config)#enable password myPass Branch-B(config)#enable secret secPass Branch-B(config)#line console 0 Branch-B(config-line)#password conPass Branch-B(config-line)#login Branch-B(config-line)#logging synchronous Branch-B(config-line)#exec-timeout 5 0 Branch-B(config)#line vty 0 4 Branch-B(config-line)#password vtyPass Branch-B(config-line)#login Branch-B(config-line)#logging synchronous Branch-B(config-line)#exec-timeout 5 0 Branch-B(config)#banner motd #Authorized Only# Branch-B(config)#no ip domain-lookup Branch-B(config)#service password-encryption Assign IP addresses on interfaces Branch-B(config)#int s0/0/1 Branch-B(config-if)#ip address 209.133.9.2 255.255.255.252 Branch-B(config-if)#no shutdown Branch-B(config)#int g0/0 Branch-B(config-if)#ip address 192.168.2.1 255.255.255.0 Branch-B(config-if)#no shutdown Configure GRE tunnel interface Branch-B(config)#interface tunnel 0 Branch-B(config-if)#ip address 192.168.3.2 255.255.255.252 Branch-B(config-if)#tunnel source s0/0/1 Branch-B(config-if)#tunnel destination 209.133.8.2 Configure OSPFV2 single area. Include only G0/0 and Tunnel0 LAN. Use AREA ID = 0, PROCESS ID = 88 Branch-B(config)#router ospf 88 Branch-B(config-rtr)# router-id 2.2.2.2 Branch-B(config-rtr)# network 192.168.2.0 0.0.0.255 area 0 Branch-B(config-rtr)# network 192.168.3.0 0.0.0.3 area 0 Configure default static route to ISP Branch-B(config)#ip route 0.0.0.0 0.0.0.0 209.133.9.1 Easy Peasy Switching and Routing ISP click for more : Page 77 Basic Configuration Router(config)#hostname ISP ISP(config)#enable password myPass ISP(config)#enable secret secPass ISP(config)#line console 0 ISP(config-line)#password conPass ISP(config-line)#login ISP(config-line)#logging synchronous ISP(config-line)#exec-timeout 5 0 ISP(config)#line vty 0 4 ISP(config-line)#password vtyPass ISP(config-line)#login ISP(config-line)#logging synchronous ISP(config-line)#exec-timeout 5 0 ISP(config)#banner motd #Authorized Only# ISP(config)#no ip domain-lookup ISP(config)#service password-encryption Assign IP addresses on interfaces ISP(config)# int s0/0/0 ISP(config-if)#ip address 209.133.8.1 255.255.255.252 ISP(config-if)#clock rate 128000 ISP(config-if)#no shutdown ISP(config)# int s0/0/1 ISP(config-if)#ip address 209.133.9.1 255.255.255.252 ISP(config-if)#clock rate 128000 ISP(config-if)#no shutdown Configure neighbor username with predefined password ISP(config)#username Branch-A password CHAPpass ISP(config)#username Branch-B password CHAPpass Configure Serial interface to use PPP encapsulation and CHAP authentication ISP(config)#interface S0/0/0 ISP(config-if)#encapsulation PPP ISP(config-if)#PPP authentication CHAP ISP(config)#interface S0/0/1 ISP(config-if)#encapsulation PPP ISP(config-if)#PPP authentication CHAP version 2020 Easy Peasy Switching and Routing Chapter 6: EXERCISE Test your understanding using examples from this chapter: 78 Initials configuration with static routing protocols RIP and RIPng dynamic routing protocol EIGRP dynamic routing protocol for both IPv4 and IPv6 networks Single area OSPF dynamic routing protocol for both IPv4 and IPv6 networks Multi area OSPF dynamic routing protocol for both IPv4 and IPv6 networks VLAN and inter-VLAN dynamic routing protocol using router-on-a-stick approach Router as DHCP server Access Control List (ACLs) Configuring PPP encapsulation with CHAP authentication Configuring VPN with GRE tunneling Page (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) version 2020 Easy Peasy Switching and Routing Static Routing Protocols Addressing Table Device Interface G0/0 SBW S0/0/0 G0/0 KCH S0/0/0 (DCE) S0/0/1 (DCE) G0/0 MYY S0/0/1 PC-A NIC PC-B NIC PC-C NIC IPv4 Address 192.168.25.1/24 2001:DB8:1:1::1/64 FE80::1 link-local 172.31.1.1/30 2001:DB8:1:A001::1/64 FE80::1 link-local 192.168.35.1/24 2001:DB8:1:2::1/64 FE80::2 link-local 172.31.1.2/30 2001:DB8:1:A001::2/64 FE80::2 link-local 172.31.1.5/30 2001:DB8:1:A002::1/64 FE80::3 link-local 192.168.45.1/24 2001:DB8:1:3::1/64 FE80::3 link-local 172.31.1.6/30 2001:DB8:1:A002::2/64 FE80::3 link-local 192.168.25.5/24 2001:DB8:1:1::F/64 192.168.35.5/24 2001:DB8:1:2::F/64 192.168.45.5/24 2001:DB8:1:3::F/64 Subnet Mask 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.0 255.255.255.0 Task 1 - Configure Basic Settings on ALL devices Page interfaces with IP addresses. 79 a) Configure all initial setting of devices and activate version 2020 Easy Peasy Switching and Routing Task 2 - Configure Static and Default Routes a) Configure recursive static routes on SBW. b) Configure a directly attached static route from KCH to every network not directly connected. c) Configure a default route on MYY so that every network not directly connected is reachable. d) Verify static route configuration on each router. e) Test end-to-end connectivity. Ping between each PCs should be successful. If they are not, troubleshoot as necessary. Task 3 - Configure IPv6 Static and Default Routes a) Enable IPv6 routing on all routers. b) Configure recursive static routes on SBW. c) Configure a directly attached static route from KCH to every network not directly connected. d) Configure a default route on MYY so that every network not directly connected is reachable. e) Verify static route configuration on each router. Every device should now be able to ping every other 80 device. If not, troubleshoot as necessary. Page f) version 2020 Easy Peasy Switching and Routing RIP and RIPng Dynamic Routing Protocol Addressing Table Device Interface G0/0 SBW S0/0/0 G0/0 KCH S0/0/0 (DCE) S0/0/1 (DCE) G0/0 MYY S0/0/1 PC-A NIC PC-B NIC PC-C NIC IPv4 Address 192.168.25.1/24 2001:DB8:1:1::1/64 FE80::1 link-local 172.31.1.1/30 2001:DB8:1:A001::1/64 FE80::1 link-local 192.168.35.1/24 2001:DB8:1:2::1/64 FE80::2 link-local 172.31.1.2/30 2001:DB8:1:A001::2/64 FE80::2 link-local 172.31.1.5/30 2001:DB8:1:A002::1/64 FE80::3 link-local 192.168.45.1/24 2001:DB8:1:3::1/64 FE80::3 link-local 172.31.1.6/30 2001:DB8:1:A002::2/64 FE80::3 link-local 192.168.25.5/24 2001:DB8:1:1::F/64 192.168.35.5/24 2001:DB8:1:2::F/64 192.168.45.5/24 2001:DB8:1:3::F/64 Subnet Mask 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.0 255.255.255.0 Task 1 - Configure Basic Settings on ALL devices a) Configure all initial setting of devices and activate Page 81 interfaces with IP addresses. version 2020 Easy Peasy Switching and Routing Task 2 - Configure and Verify RIPv2 Routing a) Configure RIPv2 on SBW as the routing protocol and advertise the appropriate connected networks. Turn off automatic summarization in RIPv2. b) Configure RIPv2 on KCH and use the network statement to add the appropriate connected networks. Turn off automatic summarization in RIPv2. c) Configure RIPv2 on MYY and use the network statement to add the appropriate connected networks. Turn off automatic summarization in RIPv2. d) Test end-to-end connectivity. Ping between each PCs should be successful. If they are not, troubleshoot as necessary. Task 3 - Configure and Verify RIPng Routing a) Configure RIPng on SBW as the routing protocol. b) Configure RIPng on KCH. c) Configure RIPng on MYY. d) Test end-to-end connectivity. Ping between each PCs should be successful. If they are not, troubleshoot as Page 82 necessary. version 2020 Easy Peasy Switching and Routing EIGRP for IPv4 and EIGRP for IPv6 Addressing Table SBW 1.1.1.1 Interface G0/0 S0/0/0 S0/0/1 HQ 2.2.2.2 G0/0 S0/0/0 (DCE) S0/0/1 (DCE) MYY 3.3.3.3 G0/0 S0/0/0 (DCE) S0/0/1 PC-A NIC PC-B NIC PC-C NIC IP Address 192.168.15.1/24 2001:DB8:ACAD:A::1/64 FE80::1 link-local 192.168.12.1/30 2001:DB8:ACAD:12::1/64 FE80::1 link-local 192.18.13.1/30 2001:DB8:ACAD:13::1/64 FE80::1 link-local 192.168.25.1/24 2001:DB8:ACAD:B::1/64 FE80::2 link-local 192.168.12.2/30 2001:DB8:ACAD:12::2/64 FE80::2 link-local 192.168.23.1/30 2001:DB8:ACAD:23::1/64 FE80::2 link-local 192.168.35.1/24 2001:DB8:ACAD:C::1/64 FE80::3 link-local 192.168.13.2/30 2001:DB8:ACAD:13::2/64 FE80::3 link-local 192.168.23.2/30 2001:DB8:ACAD:23::2/64 FE80::3 link-local 192.168.15.5/24 2001:DB8:ACAD:A::5/64 192.168.25.5/24 2001:DB8:ACAD:B::5/64 192.168.35.5/24 2001:DB8:ACAD:C::5/64 Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A N/A 192.168.15.1 FE80::1 192.168.25.1 FE80::2 192.168.35.1 FE80::3 Task 1 - Configure Basic Settings on ALL devices a) Configure all initial setting of devices and activate interfaces with IP addresses. version 2020 83 EIGRP Router ID Page Device Easy Peasy Switching and Routing Task 2 - Configure EIGRP for IPv4 routing Task 3 - Configure EIGRP for IPv6 routing a) On SBW, configure EIGRP routing with an autonomous a) Configure EIGRP for IPv6 routing on SBW. system (AS) ID =5 for all directly connected networks. • b) Assign router ID 1.1.1.1. Assign 5 as the AS Number to begin the EIGRP for IPv6 routing configuration process. c) For the LAN interface on SBW, disable the transmission of EIGRP hello packets. d) On HQ, configure EIGRP routing with an AS ID = 5 for all • Assign 1.1.1.1 as the router ID. • Enable EIGRP for IPv6 routing. b) Configure the EIGRP for IPv6 routing on HQ. networks, disable transmission of EIGRP hello packets for • the LAN interface, and assign the router ID 2.2.2.2. Assign 5 as the AS Number to begin the EIGRP for IPv6 routing configuration process. e) On MYY, configure EIGRP routing with an AS ID = 5 for • Assign 2.2.2.2 as the router ID. all networks, disable transmission of EIGRP hello packets • Enable EIGRP for IPv6 routing. for the LAN interface, and assign the router ID 3.3.3.3. Test connectivity. All PCs should be able to ping one • Assign 5 as the AS Number to begin the EIGRP for IPv6 routing configuration process. another. Verify and troubleshoot if necessary. • Assign 3.3.3.3 as the router ID. • Enable EIGRP for IPv6 routing. 84 d) Verify end-to-end connectivity. Page f) c) Configure the EIGRP for IPv6 routing on MYY. version 2020 Easy Peasy Switching and Routing Addressing Table Interface R1 G0/0 S0/0/0 S0/0/1 R2 G0/0 S0/0/0 (DCE) S0/0/1 (DCE) R3 G0/0 S0/0/0 (DCE) S0/0/1 PC-A NIC PC-B NIC PC-C NIC IPv6 Address 192.168.10.1/24 2001:DB8:ACAD:A::1/64 FE80::1 link-local 10.10.10.1/30 2001:DB8:ACAD:12::1/64 FE80::1 link-local 10.10.10.9/30 2001:DB8:ACAD:13::1/64 FE80::1 link-local 192.168.20.1/24 2001:DB8:ACAD:B::2/64 FE80::2 link-local 10.10.10.2/30 2001:DB8:ACAD:12::2/64 FE80::2 link-local 10.10.10.5/30 2001:DB8:ACAD:23::1/64 FE80::2 link-local 192.168.30.1/24 2001:DB8:ACAD:C::2/64 FE80::3 link-local 10.10.10.10/30 2001:DB8:ACAD:13::2/64 FE80::3 link-local 10.10.10.6/30 2001:DB8:ACAD:23::2/64 FE80::3 link-local 192.168.10.2/24 2001:DB8:ACAD:A::A/64 192.168.20.2/24 2001:DB8:ACAD:B::B/64 192.168.30.2/24 2001:DB8:ACAD:C::C/64 Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A N/A 192.168.10.1 FE80::1 192.168.20.1 FE80::2 192.168.30.1 FE80::3 Task 1 - Configure Basic Settings on ALL devices a) Configure all initial setting of devices and activate interfaces with IP addresses. version 2020 85 Device Page Single area OSPFv2 and OSPFv3 Easy Peasy Switching and Routing Task 2 - Configure OSPFv2 for IPv4 routing Task 3 - Configure OSPFv3 for IPv6 routing a) On R1, configure OSPFv2 routing with Process ID = 5 a) Configure OSPFv3 routing on R1. for all directly connected networks. • b) Assign router ID 1.1.1.1. routing configuration process. c) For the LAN interface on R1, disable the transmission of OSPFv2 hello packets. d) On R2, configure OSPFv2 routing with Process ID = 5 • Assign 1.1.1.1 as the router ID. • Enable OSPFv3 routing on interfaces. b) Configure OSPFv3 routing on R2. for all networks, disable transmission of OSPFv2 hello • packets for the LAN interface, and assign the router ID e) On R3, configure OSPFv2 routing with Process ID = 5 for all networks, disable transmission of OSPFv2 hello Assign 5 as the Process ID to begin the OSPFv3 routing configuration process. 2.2.2.2. • Assign 2.2.2.2 as the router ID. • Enable OSPFv3 routing on interfaces. c) Configure OSPFv3 routing on R3. packets for the LAN interface, and assign the router ID • 3.3.3.3. Assign 5 as the Process ID to begin the OSPFv3 routing configuration process. Test connectivity. All PCs should be able to ping one • Assign 3.3.3.3 as the router ID. another. Verify and troubleshoot if necessary. • Enable OSPFv3 routing on interfaces. 86 d) Verify end-to-end connectivity. Page f) Assign 5 as the Process ID to begin the OSPFv3 version 2020 Easy Peasy Switching and Routing Multiarea OSPFv2 AREA 50 Task 1 - Configure Basic Settings on ALL devices a) Configure all initial setting of devices and activate interfaces with IP addresses. AREA 0 Task 2 - Configure a multi-area OSPFv2 network a) In this part, you will configure the router ID on all routers with a process ID of 101. Each router should be given the AREA 100 following router ID assignments: HQ Router ID: MYY Router ID: 1.1.1.1 2.2.2.2 SBW Router ID: 3.3.3.3 b) Implement multi-area OSPFv2 on each router. Prevent routing updates from being sent out LAN interfaces. c) Test end-to-end connectivity. Ping between each PCs Addressing Table MYY SBW ISP IPv6 Address G0/0 G0/1 S0/0/0 (DCE) S0/1/0 G0/0 S0/0/0 S0/0/1 (DCE) G0/0 G0/1 S0/0/1 192.168.10.1/24 192.168.20.1/24 10.10.10.1/30 209.165.200.2/30 192.168.30.1/24 10.10.10.2/30 10.10.10.5/30 192.168.40.1/24 192.168.50.1/24 10.10.10.6/30 S0/1/0 (DCE) 209.165.200.1/30 necessary. 87 HQ Interface Page Device should be successful. If they are not, troubleshoot as version 2020 Easy Peasy Switching and Routing Task 3 - Configure and propagate a default static route. a) Configure HQ with a directly attached default route. b) Propagate the default static route. c) Issue an appropriate command to verify the propagation of the default static route from HQ. d) Verify end-to-end connectivity by issuing a ping from each PCs to the ISP interface address – 209.165.200.1. The ping should be successful. Task 4 - Enable OSPF authentication on all serial interfaces. a) Configure MD5 authentication on the serial interfaces. Use 11 as the key and TEST2 as the key string. b) Issue appropriate command to verify that authentication Page 88 is working between each router. version 2020 Easy Peasy Switching and Routing Multiarea OSPFv3 Task 1 - Configure Basic Settings on ALL devices AREA 5 AREA 10 a) Configure all initial setting of devices and activate interfaces with IP addresses. AREA 0 Task 2 - Configure multi-area OSPFv3 routing a) Configure the OSPFv3 routing on HQ. • Assign 25 as the process ID for the OSPF process. • Assign 1.1.1.1 as the router ID. • Enable OSPFv3 routing on appropriate interface. Addressing Table Interface • Assign 25 as the process ID for the OSPF process. • Assign 2.2.2.2 as the router ID. S0/0/0 (DCE) 2001:DB8:ACAD:A1::1/64 FE80::1 link-local 2001:DB8:FEED:A::1/64 FE80::1 link-local S0/0/1 (DCE) 2001:DB8:FEED:B::1/64 FE80::1 link-local • Assign 25 as the process ID for the OSPF process. 