CISCO IOS
Introduction
Cisco IOS (originally Inter network Operating System) is the software used on the vast majority of Cisco Systems routers and all current Cisco network switches.
IOS is a package of routing, switching, internetworking and telecommunications functions
First IOS was written by William Yeager.
d p r o t o c o l
t r a n s l a t i o n
s e r v i c e s .
T h e s e s e r v i c
Access Support The Cisco IOS software access support encompasses remote access and protocol translation services. These services provide connectivity to Terminals Modems Computers Printers Workstations
Various network configurations exist for connecting these network resources over LANs and wide area networks (WANs). LAN terminal service support is as follows:
TCP/IP support for Telnet and rlogin connections to IP hosts. TN3270 connections to IBM hosts. LAT connections to DEC hosts.
For WANs, Cisco IOS software supports four flavors of server operations:
Connectivity over a dial-up connection supporting
- AppleTalk Remote Access (ARA) - Serial Line Internet Protocol (SLIP) - Compressed SLIP (CSLIP) - Point-to-Point Protocol (PPP) - X remote, Network Computing Device's (NCD) X Window System terminal protocol
Asynchronous terminal connectivity to a LAN or WAN using network and terminal emulation software supporting Telnet, rlogin, DEC's Local Area Transport (LAT) protocol, and IBM TN3270 terminal protocol. •Conversion of a virtual terminal protocol into another protocol, such as LAT-TCP or TCP-LAT communication between a terminal and a host computer over the network. •Support for full Internet Protocol (IP), Novell Internet Packet Exchange (IPX), and AppleTalk routing over dial-up asynchronous connections.
Performance Optimization
Cisco IOS software has two features that can greatly enhance bandwidth management, recovery, and routing in the network.
These two features are dial-on-demand access (DDA) and dial-on-demand routing (DDR). DDA is useful in several scenarios. These are •Dial backup •Dynamic bandwidth
Management
Cisco IOS software supports the following protocols: The two versions of Simple Network Management Protocol (SNMP) for IP-based network management systems The Common Management Interface Protocol (CMIP)/Common Management Interface Service (CMIS) for OSI-based network management systems IBM Network Management Vector Transport (NMVT) for SNA-based network management systems
o r k
Figure represents as core, distribution, and access. These a r c functional characteristics make up Cisco's router inter h i network architecture. t e c t u r e .
Core • The routers that comprise the core layer of the architecture are often referred to as the backbone routers. These routers connect to other core routers, providing multiple paths over the backbone between destinations. • These routers carry the bulk of WAN traffic between the distribution routers. Core routers are usually configured with several high-speed interfaces, as shown in Figure 2-2.
Distribution The distribution router may act solely as a distribution router for a region or campus, managing only the transmission of data between the core and the access layers.
Access • The outer layer of the architecture is the access layer. It is at this layer that end users gain access to the network resources connected by the routers. • A typical example for using access routers is in large buildings or campuses. As depicted in Figure 2-4, access routers connect workgroups and/or floor segments within a building to the distribution router. Access routers also provide remote dial-up connectivity for temporary connections.
IOS is responsible for.. Carrying
network protocols and functions Connecting high speed traffic between devices Adding security to control access and stop unauthorized network Providing scalability for ease for network growth and redundancy
The 2501 router has two serial interfaces: one for WAN connection and one Attachment Unit Interface (AUI) connection for a 10Mbps Ethernet network connection. This router also has one console and one auxiliary connection via RJ-45 connectors.
Components in Router Motherboard MP
(Motorola ) SMPS Chipset Memory
Dynamic
Ram – To store current configuration
NVRAM
– To save the saved configuration
Flash
– To store IOS in router
Booting Process of IOS Boots
up from Flash ROM Check for configuration in NVRAM If saved configuration present in NVRAM No contents in NVRAM, it starts up new configuration file.
