introduction to routers command line
TRANSCRIPT
-
8/10/2019 Introduction to Routers Command Line
1/33
55Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Lab Primer
Lesson 1: Introduction to the Cisco RouterCommand-Line Interface
Modes
User Mode vs. Privileged ModeUser mode is indicated by the >prompt next to the router name. In user mode, you can look at some of the
routers settings. In privileged mode (indicated by the #prompt), you can use the different showcommands to
display all of the routers settings.
Router>
Router>enableRouter#
The Enable and Enable Secret PasswordsYou can set an enable password to control access to privileged mode. This is a very important password because,
command at
the privileged mode prompt.
Router>
Router>enable
Router#config term
Router(config)#enable password boson
You can securely encrypt an enable password by using the enable secret command.
Router(config)#enable secret cisco
The enable secret
The password is case-sensitive. A password set with the enable passwordcommand is stored as clear text,
whereas a password set with the enable secret
router with an enable secret password is preferred. The enable secret password always takes precedence if both
the enable secret password and the enable password are set.
command. To exit con- end command or press the CTRL+Z key combination.
Router#config t
Router(config)#end
Router#
-
8/10/2019 Introduction to Routers Command Line
2/33
56 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Accessing HelpTo view all commands available from a mode, type ?; you do not have to press the ENTER key after typing the
question mark. This will display a list of all available commands in the current mode. You can also use the
question mark after you have started typing a command. For example, if you want to see all commands that canbe used with the showcommand, type show ?at the #prompt.
Router#show ?
access-expression List access expression
access-lists List access lists
backup Backup status
cdp CDP information
clock Display the system clock
cls DLC user information
compress Show compression statistics
configuration Contents of Non-Volatile memory
--More--
The Host Name
host name is also visible via Cisco Discovery Protocol (CDP). However, the host name is not used for TCP/IP ad-
dress resolution. The following code demonstrates how to set the host name of a router or switch.
Router>
Router>enable
Router#conf t
Router(config)#hostname Router1
Router1(config)#
in the routers
command.
The following is an example of the type of output you will see when you run the command.
Router>
Router>enable
Router#show running-config
Building configuration...
Current configuration:
!
version 12.0
!
hostname Router
!
interface Serial0
-
8/10/2019 Introduction to Routers Command Line
3/33
57Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
no ip address
shutdown
!
interface BRI0no ip address
shutdown
!
interface Ethernet0
no ip address
shutdown
!
line con 0
line aux 0
line vty 0 4
!end
Router#
in the routers CLI. If you
erase
Router#erase startup-configErasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Erase of nvram: complete
Router#reload
Proceed with reload? [confirm]
Lesson 2: Basic Commands
Show Commands
Show VersionThe show version show
versionto obtain critical information, such as the router platform type, the operating system revision, the
show
versioncommand.
-
8/10/2019 Introduction to Routers Command Line
4/33
58 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Router>show version
Router1 Operating System Software
Router uptime is 2 minutes
System returned to ROM by power-onSystem image file is flash:c2500.bin
[output ommitted]
1 Ethernet/IEEE 802.3 interface(s)
1 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Show Protocols show protocolscommand.
The following is an example of the type of output you will see when you issue the show protocolscommand.
Router>show protocols
Global values:
Internet Protocol routing is enabled
BRI0 is administratively down, line protocol is Down
Ethernet0 is administratively down, line protocol is Down
Serial0 is administratively down, line protocol is Down
Show Flash
is an example of the type of output you will see when you issue the command.
Router>show flash
System flash directory:
File Length Name/status
1 3015588 c2500.bin
[3015652 bytes used, 1178652 available, 4194304 total]
4096K bytes of processor board System flash (Read/Write)
Show HistoryBy default, the routers command-line interface (CLI) maintains in memory the last 10 commands you have
entered. This default value can be changed. You can use one of two methods to cycle through previous router
commands entered since the last power loss. To simultaneously view all of the past commands still in router
memory, use the show historycommand. For single-line retrieval, use either the UP ARROW key or the CTRL+P
key combination to see the previous command, and use either the DOWN ARROW key or the CTRL+N key combi-
nation to see the next command.
Router>show history
-
8/10/2019 Introduction to Routers Command Line
5/33
59Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
show version
show protocols
show flash
enableshow running-config
disable
show history
Show ClockThe router keeps its own clock that can be used to synchronize devices. The show clockcommand displays
the clock.
Router#show clock
*00:38:35.755 UTC Mon Mar 1 1993
Router#
Show HostsYou can create a list of host names on your router. You can view the entries (if any) by typing show hosts.
Router#show hosts
Default domain is not set
Name/address lookup uses static mappings
Host Flags Age Type Address(es)
Router#
Show Users
The show userscommand displays users who are connected to the router.Router#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
Router#
Show InterfacesThe show interfaces
Router#show interfaces
BRI0 is administratively down, line protocol is down
Hardware is BRI
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set
Last input never, output never, output hang never
Last clearing of show interface counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queuing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
-
8/10/2019 Introduction to Routers Command Line
6/33
60 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 5 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
--More--
Notice the --More--indicator. This means that more information pertaining to the last command can be
displayed. To view more commands line by line, press the ENTER key. To view more output one screen at a time,
press the SPACEBAR. To exit the output and return to the router prompt, press any letter. (It may be helpful to
remember to press the E key for exit.)
Ping
The pingcommand allows a user to test basic connectivity. The syntax for the pingcommand is as follows:
pingip_address
The ping
receives a reply, it will be noted in the CLI with an exclamation mark (!). If no reply is received, it will be noted
with a period (.).
The following shows the output of a successful ping of the 10.1.1.1 IP address:
Router#ping 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/37/44 ms
Router#
The following shows the output of a failed ping of the 2.2.2.2 IP address:
Router#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:.....
