Chapter 3 - Configuring Cisco Routers

Chapter 3: Configuring Cisco Routers  
  Objectives  
  The objectives of this chapter are to  
    Illustrate how to configure a Cisco router using the Setup feature, configuration mode, and how to retrieve a configuration file from a network server.  
    Understand and be able to modify router configuration files.  
    Build a lab that will be used to explore how Cisco routers interact on a simple internetwork and see how the Cisco IOS reports some simple faults. This lab will be used in later chapters to explore Cisco router configurations for implementing various network protocols and systems.  
    Perform elementary troubleshooting of the lab internetwork.
Sources for Configuring a Router  
  A router can be configured from three sources:  
    Manually, using a terminal connected to the console port (or logged in over a network via a Telnet session).  
    Through commands stored in nonvolatile memory.  
    Through commands stored in a file residing on a TFTP server somewhere on the network.  
  A summary of these commands is given in Table 3.1.  
  Configuring a Router Manually  
  When a router is configured manually, we can use the Cisco Setup utility, provided that the router does not have a configuration file already in existence. Alternatively, we can change an existing configuration using the configure terminal command.  
  Configuring a Router Using Setup.     This first example of configuring a router assumes that you are attaching a terminal to your router and configuring it for the first time.  
  Table 3.1: Configure Commands  
 
 
  Command  
  Description  
 
 
 
  configure terminal  
  Executes configuration commands from the terminal. Use this command to make changes to the configuration file from the console port or a telnet session. Once changes are entered press <Ctrl-Z> to end the update mode session. Note that the shortest unique command identifier may be used; in this case, configuration mode can be invoked by entering conf t.  
 
  Configure memory  
  Executes configuration commands stored in NVRAM.  
 
  Configure network  
  Retrieves configuration commands are stored in a network server and load that configuration into memory. You will be prompted for the IP address of the TFTP server to connect to, as well as the configuration filename.  
 
 
 
  When you connect a router to a terminal and power it up for the first time, the text displayed will be similar to that shown in Fig. 3-1. If this is a new router that has not been configured, there will be no configuration in memory and the router will go into the initial configuration dialog. If you wish to return a configured router to this state, type in write erase when in privileged user mode to erase the configuration in memory. In Fig. 3-1, the text in bold is that which was entered.  
  We will now explain all the entries and modify this to be a working configuration.  
  Deciphering the Initial Configuration File.     A router configuration file is plain ASCII text. This text file is read at boot time and put into effect as a working configuration by the router operating system, the IOS. By entering router configuration mode, commands can be entered that will add, modify, or delete configuration options while the router is running. Router configuration files can be saved as plain text on a TFTP server, modified by a full-screen text editor, and reloaded via TFTP.  
  Having completed the exercise for giving our new router a random configuration, let's take a more detailed look at what this configuration file means.  
  The first entry, hostname Router1, defines the text the router will use as a prompt; this router will generate a prompt Router1>.  
  The enable secret entry indicates that a secret password has been supplied to get into Enable mode. The password is encrypted and cannot be viewed from the configuration file.  
  The enable password enter tells us that the password "enter" can be used to get into Enable mode. On later versions of Cisco IOS, configuring both an enable secret and an enable password means that only the enable secret will allow you into Enable mode. Earlier versions of IOS did not recognize an enable secret and would allow entry to Enable mode with the enable password only.  
     
     
  Notice: NVRAM invalid, possibly due to write erase.  
 
     
  --- System Configuration Dialog --  
 
     
  At any point you may enter a question mark ? for help.  
 
     
  Refer to the Getting Started Guide for additional help.  
 
     
  Use ctrl-c to abort configuration dialog at any prompt.  
 
     
  Default settings are in square brackets [ ].  
 
     
  Would you like to enter the initial configuration dialog? [yes]:y  
 
     
  First, would you like to see the current interface summary? [yes]:y  
 
     
  Any interface listed with OK? value "NO" does not have a valid configuration  
 
     
  IP-AddressOK?MethodStatusProtocol  
 
     
  unassignedNOnot setupdown  
 
     
  unassignedNOnot setdowndown  
 
     
  unassignedNOnot setdowndown  
 
     
  Configuring global parameters  
 
     
  Enter host name [Router]: router1  
 
     
  The enable secret is a one-way cryptographic secret usedinstead of the enable password when it exists.  
 
     
  Enter enable secret: test  
 
     
  The enable password is used when there is no enable secretand when using older software and some boot images.  
 
     
  Enter enable password: enter  
 
     
  Enter virtual terminal password: access  
 
     
  Configure SNMP Network Management? [yes]: n  
 
     
  Configure IP? [yes]: n  
 
     
  Configure IGRP routing? [yes]: n  
 
     
  Configure RIP routing? [no]: n  
 
     
  Configuring interface parameters:  
 
     
  Configuring interface Ethernet0:  
 
     
  Is this interface in use? [yes]: y  
 
     
  Configure IP for this interface? [yes]: y  
 
     
  Configure IP Unnumbered on this interface? [no]: n  
 
     
  IP address for this interface: 123.45.45.45  
 
     
  Number of bits in subnet filed [0]: 0  
 
     
  Class A network is 123.0.0.0, 0 subnet bits; mask is 255.0.0.0  
 
     
  Configuring interface Serial0:  
 
     
  Is this interface in use? [yes]: y  
 
     
  Configure IP on this interface? [yes]: y  
 
     
  IP address for this interface: 122.22.22.22  
 
     
  Number of bits in subnet field [0]: 0  
 
     
  Class A network is 122.0.0.0, 0 subnet bits; mask is 255.0.0.0  
 
     
  Configuring interface Serial1:  
 
     
  Is this interface in use? [yes]: n  
 
     
  The following configuration command script was created:  
 
     
  hostname router1  
 
     
  enable secret 5 $1$UtL7$KqpczYUWglg4pnWYbNYD0.  
 
     
  enable password enter  
 
     
  line vty 0 4  
 
     
  password access  
 
     
  no snmp-server  
 
     
  !  
 
     
  ip routing  
 
     
  !  
 
     
  interface Ethernet0  
 
     
  ip address 123.45.45.45 255.0.0.0  
 
     
  !  
 
     
  interface Serial0  
 
     
  ip address 122.22.22.22 255.0.0.0  
 
     
  !  
 
     
  interface Serial1  
 
     
  shutdown  
 
     
  no ip address  
 
     
  !  
 
     
  end  
 
     
  Building configuration yes/no]: y  
 
     
  Use the enabled mode "configure" command to modify this configuration.  
 
