Access List Basics

An access list is a sequential series of filters. Each filter comprises some sort of matching criteria and an action. The action is always either permitor deny. The matching criteria may be as simple as a source address alternatively, they may be a more complex combination of source and destination addresses, protocol type, ports or sockets, and specifications of the state of certain flags, such as the TCP ACK bit. A packet is dropped into the top of the stack of filters (Figure B.2). At each...

Access List Types

The actual configuration lines for the access list shown graphically on the right of ,Figure B.4 are access-list 9 deny 10.23.147.0 0.0.0.255 access-list 9 permit 10.0.0.0 0.255.255.255 Every filter layer of an access list is represented by one configuration line. The various components of an access list line are discussed shortly, but for now notice the number 9 in both lines. This number is the access list number, and it serves two purposes It links all the lines of this list together and...

Addresses

FarlsMich reute 0000.0C0A.ZC51.00 Heute Lee* up for destination 3 ,30 c.Ga2c.5100 Using r-oute to lesest IS Iii level 2 'outer Syat& m 5rs ' sflPA lut(u-fate Stat a Holdtine Typo Protocol IS IS IS-IS uses nine PDU types in its processes, and each PDU is identified by a five-bit type number. The PDUs fall into three categories, as shown in Table 10.1. The first eight octets of all of the IS-IS PDUs are header fields that are common to all PDU types, as shown in Figure 10.15. These first...

Administrative Distances

The diversity of metrics presents another problem If a router is running more than one routing protocol and learns a route to the same destination from each of the protocols, which route should be selected Each protocol uses its own metric scheme to define the best route. Comparing routes with different metrics, such as cost and hop count, is like comparing apples and oranges. The answer to the problem is administrative distances. Just as metrics are assigned to routes so that the most...

Appendix B Tutorial Access Lists

Access lists are probably misnamed these days. As the name implies, the original intention of an access list was to permit or deny access of packets into, out of, or through a router. Access lists have become powerful tools for controlling the behavior of packets and frames. Their use falls into three categories (Figure B.1) Security filters protect the integrity of the router and the networks to which it is passing traffic. Typically, a security filter permits the passage of a few,...

Appendix F Solutions to Troubleshooting Exercises

Chapter 2 Chapter 3 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 13 Chapter 14 1 For the following host addresses and subnet masks, find what subnet each address belongs to, the broadcast address of that subnet, and the range of host addresses for that subnet 2 You have been told to configure 192.168.13.175 on an interface with a mask of 255.255.255.240. Is there a problem If so, what is it A 192.168.13.175 28 is the broadcast address of subnet 192.168.13.160...

Area Addresses CLV

The Area Addresses CLV (Figure 10.21) is used to advertise the area addresses configured on the originating router. As the multiple Address Length Area Address fields imply, a router can be configured with multiple area addresses. There will never be more than three Address Length Area Address fields in PDUs originated by Cisco routers because that is the maximum number of area addresses supported. Figure 10.21. The Area Addresses CLV. Figure 10.21. The Area Addresses CLV. Figure 10.22 shows...

Authentication Information CLV

The Authentication Information CLV (Figure 10.26) is used when authentication is configured. The Authentication Type field contains a number between 0 and 255 that specifies the type of authentication used and hence the type of information contained in the Authentication Value field. The only authentication type currently defined by ISO 10589 or supported by Cisco is a cleartext password, which is Authentication Type 1. Figure 10.26. The Authentication Information CLV. Figure 10.26. The...

Been translated into type 5 LSAs by Goya 192168503

Type 7 AS External Link Stales (Area 192.166.10,O) Type 7 AS External Link Stales (Area 192.166.10,O) Several configuration options are available for the ABR. First, the no-summary option can be used with the area nssa command to block the flooding of type 3 and type 4 LSAs into the NSSA. To turn area 192.168.10.0 into a somewhat schizophrenically named totally stubby not-so-stubby area, Goya's configuration would be router ospf 30 network 192.168.20.0 0.0.0.3 area 0 network 192.168.10.0...

Better match of host cs address than is the first route

CjriS C coniwctetl, Static, T iCflP, 4 HIP, H Otile. EL JP U ElOUP, .X EIQRR r ernal r OSPF, ft C l inter rea E1 S f externa. ly c 1. E2 o-S f external tyf 2. L SP i iS-iS. L1 IS'IS level 1,1 IS-IS teuel 2, cand ate default u par-user star it runic iir .-.- y c 1 l it re urt l 175.19-35-1 is network B-.U.Si.U 172.1 f-. n. S) -li i , variably s jl> nt 11 ml , IB subnets, a rusks R 172.19.35.128 27 i 120 11 via 172.19.35.3, M & 0 r. Llht m'l F 172.19.35.16fl 27 126 11 via 172,13.35.3, M SU...

C iM 16 0LwptmckD

15a 10 jn.-.i > i hi* 1 ip route 10.1.30.0 255.255.255.0 10.1.10.2 ip route 10.1.10.0 255.255.255.0 192.168.1.194 ip route 192.168.1.192 255.255.255.224 192.168.1. If Pooh needs to send a packet to host 10.1.30.25, it will look into its route table and find that the subnet is reachable via 10.1.10.2. Because that address is not on a directly connected network, Pooh must again consult the table to find that network 10.1.10.0 is reachable via 192.168.1.194. That subnet is also not directly...

Case Study A Basic Eigrp Configuration

Like IGRP, EIGRP requires only two steps to begin the routing process 1. Enable EIGRP with the command router eigrp process-id. 2. Specify each major network on which to run EIGRP with the network command. The process ID may be any number between 1 and 65535 (0 is not allowed), and it may be arbitrarily chosen by the network administrator, as long as it is the same for all EIGRP processes in all routers that must share information. Alternatively, the number may be an InterNIC-assigned...

Case Study A Basic IGRP Configuration

Only two steps are necessary to configure IGRP 1. Enable IGRP with the command router igrp process-id. 2. Specify each major network on which to run IGRP with the network command. The process ID is carried in the 16-bit autonomous system field of the update packet. The selection of a process ID is arbitrary any number between 1 and 65,535 (0 is not allowed) can be used, as long as it is used consistently on all routers that must share information via that particular IGRP process. Figure 6.11...

Case Study A Basic OSPF Configuration

The three steps necessary to begin a basic OSPF process are 1. Determine the area to which each router interface will be attached. 2. Enable OSPF with the command router ospfprocess-id. 3. Specify the interfaces on which to run OSPF, and their areas, with the network area command. Unlike the process ID associated with IGRP and EIGRP, the OSPF process ID is not an autonomous system number. The process ID can be any positive integer and has no significance outside the router on which it is...