Success rate is 0 percent (0/5)
Router#
The pingcommand is one of the most commonly used test tools. The PING protocol uses Internet Control Message
Protocol (ICMP) to communicate with other routers.
-
8/10/2019 Introduction to Routers Command Line
7/33
61Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Address Resolution Protocol (ARP) resolution.
You can also use the command or the show ip interfacecommand on the local router to
view its IP addresses.
IP Addressing
The following syntax places an IP address on the interface:
ip address ip_address subnet_mask
Remember that /24 denotes a subnet mask of 255.255.255.0. For your convenience, here is a handy table
matching slash notation to the corresponding dotted decimal subnet masks:
Slash Dotted Decimal Slash Dotted Decimal Slash Dotted Decimal
/8 255.0.0.0 /16 255.255.0.0 /24 255.255.255.0
/9 255.128.0.0 /17 255.255.128.0 /25 255.255.255.128
/10 255.192.0.0 /18 255.255.192.0 /26 255.255.255.192
/11 255.224.0.0 /19 255.255.224.0 /27 255.255.255.224
/12 255.240.0.0 /20 255.255.240.0 /28 255.255.255.240
/13 255.248.0.0 /21 255.255.248.0 /29 255.255.255.248
/14 255.252.0.0 /22 255.255.252.0 /30 255.255.255.252
/15 255.254.0.0 /23 255.255.254.0 /31 255.255.255.254
-
8/10/2019 Introduction to Routers Command Line
8/33
62 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Router>
Router>en
Router#conf tEnter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router1
Router1(config)#int e0
Router1(config-if)#ip address 10.1.1.1 255.255.255.0
Router1(config-if)#no shut
Router1(config-if)#int s0
Router1(config-if)#ip address 172.16.10.1 255.255.255.0
Router1(config-if)#no shut
Router1(config-if)#end
Router1#
You can use sh ip interface briefto view the IP addresses on the interface:
Router1#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
BRI0 unassigned YES manual up up
Ethernet0 10.1.1.1 YES manual up up
Serial0 172.16.10.1 YES manual up up
Router1#
Router>
Router>en
Router#conf tEnter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router2
Router2(config)#int e0
Router2(config-if)#ip address 10.1.1.2 255.255.255.0
Router2(config-if)#no shut
Router2(config-if)#exit
Router2(config)#exit
Router2#exit
Lesson 4: Router Interfaces
Examining the Interfaces
Routers can have many types of interfaces, such as Token Ring, FDDI, Ethernet, serial, ISDN, and so on. You will
often need to view the status and settings, so you need to know a few important commands. The show inter-
faces command is one of the more important commands.
Router#show interface
-
8/10/2019 Introduction to Routers Command Line
9/33
63Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Ethernet0 is administratively down, line protocol is down
Hardware is Lance, address is 0060.5cc4.f445 (bia 0060.5cc4.f445)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)[output omitted]
This command produces output about each interface. In this case, you can see that Ethernet 0 is administratively
down. That means that it has been turned off with the shutdown command.
Ethernet 0 is Line protocol is Meaning
administratively
downdown
Indicates that the interface has been turned off with the
shutdowncommand
up downIndicates that the cable is connected, but keepalives are not be-
ing received
down downIndicates a cabling problem, that no clock rate is set on the DCE,
or that another router interface is shut down
up up Indicates that the interface is connected and receiving keepalives
You can view particular interfaces with the show interface command; for instance, you can
issue the show interface serial 0command. Alternatively, you can use the show ip interface briefcommand to
quickly display the status of all interfaces.
Router#show ip int brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 unassigned YES not set administratively down down
PCbus0 unassigned YES not set administratively down down
Serial0 unassigned YES not set up down
Router#
Examining the Controllers
Controllers are the part of the interface that makes the physical connection. The controller of most interest is the
kind of cable that is attached to a serial interface.
A data terminal equipment (DTE) cable is the cable you should typically use. If the local interface is the DTE side
of the connection, the other end of the connection must provide clocking.
Data communications equipment (DCE) means that this device must provide the clocking on the wire.
The show controllerscommand will allow you to see if an interface is a DCE or DTE.
Router#show controllers serial 0
HD unit 0, idb = 0xA2B58, driver structure at 0xA7020
buffer size 1524 HD unit 0, V.35 DCE cable
cpb = 0x42, eda = 0x2140, cda = 0x2000
-
8/10/2019 Introduction to Routers Command Line
10/33
64 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
-
no shutdowncommand.
Router#conf tEnter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface ethernet 0
Router(config-if)#no shutdown
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
%LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router(config-if)#end
Router#
If your interface is the DCE, you must provide clocking using the clock ratecommand.
Router#config tEnter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface serial 0
Router(config-if)#clock rate 56000
Router(config-if)#end
Router#
It is often helpful to use the descriptioncommand to add a description of the purpose of the interface.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int e0
Router(config-if)#description My Connection to the Engineering HubRouter(config-if)#end
Router#
You can use any of the following commands to view your changes:
show running-config
OR
show interfaces
OR
show controllers
Lesson 5: CDP -
CDP is a Data Link protocol that operates at Layer 2 of the Open Systems Interconnection (OSI) model. This is
important to understand because CDP is not routable and can only travel to directly connected devices.
-
8/10/2019 Introduction to Routers Command Line
11/33
65Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
CDP allows you to view information such as operating system version, protocol information, and much more. This
information can be very handy for troubleshooting a variety of problems.
