Outdated_Cisco 4 Intructor Version_Outdated

WAN TechnologiesCCNA 4 Labs and Study GuideInstructor Edition

John Rullan

Cisco Networking Academy Program

The only authorized Labs and Study Guide for the Cisco Networking Academy Program

ii WAN Technologies CCNA 4 Labs and Study Guide

PublisherPaul Boger

Cisco RepresentativeAnthony Wolfenden

Cisco Press Program ManagerJeff Brady

Executive EditorMary Beth Ray

Managing EditorPatrick Kanouse

Senior Development EditorChristopher A. Cleveland

Senior Project EditorSan Dee Phillips

Copy EditorKeith Cline

Technical EditorScott Empson

Team CoordinatorVanessa Evans

Book and Cover DesignerLouisa Adair

CompositionMark Shirar

WAN TechnologiesCCNA 4 Labs and Study Guide

Instructor Edition

John Rullan

Copyright© 2007 Cisco Systems, Inc.

Published by:Cisco Press800 East 96th Street Indianapolis, IN 46240 USA

All rights reserved. No part of this book may be reproduced or transmittedin any form or by any means, electronic or mechanical, including photo-copying, recording, or by any information storage and retrieval system,without written permission from the publisher, except for the inclusion ofbrief quotations in a review.

Printed in the United States of America 1 2 3 4 5 6 7 8 9 0

First Printing August 2006

ISBN: 1-58713-184-6

Warning and DisclaimerThis book is designed to provide information about the labs for WANTechnologies CCNA 4 course of the Cisco Networking Academy Program.Every effort has been made to make this book as complete and as accurateas possible, but no warranty or fitness is implied.

The information is provided on an “as is” basis. The author, Cisco Press,and Cisco Systems, Inc. shall have neither liability nor responsibility to anyperson or entity with respect to any loss or damages arising from the infor-mation contained in this book or from the use of the discs or programs thatmay accompany it.

The opinions expressed in this book belong to the author and are not neces-sarily those of Cisco Systems, Inc.

Corporate and Government SalesCisco Press offers excellent discounts on this book when ordered in quantityfor bulk purchases or special sales.

For more information please contact: U.S. Corporate and Government Sales1-800-382-3419 [email protected]

For sales outside the U.S. please contact:International Sales [email protected]

Feedback InformationAt Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each bookis crafted with care and precision, undergoing rigorous development that involves the unique expertise ofmembers from the professional technical community.

Readers’ feedback is a natural continuation of this process. If you have any comments regarding how wecould improve the quality of this book, or otherwise alter it to better suit your needs, you can contact usthrough e-mail at [email protected]. Please make sure to include the book title and ISBN in yourmessage.

We greatly appreciate your assistance.

Trademark AcknowledgmentsAll terms mentioned in this book that are known to be trademarks or service marks have been appropriatelycapitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of aterm in this book should not be regarded as affecting the validity of any trademark or service mark.

iii

About the AuthorJohn Rullan has been a teacher at Thomas Edison High School in Jamaica, New York, for the past 10years and has been a Cisco instructor since 1998. He is the New York City Department of Education city-wide Cisco trainer and is the regional manager for Queens, New York, high schools. John also has taughtCCNA, CCNP, and network security at the Borough of Manhattan Community College since 2000. Heprovides support to the academy community, working with the CCNA/CCNP Instructional Support team,too. John holds the Network+, CCNA, CCNP, and CCAI certifications.

About the ContributerJim Lorenz is a curriculum developer for the Cisco Networking Academy Program who co-authored thethird editions of the Lab Companions for the CCNA courses. He has more than 20 years experience ininformation systems and has held various IT positions in several Fortune 500 companies, including Allied-Signal, Honeywell, and Motorola. Jim has developed and taught computer and networking courses for bothpublic and private institutions for more than 15 years.

iv WAN Technologies CCNA 4 Labs and Study Guide

About the Technical ReviewerScott Empson, CCDA, CCNP, CCAI, Network+, is an instructor in the telecommunications departmentat the Northern Alberta Institute of Technology in Edmonton, Alberta, Canada. He teaches Cisco routing,switching, and network design courses to students at the post-secondary level. Scott holds three undergrad-uate degrees: a bachelor of arts, with a major in English; a bachelor of education, with a major inEnglish/language arts; and a bachelor of applied information systems technology, with a major in networkmanagement.

v

DedicationTo my daughters, Brianna and Gabriella.

vi WAN Technologies CCNA 4 Labs and Study Guide

AcknowledgmentsThis book could not have been completed without hard work and dedication from my students at ThomasEdison High School. Their input and assistance in designing the challenge labs are what makes this bookso special to be a part of. I want to give special thanks to Lourdes Luna, Charish Patel, Charles Chen,Alvar Lam, Nader Khandaker, Tulin Ravienthira, and Johanna Iniguez.

vii

Contents at a Glance

Chapter 1 Scaling IP Addresses 1

Chapter 2 WAN Technologies 75

Chapter 3 PPP 81

Chapter 4 ISDN and DDR 129

Chapter 5 Frame Relay 169

Chapter 6 Introduction to Network Administration 237

Appendix A Troubleshooting Questions and Lab Exercise 245

Appendix B Adtran Configuration Lab 281

Appendix C Router Interface Summary Chart 291

Appendix D Erasing and Reloading the Switch 293

Appendix E Erasing and Reloading the Router 295

viii WAN Technologies CCNA 4 Labs and Study Guide

Contents

Chapter 1 Scaling IP Addresses 1

Study Guide 2

Scaling Networks with NAT and PAT 2

Concept Questions 2

Research Assignment 3

Matching Terms 7

DHCP 8

Concept Questions 8

Matching Terms 9

Lab Exercises 10

Curriculum Lab 1-1: Configuring NAT (1.1.4a) 10

Task 1: Configure the Routers 11

Task 2: Save the Configuration 11

Task 3: Configure the Hosts with the Proper IP Address, Subnet Mask, andDefault Gateway 11

Task 4: Verify That the Network Is Functioning 11

Task 5: Create a Static Route 11

Task 6: Create a Default Route 12

Task 7: Define the Pool of Usable Public IP Addresses 13

Task 8: Define an Access List That Matches the Inside Private IP Addresses 13

Task 9: Define the NAT Translation from Inside the List to Outside the Pool 13

Task 10: Specify the Interfaces 13

Task 11: Test the Configuration 13

Curriculum Lab 1-2: Configuring PAT (1.1.4b) 15


Task 2: Save the Configurations 16





Task 7: Define the PAT Translation from Inside the List to Outside the Address 17



Curriculum Lab 1-3: Configuring Static NAT Addresses (1.1.4c) 19








ix




Task 11: Configure Static Mapping 22


Curriculum Lab 1-4: Verifying NAT and PAT Configuration (1.1.5) 24












Task 12: Verify NAT/PAT Statistics 27

Curriculum Lab 1-5: Troubleshooting NAT and PAT (1.1.6) 29












Curriculum Lab 1-6: Configuring DHCP (1.2.6) 34





Task 5: Create the DHCP Address Pool 36

Task 6: Exclude Addresses from the Pool 36

Task 7: Verify DHCP Operation 36

Task 8: View DHCP Bindings 37

Curriculum Lab 1-7: Configuring DHCP Relay (1.2.8) 37


Task 2: Configure Routing on the Remote Router 38

Task 3: Configure Routing on the Campus Router 38


x WAN Technologies CCNA 4 Labs and Study Guide

Task 5: Create the Campus DHCP Address Pool on the Campus Router 39

Task 6: Create the Remote DHCP Address Pool on the Campus Router 40

Task 7: Exclude Addresses from the Pool 40

Task 8. Verify DHCP Operation on the Campus Router 40

Task 9: Verify DHCP Operation on the Remote Router 41

Task 10: Configure DHCP Relay 41

Task 11: Verify DHCP Operation on the Remote Router 41

Task 12: View DHCP Bindings 41

Comprehensive Lab 1-8: Configuring NAT, PAT, and Static NAT 42

Challenge Lab 1-9: NAT, PAT, DHCP 49

Challenge Lab 1-10: Double NAT Configuration 57

Task 1: Cabling and Configuration 57

Task 2: IP Addressing 57

Task 3: Inter-VLAN Communication 58

Task 4: Configure VLANs, VLAN Ports, and the HTTP Server 58

Task 5: Configure and Verify RIPv2 Operation 58

Task 6: Configure DHCP 58

Task 7: Configure NAT and PAT 58

Task 8: Verify Configurations 58

Optional Lab 1-11: Using a Linksys Router to Simulate a HomeNetwork 70

Chapter 2 WAN Technologies 75

Study Guide 76

WAN Technologies Overview 76

Concept Questions 76

WAN Technologies 77

Matching Terms 77

WAN Design 78


Lab Exercises 80

Chapter 3 PPP 81

Study Guide 82

Serial Point-to-Point Links 82


PPP Authentication 83


Configuring PPP 84


Chapter Review Questions 84

xi

Lab Exercises 88

Curriculum Lab 3-1: Troubleshooting a Serial Interface (3.1.7) 88


Task 2: Configure the Paris Interface 89

Task 3: Configure the London Interface 89


Task 5: Enter the Command show interface serial 0 (See Appendix C) on London 89

Task 6: Enter the Command show interface serial 0 (See Appendix C) on Paris 90

Task 7: Correct the Clock Location 91

Task 8: Enter the Command show interface serial 0 on Paris 91

Task 9: Verify That the Serial Connection Is Functioning by Pinging the SerialInterface of the Other Router 92

Curriculum Lab 3-2: Configuring PPP Encapsulation (3.3.2) 94


Task 2: Configure the Dublin Interface 95

Task 3: Configure the Washington Interface 95


Task 5: Enter the Command show interface serial 0 (See Appendix C) onWashington 95

Task 6: Enter the Command show interface serial 0 (See Appendix C) on Dublin 96

Task 7: Change the Encapsulation Type 97

Task 8: Enter the Command show interface serial 0 on Washington 97

Task 9: Enter the Command show interface serial 0 on Dublin 97


Curriculum Lab 3-3: Configuring PPP Authentication (3.3.3) 100


Task 2: Configure the Tokyo Interface 101

Task 3: Configure the Madrid Interface 101


Task 5: Enter the Command show interface serial 0 on Madrid 101

Task 6: Enter the Command show interface serial 0 on Tokyo 102


Task 8: Configure PPP Authentication 103

Task 9: Verify That the Serial Connection Is Functioning 103

Task 10: Configure PPP Authentication 103


Curriculum Lab 3-4: Verifying PPP Configuration (3.3.4) 105


Task 2: Configure the Warsaw 106

Task 3: Configure the Brasilia Interface 106


xii WAN Technologies CCNA 4 Labs and Study Guide

Task 5: Enter the Command show interface serial 0 (See Appendix C) on Brasilia 106

Task 6: Enter the Command show interface serial 0 (See Appendix C) on Warsaw 107

Task 7: Turn on PPP Debugging 107

Task 8: Change the Encapsulation Type 107

Task 9: Enter the Command show interface serial 0 on Brasilia 107

Task 10: Enter the Command show interface serial 0 on Warsaw 108


Curriculum Lab 3-5: Troubleshooting PPP Configuration (3.3.5) 110


Task 2: Configure the Paris Interface 111

Task 3: Configure the London Interface 111


Task 5: Enter the Command show interface serial 0 (See Appendix C) on London 112

Task 6: Enter the Command show interface serial 0 (See Appendix C) on Paris 112

Task 7: Correct the Clock Location 113

Task 8: Enter the Command show cdp neighbors on London 114

Task 9: Enter the Command debug ppp negotiation on London 114

Task 10: Enter the command debug ppp negotiation on Paris 115

Task 11: Correct the Encapsulation Type 115

Task 12: Enter the command show interface serial 0 on Paris 116


Challenge Lab 3-6: Configuring PPP with NAT, DHCP, and VLANs118

Task 1 118

Task 2 119

Task 3 121

Task 4 121

Task 5 122

Task 6 122

Task 7 122

Chapter 4 ISDN and DDR 129

Study Guide 130

ISDN Concepts 130


ISDN Configuration 131


DDR Configuration 131



xiii

Lab Exercises 136

Curriculum Lab 4-1: Configuring ISDN BRI (U-Interface) (4.2.1) 136

Task 1: Configure the Router 136

Task 2: Verify the ISDN BRI Switch Type 137

Task 3: Specify the Switch Type 137

Task 4: Verify the Switch Status 138

Task 5: Activate the BRI Connection 138

Task 6: Review the Switch Status 138

Task 7: Configure the ISDN SPIDs 139

Task 8: Review the Switch Status 139

Task 9: Reset the Interface 139

Task 10: Save the Configuration and Reboot 140

Curriculum Lab 4-2: Configuring Legacy DDR (4.3.2) 141


Task 2: Define the Switch Type and SPID Numbers 142

Task 3: Define the Static Routes for DDR 143

Task 4: Specify Interesting Traffic for DDR 143

Task 5: Configure the DDR Dialer Information for Router 1 143

Task 6: Configure the DDR Dialer Information for Router 2 144

Task 7: View the Tokyo Router Configuration 144

Task 8: Verify the DDR Configuration 144

Curriculum Lab 4-3: Configuring Dialer Profiles (4.3.7) 145


Task 2: Define the Switch Type and SPID Numbers 146

Task 3: Define the Static Routes for DDR 147

Task 4: Specify Interesting Traffic for DDR 147

Task 5: Configure the DDR Dialer Information 147

Task 6: Configure the Dialer Information 148

Task 7: Associate the Dialer Profiles 149

Task 8: Configure the Dialer Timeouts 149

Task 9: View the Tokyo Router Configuration 150

Task 10: Verify the DDR Configuration 152

Challenge Lab 4-4: Configuring Dialer Maps and Dialer Profiles 157

Task 1: Physical 158

Task 2: Logical Mo 158

Task 3: Logical Larry 158

Task 4: Logical Curley 158

Task 5: Switches 159

Task 6: Verification 159

Chapter 5 Frame Relay 169

Study Guide 170

Frame Relay Concepts 170


xiv WAN Technologies CCNA 4 Labs and Study Guide

Configuring Frame Relay 170



Lab Exercises 176

Curriculum Lab 5-1: Configuring Frame Relay (5.2.1) 176


Task 2: Configure the Serial Interface 177

Task 3: Verify the Frame Relay Configuration 177

Task 4: Review Switch Assignments 178

Task 5: Check the Frame Relay Map 179

Curriculum Lab 5-2: Configuring Frame Relay PVC (5.2.2) 180


Task 2: Configure the Washington Serial Interface 181

Task 3: Configure the Frame Relay Map on Washington 181

Task 4: Configure the DCE on Washington 181

Task 5: Configure the Dublin Router 181

Task 6: Verify the Frame Relay PVC 182

Task 7: Display the Frame Relay Map 182

Task 8: Verify Frame Relay Connectivity 182

Curriculum Lab 5-3: Configuring Frame Relay Subinterfaces (5.2.5) 184


Task 2: Configure the Serial 0 Interfaces 185

Task 3: Create Subinterfaces on the Amsterdam Router 186

Task 4: Create Subinterfaces on the Paris Router 186

Task 5: Create Subinterfaces on the Berlin Router 186

Task 6: Configure IGRP Routing 187

Task 7: Verify the Frame Relay PVC 187

Task 8: Show the Frame Relay Maps 188

Task 9: Show the LMIs 189

Task 10: Check the Routing Protocol 189

Task 11: Verify Connectivity 190

Challenge Lab 5-4: Four-Interface Frame Relay Switch 193

Task 1 194

Task 2 194

Task 3 194

Task 4 194

Task 5 194

Task 6 194

Task 7 195

Challenge Lab 5-5: Frame Relay Switch Challenge Lab 1 196

Task 1 198

Task 2 198

Task 3 198

Task 4 199

xv

Task 5 199

Task 6 199

Task 7 200

Task 8 200

Task 9 200

Challenge Lab 5-6: Frame-Relay Challenge Lab 2 219

Task 1 220

Task 2 220

Task 3 220

Task 4 220

Task 5 221

Task 6 221

Task 7 221

Task 8 221

Task 9 221

Chapter 6 Introduction to Network Administration 237

Study Guide 238

Workstations and Servers 238


Network Management 238



Lab Exercises 243

Appendix A Troubleshooting Questions and Lab Exercise 245

Appendix B Adtran Configuration Lab 281

Appendix C Router Interface Summary Chart 291

Appendix D Erasing and Reloading the Switch 293

Appendix E Erasing and Reloading the Router 295

xvi WAN Technologies CCNA 4 Labs and Study Guide

Icons Used in This Book

Command Syntax ConventionsThe conventions used to present command syntax in this book are the same conventions used in the IOSCommand Reference. The Command Reference describes these conventions as follows:

■ Bold indicates commands and keywords that are entered literally as shown. In actual configurationexamples and output (not general command syntax), bold indicates commands that are manually inputby the user (such as a show command).

■ Italic indicates arguments for which you supply actual values.

■ Vertical bars (|) separate alternative, mutually exclusive elements.

■ Square brackets ([ ]) indicate an optional element.

■ Braces ({ }) indicate a required choice.

■ Braces within brackets ([{ }]) indicate a required choice within an optional element.

xvii

PC PC withSoftware

SunWorkstation

Macintosh

Terminal File Server

WebServer

CiscoworksWorkstation

Printer Laptop IBMMainframe

Front EndProcessor

ClusterController

Modem

DSU/CSU

Router Bridge Hub DSU/CSU CatalystSwitch

MultilayerSwitch

ATMSwitch

ISDN/Frame RelaySwitch

CommunicationServer

Gateway

AccessServer

Network Cloud

TokenRing

Token Ring

Line: Ethernet

FDDI

FDDI

Line: Serial Line: Switched Serial

IntroductionWAN Technologies CCNA 4 Labs and Study Guide is a supplement to your classroom and laboratory expe-rience with the Cisco Networking Academy Program. Specifically, this book covers the fourth course ofthe CCNA curriculum. To succeed on the exam and achieve your CCNA certification, do everything inyour power to arm yourself with a variety of tools and training materials to support your learning efforts.This Labs and Study Guide is just such a collection of tools. Used to its fullest extent, it will help youacquire the knowledge and practice the skills associated with the content area of v3.1.1 of the CCNA 4WAN Technologies course. Specifically, this book helps you work on these main areas of CCNA 4:

■ Network Address Translation

■ Dynamic Host Configuration Protocol

■ ISDN dialer maps and profiles

■ Frame Relay

Goals and MethodsOne of the goals of this book is to help you prepare for either the CCNA exam (640-801) or the ICNDexam (640-811). Whether you are studying for the full exam or the second part of your CCNA, passingeither of these exams means not only that you have the required knowledge of the technologies covered bythe exam, but also that you can plan, design, implement, operate, and troubleshoot these technologies. Inother words, these exams are rigorously application-based. In fact, if you view the mainobjectives for the CCNA exam at http://www.cisco.com/go/certifications, you will see the following fourcategories of objectives:

■ Planning & Design

■ Implementation & Operation

■ Troubleshooting

■ Technology

Although technology is listed last, a CCNA student cannot possibly plan, design, implement, operate, andtroubleshoot networks without first fully grasping the technology. You should devote a significant amountof time and effort in the Study Guide section of each chapter to learning the concepts and theories beforeapplying them in the Lab Exercises.

The Study Guide section offers exercises that help you learn the concepts and configurations crucial toyour success as a CCNA exam candidate. Each chapter differs slightly and includes some or all of the fol-lowing types of exercises:

■ Vocabulary Matching and Completion

■ Concept Questions

■ Comprehensive Multiple-Choice Questions

■ Internet Research

xviii WAN Technologies CCNA 4 Labs and Study Guide

http://www.cisco.com/go/certifications

The Lab Exercises section includes all the online curriculum labs plus new comprehensive labs and chal-lenge labs. The curriculum labs typically walk you through the configuration tasks step by step. The com-prehensive labs combine many, if not all, of the configuration tasks of the curriculum labs without actuallyproviding you with the commands. The challenge labs take this a step further, often giving you only a gen-eral requirement that you must implement fully without the details of each small step. In other words, youmust use the knowledge and skills you gained in the curriculum labs from all four courses to successfullycomplete the comprehensive and challenge labs. In fact, you should not attempt the comprehensive orchallenge labs until you have worked through all the Study Guide activities and the curriculum labs. Avoidthe temptation to work through the comprehensive and challenge labs by flipping back through the cur-riculum labs when you are not sure of a command. Do not try to short-circuit your CCNA training. Youneed a deep understanding of CCNA knowledge and skills to ultimately succeed on the CCNA exam.

Who Should Read This Book?This book should be read by students completing the final course of the CCNA curriculum. The challengelabs are designed to test your knowledge of and ability to configure and troubleshoot routing protocols,switching concepts, and WAN protocols. Based on the author’s experience in the classroom, extensivepractical knowledge is necessary to pass the CCNA certification.

Strategies for Exam PreparationA successful CCNA certification candidate is knowledgeable about network design, implementation, andtroubleshooting. Knowledge of theoretical terms and hands-on experience are both vital to successfullypass the certification.

How This Book Is OrganizedWork through the Study Guide and Lab Exercises in the sequence they are presented. The sequence isdesigned to take you from a basic understanding of the knowledge through the full application and imple-mentation of skills. Specifically, Chapters 1 through 6 and Appendix A include exerises and labs coveringthe following knowledge and skills:

Chapter 1, “Scaling IP Addresses,” describes how to conserve IP addresses and how to communi-cate across the Internet and wide-area networks (WANs) that span the globe. The chapter goes overNetwork Address Translation (NAT) and Port Address Translation (PAT), two translation protocols forIP addresses, and Dynamic Host Configuration Protocol (DHCP), a method of auto-assigning IPaddresses. The labs in this chapter explain how IP addresses are translated with NAT and PAT and theprocess of DHCP. They also cover the commands to configure both. A challenge lab tests your com-prehension of the chapter.

Chapter 2, “WAN Technologies,” introduces much of the terminology and general concepts encoun-tered in a WAN. It lays the groundwork for an understanding of some of the more advanced conceptspresented in later chapters. This chapter contains no labs, just exercises to reinforce your understand-ing of the terminology and concepts.

Chapter 3, “PPP,” goes over the communication of individual links within the WAN that use certaintypes of encapsulation protocols. This chapter describes the High-Level Data Link Control (HDLC)protocol and the Point-to-Point Protocol (PPP). The challenge lab in this chapter tests your ability toconfigure PPP and any previous concepts you have learned thus far in this book.

xix

Chapter 4, “ISDN and DDR,” covers ISDN, a cost-effective, need-basis WAN technology that maysubstitute for a T1 connection or as just a step above a phone line. Dial-on-Demand Routing (DDR) isa method described in this chapter that makes ISDN cost-effective based on call setup and termination.The labs in this chapter test your knowledge of configuring dialer maps and dialer profiles.

Chapter 5, “Frame Relay,” explains how Frame Relay, a packet-switched technology, connectslocal-area networks (LANs) across a cloud by using virtual circuits. The labs in this chapter give youa chance to configure basic Frame Relay, and two challenge labs test all the skills you have learned upto this point.

Chapter 6, “Introduction to Network Administration,” describes basic network administration con-cepts. It also explains how to manage a network using different tools such as Simple NetworkManagement Protocol (SNMP). Upon completion of the exercises in this chapter, students should bet-ter understand the different devices found on a LAN and the tools used to manage, test, and trou-bleshoot simple networks.

Appendix A, “WAN Troubleshooting, Questions and Lab Exercise,” contains a practice challengelab that tests your knowledge of all four courses of the CCNA curriculum. The lab exercise consists ofa scenario that requires knowledge of troubleshooting methodologies.

Appendix B, “Adtran Configuration Lab,” contains a step-by-step guide to configuring the AdtranAtlas 550.

Appendixes C, D, and E come into play within the curriculum labs. Where applicable, the curriculumlab tells you when to refer to these appendixes.

xx WAN Technologies CCNA 4 Labs and Study Guide

CHAPTER 1

Scaling IP Addresses

The Study Guide portion of this chapter uses a combination of matching, fill-in-the-blank, multiple-choice,and open-ended question exercises to test your knowledge of the theory of Network Address Translation(NAT), Port Address Translation (PAT), and Dynamic Host Configuration Protocol (DHCP).

The Lab Exercises portion of this chapter includes all the online curriculum labs and comprehensive labsand a challenge lab to ensure that you have mastered the practical, hands-on skills needed to configureNAT, Static NAT, PAT, and DHCP.

Study Guide

Scaling Networks with NAT and PATWhen connecting to the Internet, you must use a registered public IP address. When users connect to theInternet through a cable provider (such as Time Warner or Cablevision), the IP address assigned is regis-tered and gives the user access to the Internet through the carrier’s network. This arrangement actuallymakes the user’s computer part of the cable provider’s network. When you have more than one computerat home and each needs access to the Internet simultaneously, a router such as a Linksys usually does thetrick. This device uses the single IP address assigned to you by your carrier and performs Port AddressTranslation (PAT), which allows multiple devices to access the Internet using a single unique address.

When it comes to a company, things are a little more complicated. Most companies require an entire net-work address for all their devices to access the Internet. Companies acquire these addresses from theAmerican Registry of Internet Numbers (ARIN) or any Internet service provider (ISP) in their area. As thenetwork grows, however, it might find that it no longer has enough addresses for all the devices. Instead ofpurchasing another network address (if even possible), another solution is to use Network AddressTranslation (NAT). Network administrators use private addresses put aside by RFC 1918 on the inside oftheir network. The router translates the device’s inside private address into a registered global address eachtime the company needs to access the outside world. The use of NAT along with private addresses pro-vides security by hiding a device’s internal address from the outside world, thus making it difficult for“outsiders” to know exactly who is behind the device. Because not all devices inside a network needaccess to the Internet, NAT pools are created to determine who has access and who does not. Thus, NATenables network administrators to allow multiple users to access the outside world dynamically; it alsoenables them to statically map an outside address to an internal device.

Concept Questions1. Discuss the advantages of NAT.

NAT allows unregistered IP addresses inside a network to access the Internet or the outside world.This process helps conserve registered numbers by using private addresses. Another advantage is thatit is difficult for someone on the outside to determine which internal host is responsible for what traf-fic. Without careful monitoring, this could become a disadvantage, too.

2. RFC 1918 put aside three addresses and classified them as “private.” Explain the difference between apublic and private address.

Private addresses are used inside a network and are not routable on the public domain or Internet.These addresses can be used by anyone, but they cannot be used to access the Internet. Public address-es are legitimate, registered numbers that only one organization can use at a given time. They areobtained through an ISP or from ARIN.

3. When is it necessary to assign a static NAT address to a device inside your network? Give an exampleof a device, and explain the reason for doing so.

A device such as a web server might need to be accessed from the outside world at a specific location(IP address). NAT allows the server to be assigned a private address but still be reachable from theInternet. The router translates the outside global address to an inside local address where the serverresides.

2 WAN Technologies CCNA 4 Labs and Study Guide

Chapter 1: Scaling IP Addresses 3

4. How many networks in total did RFC 1918 put aside?

273 total addresses

1 Class A: 10.0.0.0–10.255.255.255

16 Class B: 172.16.0.0–172.31.255.255

256 Class C: 192.168.0.0–192.168.255.255

5. Under what circumstances would you use NAT? PAT?

You should use NAT when you are using private addresses inside your network but not all the devicesneed to access the Internet. NAT enables you to have more devices on your network than registeredaddresses permit. Use PAT when most, if not all, of the devices need access to the outside world andyou do not have not enough registered addresses to go around. PAT enables you to support scores ofdevices while having fewer registered addresses at your disposal.

Research AssignmentThis chapter discussed the difference between private and public addresses and their use within a network.Go to http://www.arin.net and research the following:

1. The American Registry for Internet Numbers (ARIN) allocates Internet number resources for theUnited States, Canada, and islands in the Caribbean and North Atlantic. What organization providesthese same services in the following?

On the home page, on the right side, click the Network Abuse link.

a. Africa AfriNIC

b. Asia APNIC

c. Latin America LACNIC

d. Europe, the Middle East, and Central Asia RIPE NCC

2. How do you obtain a registered network number through ARIN?

On the home page, click the Education link. Under Process Flowcharts, click Request for IPv4Assignment from ARIN (End-user).

You must fill out and submit an End-user Request Template.

3. List at least five items found on the IPv4 Network Request template provided by ARIN.

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

On the home page, click Registration Services, IPv4 Resources on the left. Under the IPv4 Templatessection, click IPv4 Network Request.

ARIN Network Request Template

Template: ARIN-NET-ISP-3.2.3

**********************************************************************

** As of June 2005 **

** **

http://www.arin.net

** Enter all information to the right of the colon (:). **

** **

** DO NOT modify the format of this template in any way. **

** **

*********************** JUSTIFICATION SECTION ************************

**—————————— CONNECTIVITY SUBSECTION ——————————-**

1. ** List any peering or exchange points to which your network

** directly connects.

Peering Points:

2. ** List ISPs providing your connectivity.

Internet Connectivity:

**——————————- UTILIZATION SUBSECTION ——————————-**

** If necessary, repeat lines 3 through 8. **

**—————————————————————————————————**

3. ** List all IP addresses issued to your organization.

Existing IP Networks:

4. ** Enter the amount of address space issued to customers.

Assigned:

5. ** Provide internal utilization information.

Internal:

6. ** Enter the amount of unassigned or available address space.

Unassigned:

7. ** If using RWhois, provide the hostname and port number of the RWhois server.

Reassignment Option (SWIP/RWhois):

8. ** List the number of IP addresses that utilize each type of service listed below.

Type of Service:

Dial-up:

Cable:

Web Hosting:


Leased Line:

xDSL:

Co-location:

Wireless:

Other (please specify):

##—————— 3, 6 AND 12-MONTH PROJECTION SUBSECTION ——————-**

9. ** List the number of IP addresses in /24s that will be needed for

** each type of service for the next 3 months, 6 months, and 12

** months.

Host Projections:

3-Month 6-Month 12-Month

———- ———- ————

Dial-up:

Cable:

Web Hosting:

Leased Line:

xDSL:

Co-location:

Wireless:

Other (please specify):

10. ** Provide any additional information you would like ARIN to

** consider for this ISP network registration request.

Additional Information:

************************ REGISTRATION SECTION ************************

11. ** REQUIRED. Allocations are made based upon the 3-month

** projection. However, subscribers who have been members of ARIN

** for over 1 year may request a 6 month supply of addresses.

** Enter the prefix length of the network requested, e.g. /19,

** /20.

Prefix Length Requested:

12. ** REQUIRED. Enter the Org ID currently registered in ARIN’s WHOIS

** database.


Org ID:

13. ** REQUIRED. Provide the organization name currently registered to

** your Org ID.

Org Name:

14. ** REQUIRED. Choose a name for the network, using no more than 50

** characters. It may contain letters, numbers and/or dashes (-).

Network Name:

15. ** If the network has in-addr.arpa servers, list the hostnames of

** at least two name servers. Do not provide IP addresses.

** Duplicate field name to specify additional servers.

IN-ADDR Name Server:

IN-ADDR Name Server:

********************* CONTACT SECTION (Optional) *********************

** The person or role in this section serves as a **

** supplemental contact to the organization POC(s). To **

** specify multiple contacts, duplicate lines 16 and 17. **

**********************************************************************

16. ** Specify T for Technical, AB for Abuse or N for Network

** Operations Center.

POC Type:

17. ** Provide a POC handle currently registered in ARIN’s WHOIS

** database.

POC Handle:

***************** PUBLIC COMMENTS SECTION (Optional) *****************

18. ** Comments listed here will appear in ARIN’s WHOIS database.

Public Comments:

END OF TEMPLATE


4. What costs are associated with obtaining a 24-bit address from ARIN?

A 24-bit address from ARIN requires a one-time registration fee of $2500 and an annual maintenancefee of $100.

5. On the home page, click the “Who is” link. Enter a legitimate address in the Search box. This couldbe any address other than those put aside by RFC 1918. List five pieces of information you canretrieve about the owner of that address space.

Organization name, ID, company address, range of addresses, contact-person information.

6. Enter Cisco in the “Who is” Search box. Describe some of the information that appears.

Different companies within Cisco have their own range of addresses. An example of this is the CiscoLearning Institute. Not all the links belong to Cisco Systems, but rather to different organizations thatbegin with the name Cisco.

Matching TermsMatch the definition on the left with the correct term on the right. Use each definition only one time.


Definitions

a. Uses a single IP address to support numerous inside local addresses

b. An IP address that is routable on the Internet

c. Addresses never to be assigned to an organization as a registered network number

d. An IP address assigned to a host in a private network

e. Identifies an interface that is on the private side of a network

f. Allows unregistered addresses to accessthe Internet using legitimate or public addresses

g. The IP address of a host on the outside ofthe network as it is known to the hosts on the inside network

h. A legitimate registered address that rep-resents an inside local address to the outside world

i. Identifies an interface that is on the public side of the network

j. A one-to-one mapping of a public and private address

Terms

__d__ inside local address

__f__ NAT

__i__ ip nat outside command

__g__ outside local address

__j__ static NAT

__h__ inside global address

__a__ Port Address Translation

__b__ outside global address

__e__ ip nat inside command

__c__ RFC 1918

DHCPDynamic Host Configuration Protocol (DHCP) allows a device to dynamically receive network informa-tion upon boot. The basic information configured on a server includes network address, subnet mask, anddefault gateway. Domain Name System (DNS), NetBIOS, and Windows Internet Naming Service (WINS)server information are optional configurations if they exist on a network. As networks grow, DHCPdeploys a plug-and-play design that allows new hosts to plug into the network without manual interven-tion. Designed by the Internet Engineering Task Force (IETF), it has become a standard component in net-work design and implementation.

Concept Questions1. Explain the purpose of the DHCP excluded-address command.

The excluded range of addresses is not assigned by the DHCP server. These addresses are usuallyassigned manually to servers, routers, and switches on the network. They can also act as a reservedepository for additional devices that require static addresses to be added to the network later.

2. Explain the advantages of DHCP over static allocation when a device such as a computer moves fromone part of a network to another when multiple subnets exist.

The DHCP server automatically assigns the device all the necessary information upon boot. WithoutDHCP, the network technician must manually configure the device with the correct IP address, subnetmask, default gateway, and other information before it can connect to the network.

3. Explain the difference between BOOTP and DHCP.

BOOTP requires manual configuration of host information on a server, whereas DHCP allows fordynamic allocation of network addresses and additional configurations to newly attached devices to anetwork. DHCP allows for recovery and reallocation of network addresses through a leasing mecha-nism.

4. You are the network administrator of a company that uses DHCP on its network. Does DHCP providea mechanism to prevent unauthorized users from plugging in and connecting to the network?

