150 Vital CCNA Commands

8/13/2019 150 Vital CCNA Commands

1/60

The Bryant Advantage

Cisco Certified Network AssociateCommand Reference

150 Commands Every CCNA

Must Know!

www.thebryantadvantage.com

Chris Bryant, CCIE # 12933

Copyright Information:


2/60

Cisco, Cisco Systems, CCIE, and Cisco Certified Internetwork

Expert are registered trademarks of Cisco Systems, Inc., and/or itsaffiliates in the U.S. and certain countries.

All other products and company names are the trademarks, registeredtrademarks, and service marks of the respective owners. Throughout

this Course Guide, The Bryant Advantage has used its best efforts to

distinguish proprietary trademarks from descriptive names byfollowing the capitalization styles used by the manufacturer.

Disclaimer:

This publication, Th e B r y a n t A d v a n t a g e CCN A Com m a n dRe f e r e n c e , is designed and intended to assist candidates in

preparation for the Intro and ICND exams for the Cisco CertifiedNetwork Associate certification. All efforts have been made by the

author to make this book as accurate and complete as possible, but noguarantee, warranty, or fitness are implied, expressly or implicitly.

The enclosed material is presented on an as is basis. Neither theauthor, Bryant Instructional Services, or the parent company assume

any liability or responsibility to any person or entity with respect toloss or damages incurred from the information contained in this

workbook.

This Course Guide is an original work by the Author. Any similarities

between materials presented in this Study Guide and actual CCNAexam questions are completely coincidental.

Copyright 2005 The Bryant Advantage


3/60

LAN Switching Commands (2950):

Show interface trunk

SW1#show interface trunk

Port Mode Encapsulation Status Native vlanFa0/11 desirable 802.1q trunking 1Fa0/12 desirable 802.1q trunking 1

Port Vlans allowed on trunkFa0/11 1-4094Fa0/12 1-4094

Port Vlans allowed and active in management domain

Fa0/11 1Fa0/12 1

Port Vlans in spanning tree forwarding state and not prunedFa0/11 1Fa0/12 none

This command displays all ports that are actively trunking,their trunking mode, the encapsulation type, and the nativeVLAN. It also displays the VLANs that are allowed to havetraffic go across the trunk. CCNA candidates should notethat this is the command that displays the trunking protocolin use either 802.1Q (dot1q) or ISL.

Show mac-address-tableSW1#show mac-address-table

Mac Address Table-------------------------------------------Vlan Mac Address Type Ports

---- ----------- -------- -----All 000f.90e2.25c0 STATIC CPUAll 0100.0ccc.cccc STATIC CPUAll 0100.0ccc.cccd STATIC CPUAll 0100.0cdd.dddd STATIC CPU1 000b.be2c.518b DYNAMIC Fa0/11

Total Mac Addresses for this criterion: 5

Chris Bryant, CCIE #12933 www.thebryantadvantage.com

2005 The Bryant Advantage Free CCNA and CCNP tutorials!1


4/60

This command does just what it says; it shows you the MACaddress table that the switch has built. (You should knowhow this table is built before you take any CCNA exam. Ifyoure unsure, check Section Two of your copy of The Bryant

Advantage Ultimate CCNA Study Guide.) Note the dashesthat connect the three words.

Show spanning-tree vlan (VLAN_NUMBER)

SW2#show spanning-tree vlan 23

VLAN0023Spanning tree enabled protocol ieee

Root ID Priority 32791Address 000b.be2c.5180This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)Address 000b.be2c.5180Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 15

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------Fa0/3 Desg FWD 100 128.3 ShrFa0/11 Desg FWD 19 128.11 P2pFa0/12 Desg FWD 19 128.12 P2p

A vital LAN switching command, the command output showsif this device is the root bridge for this particular vlan (thisbridge is the root), the hello, maxage, and forward delay

values for this VLAN, and the status (sts) of each port.This will be listening, learning, forwarding, or blocking.




5/60

Show vlan brief

SW1#show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- ---------------------------1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5

Fa0/6, Fa0/7, Fa0/8, Fa0/9Fa0/10

23 VLAN0023 active Fa0/21002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsup

Quickly learn what ports are in what VLAN with thiscommand. Note the default VLAN is VLAN 1, which is alsothe native VLAN.

Show vtp status

SW2#show vtp statusVTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 64Number of existing VLANs : 6VTP Operating Mode : ServerVTP Domain Name : CCNAVTP Pruning Mode : EnabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0xE2 0xCC 0x1A 0xB8 0x8E 0x80 0x6F0xF4Configuration last modified by 0.0.0.0 at 3-1-93 00:52:40

Local updater ID is 0.0.0.0 (no valid interface found)

The main concerns here is that this is the command thatshows you the VTP operating mode of this device (server,client, or transparent), the VTP domain name, and whetherpruning is enabled.




6/60

Spanning-tree vlan (VLAN_NUMBER) root primary

SW1#conf tEnter configuration commands, one per line. End with CNTL/Z.SW1(config)#spanning vlan 23 root primary

SW1(config)#^ZSW1#show spanning vlan 23

VLAN0023Spanning tree enabled protocol ieeeRoot ID Priority 20503

Address 000f.90e2.25c0This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

This one-line command can make a non-root bridge becomethe root bridge. In this example, SW1 was configured withthe command. Where SW2 was the root bridge in theprevious command example, SW1 is now the root bridge.Note the priority change from the default of 32768.

Vtp domainVtp password

Vtp pruning

SW1#conf tEnter configuration commands, one per line. End with CNTL/Z.SW1(config)#vtp domain CCNAChanging VTP domain name from NULL to CCNASW1(config)#vtp password CISCOSetting device VLAN database password to CISCOSW1(config)#vtp pruningPruning switched on

Setting the VTP domain name, password, and enablingpruning are done with these three commands. Note that theVTP domain name changed from NULL in this example; thismeans that there was no previous VTP domain membership,not that the previous VTP domain was actually namedNULL.




7/60

Vlan database

SW2#vlan database% Warning: It is recommended to configure VLAN from config mode,as VLAN database mode is being deprecated. Please consult user

documentation for configuring VTP/VLAN in config mode.

SW2(vlan)#

In VLAN DATABASE mode, you can create and modifyVLANs. Note that Cisco is getting away from this mode, asindicated by the console message received in IOS 12.2.

This is good, since most people using this mode use CTRL-Z

to save their changes. While this works in mostconfiguration modes, it does NOT work in vlan databasemode. You must enter the commands APPLY or EXITin vlan database mode to save your changes.




8/60

Frame Relay Commands:

Debug frame lmi

R1#debug frame lmiFrame Relay LMI debugging is onDisplaying all Frame Relay LMI dataR1#01:26:40: Serial0(out): StEnq, myseq 98, yourseen 97, DTE up01:26:40: datagramstart = 0xE47328, datagramsize = 1301:26:40: FR encap = 0xFCF1030901:26:40: 00 75 01 01 01 03 02 62 6101:26:40:01:26:40: Serial0(in): Status, myseq 9801:26:40: RT IE 1, length 1, type 1

01:26:40: KA IE 3, length 2, yourseq 98, myseq 98R1#01:26:50: Serial0(out): StEnq, myseq 99, yourseen 98, DTE up01:26:50: datagramstart = 0xE476B8, datagramsize = 1301:26:50: FR encap = 0xFCF1030901:26:50: 00 75 01 01 01 03 02 63 6201:26:50:01:26:50: Serial0(in): Status, myseq 9901:26:50: RT IE 1, length 1, type 101:26:50: KA IE 3, length 2, yourseq 99, myseq 99R1#undebug allAll possible debugging has been turned off

Used to troubleshoot down frame relay connections, thisdebug shows you whether the DTE is up or down, and alsothe sequence numbers of the incoming and outgoing LMI.When theyre equal or 1 apart, thats good; any moreindicates why your frame relay is down in the first place anLMI mismatch.




9/60

Encapsulation frame-relay

R1#conf tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#interface serial0R1(config-if)#encapsulation frame-relay

The first step in configuring frame relay is enabling it on theinterface. This command changes the encapsulation type toframe relay from the default of HDLC.