2001:DB8:ACAD:B1::1/64 FE80::2 link-local 2001:DB8:ACAD:B2::1/64 FE80::2 link-local 2001:DB8:ACAD:B3::1/64 FE80::2 link-local 2001:DB8:FEED:B::2/64 FE80::2 link-local 2001:DB8:ACAD:C1::1/64 FE80::3 link-local 2001:DB8:ACAD:C2::1/64 FE80::3 link-local 2001:DB8:ACAD:C3::1/64 FE80::3 link-local 2001:DB8:FEED:A::2/64 FE80::3 link-local • Assign 3.3.3.3 as the router ID. G0/0 G0/1 JHR G0/2 S0/0/1 G0/0 G0/1 PNG G0/2 S0/0/0 • Enable OSPFv3 routing on appropriate interface. c) Configure the OSPFv3 routing on PNG. • Enable OSPFv3 routing on appropriate interface. d) Verify end-to-end connectivity. Each PC should be able to ping the other PCs. 89 G0/0 HQ IPv6 Address Page Device b) Configure the OSPFv3 routing on JHR. version 2020 Easy Peasy Switching and Routing VLAN and inter-VLAN Task 1 - Configure Basic Settings on ALL devices a) Configure all initial setting of devices and activate interfaces with IP addresses. Task 2 – Implement inter-VLAN routing a) Assign IP addressing to KCH and SW-A. b) Create, name and assign VLANs on SW-A based on the VLAN and Port Assignments Table. Ports should be in access mode. VLAN and Port Assignments Table SW-A HQ PC-A PC-B PC-C Server Status G0/0 Trunk c) Configure SW-A to trunk, allow only VLANs in the VLAN Name / IP Address Subnet Mask G0/1.10 172.17.10.1 255.255.255.0 G0/1.20 G0/1.30 G0/1.99 S0/0/0 Fa0/5 Fa0/10 Fa0/11 Fa0/15 Fa0/16 Fa0/20 Fa0/24 Other ports S0/0/0 (DCE) G0/0 NIC NIC NIC NIC 172.17.20.1 172.17.30.1 172.17.99.1 10.10.10.2 Guest 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.252 VLAN 10 (Access) VLAN 20 (Access) VLAN 20 (Access) Trunk VLAN 99 and Port Assignments Table. d) All ports not assigned to a VLAN should be disabled. e) Configure the default gateway on SW-A. f) Configure inter-VLAN routing on KCH based on the Addressing Table. g) Verify connectivity. All PCs should be able to ping each Student other. Teacher Task 3 – Implement static routing Mgmt / 172.17.99.10 255.255.255.0 a) Configure default static route from KCH to HQ. 10.10.10.1 255.255.255.252 b) Configure static route from HQ to all VLAN. 192.168.1.1 172.17.10.11 172.17.20.22 172.17.30.33 192.168.1.2 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 90 KCH Interface / Port Page Device version 2020 Easy Peasy Switching and Routing Configuring Router as DHCP Server Task 1 - Configure Basic Settings on ALL devices a) Configure all initial setting of devices and activate interfaces with IP addresses. Task 2 – Configuring DHCP a) Configure dynamic, default and static routing on the routers: ▪ Configure RIPv2 for LAN on SBW. ▪ Configure RIPv2 for LAN on KCH (exclude ISP LAN). ▪ Configure default route on KCH going to the ISP. ▪ Configure a directly connected static route on ISP to reach ALL networks on the SBW and KCH routers. Addressing Table KCH ISP PC-A PC-B PC-C PC-D IP Address Subnet Mask Default Gateway G0/0 G0/1 S0/0/0 S0/0/0 (DCE) S0/0/1 S0/0/1 (DCE) NIC NIC NIC NIC 192.168.10.1 192.168.11.1 192.168.2.1 255.255.255.0 255.255.255.0 255.255.255.252 N/A N/A N/A 192.168.2.2 255.255.255.252 N/A 209.165.200.226 255.255.255.224 N/A 209.165.200.225 255.255.255.224 N/A DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP c) Configure DHCPv4 server settings on KCH: ▪ Exclude the first 9 addresses in each SBW LAN starting with .1 ▪ All other addresses should be available in the DHCP address pool. Make sure that each DHCP address pool includes a default gateway, the domain jtmk.com, a DNS server (209.165.200.225) d) Configure SBW as a DHCP relay agent. e) Verify ALL PCs receive their IP dynamically. 91 SBW Interface Page Device b) Verify network connectivity between routers. version 2020 Easy Peasy Switching and Routing Access Control Lists (ACLs) Task 1 - Configure Basic Settings on ALL devices a) Configure all initial setting of devices and activate interfaces with IP addresses. Task 2 – Configuring standard ACL a) Configure, apply & verify a numbered standard ACL: Create a standard numbered ACL that allows traffic from all hosts on 192.168.10.0/24 network and all hosts on 192.168.20.0/24 network to access all hosts on the 192.168.30.0/24. b) Test the ACL: ▪ From PC-A command prompt, ping PC-C IP address. Were the pings successful? _______ ▪ From PC-B, ping PC-C IP address. Were the pings successful? _________ ▪ From MYY prompt, ping PC-C IP address. Was the ping successful? ___________________ Addressing Table Device Interface IP Address MYY G0/0 G0/1 S0/0/0 S0/0/0 (DCE) S0/0/1 (DCE) Lo99 G0/0 G0/1 S0/0/1 VLAN 1 VLAN 1 VLAN 1 VLAN 1 NIC NIC NIC NIC 192.168.10.1/24 192.168.20.1/24 10.1.1.1/30 SW-A SW-B SW-C SW-D PC-A PC-B PC-C PC-D 10.2.2.2/30 209.165.200.225/27 192.168.30.1/24 192.168.40.1/24 10.2.2.1/30 192.168.10.11/24 192.168.20.11/24 192.168.30.11/24 192.168.40.11/24 192.168.10.5/24 192.168.20.5/24 192.168.30.5/24 192.168.40.5/24 92 BTU 10.1.1.2/30 Page ISP version 2020 Easy Peasy Switching and Routing Task 3 – Configuring extended ACL a) Configure, apply & verify a numbered extended ACL: Create an extended ACL that conforms to the following policy: (a) allow traffic from all hosts on the 192.168.40.0/24 network access to all hosts on the 192.168.10.0/24network. (b) b) (b) allow PC-C access the 192.168.10.0/24 network. Test the ACL: ▪ From PC-C command prompt, ping PC-A IP address. Were the pings successful? _____ ▪ Test the ACL to ensure only PC-C is allowed access to 192.168.10.0/24 network. From BTU prompt, do an extended ping and use the G0/1 address on BTU as your source. Ping PC-A IP address. Were the pings successful? _____ From PC-D command prompt, pings PC-A IP address. Were the pings successful? _____ Page c) 93 BTU#ping Protocol [ip]: Target IP address: 192.168.10.5 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 192.168.30.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: version 2020 Easy Peasy Switching and Routing PPP encapsulation Task 1 - Configure Basic Settings on ALL devices a) Configure all initial setting of devices and activate interfaces with IP addresses. Task 2 – Configuring PPP Encapsulation Branch1 HQ Branch3 ISP PC-A PC-C Interface IP Address Subnet Mask Default Gateway G0/1 S0/0/0 S0/0/0 (DCE) S0/0/1 (DCE) S0/1/0 G0/1 S0/0/1 S0/1/0 (DCE) NIC NIC 192.168.1.1 10.1.1.1 255.255.255.0 255.255.255.252 N/A N/A 10.1.1.2 255.255.255.252 N/A 10.2.2.2 255.255.255.252 N/A 209.165.200.225 192.168.3.1 10.2.2.1 255.255.255.224 255.255.255.0 255.255.255.252 N/A N/A N/A 209.165.200.226 255.255.255.224 N/A 192.168.1.3 192.168.3.3 255.255.255.0 255.255.255.0 192.168.1.1 192.168.3.1 b) Issue the encapsulation ppp command on interface S0/0/0 for the Central router to correct the serial encapsulation mismatch. Task 3 – Configuring PPP CHAP Authentication a) Configure a username for CHAP authentication for both Central and Branch3 router. b) Issue the debug ppp commands on the Branch3 router to observe the process, which is associated with authentication. c) Configure the interface S0/0/1 on Branch3 for CHAP authentication. d) Configure CHAP authentication on S0/0/1 on the Central router. e) Observe the debug PPP messages relating to CHAP authentication on the Central router. f) Issue the undebug all command on all routers to turn off debugging. g) Verify end-to-end connectivity. version 2020 94 Device Issue the encapsulation ppp command on the S0/0/0 interface for the Branch1 router to change the encapsulation from HDLC to PPP. Page Addressing Table a) Easy Peasy Switching and Routing Configuring VPN with GRE tunneling Task 1 - Configure Basic Settings on ALL devices a) Configure all initial setting of devices and activate interfaces with IP addresses. Task 2 – Configure GRE Tunnel a) Configure the tunnel interface on the BranchA router. Use S0/0/0 on BranchA as the tunnel source interface and 10.2.2.1 as the tunnel destination on the BranchB router. b) Configure the tunnel interface on the BranchB router. Use S0/0/1 on BranchB as the tunnel source interface and 10.1.1.1 as the tunnel destination on the BranchA router. c) Verify the status of the tunnel interface on the BranchA and BranchB routers. Configure OSPF process ID 1 using area 0 on the BranchA router for the 172.16.1.0/24 and 172.16.12.0/24 networks. d) Configure OSPF process ID 1 using area 0 on the BranchB router for the 172.16.2.0/24 and 172.16.12.0/24 networks. e) Verify OSPF routing. Addressing Table Device BranchA ISP BranchB PC-A PC-C Interface IP Address Subnet Mask Default Gateway G0/1 S0/0/0 (DCE) Tunnel0 S0/0/0 S0/0/1 (DCE) G0/1 S0/0/1 Tunnel0 NIC NIC 172.16.1.1 255.255.255.0 N/A 10.1.1.1 172.16.12.1 10.1.1.2 255.255.255.252 255.255.255.252 255.255.255.252 N/A N/A N/A 10.2.2.2 172.16.2.1 10.2.2.1 172.16.12.2 172.16.1.3 172.16.2.3 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.0 N/A N/A N/A N/A 172.16.1.1 172.16.2.1 version 2020 Page c) 95 Task 3 – Enable Routing over the GRE Tunnel Term ABR Access Control Lists (ACLs) Access layer Access link Access method Access point ACK Active topology Adaptive cutthrough Address Address mask Definition Area Border Router – Routing device that connects one or more OSPF areas to a backbone network. An ABR maintains routing tables for the backbone and the attached areas of an OSPF. List kept by a network device such as a router, to manage access to or from the router for a number of services. For example, ACL can be used to prevent packets with a certain IP address or protocol from leaving a particular interface on the router. The first point of entry into the network for all hosts. The access layer provides a physical connection to the network as well as authentication and traffic control. A component of the 3-layer network design approach that also includes a distribution layer and a core layer. The access layer provides entry to the network closest to end users. Connection between a DTE, such as a router to the nearest point-of-presence of a service provider through a DCE, such as a modem in a Frame Relay network. A set of rules used by LAN hardware to direct traffic on the network. It determines which host or device uses the LAN next. Wireless LAN transmitter/receiver that acts as a connection between wireless clients and wired networks Acknowledgement. A transmission control character (or transmission frame) that confirms a transmitted message was received uncorrupted or without errors or that the receiving station is ready to accept transmission. RSTP network design that transition ports to the forwarding state if they are not discarding or are blocked. Type of switching when the flow reverts back to fast-forward mode when the number of errors drops below the threshold value to an acceptable level. Data structure used to identify a unique identity, such as a particular process or network device. An IP address is a string of characters assigned by an administrator. A MAC address is burned into a Adjacency / adjacencies Administrative Distance (AD) Adware Advanced replacement Advertised Distance (AD) Advertisement requests version 2020 Advertising AES Aging time Authentication Header (AH) AGP Algorithm AIM device and cannot be changed. Bit combination used to identify the part of an address that refers to the network or subnet, and the part that refers to the host. Relationship between neighboring routers and end nodes for the purpose of exchanging routing information. Adjacency is based on the use of a common media segment. Rating of trustworthiness of a routing information source. For a Cisco router, an administrative distance is expressed as a numerical value between 0 and 255. The higher the value, the lower the trustworthiness rating. A software program that once installed, automatically displays advertising material on a computer. Part of a SMARTnet agreement offered as part of a customer service enhancement. Distance that is broadcast by an upstream neighbor. VLAN information that a VTP client requires if the switch has been reset or the VTP domain name has been changed Router process in which routing or service updates containing lists of usable routes are sent at specified intervals to routers on the network. Advanced Encryption Standard. A symmetric 128bit block cipher that replaces DES as the U.S. government’s cryptographic standard. The algorithm must be used with key sizes of 128 bits, 192 bits, or 256 bits, depending on the application security requirement. Period of time in which an entry must be used before a switch deletes it from the MAC address table. Security protocol that provides data authentication and optional anti-replay services. AH is embedded in the data to be protected. Accelerated Graphics Port. Dedicated high-speed bus that supports the high demands of graphical software. This slot reserved for video cards only. Well-defined rule or mathematical process for solving a problem. In networking, an algorithm is commonly used to determine the best route for traffic from a source to a destination. AOL instant messenger. Instant message service that supports text chat, photo sharing, online gaming, and PC to PC voice using OSCAR instant Page Glossary 96 Easy Peasy Switching and Routing Anycast Access Point (AP) Apache web server Application Application characterization Application layer area Area 0 Area ID message protocol and the TOC protocol. Advanced Interactive eXecutive. An operating system based on UNIX. Recent version of AIX can support up to 64 central processing units and two terabytes of random-access memory. AIX is a proprietary operating system developed by IBM. Type of IPv6 network addressing and routing scheme where data is routed to a destination considered to be the best or closest by the routing topology. An anycast address is formatted the same as an IPv6 global unicast address. Access layer device that connects to a wired network and relays data between wireless and wired devices. An AP connects wireless communication devices to form a wireless network to allow roaming. A public-domain, open-source web server for UNIX-type of systems, Microsoft Windows, Novell NetWare and other operating systems. A software program designed to perform a specific task or group of tasks. Information about network bandwidth usage and response times of an application. Some of the considerations for application characterization include how the application works and interacts on a network, and the technical requirements. Layer seven of the OSI model. It interfaces directly to user and performs common application services for the application processes. Provides services to application processes such as email, file transfer, and terminal emulation that are outside of the OSI Reference Model. It identifies and establishes the availability of intended communication partners and the resources required to connect with them, synchronizes cooperating applications and establishes agreement on procedures for error recovery and control of data integrity. It also requests to the presentation layer (sixth layer). Logical set of either CLNS-, DECnet-, or OSPFbased network segments, and all attached devices. Areas are usually connected through routers, creating a single autonomous system. Also known as Backbone area. Area at the beginning of an OSPF network. An OSPF network must have at least one area, which is area 0. As the network expands, others areas are created adjacent to Area 0. Identification of the OSPF area to which the Autonomous System (AS) ASA firewall ASBR As-built ASIC ASCII asymmetric Asynchronous ATM Atomic transaction version 2020 Attenuation network belongs. Collection of networks under a common administration sharing a common routing strategy. Autonomous systems are subdivided by areas. An autonomous system must be assigned a unique 16-bit number by the IANA. Cisco Adaptive Security Appliance. Hardware device that integrates firewall, Unified Communications security, SSL and IPsec VPN, IPS and content security services. Autonomous System Boundary Router. ASBR located between an OSPF autonomous system and a non-OSPF network. An ASBR runs the OSPF routing protocol and another routing protocol, such as RIP. An ASBR must reside in a nonstub OSPF area. Diagram that shows the original design and any changes that have been made to a network topology. Application-specific Integrated Circuit. A circuit that gives precise instructions for the functionality of a device during Layer 3 switching. American Standard Code for information interchange. 