Unfortunately, DHCP does not prevent unauthorized access. It cannot control the IP address used by adevice on the network. A mechanism other than DHCP must be used.




Definitions

a. A proposed configuration, from a DHCP server, that may include IP addresses, DNS server addresses, and lease time

b. A predecessor of DHCP (not dynamic)

c. A broadcast sent by a client to locate a DHCP server

d. Creates a pool with the specified name and puts the router in a specialized DHCP configuration mode

e. Configures the router to prohibit an individual address or range of addressesfrom being used when assigning addresses to clients

f. Verifies the operation of DHCP

g. A security server

h. Used to relay broadcast requests when the DHCP server resides on a different network than the host

i. A protocol used for assigning IP addresses to devices on a network (client/server mode)

j. DHCP assigning permanent IP addresses to the clients

Terms

__i__ DHCP

__j__ automatic allocation

__f__ show ip dhcp binding

__g__ TACACS server

__b__ BOOTP

__e__ ip dhcp excluded-addresses

__a__ DHCPOFFER

__c__ DHCPDISCOVER

__d__ ip dhcp pool word

__h__ ip helper address

Lab Exercises

Curriculum Lab 1-1: Configuring NAT (1.1.4a)Figure 1-1 Topology for Lab 1-1

Table 1-1 Lab Equipment Configuration

Router Router Fast Ethernet 0 Interface Serial 0 Address/ Loopback 0 Designation Name Address/Subnet Type Subnet Mask Address/Subnet

Mask Mask

Router 1 Gateway 10.10.10.1/24 DCE 200.2.2.18/30 —

Router 2 ISP — DTE 200.2.2.17/30 172.16.1.1/32

The enable secret password for both routers is class.

The enable, VTY, and console password for both routers is cisco.

Objective

■ Configure a router to use NAT to convert internal IP addresses, which are typically private addresses,into outside public addresses.

Background/Preparation

The ISP has allocated the public classless interdomain routing (CIDR) IP address 199.99.9.32/27 to a com-pany. This is equivalent to 30 public IP addresses. Because the company has an internal requirement formore than 30 addresses, the IT manager has decided to implement NAT. The company has decided toreserve the addresses 199.99.9.33 through 199.99.9.39 for static allocation and 199.99.9.40 through199.99.9.62 for dynamic allocation. Routing between the ISP and the company’s gateway router will bedone using a static route from the ISP to the gateway and a default route from the gateway to the ISP. TheISP’s connection to the Internet will be represented by a loopback address on the ISP router.

Cable a network that is similar to the one in Figure 1-1. You can use any router that meets the interfacerequirements in the diagram (that is, 800, 1600, 1700, 2500, and 2600 routers, or a combination). See the


information in Appendix C, “Router Interface Summary Chart,” to correctly specify the required interfaceidentifiers based on the equipment in your lab. The configuration output in this lab results from 1721series routers. Another router might produce slightly different output. Execute the following tasks on eachrouter unless you are specifically instructed otherwise.

Start a HyperTerminal session.

See and implement the procedure documented in Appendix D, “Erasing and Reloading the Switch,” beforeyou continue with this lab.

Task 1: Configure the RoutersConfigure the hostname, console, virtual terminal and enable passwords, and interfaces according to thechart.

Task 2: Save the ConfigurationAt the privileged EXEC mode prompt, on both routers, enter the command copy running-config startup-config.

Task 3: Configure the Hosts with the Proper IP Address, SubnetMask, and Default Gateway

Each workstation should be able to ping the attached router. Troubleshoot as necessary. Hint: Rememberto assign a specific IP address and default gateway to the workstation. If you are running Windows 98,check using Start > Run > winipcfg. If you are running Windows 2000 or later, check using ipconfig in aDOS window.

Task 4: Verify That the Network Is FunctioningStep 1. From the attached hosts, ping the Fast Ethernet interface of the default gateway router.

Did the ping from the first host succeed? Yes

Did the ping from the second host succeed? Yes

Step 2. If the answer is no for either question, troubleshoot the router and host configurations to findthe error. Then, ping again until they succeed.

Task 5: Create a Static RouteCreate a static route from the ISP to the gateway router. Addresses 199.99.9.32/27 have been allocated forInternet access outside the company. Use the ip route command to create the static route:

ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18

Is the static route in the routing table? Yes

What command checks the routing table contents?

The show ip route command checks the routing table contents.

If the route was not in the routing table, give one reason why this might be so.

The interface is down.

ISP#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –

BGP


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS

inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

199.99.9.0/27 is subnetted, 1 subnets

S 199.99.9.32 [1/0] via 200.2.2.18


C 200.2.2.16 is directly connected, Serial0


C 172.16.1.1 is directly connected, Loopback0

Task 6: Create a Default RouteStep 1. Add a default route, using the ip route command, from the gateway router to the ISP router.

This forwards any unknown destination address traffic to the ISP:

Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17


Step 2. Try to ping from one of the workstations to the ISP serial interface IP address.

Did the ping succeed? No

Why?

There is no return route to the 10.10.10.0 network.

Gateway#show ip route


BGP





inter area



Gateway of last resort is 200.2.2.17 to network 0.0.0.0




C 10.10.10.0 is directly connected, FastEthernet0

S* 0.0.0.0/0 [1/0] via 200.2.2.17


Task 7: Define the Pool of Usable Public IP AddressesTo define the pool of public addresses, use the ip nat pool command:

Gateway(config)#ip nat pool public_access 199.99.9.40 199.99.9.62 netmask 255.255.255.224

Task 8: Define an Access List That Matches the Inside Private IPAddresses

To define the access list to match the inside private addresses, use the access-list command:

Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255

Task 9: Define the NAT Translation from Inside the List to Outsidethe Pool

To define the NAT, use the ip nat inside source command:

Gateway(config)#ip nat inside source list 1 pool public_access

Task 10: Specify the InterfacesYou must specify whether the active interfaces on the router are inside or outside interfaces with respect toNAT. To do this, use the ip nat inside or ip nat outside command:

Gateway(config)#interface fastethernet 0

Gateway(config-if)#ip nat inside

Gateway(config-if)#interface serial 0

Gateway(config-if)#ip nat outside

Gateway#show ip nat translations

Pro Inside global Inside local Outside local Outside global

--- 199.99.9.40 10.10.10.10 --- ---

Task 11: Test the ConfigurationConfigure a workstation on the internal LAN with the IP address 10.10.10.10/24 and a default gateway10.10.10.1. From the PC, ping 172.16.1.1. If successful, look at the NAT translation on the gateway routerby using the command show ip nat translations.

What is the translation of the inside local host address?

10.10.10.10 = 199.99.9.40

How is the inside global address assigned?

The router from the NAT pool

How is the inside local address assigned?

The workstation administrator

After you complete the previous tasks, log off (by entering exit) and turn the router off. Then remove andstore the cables and adapter.

! This sheet contains the basic configuration commands for the ISP and gateway routers.

ISP

Router#configure terminal

Router(config)#hostname ISP


ISP(config)#enable password cisco

ISP(config)#enable secret class

ISP(config)#line console 0

ISP(config-line)#password cisco

ISP(config-line)#login

ISP(config-line)#exit

ISP(config)#line vty 0 4




ISP(config)#interface loopback 0

ISP(config-if)#ip add 172.16.1.1 255.255.255.255

ISP(config-if)#no shutdown

ISP(config-if)#exit

ISP(config)#interface serial 0



ISP(config-if)#clockrate 64000


ISP(config)#end

ISP#copy running-config startup-config

Destination filename [startup-config]?[Enter]

Gateway


Router(config)#hostname Gateway

Gateway(config)#enable password cisco

Gateway(config)#enable secret class

Gateway(config)#line console 0

Gateway(config-line)#password cisco

Gateway(config-line)#login

Gateway(config-line)#exit

Gateway(config)#line vty 0 4





Gateway(config-if)#ip add 10.10.10.1 255.255.255.0

Gateway(config-if)#no shutdown

Gateway(config-if)#exit

Gateway(config)#interface serial 0





Curriculum Lab 1-2: Configuring PAT (1.1.4b)Figure 1-2 Topology for Lab 1-2


Router Router Fast Ethernet 0 Interface Serial 0 Loopback 0Designation Name Address/Subnet Type Address/Subnet Address/Subnet

Mask Mask Mask


Router 2 ISP — DTE 200.2.2.17/30 172.16.1.1/32



Objective

■ Configure a router to use PAT to convert internal IP addresses, which are typically private addresses,into outside public addresses.


Aidan McDonald has just received a Digital Subscriber Line (DSL) Internet connection in his home to alocal ISP. The ISP has allocated only one IP address for use on the serial port of his remote-access device.Routing between the ISP and the home router will be achieved by using a static route between the ISP andgateway routers and a default route between the gateway and ISP routers. The ISP connection to theInternet is represented by a loopback address on the ISP router.

Cable a network that is similar to the one in Figure 1-2. You can use any router that meets the interfacerequirements in the diagram (that is, 800, 1600, 1700, 2500, and 2600 routers, or a combination). See theinformation in Appendix C to correctly specify the required interface identifiers based on the equipment inyour lab. The configuration output in this lab results from 1721 series routers. Another router might pro-duce slightly different output. Execute the following tasks on each router unless you are specificallyinstructed otherwise.



See and implement the procedure documented in Appendix E, “Erasing and Reloading the Router,” beforeyou continue with this lab.

Task 1: Configure the RoutersConfigure the hostname, console, virtual terminal and enable passwords, and interfaces according to thechart. If you have trouble doing this, see Lab 1-1, “Configuring NAT.”

Task 2: Save the ConfigurationsAt the privileged EXEC mode prompt on both routers, enter the command copy running-config startup-config.







Task 5: Create a Default RouteStep 1. Add a default route from the gateway to the ISP router. This forwards any unknown destination

address traffic to the ISP. Use the ip route command to create the default route:


Is the route in the routing table? Yes



Why?


What command checks the routing table contents?

show ip route

#show ip route


BGP






inter area







C 10.10.10.0 is directly connected, FastEthernet0

S* 0.0.0.0/0 [1/0] via 200.2.2.17




Task 7: Define the PAT Translation from Inside the List to Outsidethe Address

To define the PAT translation, use the ip nat inside source command. This command with the overloadoption creates PAT by using the serial 0 IP address as the base:

Gateway(config)#ip nat inside source list 1 interface serial 0 overload

Task 8: Specify the InterfacesYou must specify whether the active interfaces on the router are inside or outside interfaces with respect toPAT (NAT). To do this, use the ip nat inside or ip nat outside command:





Task 9: Test the ConfigurationConfigure a PC on the internal LAN with the IP address 10.10.10.10/24 and a default gateway 10.10.10.1.From the PCs, ping the Internet address 172.16.1.1. If successful, telnet to the same IP address. Then, lookat the PAT translation on the gateway router by using the command show ip nat translations:



tcp 200.2.2.18:1086 10.10.10.10:1086 172.16.1.1:23 172.16.1.1:23

icmp 200.2.2.18:768 10.10.10.10:768 172.16.1.1:768 172.16.1.1:768

What is the translation of the inside local host addresses?

Answers will vary.


10.10.10.10:1086 = 200.2.2.18: 1086

10.10.10.10:768 = 200.2.2.18: 768

What does the number after the colon represent?

The port that NAT used

Why do all the commands for PAT say NAT?

PAT is an extension of NAT.

After you complete the previous tasks, log off (by entering exit) and turn the router off. Then, remove andstore the cables and adapter.


ISP














ISP(config-if)#ip address 172.16.1.1 255.255.255.255


ISP(config-if)#exit






ISP(config)#end


Gateway















Gateway(config-if)#ip address 10.10.10.1 255.255.255.0







Curriculum Lab 1-3: Configuring Static NAT Addresses(1.1.4c)Figure 1-3 Topology for Lab 1-3


Router Router Fast Ethernet 0 Interface Serial 0 Loopback 0 Designation Name Address/Subnet Type Address/Subnet Address/Subnet

Mask Mask Mask


Router 2 ISP — DTE 200.2.2.17/30 172.16.1.1/32




Objectives

■ Configure a router to use NAT to convert internal IP addresses, which are typically private addresses,into outside public addresses.

■ Configure static IP mapping to allow outside access to an internal PC.


The ISP has allocated the public CIDR IP address 199.99.9.32/27 to a company. This is equivalent to 30public IP addresses. Because the company has an internal requirement for more than 30 addresses, the ITmanager has decided to use NAT. The company has decided to reserve the addresses 199.99.9.33 through199.99.9.39 for static allocation and 199.99.9.40 through 199.99.9.62 for dynamic allocation. Routingbetween the ISP and the gateway router will be done using a static route between the ISP and the gatewayand a default route between the gateway and the ISP. The ISP connection to the Internet is represented bya loopback address on the ISP router.



See and implement the procedure documented in Appendix E before you continue with this lab.

Task 1: Configure the RoutersConfigure the hostname, console, virtual terminal and enable passwords, and interfaces according to thechart.












What command checks the routing table contents? show ip route

If the route was not in the routing table, give one reason why this might be so. Interface down

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP





inter area





S 199.99.9.32 [1/0] via 200.2.2.18











Why?









To define the NAT translation, use the ip nat inside source command:

Gateway(config)#ip nat inside source list 1 pool public_access

Task 10: Specify the InterfacesYou must specify whether the active interfaces on the router are inside or outside interfaces with respect toNAT. To do this, use either the ip nat inside or ip nat outside command.

Task 11: Configure Static MappingStep 1. You should use workstation 1, 10.10.10.10/24, as the public WWW server. This server needs a

permanent public IP address. Define this mapping by using a static NAT mapping.

Step 2. Configure one of the PCs on the LAN with the IP address 10.10.10.10/24 and a default gate-way 10.10.10.1. To configure a static IP NAT mapping, use the ip nat inside source staticcommand at the privileged EXEC mode prompt:

Gateway(config)#ip nat inside source static 10.10.10.10 199.99.9.33

This permanently maps 199.99.9.33 to the inside address 10.10.10.10.

Step 3. Look at the translation table:


Does the mapping show up in the output of the show command? Yes

Task 12: Test the ConfigurationStep 1. From the 10.10.10.10 workstation, ping 172.16.1.1.

Did the ping succeed? Yes

Why? NAT is properly set up.

Step 2. From the ISP router, ping the host with the static NAT translation by entering ping10.10.10.10.

ISP#ping 10.10.10.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:

Success rate is 0 percent (0/5)

What were the results of the ping? Did it succeed? No

Why? There is no route to 10.10.10.10.

Step 3. From the ISP router, ping 199.99.9.33. If successful, look at the NAT translation on the gate-way router by using the command show ip nat translations.

ISP#ping 199.99.9.33



!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms

ISP#




--- 199.99.9.33 10.10.10.10 --- ---

What is the translation of the inside local host address?

10.10.10.10 = 199.99.9.33


! This sheet contains the basic configuration commands for the ISP and Gateway routers.

ISP
















ISP(config-if)#exit






ISP(config)#end


Gateway






















Curriculum Lab 1-4: Verifying NAT and PAT Configuration(1.1.5)Figure 1-4 Topology for Lab 1-4


Router Router Fast Ethernet 0 Interface Serial 0 Loopback 0 Designation Name Address/Subnet Type Address/Subnet Address/Subnet

Mask Mask Mask


Router 2 ISP — DTE 200.2.2.17/30 172.16.1.1/32


The enable, vty, and console password for both routers is cisco.

Objectives

■ Configure a router for NAT and PAT.

■ Test the configuration and verify NAT/PAT statistics.



The ISP has allocated the public CIDR IP address 199.99.9.32/30 to a company. This is equivalent to fourpublic IP addresses. Because the company has an internal requirement for more than 30 addresses, the ITmanager has decided to use NAT with PAT. Routing between the ISP and the gateway router will be doneusing a static route between the ISP and the gateway and a default route between the gateway and the ISP.The ISP connection to the Internet is represented by a loopback address on the ISP router.

















If the route was not in the routing table, give one reason why this might be so. The interface is down.

ISP#show ip route


BGP





inter area





S 199.99.9.32 [1/0] via 200.2.2.18











Why?










Gateway(config)#ip nat inside source list 1 pool public_access overload

Task 10: Specify the InterfacesYou must specify whether the active interfaces on the router are inside or outside interfaces with respect toNAT. To do this, use the ip nat inside or ip nat outside command:





Task 11: Test the ConfigurationFrom the workstations, ping 172.16.1.1. Open multiple DOS windows on each workstation and telnet tothe 172.16.1.1 address. Next, view the NAT translations on the gateway router with the command show ipnat trans.

Gateway#show ip nat trans


tcp 199.99.9.33:1091 10.10.10.10:1091 172.16.1.1:23 172.16.1.1:23

tcp 199.99.9.33:1092 10.10.10.10:1092 172.16.1.1:23 172.16.1.1:23

icmp 199.99.9.33:512 10.10.10.10:512 172.16.1.1:512 172.16.1.1:512

What is the translation of the inside local host addresses?

10.10.10.10:1091 = 199.99.9.33:1091

10.10.10.10:1092 = 199.99.9.33:1092

Task 12: Verify NAT/PAT StatisticsTo view the NAT and PAT statistics, enter the show ip nat statistics command at the privileged EXECmode prompt.

Gateway#show ip nat statistics

Total active translations: 2 (0 static, 2 dynamic; 2 extended)

Outside interfaces:

Serial0

Inside interfaces:

FastEthernet0

Hits: 14 Misses: 2

Expired translations: 0

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 pool public_access refcount 2

pool public_access: netmask 255.255.255.252

start 199.99.9.32 end 199.99.9.35

type generic, total addresses 4, allocated 1 (25%), misses 0


How many active translations have taken place? 2

How many addresses are in the pool? 4

How many addresses have been allocated so far? 1



ISP
















ISP(config-if)#exit






ISP(config)#end


Gateway






















Curriculum Lab 1-5: Troubleshooting NAT and PAT (1.1.6)Figure 1-5 Topology for Lab 1-5



Mask Mask


Router 2 ISP — DTE 200.2.2.17/30 172.16.1.1/32



Objectives

■ Configure a router for NAT and PAT.

■ Troubleshoot NAT and PAT by using debug.


The ISP has allocated the public CIDR IP address 199.99.9.32/30 to a company. This is equivalent to fourpublic IP addresses. Because the company has an internal requirement for more than 30 addresses, the ITmanager has decided to use NAT and PAT. Routing between the ISP and the gateway router will be doneusing a static route between the ISP and the gateway and a default route between the gateway and the ISP.The ISP’s connection to the Internet is represented by a loopback address on the ISP router.




See the erase and reload instructions in Appendix E. Perform those tasks on all routers in this lab assign-ment before you continue.

Task 1: Configure the RoutersConfigure the hostname, console, virtual terminal and enable passwords, and interfaces according to thechart. If you have trouble doing this, see Lab 1-1, “Configuring NAT.“












If the route was not in the routing table, give one reason why this might be so. The interface is down.

ISP#show ip route


BGP






inter area





S 199.99.9.32 [1/0] via 200.2.2.18











Why?









Gateway(config)#ip nat inside source list 1 pool public_access overload


Task 10: Specify the InterfacesYou must specify whether the active interfaces on the router are inside or outside interfaces with respect toNAT. To do this, use the ip nat inside command:



Task 11: Test the ConfigurationStep 1. Turn on debugging for the NAT process by entering debug ip nat at the privileged EXEC

mode prompt.

Does the debug command show output? No

Step 2. If translation were taking place, there would be output from the debug command. In reviewingthe running configuration of the gateway router, you see that the ip nat outside statement hasnot been entered on the serial 0 interface. To configure this, enter the following:



Step 3. From the workstations, ping 172.16.1.1.

If you entered the ip nat outside statement correctly, there should be output from the debug ipnat command.

What does NAT*: S=10.10.10.? -> 199.99.9 mean?

Source and destination hosts

Step 4. Stop the debug output by entering undebug all at the privileged EXEC mode prompt.

Gateway#debug ip nat

IP NAT debugging is on

Gateway#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.



Gateway(config-if)#

00:07:53: ip_ifnat_modified: old_if 2, new_if 1

00:08:04: NAT: s=10.10.10.10->199.99.9.33, d=172.16.1.1 [11391]

00:08:04: NAT*: s=172.16.1.1, d=199.99.9.33->10.10.10.10 [11391]

00:08:05: NAT*: s=10.10.10.10->199.99.9.33, d=172.16.1.1 [11392]

00:08:05: NAT*: s=172.16.1.1, d=199.99.9.33->10.10.10.10 [11392]

00:08:06: NAT*: s=10.10.10.10->199.99.9.33, d=172.16.1.1 [11393]

00:08:06: NAT*: s=172.16.1.1, d=199.99.9.33->10.10.10.10 [11393]

00:08:07: NAT*: s=10.10.10.10->199.99.9.33, d=172.16.1.1 [11394]

00:08:07: NAT*: s=172.16.1.1, d=199.99.9.33->10.10.10.10 [11394]

Gateway(config-if)#


Gateway#undebug all

00:08:50: %SYS-5-CONFIG_I: Configured from console by console all

All possible debugging has been turned off




ISP
















ISP(config-if)#exit






ISP(config)#end


Destination filename [startup-config]?[Enter]

Gateway






















Curriculum Lab 1-6: Configuring DHCP (1.2.6)Figure 1-6 Topology for Lab 1-6



Mask Mask

Router 1 campus 172.16.12.1/24 DCE 172.16.1.6/30 —

Router 2 ISP — DTE 172.16.1.5/30 172.16.13.1/32



Objective

■ Configure a router for DHCP to dynamically assign addresses to attached hosts.


Routing between the ISP and the campus router is by way of a static route between the ISP and the gate-way and a default route between the gateway and the ISP. The ISP connection to the Internet is identifiedby a loopback address on the ISP router.

Cable a network that is similar to the one in Figure 1-6. You can use any router that meets the interfacerequirements in the diagram (that is, 800, 1600, 1700, 2500, and 2600 routers, or a combination). See theinformation in Appendix C to correctly specify the required interface identifiers based on the equipment in your lab. The configuration output in this lab results from 1721 series routers. Another router might


produce slightly different output. Execute the following tasks on each router unless you are specificallyinstructed otherwise.





Task 3: Create a Static RouteAddresses 172.16.12.0/24 have been allocated for Internet access outside the company. Use the ip routecommand to create the static route:








inter area




172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

S 172.16.12.0/24 [1/0] via 172.16.1.6

C 172.16.13.0/24 is directly connected, Loopback0

C 172.16.1.4/30 is directly connected, Serial0

Task 4: Create a Default RouteUse the ip route command to add a default route from the campus router to the ISP router. This providesthe mechanism to forward unknown destination address traffic to the ISP:

campus(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.5


campus#show ip route






inter area






C 172.16.12.0/24 is directly connected, FastEthernet0


S* 0.0.0.0/0 [1/0] via 172.16.1.5

Task 5: Create the DHCP Address PoolTo configure the campus LAN pool, use the following commands:

campus(config)#ip dhcp pool campus

campus(dhcp-config)#network 172.16.12.0 255.255.255.0

campus(dhcp-config)#default-router 172.16.12.1

campus(dhcp-config)#dns-server 172.16.1.2

campus(dhcp-config)#domain-name foo.com

campus(dhcp-config)#netbios-name-server 172.16.1.10

Task 6: Exclude Addresses from the PoolTo exclude addresses from the pool, use the following command:

campus(dhcp-config)#ip dhcp excluded-address 172.16.12.1 172.16.12.10

Task 7: Verify DHCP OperationStep 1. At each workstation on the directly connected subnet, configure the TCP/IP properties so that

the workstation obtains an IP address and DNS server address from the DHCP server (seeFigure 1-7). After you change and save the configuration, reboot the workstation.

Figure 1-7 TCP/IP Properties Dialog Box


Step 2. To confirm the TCP/IP configuration information on each host, use Start > Run > winipcfg. Ifyou are running Windows 2000, check using ipconfig in a DOS window.

What IP address was assigned to the workstation?

172.16.12.11

What other information was assigned automatically?

Domain name, DNS, NetBIOS, subnet mask, gateway

When was the lease obtained?

The student should have listed the time and date.

When will the lease expire?

The student should have listed the time and date.

Task 8: View DHCP BindingsFrom the campus router, you can see the bindings for the hosts. To see the bindings, use the commandshow ip dhcp binding at the privileged EXEC mode prompt.

campus#show ip dhcp binding

IP address Client-ID/Hardware address Lease expiration Type

172.16.12.11 0100.10a4.188f.a4 Mar 02 2005 01:25 AM Automatic

172.16.12.12 0100.10b7.ce14.fb Mar 02 2005 01:26 AM Automatic

What IP addresses were assigned?

172.16.12.11 and 172.16.12.12

What three other fields does the output list?

Hardware (MAC) address, lease expiration, and lease type


Curriculum Lab 1-7: Configuring DHCP Relay (1.2.8)Figure 1-8 Topology for Lab 1-7



Router Router Fast Ethernet 0 Interface Type Serial 0 AddressDesignation Name Address/Subnet Mask

Router 1 campus 172.16.12.1/24 DCE 172.16.1.6/30

Router 2 remote 172.16.13.1/24 DTE 172.16.1.5/30



Objectives

■ Configure a router for DHCP.

■ Add the capability for workstations to remotely obtain DHCP addresses and dynamically assignaddresses to the attached hosts.


A DHCP client uses IP broadcasts to find the DHCP server. However, routers do not forward these broad-casts, so in the case of the remote LAN, the workstations cannot locate the DHCP server. The router mustbe configured with the ip helper-address command to enable forwarding of these broadcasts, as unicastpackets, to the specific server.

Routing between the remote and the campus router is done by using a static route between remote andgateway and a default route between gateway and remote.




Task 1: Configure the RoutersConfigure the hostname, console, virtual terminal and enable passwords, and interfaces according to thechart. If you have a problem completing this, see Lab 1-1, “Configuring NAT.”

Task 2: Configure Routing on the Remote RouterUsing Open Shortest Path First (OSPF) as the routing protocol, set up network as area 0 and the processID as 1:

remote(config)#router ospf 1

remote(config-router)#network 172.16.1.0 0.0.0.255 area 0

remote(config-router)#network 172.16.13.0 0.0.0.255 area 0

Task 3: Configure Routing on the Campus RouterUsing OSPF as the routing protocol, set up the network as area 0 and the process ID as 1:

campus(config)#router ospf 1


campus(config-router)#network 172.16.1.0 0.0.0.255 area 0

campus(config-router)#network 172.16.12.0 0.0.0.255 area 0

Do OSPF routes exist in the routing table? Yes

remote#show ip route






inter area





O 172.16.12.0/24 [110/65] via 172.16.1.6, 00:00:12, Serial0



campus#show ip route






inter area






O 172.16.13.0/24 [110/65] via 172.16.1.5, 00:00:14, Serial0



Task 5: Create the Campus DHCP Address Pool on the CampusRouter

To configure the campus LAN pool, use the following commands:

campus(config)#ip dhcp pool campus







Task 6: Create the Remote DHCP Address Pool on the CampusRouter

To configure the remote LAN pool, use the following commands:

campus(dhcp-config)#ip dhcp pool remote






Task 7: Exclude Addresses from the PoolTo exclude addresses from the pool, use the following commands:



This defines the address range that the DHCP server excludes from dynamic issue.

Why would addresses be excluded?

Servers, routers, and so on

Task 8. Verify DHCP Operation on the Campus RouterStep 1. From the workstation directly connected to the campus router, configure the TCP/IP properties

for the workstation to obtain its IP properties automatically from DHCP. These propertiesinclude the IP and DNS server address (see Figure 1-9).

Figure 1-9 TCP/IP Properties Dialog Box


Step 2. After you change the configuration, reboot the workstation. View the TCP/IP configurationinformation. If you are running Windows 98, go to Start > Run > winipcfg. With Windows2000 or higher, use ipconfig in a DOS window.

What IP address was assigned to the workstation? 172.16.12.11

Task 9: Verify DHCP Operation on the Remote RouterRepeat Task 8 using the workstation that is attached to the remote router.

Is a valid address assigned from the DHCP pool? No

What IP address was assigned to the workstation?

Varies. It could be a 169.254.x.y IP address.

What does this address (if any) represent?

If it is 169.254.x.x, this is a DHCP address that was automatically assigned by Windows. This means thatthe DHCP client could not find a real DHCP server.

Task 10: Configure DHCP RelayConfigure the remote router with the ip helper-address command to enable forwarding of broadcasts, asunicast packets, to the specific server. You must configure this command on the LAN interface of theremote router for DHCP to function:

remote(config)#interface fastethernet 0

remote(config-if)#ip helper-address 172.16.12.1

Task 11: Verify DHCP Operation on the Remote RouterStep 1. Reboot the workstation that is attached to the remote router.

Is a valid address assigned from the DHCP pool? Yes

What IP address was assigned to the workstation? 172.16.13.11

Step 2. If there is no IP address, troubleshoot the workstation and router configurations and repeat Task 11.

Task 12: View DHCP BindingsFrom the campus router, you can see the bindings for the hosts. To see the bindings, use the commandshow ip dhcp binding at the privileged EXEC mode prompt.

campus#show ip dhcp binding

IP address Client-ID/Hardware address Lease expiration Type

172.16.12.11 0108.0046.06fb.b6 Mar 02 2005 04:41 PM Automatic

172.16.13.11 0542.0010.0a21.cb Mar 02 2005 04:45 PM Automatic

Which IP addresses are assigned to the hosts?

172.16.12.11, 172.16.13.11



Comprehensive Lab 1-8: Configuring NAT, PAT, and StaticNAT

You are the network administrator of ACME, a start-up marketing company with a limited number ofusers. Your company purchased a small range of public addresses from your ISP for global communica-tion. Your company’s IP address is 200.127.54.0/26—which is the equivalent of 62 assignable addresses.Routing between ACME and the ISP is accomplished using a classless routing protocol. A loopbackaddress represents the ISP’s connection to the Internet. Figure 1-10 shows the network topology for thislab.

Figure 1-10 Network Topology for Lab 1-8

Objective

■ Configure a router with multiple NAT pools to accommodate numerous VLANs within the network.To complete this lab, you can use 2620, 1721, and 1760 routers and 2950 switches.

Configuration Tasks

■ Cable and configure the equipment according to the topology diagram in Figure 1-10.

■ Control access to the console port on all devices using cisco as the password.

■ Use an encrypted password when accessing the privileged mode of all devices using class as the pass-word.

■ Restrict remote access to all devices using itsasecret as the password.

■ Configure interface descriptions.

Addressing Scheme

■ As the network administrator of ACME, you decide to use the 192.168 100.0 /24 address for devicesinside your network.

■ You must create an addressing scheme that will support three subnets:

■ Department of Information Services (DIS) Department: 12 users

■ Finance department: 13 users

■ Marketing department: 30 users


ISP

ACME

S0/0 162.23.218.165/30

Lo0 192.168.1.1/30

DCE

S0/0 162.23.218.166/30DTE

Fa0/0

Fa0/1

Fa0/2

WebServer

VLAN10

(3–6)

VLAN20

(7–10)

VLANs

■ Create three VLANs and apply them to the following ports on the ALswitch:

■ VLAN 1: DIS.

■ VLAN 10: Marketing department ports 3–6.

■ VLAN 20: Finance department ports 7–10.

■ All unassigned ports should be assigned to VLAN 1. If they are unused, they should be disabled forsecurity purposes.

■ Configure trunk ports as indicated by the diagram. All trunk links should carry traffic for all VLANs.

■ Configure the switch with an address from VLAN 1 with an appropriate default gateway.

■ Configure inter-VLAN routing on the ACME router using IEEE 802.1q encapsulation.

Web Server

■ Configure the web server with an address from VLAN 1.

NAT

Using the public addresses assigned to you by the ISP, configure three separate NAT pools for each of thefollowing:

■ You are to allow all 30 users in the Marketing department to access the Internet by pulling an IPaddress dynamically (NAT).

■ Users in the Finance department will communicate with the outside world using the same IP address(PAT).

■ The company’s web server is inside the private network and must be statically assigned a publicaddress.

Routing

■ Use a classless routing protocol to route traffic between the ISP and ACME routers. Because you arethe network administrator, you decide which protocol to use.

! ACME router configs

ACME#show running-config

Building configuration...

Current configuration : 1415 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ACME

!

enable secret 5 $1$2MEe$fFkMYaJCzoWGTe9wwclTq/

!

ip subnet-zero

!

!


!

!

!

interface FastEthernet0/0

no ip address

speed auto

!

interface FastEthernet0/0.1

--More--

description DIS vlan 1

encapsulation dot1Q 1 native

ip address 192.168.100.49 255.255.255.240

!


description Marketing Department vlan 10

encapsulation dot1Q 10

ip address 192.168.100.1 255.255.255.224

!


description Finance Department vlan 20


ip address 192.168.100.33 255.255.255.240

!

interface Serial0/0

ip address 162.23.218.166 255.255.255.252

no fair-queue

!

interface Serial0/1

no ip address

shutdown

!

router rip

--More--

version 2

network 162.23.0.0

network 192.168.100.0

!

ip nat pool marketing 200.127.54.1 200.127.54.30 netmask 255.255.255.192

ip nat pool finance 200.127.54.31 200.127.54.31 netmask 255.255.255.192

ip nat inside source list 1 pool marketing

ip nat inside source list 2 pool finance overload

ip nat inside source static 192.168.100.28 200.127.54.32

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

no ip http server

!


!

access-list 1 permit 192.168.100.0 0.0.0.31


!

line con 0

password class

login

line aux 0

line vty 0 4

password itsasecret

--More--

login

!

end

ACME#

ISP#show running-config

Serial0/0


!

version 12.2




!

hostname ISP

!

enable secret 5 $1$kwHm$6RH0d5guV7RCPBX7EanZM0

enable password cisco

!

ip subnet-zero

!

!

!

!

!

interface Loopback0

ip address 192.168.1.1 255.255.255.252

!


--More--

no ip address

speed auto


!

interface Serial0/0

ip address 162.23.218.165 255.255.255.252

no fair-queue

clockrate 56000

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

router rip

version 2

network 162.23.0.0

network 192.168.1.0

!

ip classless

ip route 200.127.54.0 255.255.255.0 Serial0/0

--More--

no ip http server

!

!

!

line con 0

password cisco

login

line aux 0

line vty 0 4

password itsasecret

login

!

end

ISP#

ALSwitch#show running-config


!

version 12.1

no service pad

service timestamps debug uptime


service timestamps log uptime


!

hostname ALSwitch

!

!

ip subnet-zero

!

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

!

!


Trunk Link to Router

--More--

switchport mode trunk

!


shutdown

!


description Marketing vlan 10

switchport access vlan 10

!




!



switchport access vlan 10!




!


description Finance vlan 20


!