Frame map ip

R1#conf tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#int s0R1(config-if)#encapsulation frame-relayR1(config-if)#frame map ip 172.12.123.2 122 broadcastR1(config-if)#frame map ip 172.12.123.3 123 broadcast

This command is used to create manual frame mappings,

the preferred method in production networks. Frame relaymust be configured first, as shown.

Note that the mapping is the remote IP address to the localDLCI. Also, since broadcasts are not sent across frame relayby default, the broadcast keyword is needed to enable this.




10/60

No frame-relay inverse-arp

R1#conf tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#interface serial0

R1(config-if)#encapsulation frame-relayR1(config-if)#no frame-relay inverse-arp

By default, frame relay will use Inverse ARP to dynamicallycreate frame maps. Using InARP can lead to incompleteframe map tables, and many production networks turn it offwhen using frame relay. You do so with this command. Itsgenerally done right after enabling frame-relay.

Show frame lmi

R1#show frame lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE =CISCO

Invalid Unnumbered info 0 Invalid Prot Disc 0Invalid dummy Call Ref 0 Invalid Msg Type 0

Invalid Status Message 0 Invalid Lock Shift 0Invalid Information ID 0 Invalid Report IE Len 0Invalid Report Request 0 Invalid Keep IE Len 0Num Status Enq. Sent 167 Num Status msgs Rcvd 168Num Update Status Rcvd 0 Num Status Timeouts 2

There are 12 fields here, but the ones to be most concernedabout are the highlighted ones. Here, 167 status messageshave been sent, and 168 received. These numbers shouldbe no more than one apart, or the line protocol is getting

ready to drop. There were two timeouts earlier as well.

Bonus command: To set all your router counters back tozero, run the command clear counters.




11/60

R1#clear countersClear "show interface" counters on all interfaces [confirm]R1#show frame lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE =

CISCOInvalid Unnumbered info 0 Invalid Prot Disc 0Invalid dummy Call Ref 0 Invalid Msg Type 0Invalid Status Message 0 Invalid Lock Shift 0Invalid Information ID 0 Invalid Report IE Len 0Invalid Report Request 0 Invalid Keep IE Len 0Num Status Enq. Sent 0 Num Status msgs Rcvd 0Num Update Status Rcvd 0 Num Status Timeouts 0

Show frame map

R1#show frame mapSerial0 (up): ip 172.12.123.2 dlci 122(0x7A,0x1CA0), static,

broadcast,CISCO, status defined, active

Serial0 (up): ip 172.12.123.3 dlci 123(0x7B,0x1CB0), static,broadcast,CISCO, status defined, active

This command will show you both your dynamically andstatically configured frame maps and their status. It willalso show whether broadcasts have been enabled for thatmapping.




12/60

Show frame pvc

R1#show frame pvc

PVC Statistics for interface Serial0 (Frame Relay DTE)

Active Inactive Deleted StaticLocal 2 0 0 0Switched 0 0 0 0Unused 0 0 0 0

DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE,INTERFACE = Serial0

input pkts 0 output pkts 0 in bytes 0

out bytes 0 dropped pkts 0 in pkts dropped 0out pkts dropped 0 out bytes dropped 0in FECN pkts 0 in BECN pkts 0 out FECN pkts 0out BECN pkts 0 in DE pkts 0 out DE pkts 0out bcast pkts 0 out bcast bytes 0pvc create time 01:40:05, last time pvc status changed 00:29:52

This command shows you how many PVCs you have on yourrouter, the DLCIs in use, their status, and the interface

theyre configured on.

It also shows your FECN, BECN, and DE statistics. You mustknow what these are before taking the CCNA exams. Checkthe Frame Relay section of my Ultimate CCNA Study Guidefor a refresher.




13/60

ISDN and Point-to-Point Serial Connection Commands

Clock rate

R3#conf tR3(config)#int s1R3(config-if)#ip address 172.12.13.2 255.255.255.252R3(config-if)#clock rate 56000R3(config-if)#no shut01:47:59: %LINK-3-UPDOWN: Interface Serial1, changed state to upR3(config-if)#z01:48:00: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceSerial1, changed state to up

Here, R3s S1 interface is directly connected to R1s S1interface. R3s S1 interface is the DCE. When two Ciscorouters are directly connected by serial interface, the DCEmust supply a clock rate to the DTE. This command isconfigured at the interface level. Once the clock rate isentered, the line protocol will come up. To see the othervalues for this command, use IOS Help after the clock ratecommand.

Show controller serial

R1#show controller serial 1HD unit 1, idb = 0x1DBFEC, driver structure at 0x1E35D0buffer size 1524 HD unit 1, V.35 DTE cable

I truncated about 20 lines of hexadecimal information that

this command results in, because the key information is inthe second line. This command tells you whether you havethe DTE or DCE end of the DTE/DCE cable connected to thisparticular interface.




14/60

Debug ppp negotiation

R1#debug ppp negotiationPPP protocol negotiation debugging is onR1#ping 172.12.12.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.12.2, timeout is 2 seconds:

02:12:01: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up02:12:01: BR0:1 PPP: Using dialer call direction02:12:01: BR0:1 PPP: Treating connection as a callout02:12:01: BR0:1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 0load]02:12:01: BR0:1 LCP: O CONFREQ [Closed] id 1 len 14

02:12:01: BR0:1 LCP: AuthProto PAP (0x0304C023)02:12:01: BR0:1 LCP: MagicNumber 0xE0974794(0x0506E0974794)02:12:01: BR0:1 LCP: I CONFREQ [REQsent] id 1 len 1402:12:01: BR0:1 LCP: AuthProto PAP (0x0304C023)02:12:01: BR0:1 LCP: MagicNumber 0xE0973A66(0x0506E0973A66)02:12:01: BR0:1 LCP: O CONFACK [REQsent] id 1 len 1402:12:01: BR0:1 LCP: AuthProto PAP (0x0304C023)02:12:01: BR0:1 LCP: MagicNumber 0xE0973A66(0x0506E0973A66)

02:12:01: BR0:1 LCP: I CONFACK [ACKsent] id 1 len 1402:12:01: BR0:1 LCP: AuthProto PAP (0x0304C023)02:12:01: BR0:1 LCP: MagicNumber 0xE0974794(0x0506E0974794)02:12:01: BR0:1 LCP: State is Open02:12:01: BR0:1 PPP: Phase is AUTHENTICATING, by both [0 sess, 0load]02:12:01: BR0:1 AUTH: Started process 0 pid 6602:12:01: BR0:1 PAP: O AUTH-REQ id 1 len 12 from "R1"02:12:01: BR0:1 PAP: I AUTH-ACK id 1 len 5

02:12:01: BR0:1 PAP: I AUTH-REQ id 1 len 12 from "R2"02:12:01: BR0:1 PAP: Authenticating peer R202:12:01: BR0:1 PAP: O AUTH-ACK id 1 len 502:12:01: BR0:1 PPP: Phase is UP [0 sess, 0 load]02:12:01: BR0:1 IPCP: O CONFREQ [Closed] id 1 len 1002:12:01: BR0:1 IPCP: Address 172.12.12.1 (0x0306AC0C0C01)02:12:01: BR0:1 CDPCP: O CONFREQ [Closed] id 1 len 402:12:01: BR0:1 IPCP: I CONFREQ [REQsent] id 1 len 10




15/60

02:12:01: BR0:1 IPCP: Address 172.12.12.2 (0x0306AC0C0C02)02:12:01: BR0:1 IPCP: O CONFACK [REQsent] id 1 len 1002:12:01: BR0:1 IPCP: Address 172.12.12.2 (0x0306AC0C0C02)02:12:01: BR0:1 CDPCP: I CONFREQ [REQsent] id 1 len 402:12:01: BR0:1 CDPCP: O CONFACK [REQsent] id 1 len 4

02:12:01: BR0:1 IPCP: I CONFACK [ACKsent] id 1 len 1002:12:01: BR0:1 IPCP: Address 172.12.12.1 (0x0306AC0C0C01)02:1.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36msR1#2:01: BR0:1 IPCP: State is Open02:12:01: BR0:1 CDPCP: I CONFACK [ACKsent] id 1 len 402:12:01: BR0:1 CDPCP: State is Open02:12:01: BR0 IPCP: Install route to 172.12.12.202:12:02: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceBRI0:1, changed statto up

Speaking from experience, I can tell you that its easy tomake an error when configuring PPP passwordauthentication, either PAP or CHAP. A null space can makethe entire process fail. You simply must know this commandin order to begin troubleshooting ISDN. Its kind of hard tospot a null space with the naked eye, but when theres aproblem with PPP, this command will point you in the rightdirection.