Console
Port Auxiliary Port VTY Line
IOS Configuration Mode Dialogue
Configuration Mode Command Line Interface
Command Line Interface User
Execution Mode
View
some basic statistics of the router Cannot do advanced configuration Privilege View
execution mode or enable mode
all possible statistic of router Do some changes which is applicable for that router only Will not affect other configured router
Global
Execution Mode
Changes
Line
which are common for the routers
Configuration Mode
Console
Line Auxiliary Line Vty Line
Interface
configuration Mode Sub Interface configuration mode
2801 Cisco Router
Routing
Basic Commands
USER EXECUTION MODE ? -> help command. S? -> Displays all commands which starts with ‘s’ Show clock -> Shows the clock settings Show terminal -> Display history buffer size. Show version - > Displays the version of your router. Terminal History size <size> - >Allows you to change the history buffer size Show history -> List last 10 commands typed by the user.
Privilege execution mode Router
> enable - To enter into privilege mode from user execution mode
Disable
– To exit to user execution mode from privilege mode
Show
running-config – To show the contents of dynamic RAM
Show
startup-config – To show the contents of NVRAM
Show Flash – To show the contents of flash memory
Show interface <E0/S0/S1> - To view status information about the particular interface.
Show Ip interface brief – To view the status information of all interfaces of router.
Show controllers [s0/s1] – To know about the DCE/DTE end of the serial interface
Copy running-config startup-config – To copy the contents from Dynamic RAM to NVRAM.
Copy
startup-config running-config - To copy the contents of NVRAM to dynamic RAM
Copy
Flash TFTP – To take back up copy of the contents in flash to TFTP server. It will prompt for TFTP server IP address
Copy
startup-config TFTP – To take back up copy of NVRAM in TFTP
Copy
running-config TFTP – To take back up copy of Dynamic RAM in TFTP.
Copy
TFTP Flash – To restore IOS from TFTP to flash Copy TFTP startup-config – To restore contents from TFTP to NVRAM. Copy
TFTP running-config – To restore from TFTP to Dynamic RAM
Configure
terminal/ configure t/ config t – To enter into your global execution mode.
Global Execution Mode Hostname
[hostname] – change the
hostname. Boot system TFTP
Boot system Flash – Boots IOS from flash.
Enable
password <pass word> - Sets password for enable mode
Enable
secret <password> - Encrypts the enable mode password
Service
password-encryption – Encrypts all the line (console, vty, aux ) passwords.
Hostname
router
- Setting Identity for the
Line configuration (Config)#
Line console 0 (Config-Line)# password <password> (Config-Line)# Login (Config-Line)# exit
Auxiliary Line (Config)#
Line aux 0 (Config-Line)# password <pass word> (Config-Line)# Login (Config-Line)# exit
Telnet Line (Config)#
Line vty 0 4 (Config-Line)# password <pass word> (Config-Line)# Login (Config-Line)# exit
Router Interface (Config)#
int E0 (Config-if)# ip address <subnet mask> (Config-if)# no shutdown (Config-if)# exit
Serial Interface Config)#
int <S0/S1> (Config-if)# ip address <subnet mask> Config-if) # Clock rate (if DCE end) (Config-if)# no shutdown (Config-if)# exit
Troubleshooting Tools Ping
Traceroute Telnet
Routing Definition Routing
is used for taking a packet from one device and sending it to another device on a different network.
A
routing protocol is used by routers to dynamically find all the networks in the inter network and ensure that all routers have the routing table.
Destination
address Neighbor routers from which it can learn about remote networks Possible routes to all remote networks The best route to each remote network How to maintain and verify routing information.
Three Types of Routing Static
Routing Default routing Dynamic Routing
Static Routing
Static
Routing occurs when you manually add routes in each routers routing table.
Syntax of Static Routing Ip
route – Command used to create static route Destination network – Network you are going to place in routing table Next hop-address – The address of next hop router that will receive the packet and forward it to remote network Administrative Distance – Static Routing has the default administrative distance of 1 Permanent – choosing the permanent option keeps the entry in routing table no matter what happens.