  Figure 3-1: The Cisco setup utility  
  The next entries that require explanation are those that refer to router access via virtual terminals (Telnet access). These entries are shown as follows:  
  line vty 0 4  
  password access  
  The first line defines five allowable Telnet accesses (numbered 0 through 4), and the next line states that a password "access" will be required before a command prompt is presented to any Telnet session requesting access to the system.  
  The next configuration command, no snmp-server, disables the Simple Network Management Protocol process on the router. SNMP is an Application level protocol that runs atop UDP, and will be covered in more detail in Chap. 7. Unless you are implementing a secure SNMP system, it is recommended that you disable SNMP on the router. If you enable the default SNMP process on a Cisco router, any intruder who knows SNMP will be able to retrieve the router configuration and enable password. The intruder then could cause serious disruption to your network, from which you might not be able to recover without physically replacing all the routers in the network.  
  The ip routing entry simply enables IP routing on the router. The next set of entries shown configures the Ethernet 0 port.  
  interface ethernet0  
  ip address 123.45.45.45 255.0.0.0  
  This configuration defines an IP address of 123.45.45.45 for the Ethernet 0 port, with a netmask of 255.0.0.0. This is the default mask for a class A network number and was selected by the router because we stated that 0 bits should be contained in the subnet field when the router was configured.  
  The next two lines define the basic configuration of the Serial 0 port to have an IP address of 122.22.22.22, again with a default class A netmask.  
  interface serial0  
  ip address 122.22.22.22 255.0.0.0  
  The next section defines the configuration for the Serial 1 port, which is not in use on this router. The shutdown entry defines this port as being closed and not in operation. The no ip address indicates that an IP address has not yet been assigned to this port.  
  interface serial1  
  shutdown  
  no ip address  
  The exclamation points shown in the configuration file are merely separators used to display router component configurations in sections.  
  Configuring Routers from the Command Prompt.     Now that we know how to give a router a basic configuration file and understand the contents of this configuration file, we can modify the file so that it becomes useful.  
  When configuring Cisco routers, you need to be aware that there are three classes of commands:  
    Global  A single-line command that affects the function of the whole unit.  
    Major  A command that indicates a particular interface or process that is being configured. Each major command must have at least one subcommand.  
    Subcommand  Subcommands are used after a major command to configure a process or interface.  
  To display router configurations, the commands shown in Table 3.2 can be used.  
  Global commands.     The first class of command we will examine are global commands. Global commands normally appear at the top of the router configuration file, and are used to address configuration details that affect the operation of the router as a whole. The global commands defined in the configuration file above are as follows:  
  hostname router1  
  enable secret 5 $1$UtL7$KqpczYUWgIg4pnWYbNYD0  
  enable password enter  
  no snmp-server  
  ip routing  
  To modify a global parameter, type the following at the enable prompt:  
  Router1#conf t  
  The router will reply with the following:  
  Enter configuration commands, one per line. End with Ctrl/Z.  
  Router1(config)#  
  Table 3.2: Configuration Display Commands  
 
 
  Command Syntax  
  Command  
 
  Description  
 
 
 
  sh conf  
  Show Configuration  
 
  Displays the contents of NVRAM. The configuration file loaded at boot time is stored here. Upon boot, the router copies the configuration file from NVRAM into RAM. This is the configuration that the router was started with, or the configuration the last time the write mem command was executed, which writes the running configuration to NVRAM.  
 
  wri term  
  Write Terminal  
 
  Displays current configuration on the terminal that is running in memory.  
 
 
 
  You now can type configuration commands that affect global parameters on the router. When you press the Enter key at the end of a line, the command takes effect and is entered into the configura-tion file.  
  The following are examples of global commands you might wish to enter in the router configuration.  
  Router(config)#hostname Newname  
  Newname(config)#  
  The hostname command changes the hostname of the router and immediately is reflected in the prompt when the command is entered, as shown above.  
  The router can be told to configure at boot time from system ROM, flash memory, or a configuration file held on a TFTP server on the network. A router configuration file can list all three options and the router will try to boot from the source listed first. If that fails, it will try the second source, and so forth. The commands to boot from these sources are as follows:  
    Boot System ROM  This indicates that the router will be booted from ROM chips on the Route Processor. These chips are read-only and cannot be written to. You can update these chips by requesting new ones from Cisco.  
    Boot System Flash  The router will be booted from flash. Flash memory can contain more than one version of the IOS. Routers can be ordered with additional flash memory.  
    Boot System Filename IP-Address  Boot from the network. The most typical option is to configure a 2500-series router to boot from flash, if available, or from ROM.  
  At the configuration prompts, type the following:  
  Newname(config)#boot system flash  
  Newname(config)#boot system rom  
  Press <Ctrl-Z> to exit configuration mode. This will enter the above commands in the sequence shown in the configuration file. The new configuration can be viewed with the write terminal command.  
  Another global command you will most likely want to enter is shown as follows:  
  Newname(config)#no ip domain-lookup  
  This command is useful, particularly if, like me, you are not the world's greatest typist. If you make a spelling mistake when trying to enter a command (when you are in View rather than Configuration mode), the router does not recognize the command. It will assume that this strange word is the name of a host on the network and that you wish to establish a Telnet session with it. The router will not find the strange hostname in its own host table and will try to find a Domain Name Server on the network in the hope that the DNS machine will know the IP address of the strange host. Either you do not have an available DNS machine or, if one is available, it will not have details of this strangely named host. The router, therefore, fails to establish a Telnet session. This takes some time. To stop an unnecessary search, enter the no IP domain-lookup command in Configuration mode. It just makes life easier.  
  Major Commands and Subcommands.     The thing that differentiates a global command from a major command on a router configuration file is that the global command is on one line. A major command is followed by, at the least, a one-line subcommand that relates to the major command.  
  The major commands in the initial configuration file are listed next, with the associated subcommands indented:  
  line vty 0 4  
  password access  
  interface Ethernet0  
  ip address 123.45.45.45 255.0.0.0  
  interface Serial0  
  ip address 122.22.22.22 255.0.0.0  
  interface Serial1  
  shutdown  
  no ip address  
  To experiment with configuring major commands, and their associated subcommands, we will look at configuring the following:  
    Give the Ethernet port an IP address of 192.1.1.1, with a subnet mask of 255.255.255.192.  
    Configure Serial 0 to have an unnumbered IP address.  
    Configure Serial 1 with an IP address of 193.1.1.1 and a subnet mask of 255.255.255.0.  
    Configure Serial 1 to have a secondary IP address of 194.1.1.1, with a netmask of 255.255.255.0.  
  At the Enable prompt, type the following:  
  Newname#conf t  
  Newname(configure)#int eo  
  Newname(config-if)#ip address 192.1.1.1  255.255.255.192  
  Newname (config-if)#<Ctrl-Z>  
  This completes the configuration for the Ethernet 0 port. Note that the prompt changes when you have entered a major command and are about to enter subcommands.  
  The IP unnumbered feature, which we are about to configure for the Serial 0 interface, is discussed in more detail in Chap. 7; however, a basic introduction is useful here. IP unnumbered is used on point-to-point links to reduce the number of subnets that need to be allocated on an internetwork. This is illustrated in Fig. 3-2.  
   