The output shown is a successful PAP authentication.

Dialer-group

R1#conf tR1(config)#interface bri0R1(config-if)#dialer-group 1

This interface-level command links the interface to thedialer-listcommand, which defines interesting traffic. Thenumber used here must match the number used in thedialer-listcommand.




16/60

Dialer-list

R1#conf tR1(config)#dialer-list 1 protocol ip permitR1(config)#interface bri0

R1(config-if)#dialer-group 1

The dialer-list command defines interesting traffic, which isthe traffic that causes one router to dial another.Interesting traffic also resets the dialer idle-timer. Thedialer-list is defined globally and is linked to the interfacewith the dialer-group command. The number used in thedialer-list command must match the dialer-group number.

Dialer-list has many options, including the option to defineinteresting traffic with access-lists. Use IOS Help to furtherexplore these options. The dialer-list shown defines all IPtraffic as interesting.

Dialer idle-timeout

R1#conf t

R1(config)#interface bri0R1(config-if)#dialer idle-timeout 60

By default, when interesting traffic brings up the ISDN link,an idle-timer of 120 seconds begins to run. Only interestingtraffic resets the idle-timer. To change this default time, usethis command.

EXAM NOTE: Notice that the command value is in seconds,

not minutes.




17/60

Dialer load-threshold, ppp multilink

R1#conf tR1(config)#interface bri0R1(config-if)#ppp multilink

R1(config-if)#dialer load-threshold 191 outbound

By default, the second b-channel in a BRI interface will notbe used until the first is at capacity. To change this, firstenable ppp multilink. Second, use the dialer load-thresholdcommand to define the capacity level of the first channelbefore the second channel is brought up. Finally, define thedirection you want to consider inbound, outbound, or both.

EXAM NOTE: The numeric value of this command is NOT aratio of 100; its a ratio of 255. For example, to bring thesecond b-channel up when the first reaches 75% outboundcapacity, you must enter a value that is 75% of 255 whichis 191. (191 x .75)

Dialer map

R2#conf tR2(config)#interface bri0R2(config-if)#dialer map ip 172.12.12.1 name R1 broadcast 5553333

There are no dynamic dialer maps; they must be configuredmanually with the dialer map command.

Note that you map the remote IP address to the remotephone number; 5553333 is R1s phone number.

As with frame, broadcasts will not be sent over the ISDN linkby default; this must be enabled with the broadcastkeyword.




18/60

Dialer poolDialer pool-memberDialer stringDialer remote-name

Interface dialer0

R1#conf tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#interface dialer0R1(config-if)#ip address 172.12.12.1 255.255.255.252R1(config-if)#encapsulation pppR1(config-if)#dialer pool 1R1(config-if)#dialer remote-name R2R1(config-if)#dialer string 5554444R1(config-if)#dialer-group 1R1(config-if)#interface bri0R1(config-if)#no ip addressR1(config-if)#dialer pool-member 1R1(config-if)#encapsulation ppp

These commands are used to create a dialer profile, which isa logical dial interface that will be bound to a physical BRIinterface when that particular number is dialed. You need toknow the basics of dialer profile configuration for the CCNA

exams.

Notice that the IP address is on the logical interface Dialer0,not the physical interface bri0. PPP encapsulation is enabledon both. The dialer pool, dialer remote-name, and dialerstring commands all go on the dialer0 interface, as doesdialer-group. The dialer pool-member command isconfigured on the physical interface.




19/60

Encapsulation pppNo encapsulation ppp

R2#conf tR2(config)#interface bri0R2(config-if)#encapsulation ppp

The default encapsulation type of BRI interfaces is HDLC.Before you can enable PAP or CHAP authentication, youmust enable PPP encapsulation with this command. Torevert to the default HDLC encapsulation, run noencapsulation ppp.

Isdn switch-type basic-ni

R2#conf tR2(config)#isdn switch-type basic-ni

OR

R2(config)#interface bri0R2(config-if)#isdn switch-type basic-ni

Required for ISDN. You cannot have a working configurationwithout this command. You can enter this globally or at theBRI interface level, as shown. You may see it in yourrunning configuration under the BRI configuration evenwhen you enable it globally. Thats the normal behavior.

Ppp authentication chap

R2#conf tR2(config)#interface bri0R2(config-if)#ppp authentication chap

Enables chap authentication. There is no ppp chap sent-username command. Passwords must be the same on bothrouters when using CHAP.




20/60

Ppp authentication papPpp pap sent-username password

R2#conf tR2(config)#interface bri0

R2(config-if)#ppp authentication papR2(config-if)#ppp pap sent-username R2 password cisco

PPP PAP authentication is unencrypted; the passwords goacross the ISDN link in clear-text. The passwords can bedifferent on each router, though, due to the ppp pap sent-username command. This command is required for PAP.

Show dialer

R2#show dialer

BRI0 - dialer type = ISDN

Dial String Successes Failures Last DNIS Last status5553333 6 1 00:00:04 successful0 incoming call(s) have been screened.0 incoming call(s) rejected for callback.

BRI0:1 - dialer type = ISDNIdle timer (120 secs), Fast idle timer (20 secs)Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is data link layer upDial reason: ip (s=172.12.12.2, d=172.12.12.1)

Time until disconnect 117 secsConnected to 5553333 (R1)

BRI0:2 - dialer type = ISDNIdle timer (120 secs), Fast idle timer (20 secs)

Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is idle

The key with this important command is that the outputshows you the source and destination of the traffic thatcaused the router to dial. If you see 224.0.0.5, 224.0.0.9,




21/60

224.0.0.10, or 255.255.255.255 here, you have a great ideaof what traffic brought the link up.

Dont take the CCNA exam without knowing what kind of

traffic each of those IP addresses represents. Heres a quickrefresher.

224.0.0.5, OSPF. 224.0.0.9, RIP version 2. 224.0.0.10,EIGRP. 255.255.255.255, broadcast traffic (routingprotocols IGRP and RIP version 1 send broadcast updates).

Show interface bri0

R2#show interface bri0BRI0 is up, line protocol is up (spoofing)Hardware is BRIInternet address is 172.12.12.2/30MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255Encapsulation PPP, loopback not setLast input 00:00:00, output 00:00:00, output hang neverLast clearing of "show interface" counters 02:20:49Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:0

Queueing strategy: weighted fair

Notice the word spoofing in parenthesis after the physicaland line protocols are shown as up. There is no active callon this link, and the ISDN connection is not up. spoofingrefers to the fact that the interface is acting as though therewere an active connection.




22/60

Show isdn history

R2#show isdn history--------------------------------------------------------------------------------

ISDN CALL HISTORY--------------------------------------------------------------------------------Call History contains all active calls, and a maximum of 100 inactivecalls.Inactive call data will be retained for a maximum of 15 minutes.--------------------------------------------------------------------------------Call Calling Called Remote Seconds Seconds SecondsCharges

Type Number Number Name Used Left IdleUnits/Currency--------------------------------------------------------------------------------Out ---N/A--- 5553333 0 0Out ---N/A--- 5553333 0 0Out ---N/A--- 5553333 0 0Out ---N/A--- 5553333 0 0Out ---N/A--- 5553333 0 0In 5553333 5554444 0In 5553333 5554444 0In 5553333 5554444 0In 5553333 5554444 2Out ---N/A--- 5553333 R1 121 0

As the name implies, this command shows the last 10 callsand the numbers to which they were made.