CDP Commands
The CDP commands are simple. See the following tables.
no cdp run turns off CDP for the entire router
cdp run turns on CDP for the entire router (default setting)
cdp timer 120
cdp enable turns on CDP for the interface (default setting)
no cdp enable turns off CDP for the interface
Show Commandsshow cdp interface displays interface settings
show cdp neighbor displays directly connected neighbors
show cdp neighbor detail displays detailed information about neighbors
show cdp displays general information
Lesson 6: ARP
ARP Commands
Show arp
The show arpcommand displays the Address Resolution Protocol (ARP) table, which contains detailed informa-
tion about interfaces that are learning media access control (MAC) addresses. Looking at the table below, you
can see that the router learned the IP address and MAC address of each Ethernet interface. The Agecolumn
indicates how long the router has had the information, and the Interfacecolumn indicates the interface from
which it learned this information. Notice that the age of the 1.1.1.4 address is not indicated because it is the IP
address of the Ethernet port that is connected to the router.
Router#show arp
Protocol Address Age (min) Hardware Addr Type InterfaceInternet 1.1.1.2 207 0000.0c32.f57d ARPA Ethernet0
Internet 1.1.1.4 - 0060.7062.e040 ARPA Ethernet0
Router#
Clear arp
The information stored in the ARP table can become corrupted occasionally, which causes the router to experi-
ence packet-delivery problems. When this happens, the ARP table must be cleared and rebuilt. You must access
-
8/10/2019 Introduction to Routers Command Line
12/33
66 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
privileged mode and issue the clear arpcommand in order to clear the ARP table. After you have cleared the
ARP table, you can view it again using the show arpcommand. In this example, notice that all entries, with the
exception of the directly connected interfaces of the router, have disappeared.
Router#show arpProtocol Address Age (min) Hardware Addr Type Interface
Internet 1.1.1.2 - 0060.7062.e040 ARPA Ethernet0
Router#
Lesson 7: Routing Protocols
RIP
Routing Information Protocol (RIP) is a standards-based, distance vector, interior gateway protocol (IGP) that
is used by routers to exchange routing information. RIP uses hop count to determine the best path between twolocations. Hop count is the number of routers through which a packet must travel in order to reach the desti-
nation network. The maximum allowable number of hops a packet can traverse in an IP network where RIP is
implemented is 15 hops.
In a RIP network, each router broadcasts its entire RIP table to its neighboring routers every 30 seconds. When
a router receives a neighbors RIP table, it uses the information provided to update its own routing table and
then sends the updated table to its neighbors. This procedure is repeated by each router and results in a state
referred to as network convergence, in which all routers have an identical view of the internetwork topology.
Router>en
Router#conf tEnter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router1
Router1(config)#int e0
Router1(config-if)#ip address 10.1.1.1 255.255.255.0
Router1(config-if)#no shut
%LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router1(config-if)#exit
Router1(config)#int s0
Router1(config-if)#ip address 172.16.10.1 255.255.0.0
Router1(config-if)#no shut%LINK-3-UPDOWN: Interface Serial0, changed state to up
%LINK-3-UPDOWN: Interface Serial0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
Router1(config-if)#exit
Router1(config)#
RIP version 1 is classful, which means it does not include the subnet mask in its routing table updates. RIP
version 2 is classless and does include the subnet information in its routing table updates. RIP version 1 is used
-
8/10/2019 Introduction to Routers Command Line
13/33
67Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
in the example above. In order to use RIP version 2, the version 2command must be entered after the router rip
command.
To enable RIP as the routing protocol on Router 1, the router ripcommand must be issued. Notice the new mode
the router has entered.Router1(config)#router rip
Router1(config-router)#
Once RIP is running on Router 1, network statements must be used to tell the router which networks it is con-
nected to. Every router interface that is directly connected to an active network needs a network number. Some
-
Router 1s Ethernet 0 interface has an IP address of 10.1.1.1 with a /24 subnet mask, and its serial 0 interface has
an IP address of 172.16.10.1 with a /16 subnet mask. Because RIP is classful, only the class portions of the ad-
network 10.0.0.0statement should be
used for the Ethernet 0 interface, and the network 172.16.0.0statement should be used for the serial 0 interface.
Router1(config-router)#network 172.16.0.0Router1(config-router)#network 10.0.0.0Router1(config-router)#
Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router2Router2(config)#int e0Router2(config-if)#ip address 10.1.1.2 255.255.255.0Router2(config-if)#no shut00:17:25: %LINK-3-UPDOWN: Interface Ethernet0, changed state to upRouter2(config-if)#exitRouter2(config)#
-
8/10/2019 Introduction to Routers Command Line
14/33
68 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Now, the RIP information must be added.
Router2(config)#router ripRouter2(config-router)#network 10.0.0.0Router2(config-router)#exitRouter2(config)#exitRouter2#
RIP should now be running on the network between Router 1 and Router 2.
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router4
Router4(config)#int s0
Router4(config-if)#ip address 172.16.10.2 255.255.0.0
Router4(config-if)#no shut
00:20:35: %LINK-3-UPDOWN: Interface Serial0, changed state to up
Router4(config-if)#exit
Router4(config)#
Now, the RIP information must be added.
Router4(config)#router rip
Router4(config-router)#network 172.16.0.0
Router4(config-router)#exit
Router4(config)#exit
Router4#
showcommands can be used to verify that the routers are
receiving RIP routes. The most commonly used command is show ip route, which displays all entries in the rout-
ing table. This command should be issued at the privileged mode prompt on Router 4 to display the routes to the
directly connected Router 1 and to the other routers on the network.
Router4# show ip route
Gateway of last resort is not set
172.16.0.0/16 is subnetted, 1 subnet
C 172.16.10.0 is directly connected, Serial 0
R 10.0.0.0 [120/1] via 172.16.10.1 00:03:18, Serial 0
In the line R 10.0.0.0 [120/1] via 172.16.10.1, 00:00:21, Serial0, the Rindicates that this is a RIP route. The
10.0.0.0portion of the output indicates the destination network. The [120/1]portion of the output indicates that
120 is the administrative distance and that 1 hop is required to reach the destination. RIPs default adminis-
trative distance is 120; administrative distance is considered the trustworthiness of the route. If two routing
protocols have the same route, the router will pick the route with the lower administrative distance. The via
172.16.10.1portion of the output indicates that 172.16.10.1 is the address of the next hop. The Serial0portion
of the output indicates that this information was learned via the serial 0 interface.