8-bit code for character representation (7 bits plus parity). Each letter of the alphabet is assigned a number from 0 to 127. When one function on a network takes a greater length of time than the reverse function. An example of an asymmetric function is the compression and decompression of data. Without respect to time. In terms of data transmission, asynchronous means that no clock or timing source is need to keep both the sender and the receiver synchronized. Asynchronous Transfer Mode. International standard for the cell relay of service types, such as voice, video or data. In ATM, the services are conveyed in fixed-length, 53-byte cells. Fixedlength cells reduce transit delays because cell processing occurs in the hardware. ATM is designed for high-speed transmission media such as E3, SONET and T3. Process that guarantees that either all or none of the tasks of a transaction are performed in a database system. An atomic transaction is void if it is not fully processed. The reduction of signal energy during transmission. Page AIX 97 Easy Peasy Switching and Routing Authentication server Authority zone Auto mode Automatic Update AutoQoS Availability Backside bus Backup Banner motd Bandwidth Baseband A process implemented on a network to verify the identity of a user. Security measure designed to control access to network resources by verifying the identity of a person or process. Server that controls the frequency and timing of challenges to prevent attacks on a network. Section of the domain-name tree for which one name server is the authority. Authority zone is associated with DNS. Designation of a port on a device as a trunk port if the other end is set to either trunk or desirable mode. A software update service for Microsoft Windows operating systems located on the Microsoft website. The types of software updates available include critical system component updates, service packs, security fixes, patches, and free upgrades to Windows components. The Automatic Update service automatically detects the type of existing hardware. Feature that automates consistent deployment of QoS features across Cisco routers and switches to ensure high-quality application performance by configuring devices with QoS features and variables that are based on Cisco best-practice recommendations. A user is able to adjust parameters that are generated by AutoQoS. Condition of accessibility. A bus within the central processing unit (CPU) that connects the CPU with the L2 cache using a dualbus architecture. The CPU determines the speed of the backside bus. A copy of data saved onto storage media for the purpose of restoring the data and computer operations in case of data loss. Types of backup include full, incremental, and differential. A backup should be physically removed from the source data. banner motd is a command used to configure a message of the day, or motd. The message is displayed at lohin. A banner motd is useful for conveying messages, such as an impending system shutdown, that affects all network users. Rated throuhput capacity of a given network medium or protocol. Bandwidth is the difference between the highest and lowest frequencies available for network signals. Characteristic of a network technology where only version 2020 Baseline Binary Binary digit BIOS Bit BGP Blade Blaster worm Blog Bluetooth Blu-ray disc Boot sector Botnet Bots one carrier is used. Ethernet is an example of a baseband network. Also called narrowband. A quantitative expression of planned costs, schedules and technical requirements for a defined project. A baseline is established to describe the ‘normal’ status of network or computer performance. The status can then be compared with the baseline at any point to measure the variation from the ‘normal’ operation condition. Digital signals that are typically expressed as 1 or 0. A digit with only 1 or 0 as possible values. 1 = on and 0 = off. Basic Input/Output System. Program stored in a ROM chip in the computer motherboard that provides the basic code to control the computer’s hardware and to perform diagnostics on it. The BIOS prepares the computer to load the operating system. The smallest unit of data in a computer. A bit can take the value of either 1 or 0. A bit is the binary format in which data is processed by computers. A bit is also known as a binary digit. Border Gateway Protocol. Routing standard used to connect ISP to and from the Internet. Also known as exterior gateway protocol. A server component or an individual port card that can be added to a network router or switch for additional connectivity. Also known as Lovsan or Lovesan. A DoS worm that spread during August 2003 on computers running the Microsoft operating system Windows 2000/XP. Q webpage that serves as a publicly accessible personal journal for an individual. Wireless industry standard that uses an unlicensed radio frequency for short-range communication enabling portable devices to communicate over short distances. A high-density optical disc format used to store digital media such as high-definition video. A sector of a data storage device typically the hard drive that contains code for booting the operating system when starting the computer. Refers to any group of bots. Typically, a collection of compromised machines that distribute worms. Trojan horses, or backdoor viruses. Software applications that run simple and Page Authentication 98 Easy Peasy Switching and Routing Bounded update bps Broadcast Broadcast domain Broadcast MAC address Browser Brute force attack BSS Business software byte Cable modem Cache Cache memory repetitive tasks over the internet. A troubleshooting technique in a layered concept of networking that starts with the physical or lowest layer and works up. Feature associated with a link-state routing protocol, such as EIGRP. A bounded uodate contains specific parameters and is delivered only to routers that require the information. bits per second. A unit measure used to express data transfer rate of bits. A method for sending data packets to all devices on a network. Broadcasts are identified by a broadcast address and rely on routers to keep broadcasts from being sent to other networks. Devices within a group that receive the same broadcast frame originating from one of the devices. Broadcast domains are typically bounded by routers because routers do not forward broadcast frames. Hardware address reserved for frames that are intended for all hosts on a local network segment. Generally, a broadcast address is a MAC destination address of all ones. A broadcast MAC address has the hexadecimal form of FF.FF.FF.FF.FF.FF A GUI-based hypertext client application used to access hypertext documents and other services located on innumerable remote servers throughout the WWW and Internet. A method used to gain access to a network or decrypt a message by systematically entering all possible combinations. Basic Service Set. A group of 802.11 devices connected to an access point. An application designed for use in specific industries or market. A unit of measure that describes the size of a data file, the amount of space on a disk or other storage medium, or the amount of data being sent over a network. One byte consists of eight bits of data. Hardware that connects a computer to the cable company network through the same coaxial cabling that feeds cable TV (CATV) signals to a television set. Act of storing data, or the location of stored data. A block of memory in the data storage area that provides the system high-speed access to the data. version 2020 CAD CD CD-R CD-ROM drive CD-RW Cell phone CHAP Checksum Chipset Circuit Class A Class B Class C Class D Computer-aided Design. Application used for creating architectural, electrical, and mechanical design. More complex forms of CAD allow object to be created with real-world characteristics. Compact disc. Optical storage media for audio and data. Compact disc-recordable. Optical media that allows data to be recorded but not modified. Compact disc read only-memory. A storage device that reads information that is stored on a compact disc (CD). Compact disk-rewritable. Optical storage media that allows data to be recorded and modified. A portable device that uses wireless communication methods to access a telephone network. Challenge Handshake Authentication Protocol. Security feature supported on lines that use PPP encapsulation to prevent unauthorized access by identifying the remote user. CHAP is a three-way handshake with encryption and enables the route or access server to determine whether a user is allowed access. Method for checking the integrity of transmitted data. A checksum is an integer value computed from a sequence of octets taken through a series of arithmetic operations. The value is recomputed at the receiving end and compared for verification. Integrated circuits on a motherboard that enables the CPU to communicate with the other components of the computer. The communication path between two or more points that a current or data transmission follows. A Class A address has four octets. The first octet is between 1 and 26. The other three octets are used for host addressing. A Class A network can have 16,777,214 hosts. A Class B address has four octets. The first octet is between 128 and 191. The first two octets are used to identify the network. The last two octets are used for host addressing. A Class B network can have 16,384 networks and 65,384 hosts. A Class C address has four octets. The first octet is between 192 and 223. The first three octets identify the network. The last octet is used for host addressing. A Class C network can have 2,097,152 networks and 254 hosts. A Class D address has four octets. The first octet is Page Bottom up 99 Easy Peasy Switching and Routing Classful addressing CLI Client Cloud CMTS cost Collaboration suite Collision Collision domain Command.com Computer Computer name Connection-oriented Content filtering Continuity Controller card Converged network version 2020 Convergence Core layer CPE CPU Cracker CSMA/CA CSMA/CD CTS instructions and perform calculations based on those instructions. Identity of an end-user computer on a wired or wireless network. Protocol to establish an end-to-end connection before data is sent so that data arrives in the proper sequence. Blocking specific types of web content using content-control or spam blocking solutions. The state or quality of being continuous or unbroken. End-to-end continuity tests on cable media can verify that there are no opens or shorts. A board, such as a SCSI controller card, that interfaces between the motherboard and a peripheral. A network capable of carrying voice, video and digital data. The speed and ability of a group of internetworking devices running a specific routing protocol to agree on the topology of an internetwork after a change in that topology. One of three basic layers in the hierarchical design of Ethernet networks. The Core Layer is a highspeed backbone layer designed to move large amounts of data quickly. High-speed switches or routers are examples of Core Layer devices. Customer premises equipment. Terminating equipment, such as terminals, telephones, and modems, supplied by the telephone company, installed at customer sites, and connected to the telephone company network. Central processing unit. Interprets and processes software instructions and data. Located on the motherboard, the CPU is a chip contained on a single integrated circuit called the microprocessor. The CPU contais two basic components, a control unit and an Arithmetic/Logic Unit (ALU). Term used to describe a person who creates or modifies computer software with the intent to cause harm. Carrier sense multiple access with collision avoidance. The basic medium access method for 802.11 wireless networks. Carrier sense multiple access with collision detection. The basic access method for Ethernet networks. Clear to send. Along with request to send (RTS), is used by the 802.11 wireless networking protocol Page Class E between 224 and 239. Class D is used for multitasking. A Class E address has four octets. The first octet is between 240 and 255. Class E IP addressing is reserved. The division of IP addresses into five classes: A, B, C, D, and E. There is a fixed number of networks and hosts associated with each class. Command line interface. User interface to a computer operating system or application. A network device that participates in a client/server relationship by requesting a service from a server. When a computer is used to access the Internet, the computer is the client and the website is the service requested from the server. A symbol that refers to connections in service provider networks. Cable