My notes about Configuration Register on Cisco Routers

This page on Cisco.com defines all details about "Configuration Register" on Cisco routers.
http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/50421-config-register-use.html

The Purpose of the Configuration Register
The configuration register can be used to change router behavior in several ways, such as:

• how the router boots (into ROMmon, NetBoot)
• options while booting (ignore configuration, disable boot messages)
• console speed (baud rate for a terminal emulation session)

Configuration registers are indeed DIP switches on most of PC motherboard.

DIP-Switch as part of a PCB from 1976, by Rainglasz.
Captured on Wikipedia.

Visualizing Wildcard Mask: Simple Calculation Tool in Excel

(Original subject: "Simple visual tool to calculate Cisco IOS Wildcard Mask")

I create this tool for you to easily calculate equivalent Wildcard Mask for any given IPv4 address and subnet mask.

You can make use of this tool when you have to configure Cisco IOS Access Control List, "network" command in routing protocols, and you can also do a quick double-check about whether the wildcard mask is matching the designated subnets or not.

In fact, this tool is revised from another tool I have posted before.

Simple visual tool to help you understand more about IPv4 Subnets, in Excel Spreadsheet

Summer Biking. From 20010616 花蓮

I created this simple tool to visualize bit-wise relation among IPv4 address, mask, and prefix. I hope it helps beginners to understand more about IPv4 subnet calculation.

CCNA Exploration 4.0 Companion Packet Tracer Practices, the Collection

I collect all my "CCNA Exploration 4.0 Companion Packet Tracer Practice" links of old posts here.

You can just bookmark this post to browse them all at once. Enjoy them!

Dual Stack IPv6 and IPv4 configuration (CNA-04-006)

CCNA Exploration 4.0, Semester 4, "Dual Stack IPv6 and IPv4 configuration " Packet Tracer 5.0 practice file (CNA-04-006).

• CNA-04-006.pkt, (Backup Link)
• CNA-04-006-sol.pkt, (Backup Link)

This example is designed for you to practice basic IPv6 commands in IOS. You will also know the new fashion to start a routing protocol in IPv6.

Note: Packet Tracer 4.X does not support IPv6. Please use version 5.X and later to practice IPv6.

To simplify your task, I configured all the necessary IPv4/IPv6 addresses on the interfaces. You can just begin to observe and verify!

interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:1:1:1::1/64
!
interface Serial0/0/0
 ip address 10.2.2.1 255.255.255.0
 ipv6 address 2001:2:2:2::1/64
 clock rate 64000
!

You have to configure "routing protocol" yourself. To verify "Dual Stack", we will enable both IPv4 routing protocol and IPv6 routing protocol.

The IPv4 part (in this case, RIPv2) is very easy for you. Remember the basic two steps to start any IPv4 routing protocols in IOS:

1. Use one "router X" command, to start one routing protocol process
2. Use one or more "network Y" commands, to specify at which interfaces will this protocol being enabled

So the configuration is this:

router rip
 version 2
 network 10.0.0.0
 no auto-summary
!

For this simple IPv4 addressing, it is not necessary to include an "no auto-summary" command. It is always a good habit to add "no auto-summary" in today's VLSM world.

As to IPv6 part (RIPng), steps are quite different from IPv4:

1. We need to start the routing protocol process first. In addition, we also have to create a TAG name for it. This is because in IPv6 IOS supports multiple instances on routing protocols
2. Go directly to interface configuration mode to assign which "routing instance" to be enabled on this interface.

interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:1:1:1::1/64
 ipv6 rip CCNA enable 
!
interface Serial0/0/0
 ip address 10.2.2.1 255.255.255.0
 ipv6 address 2001:2:2:2::1/64
 ipv6 rip CCNA enable 
 clock rate 64000
!
interface Serial0/0/1
 no ip address
 shutdown
!
ipv6 router rip CCNA
!

In fact, the tag name "CCNA" is only locally significant. You can play by using different tags on two routers and verify it yourself.