Default Routing Used
to send packets with a remote destination network not in the routing table Used in networks with single exit paths.
Syntax for default Routing Router
(config)# Ip route 0.0.0.0 0.0.0.0
Dynamic Routing
Dynamic
routing is where protocols find the networks and update routing tables on routers
Routing Protocols
Distance
Vector Protocols Link state Protocols Hybrid Protocols
Distance Vector Protocols Distance
Vector protocols find the best path to remote network by judging the distance.
The
route with least number of hops to the network is determined to be the best route.
They
send entire routing table to directly connected neighbors
RIP
and IGRP are distance vector protocols
Difference Between RIP & RIPV2 RIP
V1-
Distance
vector Maximum hop count of 15 Classful RIP
V2 –
Distance
vector Maximum hop count of 15 Classless Administrative
Distance : 120
IGRP (Interior Gateway routing protocol) Cisco
Proprietary protocol Distance vector protocol Maximum hop count 255 with default of 100 Updates routing messages every 90seconds by default Uses Autonomous system number (1 – 65,535) Uses Bellman Ford Algorithm Administrative Distance - 100
IGRP IGRP
–
Can
be used in large inter networks Uses an autonomous number for activation Full route table update every 90seconds Administrative distance of 100 RIP
–
Works
best in small networks Do not Use autonomous system number Update every 30seconds Administrative distance of 120
Verifying your configurations Show
ip protocols
Shows
you the routing protocols that are configured on your router
Debug
ip Rip
Sends
routing updates as they are sent and received on on the router.
Debug
ip Igrp events
Routing
Debug
information that is running on the network
ip Igrp transactions
Message
update.
request from neighbor routers asking for an
Link state Protocols Link
state protocols send updates containing the state of their own links to all other routers on the network
Maintains
three tables. 1) Keep tracks of directly connected neighbors. 2) determines the topology of entire internet work 3) Routing table
Link
state know more about inter network than distance vector protocols
Hybrid Protocols Combination
of both distance vector and link state protocols EIGRP is an example for hybrid protocol
EIGRP Features Cisco
proprietary protocol Uses Autonomous number system Unlike IGRP includes Subnet mask in its route updates Hybrid Routing protocol Maximum hop count of 255. Administrative distance -90
Main Features of EIGRP Supports
IP, IPX and Apple Talk Considered Classless Support for VLSM Efficient neighbor discovery Communication via Reliable Transport Protocol (RTP) Best path selection via Diffusing Update Algorithm (DUAL)
Protocol Dependent Modules EIGRP
supports multiple network layer protocols : IP, IPX and Apple talk Different Network layer Protocols are supported using PDM’s. PDM will maintain a separate series of tables containing the routing information that applies to specific protocol. IP/EIGRP, IPX/EIGRP, Apple talk/EIGRP
Neighbor Discovery Three
conditions that must be met for neighborship establishment Hello
or ACK received AS number match Identical metrics
Neighbor Discovery Link
state protocols tend to use Hello messages to establish neighborship Only time EIGRP advertises its entire routing table is when it discovers a new neighbor and forms an adjacency with it through the exchange of hello packets Both neighbors advertise their entire routing tables to one another After learning its neighbors routes, only changes to the routing table are propagated from then on.
Terms to remember Feasible
distance – This is the best metric along all the paths to a remote network
Reported
Distance – This is the metric of remote network as reported by neighbor
Neighbor
table – Each router keeps state information about adjacent neighbors
Topology table
– It contains all destination advertised by neighboring routers.
Feasible Successor & Successor Feasible
successor- It is a path whose reported distance is less than the feasible distance and it is considered a backup route.
Successor
– A successor route is the best route to a remote network. A successor route is used by EIGRP to forward traffic to a destination and is stored in the routing table. It is backed by feasible successor that is stored in topology table.