modem termination system. A component located at the local cable television company that exchanges digital signals with cable modems on a cable network. Value, typically based on hop count, media bandwidth, or other measures, that is assigned by a network administrator and used to compare various paths through internetwork environment. Costs are used by routing protocols to determine the most favorable path to a particular destination. The lower the cost, the better the path. Also known as path cost. Application designed to allow the sharing of resources and information within and between organizations. In Ethernet, the result of two or more devices transmitting simultaneously. The frames from each device impact and are damaged when they meet on the physical media. All computer networks require a mechanism to prevent collisions or to recover quickly when collisions occur. In Ethernet, the network area where data that is being transmitted simultaneously from two or more computers could collide. Repeaters and hubs propagate collisions, LAN switches, bridges and routers do not. Command line interpreter for DOS and 16/32 bits version of Windows (95/98/98 SE/ME). It is the first program run after boot and sets up the system by running the autoexec.bat configuration file. Electrical machine that can execute a list of 100 Easy Peasy Switching and Routing Data communication Data link layer Data loss Database Datagram DCE Dead interval DDos de facto standard Decode Default route Default gateway version 2020 Demilitarized zone (DMZ) Desktop computer Destination host DHCP DHCP acknowledgement DHCP binding DHCP client table DHCP discovery DHCP offer DHCP pool DHCP range DHCP request Describes the area in a network design that is located between the internal network and external network, usually the Internet. It is used for devices accessible to Internet traffic such as web server, FTP server, SMTP server and DNS. Type of computer designed to fit on top of a desk, usually with the monitor on top of the computer to conserve space. The computer or other network device that receives data. Dynamic Host Configuration Protocol requests and assign an IP address, default gateway and DNS server address to a network host. Dynamic Host Configuration Protocol acknowledgment. DHCP is a software utility that automatically assigns IP addresses in a large network. A server sends a DHCP acknowledgement back to the client when it received a DHCPREQUEST form the client. Dynamic Host Configuration Protocol binding. DHCP is a software utility that automatically assigns IP addresses in a large network. A DHCP binding occurs when an IP address is assigned to a client. The client leases the IP address until the connection is ended. Dynamic Host Configuration Protocol client table. DHCP is a software utility that automatically assigns IP addresses in a large network. A DHCP client table is located on the HDCP server and records the assigned IP addresses, MAC addresses and the amount of time an address is leased. Dynamic Host Configuration Protocol discovery. A packet sent out by the client on a local physical subnet to find available servers. Dynamic Host Configuration Protocol offer. A packet sent out by the client requesting an extension on the lease of the IP address. This is done by reversing an IP address for the client and broadcasting a DHCPOFFER message across the network. Dynamic Host Configuration Protocol pool. Reserved sets of IP addresses stored on a DHCP server to be dynamically assigned to clients. Dynamic Host Configuration Protocol range. A contiguous list of IP addresses in a DHCP pool. Dynamic Host Configuration Protocol request. When the client computer accesses the network, a DHCP packet is sent out by the client requesting a Page cuteFTP to reduce frame collisions introduced by the hidden terminal problem and exposed node problem. Series of FTP client applications providing a simple file transfer interface for Windows-based or Macbased systems. The transfer of encoded information through devices and connections using an electrical transmission system Layer two of the OSI model. It responds to service requests from the network layer and issues service requests to the physical layer A state where information is unavailable permanently Organized collection of data that can be easily accessed, managed, indexed, searched and updated Logical grouping of information sent as a network layer unit over a transmission medium without prior establishment of a virtual circuit. IP datagrams are the primary information units in the Internet. Data communications equipment. Physical connection to a communications network in an EIA expansion environment. The DCE forwards traffic, and provides a clocking signal used to synchronize data transmission between DCE and DTE devices. Example include modem and interface card. Also known as data circuit-terminating equipment when used in an ITU-T expansion environment. Period of time, in seconds, that a router will wait to hear a Hello from a neighbor before declaring the neighbor down. Distributed denial of service. An attack by multiple systems on a network that floods the bandwidth or resources of the targeted system, such as web server, with the purpose to shut it down Format, language, or protocol that becomes a standard because it is widely used. de jure standard, in contrast is one that exists because of approval by an official standards body To transform encoded information that is readable to a program or a user Path of a packet on a network used by default, or as the gateway of last resort, when the destination hosts are not listed in the routing table. The route taken so that a computer on one segment can communicate with a computer on another segment. 101 Easy Peasy Switching and Routing Dial-up Digital DIP switch Disk storage Distance vector Distance vector protocol Distance vector routing algorithm Distribution system Divide and conquer DNS Docking station DoS Dotted decimal notation lease if necessary. Dynamic Host Configuration Protocol (DHCP) is a set of rules for dynamically assigning IP addresses to devices on a network. A DHCP server manages and assigns the IP addresses and ensures that all IP addresses are unique. A form of Internet access using a modem and the public telephone system to dial into an Internet service provider network to establish a connection. A discontinuous signal that changes from one state to another. Also, a data format that uses at least two distinct states to transmit information. Dual in-line package switch. An electrical switch for a dual in-line package used on a printed circuit board. Space on a hard disk or magnetic storage media disk to store data. Types of routing protocol that periodically informs directly-connected routers of changes on the network. Type od standards that uses distance to select the best path. Examples include RIP, IGRP, EIGRP. Mathematical process that uses the number of hops in a route to find the shortest path to a destination. Distance vector routing algorithms call for each router to send its entire routing table in each update, but only to its neighbors. Can be prone to routing loops, but are computationally simpler than link-state routing algorithms. A network that interconnects multiple BSSs to form an ESS in a wireless LAN. In most part, a distribution system is a wired Ethernet network. A troubleshooting technique in a layered concept of networking that can start at any layer and work up or down depending on the outcome. Domain Name System. System that provides a way to map friendly host names, or URLs, to IP addresses. Device that attaches a laptop to AC power and desktop peripherals. Denial of Service. An attack by a single system on a network that floods the bandwidth or resources of the targeted system, such as a web server, with the purpose to shut it down. A method of common notation for IP addresses in the form of a.b.c.d where each number represents, in decimal, 1 byte of the 4-byte IP address. Also called dot address version 2020 dot1q Driver DSL DSLAM Dual core CPU DVD DVD-R DVD-RW Dynamic and/or Private Ports EAP EIA EGP EIGRP e-learning Standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Specialized software that interprets the output of a device so it can be understood by other devices. Digital Subscriber Line. Public network technology that delivers high bandwidth over conventional copper wiring at limited distances. Always-on technology that allows users to connect to the Internet. Digital Subscriber Line Access Multiplexer. A device that allows two or more data sources to share a common transmission medium. DSLAM separates DSL phone and data signals and directs them into networks. Two cores inside a single CPU chip. Both cores can be used together to increase speed, or they can be used in two locations at the same time. Digital Video Disc. Optical digital disc that stores data. Also called digital versatile disc. Digital Video Disc-recordable. Technology that allows a DVD to be written to once. Digital Video Disc-recordable. Technology that allows the media to be recorded multiple times. TCP or UDP ports in the range 49152-65535 that are not used by any defined application. Extensible Authentication Protocol. An authentication framework, not a specific authentication mechanism. Most commonly used in wireless LANs, EAP provides common functions and a negotiation of the desired authentication mechanism. Electronic Industries Alliance. A trade association that establishes standards for electrical and electronics products. Exterior Gateway Protocol. Standards for exchanging routing information between autonomous systems. Replace by BGP. Enhanced Interior Gateway Routing Protocol. Cisco proprietary routing protocol that combines distance vector routing protocol standards and link-state routing protocol standards. EIGRP uses the DUAL algorithm to determine routing. Also known as Enhanced IGRP. Type of educational instruction using electronic Page DHCP server 102 Easy Peasy Switching and Routing Email EMI Encryption ESD ESS Ethernet cross-over cable Expansion slot Extended ACL Ext2 Ext3 Extranet FAT version 2020 FDD FEXT FHRP Fiber optics File system Firewall Firmware Flash storage Frame Frontside bus FTP Full duplex the location of every directory, subdirectory, and file on the hard drive. FAT is stored in track 0 on the hard drive. Floppy Disk Drive. Device that spins a magnetically coated floppy disk to read data from and write data to it. Far End cross(X) Talk. A measurement of crosstalk between pairs or wires used when testing Category 5E or Category 6 cabling. FEXT is measured at the receiving end of the cable. First Hop Routing Protocol. Standard designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address; in the event of failure of an active router, the backup router will take over the address. The transmission of light pulses containing data along glass or plastic wire or fiber. Optical fiber carries more information than conventional copper wire and is less susceptible to electromagnetic interference. A method used by the operating system to store and organize files. Types of file systems include FAT32, NTFS, HPPS, ext2 and ext3. A device or application installed on a network to protect it from unauthorized users and malicious attack. Software embedded in a hardware device typically provided on flash ROMs or as binary image file that can be uploaded onto existing hardware by a user. A portable memory hard drive used to store and transport data. Flash storage devices typically have a USB interface and are small, lightweight, removable and rewritable. Logical grouping of information sent over a transmission medium as a data link layer unit. Often refers to the header and trailer, used for synchronization and error control, that surround the user data contained in the unit. A bi-directional bus that carries electronic signals between the central processing unit (CPU) and other devices, such as RAM and hard disks. File Transfer Protocol. Application protocol that is part of the TCP/IP protocol stack, used for transferring files between network devices. Data transmission that can go two ways at the same time. An Internet connection using DSL service is an example of full duplex. Page Electromagnetic wave delivery methods such as CD-ROMs, video conferencing, websites, and e-mail. A self-propagating wave in space with electric and magnetic components classified in order of increasing frequency, radio waves, terahertz radiation, infrared radiation, visible light, ultraviolet radiation, x-rays and gamma-rays. Ability for users to communicate over a computer network. The exchange of computer-stored messages by network communication. Electromagnetic Interference. Interference by electromagnetic signals that can cause reduces data integrity and increased error rates on transmission channels. The application of a specific algorithm to data so as to alter the appearance of the data making it incomprehensible to those who are not authorized to see the information. Electronic Discharge. Discharge of static electricity from one conductor to another conductor of a different potential. Extended Service Set. A collection of BSSs that communicate with one another through the distribution system (usually the wired Ethernet port on an access point). Network cable with transmit and receive wire pairs that are crossed. The cross-over design allows similar devices, such as switch-to-switch to communicate. Location in a computer where a PC card can be inserted to add capabilities, such as memory or device support to the computer. Type of access control list that filters source IP addresses, destination IP addresses, MAC addresses, protocol and port numbers. Extended ACL can IDed as 100-199 and 2000-2699. Second extended file system. File system for Linux kernel designed to reduce internal fragmentation and minimize searching by dividing the space into blocks. Third extended file system. A journaled file system for the Linux operating system. Network designed to provide access to specific information or operations of an organization to suppliers, vendors, partners, customers, or other business. File Allocation Table. A table of records that the operation system uses to store information about 103 Easy Peasy Switching and Routing Gateway of Last Resort GB General use software GHz GLBP GNU GPL GRE GUI Hacker Half duplex Handheld Hard disk Hardware Powerful computers with higher quality displays used for the purpose of playing video games designed for a particular operating system. Final stop on a route within an enterprise for packets that cannot be matched. Information about the packets appears in the routing tables of all routers. Gigabyte. 