Configure NAT/PAT to enable outbound Internet connectivity (CNA-04-005)

CCNA Exploration 4.0, Semester 4, "Configure NAT/PAT to enable outbound Internet connectivity" Packet Tracer 5.0 practice file (CNA-04-005).

• CNA-04-005.pkt, (Backup Link)
• CNA-04-005-pat-sample-sol.pkt, (Backup Link)
• CNA-04-005-nat-sample-sol.pkt, (Backup Link)

The diagram is the same as the previous post, except that EIGRP between Router R0 and Router R1 is removed, and a new default route pointing to R0 (here it represents the Internet) has been added into R1.

Before we start to configure NAT/PAT, we can easily verify that any PCs or Switches below R1 cannot connect to R0. This is because R0 does not have any route to those network addresses (192.168.X.0/24) below R1. We must successfully configure NAT/PAT to translate all source IP addresses into those in network 10.1.1.0/24 to achieve outbound connectivity to R0 (Internet).

Recall that the 3 basic steps to configure NAT/PAT:

1. Specify "Inside" interfaces: source addresses of packets coming through these interfaces need to be translated
2. Specify Outside interfaces: destination addresses of packets coming through these interfaces need to be recovered
3. Define translation rule: this step is quite different between NAT and PAT. I will discuss PAT and NAT in different sections later

Step 1 and 2 are all the same in all modes:

interface FastEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.11.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 10.1.1.1 255.255.255.0
 ip nat outside
 clock rate 64000
!

[PAT]

The only difference is at Step 3. Let's start from PAT.

PAT enable us to reuse the IP address of Router R1's "Serial0/0/0" interface for all inside hosts. Since every host is translated into the same IP address, we can only tell which packets should be recovered to which source host by its TCP/UDP port number.

Now, we need ACL here again! We use ACL to classify packets. If the classification result is permit, then it will be translated; otherwise if the result is deny, it will NOT be translated.

Key configuration fragment is as below:

ip nat inside source list 100 interface Serial0/0/0 overload
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.11.0 0.0.0.255 any
!

Here is the translation result of PAT. NOTE: If you want to see similar results as I do, you must create some connections outbound to R0, such as TELNET. The screen capture is done when 2 PCs are having 2 active TELNET sessions to Router R0.

R1>show ip nat translation
Pro  Inside global     Inside local       Outside local      Outside global
tcp 10.1.1.1:1024      192.168.10.10:1025 10.1.1.2:23        10.1.1.2:23
tcp 10.1.1.1:1025      192.168.11.10:1025 10.1.1.2:23        10.1.1.2:23

R1>

We can see clearly the effect of PAT on Router R0. R0 thought it was 2 connections sourced from 10.1.1.1.

R0>show user
    Line       User       Host(s)              Idle       Location
* 67 vty 0                idle                 00:00:00 10.1.1.1
  68 vty 1                idle                 00:01:48 10.1.1.1

  Interface    User               Mode         Idle     Peer Address
R0>

[NAT]

In NAT, each local IP address will occupy one public global address when we configure NAT instead. Here I assume IP addresses from 10.1.1.101 to 10.1.1.200 is reserved as a pool for NAT use.

NOTE: IP address pool here is similar to car parking slot pool. One car, one slot, and in "first-come-first-serve" way. In above example, only the first 100 local hosts making outbound connections will get its own address. If the pool is full, starting from 101st late comer, no new local hosts can be served by NAT and thus cannot make outbound connections at all!

Key configuration fragment is as below:

ip nat pool INET-POOL 10.1.1.101 10.1.1.200 netmask 255.255.255.0
ip nat inside source list 100 pool INET-POOL
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.11.0 0.0.0.255 any
!

The screen capture is done as before when 2 PCs are having 2 active TELNET sessions to Router R0.

R1>show ip nat translation
Pro  Inside global     Inside local       Outside local      Outside global
---  10.1.1.101        192.168.10.10      ---                ---
---  10.1.1.102        192.168.11.10      ---                ---

R1>

The effect of NAT is clearer on Router R0. R0 thought they were connecting from 10.1.1.101 and 10.1.1.102.