Case Study A Basic RIP Configuration

Only two steps are necessary to configure RIP 1. Enable RIP with the command router rip. 2. Specify each major network on which to run RIP with the net work command. Figure 5.8 shows a four-router internetwork, with four major network numbers. Router Goober is attached to two subnets of network 172.17.0.0. The commands necessary to enable RIP are Figure 5.8. Both Andy and Barney are border routers between class-level networks. Figure 5.8. Both Andy and Barney are border routers between...

Case Study A Basic RIPv2 Configuration

By default, a RIP process configured on a Cisco router sends only RIPvl messages but listens to both RIPvl and RIPv2. This default is changed with the version command, as in the following example network 172.25.0.0 network 192.168.50.0 In this mode, the router sends and receives only RIPv2 messages. Likewise, the router can be configured to send and receive only RIPvl messages network 172.25.0.0 network 192.168.50.0 The default behavior can be restored by entering the c ommand no version in...

Case Study A Missing Neighbor

Figure 8.45 shows a small EIGRP internetwork. Users are complaining that subnet 192.168.16.224 28 is unreachable. An examination of the route tables reveals that something is wrong at router Grissom (Figure 8.46). 17 17 When troubleshooting an internetwork, it is a good practice to verify that the addresses of all router interfaces belong to the correct subnet. Figure 8.45. Subnet 192.168.16.224 28 is not reachable through Grissom in this example of an EIGRP Figure 8.45. Subnet 192.168.16.224...

Case Study A Protocol Migration

The distance command, when used without any optional parameters, specifies the administrative distance to be assigned to routes learned from a particular routing protocol. On first consideration, this action may not seem to be a route filtering function, but it is. When multiple routing protocols are running, routes are accepted or rejected based on their administrative distances. The internetwork in Figure 13.7 is running RIP, and there is a plan to convert to EIGRP. Several methods exist for...

Case Study Address Aggregation

A new router is added to the internetwork in Figure 8.43. The five network addresses that Earhart must advertise to Yeager can be summarized with two aggregate addresses. Earhart's configuration will be Figure 8.43. Earhart is advertising two aggregate addresses to Yeager. Figure 8.43. Earhart is advertising two aggregate addresses to Yeager. interface Ethernet1 ip address 10.15.15.254 255.255.255.252 ip summary-address eigrp 15 172.0.0.0 255.0.0.0 ip summary-address eigrp 15 192.168.16.0...

Case Study Authentication

Cisco's implementation of RIPv2 message authentication includes the choice of simple password or MD5 authentication, and the option of defining multiple keys, or passwords, on a key chain. The router may then be configured to use different keys at different times. The steps for setting up RIPv2 authentication follow. 1. Define a key chain with a name. 2. Define the key or keys on the key chain. 3. Enable authentication on an interface and specify the key chain to be used. 4. Specify whether the...

Case Study Configuring OnDemand Routing

ODR is enabled with a single command, router odr. No networks or other parameters must be specified. CDP is enabled by default it needs to be enabled only if it has been turned off for some reason. The command to enable the CDP process on a router is cdp run to enable CDP on a specific interface, the command is cdp enable. Figure 12.17 shows a typical hub-and-spoke topology. To configure ODR, the hub router will have the router odr command. As long as all routers are running IOS 11.2 or later...

Case Study Configuring Unicast Updates

Next, router Bea is added to the Ethernet link that Andy and Floyd share (Figure 5.11). The no-RIP policy between Andy and Floyd remains in place, but now Bea and Andy, as well as Bea and Floyd, must exchange RIP advertisements. Figure 5.11. No RIP updates should be exchanged between Andy and Floyd, but both should exchange Figure 5.11. No RIP updates should be exchanged between Andy and Floyd, but both should exchange The configuration of Bea is straightforward network 192.168.12.0 network...

Case Study Disabling Automatic Summarization

By default, EIGRP summarizes at network boundaries as do the protocols covered in previous chapters. Unlike those protocols, however, EIGRP's automatic summarization can be disabled. Figure 8.42 shows a situation in which disabling summarization is useful. Figure 8.42. Disabling automatic summarization at Cochran and Lindbergh prevents ambiguous routing to Figure 8.42. Disabling automatic summarization at Cochran and Lindbergh prevents ambiguous routing to New Ethernet links have been added to...

Case Study Discontiguous Subnets

In Figure 5.13, another router has been added to the internetwork with a subnet 10.33.32.0 20 on its El interface. The problem is that the other subnet of network 10.0.0.0, 10.33.0.0 20, is connected to Barney, and the only route between the subnets is via 192.168.83.0 and 192.168.12.0 two entirely different networks. As a result, network 10.0.0.0 is discontiguous. Figure 5.13. Classful protocols such as RIP and IGRP cannot route a topology in which the subnets of network 10.0.0.0 are separated...

Case Study Filtering Specific Routes

Figure 13.2 shows a portion of an internetwork running RIPv2. Barkis is providing connectivity to the rest of the internet via Traddles. In addition to the 700 specific routes within BigNet, Traddles is advertising a default route to Barkis. Because of the default route, Barkis, Micawber, Peggotty, and Heep do not need to know the other 700 routes in BigNet. So the objective is to configure a filter at Barkis that will accept only the default route from Traddles and reject all other routes....

Case Study Integrated ISIS on NBMA Networks

Figure 10.64 shows four routers running IS-IS connected by a partially meshed Frame Relay network. The IP addresses, DLCIs, and NETs are shown. The IS-IS configurations of all routers have been verified as correct, and no authentication is configured. Figure 10.64. IS-IS is not establishing adjacencies across the Frame Relay network. Figure 10.64. IS-IS is not establishing adjacencies across the Frame Relay network. The problem with this internetwork is that no routes are being discovered...

Case Study Manipulating RIP Metrics

A serial link, to be used as a backup, has been added between Ernest_T and Barney (Figure 5.16). This link should be used only if the route via Andy fails. The problem is that the path between Barney's 10.33.0.0 subnet and Ernest_T's 10.33.32.0 subnet is 1 hop via the serial link and 2 hops via the preferred Ethernet links. Under normal circumstances, RIP will choose the serial link. Figure 5.16. RIP metrics must be manipulated so that the 2-hop Ethernet route between Barney and Ernest_T will...

Case Study Misconfigured Summarization

Figure 9.102 shows a backbone area and three attached areas. To reduce the size of the link state database and to increase the stability of the internetwork, summarization will be used between areas. Figure 9.102. The summary addresses shown for each area will be advertised into area 0. Area 0 will also Figure 9.102. The summary addresses shown for each area will be advertised into area 0. Area 0 will also The individual subnets of the three nonbackbone areas are summarized with the addresses...