!



--More--



!




!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


!shutdown


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!


shutdown

!



shutdown

!


shutdown

!

interface Vlan1

ip address 192.168.100.51 255.255.255.240

no ip route-cache

!

ip default-gateway 192.168.100.49

--More--

ip http server

!

line con 0

line vty 5 15

!

!

end

ALSwitch#

Challenge Lab 1-9: NAT, PAT, DHCPEstimated time: 90 minutes



CO

Edison

S0/0 192.168.2.1/24DCE

S0/0 192.168.2.2/24DTE

Fa0/0

Fa0/1

Host AVLAN 10

NativeVLAN1(2–5)

VLAN

20

(10–13)VLAN10

(6–9)

Host BVLAN 20

Note

This lab tests your knowledge of NAT, PAT, DHCP, static, and default routes. It builds on VLAN concepts and config-urations you have learned previously in CCNA 3 of the curriculum. You might find it useful to review notes and labsfrom CCNA 3 before proceeding.

General Configuration Tasks

■ Cable and configure the equipment based on the topology shown in Figure 1-11.

■ Control access to the console on all devices using cisco as the password.

■ Use an encrypted password when accessing the privileged mode of all devices using class as the pass-word.

■ Restrict remote access to all devices using itsasecret as the password.

■ Configure descriptions on all interfaces.

Addressing

■ As the network administrator, you decide which private address to use on the inside of your network.Choose a Class B address with a 24-bit mask from RFC 1918.

■ Use the address that you have chosen and create three subnets to accommodate users on the manage-ment, teacher, and student VLANs:

■ 90 users on the student VLAN

■ 20 users on the teacher VLAN

■ 12 users on the management VLAN

VLANs

■ Create three VLANs and apply them to the following ports on the ALswitch:

■ VLAN 1: Management VLAN ports 2–5

■ VLAN 10: Student VLAN ports 6–9

■ VLAN 20: Teacher VLAN ports 10–13

■ Configure trunk ports as indicated in the diagram. All trunk links should carry traffic for all VLANs.

■ Configure the switch with an address from VLAN 1 with the appropriate default gateway.

■ Configure inter-VLAN routing on the Edison router using IEEE 802.1q encapsulation.

Static Routes

■ Create a default route on the Edison router so that the hosts can access all networks on the CentralOffice router.

■ Create a static route on the Central Office router so that it can connect to all networks on the EdisonLAN.

DHCP

■ Instead of assigning a static IP address to each device on the network, use DHCP to assign IP address-es to all devices on the student VLAN.

■ Configure the appropriate default gateway and exclude the first 10 addresses from this pool.

■ Connect the PCs to the appropriate switch ports as indicated by the diagram. Verify that the PCs onthe student VLAN have been assigned an address from the correct subnet pool.

■ Devices on the teacher VLAN will be statically assigned. Remember to use only those addresses suit-able for teacher client devices.


NAT/PAT

■ Only traffic from the student and teacher VLANs will be NATed when leaving the Edison router.Traffic from the management VLAN will remain the same.

■ The NAT/PAT pools should be created from the unused address space on the WAN subnet between theCentral Office and Edison routers. Separate pools should be created for each VLAN.

■ Create a large pool for students so that they are each assigned a unique address when crossing theWAN.

■ All devices on the teacher VLAN will cross the WAN as the same address. In other words, the teacherpool will require overloading (PAT).

Testing and Verification

■ Test connectivity between PCs, to the default gateway, and from the PC to the loopback interface onthe Central Office router.

■ Ensure that devices on the student VLAN have an address assigned from the DHCP pool.

■ Ensure that each device on the student VLAN crosses the WAN link with an address from the NATpool and that each device on the teacher VLAN crosses the WAN with the same address assigned inthat pool.

Reflection

List five commands other than the show running-config command that you used to verify the correctconfiguration of the lab assignment. Explain how each command proved useful in completing this lab.

show ip nat translation

show ip dhcp binding

show ip route

show ip interface brief

show vlan

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________


Edison#show running-config



!

version 12.2




!

hostname Edison

!

enable secret 5 $1$nUs2$IalHqjDEilgTPu5ulZzHm0

enable password cisco

!

ip subnet-zero

!

ip dchp excluded-address 172.31.1.1 172.31.1.10

ip dhcp pool Students

network 172.31.1.0 255.255.255.128

default-router 172.31.1.1

!

!

!

!

!


no ip address

speed auto

!


description Management VLAN


ip address 172.31.1.161 255.255.255.240

!


description Student VLAN


ip address 172.31.1.1 255.255.255.128

ip nat inside

!


description Teacher VLAN


ip address 172.31.1.129 255.255.255.224

ip nat inside

!

interface Serial0/0

ip address 192.168.2.2 255.255.255.0


ip nat outside

no fair-queue

!

interface Serial0/1

no ip address

shutdown

!

ip nat pool Teachers 192.168.2.4 192.168.2.4 netmask 255.255.255.0

ip nat pool Students 192.168.2.129 192.168.2.254 netmask 255.255.255.0

ip nat inside source list 1 pool Students

ip nat inside source list 2 pool Teachers overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

no ip http server

!

!



!

line con 0

line aux 0

line vty 0 4

password itsasecret

login

!

no scheduler allocate

end

Edison#

CO#show running-config



!

version 12.2




!

hostname CO

!

enable secret 5 $1$qySU$w3Em8trubgSFY3I7AZofL.

!

ip subnet-zero

!

!

!

!

!

interface Loopback0


ip address 192.168.1.1 255.255.255.252

!


no ip address

shutdown

speed auto

!

interface Serial0/0

ip address 192.168.2.1 255.255.255.0

clockrate 56000

!

interface Serial0/1

no ip address

!

interface BRI1/0

no ip address

shutdown

!

ip classless

ip route 172.31.1.0 255.255.255.0 192.168.2.2

no ip http server

!

!

!

line con 0

password cisco

login

line aux 0

line vty 0 4

password itsasecret

login

!


end

CO#

ALSwitch#show running-config



!

version 12.1

no service pad




!

hostname ALSwitch

!

!


ip subnet-zero

!

!




!

!

!

!


Description Trunk Link to Router


!


!


!


!


!




!




!




!




!




!




!




!





!


!


!


!


!


!


!


!


!


!


!


!

interface Vlan1

ip address 172.31.1.162 255.255.255.240

no ip route-cache

!


ip http server

!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password itsasecret

login

line vty 5 15

password cisco

login

!

!

end

ALSwitch#


Challenge Lab 1-10: Double NAT ConfigurationFigure 1-12 Topology for Challenge Lab 1-10

This lab requires you to perform NAT on two different routers. The Scissor LAN addresses are translatedon the Scissor router using remaining address space from the WAN connection and are translated again onthe Paper router using a different set of addresses.

Objectives

■ Configure VLANs and inter-VLAN routing.

■ Configure DHCP.

■ Configure NAT and PAT.

■ Configure RIPv2.

Task 1: Cabling and ConfigurationCable and configure equipment according to the diagram in Figure 1-12.

Task 2: IP AddressingAssign IP addresses on your routers using the appropriate addressing scheme for each LAN based on thedetailed VLAN information in Figure 1-12. This task tests your knowledge of Classless InterdomainRouting (CIDR) and Variable-Length subnet Masks (VLSMs).


Internet193.10.100.1/30

Lo0

Rock

PaperScissor

NAT Scissor and Paper using24.58.96.252/30

S0/0 64.26.91.1/30

S0/1196.100.10.2/24

S0/0196.100.10.1/24

DCE

S0/0 64.26.91.2/30

DCEFa0/1

192.168.10.0/23

192.168.10.0/23

VLAN1 VLAN

20VLAN10

NAT

Fa0/1

192.168.20.0/23

VLAN1 VLAN

20VLAN10

NAT

VLAN 1 = 250 HostsVLAN 10 = 120 HostsVLAN 20 = 60 Hosts

Task 3: Inter-VLAN CommunicationConfigure inter-VLAN routing using IEEE 802.1q encapsulation.

Task 4: Configure VLANs, VLAN Ports, and the HTTP ServerStep 1. Configure the Scissor switch and the Paper switch with the following VLANs:

■ VLAN 1

■ VLAN 10: Wholesale

■ VLAN 20: Retail

Step 2. Assign the VLANs to the appropriate ports:

■ VLAN 1: All unassigned ports

■ VLAN 10: Ports 6–10


Step 3. Set up the Rock router as an HTTP server.

Task 5: Configure and Verify RIPv2 OperationStep 1. Configure RIPv2 on each router and advertise all directly connected networks.

Step 2. Verify functionality with the show ip route command.

Task 6: Configure DHCPStep 1. Configure DHCP on the Paper and Scissor routers.

Step 2. Exclude the first 10 addresses from each VLAN.

Task 7: Configure NAT and PATStep 1. Configure NAT and PAT on the Paper and Scissor routers.

Step 2. Translate the Scissor LAN with the unused address space from 196.100.10.0/24 in this way:

■ VLAN 1 will access the outside world using one IP address.

■ Create a NAT pool for VLAN 10.

■ Create a NAT pool for VLAN 20.

Step 3. All addresses will be retranslated at the Paper router when communicating with the Rock routerin the following way:

■ All Scissor addresses will use the 24.58.96.253/30 address.

■ The Paper LAN will use the 24.58.96.254/30 address.

Task 8: Verify ConfigurationsVerify configurations using the appropriate commands.

Hosts on the Scissor LAN should ping the Paper LAN using an address from the 196.100.10.0/24 network.

Hosts on the Scissor LAN should ping the Rock router using the 24.58.96.253/30 address.

Hosts on the Paper LAN should ping the Scissor LAN using an address from the 192.168.20.0/23 network.

Hosts on the Paper LAN should ping the Rock router using the 24.58.96.254/30 address.


Rock#show running-config



!

version 12.2




!

hostname Rock

!

!

ip subnet-zero

!

!

!

!

!

interface Loopback0

description Internet

ip address 193.10.100.1 255.255.255.252

!


no ip address

shutdown

speed auto

!

interface Serial0/0

description WAN connection to Paper

ip address 64.26.91.1 255.255.255.252

no fair-queue

clockrate 56000

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

router rip

version 2

network 64.0.0.0

network 193.10.100.0


!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip http server

!

!

!

line con 0

line aux 0

line vty 0 4

!


end

Paper#show running-config



!

version 12.2




!

hostname Paper

!

!

ip subnet-zero

ip dhcp excluded-address 192.168.20.1 192.168.20.10



!

ip dhcp pool Management

network 192.168.20.0 255.255.255.0


!

ip dhcp pool Wholesale

network 192.168.21.0 255.255.255.128


!

ip dhcp pool Retail

network 192.168.21.128 255.255.255.192


!

!


!

!

!


no ip address

speed auto

!


description Management


ip address 192.168.20.1 255.255.255.0

ip nat inside

!


description Wholesale


ip address 192.168.21.1 255.255.255.128

ip nat inside

!


description Retail


ip address 192.168.21.129 255.255.255.192

ip nat inside

!

interface Serial0/0

description WAN connection to Rock

ip address 64.26.91.2 255.255.255.252

ip nat outside

no fair-queue

!

interface Serial0/1

description WAN connection to Scissor

ip address 196.100.10.2 255.255.255.0

ip nat inside

clockrate 56000

!

router rip

version 2

network 64.0.0.0

network 192.168.20.0

network 192.168.21.0

network 196.100.10.0

!

ip nat pool PaperVlan 24.58.96.254 24.58.96.254 netmask 255.255.255.252

ip nat pool Scissor 24.58.96.253 24.58.96.253 netmask 255.255.255.252


ip nat inside source list 1 pool PaperVlan overload

ip nat inside source list 2 pool Scissor overload

ip classless

no ip http server

!

!



!

line con 0

logging synchronous

line aux 0

line vty 0 4

!


end

Scissor#show running-config



!

version 12.2




!

hostname Scissor

!

!

ip subnet-zero




!


network 192.168.10.0 255.255.255.0


!


network 192.168.11.0 255.255.255.128


!

ip dhcp pool Retail

network 192.168.11.128 255.255.255.192



!

!

!

!

!


no ip address

speed auto

!




ip address 192.168.10.1 255.255.255.0

ip nat inside

!




ip address 192.168.11.1 255.255.255.128

ip nat inside

!


description Retail


ip address 192.168.11.129 255.255.255.192

ip nat inside

!

interface Serial0/0

ip address 196.100.10.1 255.255.255.0

ip nat outside

no fair-queue

!

interface Serial0/1

no ip address

shutdown

!

router rip

version 2

network 192.168.10.0

network 192.168.11.0

network 196.100.10.0

!

ip nat pool Management 196.100.10.3 196.100.10.3 netmask 255.255.255.0

ip nat pool Wholesale 196.100.10.4 196.100.10.124 netmask 255.255.255.0

ip nat pool Retail 196.100.10.125 196.100.10.185 netmask 255.255.255.0


ip nat inside source list 1 pool Management overload

ip nat inside source list 2 pool Wholesale

ip nat inside source list 3 pool Retail

ip classless

no ip http server

!

!




!

line con 0

line aux 0

line vty 0 4

!


end

Scissor_Switch#sh run



!

version 12.1

no service pad




!

hostname Scissor-Switch

!

!

ip subnet-zero

!

!




!

!



no ip address

!


no ip address


!


no ip address

!


no ip address

!


no ip address

!


description wholesale


no ip address

!




no ip address

!




no ip address

!




no ip address

!




no ip address

!


description retail


no ip address

!


description retail


no ip address

!



description retail


no ip address

!


description retail


no ip address

!


description retail


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!

interface Vlan1

ip address 192.168.10.2 255.255.255.0

no ip route-cache

!



ip http server

!

!

line con 0

logging synchronous

line vty 0 4

login

line vty 5 15

login

!

end

Paper-Switch#show running-config



!

version 12.1

no service pad




!

hostname Paper-Switch

!

!

ip subnet-zero

!

!




!

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!




no ip address

!




no ip address

!




no ip address

!




no ip address

!




no ip address

!


description retail


no ip address

!


description retail


no ip address

!


description retail


no ip address

!


description retail


no ip address

!


description retail



no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!

interface Vlan1

ip address 192.168.20.2 255.255.255.0

no ip route-cache

!


ip http server

!

!

line con 0

logging synchronous

line vty 0 4

login

line vty 5 15

login

!

end


Optional Lab 1-11: Using a Linksys Router to Simulate aHome Network

In this lab, you use a Linksys router to simulate a real-world example of a home network.


Equipment

■ You can complete this lab using any Linksys router other than voice-enabled models. You can use1700, 2500, and 2600 series routers for this lab to simulate the ISP.

Objective

■ Configure the ISP router with DHCP, which will allow the Linksys router to pull an address from thepool you create. The Linksys router will then perform PAT on attached devices without having to beconfigured. Before you begin, reset the Linksys router to factory defaults by pressing the small buttonon the back of the router for 1 minute using a small pointy object, such as a pencil or paper clip.

Step 1. Cable and configure the equipment based on the topology in Figure 1-13.

Step 2. Configure the router with DHCP. Omit the router’s IP address from the pool.

Step 3. The switch does not to be configured but should be cleaned of any previous configurations,especially VLAN information. Use the following commands to clear configurations:

Switch#delete flash:vlan.dat

Switch#erase startup-config or write erase

Switch#reload


ISPFa0/0 200.100.28.1/24

PublicDomain

HomeNetwork

Fa0/1

Fa0/2

Host A Host B

Step 4. Connect to the Linksys router.

a. Open your web browser.

b. Enter 192.168.1.1 in the address bar. This is the default IP address of the Linksys router (see Figure 1-14).

Figure 1-14 Default Linksys IP Address

c. The router prompts you for a password (see Figure 1-15).

Figure 1-15 Linksys Password Prompt

d. Leave the username blank and enter the default password, admin (see Figure 1-16).

Figure 1-16 Linksys Administrator Login

e. The information shown in Figure 1-17 appears on the Linksys setup page.


Figure 1-17 Linksys Setup Page

f. Under Network Setup, the default address of the Linksys router appears. With this option, you can use any address you choose, including those not included in RFC 1918.

Why is the router’s IP address 192.168.1.1 rather than an address from the pool that has beencreated?

This address represents the default gateway for all hosts connected to the Linksys router.

What is the range of DHCP addresses used by the Linksys router?

192.168.1.100 through 192.168.1.254

Step 5. Open the command prompt dialog box and display the IP address of Host A and Host B (seeFigure 1-18).

Figure 1-18 Displaying Host A and B IP Addresses

Step 6. On the ISP router, enter the following command:

ISP#debug ip icmp

Step 7. From Host A, ping the ISP router’s Fast Ethernet interface.

The following information was displayed on the ISP router:

Router#

*Apr 14 07:51:53.955: ICMP: echo reply sent, src 200.100.28.1, dst200.100.28.3



Router#



Router#



Router#



Router#

Why is the reply sent to the 200.100.28.3 address rather than the 192.168.100.2 address?

The 200.100.28.3 address is the address that the Linksys router pulled from the DHCP pool.When the ICMP packet passed through the Linksys router, it translated the inside privateaddress of 192.168.100.102 into the 200.100.28.3 address.

Step 8. Ping the 200.100.28.1 address from both hosts.

Why is only one address listed as the source instead of the IP address from each host?

The Linksys router uses PAT, which allows multiple users to access the Internet using a singleIP address.




!

version 12.2




!

hostname ISP

!

!

ip subnet-zero

ip dhcp excluded-address 200.100.28.1

!

ip dhcp pool Linksys

network 200.100.28.0 255.255.255.0


!

!

!

!

!



ip address 200.100.28.1 255.255.255.0

speed auto

no shut

!

interface Serial0/0

no ip address

shutdown

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

ip classless

ip route 192.168.1.0 255.255.255.0 FastEthernet0/0

no ip http server

!

!

!

line con 0

line aux 0

!

ip address 200.100.28.1 255.255.255.0

speed auto

!

interface Serial0/0

no ip address

shutdown

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

ip classless

ip route 192.168.1.0 255.255.255.0 FastEthernet0/0

no ip http server

!

!

!

line con 0

line aux 0

line vty 0 4

!

end


CHAPTER 2

WAN Technologies

The Study Guide portion of this chapter uses a combination of matching, fill-in-the-blank, multiple-choice,and open-ended question exercises to test your knowledge of the theory of WAN devices, technologies,and connections such as Frame Relay, Integrated Services Digital Network (ISDN), digital subscriber line(DSL), and cable. This chapter also discusses WAN design and implementation.

This chapter contains no lab exercises.

Study Guide

WAN Technologies OverviewA WAN is a network that connects multiple LANs regardless of their physical location. A typical WANuses several fundamental devices, such as routers, modems, WAN switches, channel service units/dataservice units (CSUs/DSUs), and communication servers. WANs use all seven layers of the OSI model butare generally focused within Layers 1 and 2. Layer 1 defines the type of connections used, along with theirfunctionality. Layer 2 is where the encapsulation of data takes place, using protocols such as High-LevelData Link Control (HDLC) and Point-to-Point Protocol (PPP) to name just a few. WANs connect multiplelocations (LANs) and use packet-switched technology to create virtual circuits between locations to makethem look as though they are directly connected to one another.

Concept Questions1. Explain the difference between LANs and WANs.

LANs are composed of hosts that are usually on the same network, and they generally span a smallarea (such as a building or campus). LANs can be located anywhere in the world and are connectedthrough the services of an ISP. A WAN usually connects multiple LANs over a greater distance, and itis composed of multiple LANs. The network administrator has complete control over the LAN, andimplementation of device placement and protocols are at his discretion. WANs are under the controlof the ISP, and connecting LANs must follow all rules and procedures set forth by their carrier. Failureto comply with them might result in the LAN losing service. WAN equipment is owned by the carrier,and LAN equipment is owned by the company.

2. Compare and contrast the devices found on a LAN and those found on a WAN.

Devices found on a LAN are PCs, servers, and printers that store data or provide a type of service toend users. Network devices found on a LAN are switches and routers, which also provide services tousers. Some examples of WAN devices are routers, WAN switches, communication servers,CSUs/DSUs, and modems, all of which provide connectivity between LANs so that these same serv-ices can be shared over a large geographic area.

3. A company has multiple locations, and each location’s router is from a different vendor. Would therebe connectivity if each router is configured with HDLC? Why or why not?

There would not be connectivity because HDLC is vendor-specific, and different-vendor HDLCs arenot compatible. The solution is to use an open-standard encapsulation such as PPP.

4. Compare and contrast a switched virtual circuit (SVC) and a permanent virtual circuit (PVC).

SVCs are set up on demand and are connectionless. In SVCs, packets may take a different path eachtime a connection is established. PVCs are connection-oriented, predetermined permanent circuitswithin the WAN cloud. In the WAN cloud, packets take the same path from source to destinationevery time a link is brought up. Frame Relay identifies these circuits with data-link connection identi-fiers (DLCIs).

5. Dialup connectivity is considered too slow, with low throughput speeds. It is generally being replacedby cable and DSL services. If this is the case, why is dialup still being used and still the most avail-able connection available?

Dialup uses existing phone lines, which reach even the most remote areas of this country. This makesdialup a low-cost option widely available to anyone. Other services, such as ISDN, cable, and DSL,are not available in all areas, which often makes dialup the only choice available.


Terms

__j___ ISDN BRI

__h___ Analog dialup

__f___ ATM

__e___ PVC

__g___ Frame Relay

__c___ circuit-switched

__i___ DSL

__d___ leased line

__b___ cable

__a___ packet-switched

Chapter 2: WAN Technologies 77

WAN TechnologiesA network administrator may choose from several options when creating the physical links within a WAN.These options include analog dialup, ISDN, cable, DSL, Frame Relay, ATM, leased lines, and X.25.Analog dialup is what we know as regular dialup or 56k; this uses ordinary telephone lines to transmit data using analog signals rather than digital. ISDN usually carries two different channels:

■ The B (bearer) channel, which carries voice and data

■ The D (delta) channel, which is used for call setup and termination

There are two different types of ISDN:

■ Basic Rate Interface (BRI)—Two 64-kbps B channels and one 16-kbps D channel

■ Primary Rate Interface (PRI)—Twenty-three 64-kbps B channels and one 64-kbps D channel (equalin bandwidth to that of a T1)

Leased lines are connections to the provider network/ISP that a business must pay for monthly and canrange from a 56-kbps line to an OC-48 line. In Frame Relay, there is no error checking, and Frame Relayuses PVCs and SVCs to provide connectivity between two locations. Asynchronous Transfer Mode (ATM)is a technology that provides low latency and low levels of jitter at high bandwidths by using cell technol-ogy; that is, data is split up into 53-byte cells to transmit faster. DSL, a dedicated user line, uses telephonelines to transmit data over high speeds by transmitting at higher frequencies than a regular phone line.Cable provides an always-on connection through coaxial cable, and users are in a shared environment.


Definitions

a. A full-time shared connection

b. An “always-on” connection that uses coaxialcable to carry signals to a modem

c. A path that is up during the duration of theconnection that requires call setup and calltermination

d. A pre-established dedicated connection avail-able in different bandwidth options

e. A temporary permanent circuit dedicatedfrom source to destination

f. A cell-switched technology that uses fixedcells at 53 bytes

g. A packet-switched technology that uses virtu-al circuits to connect multiple locations

h. Offers home and mobile users an inexpensiveoption for connecting to the Internet

i. A dedicated line from the source to the ISPthat provides Internet access

j. Digital telephony and data transport servicesoffered by regional telephone carriers

WAN DesignThere are many different considerations when designing a WAN, such as the connections, LAN locations,how to connect them, and so on. Topology is also vital; primarily, star, full-mesh, and partial-mesh topolo-gies are set up for WANs. Whether the WAN will use ATM, Frame Relay, or X.25 depends on the type oftraffic that the WAN must handle. A hierarchy also proves useful to make the WAN more manageable, eas-ier to troubleshoot, and scalable. Typically, the three-layer hierarchy used in WAN design consists of theaccess, distribution, and core layers. Security—protecting servers, LANs within the WAN, and so on—isalso a primary concern when designing a WAN.

Concept Questions1. You have a company that has four remote sites and a home office user (see Figure 2-1). Remote sites

A, B, and C require permanent connections. Site D does not require a fixed connection but makeslarge file transfers once a day. The home office user needs access to resources located at headquartersand must be connected at all times. What type of WAN connection and speed should you use at head-quarters? The remote sites? The home office?

Figure 2-1 WAN Connection Requirements

Remote sites A, B, and C could use T1 lines with Frame Relay connections. Headquarters should usea T3 connection because a T1 might not provide enough bandwidth to handle all the sites connectingto it. Remote site D could use ISDN because it makes large file transfers only once a day. The homeoffice user could use an SDSL connection because it provides a continuous connection and the sameupload and download speeds.


Remote Office A Remote Office B

Remote Office C Remote Office D

Headquarters

Home Office

WAN Cloud

2. What type of connection is best for a home office, and why?

Cable or DSL is best suited for a home office user because it uses existing lines, such as a cable TVline or a telephone line for DSL. With cable or DSL, the home office user can stay connected at alltimes (always-on connection). This is also a cost-effective way to stay connected to headquarters.

3. What types of DSL services are available to the consumer? Explain the differences between them.

In asymmetric digital subscriber line (ADSL), the flow of data has a higher download speed thanupload speed. ADSL uses two separate frequency bands. A direct relationship exists between the num-ber of chunks available and the throughput capacity of the ADSL connection.

Symmetric digital subscriber line (SDSL) differs from ADSL in that SDSL has the same upstreamdata transfer rate as the downstream.

Chapter 2: WAN Technologies 79

Lab ExercisesThis chapter contains no lab exercises.


CHAPTER 3

PPP

The Study Guide portion of this chapter uses a combination of matching, fill-in-the-blank, multiple-choice,and open-ended question exercises to test your knowledge of the theory of serial point-to-point links,Point-to-Point Protocol (PPP), and authentication using Password Authentication Protocol (PAP) andChallenge Handshake Authentication Protocol (CHAP).

The Lab Exercises portion of this chapter includes all the online curriculum labs, a comprehensive lab, anda challenge lab to ensure that you have mastered the practical, hands-on skills needed for PPP and authen-tication configurations.

Study Guide

Serial Point-to-Point LinksThe fundamentals of WAN technologies and communications are the links within a WAN. One of the morepopular methods of transmission over a serial link is time-division multiplexing (TDM). Because seriallinks can transmit only 1 bit at a time over the link, TDM provides an organization data transmissionthrough the use of timeslots. TDM prioritizes what data needs to be sent over the link and puts data intodifferent categories, such as video, voice, and data. With TDM, multiple devices can transmit over oneline. TDM acts as a train does—each timeslot contains one of the three categories of data, and they are justsent. However, the disadvantage of this is that if a device does not have any information to send, the emptytimeslot remains part of the train being transmitted across the line.

Another aspect of WANs are demarcation points. These are the exchange of how responsibility from theprovider to the customer and vice versa takes place. They may also separate the data circuit-terminatingequipment (DCE) and data terminal equipment (DTE). The DCE is the device that provides the service,such as a connection to the Internet or to the WAN. The DTE, in most cases, is the customer using the service.

The DCE sets the rate at which the link operates (synchronously). Just like Ethernet, encapsulation isrequired for the data to be sent. HDLC is one form of encapsulation and is vendor-specific. All vendors(such as Cisco, 3Com, and so on) have their own version of High-Level Data Link Control (HDLC) that cannot communicate with another vendor’s version. Typically, HDLC does not support multiple-linkaccess protocols, but the Cisco version of HDLC has a Type field in the encapsulation that allows morethan one protocol to operate on the same serial line. All versions of HDLC also add a flag at the beginningand the end of the datagram; the sole function of the flag is to say where the datagram begins and ends. Toconfigure HDLC on a serial link, you must configure both connected serial interfaces on the router withthe command encapsulation hdlc.

Concept Questions1. You have a large network that has various connections to the Internet and that uses multiple Layer 3

protocols on the network. Security is a concern, and authentication is a must for remote users connect-ing to the network. The routers on the edge of the network are all Cisco, but those on the inside comefrom different vendors. The WAN encapsulation that you decide to use is PPP. Explain why this is thecorrect choice over HDLC.

The Cisco versions of HDLC and PPP support multiple Layer 3 protocols, but only PPP supports mul-tiple interface types. HDLC is limited to serial interfaces and does not provide authentication or pro-tect against callback. As far as the type of routers you use, encapsulation is used only between theborder routers on the edge of your network that connects to the WAN cloud. The routers on the insideof your network are not affected by WAN encapsulation.

2. The clock rate is normally set on the DCE end of a serial connection. Explain the purpose of the clockrate command and why the interface remains down if not set.

Serial interfaces are synchronous and require a timing mechanism for them to communicate. Withoutthis, the line is up, but the protocol is down. This has no relationship to bandwidth, which is theamount of data that can be forwarded across a link.


Chapter 3: PPP 83

3. Explain the benefit of using TDM.

TDM allocates bandwidth to multiple channels on a single line. Each channel can then be allocatedfor different types of traffic, such as voice, video, and data. This type of service prevents one form ofdata stream from using all the bandwidth.

PPP AuthenticationPPP is another form of WAN encapsulation and is much different from HDLC. For one, it is an open-standard protocol that works in a multivendor environment. PPP provides the option of operating on asyn-chronous, synchronous, high-speed serial interfaces and ISDN. In addition, PPP allows authentication(optional configuration parameter) to be set to provide more security for a link. When establishing a link,PPP sends out a link control protocol (LCP) to negotiate the link’s parameters before data transmission.After both routers negotiate the maximum transmission unit (MTU) and bandwidth over the link, authenti-cation, if configured, takes place. The network control protocol (NCP) then chooses a network layer proto-col to use, such as IP.

PPP may use two types of authentication:

■ Password Authentication Protocol (PAP)—Uses a two-way handshake that asks the devices toauthenticate only one time. It provides a simple security measure to verify the identity of the devicesin question using a username and password. However, PAP is susceptible to hackers because it passesthe username and password across the link in plain text, making it easier for the hacker to gain access.

■ Challenge Handshake Authentication Protocol (CHAP)—Uses a three-way handshake and random-ly authenticates the connecting device. CHAP is more secure than PAP because it is not susceptible toplayback and because the challenges are encrypted using MD5 and are verified using a hash.

Concept Questions1. Explain some of the functions of the LCP as it negotiates parameters of a link.

Besides authentication, compression, and callback, the LCP performs error detection by checking forexcessive errors on a link. It uses looped link detection by using magic numbers. Each router uses adifferent number, so if a router sees its own magic number in a frame, it knows that there is a loop andcan terminate the link immediately.

2. CHAP authentication is more secure than PAP because it uses MD5, a one-way hash to encode thepassword as it is sent across the link. Explain how a one-way hash works.

A one-way hash converts data into a fixed string of digits. The sending device encodes the data, andthe receiving device generates a hash using the same algorithm. If the two hashes match, the receivingdevice knows the sending device has been authenticated. It is also used to verify and authenticate theoriginator of a message (called digital signatures).

3. Explain the PPP session establishment phase.

The PPP session is established when all three phases are complete. First is the link-establishmentphase, which uses LCP to establish the link and negotiate certain parameters, which might includecompression and MTU. This must occur for any data to be sent. The next phase is the authenticationphase, which is optional and does not begin until the LCP phase is complete. This is wherePAP/CHAP can be used to provide a more secure connection between hosts. The third and final phaseis the network layer protocol phase, during which one or more network layer protocols can be used tosend data across the link.

Configuring PPPEncapsulation works on the border routers (ones that connect to the WAN). It does not matter what type ofrouters are on the inside of your network, because encapsulation has no bearing on them. To configure PPPon a serial interface, you must enter the command encapsulation ppp. To add the authentication, use thecommand ppp authentication followed by either pap or chap. To verify that the authentication has beenconfigured properly on the interface, use the command show interfaces serial or show interface serial xor show interface serial x/y, where x or x/y is the number of the interface. If there is any problem with theconfiguration, debugging is a useful method of troubleshooting:

debug ppp [authentication | negotiation | packet | error | chap]

Concept Questions1. Explain the purpose of the ppp multilink command and what would happen if it were not configured

on an interface.

The ppp multilink command logically combines both B channels on an ISDN interface and allowsthe router to packet-fragment (load-balance fragments) between them. If this command were not con-figured, only one B channel would be used to a single destination.

2. Explain the difference between Stacker and Predictor compression mechanisms used by PPP.

Stacker replaces continuous streams of characters with codes. Predictor tries to predict the nextsequence of characters in a data stream using a compression dictionary. Stacker is CPU-intensive,whereas Predictor is memory-intensive.

3. What information appears when you use the debug ppp negotiation command?

The debug ppp negotiation command displays the following information:

■ The type of authentication being used (PAP or CHAP).

■ Whether it is a challenge or response.

■ The username of the device you are trying to connect to. This indicates whether the usernames cor-respond with the hostnames of the routers. If they don’t, this causes an authentication failure.

■ The letter I indicates an incoming message, and the letter O indicates an outgoing message.

■ Whether authentication succeeded.

