1 / 71

Cisco Troubleshooting training

Cisco Troubleshooting training. 1. day IP addressing, routing and bridging basics OSPF routing protocol BGP routing protocol 2. day Cisco 2600 and 7200 family overview Troubleshooting techniques on Cisco routers Configuration analysis. IP Address Configuration. TCP/IP Address Overview.

cleary
Download Presentation

Cisco Troubleshooting training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cisco Troubleshooting training • 1. day • IP addressing, routing and bridging basics • OSPF routing protocol • BGP routing protocol • 2. day • Cisco 2600 and 7200 family overview • Troubleshooting techniques on Cisco routers • Configuration analysis

  2. IP Address Configuration

  3. TCP/IP Address Overview

  4. IP Addressing 32 Bits Network Host 8 Bits 8 Bits 8 Bits 8 Bits 172 . 16 . 122 . 204

  5. IP Address Classes • Class A: • Class B: • Class C: • Class D: for multicast • Class E: for research N= Network number assigned by NIC H= Host number assigned by network administrator N H H H N N H H N N N H

  6. Recognizing Classes in IP Addresses (First Octet Rule) High Order Bits Octet in Decimal Address Class 0 10 110 1 - 126 128 - 191 192 - 223 A B C

  7. Configuring IP Addresses

  8. Host Addresses 172.16.200.1 10.1.1.1 E0 E1 172.16.3.10 10.250.8.11 172.16.12.12 10.180.30.118 IP:172.16.2.1 IP:10.6.24.2 . 172.16 12 . 12 Routing Table Network Interface 172.16.0.0 E0 10.0.0.0 E1 Network Host

  9. Subnetting Addressing 172.16.2.200 172.16.3.5 E0 E1 172.16.2.2 172.16.3.100 172.16.2.160 172.16.3.150 IP:172.16.2.1 IP:172.16.3.1 New Routing Table Network Interface 172.16.2.0 E0 172.16.3.0 E1 . 172.16 2 . 160 Network Subnet Host

  10. Subnet Mask Network Host IP Adresses Default Subnet Mask 8-bit Subnet Mask 172 16 0 0 Network Host 255 255 0 0 Network Subnet Host 255 255 255 0 Use host bits, starting at the high order bit position

  11. Broadcast Address 172.16.3.0 172.16.3.0 172.16.1.0 172.16.3.255 (Directed broadcast) 172.16.2.0 255.255.255.255 (Local Network broadcast)

  12. IP Address Configuration • Assigns an address and subnet mask • Start IP processing on an interface Router (config-if) # ip address ip-address subnet-mask Router (config) # term ip netmask-format • Sets format of network mask as seen in show commands

  13. IP Host Names • Define statics host name to IP address mapping Router (config) # ip host name [tcp-port-number] address [address] . . . ip host tokyo 1.0.0.5 2.0.0.8 ip host tokyo 1.0.0.4 • Hosts/interfaces selectable by name or IP address

  14. Name Server Configuration • Specifies one or more hosts that supply host name information Router (config) # ip name-server server-address1 [[server-address2] . . . [server-address6]

  15. Name System • DNS enables by default Router (config) # ip domain-lookup Router (config) # no ip domain-lookup • Turns off the name service

  16. Simple Ping • Test IP network connectivity Router> ping 172.16.101.1 Type escape sequence to abort timeout is 2 second Success rate is 80 percent, round-trip min/avg/max = 6/6/6 ms Router> Sending 5, 100-byte ICMP Echos to 172.16.101.1, . ! ! ! !

  17. Extended Ping Router# ping Repeat count [5]: Datagram size [100]: Timeout in second [2]: Extended commands [n] : z Source address: Type of service [0]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of siyes [n]: Tzpe escape sequence to abort. Sending 5, 100/bzte ICMP Echos to 192.168.101.162, timeout is 2 second: ! ! ! ! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms Router# • Ping supported for several protocols Protocol [ip]: Target IP address: 192.168.101.162 Set DF bit in IP header? [no] : yes

  18. IP Trace • Shows interface addresses used to reach the destination Router# trace aba.nyc.mil Type escape sequence to abort. 1 debris.cisco.com (172.16.1.6) 1000 msec 8 msec 4 msec 2 barrnet-gw.cisco.com (172.16.16.2) 8 msec 8 msec 8 msec 3 externa-a-gateway.stanford.edu (192.42.110.225) 8 msec 4 msec 4 msec 4 bb2.su.barrnet.net (131.119.254.6) 8msec 8 msec 8 msec 5 su.arc.barrnet.net (131.119.3.8) 12 msec 12 msec 8 msec 6 moffett-fld-mb.in.mil (192.52.195.1) 216 msec 120 msec 132 msec Tracing the route to aba.nyc.mil (26.0.0.73) 7 aba.nyc.mil (26.0.0.73) 412 msec * 664 msec