Case Study Multiple IGRP Processes

Two new routers, Lovett and Harriman, have been added to the internetwork (Figure 6.18). A decision has been made to create two IGRP autonomous system domains in the internetwork with no communications between the two. Figure 6.19 shows the two autonomous systems and the related links for each. Figure 6.18. Separate routing domains are to be created in this internetwork. Figure 6.18. Separate routing domains are to be created in this internetwork. Figure 6.19. The routers Harriman and Acheson...

Case Study Multiple Redistribution Points

Figure 13.12 shows an internetwork very similar to the one depicted in Figure 11.3. Recall from the associated discussion in Chapter 11 that the problem with multiple redistribution points is that administrative distances can cause routers to choose undesirable paths. In some cases, route loops and black holes can result. For example, Bumble's routing table (Figure 13.13) shows that it is routing to network 192.168.6.0 through Blathers, rather than using the preferable route through Monks....

Case Study OSPF and Secondary Addresses

Two rules are related to the use of secondary addresses in an OSPF environment 1. OSPF will advertise a secondary network or subnet only if it is also running on the primary network or subnet. 2. OSPF sees secondary networks as stub networks (networks on which there are no OSPF neighbors) and therefore will not send Hellos on them. Consequently, no adjacencies can be established on secondary networks. Figure 9.65 shows the DNS server and an additional router attached to the E0 interface of...

Case Study OSPF over Demand Circuits

OSPF over demand circuits is easily configured by adding the command ip ospf demand-circuit to the interface connected to the demand circuit. Only one end of a point-to-point circuit, or the multipoint side of a point-to-multipoint circuit, needs to be declared a demand circuit. In most cases, OSPF over demand circuits should not be implemented across a broadcast medium. On such a network, the Hello packets cannot be suppressed, and the link will stay up. If the virtual circuits in Figure 9.92...

Case Study Passive Interfaces

The router Floyd has been added to the internetwork (Figure 5.10). It is desired that no RIP advertisements be exchanged between Floyd and Andy. This is easy enough at Floyd Figure 5.10. Network policy calls for no RIP exchanges between Andy and Floyd. Figure 5.10. Network policy calls for no RIP exchanges between Andy and Floyd. Floyd(config-router) network 192.168.100.0 By not including a network statement for 192.168.12.0, Floyd will not advertise on interface 192.168.12.66. Andy, however,...

Case Study Redistributing EIGRP and OSPF

The internetwork of Figure 11.19 has an OSPF domain and two EIGRP domains. Router Hodges is running OSPF process 1. Podres is running EIGRP process 1, and EIGRP process 2 is running on Snider and Campanella. Robinson has the following configuration Figure 11.19. Hodges is running OSPF, and Podres is running EIGRP 1. Snider and Campanella are running Figure 11.19. Hodges is running OSPF, and Podres is running EIGRP 1. Snider and Campanella are running router eigrp 1 redistribute ospf 1 metric...

Case Study Redistributing ISIS and RIP

In the internetwork of Figure 11.30, Aaron is running IS-IS, Williams is running RIPv1, and Mays is redistributing. Mays' IS-IS configuration is Figure 11.30. Router Mays is redistributing RIP into IS-IS and IS-IS into RIP. Figure 11.30. Router Mays is redistributing RIP into IS-IS and IS-IS into RIP. redistribute rip metric 0 metric-type internal level-2 net 01.0001.0000.0c76.5432.00 redistribute rip metric 0 metric-type internal level-2 net 01.0001.0000.0c76.5432.00 router rip redistribute...

Case Study Redistribution with IGRP

Redistribution between routing protocols is covered in Chapter 11, but it is worth noting here that if an IGRP process and an EIGRP process have the same process IDs, they will redistribute automatically. In Figure 8.38, router Curtiss has the following configuration Figure 8.38. If Earhart is configured with both EIGRP and with IGRP, using the same process ID for both, route information will be redistributed. Figure 8.38. If Earhart is configured with both EIGRP and with IGRP, using the same...

Case Study Route Summarization

Route summarization between areas in a link state protocol is introduced in Chapter 9. A more complete discussion of summarization, in the context of default routes, is presented in Chapter 12. Briefly, summary routes are useful because They reduce the size of LSPs, which reduces the size of the link state database consequently, memory and CPU are conserved. They hide instabilities within areas. If an address within a summary range changes or a link changes state, the change is not advertised...

Case Study Setting Maximum Paths

The maximum number of routes over which IGRP can load balance is set with the maximum-paths paths command. Paths may be any number from one to six in IOS 11.0 and later and any number from one to four in earlier versions. The default for all versions is four. Figure 6.16 shows three parallel paths of varying costs from McCloy to network 172.18.0.0. The network administrator wants to load balance over a maximum of only two of these routes while ensuring that if either of these paths should fail,...

Case Study Setting Router IDs with Loopback Interfaces

Suppose router Matisse from Figure 9.61 has been configured in a staging center and then sent to the field to be installed. During the bootup, the router reports that it cannot allocate a Router ID, and it seems to report the network area commands as configuration errors (Figure 9.63). Worse, the OSPF commands are no longer in the running configuration. Figure 9.63. OSPF will not boot if it cannot find an active IP address for its Router ID. Cisco internetwork Operating 5iys or Software I OS it...

Case Study Unequal Cost Load Balancing

Given up to six parallel routes of equal cost, 5 IGRP will do equal-cost load balancing under the same fast process switching constraints as RIP. Unlike RIP, IGRP can also perform unequal-cost load balancing. An additional serial link has been added between Acheson and Kennan in Figure 6.12, with a configured bandwidth of 256K. The goal is to have Acheson perform unequal-cost load balancing across these two links-spreading the traffic load inversely proportional to the metrics of the link. 5...

Case Study Unequal Cost Load Balancing Again

The entire internetwork of Figure 6.20 is routed with a single IGRP process, and the bandwidths for the serial links are configured to the numbers shown. Default delays are used. Notice that the addresses of the link between Lovett and Harriman are different from the previous examples. Because network 10.0.0.0 can be reached from Acheson not only by the two serial links but also via the Ethernet to Lovett, the network administrator wants to distribute the traffic proportionately among all three...

Case Study Virtual Links

Figure 9.89 shows an internetwork with a poorly designed backbone area. If the link between routers Hokusai and Hiroshige fails, the backbone will be partitioned. As a result, routers Sesshiu and Okyo will be unable to communicate with each other. If these two routers are ABRs to separate areas, inter-area traffic between those areas will also be blocked. Figure 9.89. A failure of the link between Hokusai and Hiroshige will partition the backbone area. Figure 9.89. A failure of the link between...