1,073,71,824 or approximately 1 billion bytes. An application that is found on most home computers or business computers, such as Microsoft Word. Gigahertz. Common measurement of a processor equal to one billion cycles per second. Gateway Load Balancing Protocol. Provides redundancy like other First Hop Redundancy Protocol, also provides load Balancing. It is a Cisco proprietary protocol which can perform both functions. It provides load Balancing over multiple routers using single virtual IP address and multiple virtual Mac address An operating system that functions using only free software. General Public License. A license for free and opensource operating system software. In contrast to commercial operating system software such as Windows 10, a GPL allows the operating system software such as Linux and BSD to be modified. Also called GNU General Public License. Generic Routing Encapsulation. Cisco tunneling protocol used to encapsulate different protocols into a standard Internet protocol for transmission. Graphical User Interface. User friendly interface that uses graphical images and widgets, along with text to indicate the information and actions available to a user when interacting with a computer. Term used to describe a person who creates or modifies computer software or hardware with the intent to test network security or to cause harm. Data transmission that can go two ways, but not at the same time. Telephones and two-way radios are examples of half duplex. Small computing device with input and output capabilities, such as a touch screen or miniature keyboard and display screen. Primary storage medium on a computer. Physical electronic components that make up a Hardware platform version 2020 HDLC Header Hello interval Hello packet Hello protocol Hexadecimal Horizontal application Host Hot-swappable Hold time Holddown timer Hop Hop count computer system. Computer hardware components that use the same unique binary-coded machine language to communicate. High-level Data Link Control. Bit-oriented synchronous Data Link Layer protocol developed by ISO. HDLC specifies a data encapsulation method on synchronous serial links using frame characters and checksum. Control information placed before data when encapsulating that data for network transmission. Period of time, in seconds, that a router keeps a Hello packet from a neighbor. Packet that is multicast to detect devices on a network and to test the connections. A hello packets is used by a router to determine the best connection available. Standard used by OSPF systems for establishing and maintaining neighbor relationships. The Hello Protocol is an interior protocol that uses a routing metric based on the length of time it takes a packet to make the trip between the source and destination. Using a base 16 number system, a number representation using the digits 0 through 9, with their usual meaning, plus the letters A through F to represent hexadecimal digits with values of 10 to 15. The right-most digits count ones, the next counts multiples of 16, the 16^2=256, etc. Software that can be used across a broad range of the market, such as an office suite. A device that directly participates in network communication. A host can use network resources that are available and/or provide network resources to other hosts on the network. The ability to remove, replace and add peripherals while a system is running. Length of time that a router treats a neighbor as reachable. Placing a router in a state that will neither advertise nor accept routes for a specific length of time, called the holddown period. Holddown is used to remove bad information about a route from all routers in the network. A route typically placed in holddown when a link in that route fails. Transfer of a data packet between two network devices, such as routers. Routing metric that tracks thenumber of legs that Page Gaming device 104 Easy Peasy Switching and Routing HP-UX HSRP HTML HTTP HTTP cookie Hub Hz IANA IBSS Identity theft IDS IE version 2020 IEEE IGP IIS IMAP Impedance Infrared Infrastructure wireless network Input device Instant messaging Integrated application Integrated service router Interface developed by Microsoft. Institute of Electrical and Electronic Engineers. A professional organization whose activities include the development of communications and network standards. IEEE LAN standards are the predominant LAN standards today. Interior Gateway Protocol. Standard used to exchange routing information within an autonomous system. Examples of an Internet IGP includes EIGRP, OSPF and RIP. Internet Information Services. Set of Internetbased services for servers using Microsoft Windows Internet Message Access Protocol. An application layer Internet protocol that allows a local client to access e-mail on a remote server. Measurement of the opposition to the flow of alternating current. Impedance is measured in ohms. Electromagnetic waves with a frequency range above that of microwaves, but below that of the visible spectrum. LAN systems based on this technology represent an emerging technology such as IOT. Uses spread-spectrum technology, based on radio waves, to enable communication between devices in a limited area, also known as the BSS with a least one wireless station and an AP. A device that transfers data into the computer. This includes the keyboard, mouse, scanner and etc. A real-time text-based method of communication conducted over a network between two or more users. Commonly used applications combined into a single package, such as an office suite. Device that forwards packets from one network to another based on network layer information. An integrated service router provides secure Internet and intranet access. Normally used in home and small office environment. Interface represent: (a)the connection between two systems or device (b)in routing terminology, as a network connection (c)in telephony terminology, as a shared boundary defined by common physical interconnection characteristics, signal characteristics and meanings of interchanged signals (d)the boundary between adjacent layers of the OSI model. Page HPFS a data packets traverses between a source and a destination. RIP uses hop count as its sole metric. High Performance File System. A file system that is able to handle 2TB-volume or 2GB-file disks, and 256-byte file names. Hewlett-Packard UNIX. A modified version of UNIX used on proprietary Hewlett-Packard operating systems. HP-UX uses clustering technology, kernel-based intrusion detection, and various types of system partitioning. Hot Standby Router Protocol. Standard that provides the ability to communicate on an internetwork if a default router becomes unavailable. HSRP provides high network availability and transparent network topology changes. Hypertext Markup Language. Coding language used to create documents for the World Wide Web. Hypertext Transfer Protocol. A method used to transfer or convey information on the World Wide Web. Small packet of data created by a server and sent to a user’s browser and back to the server for authenticating, tracking and maintaining specific user information, such as site preferences. A device that serves as the central point of connection for the devices on a LAN. Hertz. A unit of frequency measurement. It is the rate of change in the state, or cycle, in a sound wave, alternating current, or other cyclical waveform. Hertz is synonymous with cycles per second, and it describes the speed of a computer microprocessor. Internet Assigned Numbers Authority. Internet body that oversees global IP address allocation, DNS root zone management and other Internet protocol assignments. Independent Basic Service Ser. An 802.11 network comprised of a collection of stations that communicate with each other, but not with a network infrastructure. Personal information stolen for fraudulent purposes. Intrusion Detection System. A combination of a sensor, console, and central engine in a single device installed on a network to protect against the attacks a conventional firewall can miss. Internet Explorer. Proprietary web browser 105 Easy Peasy Switching and Routing Inter-VLAN Intra-area routing International Organization for Standardization (ISO) Internet Internet backbone Intranet IP IP address ipconfig IPS IPsec IPtel Transfer of data between two or more logical areas. Routing within a virtual LAN. Specific configuration to switches and routers is necessary. Transfer of data within a logical area when the source and destination are in the same area. Group of representatives from 165 countries, responsible for worldwide industrial and commercial standards. Largest global internetwork that connects tens of thousands of networks worldwide. Networks with national access points that transport Internet traffic. An Internet service provider uses a router to connect to the backbone Network designed to be accessible only to internal employees of an organization. Internet Protocol. The network layer protocol in the TCP/IP stack that offers internetwork service. IP provides features for addressing, type-of-service specification, fragmentation and reassembly and security. Internet Protocol address. A 32-bit binary number that is divided into 4 groups of 8 bits, known as octets. IP address is a form of a logical address scheme that provides source and destination addressing and in conjunction with routing protocols, packet forwarding from one network to another toward a destination. A DOS command that displays the IP address, subnet mask, and default gateway configured on a PC. Intrusion Prevention System. An extension of IDS. Based on application content, IPS enhances access control to protect computers from exploitation. IP security. Framework of open standards that provides data confidentiality, data integrity and data authentication between participating peers. IPsec provides security services as the IP layer. IPsec uses IKE to handle the negotiation of protocols and algorithms based on local policy and to generate the encryption and authentication keys to be used by IPsec. IPsec can protect one or more data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. Internet Protocol telephony. Method to transmit telephone calls over the Internet using packet- version 2020 IPTV IPv4 IPv6 IrDA ISM ISP IV Jumper kb kbps Kernel key Key exchange Key ID kilobyte Laptop switched technology. Also called voice over Ip (VoIP). Internet Protocol television. Method to transmit video using IP packets. Instead of cable or air, IPTV uses the transport protocol of the Internet to deliver video. Internet Protocol version 4. The current version of Internet Protocol. Internet Protocol version 6. The next generation of Internet Protocol. Infrared data association. Defines protocol standards for the short-range exchange of data over infrared light for uses such as PANs. Industrial, Scientific and Medical bands. Radio bands defined by the ITU-R in 5.138 and 5.150 of the Radio Regulations and shared with licensefree, error-tolerant communications applications such as wireless LANs and Bluetooth. Internet Service Provider. Company that provides Internet service to home users, such as the local phone or cable company. Initialization vector. A data type that executes an algorithm for a unique encryption stream. A pair of prongs that are electrical contact points set into the computer motherboard or an adapter card. Kilobit. 1024, or approximately 1000 bits. A measurement of the amount of data that is transferred over a connection such as a network connection. A date transfer rate of 1 kbps is a rate of approximately 1000 bits per second. The main module of the operating system that provides the essential services that are need by applications. The kernel is responsible for managing the system resources and the communication between hardware and software components. Authentication code that passes between routers in plain text form. Method for two peers to establish a shared secret key, which only the recognize, while communicating over an unsecured channel. Identification of code used between devices. 1024, or approximately 1000 bits. Small form factor computer designed to be mobile, but operates much the same as a desktop computer. Laptop hardware is proprietary and usually more expensive than desktop hardware. Page Inter-area routing 106 Easy Peasy Switching and Routing Leased line Least cost path LED Link-state protocols Link-state routing algorithm Linux Load balancing Local application Logical address Lotus Notes MAC address Light amplification by stimulated emission of radiation. Analog transmission device in which a suitable active material is excited by an external stimulus to produce a narrow beam of coherent light that can be modulated into pulses to carry data. Bandwidth on a communications line reserved by a communications carrier for the private use of a customer. A leased line is a type of dedicated line. Calculation of a switch to find a path that uses the least amount of bandwidth for each link required to reach the root bridge. Light-emitting Diode. Type of computer display that illuminates display screen positions based on the voltages at different grid intersections. Also called a status indicator, the LED indicates whether components inside the computer are on or working Type of standards, such as OSPF and IS-IS, used in a hierarchical network design. Link-state protocols help manage the packet-switching processes in large networks. Mathematical process in which each router broadcasts or multicasts information regarding the cost of reaching each of its neighbors. A link-state routing algorithm creates a consistent view of the network and is not prone to routing loops. Examples of link-state algorithms are OSPF and ISIS. Open-source operating system that can be run on various computer platforms. Ability of a router to distribute traffic ovel all network interfaces that are the same distance from the destination address. Load balancing increase the use of network segments which improves bandwidth. A load-balancing algorithm may use both line speed and reliability information. A software program that is installed and executed on a single computer. The network layer address that refers to a logical, rather than a physical, network device. A client-server, collaborative application that provides integrated desktop client option primarily for accessing business e-mail, calendars and applications on an IBM Lotus Domino server. Media Access Control address. A standardized data link address that is required for every port or device that connects to a LAN. Other devices in the network use MAC addresses to locate specific ports MAC filtering MAC table Mainframe Management VLAN Manual IP address Manual summarization Mb megabyte megapixel Memory Memory key MHz Microsoft Exchange Server version 2020 Microsoft Outlook Modem in the network and to create and update routing table and data structures. In Ethernet standard, MAC addresses are 6 bytes long. Access control method that permits and denies network access based on MAC addresses to specific devices through the use of blacklists and whitelists Media Access Control table. Table containing MAC addresses of particular ports. A MAC table is used by a switch to identify the destination MAC address A powerful machine that consists of centralized computers that are usually housed in secure, climate-controlled rooms. End users’ interface with the computers through dumb terminal. VLAN1 on a switch. The IP address of VLAN1 is used to access and configure the switch remotely and to exchange information with other network devices. An IP address that is not obtained automatically, but is manually configured on a computer by the system administrator or user. Feature on an EIGRP route where the administrator determines which subnets on which interfaces are advertised as a summary route. Manual summarization is done on a per-interface basis and gives the network administrator complete control. A manually summarized route appears in the routing table as an EIGRP route sourced from a logical interface. megabyte. 