WordPress.com



Kotebe Metropolitan University (KMU)Department of Computer Science and TechnologyNetwork & System Administration (CoSc3063)Lab OnePart I: IP addressing and subnetting (revision from previous course)IP address is a software address that is used to identify different devices in a network. The device can be not only computer/server but also router interface, switch, or any other devices that is expected to connect to other devices locally or remotely. Now a day, fridges, even guns are having IP address.Arithmetic ConversionBefore we make detail discussion of IP addresses, it is better to have summary of arithmetic operations because they are useful for IP operations for example subnetting. Always remember the following table – IT IS VERY USEFUL FOR THE WHOLE COURSE IN NETWORKINGTable 1Binary numberDecimal Equivalent00000000000000001100000010200000100400001000800010000160010000032010000006410000000128Table 2Turned on BitsBinary numberDecimal Equivalent110000000128211000000192311100000224411110000240511111000248611111100252711111110254811111111255Summary of arithmetic operationThree arithmetic operations are important for IP operations:Decimal to binaryBinary to decimalHexadecimal to decimalEach of them is demonstrated with examples. Always use 8 bit binary digit.Decimal to binaryUse table 1 for this techniqueTo convert 151 to binary 8 bit fixed digitExercisesBinary to decimalMethod 1: table 1 is helpful for this techniqueMethod 2Method 1 is fast if you have non – contiguous 1’s. If you have contagious 1’s use the following technique. This technique uses table 2. The method is demonstrated with example: 11110011 = 240 + 3 = 24310111111 = 255 – 3 = 19110001001 = 128 + 8 + 1 = 137 (use method1: method 2 don’t work b/c no contagious 1’s)01111111 = 255 – 128 = 12711111001 = 255 – (2 + 4) = 249ExercisesSubnettingSubneting is the process of further dividing classes of ip address in to sub groups. This is done by borrowing bits from host section of class ful IP addresses. Subnetting allows better security, bandwidth utilization, traffic management and group-control of the network. It is also allows efficient utilization of IP address. Subneting erases the old classful approaches with the new classless approach. Now a day, classless approach is famous as it allows better utilization of IP address (it is a temporary solution to ip depletion). Several approaches of subnetting are available, unfortunately most of them makes it complex. The good news is that the simplest and quick approach will be discussed here which allows you to answer any subnetting question with few seconds – helpful for exam and certification questions. Remember that always the simplest solution is the best one, as far as it solves the problem.The easiest way to subnet an address is by using the “magic number” method. Here’s how it works: In order to subnet, we need to know a couple things:The network address we’ll be subnettingHow many subnets or hosts we needRemember the rules of subnetting:You must borrow at least 2 bitsYou must leave at least 2 bitsWe must also be able to identify classes of addresses by looking at the first octet: 1 – 127 - Class A (127 reserved for loopback testing) 128 – 191 – Class B 192 – 223 – Class C (192 used for local intranets)Depending on the class, a portion of the address (Network) is assigned to us, the remaining portion is the Host portion we can use to subnet. Class A = N . H . H . H Class B = N . N . H . H Class C = N . N . N . HThe Host portion of an address (the H) is the octet(s) we can borrow from for subnetting.What does this mean? Take a Class C address: 200.100.11.0 (200 means Class C)The number in binary: 11001000 . 01100100 . 00001011 . 00000000Since this is a Class C, we’ll be borrowing from the LAST octet. (00000000)How many subnets do we want? Range = 11000000 to 11111100 (borrowing at least 2, leaving at least 2)You can determine your subnet(s) either by deciding how many subnets you want or how many hosts per subnet you want. Either way, the number of bits borrowed will be a power of 2: In a class C, if we borrow 4 bits (11110000), that’s 4 bits of subnetting. Number of subnets is 2 x 2 x 2 x 2 (2-to-the-4th) or 16 subnets. The number of hosts per subnet is determined by the bits not borrowed (the 0’s. In this case we have 4 zeros (2 x 2 x 2 x 2) or 16 hosts/subnet.To make life a little easier for you, you should be accustomed to the patterns of bits in a mask or any byte. So you can immediately