R0>show users
    Line       User       Host(s)              Idle       Location
*  0 con 0                idle                 00:00:00 
  67 vty 0                idle                 00:01:45 10.1.1.101
  68 vty 1                idle                 00:01:35 10.1.1.102

  Interface    User               Mode         Idle     Peer Address
R0>

Using Access Control List (ACL) to restrict inbound Internet access (CNA-04-004)

CCNA Exploration 4.0, Semester 4, "Using Access Control List (ACL) to restrict inbound Internet access" Packet Tracer 5.0 practice file (CNA-04-004).

• CNA-04-004.pkt, (Backup Link)
• CNA-04-004-sample-sol.pkt, (Backup Link)

In this example, I design on purpose to ask you: you must allow PING (that is, ICMP) and disallow TELNET (that is, TCP port 23) at the same time. So that you will be forced to use "Extended" ACL. This is because we have to us one ACL to allow and disallow packets in different services from the same source IP address, which is not possible in "Standard" ACL.

A sample content of ACL and its application could be like this:

interface Serial0/0/0
 ip address 10.1.1.1 255.255.255.0
 ip access-group 100 in
 clock rate 64000
!
access-list 100 deny tcp any 192.168.0.0 0.0.255.255 eq telnet
access-list 100 permit ip any any

The above sample assumes you apply it on the inbound direction of "Serial0/0/0". We can also apply the same ACL on the outbound direction of "FastEthernet0/0" and "FastEthernet0/1" to achieve the same protection.

Also remember: the question in a test about ACL always have been framed into one possible answer. In daily life, there is often more than one possible answer to your asked requirements. Be creative about the possible outcome answer for ACL!

Using TFTP to recover Cisco IOS Image file, and to backup/restore configurations (CNA-04-003)

CCNA Exploration 4.0, Semester 4, "Using TFTP to recover Cisco IOS Image file, and to backup/restore configurations" Packet Tracer 5.0 practice file (CNA-04-003).

• CNA-04-003.pkt, (Backup Link)

This Packet Tracer file is only a simple environment for you to "experience" using TFTP to recover Cisco IOS Image file, and to backup/restore configurations.

However, if you have access to physical real router/switch, especially when you are in a training course, do not waste your chance of practicing! Packet Tracer,as a simulator, is absolutely not comparable to real machines!

For example, it does not simulate all Cisco IOS behaviors. The following Packet Tracer screen captures shows many command option is still missing from the real Cisco 2960 switch.

[In Packet Tracer 5.0]

Cisco-Switch-2960>en
Cisco-Switch-2960#copy ?
  running-config  Copy from current system configuration
  startup-config  Copy from startup configuration
  tftp:           Copy from tftp: file system
Cisco-Switch-2960#copy tftp: ?
  flash:          Copy to flash: file system
  running-config  Copy configuration from system
  startup-config  Copy startup configuration from system
Cisco-Switch-2960#

[In real Cisco 2960 switch]

Cisco-Switch-2960#copy ?
  /erase          Erase destination file system.
  /noverify       Disable automatic image verification after copy
  bs:             Copy from bs: file system
  cns:            Copy from cns: file system
  flash:          Copy from flash: file system
  ftp:            Copy from ftp: file system
  null:           Copy from null: file system
  nvram:          Copy from nvram: file system
  rcp:            Copy from rcp: file system
  running-config  Copy from current system configuration
  startup-config  Copy from startup configuration
  system:         Copy from system: file system
  tftp:           Copy from tftp: file system
  xmodem:         Copy from xmodem: file system
  ymodem:         Copy from ymodem: file system

Cisco-Switch-2960#copy tftp: ?
  flash:          Copy to flash: file system
  null:           Copy to null: file system
  nvram:          Copy to nvram: file system
  running-config  Update (merge with) current system configuration
  startup-config  Copy to startup configuration
  system:         Copy to system: file system

Cisco-Switch-2960#

Repeat: simulator is not a replacement of real machine at all!