Basic Concepts Internetworks Routers and Addresses

Once upon a time, computing power and data storage were centralized. Mainframes were locked away in climate-controlled, highly secure rooms, watched over by a priesthood of IS administrators. Contact with a computer was typically accomplished by bringing a stack of Hollerith cards to the priests, who interceded on our behalf with the Big Kahuna. The advent of the minicomputer took the computers out of the IS temple of corporations and universities and brought them to the departmental level. For...

Route Redistribution

Principles of Redistribution Redistributing from Classless to Classful Protocols Case Study Redistributing IGRP and RIP Case Study Redistributing EIGRP and OSPF Case Study Redistribution and Route Summarization Case Study Redistributing IS-IS and RIP Case Study Redistributing Static Routes A router performs redistribution when it uses a routing protocol to advertise routes that were learned by some other means. Those other means may be another routing protocol, static routes, or a direct...

Static Routing

An important observation from Chapter 2, TCP IP Review, is that the data link physical layers and the transport network layers, as defined by the OSI model, perform very similar duties They provide the means for conveying data from a source to a destination across some path. The difference is that the data link physical layers provide communications across a physical path, whereas the transport network layers provide communications across a logical or virtual path made up of a series of data...

CLV Fields

The variable-length fields following the PDU-specific fields are Code Length Value(CLV)m triplets, as shown in Figure 10.17. The Code is a number specifying the information content of the value field, the Length specifies the length of the Value field, and the Value field is the information itself. As the one-octet size of the Length field implies, the maximum size of the Value field is 255 octets. 17 The acronym CLV is not used in ISO 10589, but is used here for convenience. You are already...

Configuration Exercises

1 The first octet rule says that the highest class C address is 223, but it is known that for eight bits the highest decimal number is 255. There are two more classes Class D addresses are for multicast, and class E addresses are for experimental usage. Class D addresses have, as their first four bits, 1110. What is the decimal range of the first octet of class D addresses 2 Select a subnet mask for 10.0.0.0 so that there will be at least 16,000 subnets with at least 700 host addresses...

Configuring Route Maps

Like access lists (see Appendix B,Tutorial Access Lists), route maps by themselves affect nothing they must be called by some command. The command will be either a policy routing command or a redistribution command. Policy routing will send packets to the route map, whereas redistribution will send routes to the route map. The case studies in this section demonstrate the use of route maps for both redistribution and policy routing. Route maps are identified by a name. For example, the following...

Counting to Infinity

Split horizon will break loops between neighbors, but it will not stop loops in a network such as the one in Figure 4.6. Again, 10.1.5.0 has failed. Router D sends the appropriate updates to its neighbors router C (the dashed arrows) and router B (the solid arrows). Router B marks the route via D as unreachable, but router A is advertising a next-best path to 10.1.5.0, which is 3 hops away. B posts that route in its route table. Figure 4.6. Split horizon will not prevent routing loops here....

Crossing two serial links and a Token Ring

Codes c connected, 5 static, - io . r - ftlP, '-1 mobile, B Q EICTP. EX - EiGflP external, o - OSPF, 1A 33 inter iirsii Ml - OSPF animal Type 1 , MJ - OSPF k SA mortal type 2 * OEPF external tyi t, 2 oxternal tyt 2. i. - E.rl i is-15, - rs-is level--, _5 - IS-is i& vei-2, - - candidate uyfLi.it U par.user static r ute, u QW R 19 . 168.1 .tt 24 1120 1 j via 192.133.2.1, eS O 0C. Ethernet G 19 . 165.2. 9 2* iu ili't-tly c nii- t it . - r-0 c ie ,i69,3r 2* is directly connected, saris 0...

Data Link Addresses

In a certain community in Colorado, two individuals are named Jeff Doyle. One Jeff Doyle frequently receives telephone calls for the person with whom he shares a name so much so that his clever wife has posted the correct number next to the phone to redirect errant callers to their desired destination. In other words, because two individuals cannot be uniquely identified, data is occasionally delivered incorrectly and a process must be implemented to correct the error. Among family, friends,...

Delivering them to the correct destination

Tracing the rc-.jlc ta .72 .16.23 .75 lype escape sequence la aucr-t. Tracing the rc-.jlc ta .72 .16.23 .75 The suspicious aspect of all of this is that Kanga should not be routing the packet, which appears to be the case. Kanga should recognize that the destination address of the packet is for its directly connected network 172.16.20.0 and should be using the data link to deliver the packet to the host. Therefore, suspicion should fall on the data link. Just as...

Designated Router DR

To prevent these problems a Designated Router is elected on multi-access networks. The DR has the following duties To represent the multi-access network and its attached routers to the rest of the internetwork To manage the flooding process on the multi-access network The concept behind the DR is that the network itself is considered a pseudonode, or a virtual router. Each router on the network forms an adjacency with the DR (Figure 9.3), which represents the pseudonode. Only the DR will send...

Designated Routers

IS-IS elects a Designated Router (or more officially, a Designated IS) on broadcast multi-access networks for the same reason OSPF does. Rather than having each router connected to the LAN advertise an adjacency with every other router on the network, the network itself is considered a router a pseudonode. Each router, including the Designated Router, advertises a single link to the pseudonode. The DR also advertises, as the representative of the pseudonode, a link to all of the attached...

Designated Routers and Backup Designated Routers

Multiaccess networks present two problems for OSPF, relating to the flooding of LSAs (described in a later section) 1. The formation of an adjacency between every attached router would create many unnecessary LSAs. If n is the number of routers on a multiaccess network, there would be n(n- 1) 2 adjacencies (Figure 9.2). Each router would flood n- 1 LSAs for its adjacent neighbors, plus one LSA for the network, resulting in n 2 LSAs originating from the network. Figure 9-2. Ten adjacencies would...

Diffusing Computation Example

This example focuses only on Cayley and its route to subnet 10.1.7.0. In Figure 8.13, the link between Cayley and Wright (10.1.1.1) has failed. EIGRP interprets the failure as a link with an infinite distance.1101 Cayley checks its topology table for a feasible successor to 10.1.7.0 and finds none (refer to Figure 8.6). 101 An infinite distance is indicated by a delay of 0xFFFFFFFF, or 4294967295. Figure 8.13. The link between Wright and Cayley has failed, and Cayley does not have a feasible...

Extended IP Access Lists

Extended IP access lists provide far more flexibility in the specification of what is to be filtered. The basic format of the extended IP access list line is access-list access-list-number deny permit protocol source source-wildcard destination destinationwildcard precedence precedence tostos log Some of the features here are familiar, and some are new. access-list-number, for extended IP access lists, is between 100 and 199. protocol is a new variable that looks for a match in the protocol...