23/60

Show isdn status

R2#show isdn statusGlobal ISDN Switchtype = basic-niISDN BRI0 interface

dsl 0, interface ISDN Switchtype = basic-niLayer 1 Status:

ACTIVELayer 2 Status:

TEI = 66, Ces = 1, SAPI = 0, State =MULTIPLE_FRAME_ESTABLISHED

Layer 3 Status:1 Active Layer 3 Call(s)CCB:callid=8008, sapi=0, ces=1, B-chan=1, calltype=DATA

Active dsl 0 CCBs = 1

The Free Channel Mask: 0x80000002Total Allocated ISDN CCBs = 1

A vital command for ISDN troubleshooting. This commandindicates whether you have defined the ISDN switch-type,and whether layers 1, 2, and 3 are active. These layers mapto the OSI model.




24/60

Static and Distance-Vector Commands:

Bandwidth

R2#conf tR2(config)#int s0R2(config-if)#bandwidth 512

IGRP makes a default assumption that any Serial interfacerunning IGRP is connected to a T1 line, which runs at 1544KBPS. With equal-cost load-balancing enabled by default,this may be an undesirable assumption.

To alter IGRPs assumption, use the bandwidth command onthe serial interface in question. Note that this commanddoes NOT actually affect the bandwidth available to theinterface; it merely changes IGRPs assumption of thebandwidth.

Clear ip route *

R2#clear ip route *

This command clears your routing table of all non-static andnon-connected routes. In a lab environment, its veryhandy; it forces your routers running routing protocols tosend and request updates, rather than waiting for theregularly scheduled updates.




25/60

Debug ip igrp events

R2#debug ip igrp eventIGRP event debugging is onR2#clear ip route *

06:02:51: IGRP: broadcasting request on BRI006:02:51: IGRP: broadcasting request on Serial0.123

Debug ip igrp events allows you to see IGRP updates beingsent and requested. Here, the debug is run and then therouting table is cleared. The router immediately broadcastsupdate requests via the IGRP-enabled interfaces.

Debug ip igrp transactions

R2#debug ip igrp transactionsIGRP protocol debugging is onR2#clear ip route *06:05:33: IGRP: received update from 172.12.123.1 on Serial0.12306:05:33: subnet 172.12.123.0, metric 10476 (neighbor 8476)06:05:33: network 1.0.0.0, metric 8976 (neighbor 501)06:05:33: IGRP: edition is now 306:05:33: IGRP: sending update to 255.255.255.255 via BRI0(172.12.12.2)

06:05:33: network 1.0.0.0, metric=897606:05:33: IGRP: sending update to 255.255.255.255 via Serial0.123(172.12.123.2) - suppressing null update06:05:34: IGRP: received update from 172.12.12.1 on BRI006:05:34: subnet 172.12.13.0, metric 160250 (neighbor 8476)06:05:34: network 1.0.0.0, metric 158750 (neighbor 501)

To configure IGRP unequal-cost load-sharing with thevariance command, youve got to know the metric of theless-desirable routes. EIGRP keeps these in its topology

table; IGRP has no such table.

To get the metrics of routes not in the routing table, rundebug ip igrp transactions. To force IGRP updates, therouting table was cleared with clear ip route *.




26/60

Debug ip packet

R2#debug ip packetIP packet debugging is onR2#ping 172.12.123.2

R2#ping 172.12.123.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2seconds:

06:10:04: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,unroutable.06:10:06: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,

unroutable.06:10:08: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,unroutable.06:10:10: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,unroutable.06:10:12: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,unroutable.Success rate is 0 percent (0/5)

If you have a problem sending a ping, this command will

give you a good idea where the problem is. Here, themessage indicates that there is no route to the destination.

Debug ip rip

2#debug ip ripIP protocol debugging is on2#clear ip route *6:14:53: RIP: received v2 update from 172.23.23.3 on Ethernet06:14:53: 1.0.0.0/8 via 0.0.0.0 in 16 hops (inaccessible)

6:14:53: 1.1.1.1/32 via 0.0.0.0 in 2 hops6:14:53: 172.12.0.0/16 via 0.0.0.0 in 16 hops (inaccessible)6:14:53: 172.12.12.2/32 via 0.0.0.0 in 2 hops6:14:53: 172.12.13.0/30 via 0.0.0.0 in 1 hops6:14:53: 172.12.123.0/24 via 0.0.0.0 in 1 hops6:14:53: 172.23.0.0/16 via 0.0.0.0 in 16 hops (inaccessible)




27/60

Run debug ip rip to troubleshoot routing update problems,RIP authentication problems, and to view the routing updatecontents. Clear ip route * was run to clear the routing tableand to force a RIP update. Note that poison reverse is in

operation. (A route that is unavailable is not just droppedfrom updates; it is advertised with an unreachable metric.)

Ip route

OR

Ip route

R2#conf tR2(config)#ip route 1.1.1.1 255.255.255.255 172.12.123.1

OR

R2(config)#ip route 1.1.1.1 255.255.255.255 serial0

To configure a static route to a given destination IP address,use the ip route command. The destination is followed by a

subnet mask, and that can be followed by either the next-hop IP address or the exit interface on the local router.

Ip route 0.0.0.0 0.0.0.0 Ip route 0.0.0.0 0.0.0.0

R2#conf tR2(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.1

OR

R2(config)#ip route 0.0.0.0 0.0.0.0 ethernet0




28/60

To configure a default static route, use either of these twocommands.

You could have any number for the first 0.0.0.0, since the

second set of zeroes is the subnet mask. This means thatany destination will match this route statement.

Maximum-paths

R2#conf tR2(config)#router ripR2(config-router)#maximum-paths 6

By default, distance-vector routing protocols perform equal-

cost load-balancing over four paths. This default can be setfrom a minimum of 1 to a maximum of 6 with thiscommand.

Note: If you configure maximum-paths 1, you are in effectdisabling equal-cost load-balancing.

Network

R2#conf tR2(config)#router ripR2(config-router)#network 172.12.0.0

The network command indicates that interfaces in theindicated network will run this particular routing protocol.The network command is used in RIP, IGRP, EIGRP, andOSPF.




29/60

No auto-summary

R2#conf tR2(config)#router ripR2(config-router)#version 2

R2(config-router)#no auto-summary

Both RIP version 2 and EIGRP perform summarization ofroutes when those routes are advertised across a networkborder. (For a complete, illustrated explanation of thisconcept, please check the EIGRP section of my UltimateCCNA Study Guide.) This default behavior is generallydisabled. To do so, run no auto-summary as shown.

Passive-interface

R2#conf tR2(config)#router ripR2(config-router)#passive-interface bri0

An interface configured as passive will continue to acceptrouting updates, but will no longer send them.

Exam Note: Even though this command affects an interface,it is NOT configured at the interface level. Its configured aspart of the routing protocol configuration.




30/60

Router igrp 1

R2#conf tR2(config)#router igrp 1

This command enables IGRP on the router.

Exam Tip: The number in the command is the AutonomousSystem number.

Exam Tip: The only automatic route redistribution betweenprotocols is between IGRP and EIGRP ifthe AS number foreach is the same.

Router ripVersion 1Version 2

R2#conf tR2(config)#router ripR2(config-router)#version 1

R2(config-router)#version 2

Router rip enables RIP on your router. RIP runs twoversions, 1 and 2, and you must know the differencesbetween the two before succeeding on the CCNA exams.

By default, RIP sends version 1 updates and accepts version1 and 2 updates. To change this default to accept and sendupdates of only one of the two versions, configure version 1

or version 2 under the RIP routing process.




31/60

Show ip protocols

R2#show ip protocolsRouting Protocol is "rip"Sending updates every 30 seconds, next due in 20 seconds

Invalid after 180 seconds, hold down 180, flushed after 240Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setRedistributing: ripDefault version control: send version 2, receive version 2Interface Send Recv Triggered RIP Key-chainSerial0.123 2 2

Automatic network summarization is not in effect

Maximum path: 4Routing for Networks:

172.12.0.0Passive Interface(s):

BRI0Routing Information Sources:Gateway Distance Last Update172.12.12.1 120 00:00:24

Distance: (default is 120)

A lot of information here! First, you see the update timers.Auto-summarization has been turned off; maximum-paths is

set to four; BRI0 has been made a passive-interface; finally,RIP has been kept at its default Administrative Distance of120. Also, interface s0.123 is sending and receiving RIPversion 2 only.