  Figure 3-2: Example of a point-to-point link used with IP unnumbered  
  Assuming that IGRP is the routing protocol used on this network, subnet mask information is not transmitted in routing updates; therefore all interfaces that have IP addresses assigned to them must use the same netmask in order for the routing tables to be updated properly. Let's say that at both site 1 and site 2 we want to apply a netmask that will allow 62 usable IP addresses in the subnet (remember the first and last address in a subnet cannot be assigned to a host or router interface). The netmask in this case will be 255.255.255.192.  
  If limited address space is available (meaning that the network has to use Internet-compatible addresses, which were assigned to a corporation by an Internet service provider), applying a netmask of 255.255.255.192 to both serial ports will waste 60 addresses on the internetwork. This is because a separate subnet is assigned to the link between router 1 and router 2, but only the serial ports on these routers need an IP address.  
  IP unnumbered gets around this problem by letting the router know that the serial port is on a point-to-point link, and allows each serial port to use the address of its respective router's Ethernet port for communications across the link. Using IP unnumbered in this fashion prevents us from having to allocate a whole subnet to a point-to-point link.  
  Newname#conf t  
  Newname(config)#int S0  
  Newname(config-if)#ip unnumbered E0  
  The Serial 1 line will be configured by entering the following:  
  Newname(config)#int S1  
  Newname(config-if)#ip address 193.1.1.1  255.255.255.0  
  Newname(config-if)#ip address 194.1.1.1  255.255.255.0 sec  
  A secondary IP address may be assigned to a router port if the number of host machines on that segment is about to exceed the number allowable by the current IP address and subnet scheme. By assigning a secondary IP address, new hosts may be added to that segment without the need to reconfigure all the host's IP addresses already on the segment.  
  Configuring a Router from a Network Server  
  What typically happens when a Cisco router network is being rolled out is that a base configuration for all routers is defined, and has the modified IP addresses for each location. It makes life easier if this base configuration can be loaded into each router from a network server each time a new router is installed. It is more time-efficient to modify an existing configuration than to create one from scratch.  
  There is a simple way to achieve this, using any machine that can act as a TFTP (Trivial File Transfer Protocol) server. Many of the more full-featured TCP/IP stacks available commercially provide TFTP server functionality. Any Unix machine also can act as a TFTP server.  
  TFTP is a simple file transfer protocol that is not as complex or as fully functional as FTP. TFTP has little in the way of security, user authentication, or end-to-end reliability, because it uses UDP rather than TCP as the layer 4 protocol.  
  Let's look at setting up a Unix machine as a TFTP server, saving the configuration file of a router to this TFTP server, and then reloading the configuration.  
  TFTP is called into action by the INETD daemon process whenever the server machine receives a request on UDP port 69, which is the port number permanently assigned to TFTP.  
  To have TFTP started in the "secure" mode, the appropriate line in the inetd.conf must be uncommented. In a standard inetd.conf file in a Unix machine, there are two TFTP entries, as shown below:  
  dgramudpwaitnouser/etc/tftpdtftpd  
  tftpdgramudpwaitroot/etc/tftpdtftpd-s/cisco  
  The line containing the tftpd-s is the one in which we are interested. The only modification you need make to this line is to specify which directory you want to become the TFTP secure directory. In this case, it is the /cisco directory. The only thing that makes this "secure" is that the specified directory is the only one that can be written to or read from; it does not offer user-level security in terms of usernames and passwords. These entries correctly show the insecure option for starting TFTP as commented out, by starting that line with the # character.  
  Once we have secure TFTP available, and a configuration similar to that shown in Fig. 3-3, we can store and retrieve configurations as plain ASCII text. In the last section we used the conf t command to configure from the terminal and the wri t command to display the running configuration on the terminal. Now we will look at the wri net command to write the configuration to a network server and the conf net command to configure the router from a network server.  
   
  Figure 3-3: Network configuration for storing and retrieving router configuration files  
  To successfully write a router configuration to a TFTP server, the file name  used to store the file must already exist in the secure directory and have read, write, and execute privileges. In the following example, the file router.conf must exist in the /cisco directory of the TFTP Unix server (which has address 209.1.1.1), with rwxrwxrwx rights. The following is taken from a Cisco router screen being told to save its configuration to a network server. Note the !!!! characters indicate a file transfer is occurring. Once the file router.conf is stored on the TFTP server, it can be edited and stored as any other file name, and is ready to be loaded into another computer.  
  Router1#wri net  
  Remote host[ ]? 209.1.1.1  
  Name of configuration file to write [router-confg]?router.conf  
  Write file router.conf on host 209.1.1.1 [confirm]? (press enter to confirm) Writing router.conf: !!!!! [OK]  
  To configure a router from a network server, the following commands have to be input to the router:  
  Router1#conf net  
  Host or network configuration file[host]? (press enter to accept default)  
  Address of remote host [255.255.255.255]?209.1.1.1  
  Name of configuration file [router-confg]?router.conf  
  Configure using router.conf from 209.1.1.1 [confirm]? (press enter to confirm)  
  Loading router.conf from 209.1.1.1 (via ethernet 0) !!!!!!!!!  
  Router#  
  The preceding discussion assumed that the router being configured from the network server had a largely blank configuration. This is not always the case. There are times when you will need to work on a new configuration for a router that is already in service, maybe test the configuration out in a lab, then load the new configuration onto the router in the field. Using the conf net command in this situation will not provide the results you want. If you do try to use conf net here, the new and existing router configurations are in fact merged.  
  In this situation the best thing to do is copy the new configuration from the network server to the router using the copy tftp startup-config command, then perform a reload on the router once the transfer has taken place. This process will completely replace the existing configuration with the one you loaded from the network server.  
  Configuring a Router Using Auto-Install  
  Auto-install is a feature of Cisco routers that was designed to enable a new router to come out of its box, get connected to a leased line at a site, download the correct configuration from a network TFTP server, and be up and running without any intervention from the remote site staff. This idea is useful for initial installation or maintenance replacement of faulty router hardware.  
  This is a very attractive idea for a typical organization that has centrally located network engineering staff responsible for connecting remote offices to the corporate network. In practice, it is not always a good idea to depend on this to work in a first-time installation. The reason has nothing to do with the Cisco implementation, but relates to the fact that telephone company leased lines tend to have problems when they are first installed.  
  If anything disrupts the process of configuration file download, such as a spike or some other interruption to service on the line, the configuration file will be corrupted (remember that TFTP uses UDP and therefore does not have error recovery or retransmissions). When a configuration file is corrupted, the newly installed router will not be reachable over the leased line network connection, and will not use the auto-configuration procedure at boot time once it has a configuration file.  
  Auto-configuration is useful for getting the correct configuration file to a replacement router. When a router is replaced in the field, it is assumed that the initial line problems have been solved and the configuration file will be safely transmitted over the line.  
  Let's discuss how auto-configuration works. It is assumed that a network configuration similar to that defined in Fig. 3-4 is available for this process. Step 1 is that the new router to receive the configuration is connected via a DTE/DCE cable to what we will call the staging router. In this configuration, the staging router Serial 0 port must be connected to the DCE end of the cable and be configured to supply a clock signal. (The details of this configuration are given later in this chapter when we build the lab environment.) When the new router is powered on, it will issue what is known as a broadcast SLARP request out of its serial port.  
   
  Figure 3-4: Using auto-install to configure a router  
  SLARP stands for Serial Line Address Resolution Protocol. When the staging router serial port receives the SLARP request, it replies by giving the new router its IP address. Once the new router receives this IP address, it will add 1 to it and take that IP address as its own. A word of caution: This works only for the first two addresses in a network or subnetwork. An example will clarify this.  
  Suppose the Serial 0 port on the staging router has address 1.1.1.1, and through the SLARP process, the serial port on the new router will configure itself to have address 1.1.1.2.  
  Once the new router has an IP address, the auto-configuration process configured into the IOS operating system will seek out a file named network-confg (located on the Cisco Works Unix machine), and reference a hostname associated with the 1.1.1.2 address. The new router does this by issuing a broadcast on UDP port 69. The staging router must have a  
  global command to forward UDP broadcasts, and the Serial 0 port must have an IP-helper entry on the serial port directing this broadcast to the IP address of the Cisco Works management station. The Forward Protocol command and the Serial 0 IP-helper command appear in the configuration of the staging router as follows (assume the management machine has an IP address of 151.3.5.5):  
  !  
  interface serial 0  
  ip address 1.1.1.1  255.0.0.0  
  ip-helper 151.3.5.5  
  !  
  ip forward-protocol udp  
  !  
  The effect of these two commands is to take a broadcast sent on the 1.0.0.0 network and direct it to the IP address 151.3.5.5.  
  The network-confg file lists entries similar to the following  
  newrouter1.1.1.2  
  Once the new router has found its hostname ("newrouter," for instance), for argument's sake it will issue a TFTP request for a configuration file named newrouter-config. The configuration file must be located in the TFTP directory on the Unix machine, as must the network-confg file. Assuming the appropriately named configuration file is there, the router will start downloading its configuration from the TFTP directory of the Cisco Works machine.
Setting Up a Lab  
  By this stage, we have covered the basics of TPC/IP operation, how to use the Cisco router user interface, and how to change addresses on router ports. What we are going to do is to set up a lab for purposes of experiment. If you want to do this yourself, you need three Cisco 2500-series routers, a hub, and what is known as a Cisco DTE/DCE cable. (We will define a DTE and DCE, and explain their importance, later in this section.) This is a minimal set of equipment, which allows us to do meaningful work without the need to dedicate a high-end router to this task.  
  The physical connections for the internetwork on which we are going to experiment are shown in Fig. 3-5. The router configurations are shown in Fig. 3-6.  
   