Figure 1012 This route table shows both level 1 and level 2 ISIS routes

Codes C canr.i.cTad, 3 Tatio, IGF , R RJ P, 1 mobile, EJ LSG-p 0 LlOR . l < EIGftP external, 0 OS f , 3a oSh irttor area lt osr1 external i, L2 os i ext n i type a, l lgp 1 IS IS, Li IS IS ieveL 1, L2 IS IS level 2, * candidate default iG.U.fi.fi is variably susnellea, fi spoilers, 3 riaski iG.U.fi.fi is variably susnellea, fi spoilers, 3 riaski 2 > 5.255.2& .e LE dlr Ctlyl COflil tOil 255.25 -255-0 115 301 via lfl.1.3.2 255,25S. 55.0 115 20 vis n.n.fl.fj. J55 .255.255.5 LS dlrc tlv...

Figure 1031 The Intermediate System Neighbors CLV for LSPs

Virtual Flag, although eight bits long, has a value of either 0x01 or 0x00. A 0x01 in this field indicates that the link is a level 2 virtual link to repair an area partition. The field is relevant only to L2 routers that support area partition repair Cisco does not, so the field will always be 0x00 in Cisco-originated LSPs. R is a reserved bit and is always zero. I E, associated with each of the metrics, indicates whether the associated metric is internal or external. The bit has no meaning in...

Figure 1047 The L1 LSPs of London and Rome have ATT 1 indicating a connection to another area

IS IS Level 1 Link State Database LSPlii HSB0.aCBA.2AAS) . BB OW30.0CGA2C51 .0 a0ti0.0D0A.2C51.01 HSB0.JB )K. i75f> .aB The problem is that the ATT bit is a CLNS function, and the IP process cannot directly interpret the bit. There are two solutions to the problem. The first solution is to enable IS-IS for CLNS on the interfaces in addition to IS-IS for IP. For example, the serial interface configurations for London and Paris are ip address 10.1.255.6 255.255.255.252 ip router isis clns...

Figure 1050 The support of multiple area addresses per router eases area changes

Suppose that the powers that be over the internetwork in Figure 10.41 decree that the area addressing scheme being used is inappropriate and should become GOSIP compliant. After registering with the U.S. GSA, the following components are to be used to construct the NETs The new NETs are shown in Table 10.5. Table 10.5. The new GOSIP-format NETs to be assigned to the routers in Figure 10.41. The first step in changing the area addresses is to add the new NETs to the routers without changing the...

Figure 1058 This SPF log reveals instability in area 1 of Figure 1054

To further investigate instabilities revealed by the SPF log, three useful debug commands are available. Figures 10.59, 10.60, and 10.61 show output from these three debug functions. In each case, the debug messages show the results of disconnecting and reconnecting the serial interface of Zurich in Figure 10.54 from the perspective of Geneva. The first, debug isis spf-triggers (Figure 10.59), displays messages pertaining to events that trigger an SPF calculation. The second command is debug...

Figure 1118 Ford is running IGRP and Berra is running RIP Mantle is performing redistribution

16.5.2.0.Of 24 jgj 10.6.2.0 24 router rip redistribute igrp 1 metric 5 passive-interface Ethernet1 network 10.0.0.0 default-metric 1000 100 255 1 1500 passive-interface Ethernet0 network 10.0.0.0 Both methods of assigning metrics are used here for demonstration purposes. In most cases, a redistribution scheme as simple as this will use one method or the other. Notice that Mantle is also connected to a stub network (192.168.10.0 24). In this case, the stub network should be advertised into the...

Figure 1133 Aarons routing table with a summary route to the subnets within the RIP domain

TOhncited, 3 - atatic, I - IGKP, K - P.IP, M - mobile, E - EGP IGP.P, - E & RP external, 0 - CSt , IA - OStf Hi - OS F HSSJL external type 1, 2 - G59F 31SSA external type 2 OSPP external typt 1, E2 - OSPP external type IS-IS, 11 - IS-IE level-1, L2 - IS-IS level-2, lO.O.O.D e IS Viiiiliiy Sidi flitted, I SLbheta, 2 iniialls 2,0.0 lfr 115 138 Yia 1Q.1,4,Z, BtheinetO 1.3.0 24 is directly connected, Ethernet4 1.1.0 24 is dir itly Connected, Ethernet 1.4.0 24 is directly n iected, EtbernetO...

Figure 1134 The routes with subnets other than 24 are not redistributed into the RIP domain

Codes C - connected, 5 - static, I - IGKP, R - RIP, M - mobile., D - EIGP.P, SK - EIGP external, - OSPF, IA - 3PF inter El - OSPF1 external type 1, Ei - CSPf external type i, E - 1 - IS-IS, Ll - IS-IS level-1, E2 - IS-IS level-2, * - candidate default P. 10.1.3.0 120 1) via 10.2.1,2, 00 03 01, EthernetO C 10.2, l.U is ij.rsctJ.y connected, EthernetC R 10.1.1.0 130 1 via 10.2.1.2, 00i00 02, EthernetD C 10.2,2-0 is directly connected, Ethernet I R 10.1,1,0 130 11 via 10.2,1.2, OO 0D O2, EthernetO...

Figure 1136 Mays considers the summary address 1012024 to be directly connected to Ethernet

Connected, S - static, 1 - IGP E , Ii - Elf, M - nwibile, S - BEE 2IGEP, EM - EIGRP external O - OSPE, TA - OSE F Intel ftECil Kiff HSSA external typ 1, HE - 0S P HS A external type 2 EPF elite Lnal type Ij E2 - CSE F external type 2, 3 - 2GP IS-IS, m - 5-I-S level-1, L - 3- IS level-1, * - candidate deiault 10.0. D. 8 is v iabiy submitted, a Subnet*, 2 maaSls I.3.0 4 115 20 via 10.1.4.1, EthernetO 1.3.0 24 is diiecHy connected Ethernet0 .1.D 4 ifl diifctiy coniiftterS, Ethernet 1 I.1.Q 4 115...

Figure 129 The defaultnetwork command is used at Athens to generate a default network advertisement

Figure 12.10 shows that network 10.0.0.0 has been tagged as a candidate default route in Athens' routing table, but notice that no gateway of last resort is specified. The reason is that Athens is the gateway to the default network. The ip default-network command will cause Athens to advertise a default network, even though no network statement for 10.0.0.0 exists under the RIP configuration (Figure 12.11).

Figure 134 The filter at Traddles allows only the default route to be advertised to Barkis

RIP received v2 update from 192.16& .75.19 on Seriall RIP Sending v2 utJi to 22*.0.0.9 via Ethernet 192.168.75.33) 192.l68.75.fi4 27 > & .0.0.0, natric 2. tag 2 192.160.75.196 3B -> 8.0.0,0, metric tag 3 l -h2. 169. i 30 0.0.0.0, metric 1, tag B RIP sending v2 update to 22 . 0.0.9 via Serial (192.163.75,202) 2.160. fh.32.-2f > a.0.0.0, natric 1, tag C 192. 160.75.196 30 -> 0.0.0,0, metric 1t tag 2 192.160.75.204 30 -> 0.0.0,0, metric 27 tag 3 RIP sending v2 u n-.a to 25 .0.0.3...