Exam Tip: Know all the information that can be seen in thiscommands output.




32/60

Show ip route

R2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter

area * - candidate default, U - per-user static route, o - ODRP - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

1.0.0.0/32 is subnetted, 1 subnetsS 1.1.1.1 [1/0] via 172.12.123.1

172.12.0.0/16 is variably subnetted, 4 subnets, 3 masksC 172.12.12.0/30 is directly connected, BRI0R 172.12.13.0/30 [120/1] via 172.12.12.1, 00:00:10, BRI0C 172.12.12.1/32 is directly connected, BRI0R 172.12.123.0/24 [120/1] via 172.12.12.1, 00:00:10, BRI0

172.23.0.0/27 is subnetted, 1 subnetsC 172.23.23.0 is directly connected, Ethernet0S* 0.0.0.0/0 is directly connected, Ethernet0

[1/0] via 172.12.123.1

This command displays the entire routing table. To see onlythe routes of a given protocol, enter the protocol name atthe end of this command, such as show ip route rip:

R2#show ip route rip172.12.0.0/16 is variably subnetted, 4 subnets, 3 masks

R 172.12.13.0/30 [120/1] via 172.12.12.1, 00:00:20, BRI0R 172.12.123.0/24 [120/1] via 172.12.12.1, 00:00:20, BRI0

Exam Tip: Note that the letter indicating EIGRP routes is

D. E was already taken by EGP when EIGRP came along.




33/60

Traffic-share balanced

R3#conf tR3(config)#router igrp 1R3(config-router)#traffic-share balanced

R3#conf tR3(config)#router eigrp 1R3(config-router)#traffic-share balanced

When EIGRP and IGRP perform unequal-cost load-sharing,the load is shared in proportion to the metrics by default;that is, if one path has a metric that is three times betterthan the other path in use, that path will carry roughly three

times as much data.

To divide the load equally among all the paths, configuretraffic-share balanced.

Variance

R3#conf tR3(config)#router igrp 1R3(config-router)#variance 3

Variance is used to configure unequal-cost load-balancing.Variance is simply a multiplier. The metric of the best pathis multiplied by the variance; any path with a lower metricthan the result will be used for unequal-cost load-balancing.

Example: Three paths to a destination exist, with thefollowing metric:

Path 1: 4000Path 2: 7500Path 3: 8100




34/60

By default, IGRP and EIGRP will use only Path 1. A variancevalue of 2 would result in any path with a metric of less than8000 being used (4000 x 2), so Path 1 and Path 2 would beused. A variance of 3 would result in all three paths being

used for unequal-cost load-balancing.




35/60

OSPF Commands

Area stub

R2#conf tR2(config)#router ospf 1R2(config-router)#area 23 stub

To configure an area as stub, configure it as Area 23 hasbeen configured here.

Exam Tip: For an area to be configured as stub, all routerswith an interface in that area must be so configured.

Exam Tip: A virtual link cannot be configured with a stubarea as the transit area.

Area stub no-summary

R2#conf tR2(config)#router ospf 1R2(config-router)#area 23 stub no-summary

To configure an area as a total stub area, use theconfiguration shown here.

Exam Tip: A virtual link cannot use a stub or total stub areaas a transit area.

Area virtual-link

R2#conf tR2(config)#router ospf 1R2(config-router)#area 13 virtual-link 1.1.1.1




36/60

A virtual link is created to logically connect a router to Area0 when no physical connection exists.

Watch the syntax carefully. The area specified is the transit

area, or the area through which the virtual link will form.This area cannot be a stub or total stub area.

The IP address shown is the OSPF RID (Router ID) of theremote router. This command must be configured on bothsides of the transit area.

Debug ip ospf adjacency

R3# debug ip ospf adjacency09:58:43: %SYS-5-CONFIG_I: Configured from console by consoleR3#09:58:48: OSPF: Rcv DBD from 2.2.2.2 on Ethernet0 seq 0xEEF opt0x42 flag 0x7 len 32 mtu 1500 state INIT09:58:48: OSPF: 2 Way Communication to 2.2.2.2 on Ethernet0, state2WAY09:58:48: OSPF: Neighbor change Event on interface Ethernet009:58:48: OSPF: DR/BDR election on Ethernet009:58:48: OSPF: Elect BDR 0.0.0.009:58:48: OSPF: Elect DR 172.23.23.309:58:48: DR: 172.23.23.3 (Id) BDR: none09:58:48: OSPF: Send DBD to 2.2.2.2 on Ethernet0 seq 0x13F3 opt0x42 flag 0x7 len 3209:58:48: OSPF: First DBD and we are not SLAVE09:58:48: OSPF: Rcv DBD from 2.2.2.2 on Ethernet0 seq 0x13F3 opt0x42 flag 0x2 len 132 mtu 1500 state EXSTART09:58:48: OSPF: NBR Negotiation Done. We are the MASTER09:58:48: OSPF: Send DBD to 2.2.2.2 on Ethernet0 seq 0x13F4 opt

0x42 flag 0x3 len 15209:58:48: OSPF: Database request to 2.2.2.209:58:48: OSPF: sent LS REQ packet to 172.23.23.2, length 6009:58:48: OSPF: Rcv DBD from 2.2.2.2 on Ethernet0 seq 0x13F4 opt0x42 flag 0x0 len 32R3# mtu 1500 state EXCHANGE09:58:48: OSPF: Send DBD to 2.2.2.2 on Ethernet0 seq 0x13F5 opt0x42 flag 0x1 len 32




37/60

09:58:48: OSPF: Rcv DBD from 2.2.2.2 on Ethernet0 seq 0x13F5 opt0x42 flag 0x0 len 32 mtu 1500 state EXCHANGE09:58:48: OSPF: Exchange Done with 2.2.2.2 on Ethernet009:58:48: OSPF: Synchronized with 2.2.2.2 on Ethernet0, state FULL

09:58:48: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Ethernet0from LOADING to FULL, Loading Done09:58:48: OSPF: Build router LSA for area 23, router ID 172.23.23.3,seq 0x8000000209:58:48: OSPF: Build network LSA for Ethernet0, router ID172.23.23.309:58:53: OSPF: Neighbor change Event on interface Ethernet009:58:53: OSPF: DR/BDR election on Ethernet009:58:53: OSPF: Elect BDR 2.2.2.209:58:53: OSPF: Elect DR 172.23.23.309:58:53: DR: 172.23.23.3 (Id) BDR: 2.2.2.2 (Id)

debug ip ospf adjacency allows you to watch the adjacencyformation process, and to spot problems preventingadjacency. In this example, you can see the stages ofOSPF adjacency, and see the DR and BDR election at theend.

Ip ospf hello Ip ospf dead

R1#conf tR1(config)#int s0R1(config-if)#ip ospf hello 30R1(config-if)#ip ospf dead 100

OSPF hello and dead timers have different defaults ondifferent network types; review the OSPF section of The

Bryant Advantage Ultimate CCNA Study Guide for arefresher on these.

No matter the network types, the default is that the OSPFdeadtime is four times the hello time. One way to changethe deadtime is to change the hello time; no matter what




38/60

you set the hello time to, the dead time will change to fourtimes the new hello value.

You can also set the dead time manually, as shown.

This is done on the interface level, and the timers mustmatch on both sides of the link. If you change the timers onone side and not the other, the adjacency will drop.

Ip ospf demand-circuit

R2#conf tR2(config)#interface bri0R2(config-if)#ip ospf demand-circuit

Throughout your CCNA and CCNP studies, youll be facedwith the ISDN link coming up when you dont want it to. Byusing show dialer to determine the destination of theinteresting traffic that brought the link up, youll see thatmany times, its routing update packets or Hello packets thatbrought the link up.

OSPF has a mechanism to allow the ISDN link to have anadjacency form over the ISDN link, and keep that adjacencyeven when the link comes down. By using the ip ospfdemand-circuit command, OSPF will keep the adjacencywithout sending Hellos that might otherwise keep resettingthe ISDN idle-timer.