Frame Relay and RIP problem configuration and observation (CNA-04-002)

CCNA Exploration 4.0, Semester 4, "Frame Relay and RIP problem configuration and observation" Packet Tracer 5.0 practice file (CNA-04-002).

• CNA-04-002.pkt, (Backup Link)
• CNA-04-002-wrong-sol.pkt, (Backup Link)
• CNA-04-002-final-sol.pkt, (Backup Link)

Of course, I do not recommend you to use RIP anymore during my lecture. Since this is a typical RIP over Frame Relay problem in all versions of ICND materials, you might be interested to configure and observe it!

In this example, we have only two Virtual Circuit available. One is between Router 1 and Router 2, and the other is between Router 2 and Router 3. This is quite a typical deployment in "hub and spoke" scenario to minimize virtual circuit cost!

The access to Frame Relay configuration is not difficult at all for you. All you have to do is to change serial encapsulation to "frame-relay". Here is the sample configuration for Router 1:

interface Serial0/0/0
 ip address 10.1.1.1 255.255.255.0
 encapsulation frame-relay

After you configure all three interfaces on three routers, please wait a moment! Cisco IOS's Inverse ARP feature would automatically setup the correct IP addresses mapping to DLCIs. We can examine this on Router 2:

R2#show frame-relay map
Serial0/0/0 (up): ip 10.1.1.1 dlci 201, dynamic, broadcast, CISCO, status defined, active
Serial0/0/0 (up): ip 10.1.1.3 dlci 203, dynamic, broadcast, CISCO, status defined, active
R2#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/50/60 ms

R2#ping 10.1.1.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/54/91 ms

R2#

The frame relay access portion is actually done! Now we look closer at the RIP problem.

After we start RIP on all routers with default setting, we will immediately see a serious problem: Router 1 does not receive Router 3's RIP routes, and vice versa.

R1>show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, Serial0/0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
R    192.168.2.0/24 [120/1] via 10.1.1.2, 00:00:23, Serial0/0/0
R1>

The cause for this on Router 2. We have only two virtual circuits available in this case. Therefore, only Router 2 will receive Router 3's RIP updates. Router 1 will never receive them unless Router 2 re-send those RIP updates for Router 1.

Recall the default behavior of "split horizon": both Router 1 and Router 3 are addressed in the same subnet, so any RIP updates received in Router 2's Serial0/0/0 interface connecting to this subnet will not be re-sent out through the same interface Serial0/0/0 by Router 2!

That is why Router 1 will not receive Router 3's updates, because Router 2 won't re-send them!

To eliminate this problem, we have to disable the "split horizon" function on Router 2's Serial0/0/0, like this:

interface Serial0/0/0
 ip address 10.1.1.2 255.255.255.0
 no ip split-horizon
 encapsulation frame-relay

Then RIP goes well with such Frame Relay deployment and addressing!

I want to repeat this over and over to you: this is only a sample problem of RIP on Frame Relay. I strongly suggest you to use better protocols such as EIGRP or OSPF instead. Both of them does not have such odd "split horizon" problem. You should refer to this only if you cannot remove RIP in your network!

Configuring PPP on serial interfaces and CHAP Authentication (CNA-04-001)

CCNA Exploration 4.0, Semester 4, "Configuring PPP on serial interfaces and CHAP Authentication" Packet Tracer 5.0 practice file (CNA-04-001).

• CNA-04-001.pkt, (Backup Link)
• CNA-04-001-sol.pkt, (Backup Link)

This is a simple practice for you to change the layer 2 encapsulation from defautl HDLC to PPP. And the reference answer file also contains sample CHAP authentication configurations.

You can also read my previous post so you won't get confused about the username/password and directions.

Provide across 3 VLANs, Layer 3 connectivity using a router with single LAN interface (CNA-03-007)

CCNA Exploration 4.0, Semester 3, "Provide across 3 VLANs, Layer 3 connectivity using a router with single LAN interface" Packet Tracer 5.0 practice file (CNA-03-007).