Figure 139 After the RIP administrative distance is changed back to 120 the routes with a distance of 70 begin to age

God& s c - connected, s - static, i - igftp, r - hip, u - nodi b - ewp 0 Etonr, ex EIOPP external, 0 OSPF, IA CSf> r inter area M - external 1 ti2 - GS F lJ33A external typa 2 Ei . typa . 6 2 - OSPF external type 2, i 1 I3-ie. l1 IS- s leiral-l, - is-is lenel-2, * candidate default u - uyyi- -ullii, c - oor 2. is. is SUbftettad, 11 uuu'etu C 172.16.25 . is directly connected, Serial G 172.16.253,0 is Ji'eijtly cC iit iH iJ. Stfiial' ft 172.16.2S*. i7 i via 1 2. 1 0.2.25S. 00 02 31,...

Figure 142 Policy routing allows highpriority traffic from the Mongo System to be routed over the FDDI link while

Table 14.1 and table 14.2 show the match and set commands that can be used with redistribution, and table 14.3 and table 14.4 show the match and set commands that can be used with policy routing. Table 14.1. Match commands that can be used with redistribution. Table 14.1. Match commands that can be used with redistribution. match interface type number type number Matches routes that have their next hop out one of the interfaces specified. match ip address access-list-number name...

Figure 146 FTP packets TCP ports 20 and 21 are being forwarded to Lucy whereas Telnet packets TCP port 23 with the same

& chreeder < jet)uq ip packet < m t . > l j 10 P packet ik-tjuyyiiKj is en uit '. iiii< iJ.i for a tn ii t iu & chreeder < jet)uq ip packet < m t . > l j 10 P packet ik-tjuyyiiKj is en uit '. iiii< iJ.i for a tn ii t iu The purpose of segregating bulk and interactive traffic, as demonstrated in the last example, is so that the small packets characteristic of interactive traffic do not become delayed by the large packets characteristic of bulk traffic. The problem with the...

Figure 316 10151 matches the entry for 1010016 and will be forwarded to 10461

Codes c cMiiact& tfj a static, i i ip, Ft flip, t maulle, u l gp u - EiGhp, lx liuup external, y uspf , 1a OSPf inter area lt osPI external type t O-SHi eternal i2, L lap l It I . Ll IS IS level 1, L2 IS 13 level 2. - candidalc default I , , . lk variably subnetteO, 3 sublets, 2 *asKs C 10.4,6.0 255.255.255.0 LS dir& Ctly CCllrttCLCD. Si-TLail t is directly connected, Ethernet 193.138.1.0 255.255.255.22* is submitted, 1 subnets Figure 3.17 shows Tigger's route table. The destination...

Figure 322 Kangas ARP cache has an entry for Milne but the associated data link identifier is wrong

Kangaifshew a a Protocol A Jd.i.,s Internet Internet internet Internet Kanga* 172. 16,21 ,1 172.16,28,2 172.16,21,2 172.16.2fl.75 Another look at Kanga's ARP table reveals that the MAC identifier associated with Milne is suspiciously similar to the MAC identifier of Kanga's own Cisco interfaces (the MAC addresses with no ages associated with them are for the router's interfaces). Because Milne is not a Cisco product, the first three octets of its MAC identifier should be different from the...

Figure 330 The route table of RTB figure 328

Codes connected, S static, 1 liKP, h (UP, U publia, it BGP J LI RP. LH LLGRP C xt h ri a 1. OSPF, A USPF ntar ar-ea lt external type i, l2 os pi external type ' , l liif L Ii ES, M js laveJ 1, L2 IS S LovfL , ' candidate default u per user staue rauTO- Figure 3.31. The route table of RTc, figure 3.28 C Li J c- ft C connected, S -il c. I 1GHP, H KIP, u nobile, Ei H P U ElGFtP, EX EIGRP external, 0 03PF, Ii GS l in tar area > 11 (JSPI NSSA exlt-r ai type 1, FI2 OSPf HiSA asternal type 2 L1 PI...

Figure 36 Debugging verifies that the new route entries at Pooh are working correctly

IP s 192.16B.1.15 (Ethernets), J 1B.4.7.25 (Seriate , g l92,163.1.6B, forward I 10.4.7.25 (Sitr i.ilftj , C 1 Li2 . 1 ( . 1 .1 Lj (Ethernet ), (J 192.1GS.115, forward IP 192-iga. 1.1 s (Ethernet), J ti).4.7.ifM) (seriaii), y 192.163.1.34, forward IP 10.4.7.100 (Sarialo), d l92.160.1.15 (Ethernet ), g l9 .lG& .l.15, forward Next a packet is sent from host 192.168.1.15 to host 10.4.7.100. Packets destined for any host on 10.0.0.0 subnets, other than host 10.4.7.25, should be routed across the...

Figure 62 LeHand advertises subnet 192168219226 to Tully as an internal route Network 19216830 is advertised to Tully

However, the local network for LeHand and Thompson is 192.168.3.0. LeHand is the boundary router between major networks 192.168.2.0 and 192.168.3.0, so 192.168.2.0 will be advertised to Thompson as a system route. Likewise, 192.168.3.0 is advertised to Tully as a system route. 192.168.1.0 is a network in another autonomous system, and LeHand has been configured to advertise that network address as a default route. 192.168.1.0 will therefore be advertised to both Thompson and Tully as an...

Figure 629 The Token Ring interface for RTF in Figure 625

Hardware is TMS3SD, address is W0Q.3D9O.c7di1 ( ia 0000.3090, c7df Internet address is 192.168.5.126 27 MTU 44 A bytes, BW 1G 00 K lL, ULY uSBC, filly 255 255, luacJ 1 255 Encapsulation SNAP, loopback not set, keepallve set (i s j ARP type SNAP, AR Timeout 04 90 00 Single rifiLj ncco, Transparent Bridge capable Group Address okGobBbhhb, functional Address Ethernet Transit oui 0x000000 Last input 00 00 03, output 00 00 03, output Hang never Last clearing of show interface' counters never Output...