The show ip protocolscommand displays information about the IP routing protocols that are enabled. The fol-
lowing is example output from the show ip protocolscommand.
-
8/10/2019 Introduction to Routers Command Line
15/33
69Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Router4#show ip protocols
Routing Protocol is rip
Sending updates every 30 seconds, next due in 12 seconds
Invalid after 180 seconds, hold down 180, flushed after 240Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Key-chain
Routing for Networks:
172.16.0.0
Routing Information Sources:
Gateway Distance Last Update
172.16.10.1 120 00:00:09
Distance: (default is 120)
Router4#
The output indicates that updates are being sent every 30 seconds. RIP is a distance vector routing protocol, so
it exchanges its entire routing table every 30 seconds. The 172.16.0.0 network is under the Routing for Networks
area, which indicates that the network statement is working. Notice that the administrative distance is 120,
which is the default.
IGRP
Interior Gateway Routing Protocol (IGRP) is a standards-based, distance vector IGP that is used by routers to
exchange routing information. IGRP uses a composite metric of bandwidth and delay to determine the best path
unit (MTU), reliability, and load for the link.
In an IGRP network, each router broadcasts its entire IGRP table to its neighboring routers every 90 seconds. When
a router receives a neighbors IGRP table, it uses the information provided to update its own routing table and then
sends the updated table to its neighbors. This procedure is repeated by each router and results in a state referred
to as network convergence, in which all routers have an identical view of the internetwork topology.
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router1
Router1(config)#int e0
Router1(config-if)#ip address 10.1.1.1 255.255.255.0
Router1(config-if)#no shut
00:35:15: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router1(config-if)#exit
Router1(config)#int s0
-
8/10/2019 Introduction to Routers Command Line
16/33
70 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Router1(config-if)#ip address 172.16.10.1 255.255.0.0
Router1(config-if)#no shut
00:35:16: %LINK-3-UPDOWN: Interface Serial0, changed state to up
Router1(config-if)#exit00:35:16: %LINEPROTO-5-UPDO WN: Line protocol on Interface Ethernet0, changed state to up
IGRP is classful, which means it does not include the subnet mask in its routing table updates.
To enable IGRP as the routing protocol on Router 1, the router IGRP AScommand must be used. The AS param-
administration with a common routing policy. The same autonomous system number must be used on every
router with which Router 1s routing table should be shared.
In this example, autonomous system number 100will be used. Notice the new mode the router has entered.
Router1(config)#router IGRP 100
Router1(config-router)#
Now that IGRP is running on the router, network statements must be used to tell the router which networks it
is connected to. Every router interface that is directly connected to an active network needs a network number.
Some networks will use the same IP addressing schemes with different subnets, and some will use entirely dif-
ferent addressing schemes. The diagram below shows two different addressing schemes.
Router 1s Ethernet 0 interface has an IP address of 10.1.1.1 with a /24 subnet mask, and its serial 0 interface
has an IP address of 172.16.10.1 with a /16 subnet mask. Because IGRP is classful, only the class portions of
network 10.0.0.0statement
should be issued for the Ethernet 0 interface, and the network 172.16.0.0statement should be issued for the
serial 0 interface.
Router1(config-router)#network 172.16.0.0
Router1(config-router)#network 10.0.0.0
Router1(config-router)#
-
8/10/2019 Introduction to Routers Command Line
17/33
71Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router2
Router2(config)#int e0
Router2(config-if)#ip address 10.1.1.2 255.255.255.0
Router2(config-if)#no shut
01:23:17: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router2(config-if)#exit
01:23:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
Router2(config)#
Router2(config)#router IGRP 100
Router2(config-router)#network 10.0.0.0
Router2(config-router)#exit
Router2(config)#exit
Router2#
IGRP should now be running on the network between Router 1 and Router 2.
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router4Router4(config)#int s0
Router4(config-if)#ip address 172.16.10.2 255.255.0.0
Router4(config-if)#no shut
01:23:17: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
01:23:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
Router4(config-if)#exit
Router4(config)#
Router4(config)#router IGRP 100
Router4(config-router)#network 172.16.0.0Router4(config-router)#exit
Router4(config)#exit
Router4#
showcommands can be used to verify that the routers are receiving
routes. The show ip routecommand should be issued on Router 4 to display the route to the directly connected Router 1.
Router4#show ip route
Gateway of last resort is not set
-
8/10/2019 Introduction to Routers Command Line
18/33
72 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
172.16.0.0/16 is subnetted, 1 subnet
C 172.16.10.0 is directly connected, Serial 0
I 10.0.0.0 [100/651] via 172.16.10.1 00:03:18, Serial 0
In the line I 10.0.0.0 [100/651] via 172.16.10.1, 00:00:21, Serial0, the I indicates that this is an IGRP route. The10.0.0.0portion of the output indicates the destination network. The 100in the 100/651notation indicates that
100 is the administrative distance (IGRPs default administrative distance is 100). If two routing protocols with
the same route are available, the router will pick the route with the lower administrative distance. The 651value
indicates the calculated metric, which is based on bandwidth delay. The via 172.16.10.1portion of the output
indicates the address of the next hop. The Serial0portion of the output indicates that this information was
learned via the serial 0 interface.
The show ip protocolscommand displays information about the IP routing protocols that are enabled.