Chapter Review Questions1. Which of the following are true of PAP? (Select two)

A. It is a strong authentication protocol.

B. It sends usernames and passwords across the link in plain text.

C. It is a weak authentication protocol.

D. It uses a one-way hash function.

2. Which of the following compression mechanisms is CPU-intensive?

A. PAP

B. Stacker

C. Predictor

D. CHAP

3. Which command enables PPP on an interface?

A. Router(config)#ppp encapsulation

B. Router(config)#encapsulation ppp

C. Router(config-if)#ppp encapsulation

D. Router(config-if)#encapsulation ppp


4. PPP can be configured on which of the following interface types? (Select all that apply)

A. Serial interfaces

B. Auxiliary interfaces

C. Virtual interfaces

D. High-speed serial interfaces

E. ISDN BRI interfaces

F. Loopback interfaces

5. What type of cable is used when connecting two DTE devices?

A. RS-232

B. Smart serial cable

C. Null-modem

D. V.35

6. Which of the following functions does the LCP perform? (Select all that apply)

A. Detect misconfiguration errors

B. Terminate a link

C. Configure network layer protocols

D. Determine whether a link is functioning

E. Perform encryption

7. Which command provides load balancing across a PPP-configured interface?

A. Callback

B. Playback

C. Overload

D. Multilink

8. Which of the following are true of CHAP? (Select two)

A. It uses a one-way hash.

B. It uses a two-way hash.

C. It uses a one-way handshake.

D. It uses a two-way handshake.

E. It uses a three-way handshake.

9. What is the location in the network called where responsibility between the telco and customerchanges hands?

A. Demarcation

B. Local loop

C. CSU/DSU

D. DTE

E. DCE

Chapter 3: PPP 85

10. Which command displays real-time events as they happen on a PPP-configured interface? (Select allthat apply)

A. show ppp interfaces

B. show ppp authentication

C. show ppp negotiation

D. debug ppp interfaces

E. debug ppp authentication

F. debug ppp negotiation

11. Which of the following features uses a magic number to detect loops?

A. Authentication

B. Negotiation

C. Multilink

D. Error detection

E. Split horizon

12. Which of the following are true of PPP? (Select all that apply)

A. Allows multiple network layer protocols to operate on the same link.

B. Provides a separate NCP for every network layer protocol.

C. Provides a separate LCP for every data link layer protocol.

D. Does not support multiple network layer protocols across the same link.

E. Each network layer protocol requires a separate LCP.

13. How should the username and passwords on each router be configured for PPP authentication? (Selecttwo)

A. Name of the person connecting to the device.

B. Hostname of the local router.

C. Hostname of the remote router.

D. Same on both routers.

E. Passwords can differ.

F. Passwords must be the same.

14. What would happen if both PAP and CHAP were enabled on a router? (Select two)

A. Negotiation would fail.

B. The first method would be used during link negotiation.

C. The peer could refuse to use the first method and try the second one instead.

D. Authentication would fail if the peer router is configured for only one method only.

15. When does PAP authentication occur?

A. After NCP establishes the link

B. During the three-way handshake

C. Only upon initial link establishment

D. Periodically


16. Which of the following are true of PAP and CHAP authentication? (Select all that apply)

A. It ensures that the caller has permission to establish a connection.

B. It is an optional parameter.

C. It reduces the amount of congestion on a link.

D. Peer routers exchange authentication messages.

E. It detects loops that may occur across the link.

17. What is the default encapsulation on Cisco serial interfaces?

A. PPP

B. ARAP

C. IP

D. IPX

E. HDLC

18. Which command displays the state of interface channels and the type of cable connected?

A. show interface s0/0

B. show ip interface s0/0

C. show ip interface brief

D. show controller s0/0

E. show interfaces serial

19. Which network layer protocols does NCP support? (Select two)

A. IPCP

B. IPNP

C. ICMP

D. IPXCP

E. IPXNP

20. Which of the following are not protected against by PAP? (Select all that apply)

A. Callback attacks

B. Playback attacks

C. Random challenges

D. Trial-and-error attacks

Chapter 3: PPP 87

Lab Exercises

Curriculum Lab 3-1: Troubleshooting a Serial Interface(3.1.7)Figure 3-1 Topology for Lab 3-1


Router Designation Router Name Interface Type Serial 0 Address

Router 1 London DCE 192.168.15.1

Router 2 Paris DTE 192.168.15.2



The subnet mask for both routers is 255.255.255.0.

Objectives

■ Configure a serial interface on two routers.

■ Use show commands to troubleshoot connectivity issues.


Cable a network that is similar to the one in Figure 3-1. You can use any router that meets the interfacerequirements in Figure 3-1 (that is, 800, 1600, 1700, 2500, and 2600 routers, or a combination). See theinformation in Appendix C, “Router Interface Summary Chart,” to correctly specify the interface identi-fiers based on the equipment in your lab. The 1721 series routers produced the configuration output in thislab. Another router might produce slightly different output. Execute the following tasks on each routerunless you are specifically instructed otherwise.


Implement the procedure documented in Appendix E, “Erasing and Reloading the Router,” on all routersbefore you continue with this lab.

Task 1: Configure the RoutersConfigure the hostname, console, vty, and enable passwords according to Table 3-1. If you have difficultydoing this, see Lab 1-1, “Configuring NAT.”


Task 2: Configure the Paris Interface Configure the Paris router serial interface as follows:

Paris(config)#interface serial 0

Paris(config-if)#ip address 192.168.15.2 255.255.255.0

Paris(config-if)#clock rate 56000

Paris(config-if)#no shutdown

Paris(config-if)#exit

Paris(config)#exit

Task 3: Configure the London Interface Configure the London router serial interface as follows:

London(config)#interface serial 0

London(config-if)#ip address 192.168.15.1 255.255.255.0

London(config-if)#no shutdown

London(config-if)#exit

London(config)#exit

Task 4: Save the ConfigurationTo save the configuration of the Paris and London router serial interfaces, enter the following:

London#copy running-config startup-config

Paris#copy running-config startup-config

Task 5: Enter the Command show interface serial 0 (SeeAppendix C) on London

London#show interface serial 0

This shows the details of interface serial 0.


Serial0 is up, line protocol is up

Hardware is PowerQUICC Serial

Internet address is 192.168.15.1/24

MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation HDLC, loopback not set

Keepalive set (10 sec)

Last input 00:00:06, output 00:00:00, output hang never

58 - 489 CCNA 4: WAN Technologies v 3.1 - Lab 3.1.7 Copyright ? 2003, Cisco Systems,Inc.

Last clearing of “show interface” counters 03:02:45

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations 0/1/32 (active/max active/max total)

Chapter 3: PPP 89

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 96 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

1039 packets input, 67974 bytes, 0 no buffer

Received 753 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

1047 packets output, 77227 bytes, 0 underruns

0 output errors, 0 collisions, 4 interface resets

0 output buffer failures, 0 output buffers swapped out

1 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

Answer the following questions:

Serial 0 is up, and line protocol is down.

What type of problem is indicated in the last statement? Data link- (Layer 2) related

What is the Internet address? 192.168.15.1

What is the encapsulation type? HDLC

Task 6: Enter the Command show interface serial 0 (SeeAppendix C) on Paris

Paris#show interface serial 0


Answer the following questions:

Serial 0 is up, and line protocol is down.

What is the Internet address? 192.168.15.2

What is the encapsulation type? HDLC

To what OSI layer does “Encapsulation” refer? Layer 2

Why is the interface down?

The clock rate is not set on the DCE interface.

End #show interface serial 0

Serial0 is up, line protocol is down







Last input never, output never, output hang never



















Task 7: Correct the Clock LocationThe clock rate statement has been placed on the wrong interface. It is currently placed on the Paris router,but the London router is the DCE. Remove the clock rate statement from the Paris router by using the noversion of the command. Then, add it to the London router’s configuration.

Task 8: Enter the Command show interface serial 0 on ParisParis#show interface serial 0

Serial 0 is up, and line protocol is up.

What is the difference in the Line and Protocol status that was recorded on Paris earlier? Why?

Both interfaces are up due to the correct clock rate setting.

End is up, line protocol is up



















Chapter 3: PPP 91







Task 9: Verify That the Serial Connection Is Functioning byPinging the Serial Interface of the Other Router

London#ping 192.168.15.2

Paris#ping 192.168.15.1




!!!!!


London#

Paris#ping 192.168.15.1



!!!!!


Paris#

From London, can you ping the Paris router’s serial interface? Yes

From Paris, can you ping the London router’s serial interface? Yes

If the answer is no for either question, troubleshoot the router configurations to find the error. Then, do thepings again until the answer to both questions is yes.


Paris


Router(config)#hostname Paris

Paris(config)#enable password cisco

Paris(config)#enable secret class

Paris(config)#line vty 0 4

Paris(config-line)#password cisco

Paris(config-line)#login

Paris(config-line)#line con 0




Paris(config-line)#interface serial 0





Paris(config)#exit


! Removing the clock from Paris Serial DTE interface

Paris#configure terminal


Paris(config-if)#no clock rate 56000


Paris(config)#exit


! London


Router(config)#hostname London

London(config)#enable password cisco

London(config)#enable secret class

London(config)#line vty 0 4

London(config-line)#password cisco

London(config-line)#login

London(config-line)#line con 0



London(config-line)#interface serial 0




London(config)#exit


! Configuring the clock on London Serial DCE interface

London#configure terminal


London(config-if)#clock rate 56000


London(config)#exit


Chapter 3: PPP 93

Curriculum Lab 3-2: Configuring PPP Encapsulation(3.3.2)Figure 3-2 Topology for Lab 3-2



Router 1 Washington DCE 192.168.15.1

Router 2 Dublin DTE 192.168.15.2




Objectives

■ Configure the serial interfaces on two routers with the PPP protocol.

■ Test the link for connectivity.


Cable a network that is similar to the one in Figure 3-2. You can use any router that meets the interfacerequirements in Figure 3-2 (that is, 800, 1600, 1700, 2500, and 2600 routers, or a combination). See theinformation in Appendix C to correctly specify the interface identifiers based on the equipment in your lab.The 1721 series routers produced the configuration output in this lab. Another router might produce slightlydifferent output. Execute the following tasks on each router unless you are specifically instructed otherwise.


Implement the procedure documented in Appendix E on all routers before you continue with this lab.



Task 2: Configure the Dublin Interface Configure the Dublin router serial interface as follows:

Dublin(config)#interface serial 0

Dublin(config-if)#ip address 192.168.15.2 255.255.255.0

Dublin(config-if)#no shutdown

Dublin(config-if)#exit

Dublin(config)#exit

Task 3: Configure the Washington Interface Configure the Washington router serial interface as follows:

Washington(config)#interface serial 0

Washington(config-if)#ip address 192.168.15.1 255.255.255.0

Washington(config-if)#clock rate 64000

Washington(config-if)#no shutdown

Washington(config-if)#exit

Washington(config)#exit

Task 4: Save the ConfigurationTo save the Dublin and Washing router serial interfaces, use the following commands:

Dublin#copy running-config startup-config

Washington#copy running-config startup-config

Task 5: Enter the Command show interface serial 0 (SeeAppendix C) on Washington

Washington#show interface serial 0



The Internet address is 192.168.15.1.

Encapsulation is HDLC.

Washington#show interface 0serial 0











Chapter 3: PPP 95

Queueing strategy: fifo

Output queue :0/40 (size/max)











Task 6: Enter the Command show interface serial 0 (SeeAppendix C) on Dublin

Dublin#show interface serial 0



The Internet address is 192.168.15.2.

Encapsulation is HDLC.

























Task 7: Change the Encapsulation TypeChange the encapsulation type to PPP by entering encapsulation ppp at the interface serial 0 configura-tion mode prompt on both routers:

Washington(config-if)#encapsulation ppp

Dublin(config-if)#encapsulation ppp

Task 8: Enter the Command show interface serial 0 onWashington


What is the encapsulation type? PPP







Encapsulation PPP, loopback not set


LCP Open

Open: IPCP, CDPCP
















Task 9: Enter the Command show interface serial 0 on DublinDublin#show interface serial 0






Chapter 3: PPP 97





LCP Open

Open: IPCP, CDPCP

68 - 489 CCNA 4: WAN Technologies v 3.1 - Lab 3.3.2 Copyright ? 2003, Cisco Systems, Inc.

















Washington#ping 192.168.15.2

Dublin#ping 192.168.15.1

From Washington, can you ping the Dublin router’s serial interface? Yes

From Dublin, can you ping the Washington router’s serial interface? Yes




!!!!!


Washington#

Dublin#ping 192.168.15.1



!!!!!


Dublin#



! Washington


Router(config)#hostname Washington

Washington(config)#enable password cisco

Washington(config)#enable secret class

Washington(config)#line vty 0 4

Washington(config-line)#password cisco

Washington(config-line)#login

Washington(config-line)#line con 0



Washington(config-line)#exit








! Configuring PPP on Washington

Washington#configure terminal


Washington(config-if)#encapsulation ppp




! Dublin


Router(config)#hostname Dublin

Dublin(config)#enable password cisco

Dublin(config)#enable secret class

Dublin(config)#line vty 0 4

Dublin(config-line)#password cisco

Dublin(config-line)#login

Dublin(config-line)#line con 0



Dublin(config-line)#exit





Chapter 3: PPP 99

Dublin(config)#exit


! Configuring PPP on Dublin

Dublin#configure terminal


Dublin(config-if)#encapsulation ppp


Dublin(config)#exit


Curriculum Lab 3-3: Configuring PPP Authentication(3.3.3)Figure 3-3 Topology for Lab 3-3



Router 1 Madrid DCE 192.168.15.1

Router 2 Tokyo DTE 192.168.15.2




Objective

■ Configure PPP authentication by using CHAP on two routers.







Task 2: Configure the Tokyo Interface Configure the Tokyo router serial interface as follows:

Tokyo(config)#interface serial 0

Tokyo(config-if)#ip address 192.168.15.2 255.255.255.0

Tokyo(config-if)#encapsulation ppp

Tokyo(config-if)#no shutdown

Tokyo(config-if)#exit

Tokyo(config)#exit

Task 3: Configure the Madrid Interface Configure the Madrid router serial interface as follows:

Madrid(config)#interface serial 0

Madrid(config-if)#ip address 192.168.15.1 255.255.255.0

Madrid(config-if)#clock rate 64000

Madrid(config-if)#encapsulation ppp

Madrid(config-if)#no shutdown

Madrid(config-if)#exit

Madrid(config)#exit

Task 4: Save the ConfigurationTo save the Tokyo and Madrid serial interface configurations, use the following commands:

Tokyo#copy running-config startup-config

Madrid#copy running-config startup-config

Task 5: Enter the Command show interface serial 0 on MadridMadrid#show interface serial 0









LCP Open

Open: IPCP, CDPCP



Chapter 3: PPP 101














Task 6: Enter the Command show interface serial 0 on TokyoTokyo#show interface serial 0


Tokyo#show interface serial 0








LCP Open

Open: IPCP, CDPCP


















Madrid#ping 192.168.15.2

Tokyo#ping 192.168.15.1

If the pings are unsuccessful, troubleshoot the router configurations to find the error. Then, do the pingsagain until both pings succeed.

Task 8: Configure PPP AuthenticationConfigure usernames and passwords on the Madrid router. The passwords must be the same on bothrouters. The username must reflect the other router’s hostname exactly. (It is case-sensitive.)

Madrid(config)#username Tokyo password cisco


Madrid(config-if)#ppp authentication chap

Task 9: Verify That the Serial Connection Is FunctioningVerify that the serial connection is functioning by pinging the serial interface of the other router:



Why? CHAP is not set up on Tokyo.



.....

Success rate is 0 percent (0/5)

Task 10: Configure PPP AuthenticationConfigure usernames and passwords on the Tokyo router. The passwords must be the same on bothrouters. The usernames must reflect the other router’s hostname exactly (they are case-sensitive).

Tokyo(config)#username Madrid password cisco


Tokyo(config-if)#ppp authentication chap

Task 11: Verify That the Serial Connection Is FunctioningVerify that the serial connection is functioning by pinging the serial interface of the other router:

Tokyo#ping 192.168.15.1


Why? The username was set up on Tokyo.

Tokyo#ping 192.168.15.1



!!!!!

Chapter 3: PPP 103





!!!!!



Tokyo


Router(config)#hostname Tokyo

Tokyo(config)#enable password cisco

Tokyo(config)#enable secret class

Tokyo(config)#line vty 0 4

Tokyo(config-line)#password cisco

Tokyo(config-line)#login

Tokyo(config-line)#line con 0

Tokyo(config-line)#password cisco

Tokyo(config-line)#login

Tokyo(config-line)#exit




Tokyo(config-if)#no shutdowndown


Tokyo(config)#exit


Tokyo chap configuration

Tokyo#configure terminal

Tokyo(config)#username Madrid password cisco




Tokyo(config)#exit


! Madrid


Router(config)#hostname Madrid

Madrid(config)#enable password cisco

Madrid(config)#enable secret class

Madrid(config)#line vty 0 4

Madrid(config-line)#password cisco

Madrid(config-line)#login

Madrid(config-line)#line con 0


Madrid(config-line)#password cisco

Madrid(config-line)#login

Madrid(config-line)#exit


Madrid(config-if)#ip address 192.168.15.1 255.255.255.0

Madrid(config-if)#clock rate 56000

Madrid(config-if)#encapsulation ppp

Madrid(config-if)#no shutdown


Madrid(config)#exit

Madrid chap configuration

Madrid#configure terminal

Madrid(config)#username Tokyo password cisco


Madrid(config-if)#ppp authentication chap


Curriculum Lab 3-4: Verifying PPP Configuration (3.3.4)Figure 3-4 Topology for Lab 3-4



Router 1 Brasilia DCE 192.168.15.1

Router 2 Warsaw DTE 192.168.15.2




Objectives

■ Configure a serial interface on two routers with the PPP protocol.

■ Verify and test the link for connectivity.

Chapter 3: PPP 105






Task 2: Configure the Warsaw Configure the Warsaw router serial interface as follows:

Warsaw(config)#interface serial 0

Warsaw(config-if)#ip address 192.168.15.2 255.255.255.0

Warsaw(config-if)#no shutdown

Warsaw(config-if)#exit

Warsaw(config)#exit

Task 3: Configure the Brasilia InterfaceConfigure the Brasilia router serial interface as follows:

Brasilia(config)#interface serial 0

Brasilia(config-if)#ip address 192.168.15.1 255.255.255.0

Brasilia(config-if)#clock rate 64000

Brasilia(config-if)#no shutdown

Brasilia(config-if)#exit

Brasilia(config)#exit

Task 4: Save the ConfigurationTo save the Warsaw and Brasilia router serial interface configurations, use the following commands:

Warsaw#copy running-config startup-config

Brasilia#copy running-config startup-config

Task 5: Enter the Command show interface serial 0 (SeeAppendix C) on Brasilia

Brasilia#show interface serial 0


The encapsulation type is HDLC.


Task 6: Enter the Command show interface serial 0 (SeeAppendix C) on Warsaw

Warsaw#show interface serial 0


The encapsulation type is HDLC.

Task 7: Turn on PPP DebuggingTurn on the PPP debug function on both routers by entering debug ppp event at the privileged EXECmode prompt. Note: For the 2600 router, use the command debug ppp tasks.

Task 8: Change the Encapsulation TypeStep 1. Change the encapsulation type to PPP by entering encapsulation ppp at the interface serial 0

configuration mode prompt on both routers:

Brasilia(config-if)#encapsulation ppp

Warsaw(config-if)#encapsulation ppp

What did the debug function report when the PPP encapsulation was applied to each router?

00:03:07: Se0 AUTH: Started process 0 pid 4

00:03:07: Se0: AAA_PER_USER LCP_UP (0x826DC7DC) id 0 (0s.) queued 1/1/1

00:03:07: Se0: AAA_PER_USER LCP_UP (0x826DC7DC) id 0 (0s.) busy/0

started 1/1/1

00:03:07: Se0: AAA_PER_USER LCP_UP (0x826DC7DC) id 0 (0s.) busy/0 done

in 0 s. 0/0/1

Step 2. Turn off the debug function by entering undebug all at the privileged EXEC mode prompt.

Task 9: Enter the Command show interface serial 0 on BrasiliaBrasilia#show interface serial 0

Brasilia#show interface serial 0







LCP Open

Open: IPCP, CDPCP








Chapter 3: PPP 107












The encapsulation type is PPP.

Task 10: Enter the Command show interface serial 0 on WarsawWarsaw#show interface serial 0

Warsaw#show interface serial 0







LCP Open

Open: IPCP, CDPCP





















Task 11: Verify That the Serial Connection Is FunctioningStep 1. Ping the other router to verify that there is connectivity between the two routers.

Brasilia#ping 192.168.15.2

Warsaw#ping 192.168.15.1

Brasilia#ping 192.168.15.2



!!!!!


84 - 489 CCNA 4: WAN Technologies v 3.1 - Lab 3.3.4 Copyright ? 2003, CiscoSystems, Inc.

Brasilia#

Warsaw#ping 192.168.15.1



!!!!!


Warsaw#

From Brasilia, can you ping the Warsaw router’s serial interface? Yes

From Warsaw, can you ping the Brasilia router’s serial interface? Yes

Step 2. If the answer is no for either question, troubleshoot the router configurations to find the error.Then, do the pings again until the answer to both questions is yes.

Step 3. After you complete the previous tasks, log off (by entering exit) and turn the router off. Then,remove and store the cables and adapter.

Brasilia


Router(config)#hostname Brasilia

Brasilia(config)#enable password cisco

Brasilia(config)#enable secret class

Brasilia(config)#line vty 0 4

Brasilia(config-line)#password cisco

Brasilia(config-line)#login

Brasilia(config-line)#line con 0

Brasilia(config-line)#password cisco

Brasilia(config-line)#login

Brasilia(config-line)#interface serial 0

Brasilia(config-if)#ip address 192.168.15.1 255.255.255.0

Brasilia(config-if)#clock rate 64000


Brasilia(config-if)#no shutdown

Brasilia(config-if)#exit

Brasilia(config)#exit

Brasilia#copy running-config startup-config

Chapter 3: PPP 109

! Warsaw


Router(config)#hostname Warsaw

Warsaw(config)#enable password cisco

Warsaw(config)#enable secret class

Warsaw(config)#line vty 0 4

Warsaw(config-line)#password cisco

Warsaw(config-line)#login

Warsaw(config-line)#line console 0

Warsaw(config-line)#password cisco

Warsaw(config-line)#login

Warsaw(config-line)#

Warsaw(config-line)#

Warsaw(config-line)#interface serial 0

Warsaw(config-if)#ip address 192.168.15.2 255.255.255.0


Warsaw(config-if)#no shutdown

Warsaw(config-if)#exit

Warsaw(config)#exit

Warsaw#copy running-config startup-config

Curriculum Lab 3-5: Troubleshooting PPP Configuration(3.3.5)Figure 3-5 Topology for Lab 3-5



Router 1 London DCE 192.168.15.1

Router 2 Paris DTE 192.168.15.2





Objectives

■ Configure a PPP on the serial interfaces of two routers.

■ Use show and debug commands to troubleshoot connectivity issues.






Task 2: Configure the Paris Interface Configure the Paris router serial interface as follows:






Paris(config)#exit

Task 3: Configure the London Interface Configure the London router serial interface as follows:



London(config-if)#encapsulation ppp



London(config)#exit

Task 4: Save the ConfigurationTo save the Paris and London router serial interface configurations, use the following commands:



Chapter 3: PPP 111

Task 5: Enter the Command show interface serial 0 (See Appendix C) on London











LCP Listen

Closed: IPCP, CDPCP



















List the following information discovered from issuing this command:

■ Serial 0 is up, and line protocol is down.

■ What type of problem is indicated in the last statement? Encapsulation

■ The Internet address is 192.168.15.1.

■ The encapsulation type is PPP.

Task 6: Enter the Command show interface serial 0 (SeeAppendix C) on Paris






























List the following information discovered from issuing this command:

■ Serial 0 is up, and line protocol is down.

■ The Internet address is 192.168.15.2.

■ The encapsulation type is HDLC.

■ To what OSI layer does “Encapsulation” refer? Layer 2

If the serial interface were configured, why did the show interface serial 0 output show that the interfaceis down?

The clock rate is not set on the London DCE, and encapsulation is HDLC on Paris.

Task 7: Correct the Clock LocationThe clock rate statement has been placed on the wrong interface. It is currently placed on the Paris router,but the London router is the DCE. Remove the clock rate statement from the Paris router by using the noversion of the command, and then add it to the configuration for the London router.

London#configure terminal

End (config)#interface serial 0



Chapter 3: PPP 113

Task 8: Enter the Command show cdp neighbors on LondonLondon#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

Is there output from the command? No

Should there be output? No

Task 9: Enter the Command debug ppp negotiation on LondonIt might take 60 seconds or more before output occurs.

London#

00:07:48: Se0 LCP: TIMEout: State REQsent

00:07:48: Se0 LCP: O CONFREQ [REQsent] id 77 len 10

00:07:48: Se0 LCP: MagicNumber 0x09BEEBE6 (0x050609BEEBE6)











00:07:56: Se0 LCP: State is Listen

00:08:26: Se0 LCP: TIMEout: State Listen

00:08:26: Se0 LCP: O CONFREQ [Listen] id 81 len 10

00:08:26: Se0 LCP: MagicNumber 0x09BFAF37 (0x050609BFAF37)



00:08:28: Se0 LCP: MagicNumber 0x09BFAF37 (0x050609BFAF37)

Is there output? Yes

What is the output saying? Request timeout

Is there a problem with PPP encapsulation on the London router or the Paris router? Paris

Why? PPP encapsulation is not set.

What encapsulations were listed for the interfaces?

London? PPP

Paris? HDLC

Is there an issue with the preceding answers? Yes

What is the issue? Router interface encapsulations do not match.


Task 10: Enter the command debug ppp negotiation on ParisEnter the command debug ppp negotiation on the Paris router at the privileged EXEC mode prompt.

Is there output from the debug command? No

Task 11: Correct the Encapsulation TypeConvert the encapsulation to PPP on the Paris router.

Is there output from the debug command? Yes

Does it confirm link establishment? Yes



Paris(config-if)#encapsulation ppp

Paris(config-if)#

00:09:48: Se0 PPP: Phase is DOWN, Setup [0 sess, 0 load]

00:09:48: Se0 PPP: Using default call direction

00:09:48: Se0 PPP: Treating connection as a dedicated line

00:09:48: Se0 PPP: Phase is ESTABLISHING, Active Open [0 sess, 0 load]

00:09:48: Se0 LCP: O CONFREQ [Closed] id 1 len 10

00:09:48: Se0 LCP: MagicNumber 0x09F12828 (0x050609F12828)

00:09:48: Se0 LCP: I CONFREQ [REQsent] id 101 len 10

00:09:48: Se0 LCP: MagicNumber 0x09C0E151 (0x050609C0E151)

00:09:48: Se0 LCP: O CONFACK [REQsent] id 101 len 10

00:09:48: Se0 LCP: MagicNumber 0x09C0E151 (0x050609C0E151)

00:09:48: Se0 LCP: I CONFACK [ACKsent] id 1 len 10

00:09:48: Se0 LCP: MagicNumber 0x09F12828 (0x050609F12828)

00:09:48: Se0 LCP: State is Open

00:09:48: Se0 AUTH: Started process 0 pid 23

00:09:48: Se0 PPP: Phase is UP [0 sess, 0 load]

00:09:48: Se0 IPCP: O CONFREQ [Closed] id 1 len 10

00:09:48: Se0 IPCP: Address 192.168.15.2 (0x0306C0A80F02)

00:09:48: Se0 CDPCP: O CONFREQ [eClosed] id 1 len 4

00:09:48: Se0 IPCP: I CONFREQ [REQsent] id 1 len 10



00:09:48: Se0 IPCP: O CONFACK [REQsent] id 1 len 10


00:09:48: Se0 CDPCP: I CONFREQ [REQsent] id 1 len 4

00:09:48: Se0 CDPCP: O CONFACK [REQsent] id 1 len 4

00:09:48: Se0 IPCP: I CONFACK [ACKsent] id 1 len 10


00:09:48: Se0 IPCP: State is Open

00:09:48: Se0 CDPCP: I CONFACK [ACKsent] id 1 len 4

00:09:48: Se0 CDPCP: State is Open

00:09:48: Se0 IPCP: Install route to 192.168.15.1nd

Chapter 3: PPP 115

Task 12: Enter the command show interface serial 0 on ParisParis#show interface serial 0

End #show interface serial 0








LCP Open

Open: IPCP, CDPCP



















Serial0 is up, and line protocol is up.


What is the difference between the Line and Protocol status recorded on Paris earlier? Why?

Both are up. Proper configuration of the serial interfaces



Paris#ping 192.168.15.2

Paris#ping 192.168.15.1




!!!!!





!!!!!


From London, can you ping the serial interface on the Paris router? Yes

From Paris, can you ping the serial interface on the London router? Yes



Paris


Paris(config)#hostname Paris



Paris(config)#line vty 0 4



Paris(config-line)#line con 0



Paris(config-line)#exit

Paris(config-line)#interface serial 0


Paris(config-if)#encapsulation ppp



Paris(config)#exit

Paris#exit


! London


Router(config)#hostname London

London(config)#enable password cisco

London(config)#enable secret class

London(config)#line vty 0 4



London(config-line)#line console 0


Chapter 3: PPP 117


London(config-line)#exit



London(config-if)#encapsulation ppp




London(config)#exit


Challenge Lab 3-6: Configuring PPP with NAT, DHCP, andVLANs

You are a newly hired network administrator for a start-up company (ACME) that wants to you to create asecure connection to an ISP. You are also responsible for IP addressing, VLAN assignment, DHCP, andNAT. Figure 3-6 shows the network topology for this lab.


Objectives

■ Configure PPP with authentication.

■ Configure DHCP, NAT, and PAT.

■ Configure the ISP as a web server and verify connectivity via a web browser from hosts on the ACMELAN.

Task 1Step 1. Cable the equipment.

Step 2. Protect the privileged mode using an encrypted password of class.

Step 3. Ensure that the command output is not interrupted by router output.

Step 4. Restrict remote access to devices using cisco as the password.

router#config t

router(config)#hostname ACME

ACME(config)#enable secret class


Lo0192.172.10.1/30

Web ServerISPACMEACME_Switch S0/0200.100.37.1/26

S0/0200.100.37.2/26

DTEDCEFa0/1 Fa0/0

VLAN1

Ports2–5

14 Hosts

VLAN10Ports6–1030 Hosts

VLAN

20

Ports

11–15

60 Hosts

ACME LAN Address Pool192.168.100.0/24

ACME(config)#line con 0

ACME(config-line)#logging synchronous

ACME(config)#line vty 0 4

ACME(config-line)#password cisco

ACME(config-line)#login

ACME(config-line)#exit

ACME(config)#

router#config t

router(config)#hostname ISP


ISP(config)#line con 0

ISP(config-line)#logging synchronous





ISP(config)#

switch#config t

switch(config)#hostname ACME_Switch

ACME_Switch(config)#enable secret class

ACME_Switch(config)#line con 0

ACME_Switch(config-line)#logging synchronous

ACME_Switch(config)#line vty 0 15

ACME_Switch(config-line)#password cisco

ACME_Switch(config-line)#login

ACME_Switch(config-line)#exit

ACME_Switch(config)#

Task 2Step 1. Based on the diagram in Figure 3-6, create an addressing scheme to accommodate users on the

ACME LAN.

Step 2. Create three VLANs on ACME_Switch:

■ VLAN 1: default name

■ VLAN 10: Marketing VLAN

■ VLAN 20: HR_Dept

Step 3. Assign VLANs to the appropriate interfaces based on the diagram in Figure 3-6.

Step 4. Configure inter-VLAN routing on the ACME router.

Router configuration:

ACME(config)#int fa0/0

ACME(config-if)#no shut

ACME(config-if)#int fa0/0.1

Chapter 3: PPP 119

ACME(config-if)#description VLAN1

ACME(config-if)#encapsulation dot1q 1 native

ACME(config-if)#ip address 192.168.100.97 255.255.255.240


ACME(config-if)#description Marketing

ACME(config-if)#encapsulation dot1q 10



ACME(config-if)#description HR_Dept

ACME(config-if)#encapsulation dot1q 20


Switch configuration:

ACME_Switch#vlan database

ACME_Switch(vlan)#vlan 10 name Marketing

ACME_Switch(vlan)#vlan 20 name HR_Dept

ACME_Switch(vlan)#exit

ACME_Switch#config t

ACME_Switch(config-if)#int fa0/1

ACME_Switch(config-if)#switchport mode trunk


ACME_Switch(config-if)#switchport access vlan 10



















ACME_Switch(config-if)#int vlan1

ACME_Switch(config-if)#ip address 192.168.100.98 255.255.255.240

ACME_Switch(config-if)#no shut

ACME_Switch(config-if)#exit

ACME_Switch(config)#ip default-gateway 192.168.100.97


Task 3Step 1. Configure the ACME router as a DHCP server.

Step 2. Create a separate DHCP pool for each subnet.

Step 3. Exclude the first three addresses from each DHCP pool.

Step 4. Verify that the workstations obtain the correct information from the server.

DHCP commands:

ACME(config)#ip dhcp excluded-address 192.168.100.1 192.168.100.3



ACME(config)#ip dhcp pool VLAN1

ACME(dhcp-config)#network 192.168.100.96 255.255.255.240

ACME(dhcp-config)#default-router 192.168.100.97

ACME(dhcp-config)#exit

ACME(config)#ip dhcp pool Marketing



ACME(dhcp-config)#exit

ACME(config)#ip dhcp pool HR_Dept



Task 4Step 1. Use the spare addresses from the WAN link to create your NAT pools.

Step 2. Configure dynamic NAT for VLAN 1 and the Marketing VLAN.

Step 3. Use one global address for HR_Dept to access the outside world.

NAT commands:

ACME(config)#ip nat pool VLAN1 200.100.37.3 200.100.37.17 netmask255.255.255.192

ACME(config)#ip nat pool Marketing 200.100.37.18 200.100.37.48 netmask255.255.255.192

ACME(config)#ip nat pool HR_Dept 200.100.37.49 200.100.37.49 netmask255.255.255.192

ACME(config)#access-list 1 permit 192.168.100.96 0.0.0.15



ACME(config)#ip nat inside source list 1 pool VLAN1

ACME(config)#ip nat inside source list 2 pool Marketing

ACME(config)#ip nat inside source list 3 pool HR_Dept overload


ACME(config-if)#ip nat inside





Chapter 3: PPP 121

Task 5Configure both routers to use PPP as the encapsulation protocol.

PPP encapsulation commands:

ACME(config)#int s0/0

ACME(config-if)#encapsulation ppp

ISP(config)#int s0/0

ISP(config-if)#encapsulation ppp

Task 6Configure a secure authentication on both routers that protects against callback.

CHAP commands:

ACME(config)#int s0/0

ACME(config-if)#ppp authentication chap

ACME(config)#username ISP password cisco

ISP(config)#int s0/0

ISP(config-if)#ppp authentication chap

ISP(config)#username ACME password cisco

Task 7Verify the configuration using the appropriate commands. Do not limit yourself to using only the showrunning-config command. The lab is accomplished when all hosts can access the web server via the webbrowser.

ACME#show running-config

hostname ACME

!

enable secret 5 $1$Pp3L$otAkhDxd956.DcsYZqcwd0

!

username ISP password 0 cisco

ip subnet-zero




!

ip dhcp pool VLAN1

network 192.168.100.96 255.255.255.240


!

ip dhcp pool Marketing

network 192.168.100.64 255.255.255.224


!


ip dhcp pool HR_Dept

network 192.168.100.0 255.255.255.192


!

!

!

!

!


no ip address

speed auto

no shut

!


description VLAN1


ip address 192.168.100.97 255.255.255.240

ip nat inside

!


description Marketing


ip address 192.168.100.65 255.255.255.224

ip nat inside

!


description HR_Dept


ip address 192.168.100.1 255.255.255.192

ip nat inside

!

interface Serial0/0

ip address 200.100.37.2 255.255.255.192

ip nat outside

encapsulation ppp

ppp authentication chap

no shut

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

Chapter 3: PPP 123

ip nat pool vlan1 200.100.37.3 200.100.37.17 netmask 255.255.255.0

ip nat pool Marketing 200.100.37.18 200.100.37.48 netmask 255.255.255.0

ip nat pool hrdept 200.100.37.49 200.100.37.49 netmask 255.255.255.0

ip nat inside source list 1 pool vlan1

ip nat inside source list 2 pool Marketing

ip nat inside source list 3 pool HR_Dept overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

no ip http server

!