  Figure 3-5: Three-router lab configuration  
     
  Configuration for router 1  
     
  Hostname router1  
 
     
  !  
 
     
  enable secret 5 $1$W6qH$DTNrEHmJm6QqYcMu5PRh.  
 
     
  enable password test  
 
     
  !  
 
     
  interface Ethernet0  
 
     
  ip address 120.1.1.1 255.0.0.0  
 
     
  !  
 
     
  interface Serial0  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  interface Serial1  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  line con0  
 
     
  line aux 0  
 
     
  transport input all'  
 
     
  line vty 0 4  
 
     
  password access  
 
     
  login  
 
     
  !  
 
     
  end  
 
  Configuration for router 2  
     
  version 10.3  
 
     
  !  
 
     
  hostname router2  
 
     
  !  
 
     
  enable secret 5 $1$/P2r$ob00lmzYqpogV0U1g1O8U/  
 
     
  enable password test  
 
     
  !  
 
     
  interface Ethernet0  
 
     
  ip address 120.1.1.2 255.0.0.0  
 
     
  !  
 
     
  interface Serial0  
 
     
  ip address 150.1.1.1 255.255.0.0  
 
     
  !  
 
     
  interface Serial1  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  !  
 
     
  line con 0  
 
     
  line aux 0  
 
     
  line vty 0 4  
 
     
  password ilx  
 
     
  login  
 
     
  !  
 
     
  end  
 
  Configuration for router 3  
     
  Current configuration:  
 
     
  !  
 
     
  version 10.3  
 
     
  !  
 
     
  hostname router3  
 
     
  !  
 
     
  enable secret 5 $1$cNaQ$a4jcvrXlzVO4cwJB7RP5j1  
 
     
  enable password test  
 
     
  !  
 
     
  interface Ethernet0  
 
     
  ip address 193.1.1.1 255.255.255.0  
 
     
  shutdown  
 
     
  !  
 
     
  interface Serial0  
 
     
  ip address 150.1.1.2 255.255.0.0  
 
     
  clockrate 64000  
 
     
  !  
 
     
  interface Serial1  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  !  
 
     
  line con 0  
 
     
  line aux 0  
 
     
  transport input all  
 
     
  line vty 0 4  
 
     
  password ilx  
 
     
  login  
 
     
  !  
 
     
  end  
 
  Figure 3-6: Initial configuration files for the three lab routers  
  The only entry that should be unfamiliar in these router configurations is the clockrate 64000 entry in router 3. To understand why this is there, we need to understand how router serial ports normally communicate via digital modem devices (normally referred to as CSU/DSU).  
  To permanently connect two routers located in disparate locations, with a data transmission rate of 56 kbps or higher, you normally will use a digital leased line. The digital leased line terminates in a CSU/DSU, which is then connected to the router serial ports at both ends of the link, as shown in Fig. 3-7.  
   
  Figure 3-7: Router to CSU/DSU connection  
  In datacomm-speak, the router serial port will be configured as a DTE, which stands for Data Terminal Equipment. The CSU/DSU will be configured as DCE, for Data Communications Equipment. Why is this important? Because of the  functions of the connector pins on each device.  
  Most people are somewhat familiar with the RS-232 serial interface specification. In this specification, pin 2 is transmit data (Tx) and pin 3 is receive data (Rx). When a PC is connected to a modem, we have a DTE connected to a DCE and use a straight-through cable, meaning that pins 1 through 25 on one end of the cable are connected to the corresponding pins on the other end of the cable. If we want to connect a PC serial port to a printer serial port, we would be connecting two DTE devices, so we'd use a crossover cable. This cable eliminates the need for a modem by physically connecting pin 2 on one end of the cable to pin 3 on the other end, and vice versa.  
  This is necessary; otherwise both DTE devices would try to transmit data on the same connector pin. This is a problem because each pin has only unidirectional functionality, meaning that it can be used either for sending or receiving signals. The simple rule to remember is that a DTE communicates with a DCE; DCE-to-DCE or DTE-to-DTE connections need something devious in the cabling to make them work.  
  The same concept holds true in the Cisco world. The Cisco serial port has 60 connector pins; the function of each pin depends on whether the port is configured as a DTE or a DCE. The next question is how a port decides whether it should be a DTE or DCE, and how you can tell.  
  The Cisco serial port has 60 pins, far more than you need to transmit and control data, and some of the pins are dedicated to "sensing" which cable is connected. The way it works is that each Cisco cable has a certain number of pins connected together (effectively looping pins together on each end of the cable), giving every cable a unique configuration. When the cable is plugged into the serial port, the port can tell which pins are looped together, and as a result, decides whether it will be a DTE or DCE.  
  With a Cisco 2500 and a Cisco DTE/DCE cable, this effect easily can be seen; plug one end of the DTE/DCE cable into the Serial 0 port of the router, and issue the following command:  
  Router2>show controllers serial 0  
  The displayed output will be as shown in Fig. 3-8.  
     