Note that this is an interface-level command.

While you generally see this configured on both sides of theISDN link in most books, its only needed on one side.




39/60

Ip ospf priority 0

R2#conf tR2(config)#int s0.123R2(config-subif)#ip ospf priority 0

OSPF hub-and-spoke networks are common, and requireextra configuration on both the hubs and the spokes.

In a hub-and-spoke configuration, the spokes cannot underany circumstances become the Designated Router (DR) orBackup Designated Router (BDR). The only way to do this isto set the spokes OSPF interface priority to zero, as shownabove.

Since the OSPF default interface priority is 1, configuring thison all spokes will ensure that the hub becomes the DR andthat no BDR will be elected.

Ip ospf network non-broadcast

R3#conf t

R3(config)#int s0.31 point-to-pointR3(config-subif)#ip ospf network non-broadcast

Keep in mind that a major reason for OSPF neighbors not forming anadjacency is a mismatch in the network types. Serial interfacesdefault to non-broadcast, but a point-to-point interface will alwaysdefault to OSPF network type point-to-point. If you have a physicalserial interface on one side of a link and a point-to-point interface onthe other side, the adjacency will not form You can change the OSPFnetwork type as shown to allow the adjacency to form.




40/60

Router-id x.x.x.x

R1#conf tR1(config)#router ospf 1R1(config-router)#router-id 11.11.11.11

Reload or use "clear ip ospf process" command, for this to take effectR1#clear ip ospf processReset ALL OSPF processes? [no]: yes10:22:19: OSPF: Interface Serial0 going Down10:22:19: OSPF: 1.1.1.1 address 172.12.123.1 on Serial0 is dead,state DOWN10:22:19: OSPF: Neighbor change Event on interface Serial0

First, what is the default OSPF Router ID (RID)? The rulesare a little odd, so lets review them.

If a router running OSPF has one or more loopbackaddresses, the numerically highest address is the OSPF RID,even if that interface is not running OSPF.

If a router running OSPF has no loopback addresses, thenumerically highest IP address of the physical interfaces isthe OSPF RID, even if that interface is not running OSPF.

I know its second nature to think the interface bearing theOSPF RID must be running OSPF, but its not true.

To change the RID, use the router-id command under theOSPF process as shown.

Note that to make this command take effect, the routerprompts you to reload or run the clear ip ospf processcommand. That command is going to restart ALL your OSPFprocesses. In other words, dont try this at work.

Also note that the prompted answer for reset ALL OSPFprocesses? is no. When the router default for a question isno, the routers trying to tell you youre about to do




41/60

something fairly drastic. I always take a second look beforeI answer yes to a question like that.

Show ip ospf

R1#show ip ospfRouting Process "ospf 1" with ID 11.11.11.11

Supports only single TOS(TOS0) routesSupports opaque LSAIt is an area border router

SPF schedule delay 5 secs, Hold time between two SPFs 10 secsMinimum LSA interval 5 secs. Minimum LSA arrival 1 secsNumber of external LSA 0. Checksum Sum 0x000000Number of opaque AS LSA 0. Checksum Sum 0x000000Number of DCbitless external and opaque AS LSA 0Number of DoNotAge external and opaque AS LSA 0Number of areas in this router is 3. 3 normal 0 stub 0 nssaExternal flood list length 0

Area BACKBONE(0)Number of interfaces in this area is 1Area has no authenticationSPF algorithm executed 4 times

Area ranges areNumber of LSA 13. Checksum Sum 0x10123BNumber of opaque link LSA 0. Checksum Sum 0x000000

Number of DCbitless LSA 0Number of indication LSA 0Number of DoNotAge LSA 0Flood list length 0

Area 1Number of interfaces in this area is 1Area has no authenticationSPF algorithm executed 2 timesArea ranges areNumber of LSA 6. Checksum Sum 0x02FD14Number of opaque link LSA 0. Checksum Sum 0x000000Number of DCbitless LSA 0Number of indication LSA 0Number of DoNotAge LSA 0Flood list length 0




42/60

Theres a lot of output to this command, but the keys forCCNA and CCNP exam success are that you see the OSPFRID here, you see the router type (this is an ABR), and yousee the different areas and how many times the SPF

algorithm has been executed.

Since the SPF algorithm (also known as the Dijkstraalgorithm) only runs on a network topology change, aconstantly advancing counter here indicates a flapping linkin the network one that goes up and down continually, andwhich will make the SPF algorithm run every time it does so.

Show ip ospf interface

R1#show ip ospf interface serial0Serial0 is up, line protocol is upInternet Address 172.12.123.1/24, Area 0Process ID 1, Router ID 11.11.11.11, Network Type

NON_BROADCAST, Cost: 64Transmit Delay is 1 sec, State DR, Priority 1Designated Router (ID) 11.11.11.11, Interface address 172.12.123.1No backup designated router on this networkTimer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit

5Hello due in 00:00:08

Index 1/1, flood queue length 0Next 0x0(0)/0x0(0)Last flood scan length is 1, maximum is 6Last flood scan time is 4 msec, maximum is 8 msecNeighbor Count is 2, Adjacent neighbor count is 2Adjacent with neighbor 172.23.23.3Adjacent with neighbor 2.2.2.2

Suppress hello for 0 neighbor(s)

Note that this command shows you the RID, the networktype, what the state is (DR, BDR, DROTHER), the RID of theDR and BDR, and what adjacencies this interface hasformed.




43/60

Show ip ospf neighbor

R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

172.23.23.3 0 FULL/DROTHER 00:01:37 172.12.123.3 Serial02.2.2.2 0 FULL/DROTHER 00:01:53 172.12.123.2 Serial0172.23.23.3 1 FULL/ - 00:00:38 172.12.13.2 Serial1

A vital OSPF command, you see the RIDs of the routersOSPF neighbors, the state of the adjacency, the dead time(which in a healthy adjacency will decrement for while, thenincrement upon receipt of an OSPF Hello), the IP address ofthat neighbor, and the neighbors interface with which theadjacency has formed.

Note the state DROTHER. This means that the neighbor isneither the DR nor the BDR for that segment.

Note the state . This state is seen when the link ispoint-to-point. Since a point-to-point link by definition canonly have two hosts, theres no need for a DR or BDR.There is no DR or BDR election on a point-to-point link.




44/60

EIGRP Command Reference

Network

R3#conf tR3(config)#router eigrp 100R3(config-router)#network 172.12.123.0 0.0.0.255

You enable EIGRP on router interfaces with the networkcommand. Note that the network command in EIGRPincludes wildcard masks, just as OSPF does.

Exam Tip: As with IGRP, the number following routereigrp is the Autonomous System (AS) number.

Exam Tip: When IGRP and EIGRP are running on the samerouter, routes will be automatically redistributed betweenthe two if the AS number of both is the same; that is, IGRP100 and EIGRP 100 would automatically redistribute routes;IGRP 200 and EIGRP 100 would not.

No ip split-horizon eigrp

R1#conf tR1(config)#interface serial0R1(config-if)#no ip split-horizon eigrp 100

Split horizon is enabled by default on interfaces runningEIGRP. (Remember that EIGRP is a hybrid; it has somecharacteristics of distance-vector protocols and some of link-state protocols. Split horizon is a distance-vector behavior.)

Occasionally, you may need to turn split horizon off in ahub-and-spoke network to have full network reachability.You turn split horizon off at the interface level as shown.




45/60

Router eigrp

R2#conf tR2(config)#router eigrp 100

Enable EIGRP on a router with the router eigrp command.The number defined is the Autonomous System number.

Show ip eigrp neighbors

R1#show ip eigrp neighborsIP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq Type

(sec) (ms) Cnt Num0 172.12.123.3 Se0 13 00:01:53 52 312 0 5

1 172.12.123.2 Se0 149 00:03:18 51 306 0 2

EIGRP neighbors are shown for each EIGRP process with this singlecommand. Note that you can also see how long each adjacency hasbeen up.