!




!

line con 0

logging synchronous

line aux 0

line vty 0 4

password cisco

login

!


end


hostname ISP

!

enable secret 5 $1$IV8q$i0rJSg6vBuxcKzLVXGb/01

!

username ACME password 0 cisco

ip subnet-zero

!

!

!

!

!

interface Loopback0

description Web Server

ip address 192.172.10.1 255.255.255.255

!


no ip address

shutdown


speed auto

!

interface Serial0/0

ip address 200.100.37.1 255.255.255.192

encapsulation ppp

clockrate 56000


no shut

!

interface Serial0/1

no ip address

shutdown

ip route 192.168.100.0 255.255.255.0 s0/0

!

ip classless

ip http server

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

password cisco

login

!


end

ACME_Switch#show running-config

hostname ACME_switch

!

enable secret 5 $1$/HXH$FrVwLK/aQBNXXnpL4YMxX/

!

ip subnet-zero

!

!




!

!

!

Chapter 3: PPP 125

!



!


!


!


!


!



!



!



!



!



!



!



!



!



!



!


!


!



!


!


!


!


!


!


!

interface Vlan1

ip address 192.168.100.98 255.255.255.0

no shut

no ip route-cache

!


ip http server

!

line con 0

logging synchronous

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

!

end

Chapter 3: PPP 127

This page intentionally left blank

CHAPTER 4

ISDN and DDR

The Study Guide portion of this chapter uses a combination of multiple-choice and open-ended questionexercises to test your knowledge of the theory of ISDN standards, concepts, and reference points.

The Lab Exercises portion of this chapter includes all the online curriculum labs and a challenge lab toensure that you have mastered the practical, hands-on skills needed for dialer interfaces, dialer maps, anddialer profiles.

Study Guide

ISDN ConceptsISDN is a WAN technology that serves as a solution for offices using digitized phone lines. ISDN allowsfor faster call setup and transfer of data, video, and audio than traditional analog dialup. Call setup and ter-mination are done on a separate channel (D or delta channel), which is called out-of-band signaling. Datais transmitted over a separate channel called the B or bearer channel. Each B channel provides 64 kbps ofbandwidth, whereas the D channel has 16 kbps of bandwidth (ISDN Basic Rate Interface [BRI]) or 64kbps (ISDN Primary Rate Interface [PRI]). ISDN PRI in North America consists of 23 B channels and oneD channel. It is an inexpensive, cost-effective alternative to a dedicated T1 connection. The Europeanequivalent to an ISDN PRI is called an E. It consists of 30 B channels and a single D channel.

ISDN has three sets of standards:

■ The E protocols, which define the telephone network standards

■ The I protocols, which relate to ISDN concepts and terms

■ The Q protocols, which determine the operation of signaling and switching

During the call setup process, the phone number is transmitted to the local ISDN switch via the D channel.It is then forwarded to another ISDN switch using the Signaling System 7 (SS7) signaling protocol. Thenumber is passed to the destination, which sends its acknowledgment back through the ISDN switches tothe caller; from here, the connection is officially established. Switch types that give a set of call setupneeds must also be configured depending on which type the service provider is using. Service provideridentifiers (SPIDs) are also provided by the Internet service provider (ISP) as a mandatory component toconnect to the local ISDN switch. SPIDs are actually phone lines that are dialed to establish a connection.

Concept Questions1. Compare ISDN BRI and PRI.

ISDN BRI uses two B channels and one D channel. ISDN PRI uses 23 B channels and one D channel.In ISDN BRI, the D channel has a bandwidth of 16 kbps, whereas ISDN PRI’s D channel has a band-width of 64 kbps.

2. Explain the function of the ISDN delta and bearer channels.

The bearer channel is used to transport user data. This could be voice, video, or data that can consistof e-mails, FTP, or even Telnet traffic. The delta channel is for call setup and termination. It also pro-vides out-of-band signaling.

3. Explain the difference between in-band and out-of-band signaling.

Out-of-band signaling is when call setup and termination are done on a channel separate from thechannel used to transport data. ISDN is an example of out-of-band signaling, which is done on thedelta channel. In-band signaling occurs where data transport and call setup and termination are alldone on the same line. An example of in-band signaling is the Public Switched Telephone Network(PSTN).


Chapter 4: ISDN and DDR 131

ISDN ConfigurationISDN BRI must be configured with the switch type and SPIDs. The switch type can be configured ineither global configuration mode or interface mode. You use global configuration mode when connectingto multiple switches that are of the same type. You use interface mode when connecting to multiple switch-es of different types. This requires the exact switch type to be configured on the appropriate interface. Inglobal configuration mode, configure the switch type using the command isdn switch-type switch-type.

You can set up two SPIDs on ISDN BRI, one for each B channel. Go into the BRI interface and enter isdnspid1 [spid-number] and isdn spid2 [spid-number].

In ISDN PRI, you must also configure the switch type. Specify in global configuration mode where the T1/E1card is located with the command controller [t1 | e1] slot/port. This is similar to going into an interface.

When inside controller mode, set the framing with either framing [sf | esf] when configuring T1 lines orframing [crc4 | no-crc4] for E1 lines. Also, inside controller mode, you must specify the signaling withthe command linecode [ami | b8zs | hdb3]. To verify all configurations, use the commands show isdnactive, show dialer, and show interface bri [slot/port].

Concept Questions1. Explain the purpose of identifying the appropriate ISDN switch type.

The purpose of a switch type is to establish communication between the carrier’s network and yournetwork. Switch types vary depending on the country or part of the country in which you are located.Each switch type has different call setup requirements, making it impossible to connect when config-ured incorrectly.

2. Explain the function of a SPID.

Each SPID represents a separate channel (bearer channel) in your carrier’s network. The number con-sists of a “phone” number and a carrier identifier. When interesting traffic turns the line on, the“phone” number associated with the SPID is dialed, and the call is placed.

3. What information appears when you enter the show isdn active command?

The show isdn active command displays the number called and the time remaining on the call.

DDR ConfigurationDial-on-demand routing (DDR) is a method that allows the ISDN line to be triggered only when certaintypes of traffic, called interesting traffic, attempt to cross the line. This interesting traffic is filtered by a setof predetermined criteria set in a dialer list. When the line is turned on, all traffic can cross, even that con-sidered “boring.” After all interesting traffic has finished crossing the ISDN line, the line terminates untilthe next batch of interesting traffic passes through. To specify what the interesting traffic will be, use thedialer-list command. For example, to allow all IP traffic to be considered interesting, you use the com-mand dialer-list 1 protocol ip permit. You must apply the dialer list to the interface with the commanddialer-group [list-number].

Legacy DDR is a basic method of setting up dialer characteristics that must be applied to an interface.Setting up legacy DDR requires configuring static routes and dialer information and predetermining inter-esting traffic. The dialer information consists of the dialer map, encapsulation, authentication, and idletimeout. To configure the dialer map, use the command dialer map [protocol] [next-hop-address] name[hostname] [dial-string] while inside the interface. Use the dialer idle-timeout command on the interfaceto specify when the line will disconnect after all interesting traffic has been transmitted.

A more flexible alternative to dialer maps is dialer profiles. Instead of statically configuring dialer parame-ters onto an interface and changing them every time the call setup requirements change, dialer profiles areautomatically assigned to the interface every time the call requirements change. Create a dialer profile withthe command interface dialer [number], and assign the profile with the encapsulation, an IP address, anda dialer string using the command dialer remote-name [name]. Go into the physical ISDN interface anduse the command dialer pool-member [pool-number] priority [number] to make the interface part of adialer pool. If multiple calls are placed simultaneously, the pool with the highest priority dials out first.Verify all DDR configurations with the commands show isdn status, show isdn active, and show dialer.

Concept Questions1. Why is it better to use static routes rather than dynamic routes across an ISDN connection?

Static routes are used rather than dynamic routes because they do not send periodic updates that cantrigger the line and take away the cost-effectiveness of ISDN.

2. Explain the function of a SPID within a dialer map.

The SPID identifies the actual “phone” line used in the carrier’s network that data will be sent across.It can also be called the circuit that establishes the connection from end to end.

3. Compare a dialer map to a dialer profile.

A dialer map is a manual mapping of a destination to the circuit being used (SPID). A different dialermap must be configured for each location. Dialer profiles can be set for various locations with differ-ent criteria and applied to the ISDN interface. Dialer profiles are more scalable and flexible thandialer maps.

Chapter Review QuestionsFor multiple-choice questions 1 through 20, circle the correct answers. Some questions have more thanone answer.

1. What are the benefits of ISDN? (Select three)

A. Always-on connection

B. Cost-effective

C. Faster call setup and termination

D. Fiber connection

E. Can transport video, voice, and data simultaneously

2. What set of protocols deal with ISDN telephone network standards?

A. I protocols

B. Q protocols

C. IEEE protocols

D. E protocols

E. HDLC-derived protocols


3. Which channel in ISDN is used for call setup and termination?

A. B channel

B. D channel

C. C channel

D. BRI channel

E. PRI channel

4. In North America, ISDN PRI uses 23 bearer channels and one delta channel to equal the bandwidth ofa T1. What does this make ISDN PRI most efficient for?

A. A substitute for using a T1 line

B. A fallback in case the original line malfunctions

C. No efficiency whatsoever

D. Primary always-on connection

5. Which device in an ISDN connection is responsible for converting the four-wire signal to a two-wiredigitized ISDN signal?

A. TA

B. TE1

C. NT2

D. NT1

E. TE2

6. What factors affect which switch type a private network will use on its ISDN router? (Select two)

A. Switch type used by the carrier

B. Protocols that are being run

C. Country/region of the private network

D. Whether the connection is BRI or PRI

E. SPIDs being used

7. What modes on a router can a switch type be configured in? (Select two)

A. Router>

B. Router#

C. Router(config)#

D. Router(config-if)#

E. Router(config-subif)#

8. On ISDN BRI, what is the maximum number of SPIDs you can configure per bearer channel?

A. 1

B. 2

C. 3

D. The SPID is configured for the BRI interface.

E. None


9. What command enables you to make configurations when using ISDN PRI?

A. Router(config)#interface pri slot/port

B. Router(config)#interface t1/e1 slot/port

C. Router(config)#controller pri slot/port

D. Router(config)#controller t1/e1 slot/port

E. Router(config)#interface pri t1/e1

10. What command shows the time remaining on an ISDN call?

A. show isdn status

B. show isdn active

C. show interface bri0/0

D. debug isdn q921

E. show running-configuration

11. How do you configure DDR? (Select three)

A. Determine interesting traffic with a dialer list.

B. Set up static routes.

C. Disable ISDN before setting up DDR.

D. Set up dialer maps.

E. DDR is on by default on Cisco routers.

12. When configuring dialer information, what are the requirements for setup? (Select three)

A. Encapsulation

B. Dialer maps

C. Access lists

D. Idle timeouts

E. Static routes

13. What are some advantages of using dialer profiles over legacy DDR and dialer maps? (Select three)

A. One ISDN interface can take on different characteristics based on the calls.

B. You can configure each B channel on a different subnet.

C. All aspects of dialer profiles are dynamic and do not have to be configured.

D. Each B channel can have different DDR parameters.

E. Dialer profiles have no advantages.

14. What command assigns an ISDN interface to a dialer pool?

A. Router(config-if)#dialer pool-member number

B. Router(config)#interface bri slot/port dialer-pool member number

C. Router(config-if)#ip assign dialer pool-member number

D. Router(config)#dialer pool-member number

E. Router(config-if)#pool-member dialer number


15. Which command displays information about the BRI interface’s three layers?

A. show isdn status

B. show isdn active

C. show interface bri0/0

D. debug isdn q921

E. debug isdn q931

16. What command helps troubleshoot call setup and termination?

A. debug ppp error

B. debug isdn q931

C. debug ppp negotiation

D. debug isdn q921

E. debug ppp authentication

17. What is the name of the reference point that connects the customer’s switching device and enablescalls between the various types of customer premises equipment?

A. R

B. S

C. T

D. U

E. NT1

F. NT2

18. A dialer profile consists of which three elements?

A. Dialer interface

B. Dialer pool

C. Virtual interface

D. Physical interface

E. Static routes

F. Dynamic routes

19. What does an ISDN PRI use for T1/E1 connections?

A. ISDN switch

B. DTE

C. DCE

D. CSU/DSU

E. LMI extensions

20. Each TE1 must be manually or statically assigned a unique identifier. What range of numbers is usedwhen statically assigning an identifier to a TE1 device?

A. 0–63

B. 1–63

C. 64–126

D. 64–128


Lab Exercises

Curriculum Lab 4-1: Configuring ISDN BRI (U-Interface)(4.2.1)Figure 4-1 Topology for Lab 4-1


Router Router Fast Ethernet0 BRI 0 Address Adtran Designation Name Address/Subnet Mask Connection

Router 1 Ottawa 192.168.14.1/24 — BRI 1

The enable secret password for this router is class.

The enable, vty, and console password for this router is cisco.

Objective

■ Configure an ISDN router to make a successful connection to a local ISDN switch.


This lab assumes that a router with an ISDN BRI U interface is available. An Adtran Atlas550 ISDN emu-lator is used to simulate the ISDN switch and cloud. If an ISDN router is not available, review the lab andperform as many noninterface commands as possible.




Task 1: Configure the RouterConfigure the hostname, console, vty, and enable passwords according to Table 4-1.


Task 2: Verify the ISDN BRI Switch TypeNot all ISDN switch types are the same worldwide, so the first step is to configure the ISDN TE1 device(the router) to tell it what ISDN switch type is in use. The ISDN telco provider provides this information.In this case, the ISDN switch type, which the Adtran simulator supports, is National ISDN-1 (NorthAmerica) and is configured on the router using the keyword basic-ni. To check the ISDN BRI status, issuethe following command before you issue configuration commands:

Ottawa#show isdn status


**** No Global ISDN Switchtype currently defined ****

ISDN BRI0 interface

dsl 0, interface ISDN Switchtype = none

Layer 1 Status:

DEACTIVATED

Layer 2 Status:

Layer 2 NOT Activated

Layer 3 Status:

0 Active Layer 3 Call(s)

Active dsl 0 CCBs = 0

The Free Channel Mask: 0x0

Number of L2 Discards = 0, L2 Session ID = 0

Total Allocated ISDN CCBs = 0

What is the Layer 1 status? Deactivated

What is the ISDN switch type? None

Task 3: Specify the Switch TypeStep 1. To specify the ISDN switch type, use the isdn switch-type command at the global configura-

tion mode prompt. You can review the different switch types that are available by using theisdn switch-type ? command:

Ottawa#configure terminal

Ottawa(config)#isdn switch-type ?

Ottawa(config)#isdn switch-type ?

basic-1tr6 1TR6 switch type for Germany

basic-5ess AT&T 5ESS switch type for the U.S.

basic-dms100 Northern DMS-100 switch type

basic-net3 NET3 switch type for UK and Europe

basic-ni National ISDN switch type

basic-qsig QSIG switch type

basic-ts013 TS013 switch type for Australia

ntt NTT switch type for Japan

vn3 VN3 and VN4 switch types for France

How many different switch types are available? 9

Step 2. To configure the router to communicate with a National ISDN-1 switch type, enter the following:

Ottawa(config)#isdn switch-type basic-ni


Task 4: Verify the Switch StatusCheck the state of the ISDN interface again:



Global ISDN Switchtype = basic-ni

ISDN BRI0 interface

dsl 0, interface ISDN Switchtype = basic-ni

Layer 1 Status:

DEACTIVATED

Layer 2 Status:

Layer 2 NOT Activated

Layer 3 Status:






What is the Layer 1 status? Deactivated

What is the ISDN switch type? basic-ni

Task 5: Activate the BRI ConnectionActivate the ISDN BRI by using the no shutdown command at the interface configuration prompt:

Ottawa#configure terminal

Ottawa(config)#interface bri 0

Ottawa(config-if)#no shutdown

Task 6: Review the Switch StatusAt this stage, the ISDN BRI should be physically active, and one TEI should be negotiated. Enter the fol-lowing command to review the switch status:




ISDN BRI0 interface


Layer 1 Status:

ACTIVE

Layer 2 Status:

TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED

Layer 3 Status:







What is the Layer 1 status? Active

What is the ISDN switch type? basic-ni

Has the Layer 2 status changed? Yes

Task 7: Configure the ISDN SPIDsDepending on the region, you might have to specify ISDN SPIDs for the ISDN switch to respond to theISDN TE1 correctly. The SPIDs that the Adtran simulator supports are specified as isdn spid1 and isdnspid2. To configure the SPIDs, issue the following commands:


Ottawa(config-if)#isdn spid1 51055510000001 5551000


Task 8: Review the Switch StatusCheck the state of the ISDN interface again:


What does the output specify about SPID1?

TEI 64, ces = 1, state = 8(established)

spid1 configured, spid1 NOT sent, spid1 NOT valid

What does the output specify about SPID2?

TEI Not Assigned, ces = 2, state = 1(terminal down)

spid2 configured, spid2 NOT sent, spid2 NOT valid

If you examine this output carefully, you will see that the assigned SPID values have not been sent to theISDN switch and have not been verified. This is because you specified them after the ISDN interface wasenabled. To send the SPID values, you must reset the interface.

Task 9: Reset the InterfaceTo manually reset the ISDN BRI interface, issue the command clear interface bri 0. This command caus-es all ISDN parameters to be renegotiated. Issue the clear command on the router, and then check theISDN interface status. SPID1 and SPID2 are sent and validated:

Ottawa#clear interface bri 0




ISDN BRI0 interface


Layer 1 Status:

ACTIVE

Layer 2 Status:




TEI 64, ces = 1, state = 5(init)

spid1 configured, spid1 sent, spid1 valid

Endpoint ID Info: epsf = 0, usid = 70, tid = 1

TEI 65, ces = 2, state = 5(init)

spid2 configured, spid2 sent, spid2 valid

Endpoint ID Info: epsf = 0, usid = 70, tid = 2

Layer 3 Status:






Have SPID1 and SPID2 been sent and verified? Yes

Task 10: Save the Configuration and RebootSave the configuration and reboot the router. This time, verify that the ISDN interface has correctly negoti-ated with the ISDN switch. Review activity on the ISDN interface by using the show isdn active com-mand:

Ottawa#copy running-config startup-config

Ottawa#reload

Ottawa#show isdn active

! Note to instructor: This is sample output and may not be identical to that producedlocally.

Ottawa#show isdn active

--------------------------------------------------------------

---------------------------------------

ISDN ACTIVE CALLS

--------------------------------------------------------------

---------------------------------------

Call Calling Called Remote Seconds Seconds Seconds

Charges

Type Number Number Name Used Left Idle

Units/Currency

--------------------------------------------------------------

---------------------------------------

Out 6120 Ottawa 165 74

45 0

The history table has a maximum of how many entries? 100

The history table data is retained for how long? 15 minutes


Router>enable



Router(config)#

Router(config)#hostname Ottawa

Ottawa(config)#enable password cisco

Ottawa(config)#enable secret class

Ottawa(config)#line console 0

Ottawa(config-line)#password cisco

Ottawa(config-line)#login

Ottawa(config-line)#exit

Ottawa(config)#line vty 0 4

Ottawa(config-line)#password cisco

Ottawa(config-line)#login

Ottawa(config-line)#exit




Ottawa(config-if)#no shutdown

Ottawa(config-if)#exit

Ottawa(config)#exit

Ottawa#copy running-config startup-config

Curriculum Lab 4-2: Configuring Legacy DDR (4.3.2)Figure 4-2 Topology for Lab 4-2


Router Router Fast Ethernet0 SPID Numbers Phone Adtran Designation Name Address/Subnet Numbers Connection

Mask

Router 1 Tokyo 192.168.1.1/24 51055510000001 5551000 BRI 151055510010001 5551001

Router 2 Moscow 192.168.2.1/24 51055520000001 5552000 BRI 251055520010001 5552001




Objectives

■ Configure an ISDN router to make a legacy DDR call to another ISDN-capable router.

■ When the DDR connection is made successfully, augment the configuration to specify that only HTTPtraffic will bring up the link.


In this lab, two ISDN routers are required. If ISDN routers are not available, review the lab to becomefamiliar with the process. An Adtran Atlas550 ISDN emulator is used to simulate the switch/ISDN cloud.




Task 1: Configure the RouterConfigure the hostname, console, vty, and enable passwords according to Table 4-2. If you have difficultydoing this, see Lab 1-1, “Configuring NAT.”

Task 2: Define the Switch Type and SPID NumbersYou must specify the switch type and SPID numbers on the routers:



Tokyo(config)#isdn switch-type basic-ni

Tokyo(config)#interface fastethernet 0




Tokyo(config)#interface bri 0

Tokyo(config-if)#isdn spid1 51055510000001 5551000



Router(config)# hostname Moscow

Moscow(config)# enable secret class

Moscow(config)# isdn switch-type basic-ni

Moscow(config)# interface fastethernet 0

Moscow(config-if)#ip address 192.168.2.1 255.255.255.0

Moscow(config-if)#no shutdown

Moscow(config-if)#exit


Moscow(config)# interface bri 0

Moscow(config-if)#isdn spid1 51055520000001 5552000



Task 3: Define the Static Routes for DDRStep 1. Use static and default routes rather than dynamic routing so that you can reduce the cost of the

dialup connection. To configure a static route, you must know the network address of the net-work to be reached and the IP address of the next router on the path to this destination:

Moscow#configure terminal

Moscow(config)#ip route 192.168.1.0 255.255.255.0 192.168.3.1


Tokyo(config)#ip route 0.0.0.0 0.0.0.0 192.168.3.2

Step 2. Execute the show ip route command to verify that the routes exist.

Task 4: Specify Interesting Traffic for DDRSpecify the traffic that will cause the DDR interface to dial up the remote router. For the moment, declarethat all IP traffic is “interesting.” You do this by using the dialer-list command:


Tokyo(config)#dialer-list 1 protocol ip permit


Tokyo(config-if)#dialer-group 1

Tokyo(config-if)#end

Task 5: Configure the DDR Dialer Information for Router 1Step 1. Configure the correct dialer information necessary for the correct function of the dialer profile

and dialer interface. This includes IP address information, PPP configuration, name, passwords,and dial number:




Step 2. Configure the PPP information:


Tokyo(config)#username Moscow password class




Step 3. Configure the dial information:



Tokyo(config-if)#dialer idle-timeout 120

Tokyo(config-if)#dialer map ip 192.168.3.2 name Moscow 5552000


Task 6: Configure the DDR Dialer Information for Router 2Moscow#configure terminal

Moscow(config)#dialer-list 1 protocol ip permit

Moscow(config)#username Tokyo password class

Moscow(config)#interface bri 0


Moscow(config-if)#dialer-group 1

Moscow(config-if)#encapsulation ppp

Moscow(config-if)#ppp authentication chap

Moscow(config-if)#dialer idle-timeout 120

Moscow(config-if)#dialer map ip 192.168.3.1 name Tokyo 5551000

Task 7: View the Tokyo Router ConfigurationTo view the configuration, use the show running-config command:

Tokyo#show running-config

What authentication is being used? CHAP

What are the ISDN SPIDs on the Tokyo router?

51055510000001 5551000 and 51055510010001 5551001

Task 8: Verify the DDR ConfigurationStep 1. Generate some interesting traffic across the DDR link from the remote Moscow router to verify

that connections are made correctly:

Tokyo#ping 192.168.2.1

Did the pings succeed? Yes

Step 2. If not, troubleshoot the router configuration.

Step 3. Use the show interface command and note that the output shows that the interface is “spoof-ing.” This provides a mechanism for the interface to simulate an active state for internalprocesses, such as routing, on the router. You can also use the show interface command to dis-play information about the B channel:

Tokyo#show interface bri 0

Step 4. After you complete the previous tasks, log off (by entering exit) and turn the router off. Then,remove and store the cables and adapter.


Curriculum Lab 4-3: Configuring Dialer Profiles (4.3.7)Figure 4-3 Topology for Lab 4-3


Router Router Fast Ethernet0 SPID Phone Adtran Designation Name Address with Numbers Numbers Connection

Subnet Mask

Router 1 Tokyo 192.168.1.1/24 51055510000001 5551000 BRI 151055510010001 5551001

Router 2 Moscow 192.168.2.1/24 51055520000001 5552000 BRI 251055520010001 5552001

Router 3 Sydney 192.168.3.1/24 51055530000001 5553000 BRI 351055530010001 5553001

The enable secret password for all routers is class.

The enable, vty, and console password for all routers is cisco.

Objective

■ Configure ISDN dialer profiles on the routers, enabling a DDR call to be made from two remoterouters simultaneously into a central ISDN BRI router.


In this lab, three ISDN routers are required. If ISDN routers are not available, review the lab to becomefamiliar with the process. An Adtran Atlas550 ISDN emulator is used to simulate the switch/ISDN cloud.





Task 1: Configure the RouterConfigure the hostname, console, vty, and enable passwords according to Table 4-3. If you have difficultydoing this, see Lab 1-1, “Configuring NAT.”

Task 2: Define the Switch Type and SPID NumbersTo configure the switch type and SPID numbers, use the following commands:












Router(config)#hostname Moscow

Moscow(config)#enable secret class

Moscow(config)#isdn switch-type basic-ni

Moscow(config)#interface fastethernet 0








Router(config)#hostname Sydney

Sydney(config)#enable secret class

Sydney(config)#isdn switch-type basic-ni

Sydney(config)#interface fastethernet 0

Sydney(config-if)#ip address 192.168.3.1 255.255.255.0

Sydney(config-if)#no shutdown

Sydney(config-if)#exit

Sydney(config)#interface bri 0

Sydney(config-if)#isdn spid1 51055530000001 5553000




Task 3: Define the Static Routes for DDRUse static and default routes rather than dynamic routing so that you can reduce the cost of the dialup con-nection. To configure a static route, you must know the network address of the network trying to bereached and the IP address of the next router on the path to this destination:

Moscow#configure terminal

Moscow(config)#ip route 0.0.0.0 0.0.0.0 192.168.253.1

Sydney#configure terminal

Sydney(config)#ip route 0.0.0.0 0.0.0.0 192.168.254.1




Task 4: Specify Interesting Traffic for DDRYou must define traffic as “interesting” to cause the DDR interface to dial up the remote router. For themoment, declare that all IP traffic is interesting by using the dialer-list command:


Moscow(config)#interface dialer 0


Sydney(config)#dialer-list 1 protocol ip permit

Sydney(config)#interface dialer 0

Sydney(config-if)#dialer-group 1



Tokyo(config)#interface dialer 1

Tokyo(config-if)#description The Profile for the Moscow router


Tokyo(config-if)#interface dialer 2

Tokyo(config-if)#description The Profile for the Sydney router


Task 5: Configure the DDR Dialer InformationConfigure the correct dialer information that is necessary for the correct function of the dialer profile anddialer interface. This includes IP address information, PPP configuration, name, passwords, and dial number:





Tokyo(config-if)#interface bri 0












Tokyo(config)#username Sydney password class



Moscow(config-if)#interface bri 0



Moscow(config-if)#interface dialer 0








Sydney(config-if)#interface bri 0

Sydney(config-if)#encapsulation ppp

Sydney(config-if)#ppp authentication chap

Sydney(config-if)#interface dialer 0





Sydney(config)#username Tokyo password class

Task 6: Configure the Dialer InformationNext, you must configure the dial information to specify the remote name of the remote router in the dialerprofile, and the dial string (phone number) to use to contact this remote device. Use the commands in thefollowing steps to do this.

Step 1. To configure the dial information on Tokyo, use the following:


Tokyo(config-if)#dialer remote-name Moscow

Tokyo(config-if)#dialer string 5552000




Tokyo(config-if)#dialer remote-name Sydney



Step 2. To configure the dial information on Moscow, use the following:


Moscow(config-if)#dialer remote-name Tokyo

Moscow(config-if)#dialer string 5551000


Step 3. To configure the dial information on Sydney, use the following:


Sydney(config-if)#dialer remote-name Tokyo

Sydney(config-if)#dialer string 5551000


Task 7: Associate the Dialer ProfilesFinally, associate the dialer profiles with the dialer interfaces that will be used, when needed. Create adialer pool and put the interfaces and the associated dialer profiles in a common pool. The commands fordoing this are as follows.

Step 1. On Tokyo, the commands issued would be as follows:


Tokyo(config-if)#dialer pool-member 1


Tokyo(config-if)#dialer pool 1



Step 2. On Moscow, the commands issued would be as follows:


Moscow(config-if)#dialer pool-member 1


Moscow(config-if)#dialer pool 1

Step 3. Use the same commands to configure the Sydney router.

Task 8: Configure the Dialer TimeoutsStep 1. Configure a dialer idle-timeout of 60 seconds for each of the dialer interfaces:





Step 2. Repeat these commands on Moscow and Sydney.


Task 9: View the Tokyo Router ConfigurationTo view the configuration, use the show running-config command:





!

version 12.2




!

hostname “Tokyo”

!

enable secret 5 $1$.Tf2$ph3oCXloaQGXpguejZTIJ0

!

username Moscow password 0 class

username Sydney password 0 class

ip subnet-zero

!

!

!

isdn switch-type basic-ni

!

!

!

interface FastEthernet0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0

no ip address

shutdown

no fair-queue

!

interface BRI0

no ip address

encapsulation ppp

dialer pool-member 1


isdn spid1 51055510000001 5551000

isdn spid2 51055510010001 5551001


!


interface FastEthernet1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1

no ip address

shutdown

!

interface Dialer1

description The Profile for the Moscow router

ip address 192.168.253.1 255.255.255.0

encapsulation ppp

dialer pool 1

dialer remote-name Moscow

dialer idle-timeout 60

dialer string 5552000


dialer-group 1


!

interface Dialer2

description The Profile for the Sydney router

ip address 192.168.254.1 255.255.255.0

encapsulation ppp

dialer pool 1

dialer remote-name Sydney

dialer idle-timeout 60



dialer-group 1


!

ip classless

ip route 192.168.2.0 255.255.255.0 192.168.253.2

ip route 192.168.3.0 255.255.255.0 192.168.254.2

ip http server

!

dialer-list 1 protocol ip permit

!

line con 0

password cisco

login

line aux 0

line vty 0 4


password cisco

login

!

end

How many username statements exist? 2

What authentication type is being used for PPP? CHAP

Which sections of the configuration list the authentication type? Interface Dialer

What are the dialer strings on the Tokyo router?

interface Dialer1

End string 5552000


interface Dialer2



Task 10: Verify the DDR ConfigurationStep 1. Generate some interesting traffic across the DDR link from Moscow and Sydney to verify that

connections are made correctly and that the dialer profiles are functioning:

Moscow#ping 192.168.1.1

Sydney#ping 192.168.1.1


Step 2. If not, troubleshoot the router configurations.

What other information was displayed when the ping was issued?

00:25:01: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

00:25:01: %DIALER-6-BIND: Interface BRI0:1 bound to profile Di0

00:25:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1,

changed state to up

Step 3. Use the show dialer command to see the reason for the call. This information is shown foreach channel:

Tokyo#show dialer

Tokyo#show dialer

BRI0 - dialer type = ISDN

Dial String Successes Failures Last DNIS Last status

0 incoming call(s) have been screened.

0 incoming call(s) rejected for callback.

BRI0:1 - dialer type = ISDN

Idle timer (120 secs), Fast idle timer (20 secs)

Wait for carrier (30 secs), Re-enable (15 secs)

Dialer state is idle

BRI0:2 - dialer type = ISDN





Di1 - dialer type = DIALER PROFILE




Number of active calls = 0


5552000 0 0 never - Default










Tokyo#

Which dialer strings are associated with Dialer1? 555-2000, 555-2001

What is the last status for dial string 5553000 in the Dialer2 readout? None

Step 4. Use the show interface command and note that the output shows that the interface is “spoof-ing.” This provides a mechanism for the interface to simulate an active state for internalprocesses, such as routing, on the router. You can also use the show interface command to dis-play information about the B channel:



BRI0 is up, line protocol is up (spoofing)

Hardware is PQUICC BRI with U interface




Last input 00:00:01, output never, output hang never



















! Tokyo


Tokyo(config)#hostname Tokyo












Tokyo(config-if)#ip route 192.168.2.0 255.255.255.0 192.168.253.2




Tokyo(config-if)#description The Profile for the Moscow router



Tokyo(config-if)#description The Profile for the Sydney router

















Tokyo(config)#username Sydney password class


Tokyo(config-if)#dialer remote-name Moscow




Tokyo(config-if)#dialer remote-name Sydney






Tokyo(config-if)#dialer pool-member 1











Tokyo(config)#exit


! Moscow


Router(config)#hostname Moscow

Moscow(config)#enable secret class

Moscow(config)#isdn switch-type basic-ni

Moscow(config)#interface fastethernet 0









Moscow(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.253.1


















Moscow(config-if)#dialer remote-name Tokyo





Moscow(config-if)#dialer pool-member 1


Moscow(config-if)#dialer pool 1


Moscow(config)#exit

Moscow#copy running-config startup-config

! Sydney


Router(config)#hostname Sydney

Sydney(config)#enable secret class

Sydney(config)#isdn switch-type basic-ni

Sydney(config)#interface fastethernet 0









Sydney(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.254.1

Sydney(config)#dialer-list 1 protocol ip permit


Sydney(config-if)#dialer-group 1




Sydney(config-if)#interface bri 0








Sydney(config)#username Tokyo password class


Sydney(config-if)#dialer remote-name Tokyo






Sydney(config-if)#dialer pool-member 1


Sydney(config-if)#dialer pool 1


Sydney(config)#exit

Sydney#copy running-config startup-config

Challenge Lab 4-4: Configuring Dialer Maps and DialerProfiles

You are hired as a consultant for a company that has three remote locations: Mo, Larry, and Curley. Thetask at hand is to set up ISDN across their WAN and the addressing on their internal network. The compa-ny wants you to use dialer maps on the Larry and Curley routers pointing to the Mo router. The Mo routerwill use dialer profiles pointing to the Larry and Curley routers.

This lab challenges your ability to configure dialer profiles and dialer maps in an ISDN environment.Figure 4-4 presents the topology for this lab.