• CNA-03-007.pkt, (Backup Link)
• CNA-03-007-sol.pkt, (Backup Link)

What?! Single one LAN interface to service 3 VLANs? Yes, no problem! We only have to configure it with new commands we have not learned!

Remember that in a trunk connection among switches, we have to "tag" every frame so switches can tell which frame belongs to which VLAN. If a router can also recognize and add the same tags just like switches, we can make this router "virtually" connect to all the VLANs on the switches, and thus providing across VLAN routing, using single physical LAN interface!

We usually call such router a nick name: "Router on a stick". That is, a (LAN) router with only one interface (leg)!

Since VLAN tagging is a hardware functionality, we have to remember in mind that not all routers and not all LAN interface card can support this function: router's LAN interface has to be at least 100Mbps (FastEthernet, in Cisco's term). If your router is bought recently, such as the new ISR (Integrated Service Routers) models, then this requirement is quite enough.

Our "Router on a stick" routes packets among sub-interfaces. Each sub-interface stands for a logical (virtual) interface plugged in a VLAN. The configuration is like this:

interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.100
 encapsulation dot1Q 10
 ip address 172.17.10.1 255.255.255.0
!
interface FastEthernet0/0.200
 encapsulation dot1Q 20
 ip address 172.17.20.1 255.255.255.0
!
interface FastEthernet0/0.300
 encapsulation dot1Q 30
 ip address 172.17.30.1 255.255.255.0
!

The numbers after "encapsulation dot1q 10", "encapsulation dot1q 20", and "encapsulation dot1q 30" are exactly the VLAN's ID number, used in 802.1Q tagging.

However, the number of sub-interface has no special meaning at all. I intentionally choose different sub-interface numbers (100, 200, 300) from VLAN numbers in this example.

We also have to do some configuration on switch side. We have to configure the switch port connected to the router as "Trunk mode". Router needs this to receive and send frames from and to different VLANs.

interface FastEthernet0/11
 switchport mode trunk
!

"Router on a stick" in fact solves one additional problem: scalability. No matter across how many VLANs we have to route packets, we always need only one physical LAN interface!

Consider this then you will see the problem: suppose we have to provide routing among 100 VLANs and without this function, we would be in serious trouble finding a router with 100 LAN interfaces!

Provide across 3 VLANs, Layer 3 connectivity using a router with 3 LAN interfaces (CNA-03-006)

CCNA Exploration 4.0, Semester 3, "Provide across 3 VLANs, Layer 3 connectivity using a router with 3 LAN interfaces" Packet Tracer 5.0 practice file (CNA-03-006).

 

• CNA-03-006.pkt, (Backup Link)
• CNA-03-006-sol.pkt, (Backup Link)

Previous practices we are separating PCs into different VLANs. In this practice we are going to connect them together instead using Layer 3 router!

Because only 3 VLANs, we only have to prepare a router with 3 LAN interfaces.

It wont' be difficult for you if you have get through Semester 2 well. You only have to make sure each switch ports the router's interfaces connecting to is in the same VLAN as those PCs they service. Of course, the 3 inter-switch link should also be enabled as "Trunk Link".

You can use this practice as a review of Semester 2's knowledge!

Collections of my companion practice added, right second panel

Pink Flower, what is its name?(DSC_0421),
originally uploaded by Li-Ji.

Yes! I am posting a series of Packet Tracer files I prepared for my students in Cisco Network Academy. For you to find them all quickly, I listed them in the right second panel of this blog.

I believe it would be very helpful for both network students and even instructors!

I have not posted them all yet! Keep watching the coming posts!

You are welcome to use all these file as you wish! And please do not hesitate to give me your feedback!

Observe and configure designated switch as Spanning Tree Protocol's root role (CNA-03-005)

CCNA Exploration 4.0, Semester 3, "Observe and configure designated switch as Spanning Tree Protocol's root role" Packet Tracer 5.0 practice file (CNA-03-005).