Show ip eigrp topology

R1#show ip eigrp topologyIP-EIGRP Topology Table for AS(100)/ID(1.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,r - reply Status, s - sia Status

P 3.3.3.3/32, 1 successors, FD is 2297856via 172.12.123.3 (2297856/128256), Serial0via 172.12.123.2 (2323456/409600), Serial0

P 1.1.1.1/32, 1 successors, FD is 128256via Connected, Loopback0

P 2.2.2.0/24, 1 successors, FD is 2297856

via 172.12.123.2 (2297856/128256), Serial0via 172.12.123.3 (2323456/409600), Serial0

P 172.23.23.0/27, 2 successors, FD is 2195456via 172.12.123.3 (2195456/281600), Serial0via 172.12.123.2 (2195456/281600), Serial0

P 172.12.123.0/24, 1 successors, FD is 2169856via Connected, Serial0




46/60

To configure unequal-cost load-balancing with the variancecommand, you need to know the metrics of the less-desirable routes. With EIGRP, this is easy if you know whereto look. All these routes are kept in the EIGRP Topology

Table.

The Successor (the best route) is seen here, and this is theroute youll see in the routing table with show ip route. TheFeasible Successor (less-desirable, but still valid) is seenonly in the topology table.

Exam Tip: EIGRP has three tables; the route table, seenwith show ip route; the topology table, seen with show ip

eigrp topology; and the neighbor table, seen with show ipeigrp neighbor.

Note that the routes in the topology table are seen asPassive, indicated by the letter P. There are no activeroutes. At first glance, this may not seem good, but this isactually what you want.

Routes marked as Passive are not currently being calculated

by DUAL (EIGRPs algorithm), and are available to carrydata. Routes marked as Active are being calculated byDUAL and cannot currently be used to carry data.

In a perfectly working network, routes that go into Activedont stay there very long. If you see one that stays there,the acronym used for that is SIA Stuck-In-Active. Startlooking for solutions in Google for that one.




47/60

Advanced TCP/IP Topics Command Summary(Access-lists, NAT, Route Summarization)

Standard Access List Format and Application:

R1#conf tR1(config)#access-list 5 permit 172.1.0.0 0.0.255.255R1(config)#interface serial0R1(config-if)#ip access-group 5 in

First, the access-list (abbreviated as ACL) is written.Second, the ACL is applied to the interface.

A standard ACL is straightforward, but there are a lot of

details in that little configuration. Mastery of these detailswill make you a CCNA and CCNP. Lets take a look at thesedetails.

Remember that every ACL ends with an implicit deny.If traffic is not explicitly permitted, it is implicitlydenied.

ACLs run from top to bottom; when there is a match,the ACL no longer runs. This makes the order of the

ACLs lines vital. Standard ACLs can be numbered 1 99 and 1300

1399. Exam Tip: Note the command applying the ACL to the

interface. It begins with ip. It ends with thedirection of traffic this ACL will be matched against inbound or outbound. An interface can have two ACLsapplied at one time, with one affecting incoming trafficand another affecting outgoing traffic.

ACLs always use wildcard masks, just as OSPF andEIGRP do.

Standard ACLs consider only the source IP address.




48/60

ACLs using host, any, and remark

R1#conf tR1(config)#access-list 5 permit 172.1.13.1 0.0.0.0

OR

R1#conf tR1(config)#access-list 5 permit host 172.1.13.1

These two ACLs perform the same task. Traffic matchingthe single IP address 172.1.13.1 will be permitted, with allother traffic denied by the implicit deny.

The word host can be used in place of the wildcard mask0.0.0.0. Exam Tip: Note that while a wildcard mask of0.0.0.0 follows the address, the word host precedes it.

R1#conf tR1(config)#access-list 5 permit any

OR

R1#conf tR1(config)#access-list 5 permit 172.1.13.1 255.255.255.255

These two ACLs perform the same task. All traffic willmatch. (You could put any address in for the source IPaddress as long as the wildcard mask is 255.255.255.255.)

The word any can be used in place of the source IP

address and wildcard mask 255.255.255.255.

R1#conf tR1(config)#access-list 5 remark This ACL blocks telnet traffic.

Use the remark command to add comments to your ACL.




49/60

Extended Access Lists Configuration and Application

R1#conf tR1(config)#access-list 105 permit ip 172.50.50.0 0.0.0.255 210.1.1.0 0.0.0.255

R1(config)#interface serial0

R1(config-if)#ip access-group 105 out

Exam Tips:

Extended ACLs have numeric ranges of 100 199 and 2000 2699.

Extended ACLs can match against source IP address,destination IP address, protocol type, and well-known port

number (for example, port 80 to block web traffic).

Extended ACLs run from top to bottom; once a match isfound, the ACL stops running.

Extended ACLs have an implicit deny at the end.

Extended ACLs are applied in the same fashion as standardACLs. Watch the ip that the command begins with, and

that the direction of traffic this ACL will be matched againstmust be specified. Overall, you can have two ACLs appliedon an interface one applied to inbound traffic and theother to outbound traffic.

The keywords host and any can be used for the source,destination, or both.




50/60

Named ACL Configuration And Application

R1#conf tR1(config)#ip access-list extended NO_WEB_TRAFFICR1(config-ext-nacl)#deny tcp any any eq www

R1(config-ext-nacl)#permit ip any anyR1(config-ext-nacl)#interface ethernet0R1(config-if)#ip access-group NO_WEB_TRAFFIC inR1(config-if)#ip access-group NO_WEB_TRAFFIC out

Named ACLs can be either standard or extended, and this isdefined when the ACL is created.

Here, an ACL blocking WWW traffic is created. The line

permit ip any any will permit any traffic, regardless ofsource or destination, as long as the traffic didnt match thefirst line.

Named ACLs are applied to interfaces in much the samefashion as numbered ACLs. Note that this ACL was appliedto both inbound and outbound traffic, which does requiretwo separate lines; theres no both option.

Limiting Telnet Access With ACLs

R1#conf tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#access-list 99 permit host 110.1.1.1R1(config)#line vty 0 4R1(config-line)#login% Login disabled on line 5, until 'password' is set

% Login disabled on line 6, until 'password' is set% Login disabled on line 7, until 'password' is set% Login disabled on line 8, until 'password' is set% Login disabled on line 9, until 'password' is setR1(config-line)#password ciscoR1(config-line)#access-class 99 in




51/60

ACLs can be applied to the VTY lines (used for Telnet) tolimit who can telnet in to the router, regardless of whetherthey know the password or not.

First, ACL 99 was written, and the host option is used topermit only the IP address 110.1.1.1. The implicit deny willdeny all other source addresses.

Login has been allowed and a password of cisco has beenset. The ACL is now applied to the VTY lines with theaccess-class command. Note that command its differentthan the command used to apply an ACL to interfaces.

Tip: I entered login first to show you the message youllget if you enter that command before setting the requiredTelnet password. As long as you set a password afterenabling login, theres no problem. There is no right orwrong order to use the login and password commands.

Route Summarization Commands

R1#conf tR1(config)#interface serial0R1(config-if)#ip summary-address rip 110.1.0.0 255.252.0.0

R1#conf tR1(config)#interface serial0R1(config-if)#ip summary-address eigrp 100 110.1.0.0 255.252.0.0




52/60

Route summarization is covered thoroughly in my UltimateCCNA Study Guide. Its the process of taking severalnetwork numbers and summarizing them into one singlerouting update statement. It must be done carefully. If

youre not familiar with the subject, please refer to SectionTen of my CCNA Study Guide, which contains several clearlyillustrated examples.

The command to send the summarization is a little odd. Itdoes not go under the routing process configuration; its aninterface-level command. Know how to perform thissummarization before taking the CCNA exams, and befamiliar with the syntax as well.

NAT

Static and dynamic NAT Pre-Configuration

R1#conf tR1(config)#interface serial0R1(config-if)#ip nat outsideR1(config-if)#interface ethernet0

R1(config-if)#ip nat inside

Whether youre configuring static or dynamic NAT, youvegot to define your inside and outside addresses.

The inside NAT interface is the one closest to the devicesusing RFC 1918 addresses; usually, thats going to be anEthernet interface.