Figure 4-4 ISDN Challenge Lab Topology


Internet172.16.0.1/24

Lo0

MO

LarryBRI 1/0

180.78.15.2/30

BRI 1/0

BRI 1/0194.65.14.1/30180.78.15.1/30

194.65.14.2/30

fa0/1fa0/0

fa0/1fa0/0Switch A Switch BCurley

Service Profile Identifiers:

Mo BRI/1: SPID 1 5105551000SPID 2 5105551001

Larry BRI/2: SPID 1 5105552000SPID 2 5105552001

Curley BRI/3: SPID 1 5105553000SPID 2 5105553001

Larry LAN Addresses192.168.100.0/24

Curley LAN Addresses193.168.100.0/24

ISDNCloud

(Adtran)

BRI 1

ISDN

BRI 3BRI 2

Dialer Map Dialer Map

Dialer Profiles

Task 1: PhysicalConnect and configure the devices as shown in Figure 4-4.

Task 2: Logical MoStep 1. Configure router Mo with encapsulation PPP on the BRI interface using CHAP authentication

and Multilink.

Step 2. Configure dialer profiles.

Step 3. Configure two dialer interfaces each using two dialer strings and given IP addresses (SPIDsremain in dialer-pool 1).

Step 4. Configure usernames and passwords:

■ Username Larry password 0 cisco.

■ Username Curley password 0 cisco.

Step 5. Permit both dialer lists.

Step 6. Configure router Mo with switch type basic-ni.

Step 7. Configure static routes to Larry and Curley dialer interfaces and to SwitchA and SwitchBLANs.

Step 8. Create access lists permitting both switched networks and the loopback on Mo.

Task 3: Logical LarryStep 1. Configure Larry with encapsulation PPP on the BRI interface using CHAP authentication and

Multilink.

Step 2. Use switch type basic-ni.

Step 3. Create dialer 0 to use the IP address 180.78.15.2 /30. Include dialer-pool, dialer-group, andpermit dialer-list.

Step 4. Configure Larry’s BRI using the appropriate SPIDs.

Step 5. Make sure that both B channels are used simultaneously.

Step 6. Configure username and password to Mo with password cisco.

Step 7. Configure interface fa0/0 on Larry with IP address 192.168.100.1 /24.

Step 8. Configure static routes to the Curley LAN and Mo’s loopback.

Step 9. Configure a default route out of BRI1/0.

Task 4: Logical CurleyStep 1. Configure Curley with encapsulation PPP on the BRI interface using CHAP authentication

and Multilink.

Step 2. Create dialer 0 with given IP address 194.65.14.2 /30. Include dialer-pool, dialer-group, andpermit dialer-list.

Step 3. Configure the BRI interface with the appropriate SPIDs.

Step 4. Configure username and password to Mo with password class.

Step 5. Configure interface fa0/0 with an IP address of 193.168.100.1 /24.


Step 6. Configure static routes to the Larry LAN and to the loopback on Mo.

Step 7. Configure a default route out of BRI 1/0.

Task 5: Switches Configure each switch with an IP address and appropriate default gateway for its network.

Task 6: VerificationThis lab is complete when you can ping every interface shown in Figure 4-4.

Mo#show running-config



!

version 12.2




!

hostname Mo

!

enable secret 5 $1$0usK$RscXAJFH74Osj7ahj2Qqo.

!

username Larry password 0 cisco

username Curley password 0 class

memory-size iomem 25

ip subnet-zero

!

!


!

!

!

interface Loopback0

ip address 172.16.0.1 255.255.255.0

!


no ip address

shutdown

speed auto

!

interface Serial0/0

no ip address

shutdown

no fair-queue


!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

encapsulation ppp



isdn spid1 51055510000001 5551000

isdn spid2 51055510010001 5551001


ppp multilink

!

interface Dialer0

ip address 180.78.15.1 255.255.255.252

encapsulation ppp

dialer pool 1

dialer remote-name Larry



dialer-group 1


!

interface Dialer1

ip address 194.65.14.1 255.255.255.252

encapsulation ppp

dialer pool 1

dialer remote-name Curley



dialer-group 2


!

!

ip classless

ip route 180.78.15.0 255.255.255.252 180.78.15.2

ip route 192.168.100.0 255.255.255.0 180.78.15.2

ip route 193.168.100.0 255.255.255.0 194.65.14.2

ip route 194.65.14.0 255.255.255.252 194.65.14.2

no ip http server

!

!




!

line con 0

line aux 0

line vty 0 4

!


end

Larry#show running-config



!

version 12.2




!

hostname Larry

!

enable secret 5 $1$5Jud$6ua9o9Z58aEpWAepfy0x1.

!

username Mo password 0 cisco

ip subnet-zero

!

!


!

!

!


ip address 192.168.100.1 255.255.255.0

speed auto

speed auto

!

interface Serial0/0

no ip address

shutdown

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address


encapsulation ppp



isdn spid1 51055520000001 5552000

isdn spid2 51055520010001 5552001


ppp multilink

!

interface Dialer0

ip address 180.78.15.2 255.255.255.252

encapsulation ppp

dialer pool 1

dialer remote-name Mo


dialer-group 1


!

ip classless

ip route 0.0.0.0 0.0.0.0 BRI1/0

ip route 172.16.0.0 255.255.255.0 180.78.15.1

ip route 193.168.100.0 255.255.255.0 180.78.15.1

no ip http server

!

!


!

line con 0

line aux 0

line vty 0 4

!


end

Curley#show running-config



!

version 12.2




!

hostname Curley

!


enable secret 5 $1$rNMq$pgKhyff67/X.hYe9ejz4c0

!

username Mo password 0 class


ip subnet-zero

!

!


!

!

!


ip address 193.168.100.1 255.255.255.0

speed auto

!

interface Serial0/0

no ip address

shutdown

no fair-queue

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

encapsulation ppp



isdn spid1 51055530000001 5553000

isdn spid2 51055530010001 5553001


ppp multilink

!

interface Dialer0

ip address 194.65.14.2 255.255.255.252

encapsulation ppp

dialer pool 1

dialer remote-name ISP


dialer-group 1


!

ip classless

ip route 0.0.0.0 0.0.0.0 BRI1/0

ip route 172.16.0.0 255.255.255.0 194.65.14.1


ip route 192.168.100.0 255.255.255.0 194.65.14.1

no ip http server

!

!


!

line con 0

line aux 0

line vty 0 4

!


end

SwitchA#show running-config



!

version 12.1

no service pad




!

hostname SwitchA

!

!

ip subnet-zero

!

!




!

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address


!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!

interface Vlan1

ip address 192.168.100.2 255.255.255.0

no ip route-cache

!


ip http server

!

!

line con 0

line vty 5 15

!

end

SwitchB#show running-config



!

version 12.1

no service pad




!

hostname SwitchB

!

!

ip subnet-zero

!


!




!

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!

interface Vlan1

ip address 193.168.100.2 255.255.255.0

no ip route-cache

!


ip http server

!

!

line con 0

line vty 5 15

!

end


CHAPTER 5

Frame Relay

The Study Guide portion of this chapter uses a combination of fill-in-the-blank, multiple-choice, and open-ended question exercises to test your knowledge of the theory of Frame Relay terminology, bandwidth, andflow control. This chapter also discusses the importance of Frame Relay addressing, map statements, andthe use of Inverse Address Resolution Protocol (ARP) and Local Management Interface (LMI) operation.

The Lab Exercises portion of this chapter includes all the online curriculum labs and three challenge labsto ensure that you have mastered the practical, hands-on skills needed for Frame Relay maps, subinterfaceconfiguration, and troubleshooting.

Study Guide

Frame Relay ConceptsFrame Relay is a standalone packet-switched technology that operates using virtual circuits to connectLANs across a cloud. It uses switched virtual circuits (SVCs) (less common) and permanent virtual cir-cuits (PVCs), which the carrier preconfigures, to join locations. Frame Relay also provides no error-check-ing technology, because it was designed to run on digital, high-quality lines. A Frame Relay edge routermay have multiple PVCs toward different locations and labels each one with a data-link connection identi-fier (DLCI). Each PVC has its own set amount of bandwidth inside the cloud; this is called the committedinformation rate (CIR), which is the method of flow control for Frame Relay. Commonly, Frame Relaynetworks are set up in either star (hub-and-spoke), Frame Relay star, full-mesh, or partial-mesh topologies.In a star topology, all the edge routers connect to a central location, as opposed to a Frame Relay star,where the edge routers connect to a cloud. Mesh and partial-mesh topologies connect every location, or atleast most of them, to one another. Local Management Interfaces (LMI) extensions are also provided withFrame Relay to reduce the transfer delay between two locations. LMIs include mechanisms to keep trackof keepalive messages and VC status and a mechanism with flow control; LMI types are Cisco, Q933a,and ANSI. LMIs combined with Inverse ARP allow a router to associate a DLCI with a network layeraddress; this allows the router to learn PVCs dynamically.

Concept Questions1. Compare a PVC to an SVC.

A PVC is a temporary connection brought up in the carrier’s cloud when communication with aremote site is initiated. The connection is considered permanent because data takes the same path toand from each location every time. An SVC is a switched connection that is not mapped inside thecarrier’s network and that takes a different path each time data is sent between locations. It is treatedas a one-time connection.

2. LMI is a signaling standard that allows DTEs to dynamically acquire information about a network’sstatus. Keepalive messages are one example of status messages that are sent. Explain how routers usekeepalive messages.

Keepalive messages allow connecting devices to know that the link is active. When no keepalives arereceived, the connecting devices view the link as inactive or down.

3. Explain how a DLCI is used to route Frame Relay traffic.

A DLCI is used to identify a virtual circuit between a CPE and the Frame Relay switch. The FrameRelay switch maps the DLCI to a circuit between two remote routers to provide a permanent thor-oughfare between them.

Configuring Frame RelayTo configure Frame Relay, go into the serial interface connected to the frame cloud or frame switch andenter encapsulation frame-relay [cisco | ietf]. cisco is the default encapsulation and should be used onlyif you’re connecting to another Cisco router. You should use the ietf encapsulation option when connectingnon-Cisco routers.

You can also set the LMI type with the command frame-relay lmi-type [cisco | q933a | ansi]. This is notnecessary for Cisco IOS Software Release 11.2 and later, because LMI types are automatically discovered.


Chapter 5: Frame Relay 171

You might need to statically configure a Frame Relay map with the command frame-relay map [protocol][network address] [dlci] broadcast when Inverse ARP is not available on the router. The broadcast key-word allows routing updates to be sent across the cloud. The use of a subinterface enables you to use one interface to connect multiple locations, avoiding the need to purchase more equipment. Each subinter-face can be set up as a point-to-point or point-to-multipoint interface (interface serial [number]/[number].[subinterface number] [point-to-point | point-to-multipoint]). Point-to-point is used when eachsubinterface will act as point-to-point connection to another interface. The subinterfaces must also be onthe same subnet, separate from others. A point-to-multipoint interface is used when connecting multiplelocations. In this case, all connecting interfaces must be on the same subnet. To verify the configurations,you can use the show frame-relay map and show frame-relay pvc commands to display PVC informa-tion. To clear out any dynamically learned maps, use the command clear frame-relay inarp.

Concept Questions1. Explain why using subinterfaces resolves the split-horizon issue without your having to disable the

feature.

Split horizon prevents routing updates from being sent across the same interface in which they werereceived. Turning this feature off increases the chances of a routing loop occurring. Subinterfaces arelogical subdivisions of a physical interface. This allows each subinterface to look as though it is a sep-arate physical interface, therefore allowing the update to be sent.

2. Forward explicit congestion notification (FECN) and backward explicit congestion notification(BECN) are used for traffic shaping. Explain each one’s purpose and how they are used to notifydevices of congestion.

FECNs are sent to the destination device, indicating that congestion has occurred. BECNs are sent tothe transmitting router, instructing it to reduce the rate at which it is sending packets into the FrameRelay network. Traffic shaping must be configured for the router to respond to BECN notification.

3. You are troubleshooting a Frame Relay network that is not functioning. What commands can you useto determine the cause of the problem, and what information do these commands display?

show interface serial 0 displays the following:

■ Encapsulation, Layer 1 and 2 information, DLCI and LMI information

show frame-relay pvc displays the following:

■ The status of each configured VC

■ Traffic statistics

■ BECN and FECN packets received by the router

show frame-relay map displays the following:

■ Current map entries

■ The IP address of the remote router and the DLCI it is mapped to

■ Connection status

show frame-relay lmi displays the following:

■ LMI traffic statistics

■ The number of status messages exchanged between the router and Frame Relay switch


1. Which of the following are valid Frame Relay LMI types? (Select three)

A. Cisco

B. Q921

C. Q931

D. Q933a

E. ANSI

F. IETF

G. Annex A

H. Annex D

2. Which of the following are true of point-to-point subinterfaces? (Select all that apply)

A. They are used to establish one PVC connection.

B. They are used to establish multiple PVC connections.

C. Each pair of point-to-point routers requires its own subnet.

D. All participating interfaces are in the same subnet.

E. The split-horizon rule does not apply to routing update traffic.

3. DLCI numbers range from 0 through 1023. What range of numbers is available to subscribers?

A. 0–1023

B. 1–15 and 1008–1022

C. 992–1007

D. 16–991

4. When a Frame Relay switch notices its queue increasing, what does it use to reduce the flow offrames it receives?

A. Explicit correction notifications

B. Error correction notifications

C. Explicit congestion notifications

D. Error congestion notifications

5. What command enables you to configure the local DLCI on the subinterface?

A. Router(config)#frame-relay interface dlci [number]

B. Router(config-if)#frame-relay interface dlci [number]

C. Router(config)#frame relay interface-dlci [number]

D. Router(config-subif)#frame-relay interface-dlci [number]

6. Which of the following are true of the Local Management Interface? (Select all that apply)

A. Cisco IOS Software Release 11.2 or later allows the router to automatically determine the LMItype used by the switch.

B. It is used between the DCE and the Frame switch in the carrier’s network.

C. It is used between the DTE and the Frame switch in the carrier’s network.

D. It can be used only with Inverse ARP enabled.


7. Which of the following are displayed when you use the command show frame-relay lmi? (Select two)

A. LMI type

B. DLCI number

C. The number of status messages sent and received between the router and the Frame switch

D. Current map entries and their status

E. The number of status messages sent and received for each configured PVC

8. When you configure Frame Relay subinterfaces, which of the following must not be configured?

A. Frame Relay encapsulation on the physical interface

B. The DLCI numbers on the subinterface

C. The subinterface type as multipoint

D. The IP address on the physical interface

E. The IP address on the subinterface

9. What would be the result if the broadcast keyword at the end of the following command line wereomitted?

frame-relay map ip 131.108.123.1 100 broadcast

A. Routing updates would be forwarded.

B. Routing updates would not be forwarded.

C. The statement would be broadcast to all other routers in the frame network.

D. The router would be prevented from becoming a broadcast firewall.

10. Which of the following solve the split-horizon quandary in a Frame Relay environment with multipleconnections over a single physical interface? (Select two)

A. Partial-mesh topology

B. Full-mesh topology

C. Subinterfaces

D. Point-to-point topology

11. Which of the following are true of multipoint subinterfaces? (Select all that apply)

A. They are used to establish one PVC connection.

B. They are used to establish multiple PVC connections.

C. Each pair of point-to-point routers requires its own subnet.

D. All participating interfaces are in the same subnet.

E. The split-horizon rule does not apply to routing update traffic.

F. The split-horizon rule is applied because the subinterface acts like an NBMA interface.

12. What two methods allow a router to associate network layer and data link layer addresses?

A. Inverse ARP with LMI messages

B. Inverse RARP

C. Reverse ARP

D. Frame Relay map

E. DLCI status messages

F. FECN

G. BECN


13. What is used to distinguish between various PVCs on a single line?

A. LMI

B. LAPF

C. DLCI

D. LAPD

14. What are DLCI 0 and DLCI 1023 reserved for?

A. Cisco LMI type is 0, and Q933a LMI type is 1023.

B. Q933a LMI type is 0, and Cisco LMI type is 1023.

C. Cisco LMI type is 0, and Q931 LMI type is 1023.

D. IETF LMI type is 0, and Cisco LMI type is 1023.

15. Which of the following are true of DLCI values? (Select three)

A. They have local significance.

B. They have global significance.

C. They are unique to the physical channel on which they reside.

D. Different DLCI values can be used at each end to refer to the same VC.

E. DLCI values must be the same on each end when referring to the same VC.

16. How does a switch identify frames that exceed the CIR?

A. DE

B. FECN

C. BECN

D. LAPF

17. What are the possible connection states that a VC could be in when using the show frame-relay pvccommand? (Select three)

A. Active

B. Passive

C. Inactive

D. Deleted

E. Unknown

18. When configuring Frame Relay, what can you do to prevent split-horizon problems? (Select two)

A. Use a physical interface to route traffic for multiple PVCs.

B. Configure a separate subinterface for each PVC.

C. Configure a separate subinterface for multiple PVCs.

D. Disable split horizon.


19. Most ISPs disable the use of Inverse ARP in their networks. What command is the alternative solutionwhen they cannot be dynamically mapped?

A. frame-relay inverse-arp

B. frame-relay map

C. frame-relay interface-type

D. frame-relay ip map

20. Which of the following appear when you use the show frame-relay pvc command? (Select all that apply)

A. Status of each configured connection

B. Traffic statistics

C. IP address of the remote location

D. Map entries

E. The number of FECN and BECN entries received by the router


Lab Exercises

Curriculum Lab 5-1: Configuring Frame Relay (5.2.1)Figure 5-1 Topology for Lab 5-1


Router Designation Router Name Fast Ethernet 0 Adtran ConnectionAddress/Subnet Mask

Router 1 Cork 192.168.14.1/24 1/1

The enable secret password for this router is class.

The enable, vty, and console password for this router is cisco.

Objective

■ Configure a router to establish a connection to a local Frame Relay switch.


This lab uses an Adtran Atlas550 Frame Relay to simulate the Frame Relay switch/cloud.

The Cork Wholesale Food Company has just had a Frame Relay circuit installed to its local central office(CO) by the telco carrier. The network administrator must confirm that the router and Frame Relay switchcan communicate successfully.






Task 2: Configure the Serial InterfaceStep 1. In Frame Relay, the customer router is considered to be the DTE device. To configure the serial

interface, you must define the Layer 2 Frame Relay frame type. To configure the frame type,use the following commands:

Cork#configure terminal

Cork(config)#interface serial 0

Cork(config-if)#encapsulation frame-relay IETF

Step 2. Next, you need to configure the format of the Frame Relay management protocol. To configurethe Local Management Interface (LMI) type, use the following commands:

Cork(config-if)#frame-relay lmi-type ansi

Cork(config-if)#no shutdown

Cork(config-if)#ctrl+z

Task 3: Verify the Frame Relay ConfigurationTo verify the configuration, use the show interface commands that are related to Frame Relay. To view theserial interface configuration, enter the following command:

Cork#show interface serial 0





Encapsulation FRAME-RELAY IETF, loopback not set


LMI enq sent 7, LMI stat recvd 7, LMI upd recvd 0, DTE LMI up

LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0

LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE

Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface

broadcasts 0





Output queue: 0/40 (size/max)












What is the state of the interface? Serial 0 is up, line protocol is up.

What is the encapsulation type? frame-relay ietf

What state is the DTE LMI in? Up

What is the LMI type? ANSI Annex D

Task 4: Review Switch AssignmentsTo verify that the DLCIs are defined on the switch, use show frame-relay pvc. The DLCIs are learned bythe router via LMI and can be viewed:

Cork#show frame-relay pvc

Cork#show frame-relay pvc

PVC Statistics for interface Serial0 (Frame Relay DTE)

Active Inactive Deleted Static

Local 0 0 0 0

Switched 0 0 0 0

Unused 0 3 0 0

DLCI = 102, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE =

Serial0

input pkts 0 output pkts 0 in bytes 0

out bytes 0 dropped pkts 0 in pkts dropped 0

out pkts dropped 0 out bytes dropped 0

in FECN pkts 0 in BECN pkts 0 out FECN pkts 0

out BECN pkts 0 in DE pkts 0 out DE pkts 0

out bcast pkts 0 out bcast bytes 0

switched pkts 0

Detailed packet drop counters:

no out intf 0 out intf down 0 no out PVC 0

in PVC down 0 out PVC down 0 pkt too big 0

shaping Q full 0 pkt above DE 0 policing drop 0

pvc create time 00:02:30, last time pvc status changed 00:02:30


Serial0







switched pkts 0








Serial0







switched pkts 0






What DLCI numbers are available on the switch? 102, 103, 104

What is the PVC status of the first DLCI? Inactive

Task 5: Check the Frame Relay MapThe output from the show frame-relay map command shows that none of the DLCIs defined on theswitch are in use. The PVC is inactive, and there is no current mapping between the Layer 2 DLCI andLayer 3 IP address.

Why is this?

There is no output because there is no mapping between the DLCI and IP.


! Cork


Router(config)#hostname Cork

Cork(config)#enable password cisco

Cork(config)#enable secret class

Cork(config)#line con 0

Cork(config-line)#password cisco

Cork(config-line)#login

Cork(config-line)#line vty 0 4

Cork(config-line)#password cisco

Cork(config-line)#login

Cork(config-line)#exit

Cork(config)#exit

Cork#copy running-config startup-config

Cork Frame Relay Configuration

Cork#configure terminal

Cork(config)#interface serial 0

Cork(config-if)#encapsulation frame-relay ietf

Cork(config-if)#frame-relay lmi-type ansi


Cork(config-if)#no shutdown

Cork(config-if)#exit

Cork(config)#exit

Cork#copy running-config startup-config

Curriculum Lab 5-2: Configuring Frame Relay PVC (5.2.2)Figure 5-2 Topology for Lab 5-2


Router Router Interface Serial 0 Fast Ethernet 0 DLCI Designation Name Type Address/Subnet Address/Subnet Number

Mask Mask

Router 1 Washington DCE 192.168.1.1/24 192.168.3.1/24 102

Router 2 Dublin DTE 192.168.1.2/24 192.168.2.1/24 102



Objective

■ Configure two routers back to back as a Frame Relay PVC. You will do this manually, in the absenceof a Frame Relay switch, so there will be no LMI.







Task 2: Configure the Washington Serial InterfaceFirst, define the Frame Relay frame type to be used on this link. To configure the encapsulation type, usethe command encapsulation frame-relay ietf. Disable keepalive messages because there is no FrameRelay switch in this configuration (and consequently no Frame Relay DCE):


Washington(config-if)#interface serial 0

Washington(config-if)#encapsulation frame-relay ietf

Washington(config-if)#no keepalive



Task 3: Configure the Frame Relay Map on WashingtonWhen you are sending an Ethernet frame to a remote IP address, you must discover the remote MACaddress so that you can construct the correct frame type. Frame Relay needs a similar mapping.

The remote IP address needs to be mapped to the local DLCI (Layer 2 address) so that the correctlyaddressed frame can be created locally for this PVC. Because you cannot map the DLCI automatically,with LMI disabled, you must create this map manually by using the frame-relay map command. Thebroadcast parameter allows IP broadcasts to use the same mapping for crossing this PVC:

Washington(config-if)#frame-relay map ip 192.168.1.2 102 ietf broadcast

Task 4: Configure the DCE on WashingtonIn this configuration using DCE cables, a clock signal is necessary. The bandwidth command is optional,but it is a wise choice for verifying bandwidth transmission. Another option is to describe the connectionby using the description command. This is useful so that you can record information about the PVC, suchas a remote contact person and the leased-line circuit identifier:

Washington(config-if)#clockrate 64000

Washington(config-if)#bandwidth 64

Washington(config-if)#description PVC to Dublin, DLCI 102, Circuit #DASS465875, ContactJohn Tobin (061-8886745)

Task 5: Configure the Dublin RouterConfigure the Dublin router by using the following commands:


Dublin(config-if)#interface serial 0

Dublin(config-if)#encapsulation frame-relay ietf

Dublin(config-if)#no keepalive



Dublin(config-if)#frame-relay map ip 192.168.1.1 102 ietf broadcast

Dublin(config-if)#bandwidth 64

Dublin(config-if)#description PVC to Washington, DLCI 102, Circuit #DASS465866 ContactPat White (091-6543211)


Task 6: Verify the Frame Relay PVCOn the Washington router, enter the command show frame-relay pvc:

Washington#show frame-relay pvc

Washington#show frame-relay pvc



Local 0 0 0 1

Switched 0 0 0 0

Unused 0 0 0 0

DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE =

Serial0








What DLCI number is reported? 102

What is the PVC status? STATIC

What is the value of the DLCI USAGE? LOCAL

Task 7: Display the Frame Relay MapTo view the Layer 2 to Layer 3 mapping, use the show frame-relay map command at the privilegedEXEC mode prompt:

Washington#show frame-relay map

Washington#show frame-relay map

Serial0 (up): ip 192.168.1.2 dlci 102(0x66,0x1860), static,

broadcast, IETF

What is the IP address shown? 192.168.1.2

In what state is interface serial 0? Up

Task 8: Verify Frame Relay ConnectivityStep 1. From the Washington router, ping the Dublin router serial interface:

Washington#ping 192.168.1.2



!!!!!


Washington#



Step 2. If not, troubleshoot router configurations.


! Washington


Router(config)#hostname Washington

Washington(config)#enable password cisco

Washington(config)#enable secret class

Washington(config)#line con 0



Washington(config-line)#line vty 0 4



Washington(config-line)#interface fastethernet 0






! Washington Frame Relay Configuration



Washington(config-if)#encapsulation frame-relay ietf

Washington(config-if)#no keepalive



Washington(config-if)#frame-relay map ip 192.168.1.2 102 ietf broadcast


Washington(config-if)#bandwidth 64

Washington(config-if)#description PVC to Dublin, DLCI 102, Circuit

#DASS465875, Contact John Tobin (061-8886745)



! Dublin


Router(config)#hostname Dublin

Dublin(config)#enable password cisco

Dublin(config)#enable secret class

Dublin(config)#line console 0



Dublin(config-line)#line vty 0 4




Dublin(config-line)#interface fastethernet 0




Dublin(config)#exit


! Dublin Frame Relay Configuration



Dublin(config-if)#encapsulation frame-relay ietf

Dublin(config-if)#no keepalive



Dublin(config-if)#frame-relay map ip 192.168.1.1 102 ietf broadcast

Dublin(config-if)#bandwidth 64

Dublin(config-if)#$description PVC to Washington, DLCI 102,Circuit

#DASS465866 Contact Pat White (091-6543211)


Dublin(config)#exit


Curriculum Lab 5-3: Configuring Frame RelaySubinterfaces (5.2.5)Figure 5-3 Topology for Lab 5-3



Router Router Interface Serial 0 DLCI Fast Ethernet 0 Designation Name Type Address/Subnet Number Address/Subnet

Mask

Router 1 Amsterdam DTE 192.168.4.1/24 102 192.168.1.1/24192.168.5.1/24 103

Router 2 Paris DTE 192.168.4.2/24 201 192.168.2.1/24192.168.6.1/24 203

Router 3 Berlin DTE 192.168.5.2/24 301 192.168.3.1/24192.168.6.2/24 302

The enable secret password for all routers is class.

The enable, vty, and console password for all routers is cisco.

The routing protocol for all routers is IGRP 100.

Objective

■ Configure three routers in a full-mesh Frame Relay network.


This lab uses an Adtran Atlas550 Frame Relay to simulate the switch/Frame Relay cloud.





Task 2: Configure the Serial 0 InterfacesStep 1. Define the Frame Relay encapsulation type to be used on this link by using the following com-

mands:

Amsterdam#configure terminal

Amsterdam(config)#interface serial 0

Amsterdam(config-if)#encapsulation frame-relay ietf

Amsterdam(config-if)#frame-relay lmi-type ansi

Step 2. Use a description field to store relevant information, such as the circuit number, if you have toreport a line fault:

Amsterdam(config-if)#description Circuit #KPN465555

Amsterdam(config-if)#no shutdown


Step 3. The same commands are used to configure the Berlin and Paris routers:


Paris(config-if)#encapsulation frame-relay ietf

Paris(config-if)#frame-relay lmi-type ansi

Paris(config-if)#description Circuit #FRT372826


Berlin(config)#interface serial 0

Berlin(config-if)#encapsulation frame-relay ietf

Berlin(config-if)#frame-relay lmi-type ansi

Berlin(config-if)#description Circuit #DTK465866

Berlin(config-if)#no shutdown

Task 3: Create Subinterfaces on the Amsterdam RouterFor each of the PVCs, create a subinterface on the serial port. This subinterface will be a point-to-pointconfiguration. For consistency and future troubleshooting, use the DLCI number as the subinterface num-ber. The commands to create a subinterface are as follows:

Amsterdam(config-if)#interface serial 0.102 point-to-point

Amsterdam(config-if)#description PVC to Paris, DLCI 102, Contact Rick Voight(+33-1-5534-2234) Circuit #FRT372826

Amsterdam(config-if)#ip address 192.168.4.1 255.255.255.0

Amsterdam(config-if)#frame-relay interface-dlci 102


Amsterdam(config-if)#description PVC to Berlin, DLCI 103, Contact P Wills(+49- 61 03 / 765 72 00) Circuit #DTK465866


Amsterdam(config-if)#frame-relay interface-dlci 103

Task 4: Create Subinterfaces on the Paris RouterTo configure the subinterfaces on the Paris router, use the following commands:

Paris(config-if)#interface Serial 0.201 point-to-point

Paris(config-if)#description PVC to Amsterdam, DLCI 201, Contact Peter Muller (+31 20623 32 67) Circuit #KPN465555


Paris(config-if)#frame-relay interface-dlci 201


Paris(config-if)#description PVC to Berlin, DLCI 203, Contact Peter Willis (+49- 61 03 /7 66 72 00) Circuit #DTK465866


Paris(config-if)#frame-relay interface-dlci 203

Task 5: Create Subinterfaces on the Berlin RouterTo configure the subinterfaces on the Berlin router, use the following commands:

Berlin(config-if)#interface Serial 0.301 point-to-point

Berlin(config-if)#description PVC to Amsterdam, DLCI 301, Contact Peter Muller (+31 20


623 32 67) Circuit #KPN465555

Berlin(config-if)#ip address 192.168.5.2 255.255.255.0

Berlin(config-if)#frame-relay interface-dlci 301


Berlin(config-if)#description PVC to Paris, DLCI 302, Contact Rick Voight (+33-1-5534-2234) Circuit #FRT372826


Berlin(config-if)#frame-relay interface-dlci 302

Task 6: Configure IGRP RoutingTo configure the routing protocol IGRP 100, use the following configuration:

Amsterdam(config)#router igrp 100

Amsterdam(config-router)#network 192.168.1.0



Paris(config)#router igrp 100

Paris(config-router)#network 192.168.2.0



Berlin(config)#router igrp 100

Berlin(config-router)#network 192.168.3.0



Task 7: Verify the Frame Relay PVCOn the Amsterdam router, issue the command show frame-relay pvc:

Amsterdam#show frame-relay pvc

Amsterdam#show frame-relay pvc



Local 2 1 0 0

Switched 0 0 0 0

Unused 0 0 0 0

DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =

Serial0.102










DLCI = 103, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =

Serial0.103








DLCI = 104, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE =

Serial0








How many active local PVCs exist? 2

What is the interface value? Serial0.102, Serial0.103

What is the PVC status? Active

Which DLCI number is inactive? 104

From this, you can see that three DLCIs are defined on this Frame Relay circuit, and only two of them arein use. This is the way the Adtran 550 emulator has been configured. It is useful output because it showswhat you would see if a DLCI were defined on the Frame Relay switch but not configured on the router.The other DLCIs, 102 and 103, are active and are associated with their respective subinterfaces. It alsoshows that some packets have passed across the PVC.

Task 8: Show the Frame Relay MapsLook at the Frame Relay maps by entering the command show frame-relay map at the privileged EXECmode prompt:

Amsterdam#show frame-relay map

Amsterdam#show frame-relay map

Serial0.103 (up): point-to-point dlci, dlci 103(0x67,0x1870), broadcast

status defined, active

Serial0.102 (up): point-to-point dlci, dlci 102(0x66,0x1860), broadcast

status defined, active

What is the status of the links? Up

What type are the DLCIs defined as? Point-to-point

Are the DLCIs the same on the Paris router? No


Task 9: Show the LMIsLook at the LMI statistics by using the show frame-relay lmi command:

Amsterdam#show frame-relay lmi

Amsterdam#show frame-relay lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = ANSI

Invalid Unnumbered info 0 Invalid Prot Disc 0

Invalid dummy Call Ref 0 Invalid Msg Type 0

Invalid Status Message 0 Invalid Lock Shift 0

Invalid Information ID 0 Invalid Report IE Len 0

Invalid Report Request 0 Invalid Keep IE Len 0

Num Status Enq. Sent 55 Num Status msgs Rcvd 56

Num Update Status Rcvd 0 Num Status Timeouts 0

Which fields have nonzero counter values?

Num Status Enq. Sent, Num Status msgs Rcvd

What is the LMI type? ANSI

Task 10: Check the Routing ProtocolStep 1. Use the show ip route command to verify that the PVCs are up and active:

Amsterdam#show ip route

Amsterdam#show ip route


BGP





inter area




C 192.168.4.0/24 is directly connected, Serial0.102

C 192.168.5.0/24 is directly connected, Serial0.103

I 192.168.6.0/24 [100/10476] via 192.168.4.2, 00:01:06, Serial0.102

[100/10476] via 192.168.5.2, 00:01:20, Serial0.103


I 192.168.2.0/24 [100/8486] via 192.168.4.2, 00:01:06, Serial0.102

I 192.168.3.0/24 [100/8486] via 192.168.5.2, 00:01:20, Serial0.103

Is the routing protocol working? Yes

Step 2. If not, troubleshoot the router configurations.

List the IGRP routes.

I 192.168.6.0/24 [100/10476] via 192.168.4.2, 00:01:06, Serial0.102

[100/10476] via 192.168.5.2, 00:01:20, Serial0.103


I 192.168.2.0/24 [100/8486] via 192.168.4.2, 00:01:06, Serial0.102

I 192.168.3.0/24 [100/8486] via 192.168.5.2, 00:01:20, Serial0.103

Task 11: Verify ConnectivityStep 1. Ping the Fast Ethernet interfaces.

Amsterdam#ping 192.168.1.1



!!!!!





!!!!!





!!!!!



Step 2. If not, troubleshoot the router configurations and repeat this task.