determine a mask just by knowing how many bits are borrowed. In other words, you can do it “in your head” by using table 2 (again shown below)Turned on BitsBinary numberDecimal Equivalent0000000000110000000128211000000192311100000224411110000240511111000248611111100252711111110254811111111255Note that you cannot borrow only 1 or 7 or 8 in a Class C, but remember, if you have an A or B, your borrowing may span 2 or more octets, so in a Class B borrowing 9 bits (xxxxxxxx.xxxxxxxx.11111111.10000000), you should immediately know the mask by looking at the octets. (3rd is 255, 4th is 128)Now Back to the original problem:and we want to borrow 4 bits:11111111.11111111.11111111.11110000 is our mask.(Remember: The subnet mask is when all the network and subnet bits, if any, are set to 1)By looking at the binary representation, we know the mask in decimal is: 255.255.255.240What we must do now is determine what our network numbers are for each subnet. We borrowed 4 bits which gives us a mask of 240 (last octet): What is our “Magic Number”? The Magic Number is the increments of our subnet addresses. We obtain the magic number by subtracting the LAST NON-ZERO OCTET in our subnet mask from 256 (the number of possible numbers represented in 1 byte: 0-255 inclusive): …so, 256 – 240 = 16, our magic number.You can simply find the magic number by using table 1 of page 1. In our case, you borrow 4 bit, so the magic number is 2(8-4) = 16. Or you can easily find that the fourth number is 16 in table 1.The subnet mask is 255.255.255.240 (240 is simply found from table 2). The subnet mask can easily be represented as /28, which tell that 28 bits are used for network address.Now, let’s write out our network numbers, useable hosts and broadcasts:Network address (unusable as host IP)1st useable hostLast useable hostBroadcast address (unusable as host IP)200.100.11.0200.100.11.1200.100.11.14200.100.11.15200.100.11.16200.100.11.17200.100.11.30200.100.11.31200.100.11.32200.100.11.33200.100.11.46200.100.11.47200.100.11.48200.100.11.49200.100.11.62200.100.11.63200.100.11.64200.100.11.65200.100.11.78200.100.11.79200.100.11.80200.100.11.81200.100.11.94200.100.11.95200.100.11.96200.100.11.97200.100.11.110200.100.11.111200.100.11.112200.100.11.113200.100.11.126200.100.11.127200.100.11.128200.100.11.129200.100.11.142200.100.11.143200.100.11.144200.100.11.145200.100.11.158200.100.11.159200.100.11.160200.100.11.161200.100.11.174200.100.11.175200.100.11.176200.100.11.177200.100.11.190200.100.11.191200.100.11.192200.100.11.193200.100.11.206200.100.11.207200.100.11.208200.100.11.209200.100.11.222200.100.11.223200.100.11.224200.100.11.225200.100.11.238200.100.11.239200.100.11.240200.100.11.241200.100.11.254200.100.11.255Note: You add the magic number (16) to each network number to get the next subnet address. Remember, you have 2 subnets you cannot use: the very first and the very last. The first is a network subnet, the last is a broadcast subnet. We cannot use any IP’s on either of those subnets. Same rule applies to the first and last address on each subnet. However, today’s devices are configurable so that the first and the last networks can be used like the other networks.What about a Class B?Class B address are done the same, but remember you have the last 2 octets to work with:136.122.0.0, unsubnetted mask: 255.255.0.0Let’s write out the mask in binary: 11111111 . 11111111 . 00000000 . 00000000If I must borrow at least 2 host bits and leave at least 2 host bits, I can borrow from 2 to 14 bits (using the last 2 octets). Let’s borrow 9: 11111111 . 11111111 . 11111111 . 1000000Our mask is: 255.255.255.128This gives us: 2x2x2x2x2x2x2x2x2 (9 borrowed) or 512 subnets (510 useable) 2x2x2x2x2x2x2 (7 left) or 128 hosts / subnet (126/subnet useable) Magic number: 256 – 128 (last non-zero octet) = 128 or 2(8-1) = 128 or search in table 1 Original address: 136.122.0.0 Magic #128So, is the first useable address 136.122.0.128 or 136.122.128.0?Since the last non-zero octet was the last octet, that’s where we start our network increments:(cannot use)(added 128)136.122.0.256…….hang on!! Can’t do this!!!Here’s 136.122.0.0: 10001000.01111010.00000000.00000000256 is NOT a valid decimal number in 1 byte (range: 0 –255) 10001000.01111010.00000000.11111111 (That’s 255!)Now what?We roll over the next bit in the previous octet:10001000.01111010.00000001.00000000– the next subnet.. 