The outside NAT interface is the one facing the Internet fromthe organizations point of view; thats going to be a Serialinterface.

Exam Tip: The addresses on the inside segment,represented by RFC 1918 addresses, are referred to as




53/60

inside local addresses;the address on the outside interfaceis the inside global address.

Static NAT configuration

R1#conf tR1(config)#interface serial0R1(config-if)#ip nat outsideR1(config-if)#interface ethernet0R1(config-if)#ip nat inside

R1#conf tR1(config)#ip nat inside source static 10.5.5.5 210.1.1.2R1(config)#ip nat inside source static 10.5.5.6 210.1.1.3R1(config)#ip nat inside source static 10.5.5.7 210.1.1.4

Static mappings first name an inside local address, and mapthat address directly to a inside global address. No otheraddresses will use NAT (you often hear this referred to as anaddress or user being natted out).

To view the mappings, run show ip nat translations .

R3#show ip nat translations

Pro Inside global Inside local Outside local Outside global--- 210.1.1.2 10.5.5.5 --- ------ 210.1.1.3 10.5.5.6 --- ---

--- 210.1.1.4 10.5.5.7 --- ---

To view the active translations and number of static anddynamic mappings, run show ip nat statistics.

R3#show ip nat statistics

Total active translations: 3 (3 static, 0 dynamic; 0 extended)Outside interfaces: Serial0Inside interfaces: Ethernet0Hits: 0 Misses: 0Expired translations: 0




54/60

Dynamic NAT Configuration

R1#conf tR1(config)#interface serial0R1(config-if)#ip nat outside

R1(config-if)#interface ethernet0R1(config-if)#ip nat inside

R1#conf tR1(config)#ip nat inside source list 1 pool NATPOOLR1(config)#ip nat pool NATPOOL 200.1.1.2 200.1.1.5 netmask 255.255.255.0

R1(config)#access-list 1 permit 10.5.5.0 0.0.0.255

This looks like an intimidating configuration, but by taking itapart piece by piece, you will see its not really complicated.

First, as with static NAT, the inside and outside addresseshad to be defined.

Next, the NAT inside addresses are defined by the ip natinside source command. The next part of that command,list 1, refers to access-list 1. In this example, any insidehost with an IP address in the 10.5.5.0 /24 network can useNAT. Finally, the pool of NAT addresses to be used is named

the pool NATPOOL.

On the next line, the pool of NAT addresses is defined. Thetwo addresses listed are the first and last addresses in therange to be used. Here, the valid NAT outside addresses are200.1.1.2, 200.1.1.3, 200.1.1.4, and 200.1.1.5. The subnetmask for these addresses is defined with the netmaskcommand.

Exam Tip: Take care not to include the actual IP address ofthe NAT outside interface in the NAT pool.

Make sure you know NAT inside and out before taking theCCNA exams. Its an important concept for both the examroom and the real world, and judging from internet posts




55/60

and my email, most CCNA books do a poor job of explainingNAT, if they explain it at all. I do have a free NAT tutorial onmy website, www.thebryantadvantage.com, and NAT iscovered in detail in my Ultimate CCNA Study Guide.

PAT Port Address Translation Configuration

R3#conf tEnter configuration commands, one per line. End with CNTL/Z.R3(config)#interface ethernet0R3(config-if)#ip nat insideR3(config-if)#interface serial0R3(config-if)#ip nat outsideR3(config-if)#ip nat inside source list 1 interface serial0 overload

R3(config)#access-list 1 permit 10.5.5.0 0.0.0.255

PAT uses a single outside IP address to allow multiple NAT session.(PAT uses port numbers to keep the conversations separate.) Theconfiguration for PAT is almost the same as it is for dynamic NAT; thedifference is that a NAT pool is not created; instead, the outsideinterface is indicated and the overload keyword is added.

Telnet Password Creation

R1#conf tR1(config)#line vty 0 4R1(config-line)#loginR1(config-line)#password CCNA

You add the login command and configure a password on the VTY linesto protect Telnet with a password.

Tip: Telnet connections are required to be passwordprotected. If a user attempts to connect to a router that

does not have a VTY password set, the user will receive amessage that says password required, but none set.

Tip: Telnet allows five simultaneous connections, not four.(The lines are 0, 1, 2, 3, and 4 thats five!




56/60

Setting The Enable Password And Enable Secret

R1#conf tR1(config)#enable password ciscoR1(config)#enable secret ccna

Both the enable password and enable secret protectprivileged exec mode, more commonly referred to as enablemode. There are several keys to remember:

The enable secret is encrypted in the running-configuration by default, where the enable password isnot.

If both are configured, the enable secret takesprecedence over the enable password.

The enable password exists primarily for backwardscompatibility.

Creating An IP Host Table

R2#conf tR2(config)#ip host R1 172.12.123.1

R2#R1Trying R1 (172.12.123.1)... OpenUser Access Verification

Username: CBRYANTPassword:R1#

IP Host tables allow you to Telnet to devices by using aname or word rather than typing the full IP address in.

Theyre created with the ip host command.




57/60

DNS Commands

Ip name-server

R1#configure terminalR1(config)#ip name-server 10.1.1.1

The ip name-server command tells the router where a DNSserver can be found.

By default, a Cisco router will perform a DNS lookup onanything that typed in at the console that is not an IOScommand. This means that if you mistype a command, therouter will attempt to find a DNS server to translate thismistyped entry:

R2#abcdefTranslating "abcdef"...domain server (255.255.255.255)

% Unknown command or computer name, or unable to find computeraddress

This default behavior can be turned off with the no ip

domain-lookup command. Once turned off, it can bereenabled with the ip domain-lookup command.

Its a good idea to turn this behavior off in a labenvironment, but be careful about doing this at work !

R2#conf tR2(config)#no ip domain-lookupR2#abcdefTranslating "abcdef"

% Unknown command or computer name, or unable to find computeraddress

The router is no longer sending out a broadcast to find aDNS server.




58/60

Password Protecting The Console

R1#configure terminalR1(config)#line con 0R1(config-line)#login

% Login disabled on line 0, until 'password' is setR1(config-line)#password cisco

The first line of defense is password protecting your routerconsole. To do so, configure login and the password online con 0.

Encrypting All Passwords In The Running-Config

R1#show config!enable secret 5 $1$F0NM$qmLAeyofJm/MxmeawGkEI1enable password cisco

Notice that the enable password is in clear text.

The enable secret is always encrypted.

R1(config)#service password-encryption

R1#show configUsing 1842 out of 32762 bytes!enable secret 5 $1$F0NM$qmLAeyofJm/MxmeawGkEI1enable password 7 070C285F4D06

To encrypt all passwords in the running configuration, run

service password-encryption.




59/60

Cisco Discovery Protocol

Cdp enableCdp run

No cdp enableNo cdp run

You need to have these four commands down cold. Youmust know how to enable and disable CDP at the interfacelevel as well as globally.

CDP is enable globally and on all interfaces by default.

Interface-level commands:

R1#conf tR1(config)#interface serial0R1(config-if)#no cdp enableR1(config)#cdp enable

Global commands:

R1#conf t

R1(config)#no cdp runR1(config)#cdp run




60/60

Show commands:

R1#show cdp neighborCapability Codes: R - Router, T - Trans Bridge, B - Source RouteBridge S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port IDR3 Ser 1 159 R 2500 Ser 1

R1#show cdp neighbor detail-------------------------Device ID: R3Entry address(es):IP address: 172.12.13.2

Platform: cisco 2500, Capabilities: RouterInterface: Serial1, Port ID (outgoing port): Serial1Holdtime : 154 sec

Version :Cisco Internetwork Operating System SoftwareIOS (tm) 2500 Software (C2500-D-L), Version 12.2(13), RELEASESOFTWARE (fc1)Copyright (c) 1986-2002 by cisco Systems, Inc.Compiled Tue 19-Nov-02 20:25 by pwadeadvertisement version: 2

Note that while both show the directly connected devices,only the detail command reveals the IP address of thedirectly connected device.

150 Vital CCNA Commands

Documents