Amsterdam


Router(config)#hostname Amsterdam

Amsterdam(config)#enable password cisco

Amsterdam(config)#enable secret class

Amsterdam(config)#line con 0

Amsterdam(config-line)#password cisco

Amsterdam(config-line)#login

Amsterdam(config-line)#line vty 0 4

Amsterdam(config-line)#password cisco

Amsterdam(config-line)#login

Amsterdam(config-line)#interface fastethernet 0



Amsterdam(config-if)#exit

Amsterdam(config)#exit

Amsterdam#copy running-config startup-config

! Amsterdam Frame Relay and IGRP Configuration

Amsterdam#configure terminal


Amsterdam(config)#interface serial 0

Amsterdam(config-if)#encapsulation frame-relay ietf

Amsterdam(config-if)#frame-relay lmi-type ansi

Amsterdam(config-if)#description Circuit #KPN465555



Amsterdam(config-subif)#description PVC to Paris, DLCI 102, contact Rick

Voight(+33-1-5534-2234) Circuit #FRT372826

Amsterdam(config-subif)#ip address 192.168.4.1 255.255.255.0

Amsterdam(config-subif)#frame-relay interface-dlci 102

Amsterdam(config-fr-dlci)#interface serial 0.103 point-to-point

Amsterdam(config-subif)#description PVC to Berlin, DLCI 103, Contact P

Wills (+49- 61 03 / 7 65 72 00) Circuit #DTK465866

Amsterdam(config-subif)#ip address 192.168.5.1 255.255.255.0

Amsterdam(config-subif)#frame-relay interface-dlci 103

Amsterdam(config-fr-dlci)#router igrp 100




Amsterdam(config-router)#exit

Amsterdam(config)#exit

Amsterdam#copy running-config startup-config

! Paris


Router(config)#hostname Paris



Paris(config)#line con 0



Paris(config-line)#line vty 0 4



Paris(config-line)#interface fastethernet 0




! Paris Frame Relay and IGRP Configuration



Paris(config-if)#encapsulation frame-relay ietf

Paris(config-if)#frame-relay lmi-type ansi

Paris(config-if)#description Circuit #FRT372826




Paris(config-subif)#description PVC to Amsterdam, DLCI 201, Contact Peter

Muller (+31 20 623 32 67) Circuit #KPN465555

Paris(config-subif)#ip address 192.168.4.2 255.255.255.0

Paris(config-subif)#frame-relay interface-dlci 201

Paris(config-fr-dlci)#interface Serial 0.203 point-to-point

Paris(config-subif)#description PVC to Berlin, DLCI 203, Contact Peter

Willis (+49- 61 03 / 7 66 72 00) Circuit #DTK465866

Paris(config-subif)#ip address 192.168.6.1 255.255.255.0

Paris(config-subif)#frame-relay interface-dlci 203

Paris(config-fr-dlci)#router igrp 100




Paris(config-router)#exit

Paris(config)#exit


! Berlin


Router(config)#hostname Berlin

Berlin(config)#enable password cisco

Berlin(config)#enable secret class

Berlin(config)#line con 0

Berlin(config-line)#password cisco

Berlin(config-line)#login

Berlin(config-line)#line vty 0 4

Berlin(config-line)#password cisco

Berlin(config-line)#login

Berlin(config-line)#interface fastethernet 0



Berlin(config-if)#exit

Berlin(config)#exit

Berlin#copy running-config startup-config

! Berlin Frame Relay and IGRP Configuration

Berlin#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Berlin(config)#interface serial 0

Berlin(config-if)#encapsulation frame-relay ietf

Berlin(config-if)#frame-relay lmi-type ansi

Berlin(config-if)#description Circuit #DTK465866




Berlin(config-subif)#description PVC to Amsterdam, DLCI 301, Contact Peter

Muller (+31 20 623 32 67) Circuit #KPN465555

Berlin(config-subif)#ip address 192.168.5.2 255.255.255.0

Berlin(config-subif)#frame-relay interface-dlci 301

Berlin(config-fr-dlci)#interface Serial 0.302 point-to-point

Berlin(config-subif)#$ description PVC to Paris, DLCI 302, Contact Rick

Voight (+33-1-5534-2234) Circuit #FRT372826

Berlin(config-subif)#ip address 192.168.6.2 255.255.255.0

Berlin(config-subif)#frame-relay interface-dlci 302

Berlin(config-subif)#exit

Berlin(config-if)#exit

Berlin(config)#router igrp 100




Berlin(config-router)#exit

Berlin(config)#exit

Berlin#copy running-config startup-config

Challenge Lab 5-4: Four-Interface Frame Relay Switch This lab teaches you how to make a router into a four-interface Frame Relay switch. It is intended for useif an Adtran is unavailable. It lets you convert a router into a Frame Relay switch. You must have a WIC2Tinserted in both WIC slots on the router. You can complete this lab using a 1721, 1760, or 2600 router thathas two serial WICs available. Figure 5-4 presents the topology for this lab.



FrameSwitch

DLCI [101]DLCI [102]DLCI [103]



S0/0 S1/0

S0/1 S1/1


Task 1Erase the NVRAM and restart the router.

Task 2Rename the router Frame_Switch:

Router(config)#Frame_Switch

Task 3Enable Frame Relay switching on the router using the following command:

Frame_Switch (config)#frame-relay switching

This command enables you to create PVCs on the router interfaces. You must do this before configuringany interfaces.

Task 4For the router to act as a Frame Relay switch, configure the following command on each interface:

Frame_Switch (config-if)#frame-relay interface-type dce

Task 5Configure each router interface to use the IETF encapsulation type:

Frame_Switch (config-if)#encapsulation frame-relay ietf

Task 6Configure Frame Relay PVC static routes on each interface. Following is a list of how each PVC shouldbe mapped on the appropriate interfaces:

■ Interface Serial 0/0:

■ DLCI 101 to DLCI 201 on interface Serial 0/1
















Task 7Proceed to Challenge Lab 5-5, “Frame Relay Switch Challenge Lab 1.”

Frame_Switch#show running-config



!

version 12.2




!

hostname Frame_Switch

!

!

ip subnet-zero

!

frame-relay switching

!

!

!

!


no ip address

shutdown

speed auto

!

interface Serial0/0

no ip address

encapsulation frame-relay IETF

no fair-queue

clockrate 64000

frame-relay intf-type dce

frame-relay route 101 interface Serial0/1 201



!

interface Serial0/1

no ip address


clockrate 64000






!

interface Serial1/0

no ip address


clockrate 64000





!

interface Serial1/1

no ip address


clockrate 64000





!

ip classless

no ip http server

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

!


end

Challenge Lab 5-5: Frame Relay Switch Challenge Lab 1As the network administrator, you are required to set up a network using Frame Relay maps that will allowmultiple Open Shortest Path First (OSPF) areas to communicate over a secure path through the FrameRelay cloud. You also need to set up the internal network addressing using virtual-length subnet masks(VLSMs) and classless interdomain routing (CIDR). You need a strong grasp of Dynamic Host ControlProtocol (DHCP) and Network Address Translation (NAT) to complete this lab. Figure 5-5 shows the net-work topology for this lab using a Frame Relay switch, and Figure 5-6 shows the same topology using anAdtran.


Figure 5-5 Challenge Lab Diagram Using a Frame Relay Switch

Figure 5-6 Challenge Lab Diagram Using an Adtran


Lo0200.154.69.1/32

Web Server

ISP

West

S0/0

FA0/24

FA0/0

FA0/1

FA0/24West_S2 West_S1FA0/24

FA0/24 East_S2

West LANVLAN1–14 Hosts

VLAN10 (Students) – 28 HostsVLAN20 (Teachers) – 14 Hosts

VLAN30 (Administration) – 30 Hosts192.168.100.0/24

East LANVLAN1 – 60 Hosts



Frame Switch

S0/0

S1/0S0/1S0/0

S0/0

EastFA0/0

FA0/1

East_S1

DLCI [201] DLCI [301]

DLCI [102]DLCI [101]

Area 0

Area 51 Area 61DLCI [302]DLCI [202]

Lo0200.154.69.1/32

Web Server

ISP

West

S0/0

FA0/24

FA0/0

FA0/1

FA0/24West_S2 West_S1FA0/24

FA0/24 East_S2

VLAN1–14 HostsVLAN10 (Students) – 28 HostsVLAN20 (Teachers) – 14 Hosts

VLAN30 (Administration) – 30 Hosts

East LANVLAN1 – 60 Hosts



Adtran

1/1

2/11/2S0/0

S0/0

EastFA0/0

FA0/1

East_S1

DLCI [201] DLCI [301]

DLCI [103]DLCI [102]

Area 0

Area 51 Area 61DLCI [302]DLCI [203]


Router Serial Interface Interface Loopback 0 DLCI Numbers Enable Secret Name Address Type Address Password

ISP 64.53.18.1 /29 DTE 200.154.69.1/32 101, 102 cisco

East 64.53.18.2 /29 DTE — 301, 302 cisco

West 64.53.18.3 /29 DTE — 201, 202 cisco

Note:This lab gives you the option of using a Frame Relay switch as the cloud or an Adtran if one is available. You cancomplete this lab exercise using any 1721, 1760, or 2600 series routers. The Frame Relay switch can be configuredusing Lab 5-4 and should follow the diagram in Figure 5-5 for the correct DLCI numbers. If an Adtran is available,follow the diagram in Figure 5-6 for the correct DLCI numbers.

Objectives

■ Configure Frame Relay using a router as the Frame Switch.

■ Multiple area OSPF with authentication.

■ DHCP.

■ NAT and PAT.

■ VLANs and inter-VLAN routing.

Task 1Cable and configure the equipment according to Figure 5-5 or 5-6, depending on whether you are using aFrame Relay switch or an Adtran.

Instructor’s initials _____________

Task 2Step 1. Configure Frame Relay using the appropriate DLCIs.

Step 2. Ping each neighbor’s serial interface to verify correct configuration.


Task 3Step 1. Configure East_Switch1 and West_Switch1 as VLAN Trunking Protocol (VTP) servers and the

remaining switches as VTP clients.

Step 2. Configure all switches as part of the cisco VTP domain.

Step 3. Create the following VLANs on both server switches as follows:

■ VLAN 1

■ VLAN 10: Students

■ VLAN 20: Teachers

■ VLAN 30: Administrators




■ VLAN 10: Ports 6–10 (ports 3–6 if you’re using a 12-port switch)



Step 5. Configure inter-VLAN routing using IEEE 802.1q encapsulation and the appropriate address-ing scheme according to the diagram.


Task 4Step 1. Configure OSPF on each router using process ID 1.

Step 2. With multiple areas inside the OSPF environment, be sure to use the appropriate wildcard maskand area ID.

Step 3. The following commands must be configured on each OSPF router for Frame Relay to functionacross the Frame Switch. (Use Step 3 only when using a router as a Frame Relay switch.)

ISP(config)#router ospf 1

ISP(config-router)#neighbor 64.53.18.2 priority 1

ISP(config-router)#neighbor 64.53.18.3 priority 1

Step 4. Verify functionality using the show ip route command.

Do not configure authentication yet!


Task 5Step 1. Configure DHCP on the East and West routers based on VLAN subnet information.

Step 2. Exclude the first three addresses from each pool.


Task 6Step 1. Configure NAT on the East and West routers.

Step 2. East router will use 24.83.68.0/25 for its NAT pool:

■ Create a dynamic NAT pool for VLAN 1.

■ All users from VLAN 10 will access the outside world using one IP address.



Step 3. West router will use 161.73.29.0/26 for its NAT pool:







Task 7Step 1. Configure OSPF authentication on each router.

Step 2. Configure the OSPF authentication key as fred.

You have the choice of using plain text or encrypted options for authentication.


Task 8Configure the ISP router as a web server.


Task 9Verify configuration using the appropriate commands. Hosts from each LAN should be able to open abrowser and connect to the ISP web server.

Instructor’s initials _____________ISP#show running-config



!

version 12.2




!

hostname ISP

!

!


ip subnet-zero

!

!

!

!

!

interface Loopback0

description Web Server

ip address 200.154.69.1 255.255.255.255

!


no ip address

shutdown

speed auto

!

interface Serial0/0

description Frame Switch

ip address 64.53.18.1 255.255.255.248





no frame-relay inverse-arp

ip ospf authentication-key secret fred

no shut

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

router ospf 1

log-adjacency-changes

network 64.53.18.1 0.0.0.0 area 0

neighbor 64.53.18.3 priority 1


default-information originate

area 0 authentication

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip route 24.83.68.0 255.255.255.128 64.53.18.2

ip route 161.73.29.0 255.255.255.192 64.53.18.3

ip http server

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

West#show running-config



!

version 12.2




!

hostname West

!

!

ip subnet-zero



ip dhcp excluded-address 192.168.100.33 192.168.100.35 only exclude 3 addresses? 33-35q

ip dhcp excluded-address 192.168.100.65 192.168.100.67 only exclude 3 addresses? 65-67


!

ip dhcp pool Vlan1

network 192.168.100.80 255.255.255.240


!


network 192.168.100.32 255.255.255.224


!

ip dhcp pool Administration

network 192.168.100.0 255.255.255.224


!

ip dhcp pool Teachers

network 192.168.100.64 255.255.255.240


!

!

!

!

!


no shut

no ip address

speed auto

!


description Vlan1


ip address 192.168.100.81 255.255.255.240

ip nat inside

!


description Students


ip address 192.168.100.33 255.255.255.224

ip nat inside

!


description Teachers


ip address 192.168.100.65 255.255.255.240

ip nat inside

!


description Administration


ip address 192.168.100.1 255.255.255.224


ip nat inside

!

interface Serial0/0

ip address 64.53.18.3 255.255.255.248

ip nat outside


no fair-queue





no shut

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

router ospf 1


network 64.53.18.3 0.0.0.0 area 0

network 192.168.100.1 0.0.0.0 area 51

network 192.168.100.33 0.0.0.0 area 51

network 192.168.100.65 0.0.0.0 area 51

network 192.168.100.81 0.0.0.0 area 51




!

ip nat pool Vlan1 161.73.29.1 161.73.29.14 netmask 255.255.255.192



ip nat pool Administration 161.73.29.59 161.73.29.59 netmask 255.255.255.192

ip nat inside source list 1 pool Vlan1

ip nat inside source list 2 pool Students

ip nat inside source list 3 pool Teachers

ip nat inside source list 4 pool Administration overload

ip classless

ip route 24.83.68.0 255.255.255.128 Serial0/0

no ip http server

!

!





!

line con 0

logging synchronous

line aux 0


line vty 0 4

login

!

end

East#show running-config



!

version 12.2




!

hostname East

!

!


ip subnet-zero





!

ip dhcp pool Vlan1

network 192.168.11.0 255.255.255.192


!


network 192.168.10.0 255.255.255.0


!

ip dhcp pool Teachers

network 192.168.11.64 255.255.255.192


!

ip dhcp pool Administration

network 192.168.11.128 255.255.255.224


!

!

!

!

!



no shut

no ip address

speed auto

!


description Vlan1


ip address 192.168.11.1 255.255.255.192

ip nat inside

!


description Students


ip address 192.168.10.1 255.255.255.0

ip nat inside

!


description Teachers


ip address 192.168.11.65 255.255.255.192

ip nat inside

!


description Administration


ip address 192.168.11.129 255.255.255.224

ip nat inside

!

interface Serial0/0

ip address 64.53.18.2 255.255.255.248

ip nat outside






no shut

!

interface Serial0/1

no ip address

shutdown

!

router ospf 1


network 64.53.18.2 0.0.0.0 area 0

network 192.168.10.1 0.0.0.0 area 61


network 192.168.11.1 0.0.0.0 area 61

network 192.168.11.65 0.0.0.0 area 61

network 192.168.11.129 0.0.0.0 area 61




!

ip nat pool Vlan1 24.83.68.1 24.83.68.60 netmask 255.255.255.128



ip nat pool Administration 24.83.68.65 24.83.68.95 netmask 255.255.255.128

ip nat inside source list 1 pool Vlan1

ip nat inside source list 2 pool Students overload

ip nat inside source list 3 pool Teachers overload

ip nat inside source list 4 pool Administration

ip classless

ip route 161.73.29.0 255.255.255.192 Serial0/0

no ip http server

!

!





!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

West_Switch1#show running-config



!

version 12.1

no service pad




!

hostname West_Switch1


!

!

ip subnet-zero

!

!




!

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!




no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!


no ip address

!


no ip address

!



no ip address

!



no ip address

!

interface Vlan1

ip address 192.168.100.82 255.255.255.240

no ip route-cache

no shut

!


ip http server

!

!

line con 0

logging synchronous

line vty 0 4

login

line vty 5 15

login

!

end

West_Switch2#show running-config



!

version 12.1

no service pad




!

hostname West_Switch2

!

!

ip subnet-zero

!

!





!

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!




no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!


no ip address

!


no ip address

no ip address


no ip address

!



no ip address

!

interface Vlan1

ip address 192.168.100.83 255.255.255.240


no ip route-cache

no shut

!


ip http server

!

!

line con 0

logging synchronous

line vty 0 4

login

line vty 5 15

login

!

end

East_Switch1#show running-config



!

version 12.1

no service pad




!

hostname East_Switch1

!

!

ip subnet-zero

!

!




!

!



no ip address

!


no ip address

!



no ip address

!


no ip address

!


no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!




no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!

interface Vlan1

ip address 192.168.11.2 255.255.255.192

no ip route-cache

no shut

!


ip http server

!

!

line con 0


logging synchronous

line vty 0 4

login

line vty 5 15

login

!

end

East_Switch2#show running-config



!

version 12.1

no service pad




!

hostname East_Switch2

!

!

ip subnet-zero

!

!




!

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!




no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!




no ip address

!



no ip address

!



no ip address

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!

interface Vlan1

ip address 192.168.11.3 255.255.255.192

no ip route-cache

no shut

!


ip http server

!

!

line con 0

logging synchronous

line vty 0 4

login

line vty 5 15

login

!

end


West_S1#show vtp status

VTP Version : 2

Configuration Revision : 2

Maximum VLANs supported locally : 64

Number of existing VLANs : 7

VTP Operating Mode : Server

VTP Domain Name : cisco

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x2A 0x44 0x1E 0x28 0xD1 0xEC 0xAA 0x77

West_S2#show vtp status

VTP Version : 2




VTP Operating Mode : Client





MD5 digest : 0x2A 0x44 0x1E 0x28 0xD1 0xEC 0xAA 0x77

East_S1#show vtp status

VTP Version : 2




VTP Operating Mode : Server





MD5 digest : 0x0B 0xCB 0xF4 0x3E 0x7A 0xEC 0x8A 0x49

East_S2#show vtp status

VTP Version : 2




VTP Operating Mode : Client





MD5 digest : 0x0B 0xCB 0xF4 0x3E 0x7A 0xEC 0x8A 0x49


Challenge Lab 5-6: Frame-Relay Challenge Lab 2You are the network administrator of an international organization that has multiple sites around the world.Your task is to set up Frame Relay across the London, China, and Ireland routers. Enhanced InteriorGateway Routing Protocol (EIGRP) should be used to communicate between them. The Ireland andScotland routers will use ISDN with static routes. In addition, you must set up the internal network off theScotland router using VLSM, DHCP, and NAT. Figure 5-7 shows the network topology for this lab, andTable 5-5 lists the router interface details.

Figure 5-7 Network Topology for Challenge Lab 5-6


Router Serial Interface Loopback 0 Loopback 1 Address Enable SecretName Address Address

China 200.200.200.3/30 132.16.83.1/30 — cisco

London 200.200.200.1/30 24.72.48.1/30 69.118.96.1/30 cisco

Ireland 200.200.200.2/30 — — cisco

Scotland — 116.232.192.1/30 137.213.181.1/30 cisco

Note: This lab can be done using any 1721, 1760, and 2600 series routers.

Objectives

■ Configure Frame Relay.

■ Configure ISDN using dialer profiles and interfaces.

■ Use EIGRP as the routing protocol.

■ Configure DHCP, NAT, and PAT.

■ Configure VLANs and inter-VLAN routing.


Lo0132.16.83.1/30

Web Server

China

Scotland

DHCP

ISDN

2/1

1/21/1

DLCI [301] DLCI [302]

DLCI [201]Scotland LAN Addressing

192.168.1.0/23

NAT Address Pool194.18.26.0/26

DLCI [203]

DLCI [102]

DLCI [103]London

WAN Cloud(Frame Switch)

VLAN1

VLAN10

4–9

VLAN15

10–14

VLAN

20

15–19

Fa0/1

Fa0/1

Fa0/1

Fa0/0

Fa0/2

Fa0/2 Fa0/3

BRI 0/0BRI 0/0BRI 1 BRI 2

DumfriesDundee

VLANSManagement 1 = 28 Hosts

Design 10 = 254 HostsSecurity 15 = 60 Hosts

Research 20 = 53 Hosts

Ireland

S0/0

Task 1Cable and configure the equipment according to the diagram in Figure 5-7.


Task 2Step 1. Configure Frame Relay using the appropriate DLCIs.

Step 2. Ping each neighbor’s serial interface to verify correct configuration.


Task 3Step 1. Configure the Dumfries and Dundee switches with an available IP address from VLAN 1.

Step 2. Configure the Dumfries switch as a VTP server and the Dundee switch as a VTP client.

Step 3. Configure all switches as part of the cisco VTP domain.

Step 4. Create the following VLANs:

■ VLAN 1: Management

■ VLAN 10: Design

■ VLAN 15: Security

■ VLAN 20: Research






Step 6. Configure inter-VLAN routing using IEEE 802.1q encapsulation and the appropriate address-ing scheme according to the diagram in Figure 5-7.


Task 4Step 1. Configure EIGRP on the London, China, and Ireland routers using AS100.

Step 2. Create a default route on the Scotland router.

Step 3. Create static routes on the Ireland router to the LAN addresses on the Scotland router, andpoint them to the dialer interface address of the Scotland router.

Step 4. Propagate static routes inside the EIGRP domain.

Step 5. Create a default route on the Scotland router, and point it to the dialer interface address of theIreland router.

Step 6. Verify functionality using the show ip route command on all routers.



Task 5Step 1. Configure ISDN on the Scotland and Ireland routers.

Step 2. Use the appropriate SPIDs on the ISDN BRI interfaces.

Step 3. Configure CHAP as the authentication protocol using cisco as the password.

Step 4. Use the ISDN switch type basic-ni.

Step 5. Allow ISDN to load-balance across both B channels.

Step 6. Create dialer profiles.

Step 7. Create dialer interfaces using the following addresses:

■ Ireland: 193.15.63.1 255.255.255.252

■ Scotland: 193.15.63.2 255.255.255.252

Step 8. Allow all IP traffic to turn the ISDN line on.

Step 9. Do not advertise either address in EIGRP. This will cause the interface to flap uncontrollably.


Task 6Step 1. Configure DHCP on the Scotland router.

Step 2. Exclude the first three addresses from each pool.


Task 7Step 1. Configure NAT on the Scotland router.

Step 2. Use the 194.18.26.0 /26 address for its NAT pool:



■ Prevent VLAN 15 from accessing the outside world so that a NAT pool is not required.



Task 8Configure the China router as an HTTP server.


Task 9Verify configuration using the appropriate commands. DHCP-enabled hosts should receive a differentaddress.


London#show running-config




!

version 12.2




!

hostname London

!

!

ip subnet-zero

!

!

!

!

!

interface Loopback0

ip address 24.72.48.1 255.255.255.252

!

interface Loopback1

ip address 69.118.96.1 255.255.255.252

!


no ip address

shutdown

speed auto

!

interface Serial0/0

ip address 200.200.200.1 255.255.255.0


no fair-queue



!

interface Serial0/1

no ip address

shutdown

!

router eigrp 100

network 24.0.0.0

network 69.0.0.0

network 200.200.200.0

auto-summary

no eigrp log-neighbor-changes

!

ip classless


no ip http server

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

!


end

China#show running-config



!

version 12.2




!

hostname China

!

!

ip subnet-zero

!

!

!

!

!

interface Loopback0

ip address 132.16.83.1 255.255.255.252

!


no ip address

shutdown

speed auto

!

interface Serial0/0

ip address 200.200.200.3 255.255.255.0





!

interface Serial0/1

no ip address

shutdown

!

!

interface BRI1/0

no ip address

shutdown

!

router eigrp 100

network 132.16.0.0

network 200.200.200.0

auto-summary


!

ip classless

ip http server

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

!


end

Ireland#show running-config



!

version 12.2




!

hostname Ireland

!

!

username Scotland password 0 cisco

ip subnet-zero


!

!


!

!

!


no ip address

shutdown

speed auto

!

interface Serial0/0

ip address 200.200.200.2 255.255.255.0




!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

encapsulation ppp



isdn spid1 51055510000001 5551000

isdn spid2 51055510010001 5551001


ppp multilink

!

interface Dialer0

ip address 193.15.63.1 255.255.255.252

encapsulation ppp

dialer pool 1

dialer remote-name Scotland



dialer-group 1


!

router eigrp 100

redistribute static

network 200.200.200.0

auto-summary



!

ip classless

ip route 116.232.192.0 255.255.255.252 193.15.63.2

ip route 137.213.181.0 255.255.255.252 193.15.63.2

ip route 192.18.26.0 255.255.255.0 193.15.63.2

ip route 193.15.63.0 255.255.255.0 193.15.63.2

no ip http server

!

!


!

line con 0

logging synchronous

line aux 0

line vty 0 4

password cisco

login

!

end

Scotland#show running-config



!

version 12.2




!

hostname Scotland

!

!

username Ireland password 0 cisco


ip subnet-zero





!


network 192.168.1.0 255.255.255.224


!


ip dhcp pool Design

network 192.168.2.0 255.255.255.0


!

ip dhcp pool Security

network 192.168.1.32 255.255.255.192


!

ip dhcp pool Research

network 192.168.1.96255.255.255.192


!

!


!

!

!


no ip address

speed auto

!




ip address 192.168.1.1 255.255.255.224

ip nat inside

!


description Design


ip address 192.168.2.1 255.255.255.0

ip nat inside

!


description Security


ip address 192.168.1.33 255.255.255.192

!


description Research


ip address 192.168.1.97 255.255.255.192

ip nat inside

!

interface Serial0/0

no ip address


shutdown

!

interface Serial0/1

no ip address

shutdown

!

interface BRI0/0

no ip address

ip nat outside

encapsulation ppp



isdn spid1 51055520000001 5552000

isdn spid2 51055520010001 5552001


ppp multilink

ip access-group 101 out

!

interface Dialer0

ip address 193.15.63.2 255.255.255.252

ip nat outside

encapsulation ppp

dialer pool 1

dialer remote-name Ireland



dialer-group 1


!


ip nat pool Design 194.18.26.62 194.18.26.62 netmask 255.255.255.192

ip nat pool Research 194.18.26.94 194.18.26.94 netmask 255.255.255.192

ip nat inside source list 1 pool Management

ip nat inside source list 2 pool Design overload

ip nat inside source list 3 pool Research overload

ip classless

ip route 0.0.0.0 0.0.0.0 193.15.63.1

no ip http server

!

!




access-list 101 deny ip 192.168.1.32 0.0.0.63 any

access-list 101 permit any any


!

line con 0


logging synchronous

line aux 0

line vty 0 4

!


end

Dumfries#show running-config



!

version 12.1

no service pad




!

hostname Dumfries

!

!

ip subnet-zero

!

!




!

!



no ip address

!



no ip address

!



no ip address

!




no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!




no ip address

!



no ip address

!



no ip address

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!

interface Vlan1

ip address 192.168.1.2 255.255.255.224

no ip route-cache

no shut

!

interface Vlan10

no ip address

no ip route-cache

!

interface Vlan15

no ip address

no ip route-cache

!

interface Vlan20

no ip address


no ip route-cache

!


ip http server

!

!

line con 0

logging synchronous

line vty 5 15

!

end

Dundee#show running-config



!

version 12.1

no service pad




!

hostname Dundee

!

!

ip subnet-zero

!

!




!

!



no ip address

!



no ip address

!


no ip address

!




no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!



no ip address

!




no ip address

!



no ip address

!



no ip address

!interface FastEthernet0/18


no ip address

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!

interface Vlan1

ip address 192.168.1.3 255.255.255.224

no ip route-cache

!

interface Vlan10

no ip address

no ip route-cache

!

interface Vlan15

no ip address

no ip route-cache

!

interface Vlan20

no ip address


no ip route-cache

!


ip http server

!

!

line con 0

line vty 5 15

!

end



CHAPTER 6

Introduction to Network Administration

The Study Guide portion of this chapter uses a combination of multiple-choice and open-ended questionexercises to test your knowledge of the theory of network administration.

This chapter contains no lab exercises.

Study Guide

Workstations and ServersWorkstations are regular computers that run multiple applications (word processing, spreadsheets, and soon) and allow multiple users to access information from a single location. They can run using one of sever-al different platforms such as Windows, UNIX/Linux, or even Macintosh.

One specific type of workstation is a diskless workstation. A diskless workstation contains no drives forstorage, making it unable to upload or download anything in the network. This aspect makes a disklessworkstation ideal for networks that have security as a top priority. Laptops can serve as a mobile worksta-tion if they are connected to the network (for example, wireless). Servers are workstations with differentsoftware and much more hardware, including memory and processing speed. This is because they must beoperational all the time and capable of handling several simultaneous requests. Both servers and worksta-tions have network operating systems that allow access to network resources and functions. Windows NTby Microsoft was the first network operating system designed to operate on large-scale networks withworkgroup servers. Windows 2000 was then released as an “all-in-one” network operating system for largeand small networks and single standalone computers. It also allows plug-and-play devices. Another versionof a network operating system is UNIX, including variations such as Linux, which is an open-source pro-gramming code.

Concept Questions1. Why is a diskless workstation preferred in a high-security situation as opposed to a regular worksta-

tion or a laptop?

A diskless workstation is preferable over an ordinary workstation or a laptop because it has no storagedrives, and therefore it cannot download or upload anything inside the network. This also preventsviruses from being spread and infecting the network.

2. Compare and contrast Windows and UNIX platforms as network operating systems.

UNIX is a command-line operating system that is similar to the command-line interface of a Ciscorouter. It is a network operating system mainly used in large financial institutions. Linux is an open-source operating system derived from UNIX. This feature allows different companies and individualsto create their own variations of Linux to suit their needs. Windows, on the other hand, is a GUI-basedoperating system that cannot be modified. It is the standard operating system found on most PCstoday and is designed for both personal and corporate environments.

Network ManagementManaging a network involves an array of tasks to keep the network operational, including the ability togrow or scale your network, routing and rerouting traffic, managing security, dealing with costs and budg-ets, and much more. Standards have been created for network management by the InternationalOrganization for Standardization (ISO). These standards are also encompassed within Simple NetworkManagement Protocol (SNMP) and Common Management Information Protocol (CMIP), which bothallow management of different platforms. SNMP is the most popular protocol used for managing corpo-rate, connected networks. The four parts that allow SNMP to operate are a network management agent,station, information base, and protocol. The management station and agent work together to monitoroccurrences such as the status of interfaces, virtual circuits, sent and received broadcast messages, and soon. Management Information Bases (MIBs) are used as banks of information about a device. Most MIBsare vendor-specific to help manage that particular device in the way it functions. Management agents are


Chapter 6: Introduction to Network Administration 239

embedded within the software of network devices to send clear-text messages, or community strings, to themanagement station. A rule of thumb in SNMP is to collect the least amount of information over a wide-spread interval. The string acts as the message’s password, and ro (read-only) and rw (read-write) tellwhether the management station can make changes to the MIB.

Remote Monitoring (RMON) is a MIB that allows for remote monitoring of networks. It divides the taskof monitoring into nine groups of aspects that it oversees: Statistics, History, Alarm, Host, HostTopN,Traffic Matrix, Filter, Packet Capture, and Event. Syslog is a utility used within Cisco devices to reporterrors. Syslog tags every error with a number, ranging from 0 to 7, that indicates the error’s level of severity.If the syslog report has a 0 attached to it, the severity is great, whereas 7 indicates a minor severity. Thelevel numbers are equivalent to the following (in order from 0 to 7): emergencies, alerts, critical, errors,warnings, notifications, informational, and debugging. The default severity level for all Cisco IOS syslogreports is 6. To enable syslog on a Cisco device, enter the command logging on in global configurationmode, which sends the logs to every destination that can read them. If there is a specific device to whichthe logs are to be sent, use the command logging [ip address | hostname].

Concept Questions1. Management agents are embedded in the software of all network devices to report back to the man-

agement station. What are some of the things that the management agents keep track of and report tothe management station?

Agents report the status of the device’s interfaces, any virtual circuits, and other things. Whenever anagent sends a message, it does so after a trap that captures an event such as an interface changing state.However, the device must be configured to send the messages to a management station or stations.

2. Explain how SNMP can be used in conjunction with software or other devices to enhance networkmonitoring.

WhatsUp Professional 2006 (formally known as WhatsUp Gold) monitoring software can be usedwith SNMP to send messages to an Exchange server. The Exchange server then sends messages to thenetwork engineer’s Blackberry, cell phone, pager, or e-mail to immediately inform him of changeswithin the network or other information about the network as it happens.


1. What are the operating systems that a client workstation may operate on? (Select three)

A. Sun Microsystems

B. Windows

C. Solaris

D. UNIX

E. Macintosh

2. What features of a diskless workstation provide security? (Select two)

A. It contains no drives.

B. It is used only for storage.

C. It is unable to download or upload files.

D. It is physically isolated from the rest of the network.

E. All information is stored on an external hard drive.

3. There are workstations that perform low- and high-end tasks. What are some of the tasks that a high-end workstation may perform? (Select three)

A. Word processing

B. Graphic design

C. Circuit design

D. Spreadsheets

E. Weather data analysis

4. Servers provide a variety of services on request from devices within the network. What are some ofthe services provided? (Select three)

A. DHCP requests

B. FTP file transfers

C. Equipment management

D. Print jobs

E. Doubles as a backup workstation

5. Why are servers equipped with much more memory and processing power than a regular workstation?(Select two)

A. They must be able to handle simultaneous requests from multiple workstations.

B. They serve as a backup to every workstation in case one of them malfunctions.

C. Servers are used for heavy data analysis and computer graphics animation.

D. They function as storage facilities for network devices.

E. Workstations are actually equipped with more hardware.

6. Which network operating system was released to operate on large and small-scale networks andremote computers?

A. UNIX

B. Windows 2000

C. Windows NT

D. Red Hat Linux

E. Mac OS X

7. What protocols are used to help manage computer networks? (Select two)

A. CMIP

B. SMTP

C. CMNP

D. SNMP

E. ISO Network Management Protocol

8. Which commands send all syslog entries to a specific location? (Select two)

A. Router(config)#logging ip address

B. Router(config-if)#logging hostname

C. Router(config-if)#logging ip address

D. Router(config)#logging hostname

E. Router(config)#logging syslog ip address


9. What service does a Domain Name System (DNS) provide to a PC when accessing a website?

A. It routes your request to the correct website.

B. It provides the IP address for the website.

C. It converts the website name into an IP address and then redirects your request to the website.

D. It tells your router which path to take to get to the website.

10. Which devices in an SNMP-managed network communicate with one another and are responsible forreporting network errors?