136.122.1.128 (add 128)(add 128)… and so on.We are actually carrying the extra 1 from 256 (since we can only represent 255 in an octet) in the last octet, which increments the previous octet. What about a class A?It is a reading assignment left to students.Answer the following questionsIf you borrow 5 bits, find the magic number. Answer = 8If you have a mask of 255.255.255.252Find the magic number. Answer = 4How many bits left for hosts? Answer = 2If you have a magic number of 16, how many bits did you borrow? Answer = 16Assume you have ip address of 192.168.1.0/26. Fill the following work address (unusable as host IP)1st useable hostLast useable hostBroadcast address (unusable as host IP)Valid IP range in the networkAssume you have IP address of 192.168.1.0/27. Answer the following questionsClass: _______________Default mask: ____________________Number of network bits: ___________________Subnet mask: _________________Number of bits borrowed: ________________Number of networks created: _______________The magic number: ______________Number of host bits: ___________________Number of host per network: _________________Answer question d again for this IP addressAnswer question from a to j for 192.168.1.0/29Which of the following IP address are valid IP addresses?192.168.1.17/2910.1.1.47/2810.1.1.21/30172.16.1.96/28172.16.1.44/27172.16.31.79/2810.1.1.24/27It is common that subnetting looks complex for the first time you see it. Everybody feels that. However, it becomes simple as you practice more and more. You should practice subneting to the level you do it in your min (without writing on a paper). The best way to learn subnetting is through practices.Test your understanding of subnetting with real life scenarioIf you solve this problem correctly, that means you understand subnetting very well!Problem statement:You have recently accepted a promotion to the server support team at Kotebe University College (KUC). One of your first assignments is configuring the infrastructure service for its branch campus (assume KUC has a branch campus called Shola Campus).After a security review, your manager has asked you to calculate new subnets for its new branch campus (Shola Campus) to support segmenting network traffic. Assume Shola campus is currently configured with a single subnet. After a security review, Shola Campus network configurations are being modified to place servers on a separate subnet from the client computers. You need to calculate the new subnet mask and the default gateways for the subnets in Shola Campus.The current network for Shola Campus is 192.168.98.0/24. This network needs to be subdivided into three subnets that meet the following requirements:? One subnet with at least 100 IP addresses for clients.? One subnet with at least 10 IP addresses for servers.? One subnet with at least 40 IP addresses for future expansion.The main tasks for this exercise are as follows:1. Calculate the bits required to support the hosts on each subnet.2. Calculate subnet masks and network IDs.Task 1: Calculate the bits required to support the hosts on each subnet1. How many bits are required to support 100 hosts on the client subnet? ________2. How many bits are required to support 10 hosts on the server subnet? ________3. How many bits are required to support 40 hosts on the future expansion subnet? _______4. If all subnets are the same size, can they be accommodated? (Yes/No) ________5. Which feature allows a single network to be divided into subnets of varying sizes? ____________________________________________________________6. How many host bits will you use for each subnet? Use the simplest allocation possible, which are one large subnet and two equal-sized smaller subnets.Task 2: Calculate subnet masks and network IDs1. Given the number of host bits allocated, what is the subnet mask that you will use for the client subnet? Calculate the subnet mask in binary and decimal.The client subnet is using 7 bits for the host ID. Therefore, you can use 25 bits for the subnet mask. Write the subnet mask on the next table.BinaryDecimal2. Given the number of host bits allocated, what is the subnet mask that you will use for the server subnet? Calculate the subnet mask in binary and decimal.The server subnet is using 6 bits for the host ID. Therefore, you will use 26 bits for the subnet mask. Write the subnet mask on the next table.BinaryDecimal3. Given the number of host bits allocated, what is the subnet mask that you can use for the future expansion subnet? Calculate the subnet mask in binary and decimal.The future