     
  HD unit 0, idb = 0x80668, driver structure at 0x820E8  
 
     
  buffer size 1524 HD unit 0, V.35 DTE cable  
 
     
  cpb = 0x11, eda = 0x4800, cda = 0x4814  
 
     
  Rx ring with 16 entries at 0x114800  
 
     
  00 bd_ptr=0x4800 pak=0x084018 ds=0x11D840 status=80 pak_size=22  
 
     
  01 bd_ptr=0x4814 pak=0x083BB0 ds=0x11C418 status=80 pak_size=0  
 
     
  01 bd_ptr=0x4814 pak=0x083BB0 ds=0x11C418 status=80 pak_size=0  
 
     
  02 bd_ptr=0x4828 pak=0x083D28 ds=0x11CAD0 status=80 pak_size=0  
 
     
  03 bd_ptr=0x483C pak=0x083EA0 ds=0x11D188 status=80 pak_size=0  
 
     
  04 bd_ptr=0x4850 pak=0x084190 ds=0x11DEF8 status=80 pak_size=0  
 
     
  05 bd_ptr=0x4864 pak=0x084308 ds=0x11E5B0 status=80 pak_size=0  
 
     
  06 bd_ptr=0x4878 pak=0x084480 ds=0x11EC68 status=80 pak_size=0  
 
     
  07 bd_ptr=0x488C pak=0x0845F8 ds=0x11F320 status=80 pak_size=0  
 
     
  08 bd_ptr=0x48A0 pak=0x082D00 ds=0x1180E8 status=80 pak_size=0  
 
     
  09 bd_ptr=0x48B4 pak=0x082E78 ds=0x1187A0 status=80 pak_size=0  
 
     
  10 bd_ptr=0x48C8 pak=0x082FF0 ds=0x118E58 status=80 pak_size=0  
 
     
  11 bd_ptr=0x48DC pak=0x083168 ds=0x119510 status=80 pak_size=0  
 
     
  12 bd_ptr=0x48F0 pak=0x0832E0 ds=0x119BC8 status=80 pak_size=0  
 
     
  13 bd_ptr=0x4904 pak=0x0835D0 ds=0x11A938 status=80 pak_size=0  
 
     
  14 bd_ptr=0x4918 pak=0x083748 ds=0x11AFF0 status=80 pak_size=0  
 
     
  15 bd_ptr=0x492C pak=0x0838C0 ds=0x11B6A8 status=80 pak_size=0  
 
     
  16 bd_ptr=0x4940 pak=0x083A38 ds=0x11BD60 status=80 pak_size=0  
 
     
  cpb = 0x11, eda = 0x5000, cda = 0x5000  
 
     
  TX ring with 4 entries at 0x115000  
 
     
  00 bd_ptr=0x5000 pak=0x000000 ds=0x000000 status=80 pak_size=0  
 
     
  01 bd_ptr=0x5014 pak=0x000000 ds=0x000000 status=80 pak_size=0  
 
     
  02 bd_ptr=0x5028 pak=0x000000 ds=0x000000 status=80 pak_size=0  
 
     
  03 bd_ptr=0x503C pak=0x000000 ds=0x000000 status=80 pak_size=0  
 
     
  04 bd_ptr=0x5050 pak=0x000000 ds=0x000000 status=80 pak_size=0  
 
     
  0 missed datagrams, 0 overruns  
 
     
  0 bad datagram encapsulations, 0 memory errors  
 
     
  0 transmitter underruns  
 
  Figure 3-8: Output of show controllers command with DTE cable  
  Look at the shaded line and disregard the rest of the screen output for the moment. With this end of the cable, the port is sensing that it should assume a DTE configuration. Now disconnect the DTE/DCE cable and plug the other end into the serial port. Issuing the same command displays the information shown in Fig. 3-9.  
     
     
 
     
  HD unit 0, idb = 0x7AA6C, driver structure at 0x7C528  
 
     
  buffer size 1524 HD unit 0, V.35 DCE cable clockrate 64000  
 
     
  cpb = 0x21, eda =  0x4940, cda = 0x4800  
 
     
  Rx ring with 16 entries at 0x214800  
 
     
  00 bd_ptr=0x4800 pak=0x07E030 ds=0x214C418 status=80 pak_size=0  
 
     
  01 bd_ptr=0x4814 pak=0x07E1AC ds=0x21CAD0 status=80 pak_size=0  
 
     
  02 bd_ptr=0x4828 pak=0x07E328 ds=0x21D188 status=80 pak_size=0  
 
     
  03 bd_ptr=0x483C pak=0x07E4A4 ds=0x21D840 status=80 pak_size=0  
 
     
  04 bd_ptr=0x4850 pak=0x07E620 ds=0x21DEF8 status=80 pak_size=0  
 
     
  05 bd_ptr=0x4864 pak=0x07E79C ds=0x21E5B0 status=80 pak_size=0  
 
     
  06 bd_ptr=0x4878 pak=0x07E918 ds=0x21EC68 status=80 pak_size=0  
 
     
  07 bd_ptr=0x488C pak=0x07EA94 ds=0x21F320 status=80 pak_size=0  
 
     
  08 bd_ptr=0x48A0 pak=0x07D158 ds=0x2180E8 status=80 pak_size=0  
 
     
  09 bd_ptr=0x48B4 pak=0x07D450 ds=0x218E58 status=80 pak_size=0  
 
     
  10 bd_ptr=0x48C8 pak=0x07D5CC ds=0x219510 status=80 pak_size=0  
 
     
  11 bd_ptr=0x48DC pak=0x07D748 ds=0x219BC8 status=80 pak_size=0  
 
     
  12 bd_ptr=0x48F0 pak=0x07D8C4 ds=0x21A280 status=80 pak_size=0  
 
     
  13 bd_ptr=0x4904 pak=0x07DA40 ds=0x21A938 status=80 pak_size=0  
 
     
  14 bd_ptr=0x4918 pak=0x07DBBC ds=0x21AFF0 status=80 pak_size=0  
 
     
  15 bd_ptr=0x492C pak=0x07DD38 ds=0x21B6A8 status=80 pak_size=0  
 
     
  16 bd_ptr=0x4940 pak=0x07DEB4 ds=0x21BD60 status=80 pak_size=0  
 
     
  cpb = 0x21, eda = 0x503C, cda = 0x503C  
 
     
  TX ring with 4 entries at 0x215000  
 
     
  00 bd_ptr=0x5000 pak=0x000000 ds=0x200078 status=80 pak_size=22  
 
     
  01 bd_ptr=0x5014 pak=0x000000 ds=0x200078 status=80 pak_size=22  
 
     
  02 bd_ptr=0x5028 pak=0x000000 ds=0x200078 status=80 pak_size=22  
 
     
  03 bd_ptr=0x503C pak=0x000000 ds=0x200078 status=80 pak_size=22  
 
     
  04 bd_ptr=0x5050 pak=0x000000 ds=0x200078 status=80 pak_size=22  
 
     
  0 missed datagrams, 0 overruns  
 
     
  0 bad datagram encapsulations, 0 memory errors  
 
     
  0 transmitter underruns  
 
  Figure 3-9: Output of show controllers command with DCE cable  
  As you can see, the port has sensed a different cable connector configuration and has configured itself to be a DCE.  
  By using the DTE/DCE cable to connect router 2 and router 3 together (Fig. 3-5), the two serial ports will be able to communicate, with one configured as DTE and the other as DCE.  
  So far, so good. The question remains, however, as to why there is the clockrate 64000 entry in the configuration of router 3. Referring back to Fig. 3-7, we see that router serial ports normally are connected to a CSU/DSU. Cisco serial ports use synchronous communication, which means a separate clock source is used to synchronize the router interaction with the CSU/DSU. Normally that clock signal is supplied by the CSU/DSU (which, in turn, is normally configured to take its clock signal from the network of the telephone company supplying the leased line).  
  In the lab environment there are no CSU/DSUs, so we have to tell one of the ports to generate a clock signal, to mimic what the CSU/DSU would normally provide. The clockrate command only takes effect for a port that is configured as a DCE.  
  The clockrate 64000 command tells the port (if it is configured as a DCE) to generate a clock signal that simulates the port being connected to a 64 kbps line. Other values to simulate other line speeds are available.  
  We now will begin to explore the TCP/IP communication process between these three routers.  
  The ICMP ping command, which stands for Packet Internet Groper, sends a packet to a specified destination and requests a response. Let's see what happens if we try to ping router 2 from router 1. At the command prompt of router 1, input the following:  
  Router1>ping 120.1.1.2  
  The router will display the following on the screen:  
  Type escape sequence to abort.  
  Sending 5, 100-byte ICMP Echos to 120.1.1.2, timeout is 2 seconds:  
  .!!!!  
  Success rate is 80 percent (4/5), round-trip min/avg/max = 28/75/112 ms  
  Why are only four of five packets returned? Could it be that a packet gets lost occasionally? Well, let's try it again.  
  Router1>ping 120.1.1.2  
  Type escape sequence to abort.  
  Sending 5, 100-byte ICMP Echos to 120.1.1.2, timeout is 2 seconds:  
  !!!!!  
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms  
  This time all five packets sent receive a reply. Try it as many times as you like and you'll see that every packet sent gets a reply. To understand why this happens, we must consider what the router is doing when a ping packet is sent. The router has to construct a correctly formatted Ethernet packet, with the necessary addresses to get from source to destination.  
  To do this, the router must identify the following four addresses:  
    Source MAC address  
    Source IP address  
    Destination MAC address  
    Destination IP address  
  The router knows its own MAC and IP address, and the ping command defined the destination IP address. What is missing is the destination MAC address. In Chap. 2 we discussed the ARP protocol, which maintains the ARP table that maps MAC addresses to IP addresses. When router 1 first tries to send out a ping packet, it does not have the MAC address of router 2, so it cannot complete the construction of the first ping packet. It then sends out a broadcast ARP request to find out the MAC address of router 2. (Router 1 actually tries to find out the MAC address associated with the destination IP address specified in the ping command.) Once router 2 replies, the MAC/IP address pair is put in the ARP table. When router 1 tries to send a packet to router 2 a second time, it has all the information and the ping packet can be correctly constructed. That is why only the very first ping fails and all other pings succeed.  
  We can demonstrate this interaction as follows. Input the following on router 1:  
  Router1>show ip arp  
  ProtocolAddressAge (min)Hardware AddrTypeInterface  
  Internet120.1.1.1-0000.0c47.42ddARPAEthernet0  
  Internet120.1.1.220000.0c47.0457ARPAEthernet0  
  Turn off router 1 and then turn it back on. When presented with the router prompt, input the same command. The output now shows the following:  
  Router1>sho ip arp  
  ProtocolAddressAge (min)Hardware AddrTypeInterface  
  Internet120.1.1.1-0000.0c47.42ddARPAEthernet0  
  As you can see, after the router is rebooted, only its own MAC address is in the ARP table. To ping router 2, an ARP broadcast must be sent to determine the MAC address of router 2.  
  Now, try the same thing from router 2 to ping router 3. Input the following to router 2:  
  Router2>ping 150.1.1.2  
  Type escape sequence to abort.  
  Sending 5, 100-byte ICMP Echos to 150.1.1.2, timeout is 2 seconds:  
  !!!!!  
  Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms  
  The success rate is 100 percent the first time out. Why did this work on the first try, and the ping from router 1 to router 2 didn't? The answer is that the communication from router 2 to router 3 uses the Cisco default Data Link protocol for a serial port, which is HDLC. HDLC is used for point-to-point links that do not have MAC addresses associated with them. Therefore router 2 has all the information it needs to send a ping packet out on a serial port.  
  We have reached the point where router 1 can ping router 2 and router 2 can ping router 3. Should router 1 be able to ping router 3?  Try that by entering the following into router 1:  
  Router1>ping 150.1.1.2  
  Type escape sequence to abort.  
  Sending 5, 100-byte ICMP Echos to 150.1.1.2, timeout is 2 seconds:  
   