A. Management agent and protocol

B. Management agent and information base

C. Management station and agent

D. Management protocol and information base

E. Management station and information base

11. What are some of the things that a management agent can monitor about a particular device? (Selectthree)

A. Status of virtual circuits

B. Whether the device is powered on

C. The size and number of packets that travel through the device

D. If anyone is in a Telnet session in the network

E. The states of the device’s interfaces

12. What type of messages are sent to the remote management station from the management agents in thenetwork?

A. UDP error messages

B. MD5 encrypted updates

C. TCP synchronous messages

D. TCP acknowledgments

E. ICMP packets

13. A network management station (NMS) obtains information on the operation of the network from aMIB. What message types does the MIB send back to the NMS? (Select three)

A. Bulk

B. Get

C. Set

D. Log

E. Trap

14. When SNMPv2c was introduced, what two additional functions were added?

A. GetNextRequest

B. SetRequest

C. GetBulkRequest

D. 64-bit counters

E. GetRequestBulk


15. What is true about the command snmp-server community string rw?

A. The management station can obtain only MIB objects.

B. The management station can create a copy of the information base.

C. The management station and other local devices may modify the MIB.

D. The management station can retrieve and change MIB items.

E. The management station cannot do anything at all.

16. The syslog utility in Cisco is used to mark errors with a severity level number ranging from 0 to 7.What is the default severity level?

A. Notifications

B. Informational

C. Debugging

D. Emergencies

E. Alerts

17. What command tells the device where to send all SNMP entries?

A. Router(config)#snmp-server manage text

B. Router(config-if)#snmp-server agent text

C. Router(config)#snmp-server location text

D. Router(config)#snmp-server agent text

E. Router(config-if)#snmp-server manage text

18. What is the purpose of the SNMP community string? (Select two)

A. It is the name of the router connecting to the SNMP server.

B. It acts like a password.

C. It is encrypted.

D. It is in plain text.

19. What are the four parts of the ISO model for network management?

A. Organization

B. Information

C. Fault

D. Configuration

E. Communication

F. Performance

G. Functional

20. What feature of the MAC OS X is considered a cross between Microsoft Windows XP and Linux X Window System GUI?

A. Apple

B. Aqua

C. Darwin

D. AppleTalk


Lab ExercisesThis chapter contains no lab exercises.



APPENDIX A

Troubleshooting Questions and Lab Exercise

Troubleshooting Questions1. Which of the following display when you use the command show controller serial 0? (Select all that

apply)

A. Clock rate

B. Bandwidth

C. Cable type

D. DTE or DCE

E. Line up, protocol up

2. When troubleshooting OSPF, which of the following would cause configuration issues? (Select all thatapply)

A. Incorrect timers

B. Misconfigured areas

C. Authentication seen in plain text

D. Incorrect address and subnet mask

E. No DR and BDR

3. Which command displays the WAN encapsulation currently being used?

A. show encapsulation

B. show ip route

C. show interface serial 0

D. show ip interface serial 0

4. Which of the following display when you use the show ip route command? (Select all that apply)

A. Metric

B. Routing protocol

C. Line up, protocol down

D. Connected networks

E. Learned networks

F. Name of router advertising learned routes

G. Number of routers in network

5. What commands are necessary when you completely erase a switch’s configurations? (Select all that apply)

A. erase startup-config

B. delete flash

C. reboot

D. delete flash:vlan.dat

E. reload

F. erase running-config

6. Which of the following would cause a Frame Relay connection to fail when using map statements?(Select all that apply)

A. Misconfigured DLCI

B. Inverse ARP disabled

C. Broadcast statement missing

D. Misconfigured routing protocol

E. Misconfigured map statements

7. Which of the following must be done for a successful PAT configuration? (Select all that apply)

A. Create an ACL

B. Create a NAT pool

C. Static keyword

D. Overload keyword

E. Apply ACL to NAT pool

F. Sufficient number of addresses in NAT pool

8. Which command produces the following output?

*Mar 1 00:40:52.202: ISDN BR1/0 Q921: User RX <- RRp sapi=0 tei=64 nr=21

*Mar 1 00:40:52.202: ISDN BR1/0 Q921: User TX -> RRf sapi=0 tei=64 nr=14

*Mar 1 00:40:52.467: %ISDN-6-DISCONNECT: Interface BRI1/0:1 disconnected from

5552000 Scotland, call lasted 430 seconds

*Mar 1 00:40:52.471: ISDN BR1/0 Q921: User TX -> INFO sapi=0 tei=64, ns=21 nr=1

4

*Mar 1 00:40:52.499: ISDN BR1/0 Q921: User RX <- RR sapi=0 tei=64 nr=22

*Mar 1 00:40:52.511: ISDN BR1/0 Q921: User RX <- INFO sapi=0 tei=64, ns=14 nr=2

2

*Mar 1 00:40:52.515: ISDN BR1/0 Q921: User TX -> RR sapi=0 tei=64 nr=15

*Mar 1 00:40:52.515: %LINK-3-UPDOWN: Interface BRI1/0:1, changed state to down

*Mar 1 00:40:52.519: %DIALER-6-UNBIND: Interface BR1/0:1 unbound from profile D

A. debug isdn

B. debug isdn status

C. debug q931

D. debug q921

9. What command displays the number of ISDN lines that were established?

A. show interface serial 0

B. show encapsulation ppp

C. show isdn active

D. show dialer

10. Which command propagates a default route when you use OSPF?

A. redistribute static

B. Nothing (because it’s automatic)

C. default information-originate

D. redistribute default


Appendix A: Troubleshooting Questions and Lab Exercise 247

11. Which of the following causes an EIGRP route to be put in the “Stuck in active” state?

A. Misconfigured area

B. Misconfigured timers

C. Wrong autonomous system number

D. No response from a query

E. DUAL not working properly

12. What must be done for a router to become the DR in an OSPF environment?

A. Assign it the highest-priority number.

B. Assign it the highest loopback address.

C. Assign it the highest configured IP address on one of its interfaces.

D. Put at least one interface in area 0.

13. What should be added to the end of a static route to make sure it is used only when the primary rout-ing protocol goes down?

A. High metric

B. Low metric

C. Higher administrative distance than the routing protocol

D. Lower administrative distance than the routing protocol

E. Nothing

14. What command displays real-time events as they occur on a router?

A. show

B. debug

C. show run

D. show events

15. You are running RIPv2 in your network and have a destination that is reachable by some locations butnot by all. Which of the following causes this problem to occur?

A. There are more than 15 routers in your network.

B. The network statement was not properly configured.

C. The network was not being advertised.

D. The network is down.

16. Which command displays the DHCP addresses currently in use?

A. show ip dhcp

B. show ip dhcp addresses

C. show ip dhcp binding

D. show ip dhcp statistics

17. Which of the following causes the following to occur: “Serial 0 is up, line protocol is down”? (Selectall that apply)

A. Clock rate not detected

B. Administratively down

C. No keepalives

D. Wrong clock rate


BRI1/0 - dialer type = ISDN


0 incoming call(s) have been screened.

0 incoming call(s) rejected for callback.

BRI1/0:1 - dialer type = ISDN




BRI1/0:2 - dialer type = ISDN









A. show isdn status

B. show dialer

C. show isdn dialer

D. show q921

19. Which routing protocols are suitable for VLSM and CIDR? (Select all that apply)

A. RIP

B. RIPv2

C. OSPF

D. EIGRP

E. IGRP

F. Static routes

G. IS-IS

20. You just configured a switch and noticed that it is not propagating the VLAN information to the otherswitches on your network. What would cause this to happen? (Select all that apply)

A. The switch is in the wrong domain.

B. Misconfigured VLAN numbers

C. The switch is in server mode.

D. The switch is in transparent mode.

E. The switch is in client mode.


21. You configured NAT on a router that is using inter-VLAN routing. You put the ip nat inside com-mand on the physical interface and the ip nat outside command on the outside interface, but nothingis being translated. You checked your configurations, and everything was done correctly. What couldbe the problem?

A. There are too many hosts with not enough addresses.

B. The ip nat inside command should be put on the subinterfaces.

C. The ip nat inside command should be put on the outside interface.

D. PAT is being used.

22. You work for an ISP. A customer needs an IP address for 4519 hosts. You decide to summarize agroup of Class C addresses because a Class B would waste a large number of addresses. How manyClass C addresses need to be summarized?

A. 1

B. 10

C. 15

D. 18

23. Which command produces the following?


--- 194.18.26.1 192.168.100.99 --- ---

--- 194.18.26.2 192.168.100.98 --- ---

--- 194.18.26.15 192.168.100.66 --- ---

A. show ip dhcp binding

B. show ip nat translations

C. show nat translations

D. show translations

24. Which of the following does LCP negotiate when establishing a PPP connection?

A. Q.931

B. IPCP

C. Multilink

D. CHAP

E. Callback

25. Which command would you use to terminate a vty session?

A. close

B. disable

C. disconnect

D. suspend

E. exit

26. If you can dial across an ISDN connection but your session is dropped immediately upon connecting,what could be the cause? (Select two)

A. Incorrect SPIDs

B. LCP not connecting

C. Username and passwords were not set.

D. Wrong username and/or password



Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status

P 24.0.0.0/8, 1 successors, FD is 20640000

via 200.200.200.1 (20640000/128256), Serial0/0


via 200.200.200.1 (20640000/128256), Serial0/0


via Rstatic (40512000/0)


via 200.200.200.3 (20640000/128256), Serial0/0


via Connected, Serial0/0


A. show ip protocol

B. show ip ospf database

C. show ip eigrp topology

D. show ip eigrp neighbors


IP address Hardware address Lease expiration Type

192.168.100.3 0100.1422.3497.93 Mar 02 1993 12:14 AM Automatic

192.168.100.66 0100.123f.49e5.20 Mar 02 1993 12:33 AM Automatic

A. show dhcp addresses

B. show ip dhcp addresses

C. show ip dhcp binding

D. show ip nat translations

29. In an ISDN environment, what would be the result of advertising the dialer interface over a routingprotocol?

A. Routing protocols are corrupted.

B. The dialer interface continuously flaps.

C. The network will not be advertised in routing updates.

D. Nothing; everything would work fine.

30. What is the purpose of the frame-relay inverse-arp command?

A. To create dynamic maps

B. To create an ARP table across a Frame Relay network

C. To create static maps

D. To reverse the inverse table of RARP


Lab A-1: WAN TroubleshootingFigure A-1 Topology for Lab A-1

Complete the lab exercise by isolating and correcting the problems outlined in the scenario. This lab testsyour ability to use a troubleshooting methodology and commands to isolate and correct network problems.When complete, all hosts should be able to telnet and ping to each device in the network. Make sure thatthe diagram is correctly cabled before proceeding.

Note

This lab can be performed one of two ways. The students can cable the lab and load the broken configs themselves,before proceeding to troubleshoot the scenario. Alternatively, you may choose to set up the lab for them. You mighteven consider miscabling the lab to add bugs.

Objectives

■ List problems found and document corrections that solve each issue.

■ Verify that the network has been restored and that no new problems were created from unnecessarychanges.

Scenario

You are the “on-call” network administrator for the weekend, and so far nothing new has come up. Youdecide to enjoy the afternoon by catching a movie with your friends when you receive an urgent message“Please call the office immediately; nothing seems to be working, and the network is down.” You call theoffice and find out that a disgruntled ex-employee sabotaged the network. You leave for the office immedi-ately, to the dismay of your friends.


192.168.2.0/24

Switch 2

R 2

192.168.1.0/24

Switch 1

R 1

192.168.2.0/24Switch 3

R 3Frame Switch

Area 51

Area 4 Area 61

OSPF Area 0

2/1

1/1 1/2S0/0

S0/0

S0/0

DLCI 301DLCI 302

DLCI 101DLCI 103

VLANsManagement 1 = 60 hosts

Retail 10 = 28 hostsWholesale 20 = 14 hosts

SwitchesFa 0/1 = Trunk

Fa 0/6–0/10 = VLAN 10Fa 0/11–0/15 = VLAN 20

Fa0/0

Fa0/1

Fa0/0

Fa0/1

Fa0/2

Web Server192.168.3.3/26

Back at the office, you find the following problems:

■ You are unable to get into the R1 router.

■ Routes from remote locations are not seen.

■ NAT is not functioning properly on Router 2 for the Wholesale department.

■ Hosts on the R3 LAN cannot access the network.

Troubleshooting Log

Fill in the problems and solutions for each network device in the following table.

Network Device Problems Solutions

R1 Password is unknown. Perform password recovery.Not neighboring with other OSPF routers. Change ip ospf network point-to-Not receiving OSPF routing updates. point command to point-multipoint

on Serial 0/0. broadcast keyword missing from Frame Relay map statement.

Switch_1 Wrong native VLAN on trunk. Change native VLAN from 2 back to VLAN 1.

R2 OSPF authentication failing. Change authentication key to cisco.NAT not functioning on access-list 3 permit 192.168.2.96Wholesale VLAN. 0.0.0.15 missing.

Switch_2 Trunk port disabled. no shut command on the trunk port.Cannot telnet. Set vty password to cisco.

R3: Incorrect subnet mask on serial 0/0. Put correct mask: 255.255.255.248Hosts on Retail VLAN cannot ping default-router 192.168.3.97 outside their network command missing.

Switch_3 No VLANs configured on switch ports. Assigns switch ports to proper VLANs based on diagram.

Student name _____________________________________

Instructor’s initials _______

Bugged ConfigsR1#show running-config



!

version 12.2




!

hostname R1

!

enable secret 5 $1$Lt15$vAE/GOt4IUUmeXxn8ZZPR1


!

ip subnet-zero



!


network 192.168.1.0 255.255.255.192


!

ip dhcp pool Retail

network 192.168.1.64 255.255.255.224


!

!

!

!

!


no shut

no ip address

speed auto

!




ip address 192.168.1.1 255.255.255.192

ip nat inside

!


description Retail VLAN


ip address 192.168.1.65 255.255.255.224

ip nat inside

!


description Wholesale VLAN


ip address 192.168.1.97 255.255.255.240

ip nat inside

!

interface Serial0/0

no shut

description To WAN Cloud

ip address 10.10.10.1 255.255.255.248

Appendix A: WTroubleshooting Questions and Lab Exercise 253

ip nat outside

encapsulation frame-relay

ip ospf authentication-key cisco

ip ospf network point-to-point

no fair-queue

frame-relay map ip 10.10.10.2 101

frame-relay map ip 10.10.10.3 103

!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

router ospf 1



network 10.10.10.1 0.0.0.0 area 0

network 192.168.1.1 0.0.0.0 area 4

network 192.168.1.65 0.0.0.0 area 4

network 192.168.1.97 0.0.0.0 area 4

!





ip nat inside source list 2 pool Retail overload


ip classless

ip route 181.16.57.0 255.255.255.0 10.10.10.2

ip route 200.169.54.0 255.255.255.0 10.10.10.3

no ip http server

!

!




!

line con 0

logging synch

password class

login


line aux 0

line vty 0 4

password cisco

login

!

end

R2#show running-config



!

version 12.2




!

hostname R2

!

!

ip subnet-zero




!


network 192.168.2.0 255.255.255.192


!

ip dhcp pool Retail

network 192.168.2.64 255.255.255.224


!


network 192.168.2.96 255.255.255.240


!

!

!

!

!


no shut


no ip address

speed auto

!




ip address 192.168.2.1 255.255.255.192

ip nat inside

!


description Retail


ip address 192.168.2.65 255.255.255.224

ip nat inside

!




ip address 192.168.2.97 255.255.255.240

ip nat inside

!

interface Serial0/0

no shut

description to WAN Cloud

ip address 10.10.10.2 255.255.255.248

ip nat outside


ip ospf authentication-key cysco

ip ospf network point-to-multipoint

no fair-queue

frame-relay map ip 10.10.10.1 202 Broadcast


!

interface Serial0/1

no ip address

shutdown

!

router ospf 1



network 10.10.10.2 0.0.0.0 area 0

network 192.168.2.1 0.0.0.0 area 51

network 192.168.2.65 0.0.0.0 area 51


network 192.168.2.97 0.0.0.0 area 51

!







ip classless

ip route 63.49.18.0 255.255.255.0 10.10.10.1

ip route 200.169.54.0 255.255.255.0 10.10.10.3

no ip http server

!

!



!

line con 0

logging synch

password class

login

line aux 0

line vty 0 4

password cisco

login

!

end

R2#




!

version 12.2




!

hostname R3

!

!

ip subnet-zero





!


network 192.168.3.0 255.255.255.192


!

ip dhcp pool Retail

network 192.168.3.96 255.255.255.224

!


network 192.168.3.96 255.255.255.240


!

!

!

!

!


no shut

no ip address

speed auto

!




ip address 192.168.3.1 255.255.255.192

ip nat inside

!




ip address 192.168.3.65 255.255.255.224

ip nat inside

!




ip address 192.168.3.97 255.255.255.240

ip nat inside

!

interface Serial0/0

no shut


description To WAN cloud

ip address 10.10.10.3 255.255.255.240

ip nat outside




no fair-queue



!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

router ospf 1



network 10.10.10.3 0.0.0.0 area 0

network 192.168.3.1 0.0.0.0 area 61

network 192.168.3.65 0.0.0.0 area 61

network 192.168.3.97 0.0.0.0 area 61

!






ip nat inside source list 3 pool Wholesale overload


ip classless

ip route 63.49.18.0 255.255.255.0 10.10.10.1

ip route 181.16.57.0 255.255.255.0 10.10.10.2

no ip http server

!

!




!

line con 0

password class

logging synchronous


login

line aux 0

line vty 0 4

password cisco

login

!

end

R3#

Switch1#show running-config



!

version 12.1

no service pad




!

hostname Switch1

!

VLAN 10

name Retail

VLAN 20

name Wholesale

exit

!

ip subnet-zero

!

!




!

!

!

!


switchport trunk native 2


!



!


!


!


!



!



!



!



!



!



!



!



!



!



!


!


!


!



!


!


!


!


!


!

interface Vlan1

ip address 192.168.1.2 255.255.255.192

no ip route-cache

no shut

!


ip http server

!

line con 0

logging synch

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end




!

version 12.1

no service pad




!

hostname Switch2


!

vlan 10

name Retail

vlan 20

name Wholesale

exit

!

ip subnet-zero

!

!




!

!

!

!



shutdown

!


!


!


!


!



!



!



!



!



!




!



!



!



!



!


!


!


!


!


!


!


!


!


!

interface Vlan1

ip address 192.168.2.2 255.255.255.192

no ip route-cache

no shut

!


ip http server

!

line con 0

logging sync

line vty 5 15

!


end




!

version 12.1

no service pad




!

hostname Switch3

!

vlan 10

name Retail

vlan 20

name Wholesale

exit

!

ip subnet-zero

!

!




!

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!


no ip address

!



no ip address

!


no ip address

!


no ip address

!


no ip address

!


!


no ip address

!


no ip address

!


no ip address

!

interface Vlan1

ip address 192.168.3.2 255.255.255.192

no ip route-cache

no shut

!


ip http server

!

!

line con 0

logging sync

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

end

Fixed ConfigsR3#show running-config




!

version 12.2




!

hostname R3

!


!

ip subnet-zero




!


network 192.168.3.0 255.255.255.192


!

ip dhcp pool Retail

network 192.168.3.64 255.255.255.224


!


network 192.168.3.96 255.255.255.240


!

!

!

!

!


no ip address

speed auto

no shut

!




ip address 192.168.3.1 255.255.255.192

ip nat inside

!





ip address 192.168.3.65 255.255.255.224

ip nat inside

!




ip address 192.168.3.97 255.255.255.240

ip nat inside

!

interface Serial0/0

description To WAN cloud

no shut

ip address 10.10.10.3 255.255.255.248

ip nat outside




ip ospf demand-circuit

no fair-queue



!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

router ospf 1



network 10.10.10.3 0.0.0.0 area 0

network 192.168.3.1 0.0.0.0 area 61

network 192.168.3.65 0.0.0.0 area 61

network 192.168.3.97 0.0.0.0 area 61

!






ip nat inside source list 3 pool Wholesale overload



ip classless

ip route 63.49.18.0 255.255.255.0 10.10.10.1

ip route 181.16.57.0 255.255.255.0 10.10.10.2

no ip http server

!

!




!

line con 0

password class

logging synchronous

login

line aux 0

line vty 0 4

password cisco

login

!


end




!

version 12.2




!

hostname R2

!


!

ip subnet-zero




!


network 192.168.2.0 255.255.255.192



!

ip dhcp pool Retail

network 192.168.2.64 255.255.255.224


!


network 192.168.2.96 255.255.255.240


!

!

!

!

!


no ip address

speed auto

no shut

!




ip address 192.168.2.1 255.255.255.192

ip nat inside

!




ip address 192.168.2.65 255.255.255.224

ip nat inside

!




ip address 192.168.2.97 255.255.255.240

ip nat inside

!

interface Serial0/0

description to WAN Cloud

no shut

ip address 10.10.10.2 255.255.255.248

ip nat outside





no fair-queue




!

interface Serial0/1

no ip address

shutdown

!

router ospf 1



network 10.10.10.2 0.0.0.0 area 0

network 192.168.2.1 0.0.0.0 area 51

network 192.168.2.65 0.0.0.0 area 51

network 192.168.2.97 0.0.0.0 area 51

!







ip classless

ip route 63.49.18.0 255.255.255.0 10.10.10.1

ip route 200.169.54.0 255.255.255.0 10.10.10.3

no ip http server

!

!




!

line con 0

password class

logging synchronous

login

line aux 0

line vty 0 4

password cisco

login

!


end





!

version 12.2




!

hostname R1

!


!

ip subnet-zero



!


network 192.168.1.0 255.255.255.192


!

ip dhcp pool Retail

network 192.168.1.64 255.255.255.224


!

!

!

!

!


no ip address

speed auto

no shut

!




ip address 192.168.1.1 255.255.255.192

ip nat inside

!




ip address 192.168.1.65 255.255.255.224

ip nat inside

!





ip address 192.168.1.97 255.255.255.240

ip nat inside

!

interface Serial0/0

description To WAN Cloud

no shut

ip address 10.10.10.1 255.255.255.248

ip nat outside





no fair-queue



!

interface Serial0/1

no ip address

shutdown

!

interface BRI1/0

no ip address

shutdown

!

router ospf 1



network 10.10.10.1 0.0.0.0 area 0

network 192.168.1.1 0.0.0.0 area 4

network 192.168.1.65 0.0.0.0 area 4

network 192.168.1.97 0.0.0.0 area 4

!





ip nat inside source list 2 pool Retail overload


ip classless

ip route 181.16.57.0 255.255.255.0 10.10.10.2

ip route 200.169.54.0 255.255.255.0 10.10.10.3

no ip http server

!

!





!

line con 0

password class

logging synchronous

login

line aux 0

line vty 0 4

password cisco

login

!


end




!

version 12.1

no service pad




!

hostname Switch1

vlan 1

no shut

vlan 10

name Retail

no shut

vlan 20

name Wholesale

no shut

!

!

ip subnet-zero

!

!




!


!

!

!



!


!


!


!


!



!



!



!



!



!



!



!



!



!



!


!



!


!


!


!


!


!


!


!

interface Vlan1

ip address 192.168.1.2 255.255.255.192

no ip route-cache

!


ip http server

!

line con 0

logging synchronous

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

!

end




!

version 12.1

no service pad





!

hostname Switch2

vlan 1

no shut

vlan 10

name Retail

no shut

vlan 20

name Wholesale

no shut

!

!

ip subnet-zero

!

!




!

!

!

!



!


!


!


!


!



!



!



!



!




!



!



!



!



!



!


!


!


!


!


!


!


!


!


!

interface Vlan1

ip address 192.168.2.2 255.255.255.192

no ip route-cache

!


ip http server

!

line con 0

line vty 0 4

password cisco

login


line vty 5 15

password cisco

login

!

!

end


Appendix B

Adtran Configuration Lab

Objectives

■ Manually configure an Adtran for ISDN, Frame Relay, and POTS.

■ Verify configurations.

Task 1: Log in to AdtranStep 1. Use a straight-through cable from the PC NIC to the Adtran Ethernet port.

Step 2. Configure the PC to IP address 10.0.0.2/24.

Step 3. Open the command prompt and enter the following command (see Figure B-1):

C:\>telnet 10.0.0.1

The default IP address for the Ethernet interface on the Adtran is 10.0.0.1.

This allows you to telnet into the Adtran.

Figure B-1 Telnet to Adtran

Step 4. Enter the default login password of password (see Figure B-2).

Figure B-2 Insert Default Password at Login Screen

Task 2: Set Up ISDN BRI Switch EmulationStep 1. Using the arrow keys, scroll down to Dial Plan on the left (see Figure B-3).

Figure B-3 Main Menu of the Adtran

NoteThe mouse will not work in this mode.

Step 2. Using the right-arrow key, select User Term (see Figure B-4).

Figure B-4 Select User Term

Step 3. Configure the ISDN Slot info (see Figure B-5).

Press Enter to change the Slot/Service setting.

Slot 1: U-BRI-4

Figure B-5 Configure User Term

Step 4. Using the right arrow, change the Port/Packet Endpoint (PEP) setting as follows:

Port 1: QUAD BRI (see Figure B-5)


Appendix B: Adtran Configuration Lab 283

Step 5. Using the right arrow, scroll to the In#Accept value and press Enter.

Select Accept Number and press Enter (see Figure B-6).

Figure B-6 Configure Two Accept Numbers

Step 6. Configure two numbers per slot (see Figure B-6).

1st Port number: 555-1000

2nd Port number: 555-1001

Note

To insert a new line, press the letter I.

To delete a line, press the letter D.

Return to the preceding screen.

Step 7. Select an interface under Slot/Svc and press Enter (see Figure B-7).

Figure B-7 Select an Interface

Step 8. Select Interface Configuration (see Figure B-8).

Select SPID list and press Enter.

Figure B-8 Select SPID List

Step 9. Configure the SPID list as shown for each port (see Figure B-9).

Figure B-9 Configure SPID List

Step 10. Repeat Steps 3 through 9 for all four ISDN ports.

When you have finished, the configuration should look like Figure B-10.

Figure B-10 Completed Configuration of ISDN Ports

Note

When selecting port/PEP, each port must be a different number:

■ Slot 1: 1>QUAD BR

■ Slot 2: 2>QUAD BR

and so on.

Press the left-arrow key until you return to the main menu.


Task 3: Set Up Analog POTS Switch Emulation (from the Main Menu)

Step 1. Scroll down to Dial Plan and press Enter (see Figure B-11).

Figure B-11 Select a Dial Plan

Step 2. Select User Term (see Figure B-12) and press Enter.

Figure B-12 Select User Term

Step 3. Configure a fifth line with the slot configured for FXS-8 (see Figure B-13).

Configure Port/PEP as FXS 3/1.


Figure B-13 Create and Configure a Fifth Line

Step 4. Select In#Accept.

Configure the Accept Number as shown (see Figure B-14).


Figure B-14 Configure the Accept Number

Task 4: Configuring Frame Relay (from the Main Menu)Step 1. Scroll down and select Packet Manager (see Figure B-15).

Select Packet Endpoints and press Enter.

Figure B-15 Select Packet Endpoints

Step 2. Select Config and press Enter (see Figure B-16).

Figure B-16 Select Config

Step 3. Configure endpoints as shown (see Figure B-17).

Name each endpoint.

Select Frame Relay Protocol for each.

Using the right-arrow key, move over to Config and press Enter.


Figure B-17 Configure Each Endpoint Name

Note




Step 4. Configure Signaling Role as Network (see Figure B-18).

Configure Signaling Type as Annex D.

Scroll down to Sublinks and press Enter.

Figure B-18 Configure Signaling Type

Step 5. Configure as shown in Figures B-19, B-20, B-21, and B-22.

Name DLCIs and DLCI number for each sublink.

Figure B-19 Chicago Port


Figure B-20 Los Angeles Port

Figure B-21 New York Port

Figure B-22 Texas Port

Step 6. Repeat Steps 4 and 5 for each Frame Relay port.

Note




Step 7. All DLCIs and DLCI number should be configured as shown in Figures B-19, B-20, B-21,and B-22.

Step 8. Return to the main menu.

Step 9. Use the down arrow to go down to Packet Manager (see Figure B-23).

Select Packet Cncts and press Enter.


Figure B-23 Select Packet Cncts

Step 10. Configure Packet Cncts as shown (see Figure B-24).

Figure B-24 Configure Packet Cncts

Step 11. Return to the main menu.

Step 12. Scroll down to Dedicated Maps (see Figure B-25).

Use the down arrow to scroll to Create/Edit Maps and press Enter.

Figure B-25 Select Create/Edit Maps

Step 13. Use the right-arrow key and select Connects (see Figure B-26).


Figure B-26 Select Connects

Step 14. Configure each port as shown in Figure B-27.

Each of the four slots should be directed to a location as shown.

Figure B-27 Final Port Configuration

Note




Return to the main menu.


APPENDIX C

Router Interface Summary Chart

For most of the CCNA 4 labs, you need to examine the following chart to correctly reference the routerinterface identifiers to use in commands based on the equipment in your lab.

Router Ethernet Ethernet Serial SerialModel Interface 1 Interface 2 Interface 1 Interface 2

800 (806) Ethernet 0 (E0) Ethernet 1 (E1) — —

1600 Ethernet 0 (E0) Ethernet 1 (E1) Serial 0 (S0) Serial 1 (S1)

1700 FastEthernet 0 (FA0) FastEthernet 1 (FA1) Serial 0 (S0) Serial 1 (S1)

2500 Ethernet 0 (E0) Ethernet 1 (E1) Serial 0 (S0) Serial 1 (S1)

2600 FastEthernet 0/0 FastEthernet 0/1 Serial 0/0 Serial 0/1 (S0/1)(FA0/0) (FA0/1) (S0/0)

To find out exactly how the router is configured, look at the interfaces to identify what type of and howmany interfaces the router has. There is no way to effectively list all the combinations of configurations foreach router class. The chart provides the identifiers for the possible combinations of interfaces in thedevice. This interface chart does not include any other type of interface, even though a specific routermight contain one. An example of this is an ISDN BRI interface. The string in parentheses is the legalabbreviation that you can use in Cisco IOS Software commands to represent the interface.


APPENDIX D

Erasing and Reloading the Switch

For the majority of the labs in CCNA 4 focusing on switch configuration, it is necessary to start with abasic unconfigured switch; otherwise, the configuration parameters you enter might combine with previousones and produce unpredictable results. The instructions here allow you to prepare the switch before per-forming the lab so that previous configuration options do not interfere with your configurations.

The following is the procedure for clearing out previous configurations and starting with an unconfiguredswitch. Instructions are provided for the 2900, 2950, and 1900 series switches.

2900 and 2950 Series SwitchesStep 1. Disconnect the switch to be erased from all other switches. Verify that there is no uplink or

backbone cabling to any other switch; otherwise, VLAN configuration information can betransferred automatically.

Step 2. Enter privileged EXEC mode by entering enable.

If prompted for a password, enter class (if that does not work, ask the instructor):

Switch> enable

Step 3. Remove the VLAN database information file.

Switch# delete flash:vlan.dat

Delete filename [vlan.dat]?[Enter]

Delete flash:vlan.dat? [confirm][Enter]

If there is no VLAN file, this message appears:

%Error deleting flash:vlan.dat (No such file or directory)

Step 4. Remove the switch startup configuration file from NVRAM.

Switch# erase startup-config

The responding line prompt will be this:

Erasing the nvram filesystem will remove all files! Continue? [confirm]

Press Enter to confirm.

The response should be this:

Erase of nvram: complete

Step 5. Check that VLAN information was deleted.

Verify that the VLAN configuration was deleted in Step 3 using the show vlan command. Ifprevious VLAN configuration information (other than the default management VLAN 1) is stillpresent, you must power-cycle the switch (hardware restart) instead of issuing the reload com-mand. To power-cycle the switch, remove the power cord from the back of the switch orunplug it. Then plug it back in.

If the VLAN information was successfully deleted in Step 3, go to Step 6 and restart the switchusing the reload command.

Step 6. Software restart (using the reload command).

Note

This step is not necessary if the switch was restarted using the power-cycle method.

A. In privileged EXEC mode, enter the command reload.Switch(config)# reload


System configuration has been modified. Save? [yes/no]:

B. Type n and then press Enter.


Proceed with reload? [confirm][Enter]

The first line of the response will be this:Reload requested by console.

After the switch has reloaded, the line prompt will be this:Would you like to enter the initial configuration dialog? [yes/no]:

C. Type n and then press Enter.

The responding line prompt will be this:Press RETURN to get started![Enter]

1900 Series SwitchesStep 1. Remove VLAN Trunking Protocol (VTP) information.

#delete vtp

This command resets the switch with VTP parameters set to factory defaults.

All other parameters will be unchanged.

Reset system with VTP parameters set to factory defaults, [Y]es or [N]o?

Type y and press Enter.

Step 2. Remove the switch startup configuration from NVRAM.

#delete nvram

This command resets the switch with factory defaults. All system

parameters will revert to their default factory settings. All static

and dynamic addresses will be removed.

Reset system with factory defaults, [Y]es or [N]o?

Type y and press Enter.


APPENDIX E

Erasing and Reloading the Router

For some of the CCNA 4 labs, it is necessary to start with a basic unconfigured router; otherwise, the con-figuration parameters you enter might combine with previous ones and produce unpredictable results. Theinstructions here allow you to prepare the router before performing the lab so that previous configurationoptions do not interfere with your configurations.

The following is the procedure for clearing out previous configurations and starting with an unconfiguredrouter.

Step 1. Enter privileged EXEC mode by entering enable.

Router> enable

If prompted for a password, enter class. (If that does not work, ask your instructor.)

Step 2. In privileged EXEC mode, enter the command erase startup-config.

Router# erase startup-config

The response from the router will be this:

Erasing the nvram filesystem will remove all files! Continue? [confirm]

Step 3. Press Enter to confirm.

The response will be this:

Erase of nvram: complete

Step 4. In privileged EXEC mode, enter the command reload.

Router# reload

response:

System configuration has been modified. Save? [yes/no]:

Type n and then press Enter.

The router responds with this:

Proceed with reload? [confirm]

Step 5. Press Enter to confirm.

The first line of the response will be this:

Reload requested by console.

After the router reloads, the prompt will be this:

Would you like to enter the initial configuration dialog? [yes/no]:

Step 6. Type n and then press Enter.

The responding prompt will be this:

Press RETURN to get started!

Step 7. Press Enter.

Now, the router is ready for you to perform the assigned lab.

Documents

Outdated_Cisco 4 Intructor Version_Outdated