Router4#show ip protocols
Routing Protocol is igrp 100
Sending updates every 90 seconds, next due in 12 secondsInvalid after 270 seconds, hold down 280, flushed after 630
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
Routing for Networks:
172.16.0.0
Routing Information Sources:
Gateway Distance Last Update
172.16.10.1 100 00:00:09
Distance: (default is 100)
Router4#
The output indicates that updates are being sent every 90 seconds. Because IGRP is a distance vector routing
protocol, it exchanges its entire routing table every 90 seconds. The 172.16.0.0 network is under the Routing for
Networksarea, which indicates that the network statement is working. Notice that the administrative distance
is 100, which is the default.
OSPF
OSPF is a dynamic link-state, hierarchical IGP that is based on open standards. It was designed as a replace-
ment for RIP and was derived from an early version of Intermediate System to Intermediate System (IS-IS). OSPF
is a robust protocol whose features include least-cost routing, multipath routing, and load balancing. The short-
est path through the network is calculated by using the Dijkstra algorithm. Cisco uses its own implementation
of the OSPF standards with additional features that are important for interoperability.
-
8/10/2019 Introduction to Routers Command Line
19/33
73Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
a few phases of initialization. First, the router uses hello packets to identify its neighbors and develop adjacen-
cies (relationships for exchanging routing updates) with them. The router then starts the ExStart phase, which
is the initial database exchange. Next is the Exchange phase in which the Designated Router sends the routinginformation and receives an acknowledgement (ack) receipt from the new router. During the Loading phase, the
which it is an active member of the network.
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router1
Router1(config)#int e0
Router1(config-if)#ip address 10.1.1.1 255.255.255.0
Router(config-if)#no shut
00:12:33: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router(config-if)#exit
Router1(config)#int s0
Router1(config-if)#ip address 172.16.10.1 255.255.0.0
Router1(config-if)#no shut
00:15:30: %LINK-3-UPDOWN: Interface Serial0, changed state to up
00:15:35: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
Router1(config-if)#exit
Next, the router ospf 100command should be issued to enable OSPF as the routing protocol. The 100param-
same for all of the routers within the OSPF area. The networks that are added to the OSPF session make up the
area. Notice the new mode that the router enters once the command is issued.
Router1(config)#router ospf 100
Router1(config-router)#
Once OSPF is running on Router 1, network statements must be used to tell the router which networks it is con-
nected to, as well as to assign it its wildcard mask and OSPF area. Every router interface that is directly connect-
diagram below shows two different addressing schemes.
-
8/10/2019 Introduction to Routers Command Line
20/33
74 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Router 1s Ethernet 0 interface has an IP address of 10.1.1.1 with a /24 subnet mask, and its serial 0 interface
has an IP address of 172.16.10.1 with a /16 subnet mask. When the network statements are issued, the class
portions of the addresses, the wildcard masks, and the area IDs (an integer between 0 and 4,294,967,295)
must be provided. Thus, on Router 1, the network 10.0.0.0 0.0.0.255 area 0command should be issued on the
Ethernet 0 interface, and the network 172.16.0.0 0.0.0.255 area 0command should be issued on the serial 0
Router1(config-router)#network 10.0.0.0 0.0.0.255 area 0
Router1(config-router)#network 172.16.0.0 0.0.255.255 area 0
Router1(config-router)#exit
Router1(config)#exit
Router1#
Now, the
100 and that the two networks were added to OSPF area 0.
Router1#show running-config
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router2
Router2(config)#int e0Router2(config-if)#ip address 10.1.1.2 255.255.255.0
Router2(config-if)#no shut
Router2(config-if)#exit
00:21:23: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:21:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
Router2(config)#
-
8/10/2019 Introduction to Routers Command Line
21/33
75Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Router2(config)#router ospf 100
Router2(config-router)#network 10.1.1.0 0.0.0.255 area 0
Router2(config-router)#exitRouter2(config)#exit
Router2#
OSPF should now be running on the network between Router 1 and Router 2.
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router4
Router4(config)#int s0
Router4(config-if)#ip address 172.16.10.2 255.255.0.0Router4(config-if)#no shut
Router4(config-if)#exit
Router4(config)#router ospf 100
Router4(config-router)#network 172.16.0.0 0.0.255.255 area 0
Router4(config-router)#exit
Router4(config)#exit
Router4#
OSPF should now be running on all three routers. The pingcommand can be used to test connectivity between the
routers. From Router 1, Router 4s serial 0 interface and Router 2s Ethernet interface should be pinged.Router1#ping 172.16.10.2
Router1#ping 10.1.1.2
Next, Router 1 should be pinged from Router 2 and Router 4.
Router2#ping 10.1.1.1
Router4#ping 172.16.10.1
If all pings succeed, the routers are talking to each other in both directions and routing is successful.
Now, the show ip ospf interface
Router1#show ip ospf interfaceThis is an excellent command for learning all interface information. The output includes the interface IP ad-
dress, area assignment, process ID, router ID, cost, priority, network type, timer intervals, and adjacent neighbor
information. You can also see the Designated Router (DR)/Backup Designated Router (BDR) information when it
is applied.
Finally, the show ip ospf neighborcommand should be issued.
Router1#show ip ospf neighbor
-
8/10/2019 Introduction to Routers Command Line
22/33
76 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
This command displays all of the important information concerning neighbors and the adjacency state. It also
Lesson 8: PPP with CHAP Authentication
PPP
Point-to-Point Protocol (PPP) is a protocol for communicating between two computers using a serial interface,
typically a personal computer connected by phone line to a server. For example, your Internet service provider
may supply you a PPP connection so that the providers server can respond to your requests, pass them on to the
Internet, and forward the Internet responses back to you. PPP is typically used with the Internet Protocol (IP).
PPP is sometimes considered a member of the TCP/IP suite of protocols. PPP operates at the Data Link layer
(Layer 2) of the Open Systems Interconnection (OSI) reference model. Essentially, it packages a computers TCP/
IP packets and forwards them to the server where they can actually be put on the Internet.
or satellite transmissions. It uses a variation of High Speed Data Link Control (HDLC) for packet encapsulation.