• CNA-03-005.pkt, (Backup Link)
• CNA-03-005-sol.pkt, (Backup Link)

It will not be difficult for you to maintain VLAN connectivity for both VLAN 10 and VLAN 20. We have four previous examples. Practice 1, Practice 2, Practice 3, and Practice 4.

This practice is focused on the root role switch of a Spanning Tree Protocol domain.

How important is the root role switch? Because all broadcast frames in that VLAN would go through the root role switch. That is, if your root role switch's performance is modest, you will absolutely have poor network performance as a whole.

Practically, we usually choose the best performance switch (maybe also the most expensive switch!) as the root role in a Spanning Tree Protocol domain.

Root role is automatic selected according to the Spanning Tree Protocol. If all switches are using default Spanning Tree configuration, the root role is almost "randomly" chosen, because switch with the smallest MAC addresses (treat that MAC address as a long hexadecimal number) will be elected as root role.

See below the "show spanning-tree" result on "S2". It is the elected root role switch for VLAN 1.

S2#show spanning-tree 
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0002.4AEE.B73B
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0002.4AEE.B73B
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/6            Desg FWD 19        128.6    P2p
Fa0/11           Desg FWD 19        128.11   P2p
Fa0/18           Desg FWD 19        128.18   P2p

S2#

In this practice, if we want to designate S1 as the root for VLAN 10, and S3 as the root for VLAN 20, we can issue the following commands on respective switches:

(These commands are the few exceptions of commands that won't be listed in the running-config. You have to use "show spanning-tree" command instead to observe!)

S1(config)# spanning-tree vlan 10 root primary

S3(config)# spanning-tree vlan 20 root primary

I believe you would guess there should be a "secondary" command of the same form. Exactly! This secondary command is for us to designate "backup switch" for the root role. When the root role switch dies, it will take over to be the new root role switch.

In this example we assume we also want S1 to be the backup for VLAN 20, and S3 to be the backup for VLAN 10, as root role switch. The we should issue the following commands:

S1(config)# spanning-tree vlan 20 root secondary

S3(config)# spanning-tree vlan 10 root secondary

We can use these commands to choose which switch to be the primary root role, and which switch to be the backup (secondary) root role, as the way we want!

Enable VTP to distribute VLAN information, and provide two Virtual LAN (VLAN), using 3 connected switches (CNA-03-004)

CCNA Exploration 4.0, Semester 3, "Enable VTP to distribute VLAN information, and provide two Virtual LAN (VLAN), using 3 connected switches" Packet Tracer 5.0 practice file (CNA-03-004).

• CNA-03-004.pkt, (Backup Link)
• CNA-03-004-sol.pkt, (Backup Link)

The diagram is in fact the same as the previous example. You must have noticed that it is really bothering to add VLANs on switches one after one. In this case, we are going to make use of a special automatic method by IOS itself: the VTP protocol.

VTP stands for VLAN Trunking Protocol. It is a proprietary protocols among Cisco switches to distribute VLAN information.

Although it is not difficult for you to "peep" at "CoreSwitch"'s configuration in this Packet Tracer file, I wish you do not try it. What I want you to feel is to enable VTP only and then observe "Switch1" and "Switch2" getting VLAN information automatically!

In this case, "Switch1" and "Switch2" can play the VTP role as "Client". That is, it listens VLAN information advertised from the VTP "Server" role switches.

Client Configs:

Switch1(config)#vtp mode client
Switch1(config)#vtp domain ccna
Switch1(config)#

Server Configs:

CoreSwitch(config)#vtp mode server
CoreSwitch(config)#vtp domain ccna
CoreSwitch(config)#

Just like the VLAN information, we cannot see them in the running configuration. We can issue "show vtp status" command to check VTP status.