expansion subnet is using 6 bits for the host ID. Therefore, you will use 26 bits for the subnet mask.BinaryDecimal4. For the client subnet, define the network ID, first available host, last available host, and broadcast address. Assume that the client subnet is the first subnet allocated from the available address pool. Calculate the binary and decimal versions of each address and fill the result in the following table.DescriptionBinaryDecimalNetwork IDFirst hostLast hostBroadcast5. For the server subnet, define the network ID, first available host, last available host, and broadcast address. Assume that the server subnet is the second subnet allocated from the available address pool. Calculate the binary and decimal versions of each address and fill the result in the next table.DescriptionBinaryDecimalNetwork IDFirst hostLast hostBroadcast6. For the future allocation subnet, define the network ID, first available host, last available host, and broadcast address. Assume that the future allocation subnet is the third subnet allocated from the available address pool. Calculate the binary and decimal versions of each address and fill the result in the next table.DescriptionBinaryDecimalNetwork IDFirst hostLast hostBroadcastPart II: Introducing switches and routers initial configurationNavigating in Cisco IOSOnce, you have connected to your Cisco switch or router console port, and power up the device you will see some information displayed during the start of the device. If the device has no initial configuration you are presented with:Pic. 1 - System Configuration DialogYou can safely cancel this request as its capability to configure the device is not very impressive. Instead, you are going to do things all professionals do: command after command.What follows is bunch of messages sent to the screen and after hitting the Enter key few times you get something like this (here is the router, but a switch would introduce itself as ... Switch> ):Router>IOS Modes (contexts)This prompt of the device tells you in which 'context' you are, and the one above with the '>' character is known as 'user exec mode' or 'privilege level 1?mode'. You can't configure much in this mode of operation. It is designed as a 'monitoring' mode not a 'configuration' one. Also, the monitoring capability is limited. For instance, you can't see the running configuration of the device.Type in the following command:Router>enableRouter#The prompt changes to '#' which is called 'privileged exec mode', 'enabled mode' or sometimes 'privilege level 15?mode'. I would like to draw your attention to two things here. Both modes of operation (or contexts, if you like) have two things in common:They are used primarily to?monitor?the device (you will be using 'show' and 'debug' commands in those modes).They are context for immediate execution of your commands. If the syntax is correct, system executes the command immediately.Those two modes differ from one another as well:User Exec Mode?- is limited in terms of what information will be available.Enabled Exec Mode?- gives the operator ALL information (like root or Administrator account on a computer).Question Mark?As the commands take many attributes your best friend is the question mark '?'. This help is known as the 'context-sensitive help'. This means that depending on which context you use, while typing a question mark (?) the system is going to list the commands that can be executed in that particular mode of operation. ConfigurationsIn order to configure things in Cisco IOS (except for some minor changes), you must enter the 'global configuration mode' first which is characterized by the following prompt:Router(config)#This context can be accessed by typing the following command in the 'privileged exec mode':Router#configure terminalWhatever you configure this particular mode it is going to be applied to the device?as a whole unit(e.g. hostname, default gateway on a switch etc.).If you want to enter the context of the interface to configure it with some parameters like ip address, speed, duplex, description etc. , you must enter that interface from the global configuration mode like the one below:Router(config)#interface fastethernet1/0If you do not know what interfaces your device has, type the following command in the enabled mode:Router#show ip interface briefAs you see, in the 'global configuration mode' I did the following actions in order to access the context of the interface:Entered the interface?type?