1,048,576 or approximately 1 million bytes. 1,048,576 or approximately 1 million bytes. One million pixels, image resolution is calculated by multiplying the number of horizontal pixels by the number of vertical pixels. The physical internal storage medium that holds the data. A USB flash drive. Megahertz. A unit of frequency that equals at one million cycles per second. This is a common measurement of the speed of a processing chip. A messaging and collaborative software with email, shared calendars and tasks, support for mobile and web-based access to information, and support for large amounts of data storage. Information manager in the Microsoft Office suite providing an e-mail application, calendar, task and contact management, note taking and journal. Modulator-demodulator. Device that converts Page Laser 107 Easy Peasy Switching and Routing Motherboard MSN Messenger Multiboot Multicast MPLS Multitasking Mutual Authentication NAP NAT Native VLAN Neighbor table Neighboring routers Netstat Network Network address Network application Network client Network device Network layer NEXT Next hop NIC NOC Nonprofit organization Nonvolatile memory version 2020 NOS nslookup tables. Routers that have interfaces to a common network in OSPF. On a multi-access network, neighbors are dynamically discovered by the OSPF Hello protocol. A command-line tool that displays incoming and outgoing network connection, routing tables and various network interface statistics on UNIX and Windows operating system. A collection of computers, printers, routers, switches, or other devices that are able to communicate with each other over some transmission medium. The network layer address that refers to a logical, rather than a physical, network device. All network devices must have a unique address. An IP address is an example of a network address. Software installed on a network server and is accessible to multiple users. A node or software program that requests services from a server. A computer, a peripheral or other related communication equipment attached to a network. Layer three of the OSI model. It responds to service requests from the transport layer and issues service requests to the data link layer. Near End cross(X) Talk. A measurement of crosstalk between pairs of wires. NEXT is measured near the transmitting end of the cable. Interface on a connected router that moves the data closer to the final destination. Network Interface Card. The interface between the computer and the LAN. The NIC is typically inserted into an expansion slot in a computer and connects to the network medium. Network Operation Center. An organization responsible for maintaining a network. A business entity that may offer products and services, but not for the purpose of earning a profit Memory that retains content, such as configuration information, when a unit is powered off. Network Operating System. An operating system designed to track networks consisting of multiple users and programs. A NOS controls packet traffic and file access, and provides data security. Types of NOS include LAN Manager, Novell NetWare, Sun Solaris and Windows Server. A command in UNIX and Windows used to find host information in Internet domain name servers. Page Morse code digital computer signals into a format that is sent and received over an analog telephone line. A coding system that expresses alphabetical characters as pulses of different durations. The main circuit board in a computer. The motherboard connects all the hardware in the computer. Instant messaging client developed and distributed for computers running the Microsoft Windows operating system. An open standard configuration on a partitioned hard drive where each partition has an operating system, files and configuration settings. When a host needs to send messages using a oneto-many pattern, it is referred as a multicast . Multiprotocol Label Switching. Standard used to increase the speed of traffic flow on a network. The MPLS process marks each packet with the path sequence to the destination instead of using a routing table. Packet switching is done at Layer 2 of the OSI Reference Model. MPLS supports protocols such as IP, ATM and Frame relay. The practice of running two or more applications at the same time. Also known as two-way authentication. Refers to a user or client computer identifying itself to a server and the server identifying itself to the user or client computer so that both are verified. Network access point. The point at which access providers are interconnected. Network Address Translation. The process of rewriting the source or destination address of IP packets as they pass through a router or firewall so multiple hosts on a private network can access the Internet using a single public IP address. Special VLAN that accommodates untagged traffic. Trunk links carry the untagged over the native VLAN. On Cisco Catalyst switches, VLAN1 is the native VLAN. One of three interconnected EIGRP router tables. The neighbor table collects and lists information about directly connected neighbor routers. A sequence number records the number of the last received hello from each neighbor and timestamps the time that the packet arrived. If a hello packet is not received within the hold time, the timer expires and DUAL recalculates the topology. Other router tables include topology and routing 108 Easy Peasy Switching and Routing NFTS Octet Open Open mail relay OS OSPF Output device Packet Palm OS PAP Partition Patch Payload EIGRP install a NULL0 summary route in the routing table for each parent route. The Null0 interface indicates that this is not an actual path, but a summary for advertising purposes. New Technology File System. A Windows file system designed to manage global and enterpriselevel operating systems. A decimal number in the range of 0 to 255 that represents 8 bits. Impedance that prevents data from travelling from one location to another. An SMTP server configured to allow anyone on the Internet to relay or send e-mail. Operating System. Software program that performs general system tasks, such as controlling RAM, prioritizing the processing, controlling input and output devices, and managing files. Open Shortest Path First. Routing algorithm for a link-state, hierarchical Interior Gateway Protocol that’s replaces Routing Information Protocol (RIP). OSPF features include least-cost routing, multipath routing and load balancing. A device that displays or prints data that is processed by the computer. A logical grouping of information which includes a header that contains control information and usually user date. Packets are most often used to refer to network layer units of data. PalmSource Inc. operating system. The operating system for various brands of personal digital assistants. Password Authentication Protocol. Standard used by pPP peers to authenticate each other on a network. A remote router sends an authentication request when attempting to connect to a local router. PAP passes the password and hostname or username. PAP does not prevent unauthorized access, but identifies the remote user. The router or access server then determine if the user is allowed access. To divide memory or mass storage into isolated or logical sections. Once a disk is partitioned, each partition will behave like a separate hard drive. Software provided by the developer to update an application and improve usability or performance or to fix a problem. The portion of a frame that contains upper-layer information, such as the user data component. version 2020 PCI PDA Peripheral device Phishing Ping Ping of death Pixel PnP Point of Presence POP POP3 pop-under popup Popup blocker Power spike Peripheral Component Interconnect. A 32-bit local bus slot that allows the bus direct access to the CPU for devices such as memory and expansion boards and allows the CPU to automatically configure the device using information that is contained on the device. Personal Digital Assistant. Stand-alone, hand-held device with computing and communicating abilities A device in a computer system that is not part of the core computer system. Fraudulent acquisition of sensitive information through the impersonation of a trustworthy source A troubleshooting tool used to verify network connectivity by sending a packet to a specific IP address and waiting for the reply. An attack that sent a malformed, malicious, or large pings with the intent to crash the target computer. This type of attack is no longer effective on current computer systems. Picture element. An element that is the smallest part of a graphic image. Many pixels placed close together make up the image on the computer monitor. Plug and Play. Technology that allows a computer to automatically configure the devices that connect to it. Point of interconnection between the communication facilities provided by the telephone company and the main distribution facility of the client building. Post Office Protocol. Protocol used when retrieving e-mail messages from a server. Post Office Protocol version 3. An application-layer Internet standard that allows a local client to retrieve e-mail from a remote server over a TCP/IP connection. A variation of the popup window advertisement where a new browser window is opened behind the active window making the detection and source more difficult to determine. A form of online advertising designed to increase web traffic or capture e-mail addresses that displays when a user opens certain websites or clicks on specific links. Software installed on a computer to block advertisements from displaying. Sudden increase in voltage that usually caused by lightning strikes. Page Null0 interface 109 Easy Peasy Switching and Routing Power surge PPP Presentation layer Pretexting Print Service Printer Private IP address Proprietary Protocol stack Prototyping PSK PSTN Public IP address Punch down tool Rack server RADIUS Component that converts AC current to DC current used by a computer. Increase in voltage significantly above the designated level in a flow of electricity. Point-to-point protocol. Standards that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. Layer seven of the OSI model. It responds to service requests from the application layer and issues service requests to the session layer. Fraudulent acquisition of sensitive information, primarily over the telephone, where an invented scenario persuades a target of legitimacy. Network service provided for clients that allows access to networked printers. Output device that produces a paper copy of the information that you create using the computer. IP address that is reserved for internal network use only and cannot be routed on the Internet. The ranges for this type of IP addresses are 10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.16.255.255 and 192.168.0.0. – 192.168.255.255. Device or software that cannot be used with devices or software from other vendors. Software implementation of a computer networking protocol suite. The process of putting together a working model to test design aspect, demonstrate features and gather feedback. Prototyping can help reduce project risk and cost. Pre-shared key. A secret shared between the wireless AP and a client to control access on a network. Public Switched Telephone Network. Wired network that allows telephone calls to be made through both wired and wireless technologies and provides access to the Internet. An IP addresses except those reserved for private IP addresses. This type of IP addresses can be routed on the Internet. A spring-loaded tool used to cut and connect wires in a jack or on a patch panel. Server designed to be installed in an equipment rack. Remote Authentication Dial in User Service. An AAA (Authentication, Authorization and Accounting) protocol used for security applications, such as network access or IP mobility. version 2020 RAM Real time Receiver Redirector Redistribution Registered ports RIP RIPv2 RIPng RF RFC It authenticates users and machines in both local and remote situations. Random Access Memory. Volatile system memory for the operating software, application programs and data in current use so that it can be quickly accessed by the computer’s processor. Online at the same time or processed during actual time, not at a later time or date. The intended destination for a message through a communication channel. An operating system driver that intercepts requests for resources within a computer and analyzes them for remote access requirements. If remote access is required to satisfy the request, the redirector forms a remote-procedure call (RPC) and sends the RPC to lower-layer protocol software for transmission through the network to the node that can satisfy the request. Propagation. Process of including routing information discovered through one routing protocol in the update messages of another routing protocol. TCP and UDP ports in the range of 1024-49151 Routing Information Protocol. Distance vector routing standard that uses