  Success rate is 0 percent (0/5)  
  As you can see, it does not work. To solve this problem, we need to look at the routing table, often a good place to start when troubleshooting router problems. We can display the routing table by inputting the following to router 1:  
  Router1>show ip route  
  Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP  
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area  
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP  
  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default  
  Gateway of last resort is not set  
  C120.0.0.0 is directly connected, Ethernet0  
  As you can see, the routing table has entries only for the 120.0.0.0 network. (Remember, we configured the port with default subnet masks, so having a first octet value of 120 means we have a class A network, and therefore only the first octet is used to identify the network number.) In this instance, the router realizes that the destination address, 150.1.1.2, is on the 150.1.0.0 network (a class B network). The router will realize that this is not a directly connected network and will refer to its routing table to determine which router should get the ping packet in order to reach the 150.1.0.0 network. Clearly, without an entry in its routing table for the 150.1.0.0 network, the router can go no further.  
  You can enter the route directly into the router's routing table with the following input:  
  Router1>ena  
  Password:  
  Router1#conf t  
  Enter configuration commands, one per line. End with Ctrl/Z.  
  Router1(config)#ip route 150.1.0.0 120.1.1.2  
  Router1(config)#<Ctrl-Z>  
  Router1#  
  This tells router 1 that the next router to go to on the way to the 150.1.0.0 network is that with the address 120.1.1.2. This is shown in the routing table as follows:  
  router1>show ip route  
  Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP  
  D- EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area  
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP  
  i- IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default  
  Gateway of last resort is not set  
  C120.0.0.0 is directly connected, Ethernet0  
  S150.1.0.0 [1/0] via 120.1.1.2  
  So what happens if we now try to ping 150.1.1.2 from router 1?  
  Router1>ping 150.1.1.2  
  Type escape sequence to abort.  
  Sending 5, 100-byte ICMP Echos to 150.1.1.2, timeout is 2 seconds:  
   
  Success rate is 0 percent (0/5)  
  It still fails. What happens is that router 1 now knows to pass the packet to router 2 to get to the 150.1.0.0 network. Once the packet is delivered to router 3, router 3 will try to reply to 120.1.1.1. Router 3 does not have a route to the 120.0.0.0 network, so the ping fails again. To resolve this, we need to add a route to the 120.0.0.0 network in the routing table of router 3. This is done as follows:  
  Router3(config)#ip route 120.0.0.0 150.1.1.1  
  Router3(config)#<Ctrl-Z>  
  Router3#  
  The routing table of router 3 now looks like this:  
  Router3#sho ip route  
  Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP  
  D- EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area  
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP  
  i- IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default  
  Gateway of last resort is not set  
  S120.0.0.0 [1/0] via 150.1.1.1  
  C150.1.0.0 is directly connected, Serial0  
  Note that the routes entered are either static (meaning they are in the router's configuration), or connected (meaning they are directly connected to one of the router's interfaces).  
  Now if we go back to router 1 and ping router 3, we see what we wanted to see all along:  
  Router1>ping 150.1.1.2  
  Type escape sequence to abort.  
  Sending 5, 100-byte ICMP Echos to 150.1.1.2, timeout is 2 seconds:  
  !!!!!  
  Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms  
  Adding routes manually in this fashion rapidly becomes cumbersome for a growing network. To automate the routing table update process, routing protocols are run on the routers. Chapter 4 covers routing protocols in depth; at this time, however, we shall look in overview at the configuration of Cisco's Interior Gateway Routing Protocol (IGRP).  
  We are now going to remove the static routes we configured in the routers and configure IGRP on each router so that it will make the required entries in the routing table for us.  
  First, remove the static routes. To do this type the following into router 1:  
  Router1#no ip route 150.1.0.0 120.1.1.2  
  Into router 3, type the following:  
  Router3#no ip route 120.0.0.0 150.1.1.1  
  This introduces the "no" form of command. Whenever you need to remove an entry in the router's configuration, simply enter configuration mode and type the word "no" followed by the configuration entry you want to remove.  
  Making standard IGRP a running process on all three routers is a simple configuration change, and can be executed as follows for router 2:  
  Router2#conf t  
  Router2(config)#router igrp 9  
  Router2(config-router)#network 150.1.0.0  
  Router2(config-router)#network 120.0.0.0  
  Router2(config-router)#<Ctrl-Z>  
  Once you have entered configuration mode, you define the router process IGRP as belonging to an Autonomous System number 9. It does not matter what number you assign as the Autonomous System number in this case. All you need do is assign the same number to all three router IGRP processes. IGRP processes simply will exchange route information with other processes belonging to the same Autonomous System number.  
  The two network entries are there to tell IGRP what networks to advertise in its initial IGRP packet. The rule to follow is that you must configure a network entry for each directly connected network number. Note that, because IGRP does not send subnet mask information in its updates, the entries here are concerned only with network (not subnetwork) numbers.  
  The entries for router 1 and router 3 are made as follows:  
  Router1#conf t  
  Router1(config)#router igrp 9  
  Router1(config-router)#network 120.0.0.0  
  Router1(config-router)#<Ctrl-Z>  
  Router3#conf t  
  Router3(config)#router igrp 9  
  Router3(config-router)#network 150.1.0.0  
  Router3(config-router)#<Ctrl>Z  
  The three router configurations now appear as shown in Fig. 3-10.  
     