(here: Fast Ethernet).Referenced the?module number?(here: 1)Referenced the?port number?in the module 1 (here: 0)Please, note that routers count ports starting from 0, switches starting from 1.You'll learn other contexts as we go through numerous labs.AbbreviationsYou don't have to type in the full words of the commands and certain attributes that follow the commands. For instance, instead of typing:Router#configure terminalRouter(config)#You can type:Router#conf tRouter(config)#As long as the abbreviation uniquely describes which command you want to use, the system has no problem accepting it.Shortcuts And KeystrokesWhen you type enough of the characters that uniquely identify the command in a given context you can use 'tab' key and the system is going to complete the command on the screen for you (just like in Linux).use the following keystrokes while editing the commands:CTRL-z - takes the cursor back to the 'enabled exec' mode from any other contextCTRL-a - takes the cursor to the beginning of the lineCTRL-e - takes the cursor to the end of the lineCTRL-k - erases everything to the right of the cursorCTRL-u - erases everything to the left of the cursorUpper Arrow or CTRL-P - displays previous command from the history bufferLower Arrow or CTRL-N - displays next command from the history bufferSystem keeps the record of up to ten (default) commands you typed in. You can increase/decrease the history buffer up to 256 commands.If you want to check the history buffer size, type in:Router#show terminal | include historyChanging the buffer size can be accomplished with the following command in the 'enabled mode'Router#terminal history size 256The above command?will increase the size of the history buffer to 256 commands.If you want to see the buffer (which commands were typed) use this command:Router#show historyPractice commands so far until you are confident with the content of this lesson before you proceed to the next one.Initial Configuration of Cisco Switch and RouterUnderstanding technologies requires a skill. But the best definition of what a skill is, could be summarized in?five words:?knowledge and one thousand repetitions.In this lesson, there is no real technology to explain. Instead, you will get familiar with some useful commands we use very often while configuring our routers and switches. This practical?exercise?however, is going to help sharpen your skills obtained in the?previously.Take a look at our simple topology first:And here's our plan for the initial configuration.?Configure the host names on both the switch and the router (SW1 and R1 respectively).When you mistype the command in the 'enabled mode' the IOS is trying to resolve this name to ip address. Disable that name resolution.Protect the 'privileged exec mode' with clear text password. Use 'cisco_enable' as your password.Encrypt the password with 'over-shoulder' algorithm.Protect the access to the console port 0. Use 'cisco_console' as your password.Configure the console port 0, so it disconnects you after 5 min. 30 sec. of idleness.Configure the console port 0 such that system messages sent to the screen do not interfere with what you are typing.After careful consideration you decide to use the most secure access to the 'privileged exec mode'. Disable the previous method and configure the same password using MD5 algorithm to encrypt the password.On the switch assign ip address (use: 192.168.1.253/24) on the management interface Vlan 1.Configure the switch to use the default-gateway (address of the default gateway: 192.168.1.254/24) in case it is managed remotely from another subnet or network.Enable the router's interface FastEthernet1/0. Use 192.168.1.254/24 address.Enable the interface facing the Internet Serial0/1 (we pretend it is the public interface). Use ip address 172.31.1.1/30.Enable the remote access to your devices via telnet. Use password 'cisco_remote'.After careful consideration you decide to use ssh as the remote access method rather than telnet. Configure that.Save the configuration on both switch and the router so it is available after reload/power cycle.Solution:1. Configure the host names on both the switch and the router (SW1 and R1 respectively).?Most of the steps are identical on a switch and a router. ?That is why I'm presenting, router's configuration only. You have to repeat them on the switch yourself. If the configuration of the switch is different, it is presented as well (step 9 and step 10).If your prompt