PPP is usually preferred over the earlier de facto standard, Serial Line Internet Protocol (SLIP), because it can
handle synchronous as well as asynchronous communication. PPP can share a line with other users, and it
includes error detection that SLIP lacks. PPP is preferred over SLIP when possible.
CHAP
Challenge-Handshake Authentication Protocol (CHAP) provides a more secure procedure for connecting to a
system than Password Authentication Protocol (PAP). Heres how CHAP works:
After the link is made, the server sends a challenge message to the connection requestor. The requestor
responds with a value obtained by using a one-way hash function.
The server checks the response by comparing its own calculation of the expected hash value.
If the values match, the authentication is acknowledged; otherwise, the connection is usually terminated.
At any time, the server can request that a new challenge message be sent by the connected party. Because
The following interface command enables PPP:
encapsulation ppp
PPP must be enabled on both ends of the link.
The following interface command must be added in order for authentication to be enabled:
ppp authentication chap
The routers will now require authentication over the link. They will attempt to log in with their host names as
1.
2.
3.
-
8/10/2019 Introduction to Routers Command Line
23/33
77Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
router, an entry that matches the remote routers user name and password must be made:
username Other_Router password Other_enable_pass
(R1)s0----------s0(R2)
PPP without CHAPRouter 1:
hostname R1
interface serial 0
encapsulation PPP
no shutdown
Router 2:
hostname R2
interface serial 0
encapsulation PPP
no shutdown
PPP with CHAP Default Names and PasswordRouter 1:
hostname R1
enable secret toast1
username R2 password cool2
interface serial 0
encapsulation PPPppp authentication chap
no shutdown
Router 2:
hostname R2
enable secret cool2
username R1 password toast1
interface serial 0
encapsulation PPP
ppp authentication chap
no shutdownThe following is a link where you can read more about PPP/CHAP authentication: http://www.cisco.com/warp/pub-
lic/471/understanding_ppp_chap.html
-
8/10/2019 Introduction to Routers Command Line
24/33
78 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Lesson 9: Frame RelayFrame Relay is a network access protocol similar in principle to X.25. The main difference between Frame Relay
-forms both error detection and error correction, Frame Relay only performs error detection.
X.25 performs data checking and correcting at the network level. Consequently, the network devices on an X.25
network correct the corrupt data or ask for the data to be retransmitted. The cost of such checking and retrans-
mission is network delay.
Frame Relay leaves the task of error correction to the protocols used by intelligent devices at each end of the
network. These intelligent devices provide end-to-end data integrity. Because Frame Relay relies on the devices
and less delay occurs overall.
The following command can be used to add a description to an interface to help keep track of permanent virtual
circuits (PVCs). An example of a description might be Frame Relay to Boston.
descriptiondescriptive_string
encapsulation frame-relay [cisco | ietf]
Relay subinterface:
frame-relay interface-dlci dlci [broadcast]
A DLCI is assigned by the local Frame Relay provider for every PVC connected to the router. DLCI numbers are not
exchanged between routers. DLCI numbering at one Frame Relay site is mutually exclusive from DLCI numbering
at another site.
The broadcastkeyword is optional and should only be included if broadcast packets (e.g., IP, RIP, or IPX RIP/SAP
updates) need to be forwarded out of the subinterface. In static routing examples, routing updates are not
required and the keyword is omitted.
type from the Frame Relay provider:
frame-relay lmi-type {ansi | cisco | q933a}
LMI is a Frame Relay control protocol sent to the router from the Frame Relay switch at the service provider and is
not exchanged between routers. The LMI type at one location does not have to match the LMI type at other locations.
Supported LMI Types
cisco default
ansi ANSI Annex D
q933a CCITT Q933a
-
8/10/2019 Introduction to Routers Command Line
25/33
79Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
protocol address and a Frame Relay DLCI:
frame-relay map-ip ip_address dlci [broadcast]
Again, the broadcastkeyword is optional and should only be included if broadcast packets need to be forwardedout of the subinterface. In static routing examples, routing updates are not required and the keyword is omitted.
-
point connection.
interface serial0.subinterface_# [point-to-point | multipoint]
A subinterface is treated as if it were a separate interface dedicated for a PVC to a remote site. Serial0indicates
that the subinterface belongs to the physical serial 0 interface, and subinterface _#is the unique subinterface
ID number. The subinterface ID number can be any unique value between 0 and 4,294,967,295 and does not have
to be in any particular order (i.e., it is not necessary to begin with 1 and sequentially progress with 2, 3, and so
on). In fact, to reduce confusion, it is good practice to identify a subinterface with the same number as the DLCIused on that subinterface.
ip address ip_address subnet_mask
Lesson 10: Access Lists
of packets within a network based on information provided within the list. Standard IP access lists are very
straightforward because the source IP address of a packet is the only criterion used to determine whether thepacket should be permitted or denied.
Access lists can be used for a variety of reasons, including controlling the propagation and reception of
primary implementation, and the main topic of this lesson, is the implementation of the access list as a security
mechanism.
Implementing Restricted Access
You may choose to implement security policies for a variety of reasons, including, but certainly not limited to, the
Without the use of access lists, all packets within a network are allowed without restriction to all parts of the
network.
an outside network such as the Internet. This type of access list is typically placed at the point of connection
between the two networks. When an access list is used for interdepartmental isolation, the access list is typically
placed at strategic locations within the internal network.