     
  Router 1  
 
     
  router1#wr t  
 
     
  Building configuration  
 
     
  Current configuration:  
 
     
  !  
 
     
  version 10.3  
 
     
  !  
 
     
  hostname router1  
 
     
  !  
 
     
  enable secret 5 $1$W6qH$DTNrEHmJrn6QqYcMu5PRh.  
 
     
  enable password test  
 
     
  !  
 
     
  interface Ethernet0  
 
     
  ip address 120.1.1.1 255.0.0.0  
 
     
  !  
 
     
  interface Serial0  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  interface Serial1  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  router igrp 9  
 
     
  network 120.0.0.0  
 
     
  !  
 
     
  line con 0  
 
     
  line aux 0  
 
     
  transport input all  
 
     
  line vty 0 4  
 
     
  password ilx  
 
     
  login  
 
     
  !  
 
     
  end  
 
     
  Router 2  
 
     
  Building configuration:  
 
     
  Current configuration:  
 
     
  !  
 
     
  version 10.3  
 
     
  !  
 
     
  hostname router2  
 
     
  !  
 
     
  enable secret 5 $1$/P2r$ob00lmzYqpogV0U1g1O8U/  
 
     
  enable password test  
 
     
  !  
 
     
  interface Ethernet)0  
 
     
  ip address 120.1.1.2 255.0.0.0  
 
     
  !  
 
     
  interface Serial0  
 
     
  ip address 150.1.1.1 255.255.0.0  
 
     
  !  
 
     
  interface Serial1  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  router igrp 9  
 
     
  network 120.0.0.0  
 
     
  network 150.1.0.0  
 
     
  !  
 
     
  line con 0  
 
     
  line aux 0  
 
     
  line vty 0 4  
 
     
  password ilx  
 
     
  login  
 
     
  !  
 
     
  end  
 
     
  Router 3  
 
     
  Building configuration:  
 
     
  Current configuration:  
 
     
  !  
 
     
  version 10.3  
 
     
  !  
 
     
  hostname router3  
 
     
  !  
 
     
  enable secret 5 $1$cNaQ$a4jcvrXlzVO4cwJB7RP5j1  
 
     
  enable password test  
 
     
  !  
 
     
  interface Ethernet0  
 
     
  ip address 193.1.1.1 255.255.255.0  
 
     
  !  
 
     
  interface Serial0  
 
     
  ip address 150.1.1.2 255.255.0.0  
 
     
  clockrate 64000  
 
     
  !  
 
     
  interface Serial1  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  router igrp 9  
 
     
  network 150.1.0.0  
 
     
  !  
 
     
  line con 0  
 
     
  exec-timeout 0 0  
 
     
  line aux 0  
 
     
  transport input all  
 
     
  line vty 0 4  
 
     
  password ilx  
 
     
  login  
 
     
  !  
 
     
  end  
 
  Figure 3-10: Lab router configuration with IGRP enabled  
  After a few minutes have elapsed, IGRP will have advertised the network numbers throughout this small internetwork and have updated the routing tables with appropriate entries. The routing table for router 1 is as shown here:  
  Router1>show ip route  
  Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP  
  D- EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area  
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP  
  i- IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default  
  Gateway of last resort is not set  
  C120.0.0.0 is directly connected, Ethernet0  
  I150.1.0.0 [100/8576] via 120.1.1.2, 00:01:20, Ethernet0  
  And the routing table for router 3 is as follows:  
  Router3>show ip route  
  Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP  
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area  
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP  
  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default  
  Gateway of last resort is not set  
  I120.0.0.0 [100/8576] via 150.1.1.1, 00:01:14, Serial0  
  C150.1.0.0 is directly connected, Serial0  
  The thing to note is that the routing table indicates that the routes necessary for router 1 and 3 to ping each other were learned from IGRP and are no longer static routes as they were originally.  
  It is now worth exploring the application of subnets in a real environment. What we are about to do is configure all ports on this small internetwork to be in subnets of the network number 160.4.0.0. To accomplish this, we need to change the address and netmask of all ports and the IGRP configuration for each router. For router 1, these changes are put into effect by the following input:  
  Router1(config)#int e0  
  Router1(config-int)#ip address 160.4.1.33 255.255.255.224  
  Router1(config-int)#exit  
  Router1(config)#router igrp 9  
  Router1(config-router)#no network 120.0.0.0  
  Router1(config-router)#network 160.4.0.0  
  Router1(config-router)#<Ctrl-Z>  
  The configuration for router 1 is illustrated in Fig. 3-11. To configure router 2 and view its configuration, follow the commands shown in Fig. 3-12. In order to configure router 3, use the commands shown in Fig. 3-13.  
     
     
  !  
 
     
  version 10.3  
 
     
  !  
 
     
  hostname router1  
 
     
  !  
 
     
  enable secret 5 $1$W6qH$DTNrEHmJrn6QqYcMu5PRh.  
 
     
  enable password test  
 
     
  !  
 
     
  interface Ethernet0  
 
     
  ip address 160.4.1.33 255.255.255.224  
 
     
  !  
 
     
  interface Serial0  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  interface Serial1  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  router igrp 9  
 
     
  network 160.4.0.0  
 
     
  !  
 
     
  line con 0  
 
     
  line aux 0  
 
     
  transport input all  
 
     
  line vty 0 4  
 
     
  password ilx  
 
     
  login  
 
     
  !  
 
     
  end  
 
  Figure 3-11: Router 1 configured for subnets  
     
     
 
     
  Router2# conf t  
 
     
  Enter configuration commands, one per line. End with CtrlZ  
 
     
  Router2(config)#int e0  
 
     
  Router2(config-int)#ip address 160.4.1.34 255.255.255.224  
 
     
  Router2(config-int)#int s0  
 
     
  Router2(config-int)#ip address 160.4.1.65 255.255.255.224  
 
     
  router2(config-if)# exit  
 
     
  router2(config)#router igrp 9  
 
     
  router2(config-router)# no net 120.0.0.0  
 
     
  router2(config-router)#no net 150.1.0.0  
 
     
  router2(config-router)# net 160.4.0.0  
 
     
  router2(config-router)# <ctrl>Z  
 
     
  router2#  
 
     
  The configuration for router 2 now looks like the following:  
 
     
  router2# wr t  
 
     
  Building configuration  
 
     
  Current configuration:  
 
     
  !  
 
     
  version 10.3  
 
     
  !  
 
     
  hostname router2  
 
     
  !  
 
     
  enable secret 5 $1$/P2r$ob00lmzYqpogV0U1g1O8U/  
 
     
  enable password test  
 
     
  !  
 
     
  interface Ethernet0  
 
     
  ip address 160.4.1.34 255.255.255.224  
 
     
  !  
 
     
  interface Serial0  
 
     
  ip address 160.4.1.65 255.255.255.224  
 
     
  !  
 
     
  interface Serial1  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  router igrp 9  
 
     
  network 160.4.0.0  
 
     
  !  
 
     
  line con 0  
 
     
  line aux 0  
 
     
  line vty 0 4  
 
     
  password ilx  
 
     
  login  
 
     
  !  
 
     
  end  
 
  Figure 3-12: Router 2 configured for subnets  
     
     
 
     
  Router3# conf t  
 
     
  Enter configuration commands, one per line. End with CNTL/Z.  
 
     
  router3(config)# int s0  
 
     
  router3(config-if)# ip address 160.4.1.66 255.255.255.224  
 
     
  router3(config-if)# exit  
 
     
  router3(config)#router igrp 9  
 
     
  router3(config-router)#no net 150.1.0.0  
 
     
  router3(config-router)# net 160.4.0.0  
 
     
  router2(config-router)# exit  
 
     
  router3(confug)#  
 
     
  The configuration for router 3 now looks like the following:  
 
     
  router3# wr t  
 
     
  Building configuration  
 
     
  Current configuration:  
 
     
  !  
 
     
  version 10.3  
 
     
  !  
 
     
  hostname router3  
 
     
  !  
 
     
  enable secret 5 $1$cNaQ$a4jcvrXlzVO4cwJB7RP5j1  
 
     
  enable password test  
 
     
  !  
 