shows the user mode '>' you must enter the privileged mode first by typing 'enable':Router>enableRouter#Then, in order to set the host name on the router you must enter the 'config mode' (you can abreviate the command to 'conf t'):Router#configure terminalRouter(config)#Finally, you type in:Router(config)#hostname R1R1(config)#NOTICE!The commands take effect immediately as long as their syntax is correct.2. When you mistype the command in the 'enabled mode' the IOS is trying to resolve this name to ip address. Disable that name resolution.?R1(config)#no ip domain-lookup3. Protect the 'privileged exec mode' with clear text password. Use 'cisco_enable' as your password.R1(config)#enable password cisco_enable4. Encrypt the password with 'over-shoulder' algorithm.R1(config)#service password-encryption5. Protect the access to the console port 0. Use 'cisco_console' as your password.In order to do that you have to change the context from 'config mode' to 'line console 0' mode. Pay attention to the prompt! The 'login' keyword is going to prompt the user for the password.NOTICE!the 'no login' command would allow the user to access the console 0 WITHOUT asking for the password even if one was configured.R1(config)#line console 0R1(config-line)#password cisco_consoleR1(config-line)#login6. Configure the console port 0, so it disconnects you after 5 min. 30 sec. of idleness.We're still in console 0 prompt so, we can continue configuring console 0.R1(config-line)#exec-timeout 5 30R1(config-line)#If you wanted the console line 0 to never disconnect you during the time of idleness, you would use:exec-timeout 0 0.7. Configure the console port 0 such that system messages sent to the screen, do not interfere with what you are typing.By default, all system messages are sent to the console 0 and they may interfere with what you are currently typing on the console 0 line. If you are accessing the device via telnet/ssh (remotely), you do not see any messages. If you want to see them on the vty lines (remote connection via telnet/ssh), you must type in: 'terminal monitor' in the 'enabled mode'. Here is the command to satisfy the step 7 in our design:R1(config-line)#logging synchronous8. After careful consideration you decide to use the most secure access to the 'privileged exec mode'. Disable the previous method and configure the same password using MD5 algorithm to encrypt the password.As we are still in the line console 0 context (look at the prompt), we need to step back to the 'config mode', and then remove the previous 'enable' password. Next we will proceed with md5 password configuration. If you did not remove the previous 'enable password', system is going to use the more secure one anyway.R1(config-line)#exitR1(config)#no enable passwordR1(config)#enable secret cisco_enable9. On the switch assign ip address (use: 192.168.1.253/24) on the management interface Vlan 1.I assume that you have completed the steps 1-8 on BOTH router and switch. The commands and prompts will be identical. Now, you can assign ip address on Vlan 1 interface.SW1>enableSW1#conf tSW1(config)#interface vlan 1SW1(config-if)#ip address 192.168.1.253 255.255.255.0SW1(config-if)#no shutdown10. Configure the switch to use the default-gateway (address of the default gateway: 192.168.1.254/24) in case it is managed remotely from another subnet or network.We need to step back to 'config mode' from interface Vlan1 mode to accomplish the task.SW1(config-if)#exitSW1(config)#ip default-gateway 192.168.1.25411. Enable the router's interface FastEthernet1/0. Use 192.168.1.254/24 address.R1(config)#interface f1/0R1(config-if)#ip address 192.168.1.254 255.255.255.0R1(config-if)#no shutdown12. Enable the interface facing the Internet Serial0/1 (we pretend it is the public interface). Use ip address 172.31.1.1/30.Even though we are currently in F1/0 interface context (look at the prompt), we can jump directly towards s0/1 without typing 'exit' first. If you use real routers (not simulation), one end of the connection must use DCE cable and the other DTE cable. They are connected back-to-back and DCE interface must be set up with the clock rate.R1(config-if)#interface s0/1R1(config-if)#ip address 172.31.1.1 255.255.255.252R1(config-if)#no shutdown13. Enable the remote access to your devices via telnet. Use password 'cisco_remote'.Remote access connections are service by special, virtual lines called vty. Here, we will use vty lines 0 through 4, allowing only five concurrent