hop count as a routing matrix. Routing Information Protocol version 2. Distance vector routing standard based on RIPv1 with additional extensions to conform to modern routing environments. RIPv2 supports VLSM, authentication, and multicast updates. RIPv2 is defined in RFC 1723. Routing Information Protocol next generation. Distance vector routing standard with a limit of 15 hops that uses split-horizon and poison reverse to prevent routing loops. It is based on IPv4 RIPv2 and similar to RIPv2, but uses IPv6 for transport. The multicast group address ff02::9 identifies all RIPng enabled routers. Radio Frequency. Electromagnetic waves generated by AC and sent to an antenna within the electromagnetic spectrum. Request For Comments. A document series used as the primary means to communicate information about the Internet. Most RFC’s document protocol specifications such as Telnet and File Transfer Protocol (FTP). RFC’s are available online from numerous sources. Page Power supply 110 Easy Peasy Switching and Routing RSTP Route summarization Router Router ID Router-on-a-stick Routing Routing algorithm Routing protocol Routing table RTS SATA Radio Frequency Interference. High frequencies that create spikes or noise that interferes with information being transmitted across unshielded copper cabling. Rapid Spanning Tree Protocol. Update to STP standards that reduces the time for connections to be established to switch ports. Also know as route aggregation. Consolidation of advertised addresses in a routing table. Route summarization reduces the number of routes in the routing table, the routing update traffic and overall router overhead. Network layer device that uses one or more metrics to determine the optimal path along which network traffic should be forwarded. Routers forward packets from one network to another based on network layer information. IP address determined by a value configured with the router-id command, or a value of the highest configured IP address on a loopback interface, or a value of highest IP address on any active physical interface. Configuration on the router that determines that if the destination VLAN is on the same switch as the source VLAN, the router forwards the traffic back down to the source switch using the subinterface parameters of the destination VLAN ID. A process to find a path to a destination host. Routing is very complex in large networks because of the many potential intermediate destinations a packet might traverse before reaching its destination host. Mathematical formula for procedures used to determine the best route to forward traffic from source to destination. Standard that makes use of the routing algorithm. Examples are EOGRP, OSPF and RIP. A table stored in router memory, or another internetworking device, that tracks the routes to particular network destinations and in some cases, metrics associated with those routes to determine where to send data. Request To Send. Along with clear to send, RTS is used by the 802.11 wireless networking protocol to reduce frame collisions introduced by the hidden terminal problem and exposed node problem. Serial ATA. A computer bus technology designed for data transfer to and from hard disks and optical Scalability Security agent Security appliance Secure shell (SSH) version 2020 Security policy Segment Sender Server Service pack Session layer Shell Shorts Site survey SLA Slammer SMTP Smurf attack drives. Ability of a network design to develop to include new user groups and remote sites. A scalable network design should support new applications without impacting the level of service delivered to existing users. Software installed on servers and desktop computers that provides threat protection capabilities. Hardware device designed to provide one or more security measure on a network, such as a firewall, intrusion detection and prevention, and VPN services. In-band protocol used to encrypt username and password information when it is sent. Documentation that details system, physical and behavioral constrains in an organization. In a computer network, a segment is a portion separated by a computer networking device such as a repeater, bridge, or router. In the OSI model, a segment is a PDU unit at the transport layer. The source / origin of data transferred to a receiver A computer or device on a network used for network resources and managed by an administrator. A collection of updates, fixes, or enhancements to a software program delivered as a single installable package. Layer five of the OSI model. It responds to service requests from the presentation layer and issues service requests to the transport layer. Software that creates a user interface. A shell provides the user access to the services of the operating system, and to web browsers and e-mail clients. An error in a cable caused by low resistance. The process of evaluating a network solution to deliver the required coverage, data rates, network capacity, roaming capability and Quality of Service Service Level Agreement. Contract that defines expectations between an organization and the service vendor to provide an agreed upon level of support. A virus that targets SQL servers. Simple Mail Transfer Protocol. Required configuration that allows e-mail to be transmitted over the Internet. A DoS attack that uses spoofed broadcast ping Page RFI 111 Easy Peasy Switching and Routing SOHO Sound card Spam Spam filter SPF SPF tree SPI Split horizon Spoofing Spreadsheet Spyware Spyware protection SSID STA Standard ACL Stacheldraht messages to flood a target computer or network. Techniques used by an attacker to manipulate unsuspecting people into providing information or computer system access. Small Office Home Office. A term used to define the general working environment of small businesses and home-based businesses. Computer expansion card that enables the input and output sound under control of a computer programs. Unsolicited or junk e-mail messages sent to multiple recipients for either legitimate or fraudulent purposes Software configured to capture suspicious e-mails before they are sent to a user’s in-box Shortest Path First algorithm. Mathematical process that uses the length of a path to determine a shortest-path spanning tree. An SPF algorithm is a link-state routing algorithm. All paths from a source to each destination and the total cost of each path. Stateful Packet Inspection. Inspect and permit an incoming response to established communication on an internal network. Routing technique that controls the formation of loops by preventing information from exiting the router interface through the same interface it was received. Similar to phishing, a person or program that masquerades as another to gain access to data and the network. A table of values arranged in rows and columns of cells used to organize data and calculate formulas. A malicious program, typically installed without a user’s knowledge or permission, designed to perform tasks such as capture keystrokes, for the benefit of the originator of the program. A computer application designed to detect and remove spyware. Service Set Identifier. The code assigned to a packet that designates that the communication is part of a wireless network. Abbreviation for STAtion, a basic network device. Access control list that accepts or denies packets based on the source IP address. Standard ACLs are identified by the number assigned to them; 1-99 and 1300-1999. Malware for Linux and Solaris systems that acts as version 2020 Stateful packet inspection Static Ip address Storage device Streaming audio Streaming video Structured cabling system Stub area Stub network STUN Subinterface Subnet mask Surge protector SVC Switch SYN flooding a DDoS agent to detects and automatically enable source address forgery. A function of a stateful firewall that distinguishes legitimate packets and allows only those packets that match assigned attributes. An IP address that is not obtained automatically, but is manually configured on a computer. Hardware component, such as hard drive, CD drive, DVD drive, tape drive, used to permanently save data. Audio content that is continuously received by the end user. Video content that is continuously received by, and normally displayed to the end user. A uniform cabling system with standards defining the actual cable, cabling distances, type of cable and type of terminating devices. OSPF area that carries a default route, intra-area routes, and interarea routes, but does not carry external routes. Virtual links cannot be configured across a stub area, and they cannot contain an ASBR. Network that has only a single connection to a router. Serial tunnel. Router feature that allows two SDLCor HDLC-compliant devices to connect to each other through an arbitrary multiprotocol topology, with the use of Cisco routers, rather than through a direct serial link. One of a number of virtual interfaces on a single physical interface. A 32-bit address mask used in IP to indicate the bits of an IP address that are being used for the subnet address. The second group of numbers in an IP address. Device used to regulate the supplied voltage by blocking or shorting to ground the voltage above a safe threshold Switched virtual circuit. Route that is dynamically established on demands and is destroyed when transmission is complete. An SVC is used in situations where data transmission is sporadic. Network device that filters, forwards, and floods frames based on destination address of each frame. A switch operates at the data-link layer of the OSI Reference Model. A type of DoS attack that sends multiple TCP/SYN packets, often with a forged sender addresses, Page Social engineering 112 Easy Peasy Switching and Routing Table PC TB TCO TCP TCP/IP model TDM Telecommunication room Teleworking Telnet TFN TFTP Three-way handshake Threshold Threshold value Thick ethernet Thin ethernet Throughput TIA Time slice Time-based ACL Top down Topology Topology database version 2020 Topology table Maximum number of errors that a switch allows before it will go into store and forwarding switching to slow traffic and correct the problem. An early form of coaxial cable using 10BASE5 for networking. Thich Ethernet was once desirable because it could carry signals up to 1640 feet (500m). also called thicknet. A simple, thin, coaxial network cable for the 10BASE2 system. Thin Ethernet can carry a signal only 607 feet (185m), but is much easier to work with than thicknet. Also called thinnet. The rate at which a computer or network sends or receives data measured in bits per second (bps). Telecommunications Industry Association. An organization that develops standards that relate to telecommunications technologies. Together, the TIA and the Electronic Industries Alliance (EIA) have formalized standards, such as EIA/TIA-232, for the electrical characteristics of data transmission. Period of time during which a conversation has complete use of the physical media. Bandwidth is allocated to each channel or time slot. In standard TDM, if a sender has nothing o say, the time slice goes unused, wasting valuable bandwidth. In STDM, it keeps track of conversations that require extra bandwidth, it then dynamically reassigns unused time slice on an as-needed basis to minimize the use of bandwidth. An ACL that permits and denies specified traffic based on the time of the day or day of the week. Time-based ACLs are similar to extended ACLs in function, but they support access control based on a time range. A time range is created to define specific times of the day and weeks for controlling access. The time range relies on the router system clock, and the feature works best with Network Time Protocol (NTP) synchronization. A troubleshooting technique in a layered concept of networking that starts with the application of highest layer and works down. Map of the arrangement of network nodes and media within an enterprise networking infrastructure. Topology can be a physical or logical. Location on a topology that stores SPF tree information. One of three tables on an EIGRP router. The Page System requirements System resources reducing the ability of the server to respond to legitimate requests Guidelines that should be met for a computer system to perform effectively Components such as system memory, cache memory, hard disk space, IRQs and DMA channels used to manage applications A type of notebook computer with both a keyboard and an interactive LCD screen able to convert handwritten text into digitized text Terabyte. Equal to 1000 gigabytes Total cost of ownership. Estimate of direct and indirect costs related to the purchase of computer hardware and software Transmission Control Protocol. Primary Internet protocol for the delivery of data. TCP includes facilities for end-to-end connection establishment, error detection and recovery, and metering the rate of data flow into the network. Many standard applications such as e-mail, web browser, file transfer and Telnet depend on the services of TCP A layered abstract description for communications and computer network protocol design Time division multiplexing. Division of bandwidth to allow multiple logical signals to be transmitted simultaneously across a single physical channel. The signals are then separated at the receiving end. Facility that contains network and telecommunications equipment, vertical and horizontal cable terminations, and cross-connect cables. Also know as a riser, a distribution facility or a wiring closet. Employee that works at a location other than the centralized office location. Network protocol used on the Internet or a LAN to connect to remote devices for management and for troubleshooting Tribe Flood Network. A set of computer programs that conduct various DDoS attacks such as ICMP flood, SYN flood, UDP flood and smurf attack Trivial File Transfer Protocol. Standards that allow files to be transmitted from one computer to another over the network, TFTP is a simplified version of FTP. Series of synchronization and acknowledgments used by TCP to open a connection. Acceptable level of errors on an interface 113 Easy Peasy Switching and Routing Traffic filtering Traffic shaping traceroute Trailer Transmitter Transport layer Transport protocol Trial-and-error Triggered update Trojan horse Troubleshooting version 2020 Trunk Tunnel Tunneling Two-way handshake TxQ Type field UDP Unicast Unequal cost Unequal cost load balancing Untagged Uplink port UplinkFast causes of a problem used to fix a computer. Trunk port / trunking ports. Point-to-point link that connects a switch to another switch, a router