Diffusing Update Algorithm EIGRP
uses Diffusing Update Algorithm (DUAL) for selecting and maintaining the best path to each remote network. Backup
route determination Support for VLSM Queries for an alternate route if no route can be found.
EIGRP Tables Neighbor
table – Records information about routers with whom neighborship relationship have been found
Topology
table – Route advertisements about every route in the inter network received from each neighbor
Route
table- stores the route that are currently used to make routing decisions.
EIGRP Trouble shooting commands Show
ip route – Shows the entire routing table
Show
ip route eigrp – Shows only EIGRP entries in the routing table
Show
ip eigrp neighbors – Show all EIGRP neighbors
Show
ip eigrp topology – Shows entries in the EIGRP topology table
Show ip Eigrp Neighbor
H – indicates the order in which the neighbor was discovered Hold Time – How long this router will wait for the Hello packet to arrive from a specific neighbor Uptime – indicates how long the neighborship was established Smooth round trip timer – Time it takes for a round trip from this router to its neighbor and back. RTO – Amount of time EIGRP waits before retransmitting a packet. Q – Outstanding messages in the queue Seq – Sequence number of the last update from that neighbor
Show ip Eigrp Topology P
(Passive) – Route is in passive state, which is good
Active
State – Router has lost its path to this network and searching for replacement.
OSPF (Open Shortest Path First) Open
standard routing protocol Suitable for large network Maintain multiple paths Consists of areas and autonomous number Minimizes routing update traffic Supports VLSM Has unlimited hop count Uses Dijkstra algorithm. Administrative Distance – 110
OSPF terms
Router ID – It is an IP address used to identify the router. Highest IP address of all configured loop back interface. If no loop back interface, then Highest IP address of all active interface is considered.
Neighbors – They are two or more routers that have an interface on a common network such as two routers connected point to point serial link
Adjacency – It is a relationship between two OSPF routers that permits the direct exchange of route updates
Designated Router Designated
Router – A designated router is elected whenever OSPF routers are connected to the same multi access network.
They
are networks with multiple recipients.
Back up Designated Router
A
standby for the Designated router on multi – access links
Scenario Router
A
E0
– 192.168.1.70/26 S0 – 192.168.1.5/30 Router
B
E0
– 192.168.1.40/27 S0 – 192.168.1.6/30 Router E0
C
– 192.168.18/28 S0 -192.168.1.10/30
Syntax
Router (config)# Router OSPF (PID – 1-65,535) Router (Config –Router)# network <Wild cardmask> Area ID – 0- 4.2million
Wild card Mask Table
/25
/26 127 63
/27 /28 31 15
/29 7
/30 3
Verifying OSPF configuration Show
ip OSPF – Displays OSPF information for one or all OSPF process running on the router
Show
ip ospf interface – Displays all interface related OSPF information.
Show
ip ospf neighbor – Regarding neighbor details. If DR or BDR exists that information will also be displayed
Access List List
of conditions that categorize packets Exercise control over network traffic Implementing security policy Basically packets are compared, categorized and acted upon accordingly They can applied to either inbound or outbound traffic on any interface
Few important Rules
Packets are always compared with each line of the access list in sequential order. Starts with the first line of the access list, then go to second line, 3 and so on.
Compared with line of the access list only until a match is made. Once the matches the condition on a line of the access list. The packet is acted upon and no other comparison takes place.
“Implicit Deny” at the end of each access list means that if a packet doesn’t match the condition on any of the lines in the access list, the packet will be discarded.
Types of Access List Standard
Access List
Uses
only the source IP address in an IP packet as the condition test Based on the Source IP address Configured near to destination. Extended
Access List
Condition
based upon Source IP, destination IP, protocols and port number. Configured near to source.