connections via telnet.R1(config-if)#line vty 0 4R1(config-if)#password cisco_remoteR1(config-if)#login14. After careful consideration you decide to use ssh as the remote access method rather than telnet. Configure that.This is going to be the most complex part in our lab. Below are four steps need to complete the task.a) Configure system domain-name. Without the domain name, IOS cannot generate rsa keys used for encryption and decryption (public/private). The domain name can be any name you choose to use (here: ccna.local) but company's real name is a good idea.R1(config-line)#exitR1(config)#ip domain-name ccna.localR1(config)#b) When you type the below command the system will ask you what should be the length of the keys. Choose 1024 value. IOS will take a few seconds to generate them and automatically start SSH server. Wait till it's done.R1(config)#crypto key generate rsaR1(config)#c) Create a user account that will be used for ssh access (here: user=admin, password=S3cr3t).R1(config)#username admin password cisco_remoteR1(config)#d) Enable ssh protcol and disable telnet on vty lines 0 4. Make sure that ssh will use locally created user (admin) for ssh connections. This is done using 'login local' command.R1(config)#line vty 0 4R1(config-line)#transport input sshR1(config-line)#login localR1(config-line)#endR1#15. Save the configuration on both switch and the router so it is available after reload/power cycle.R1#copy running-config startup-config?Note: students should practice the above commands with their Cisco Packet Tracer before the next lab.Part III: Static RoutingIn this lab, I'm going to show you how you can use static routes effectively in different topologies. All Cisco routers have the routing capability turned ON by default. The command responsible for this is:router(config)#ip routingThis allows a router to create and use the routing table the moment we enable and configure at least two interfaces.NOTICE!Some subnets and networks are simulated by means of creating and configuring virtual interfaces (Loopback) in my topology.Pic. 1 - Routing Topology 1Directly Connected NetworksIn the topology used (pic. 1), the routers have been assigned IP addresses and the interfaces are up. Since the routing process is enabled (ip routing) the directly connected subnets/networks show in the routing table immediately. Look at R1's routing table:Pic. 2 - Directly Connected Networks.The problem is with the destinations that are NOT connected directly to a router (remote). A router does not know anything about these by default. There are two ways of "teaching" a router about remote networks or subnets:Applying static routing (manual method)Applying dynamic routing (a routing protocol that distributes information automatically)Static RoutingThere are pros and cons of using manual method. In complex scenarios (with redundant connections), more often than not, we use dynamic routing protocols. But there are situations in which static routing is good or perhaps the best solution.Consider our example. R4 and R5 are connected to so called stub networks. A stub network has only one way in and out (one path). Some routers used in such designs are relatively cheap and may not even have enough hardware resources to run a dynamic routing protocol (such as OSPF or EIGRP). Then, installing static routes is the only option possible. Also, imagine your broadband router (your home network is also the stub-like if you're connected to one ISP). This router does not have the paths to each and every destination on the Internet. It uses a form of static route instead known as: default route. More on the default route later in the post.Let's look at the syntax which allows us to instruct a router about remote networks and subnets manually.Pic. 3 - Static Route Command Version 1.Let's read what this command does.?"IP route towards class C network 192.168.1.0/24 can be reached by sending packets to a next-hop router out the serial0/2 interface."The last parameter used shows the router which interface should be used to send the packets out. If you configure the outbound interface instead of the IP address of the next-hop router in the path, this connection must be point-to-point (not multiaccess).In case, the router's egress (outbound) interface is multiaccess link (Ethernet, Frame-Relay, ATM etc.), we must NEVER use local interface but IP address of the next-hop router instead. If you do not follow this recommendation, the router will try to