Figure 68 The metric for the route from Casablanca to subnet 17220400 is calculated from the minimum bandwidth of 512K

Casablanca*she* ip route i72.Z0.4a.ci Houlinij entry ior 172.20.40.0 255.255.255 .< 5 Ki'0',1 n via *igrp 1, distance ica, metric 24131 Last update from 172.20.1.2 on Ethernets, ed (53 54 ago - 172,20.1.2, from 172.20.1.2, gg Bffi 54 ago, via Ethernet Route metric 24131, traffic share count is 1 rciai delay is -icbbo microseconds, minimum bandwidth is 5 2 Kbit Reliability 255 255, minimus UTU I SOB bytes BWIGRP(min) 107 512 19531 DLYIGRP(sum) 46000 10 4600 . metric BWigrp + DLYIGRP(sum) 19531...

Figure 713 VLSM is applied to subnet 17225150024

101O11 101011 101011 101011 101011 10101 1 101011 101011 101011 101011 101011 101011 101011 101011 IP 101 1 1001100IO1 1-0011M101 1001100101 1001100101 1*0011 00101 1-0011 00101 1-0011 00101 1001100101 1001100101 1001100101 1001100101 1001100101 1001100101 1001100101 1001100101 100011O00O 1001000000 1001010000 1001190000 1001110000 1010000000 1010010000 1010100000 1010110000 1011000000 1011010000 1011100000 1011110000 255.255. 172.25.1 172.25.1 172.25.1 172.25.1 172.25.1 172,25,1 172.25.1...

Figure 718 Although the RIPv2 update from Taos includes all subnets in the internetwork the RIPvl update includes only

Hif sending vl update in 255,255.255,255 via Ethernets (172,25,150,133) RIP sanding v2 update to 224.9.0.9 via LlhenielC (172.25.150.193) 1 72 .25. 1 50 . 4K2 ii > 3. H . 0 . 0 , r.C'.i - 1C 3, I ag B 172.25.153.123 20 > 8.0,0.0, netric 3, tag e 172.25.150.192 20 > B.0.0.0, *9tric 1. tag 0 172.25.150.224 20 > B.0,0.0, 9trie 1. tag 0 172.25.150.240 30 > B.0.0.0, 9trie 2. tag 0 172.25.150.244 30 > B.0.0.0, Metric 2, tag HI 172.25.150.248 30 > B.0.0.0, BStrlC 2, tag HI 172.25.150.252...

Figure 722 Host Cs ARP cache shows the correct MAC address associated with all addresses

1T2 . 1ft. 35 -112 172 .1C-. 35.1 172.10,35.33 172.19.35.2 172.1ft.35 .3 172 .1 . 35 .il 172.IE,35,21 Zufll - Figure 7.23. Host B's ARP cache shows that C's IP address is mapped to the MAC address of San_Felipe's Figure 7.23. Host B's ARP cache shows that C's IP address is mapped to the MAC address of San_Felipe's CKopyrioht Microsoft ' rji 1981-1995. CKopyrioht Microsoft ' rji 1981-1995. Inter fact 172,19,35.33 1 r . L fit TL v. 1 -.12 , -1 IT .15.35.1 112,19.35.3 171.ig.3S.73 . . 19.35.91 171...

Figure 77 The RIPv2 authentication information when configured is carried in the first route entry space

Multiple fields, up to a maximum of 24 Multiple fields, up to a maximum of 24 Simple password authentication for RIPv2 is in plain text. Figure 7.8 shows an analyzer capture of a RIPv2 message with authentication. The figure also shows a difficulty with the default RIP authentication The password is transmitted in plain text. Anyone who can capture a packet containing a RIPv2 update message can read the authentication password. Figure 7.8. When simple password authentication is used, the...

Figure 830 The IP Internal Routes TLV

If it is loss than or more than three octets, the TLV will be padded with zeros to the next four-octet boundary. For example, if the deslination address is 10.1.1 he Destination field will be two octels and will be loll owed with a pad of 0x00. If the address is 192.168.16.04. Ihe Destinalion lield will be four octets and will be followed with a pad of 0x000000. Next Hop is the next-hop IP address. This address may or may not be the address of the originating router....

Figure 831 The IP External Routes TLV

Originaiing Autonomous System Number 'This field is variable. If it is less than or more than three octets, the TLV will be padded with zeros to the next four-octet boundary. For example, if the deslination address is 10,1, ihe Destination field win be two octeis and will be loiiowed with a pad ol 0x00. il the address is 192.iea.1S.64, Ihe Destinalion lield will be four octets and will be followed with a pad of OxOOOOOO. An external route is a path that leads to a destination outside of the...

Figure 84 The topology table of router Langley

Langley 5*10w ip eiyrp topology IP-EIGRP Topology Table for process 1 Codes P - Passive, A - Active, U - Update, Q - Ouery, R - Reply r - Reply status P 10.1.3,0 24, 1 successors, FD is 512 via Connected, Serial P 10.1.2.0 24, 1 successors, FD is 76fl via 10.1.3,1 (763 25S), Serial via 10.1 .5,2 12B0 256), Seriall P 10.1.1,0 24, 1 successor FD is 7fifl via 10.1.3,1 (763 25S), Senalfl via 10.1.5.2 1536 512 , Seriall P 10.1.7.0 24, 1 successors, FD is 256 via Connected, Ethernet P 10.1.6.0 24, 1...

Figure 91 The neighbor table records all OSPFspeaking neighbors

192.168.3 .70 102.l6S.3a.3d 192.138.30.10 192.16B-30.68 192.166.30.18 192.166.30.78 The tracking of other OSPF routers requires that each router have a R outer ID, an IP address by which the router is uniquely identified within the OSPF domain. Cisco routers derive their Router IDs by the following means

Figure 9107 The debug messages for Troubleshooting Exercise

OSPF ftcv pkl tron 172,16.27.1, T ok tu H1 ngfl, OSPF R-CV D- 1-q-r 17 ,16,27,1 , TOkH1 ngfl. G5PF Fcv pkt r 17S.1S.2T.tH Tokin ingfl. OSPF Rev c< from 1 . 7. 1 . Toieiii-g , OSPF R.nv c-1 frois 1. . 7.1 , TDkanRlnge. 2 Explain what problem is indicated by the debug messages in Figure 9.108.

Figure 9111 The error messages for Troubleshooting Exercise

Tii SP F -EHBHCY rte* Lv-Ml invalid amuish if h 10, ffsn Hsikhjfii iris wit bt if tu si link bur HOT VjJ fan I .5.'.1. E he meet QSPf - L-fiflCW Racflivfld invalid n .TU JO, ti-or jr a _ js-r virtual linH b not uJid tjn ir.S I.I. Ethernet PT- Ens 6 The configurations for the routers in Figure 9.112 follow. Figure 9.112. The internetwork for Troubleshooting Problem 6. Figure 9.112. The internetwork for Troubleshooting Problem 6. network 192.168.50.224 0.0.0.31 area 192.168.50.0 network...