or a server. A trunk carries traffic for multiple VLAns over the same link. The VLANs are multiplexed over the link with a trunking protocol. Secure communication path between two peers, such as two routers. Method of data transmission over networks with differing protocol. With tunneling, a data packet is encapsulated to form a new packet that conforms to protocols used over intermediary networks. Authentication process used on a PAP. During the two-way handshake, a device looks up the username and password of the calling device to confirm the information matches what is stored in the database. Transmit Queue. Process of storing traffic on hardware and then sending the packets out in the order they were received. Extra field in a Cisco HDLC frame which allows multiple protocols to share the same link by identifying the type of protocol carried by the frame. User Datagram Protocol. Standard for connectionless transmission of voice and video traffic. Transmission over UDP is not affected by the delays caused from acknowledgements and retransmitting lost packets. A message sent to a single network destination Additional bandwidth is needed to forward a packet on certain routes on a network. Some route may have higher metric values than others. Distribution of packets on more than one path using a specified variance in the metric. Distributing the traffic helps prevent a single path from being overloaded. Traffic with no VLAN ID that needs to cross the 802.1q configured link. Examples of untagged traffic include Cisco Discovery Protocol, VTP and some types of voice traffic. Untagged traffic minimizes the delays associated with inspection of the VLAN ID tag. High speed port that connects to areas that have a higher demand for bandwidth, such as another switch, a server farm, or other networks. STP enhancement to minimize downtime during recalculation. STP UplinkFast accelerates choosing Page ToS topology table lists all routes learned from each EIGRP neighbor. DUAL takes the information from the neighbor and topology tables and calculates the lowers cost routes to each network. The topology table identifies up to four primary loopfree routes for any one destination. Type of Service. 8-bit filed used for frame classification located in the IP packet and used by a device to indicate the precedence or priority of a given frame. ToS is not used when a frame is received that contains an 802.1q frame tag. Control traffic in various segments of the network. Traffic filtering is the process of analyzing the contents of a packet to determine if the packet should be allowed or blocked. Using queues to limit surges that can congest a network. In traffic shaping, data is buffered and then sent into the network in regulated amounts to ensure that the traffic will fit within the promised traffic envelope for the particular connection. Traffic shaping is used in network such as ATM and Frame Relay. UNIX/Linux utility that traces the route that a packet takes from source computer to destination host. The control information appended to data when data is encapsulated to network transmission. A device used to connect the transmit cable to the network. The transmitter is used to broadcast electromagnetic signals such as radio and television. Layer four of the OSI model. Responds to service requests from the session layer and issues service requests to the network layer. Protocol on the transport layer of the OSI model and TCP/IP reference model used to transfer data on a network. Troubleshooting technique that relies on experience and testing to solve a problem. Message containing the routing table of a router that is sent to neighboring routers on a network when the router starts up. A program that appears harmless, but may actually allow hackers to gain access to the computer. Some types of Trojan horses may convince the user to run programs that are damaging to data on the computer. A systematic process of eliminating potential 114 Easy Peasy Switching and Routing UNIX UOM Upgrade UPS URL USB variance Virtual Circuit (VC) Vector Vertical application VID version 2020 Video card VLANs VLAN number Virtual machine Virtual path Virtual reality Virtualization Virus Virus scan Vishing VLSM VMPS VOD Ethernet frame as it enters a port on a switch. A circuit board plugged into a PC to provide display capabilities Virtual Local Area Networks. A group of devices on a network, typically end-user stations, that communicate as if attached to the same network segment even though they may be on different segments. VLANs are configured on workgroup switches. Switches with VLANs may interconnect using VLAN trunking protocols. Number assigned to a VLAN when it is created. The VLAN number is any number from the range available on the switch, except for VLAN1. Naming a VLAN is considered a network management best practice. Technique deployed on servers to enable multiple copies of an operating systems to run on a single set of hardware, thus creating many virtual machines, each one treated as a separate computer. This enables a single physical resource to appear to function as multiple logical resources Logical group of virtual circuits that connect two sites. Technology in which a user interacts with a computer-generated environment A process that implements a network based on virtual network segments. Devices are connected to virtual segments independents of their physical location and their physical connection to the network A self-replicating computer program that spreads by inserting copies of itself into other executable code or documents Utility that checks all hard drives and memory for viruses Fraudulent acquisition of sensitive information through VoIP that terminates in a computer Variable-length subnet mask. Technique used to specify a different subnet mask for the same major network number to identify different subnets. VLSM can help optimize available IP address space. VLAN policy server. Server with a database that maps MAC addresses to VLAN assignments. When a device plugs into a switch port, the VMPS searches the database for a match of the MAC address and temporarily assigns that port to the appropriate VLAN. Video on Demand. A system enabling a user to Page Universal serial bus (USB) a new root port when a link or switch fails, or when an STP is reconfigured. The transition of the root port to the forwarding state occurs immediately, without going through the normal STP procedures of listening and learning. An external bus standard that supports a data transfer rate of up to 480Mbps (USB 2.0). A single USB port can be used to connect up to 127 peripheral devices. UNIX is a multi-user, multitasking operating system originally developed in the 1960s and 1970s at Bell Labs. It is one of the most common operating systems for server on the Internet. Units of Measurement. The replacement of hardware or software on a computer system with newer hardware or software Uninterruptible Power Supply. Backup device designed to provides an uninterrupted power source in the event of a power failure. They are commonly installed on all file servers. Uniform Resource Locator. An alphanumeric string in a specific format that represents a device, file or web page located on the Internet Universal Serial Bus. External serial bus interface standard for the connection of multiple peripheral devices. USB can connect up to 127 USB devices at transfer rate of up to 480 Mbps (USB 2.0), and can provide DC power to connected devices Amount multiplied to a route to determine if it is within range of the maximum acceptable metric for use as a path. For example, if the variance is 2, the router balances the traffic load using any path for which the metric is less than two times the best metric. Logical relationship created to ensure reliable communication between two network devices. A virtual circuit is defined by a virtual path identifier / virtual channel identifier pair, and can be either a permanent virtual circuit or switched virtual circuit. Virtual circuits are used in Frame Relay and X.25. In ATM, a virtual circuit is called a virtual channel. Data segment of an SNA message. A vector consists of a length field, a key that describes the vector type, and vector-specific data. An application program supporting one specific business process, such as payroll systems or CAD VLAN ID. Identity of the VLAN inserted into an 115 Easy Peasy Switching and Routing VoIP VPC VPL VPN VPN concentrator VTP VTP configuration revision number VWIC WAN War driving watch video on a network Device that converts analog voice from telephone signals to IP packets. The voice-enabled router forwards IP packets between locations. Voice over Internet Protocol. Technology that provides voice over the Internet. Virtual Path Connection. Group of virtual channel connections that share one or more contiguous VPLs. Virtual Path Link. Group of unidirectional virtual channel links within a virtual path with the same end points. Grouping into a VPL reduces the number of connections to be managed, and as a result, decreases network control overhead and cost. Virtual Private Network. Network through which data is sent through a public telecommunication infrastructure while maintaining the privacy of the data by creating a tunnel through the public telecommunication infrastructure. Gateway on a network that filters all VPN traffic. Virtual Trunking Protocol. Cisco proprietary standard that maintains a consistent VLAN configuration across a common administrative domain. Numerical order of multicast messages on a network. The VTP configuration revision number begins at zero. As changes on the network occur, the configuration revision number increases by one. It continues to increment until it reaches 2,147,483,648. If a message has a higher VTP configuration revision number than one stored in the database, the switch updates its VLAN database with this new information. Voice/WAN interface card. Adapter that provides support for voice, data and integrated voice, and data applications. A VWIC facilitates the migration from data only, as well as channelized voice and data, to packet voice solutions which simplifies deployment and management. Wide Area Network. Data communication network that serves users across a broad geographic area and often uses transmission devices provided by common carries. Example of WAN technologies include Frame Relay, SMDS and X.25. The act of physically using a vehicle to search for Wi-Fi networks with a laptop of PDA equipped with detection software. version 2020 Warranty Wavelength Web hosting Well know ports WEP WIC WI-FI WIMAX WINS Wildcard mask Wireless bridge Wireless access point Wireless client Wire speed Wiring closet WLAN Guarantee that a product or service is free of defects and performs as advertised. A warranty is limited in duration and in the services provided. The distance between two waves in a repeating pattern Type of Internet hosting service which includes limited space on a server, used to post websites on the World Wide Web TCP and UDP ports in the range of 0-1023 Wired Equivalent Privacy. Part of the IEEE 802.11 wireless networking standard that provides a low level of security. Optional security mechanism standard designed to make the link integrity of wireless devices equal to that of a cable. Wide area network interface card. Adapter that connects a system to a WAN link service provider. Brand originally licensed by the Wi-Fi Alliance to define the embedded technology of a wireless network, and is based on the IEEE 802.11 specifications Worldwide Interoperability for Microwave Access. A standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to cable and DSL Windows Internet Naming Service. Microsoft resolution protocol that converts NetBIOS names to IP addresses Used in IPv4. 32-bit quantity used in conjunction with an IP address to determine which bits in an IP address should be ignored when that address is compared with another IP address. A wildcard mask is specified when access lists are set up. Physically connects two or more network segments using the 802.11 standard wireless technology in a point-to-point or point-to-multipoint implementation Physical sites connected on a network that transmit signals for wireless devices. Any host device that can connect to a wireless network Rate that packets are forwarded on a network. Specially designed room used to wire a data or voice network. Wiring closets serve as a central junction point for the wires and wiring equipment that is used to interconnect devices. Wireless local area network. Connection between devices without using physical media. Two or more computers or devices equipped to use spread- Page Voice-enabled router 116 Easy Peasy Switching and Routing Easy Peasy Switching and Routing Workstation WPA z/OS Zero CIR ZigBee World Wide Web. A large network of Internet servers that provide hypertext and other services to terminals that run client applications such as a web browser A secure IBM 64-bit server operating system that is designed for continuous, high-volume use. z/OS runs Java, supports UNIX and uses TCP/IP Excess bandwidth that is discounted when it is available from a Frame Relay service provider. In Zero CIR, a user pays a small fee for the capability to transmit data across a PVC at speeds up to that of the access link. If there is congestion, all DE labeled frames are dropped. There is no guarantee of service with a CIR set to zero. A suite of high-level communication protocols using small, low-power digital radios based on the IEEE 802.15.4 standard for WPANs. ZigBee operates in ISM radio bands 868 MHz in Europe, 915 MHz in the USA and 2.4GHz worldwide. 117 Word processor WWW Page WLAN controller spectrum technology based on radio waves for communication within a limited area. Accomplish the same functionality as a LAN. Type of module that provides a secure enterpriseclass wireless system. A WLAN controller enables a smaller organization to cost-effectively and easily deploy and manage a secure WLAN. An application to enable the word processing functions, such as page setup, paragraph and text formatting. A workstation is a PC that is participating in a networked environment. The term has also been used to refer to high-end computer systems for end users. Wi-Fi Protected Access. Standard based on IEEE 802.11i. Developed to address security issues in WEP. Provides higher level of security in a wireless network. Uses Temporal Key Integrity Protocol (TKIP) for data protection and 802.1X for authenticated key management. version 2020 Page 118 Easy Peasy Switching and Routing version 2020