resolve the layer 3 to layer 2 address for every destination out that interface. This leads to serious inefficiency and shows little understanding of routing operation of a person who used it.If the router must send the packet to the next router in order to get to the destination (egress interface is multiaccess), the 'ip route' command should look like the example below (pic. 4).Pic. 4 - Static Route Command Version 2.Let's configure our routers so they can reach all networks int the topology used (pic. 1).NOTICE!The routing works in both directions. This means that the router receiving packet to its directly connected network/subnet must know the returning path to the sender of the packet (source).Configuration on R1Step 1Reachability towards 172.31.2.0/24. The next-hop router is R2. The outbound interface is multiaccess link (F1/0). The order of statements does not matter. Configuring the remaining routers I will use a more logical approach than on R1.R1#configure terminalR1(config)#ip route 172.31.2.0 255.255.255.0 172.31.123.2R1(config)#Step 2Reachability towards 172.31.3.0/28 and 172.31.16.0/28. The same egress interface (F1/0).R1(config)#ip route 172.31.3.0 255.255.255.240 172.31.123.3R1(config)#ip route 172.31.3.16 255.255.255.240 172.31.123.3R1(config)# Step 3Reachability towards 192.168.4.0/24. The egress interface is point-to-point (S0/2 running HDLC protocol). I can use either the next-hop IP address or the local interface s0/2.R1(config)#ip route 192.168.4.0 255.255.255.0 s0/2R1(config)#Step 4In order to reach Branch2 network 192.168.5.0/24, R1 must use R2 as the gateway. Even though R2 does not know how to get there now, I will configure it and then configure R2 to reach all networks and subnets (including 192.168.5.0/24).R1(config)#ip route 192.168.5.0 255.255.255.0 172.31.123.2R1(config)#Step 5Reachability to the point-to-point subnet between R2 and R5 (172.31.25.0/24).R1(config)#ip route 172.31.25.0 255.255.255.0 172.31.123.2R1(config)#Would you know how to configure R2 and R3 using R1's configuration as an example? Give it a try. If you can't do it yet, just follow the configuration presented below.Configuration on R2Step 1Reachability to networks/subnets via R1.R2#configure terminalR2(config)#ip route 172.31.1.0 255.255.255.0 172.31.123.1R2(config)#ip route 172.31.14.0 255.255.255.0 172.31.123.1R2(config)#ip route 192.168.4.0 255.255.255.0 172.31.123.1R2(config)#Step 2Reachability to networks/subnets via R3.R2(config)#ip route 172.31.3.0 255.255.255.240 172.31.123.3R2(config)#ip route 172.31.3.16 255.255.255.240 172.31.123.3R2(config)#Step 3Reachability to network via R5.R2(config)#ip route 192.168.5.0 255.255.255.0 s0/2R2(config)#Configuration on R3Step 1Reachability to networks/subnets via R1.R3#configure terminalR3(config)#ip route 172.31.1.0 255.255.255.0 172.31.123.1R3(config)#ip route 172.31.14.0 255.255.255.0 172.31.123.1R3(config)#ip route 192.168.4.0 255.255.255.0 172.31.123.1Step 2Reachability to networks/subnets via R2.R3(config)#ip route 172.31.2.0 255.255.255.0 172.31.123.2R3(config)#ip route 172.31.25.0 255.255.255.0 172.31.123.2R3(config)#ip route 192.168.5.0 255.255.255.0 172.31.123.2R3(config)#As for the routers R4 and R5 they connect stub networks. In order to simplify the configuration on these and reduce the number of entries on them, I am going to use a special type of static route called: the default route.Pic. 7 - Default Route Example.The destination IP address 0.0.0.0 (unknown) represents all destinations which cannot be found in the routing table. This address uses the network mask of all zeros (0.0.0.0). As long as the router does not have the best match in the routing table for a given destination ('subnet not in table') the default route is going to be used instead. It is the 'gateway of last resort'. Like previously explained, on point-to-point links you can use the outbound interface instead of the address of the next-hop router.Applying default routes is going to be easy.Configuration on R4Step 1Packets for all unknown destinations send via R1.R4(config)#ip route 0.0.0.0 0.0.0.0 s0/2R4(config)#Configuration on R5Step 1Packets for all unknown destinations send via R2.R5(config)#ip route 0.0.0.0 0.0.0.0 s0/2R5(config)#Now you can test your network by using ping command in the above network.Look what the routing table shows when default route has been added (pic. 9).Pic. 9 - Routing Table with Default Route. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download