Switch1:

Switch1#show vtp status
VTP Version                     : 2
Configuration Revision          : 4
Maximum VLANs supported locally : 255
Number of existing VLANs        : 7
VTP Operating Mode              : Client
VTP Domain Name                 : ccna
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x9E 0x49 0xD8 0xC7 0xED 0x7C 0xB2 0x01 
Configuration last modified by 20.1.1.101 at 3-1-93 00:01:58
Switch1#

CoreSwitch:

CoreSwitch#show vtp status
VTP Version                     : 2
Configuration Revision          : 4
Maximum VLANs supported locally : 255
Number of existing VLANs        : 7
VTP Operating Mode              : Server
VTP Domain Name                 : ccna
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x9E 0x49 0xD8 0xC7 0xED 0x7C 0xB2 0x01 
Configuration last modified by 20.1.1.101 at 3-1-93 00:01:58
Local updater ID is 20.1.1.101 on interface Vl1 (lowest numbered VLAN interface found)
CoreSwitch#

Providing two Virtual LAN (VLAN), using 3 connected switches (CNA-03-003)

CCNA Exploration 4.0, Semester 3, "Providing two Virtual LAN (VLAN), using 3 connected switches" Packet Tracer 5.0 practice file (CNA-03-003).

• CNA-03-003.pkt, (Backup Link)
• CNA-03-003-sol.pkt, (Backup Link)

This practice is continued from previous Practice 1 and Practice 2. Essentially, we must configure the two "Inter-switch Links" manually as "Trunk Link".

But that's not enough. One thing I have to point out is we also have to declare VLAN 10 and VLAN 20 in the middle switch: "CoreSwitch". We often forget about this when we implement LAN switching.

Why should we do this? This is because of the design of a hardware switch. It cannot "guess" how many VLANs could be there. Switches only separate and forward frames tagged as certain VLANs when it knows those VLANs exist. If we forget to declare them, then the "CoreSwitch" will not recognize frames tagged as VLAN 10 and VLAN 20, and thus drops all frames of them. We lose connectivity for both VLAN 10 and VLAN 20 in the end.

Then why we do not have to "declare" VLAN 10 and VLAN 20 in previous examples? This is because when we configure some switch port as access link of "VLAN 10", Cisco IOS add "VLAN 10" automatically for us. The same thing happens for VLAN 20, too. However, because we do not configure any switch ports in "CoreSwitch" as neither VLAN 10 nor VLAN 20, we have to declare them by ourselves.

CoreSwitch(config)#vlan 10
CoreSwitch(config-vlan)#exit
CoreSwitch(config)#vlan 20
CoreSwitch(config-vlan)#exit
CoreSwitch(config)#

We cannot know from "running-config" about which VLANs are added. We have to issue "show vlan" command to display the VLANs we successfully declared.


Before we add VLANs:

CoreSwitch#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig1/1, Gig1/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
1002 enet  101002     1500  -      -      -        -    -        0      0
1003 enet  101003     1500  -      -      -        -    -        0      0
1004 enet  101004     1500  -      -      -        -    -        0      0
1005 enet  101005     1500  -      -      -        -    -        0      0

CoreSwitch#

After we declared VLANs, we will see the differences:

CoreSwitch#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24, Gig1/1, Gig1/2
10   VLAN0010                         active    
20   VLAN0020                         active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
10   enet  100010     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0
1002 enet  101002     1500  -      -      -        -    -        0      0
1003 enet  101003     1500  -      -      -        -    -        0      0
1004 enet  101004     1500  -      -      -        -    -        0      0
1005 enet  101005     1500  -      -      -        -    -        0      0

CoreSwitch#

Providing two Virtual LAN (VLAN), using 2 connected switches (CNA-03-002)

CCNA Exploration 4.0, Semester 3, "Providing two Virtual LAN (VLAN), using 2 connected switches" Packet Tracer 5.0 practice file (CNA-03-002).

• CNA-03-002.pkt, (Backup Link)
• CNA-03-002-sol.pkt, (Backup Link)

Continuing from previous example, but we add one more switch to do the same thing.

Looking at the only link between the two switches in the diagram, we now have to "mix" frames in the two Virtual LANs (VLANs) going through that link. Of course, if we add up more VLANs, the same link would get more frames belonging to more different VLANs mixing in that link.