-
8/10/2019 Introduction to Routers Command Line
26/33
80 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
The Basics of Standard IP Access Lists
The basic format of the standard IP access list is as follows:
access-list [#] [permit | deny] [source_address| any] [source_mask]
An access list may contain multiple lines, each following the format shown above. The access list may specify
multiple source IP addresses to be evaluated. Each line entry of the access list must maintain the same access list
-
fore, the most general statements should be placed at the beginning of the list to avoid extra processing.
list based on the access list number that is assigned. The numbering range for standard IP access lists is from
1 through 99. All standard IP access lists must be numbered within this range.
After a number in the appropriate range has been assigned to the access list, the list dictates whether thepackets to be evaluated will be permitted (allowed to pass) or denied (dropped and not allowed to pass). This
is accomplished by using the permitor denykeyword in the access-listcommand. The keyword instructs the
permitted or denied.
The standard IP access list allows for a source mask to be applied to the source IP address. Although similar to
the subnet mask that is applied to IP addresses, the source mask is somewhat different. When a source mask
is used with IP access lists, a bit set to 0 means match exactly, and a bit set to 1 means do not care. For
example, if you would like to include all hosts in the Class C network 192.1.1.0, the source address-source
second, and third octets of the address (192.1.1) must match exactly (indicated by 0.0.0, or all zeros, in the
(indicated by 255, or all ones, in the source mask for the fourth octet). The use of this source address-source
mask combination allows a single line in the access list to include all hosts in the 192.1.1.0 network.
Using the keyword anyis the same as using a source address-source mask combination of 0.0.0.0
255.255.255.255. The 255.255.255.255 source mask indicates that you do not care which bits are set in any
the router will, by default, use a source mask of 0.0.0.0 and match exactly the address entered.
After an access list has been created, the Cisco router will assume that any source IP addresses that are not
explicitly permitted in the list will be denied. In other words, at the end of the access list, the router will implic-
1.1.1.1, all other source addresses will be implicitly denied.
Creating a Simple Standard IP Access List
Now we will discuss creating a standard IP access list using the following format:
access-list [#] [permit | deny] [source_address| any] [source_mask]
-
8/10/2019 Introduction to Routers Command Line
27/33
81Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 1 permit host 1.1.1.1Router(config)#exit
Router#
permitstatement for host address 1.1.1.1. Because the source mask was not speci-
deny anystatement at the end
Applying the Access List to an Interface
command for applying a standard IP access list to an interface is as follows:
ip access-group [access_list_number] [in | out]
Access lists can be applied as either outbound or inbound on the router interfaces. When an access list is applied
as an inbound list and the router receives an inbound packet, it checks the source address of the packet against
the access list. The packet is routed to the destination interface if the source address matches a permitstatement
in the access list. The packet is discarded if the source address matches a denystatement in the access list.
When an access list is applied as an outbound list and the router receives a packet on an interface, the packet is
routed to the appropriate outbound interface, and the source address of the packet is then checked against the
access list. At this point, the router either permits the packet to exit the interface if its source address matches a
permitstatement in the access list or discards the packet if its source address matches a denystatement in the
access list.
The following commands apply access list 1 to interface Ethernet 0 as an inbound access list. Note theinparam-eter in the ip access-group 1command.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int Ethernet 0
Router(config-if)#ip access-group 1 in
Router(config-if)#exit
Router(config)#exit
Router#
The following commands apply access list 1 to interface Ethernet 0 as an outbound access list. Note the out
parameter in the ip access-group 1command.Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int Ethernet 0
Router(config-if)#ip access-group 1 out
Router(config-if)#exit
Router(config)#exit
Router#
-
8/10/2019 Introduction to Routers Command Line
28/33
82 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Creating a More Advanced Standard IP Access List
In this exercise, we will create access list 2 to meet the following criteria:
Permit all packets originating from network 10.1.1.0 255.255.255.128. Deny all packets originating from network 10.1.1.128 255.255.255.128.
Deny all packets originating from network 15.1.1.0, except for packets from a single host of 15.1.1.5.
The following commands will accomplish these goals:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 2 deny 10.1.1.128 0.0.0.127
Router(config)#access-list 2 permit host 15.1.1.5
Router(config)#access-list 2 deny 15.1.1.0 0.0.0.255Router(config)#access-list 2 permit any
Router(config)#exit
Router#
permitstatement for
, takes care of this criteria. Review the criteria, and verify that the
necessary tasks have been completed:
Permit all packets originating from network 10.1.1.0 255.255.255.128
The last line of the access list, , accomplishes this criterion. Itis not necessary to explicitly permit the 10.1.1.0 255.255.255.128 network in the access list because no
other statements in the access list deny this network.
Deny all packets originating from network 10.1.1.128 255.255.255.128.
, accomplishes
of the fourth octet has been assigned to the subnet and the last seven bits have been reserved for host
addressing. Thus, the source mask in the denystatement, 0.0.0.127, indicates that you do not care
Deny all packets originating from network 15.1.1.0, except for packets from a single host of 15.1.1.5.
This has been accomplished with line two, , and line three,
, of the access list. Remember that access lists
stipulated that packets from network 15.1.1.0 be denied and that packets from host 15.1.1.5 be permit-
ted. If lines two and three had been swapped and the entire 15.1.1.0 network was denied prior to permit-
ting host 15.1.1.5, packets with a source address of 15.1.1.5 would match the more general criteria of
deny 15.1.1.0
-
8/10/2019 Introduction to Routers Command Line
29/33
83Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
The last line of the access list, , accomplishes this by permit-
Bringing It All Together
In general, the process for creating and implementing standard IP access lists is as follows:
Create the access list with a number in the range of 1 through 99.
Apply the access list, either inbound or outbound, to the appropriate interface.
Items 1 and 2 above have been fairly well covered in this lesson. Lastly, the placement of the access list needs to
be discussed. In general, standard IP access lists should be placed nearer to the destination than to the source.