     
  interface Ethernet0  
 
     
  ip address 193.1.1.1 255.255.255.0  
 
     
  shutdown  
 
     
  !  
 
     
  interface Serial0  
 
     
  ip address 160.4.1.66 255.255.255.224  
 
     
  clockrate 64000  
 
     
  !  
 
     
  interface Serial1  
 
     
  no ip address  
 
     
  shutdown  
 
     
  !  
 
     
  router igrp 9  
 
     
  network 160.4.0.0  
 
     
  !  
 
     
  line con 0  
 
     
  line aux 0  
 
     
  transport input all  
 
     
  line vty 0 4  
 
     
  password ilx  
 
     
  login  
 
     
  !  
 
     
  end  
 
  Figure 3-13: Router 3 configured for subnets  
  Note that when configuring IGRP, the same network number is defined on each router. In this case, when IGRP advertisements are received, it is assumed that the same subnet mask is used on all interfaces on the internetwork and the correct entries in the routing tables are then made. The routing tables now appear as follows:  
  Router1>show ip route  
  Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP  
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area  
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP  
  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default  
  Gateway of last resort is not set  
  160.4.0.0 255.255.255.224 is subnetted, 2 subnets  
  C 160.4.1.32 is directly connected, Ethernet0  
  I 160.4.1.64 [100/8576] via 160.4.1.34, 00:00:00, Ethernet0  
  Router2>show ip route  
  Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP  
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area  
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP  
  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default  
  Gateway of last resort is not set  
  160.4.0.0 255.255.255.224 is subnetted, 2 subnets  
  C  160.4.1.32 is directly connected, Ethernet0  
  C  160.4.1.64 is directly connected, Serial0  
  Router3>show ip route  
  Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP  
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area  
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP  
  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default  
  Gateway of last resort is not set  
  160.4.0.0 255.255.255.224 is subnetted, 2 subnets  
  I  160.4.1.32 [100/8576] via 160.4.1.65, 00:01:07, Serial0  
  C  160.4.1.64 is directly connected, Serial0  
  An interesting point is that the network number that is tracked in the routing table is a derived value. By looking at both the assigned IP address and the subnet mask, the subnetwork number is calculated. This effect can be clearly illustrated by changing the IP address of the serial port on router 3, keeping the subnet mask the same, then viewing the new routing table:  
  Router3(config)#interface serial 0  
  Router3(config-int)#ip address 160.4.1.100 255.255.255.224  
  The routing table now looks like this:  
  Router3>show ip route  
  Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP  
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area  
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP  
  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default  
  Gateway of last resort is not set  
  160.4.0.0 255.255.255.224 is subnetted, 2 subnets  
  I  160.4.1.32 [100/8576] via 160.4.1.65, 00:01:07, Serial0  
  C  160.4.1.96 is directly connected, Serial0  
  As you can see, the routing table automatically adjusted to keep track of a new network number associated with that interface, simply because you changed the IP address of that interface.  
  As a point of interest, this is the exact opposite of the way that NetWare protocols work. In NetWare, you assign one network number to a server and all workstations on that network work out their own address. With TCP/IP, you assign addresses and a subnet mask to all workstation interfaces and the network number is calculated from that. We will be discussing the NetWare protocols more fully in Chap. 5.
Lab Exercises  
  We will now alter the configuration to make things stop working and look at how these problems can be identified and resolved.  
  Make these changes to the lab environment and we will troubleshoot the network and get it back into a working state.  
  1.   Change the encapsulation on router 3 Serial 0 port to ppp.  
  2.   Change the polarity of the DTE/DCE cable, so that the end of the cable connected to the router 2 Serial 0 port is connected to the router 3 Serial 0 port.  
  3.   Configure the Ethernet 0 port on router 1 to be shut down.  
  4.   Change the Autonomous System number of the IGRP process on router 2 to 15.  
  5.   Disconnect the Ethernet 0 port on router 2 from the hub.  
  To effect the router configuration changes, perform the following:  
  Router3#conf t  
  Router3(config)#int s0  
  Router3(config-if)encapsulation ppp  
  Router1#conf t  
  Router1(config)#int e0  
  Router1(config-if)shutdown  
  Router2#conf t  
  Router2(config)#no router igrp 9  
  Router2(config)#router igrp 15  
  Router2(config-router)network 160.4.0.0  
  A troubleshooting procedure should follow the previously described OSI seven-layer model of communications. You need to check the Physical layer first, then the Data Link and so forth, until the system is communicating properly.  
  Overview of Physical Layer Troubleshooting  
  A visual check shows whether cables are connected, but may not show a cable break. The best way to determine whether a router port is physically connected is to use the show interface command and interpret the screen output. Perform the following on router 2:  
  Router2#show interface serial 0  
  Ethernet0 is up, line protocol down  
  This is the first line of the output, and shows you that the port is okay, but was not able to establish a protocol session. This is either due to an unplugged/broken cable, or a broken transceiver. In this case, the cable is simply unplugged; replugging the cable brings the line protocol up. The problem generated by change number 5 has been detected and corrected.  
  Next on the Physical level you should check the serial port connections. Entering the following in router 2 will bring up a screen display, the last line of which is as shown.  
  Router2#show interface serial 0  
    .  
    .  
  DCD=up DSR=up DTR=up RTS=up CTS=up  
  This indicates that the physical connectivity to this port is working, and all the expected EIA signals are present. The port is, however, showing that the line protocol is down. This is due to either clocking problems or mismatched encapsulation. To resolve this, we issue the show controllers serial 0 command on both router 2 and 3, and check that the router configuring its Serial 0 port as a DCE has the clockrate 64000 entry in its configuration. By changing the polarity of the DTE/DCE cable, we match the DCE port with the "clockrate 64000"-configured serial port and resolve the problem caused by change 2.  
  The final Physical layer issue to determine whether any ports that need to be in use are physically shut down. Enter the following on router 1.  
  Router1#show interface ethernet 0  
  Ethernet0 is administratively down, line protocol down  
  The first line of the screen output as shown indicates that the port has been shut down by the administrator, by the shutdown entry in the port's configuration. This can be fixed by issuing the no shutdown command in interface configuration mode, which resolves the problem caused by change 3.  
  Overview of Data Link Layer Troubleshooting  
  For Data Link layer troubleshooting, we refer to the router configuration. The only thing to check here is that connected ports share the same Data  
  Link layer encapsulation. By issuing the wri t command to both router 2 and 3, we see mismatched layer 2 encapsulations. By viewing the configurations, we see PPP as the encapsulation for Serial 0 on router3, but the Serial 0 port of router 2 shows no encapsulation. With no encapsulation, the Cisco HDLC default is used. Taking out the encapsulation ppp entry from the Serial 0 port of router 3 resolves problem 1.  
  Overview of Network Layer Troubleshooting  
  Once the layer 1 and 2 problems have been resolved, only the Network layer remains to be checked in our scenario. We know that with IGRP, routing information is exchanged only between systems belonging to the same Autonomous System number. By reviewing the router configurations, we see that router 2 has a different AS number than router 1 and 3. Changing the AS to match enables all routers to share route information, which resolves problem 4. All routers can now ping one other again, because IGRP can now update each router's routing table with the necessary information.
Summary  
  This chapter covered how to configure a new router using Cisco's Setup feature, viewing and understanding the configuration file that this generates, and modifying this file using the Cisco configuration mode. How to store and retrieve these files from a network TFTP server was covered, including use of the auto-configuration routine.  
  The chapter concluded with instructions on how to build a simple laboratory of three Cisco routers to enable us to explore how routers interact in a small internetwork.  

 


 
 


Cisco TCP/IP Routing Professional Reference
Cisco TCP/IP Routing Professional Reference
ISBN: 0072125578
EAN: 2147483647
Year: 2005
Pages: 11

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net