Named Access List Represents
set of statements by name Can delete single statement
Standard Access List - Syntax Router
(Config)# Access-List [Acl no] [ Permit/ Deny] [Source IP (W.M)]
Router
(config)# int [E0/S0/S1] Router (config-if)# ip access-group [Acl no] [in/out] Acl
no : 1-99, 1300 - 1999
Access List – Named syntax Router
(config)# ip access-list [Standard/extended] [name] Router (config-std-nacl)# [permit/deny] [source IP (W.C.M)]
Standard Access List - Scenario
Router A – 192.168.1.0 Router A – 192.168.2.0 Router B – 192.168.3.0 Router B – 192.168.4.0
Configuration Router B (Config)# Access-List 10 deny 192.168.1.0 0.0.0.255 Router B (Config)# Access-list 10 deny 192.168.2.5 0.0.0.0 (or) Router B (Config)# Access-list 10 deny host 192.168.2.5 Router B (config)# Access-list 10 permit any
Interface Configuration Router B (config)# int E0 Router B (config)# Ip access-group 10 out.
Extended Access List - Syntax Access-list
permit [IP/ICMP/Telnet] source [IP address] [wild card mask] destination [IP address] [wildcard card mask] eq port no
Access
List number range 100 -199, 2000-2699
Extended Access List Configuration Router A (config)# Access-list 101 deny IP 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 Router A (config)# Access-list 101 deny ICMP host 192.168.2.1 host 192.168.3.5 Router A (config)# Access-list 101 permit any any
Interface Configuration Router
A (Config)# int s0 Router A (config-if)# ip access-group 101 out
Switching Layer
2 device Uses MAC address for switching Hardware based Switching called ASIC (Application specific integrated circuit) Switches has private dedicated collision domains. Independent bandwidth on each ports.
Bridge vs. Switch Bridges
are software based while switches are hardware based (ASIC) A switch is an multi port bridge Dedicated bandwidth for each interface in switch, but in bridge the bandwidth is shared Bridges and switches learn MAC addresses by examining the source address of each frame received Both bridges and switches make forwarding decision based on layer 2 address
Three Function of Switch Address
Learning – Switches and bridges remember the source hardware address of each frame received on an interface and they enter this information into MAC database called forward/filter table
Forward / Filter Decision Frame
is received on a interface, the switch looks at the destination hardware address and finds the exit interface in the MAC database. The frame is only forwarded to that specified destination port
Loop Avoidance If
multiple connections between switches are created for redundancy purpose, network loops occur. Spanning Tree protocol is used to stop network loops
LAN switches Types Cut
through (Fast Forward) – Switch only waits for destination hardware address to be received before it looks up the destination address in the MAC filter table Sometimes known as Fast Forward method.
Fragment Free It
is commonly known as Commonly cutthrough
The
switch checks first 64bytes of a frame before forwarding it for fragmentation.
Store and Forward In
this mode, the complete data frame is received on the switch buffer, a CRC is run and if the CRC passes, the switch looks up the destination address in the MAC filter table
STP (Spanning Tree Protocol) STP
uses Bridge packet Data Unit Root Bridge – Bridge with best Bridge ID Root bridge is elected using Bridge Priority number Bridge with less priority number is selected as Root bridge, if priority number are the same then bridge with less MAC address is selected as Root Bridge Default Priority Number : 32,768
Root Path Root
bridges opens interfaces with root path and closes the designated path. Root path is selected by lesser cost.
VLAN Grouping
of interface of switch Splits up single broadcast domain Having multiple broadcast domain at layer2 itself Broadcast message of one group will not be sent to other interface VLAN 1 – Default VLAN, Native VLAN
VLAN configuration Syntax Router#
VLAN Database Router# VLAN Name Router# EXIT Router
(config)# int fa 0/1 Router (config-if)# switchport mode [access/trunk/dynamic] Router (config-if)# switchport [mode] [vlan ID] Router (config-if)# exit
VTP (VLAN Trunking Protocol) VTP
are to manage all configured VLAN’s across a switched internetwork and to maintain the consistency through out that network.
VTP
allows an administrator to add, delete and rename VLAN’s in the VTP domain.