Figure 929 The Router LSA describes all of a routers interfaces

Rouler ID 192.ieg.3Q.10 Number of Links - 3 Link r Description Link 2 Description Link 3 Description Link 1 Description Link 2 Description Rouler 10 192.168.30.10 Number of Links - 3 Link T Description Link 2 Description Link 3 Description Figure 9.30. The command show ip ospf database router displays Router LSAs from the link state Honerftshaw ip aspl (JaiaGasir router 192.160.30.10 OSpf Router with id (192.168.30,5 ) eProcess id ij Link cuiinoct cl To another HeuLe - (point-to-point) jLmii...

Figure 95 This interface is attached to a broadcast network type and the router is the DR on this network

Ren aim shea ip tssl interface Ltf riiiitB internet JV.tjcdi i.fss 192,168,17.73 9, Area a process ID i, Router id m, 160,30,70, Network type BROADCAST. Cost 10 Designated Hauler* (ID) 1C-2.T 6.30.70, Interface address '.92 . 1 tie. 17.73 Backup Designates router (IUj t J2.1Gf . 3fl.aa. inte -rati address 1S2.1G8.17.74 lL cf- intervals cofifigursd, c-lici 10, Head e. Wait 40, Retransmit 5 Ne jnnejyr count is 1. Adjacent n& lohbor eoufit is i Adjacent Kith neiohDor iga.iee,30,00 liacfcuf...

Figure 954 The Ospf Lsa header

Age is the time, in seconds, since the LSA was originated. As the LSA is flooded, the age is incremented by InfTransDelay seconds at each router interface it exits. The age is also incremented in seconds as it resides in a link state database. Options is described in The Options Field. In the LSA header, the Options field specifies the optional capabilities supported by the portion of the OSPF domain described by the LSA. Type is the LSA type. The type codes are shown in Table 9.4. Link State...

Figure 956 The OSPF Network LSA

Link State ID for Network LSAs is the IP address of the DR's interface to the network. Network Mask specifies the address or subnet mask used on this network. Attached Router lists the Router IDs of all routers on the network that are fully adjacent with the DR, and the Router ID of the DR itself. The number of instances of this field (and hence the number of routers listed) can be deduced from the LSA header's Length field.

Figure 957 The OSPF Summary LSA The format is the same for both type 3 and type 4 Summary LSAs

Link State ID, for type 3 LSAs, is the IP address of the network or subnet being advertised. If the LSA is type 4, the Link State ID is the Router ID of the ASBR being advertised. Network Mask is the address or subnet mask of the network being advertised in type 3 LSAs. In type 4 LSAs, this field has no meaning and is set to 0.0.0.0. If a type 3 LSA is advertising a default route, both the Link State ID and the Network Mask fields will be 0.0.0.0. Metric is the cost of the route to this...

Figure 967 The MAC identifier of the DNS server is recorded in Matisses ARP cache indicating that the server can be

Because the DNS server must send replies to network addresses different than its own, it will send the replies to Dali for routing. Dali is not exchanging routing information with Matisse, so it does not know how to reach the networks within the OSPF autonomous system. So the one step needed to close the circuit is to tell Dali how to reach the OSPF networks. This is easily done with a static route Dali(config) ip route 192.168.0.0 255.255.0.0 172.19.35.15 Note that static routes are classless,...

Figure 970 The RIPlearned routes are redistributed into the OSPF autonomous system as path type E2

R HIP. U momle, B UliP D LlfiHP, Lk EIGFlP external, 0 OSPF, JA OSPF inter area i.i OiiPF external typi i, L2 ospi external type 2, i. liip i 13 IS, li IS IS level 1. l2 li 13 level 2, - candidate default u per user stniif. route .168.105.0 24 110 1B Via 132.168.30 168.100.0 24 1110 101 via 192.168.30 ,16B.101.0 24 110 10 via 192.188.30 .166.70.0 24 lie-10 via 192.166.30. .163 90-0 24 jllO 10 via 102.1iift.30. . 16B.00.O 24 ni0'10 via 192.168.30. ,160,60.0...

Figure 981 All interarea routes have been replaced with a default route to the ABR

Stat It , 1 IGHP, K ri I f. M IIIDJlLlli, U k t ' ElGflP, EX < EIGftP eternal. 0 . OSPf, 1A OSPF inter area hi - OSPF nssa external type 1, N2 ospf hssa external type 2 ei QbiPl external type i, .2 W external yj)t 2, L Ltir1 l 13' is, li j is lovel 1, l 2 is is level , - - candidate default U per user staTic j'outc, a - CUR Gateway of last resort j . 102,166,10,1 to network ii.n.a.ti H 192.168.105.0 24 120 1 via 172.19,35.1, 0 00 13, EthernetB fi I9i, 160,100.0 24 1130...

Filter Placement Considerations

For the best performance, you must consider not only the efficient design of the access list itself but also the placement of the filter on the router and in the internetwork. As a rule of thumb, security filters usually are incoming filters. Filtering unwanted or untrusted packets before they reach the routing process, prevents spoofing attacks wherein a packet fools the routing process into thinking it has come from somewhere it hasn't. Traffic filters, on the other hand, usually are outgoing...

Header

Decode Status Frsne Length ssti nation Address Source Addrsss Frame Forn.at IEEE SQ2 -3 Length Fidir.c Cken-ltKUii Ol-S()- -00-00-U. 190 IS-IS LL IS Met Ent 00-00-CC-7& -SB-7L , OVI CISCO. Universal 1y IEEE 8G2 3 15G0 Goad. Fidir.c Cheek Sequence CD DC 00 00 Decode Status Frsne Length ssti nation Address Source Addrsss Frame Forn.at IEEE SQ2 -3 Length Fidir.c Cken-ltKUii Ol-S()- -00-00-U. 190 IS-IS LL IS Met Ent 00-00-CC-7& -SB-7L , OVI CISCO. Universal 1y IEEE 8G2 3 15G0 Goad. Fidir.c...

Hexadecimal

Although the address mask must be specified to Cisco routers in dotted decimal, using the command shown previously, the mask may be displayed by various show commands in any of the three formats by using the command ip netmask-format dec hex bit in line configuration mode. For example, to configure a router to display its masks in bitcount format, use Gladys(config) line vty 0 4 Gladys(config-line) ip netmask-format bit As established in the previous section, subnet bits cannot be all zeros or...

Islea604 [10014 vi iii4 00006 setiaii

Administrative distances can contribute to routing loops. Administrative distances can cause even worse problems than the sub-optimal routes, unpredictable behavior, and slow convergence of the previous example. For example, Figure 11.11 shows essentially the same internetwork as in Figure 11.3 except the links between the IGRP routers are frame relay PVCs. By default, IP split horizon is turned off on Frame Relay interfaces. As a result, permanent routing loops will form between Lazzeri and...