Then how can a switch tell which frame belongs to which VLAN? Yes, adding tags on each frame is a great solution! Cisco 2950s and Cisco 2960s support only one type of tagging: IEEE 802.1Q.

If a inter-switch link is mixing frames from different VLANs,  we call it a "Trunk Link". The ports of its both sides are called "Trunk Ports" Just like a real tree, while the "trunk" nourishes branches and leaves, a "trunk link" services several VLANs.

If a switch port is used for one PC or one server only, then we do not have to mix and add tags. These ports are just "normal" Ethernet switch ports without any tagging. We call them "Access Link". The switch ports of its both sides are called "Access Ports".

From the diagram and above discussion, we know we have to configure the only link as "Trunk Link". The simplest way to do so is to "manually" configure both sides of the link into mode "Trunk".

The example is like this:

interface FastEthernet0/11
 switchport mode trunk

The other configuration is just the same as the previous example. You can check the Packet Tracer files yourself!

Does Cisco's Packet Tracer software support BGP?

Tamshui View (DSC_0217),
originally uploaded by Li-Ji.

I was totally wrong on this post! Please go to this new page instead!

Show IP Protocols: BGP sample practice, in the new Packet Tracer 5.3

I tested. No!

Will BGP be added into it? I do not think so!

Cisco's Packet Tracer software is just for very entry level learners of Cisco and network technologies. It is designed for pre-CCNA or CCNA people's practicing only!

Then how to practice BGP? Maybe "Dynamips" is a good idea!

Enable Virtual LAN (VLAN) to seperate two Layer 2 worlds (CNA-03-001)

CCNA Exploration 4.0, Semester 3, "Enable Virtual LAN (VLAN) to seperate two Layer 2 worlds" Packet Tracer 5.0 practice file (CNA-03-001).

• CNA-03-001.pkt, (Backup Link)
• CNA-03-001-sol.pkt, (Backup Link)

Virtual LAN (VLAN) service, for short, is to make one physical switch look like and used like multiple logical switches. This is indeed a "virtualization" of Ethernet switches, just like the concept of "virtualization computing" now. "Virtualization computing" is quite a hot topic recently. If you have used VMWare or Microsoft Virtual PC, you would know what virtualization is!

Virtual LAN <---> Virtual Machine

I will talk more about "Virtualization" in the future! Let's go back to the main topic.

This practice is to get familiar with assigning different switch ports to different VLANs.

According to the requirements displayed in the diagram, once we assign the switch ports connecting to PC1 and PC3 to VLAN 10, and then assign switch ports connecting to PC2 and PC4 to VLAN 20, our jobs are done. Two worlds are seperated!

To assign switch port to designated VLAN we can configure like the this: (Suppose the designated VLAN number is 10)

interface FastEthernet 0/1
 switchport access vlan 10

Observe and solve Classful addressing problem, using OSPF (CNA-02-007)

CCNA Exploration 4.0, Semester 2, "Observe and solve Classful addressing problem, using OSPF" Packet Tracer 5.0 practice file (CNA-02-007).

• CNA-02-007.pkt, (Backup Link)
• CNA-02-007-sol.pkt, (Backup Link)

I like to use OSPF because I do not have to worry about any "Classful" problem at all: there is no "Classful" function in its design and no backward compatibility burdens. No "no auto-summary" command in OSPF!

As long as OSPF is running fine, all routes would also be fine!

R2>sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 2 subnets
O       10.1.1.0 [110/65] via 172.30.2.1, 00:00:24, Serial0/0/0
O       10.2.2.0 [110/65] via 192.168.4.1, 00:00:24, Serial0/0/1
     172.30.0.0/24 is subnetted, 3 subnets
O       172.30.1.0 [110/65] via 172.30.2.1, 00:00:24, Serial0/0/0
C       172.30.2.0 is directly connected, Serial0/0/0
C       172.30.3.0 is directly connected, FastEthernet0/0
C    192.168.4.0/24 is directly connected, Serial0/0/1
O    192.168.5.0/24 [110/65] via 192.168.4.1, 00:00:24, Serial0/0/1
R2>