Accurate Dynamic
tracking and monitoring of VLAN’S
reporting of added VLAN’s to all switches in the VTP domain
VTP Modes Server
–
There
is should be at least one server in your VTP domain to propagate VLAN information throughout the domain The switch must be in server mode to be able to create, add or delete VLAN’s in a VTP domain. Any changes made to switch in server mode will be advertised to the entire VTP domain.
VTP Mode - Client Client Switches
receive information from VTP
servers They also send and receive updates They cant make changes None of the ports on a client switch can be added to a new VLAN before the VTP server notifies the client switch of the new VLAN.
VTP Mode - Transparent Transparent Switches
in the transparent mode can add and delete VLAN’s because they keep their own database.
VTP configuration Switch
(config)# VTP domain [name] Switch (config)# VTP password Switch (config)# VTP mode [server/client/transparent]
Routing between VLAN’s
Connecting VLAN’s to router with single LAN interface
VLAN Identification Methods Inter
Switch Link –
This
is proprietary to Cisco switches and it is used for Fast Ethernet and Gigabit ether net links.
IEEE
802.1Q –
Created
by IEEE as a standard method of frame tagging it actually inserts a field into the frame to identify the VLAN.
Configuration Router
(Config)# int fa 0/0.1/int fa 0/0.2 Router (Config- subif)# IP address 192.168.1.254 255.255.255.0 Router (config- subif)# no shutdown Router (Config- subif)# encapsulation [dot 1q/ISL] [VLAN ID] Router (Config- subif)# exit
Router
(config)# int fa 0/0 Router (config- if)# no ip address Router (config-if)# exit
Assigning Interface Static Particular
interface fixed with VLAN ID. The system connected to that interface will have the VLANID of that interface only
Dynamic The
interface of an VLANID can change, using VMPS server (VLAN management policy server)
Configuration Switch
(config)# int fa 0/1 Switch (config-if)# VLAN membership [static/dynamic] [VLAN ID] Switch (config-if)# exit
NAT (Network Address Translation) Translates
the private address within the network into public address before any packets are forwarded to another network.
Inside
Network – Set of networks that are subject to translation Outside Network – Refers to address, usually located on the internet
Different Types of NAT Static
NAT Dynamic NAT PAT
Static NAT Designed
to allow one to one mapping between local and global address. One real Internet IP address for every host on your network.
Configuration – Static NAT
Router (config)# IP NAT inside Source static <private IP address> Example: IP NAT inside source 192.168.1.1 200.1.1.10 When packets are sent from system to INTERNET server
Router (config)# int E0 Router (config)# IP NAT inside
When packets are received from INTERNET server to system
Router (config)# int S0 Router (config)# IP NAT outside
Dynamic NAT Designed
to map an unregistered IP address to a set of registered IP address.
For
example – 6IP address for n number of systems.
Configuration – Dynamic NAT Router
(config)# Access-list [acl no] permit [private network IP address] [wild card mask]
Router
(config)# IP NAT pool [pool name] [start IP address] [end address] network [subnet mask]
Router
(config)# IP NAT inside source list [acl no] pool [pool name]
Example
In global Configuration mode :
Access-list 1 permit 192.168.1.0 0.0.0.255 IP NAT Pool HCL 200.1.1.9 200.1.1.14 network 255.255.255.248 IP NAT Pool inside source list 1 Pool HCL
Int E0 NAT inside Int S0 NAT outside
Port Address Translation Maps
multiple unregistered IP address to single registered IP address by using different ports.
By
using PAT (NAT overload), you can have thousands of users connect to the Internet using only one real global IP address
PAT configuration In
global configuration mode:
Access-list
1 permit 192.168.1.0 0.0.0.255 IP NAT Pool HCL 200.1.1.5 200.1.1.5 255.255.252 IP NAT inside source list 1 port HCL overload. Int E0 NAT inside Int S0 NAT outside