However, this is not an absolute rule; certain exceptions exist. Due to the fact that standard IP access lists only
operate on the source address, detailed granularity is not always possible. Care must be taken to avoid imple-menting undesirable policies. If a standard access list is placed near the source, it is possible that access will
be impeded to devices other than those intended.
For example, if access list 2, which we created in this lesson, were implemented as an inbound access list on the
Ethernet interface of a router directly connected to the 15.1.1.0 network, the only host that would be allowed off
the local segment would be 15.1.1.5. This access list would most likely be implemented as an outbound access
In the diagram below, assume that Workstation C has the 15.1.1.5 IP address and that Workstation D has the
10.1.1.133 IP address. You want to implement a policy for Workstation A that only allows Workstation C access
from Ethernet C. You also want to implement a policy that will deny any access from Ethernet D. Access list
placement is critical in this situation. If access list 2 from above is implemented as an outbound access list on
Ethernet B, which is undesired. The same scenario holds true if the access list is implemented as an inbound
access list on Router 1s serial interface. If you place this access list as an outbound access list on Router 1s
Ethernet A interface, the desired policy is intact without any unwanted policy implementations.
1.
2.
3.
-
8/10/2019 Introduction to Routers Command Line
30/33
84 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Access List Cheat Sheet
Wildcard masks have a variety of uses in access lists, but typically you will want to do one of the following:
Match an entire subnet
Match an IP range
Match every host and any host
Here are some simple examples to accomplish these requirements.
All wildcard mask bits are zeros. For a standard access list to permit the host 192.168.0.58, you could use the
following command:
access-list 101 permit 192.168.0.58 0.0.0.0
Because standard access lists assume a 0.0.0.0 mask, you could rewrite the command as follows:access-list 101 permit 192.168.0.58
For an extended access list to permit the same host of 192.168.0.58, you should use one of the following commands:
access-list 101 permit ip 192.168.0.58 0.0.0.0 any
OR
access-list 101 permit ip host 192.168.0.58 any
-
8/10/2019 Introduction to Routers Command Line
31/33
85Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Match an Entire SubnetThe key to matching an entire subnet is to use the following formula for the wildcard mask:
Wildcard mask = 255.255.255.255 subnet
So, for example, if the current subnet is 255.255.255.0, the mask would be 0.0.0.255, as calculated below:255.255.255.255
255.255.255.0 -
0.0.0.255
In this equation, subtract each octet separately since an IP address is not a whole number.
To permit access to the network of 200.0.18.0 with a subnet mask of 255.255.255.0, you should use the following
commands.
Using a standard access list:
access-list 101 permit 200.0.18.0 0.0.0.255
Using an extended access list:access-list 101 permit ip 200.0.18.0 0.0.0.255 any
To permit access to the network of 10.4.0.0 with a subnet mask of 255.255.0.0, you should use the following
commands.
Using a standard access list:
access-list 100 permit 10.4.0.0 0.0.255.255
Using an extended access list:
access-list 100 permit ip 10.4.0.0 0.0.255.255 any
Match an IP Range
address from the higher IP address.
10.3.31.255
10.3.16.0 -
0.0.15.255
In this case, the wildcard mask for this range is 0.0.15.255.
To permit access to this range, you should use the following commands.
Using a standard access list:
access-list 100 permit 10.3.16.0 0.0.15.255
Using an extended access list:
access-list 100 permit ip 10.3.16.0 0.0.15.255 any
Note that each non-zero value in the mask must be one less than a power of 2 (i.e., 0, 1, 3, 7, 15, 31, 63, 127, 255).
Match Every Host and Any HostThis is the easiest access list to create.
-
8/10/2019 Introduction to Routers Command Line
32/33
86 Boson NetSim for CCNA Lab Manual
NETSIM FOR CCNA LAB MANUALLab Primer
Using a standard access list:
access-list 1 permit any
OR
access-list 1 permit 0.0.0.0 255.255.255.255
Using an extended access list:
access-list 1 permit ip any any
Lesson 11: SwitchesSwitches, which work at the Data Link layer (Layer 2) of the Open Systems Interconnection (OSI) model, concen-
trate the point of attachment for workstations, servers, routers, hubs, and other switches. A switch provides a
dedicated point-to-point connection between two networking devices; thus, collisions do not occur.
Switch Components
A switch includes all of the hardware components of a PC, including a CPU, RAM, and an internetwork operating
system (IOS). A switch can be managed the same as a router; you can console into its console port, telnet to its
IP address, and even change the IOS through the use of TFTP.
Switches use some of the same commands that routers use. To check information about the interfaces, you can
use the show interfacescommand. To display the IP information for the interfaces, use the show ip interfaces
show versioncommand. To
command.
The show mac-address-tablecommand displays the MAC table for the switch. The MAC table is the table that
matches all the ports on the switch with the MAC addresses it has learned.
Command-Line Interface
User Mode vs. Privileged ModeUser mode is indicated by the >prompt that follows the switch name. In user mode, you can look at some of the
switchs settings, but you cannot change them. In privileged mode, accessed by using the enablecommand in
user mode and indicated by the #prompt, you can use the different showcommands to view all settings on the
command.
Switch>
Switch>enable
Switch#
Accessing HelpTo view all commands available from this mode, type ?. This will display a list of all available commands in the
current mode. You can also use the question mark after you have started typing a command. For example if you
want to use a showcommand but you do not remember which one to use, type show ?to display all commands
that you can use with the showcommand.
r1#show ?
-
8/10/2019 Introduction to Routers Command Line
33/33
NETSIM FOR CCNA LAB MANUALLab Primer
access-expression List access expression
access-lists List access lists
backup Backup status
cdp CDP informationclock Display the system clock
cls DLC user information
compress Show compression statistics
configuration Contents of Non-Volatile memory
--More--
command. You can exit
endor pressing the CTRL+Z key combination.
Switch#config t
Switch(config)#end