  19. Summary IP addresses are specified in 32-bit dotted decimal format Router interface can be configured with an IP address ping and trace commands can be used to verify IP address configuration

  20. IP Routing Configuration

  21. IP Routing Learns Destinations • Static routes • Default routes • Dynamic routing

  22. Static Route Configuration • Define a path to an IP destination network or subnet Router (config) # ip route network [mask] {address | interface }[distance]

  23. Static Route Configuration 172.16.2.2 Cisco A S1 Cisco B S0 E0 S2 S0 172.16.2.1 ip route 172.16.1.0 255.255.255.0 172.16.2.1

  24. Default Route Configuration • Define a default route Router (config) # ip default-network network-number

  25. Default Route Example Company X Public Network Cisco A 192.168.17.0 Network 172.16.0.0 Subnet Mask 255.255.255.0 Cisco A router rip network 172.16.0.0 network 192.168.17.0 ip default-network 192.168.17.0

  26. Interior or Exterior Routing Protocols • RIP • IGRP Exterior Routing Protocols Autonomous System 100 Autonomous System 200 Interior Routing Protocols:

  27. IP Routing Protocol Mode Router (config)# router ? bgp Border Gateway Protocol (BGP) egp Exterior Gateway Protocol (EGP) eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) isis ISO-IS IS iso-igrp IGRP for OSI network mobile Mobile router odr On Demand stub Router ospf Open Shorted Path First (OSPF) rip Routing Information Protocol (RIP) static Static routes Router (config) # router rip Router configuration commands: default-information control distribution of default information default-metric Set metric of redistrative router distance Define an administrative distance distance-list Filter network in routing updates exit Exit from routing protocol configuration mode --- More --- Router (config-router) # ?

  28. Interior IP Routing Protocols Application Transport Internet Network Interface Hardware Routing Information Protocols (RIP) Interior Gateway Routing Protocols (IGRP) Open Shorted Path First Protocols (OSPF) Enhanced IGRP (EIGRP)

  29. IP Routing Configuration Tasks • Global configuration • Select routing protocol(s) • Specify network(s) Network 172.16.0.0 RIP IGRP IGRP, RIP • Interface configuration • Verify address/subnet mask Network 160.89.0.0 RIP Network 172.30.0.0

  30. Dynamic Routing Configuration • Defines an IP routing protocol Router (config) # router protocol [keyword] Router (config-router) # Network network-number • The network subcommand is a mandatory configuration command for each IP routing process

  31. Summary Routers can be configured to use one or more IP routing protocols Two IP routing protocols are: RIP IGRP

  32. TCP/IP Access Lists

  33. Managing IP Traffic Overview • Limit traffic and restrict network use FTP Broadcast • Enable directed forwarding of broadcasts

  34. Access List Application • Access lists control packet movement through a network Transmission of packets on an interface Virtual terminal line access ( IP)

  35. Other Access List Uses • Access lists are multipurpose Priority and custom queuing Queue List Dial-on-demand routing Route filtering Routing table

  36. Key Concepts for IP Access Lists • Standard lists (1 to 99) test conditions of all IP packets from source addresses • Extended lists (100 to 199) can test conditions of • Source and destination addresses • Specific TCP/IP-suite protocols • Destination • Wildcard bits indicate how to check the corresponding address bits (0=check, 1=ignore)

  37. How to Use Wildcard Mask Bits • 0 means check corresponding bit value • 1 means ignore value of corresponding bit 128 64 32 16 8 4 2 1 0 0 0 0 0 0 0 0 = 0 0 1 1 1 1 1 1 = 0 0 0 0 1 1 1 1 = 0 0 0 0 0 0 1 1 = 1 1 1 1 1 1 1 1 = Octet bit position and address value for bit Examples Check all address bits (match all) Ignore last 6 address bits Ignore last 4 address bits Ignore last 2 address bits Do not check address (ignore bits in octet)

  38. How to Use Wildcard Mask Bits (cont.) • Address and wildcard mask: 172.30.16.0 0.0.15.255 IP access list test conditions: Check for IP subnets 172.30.16.0 to 172.30.31.0 network.host 172.30.16.00 0 0 0 1 0 0 0 0 Wildcard mask to match bits: 0000 1111 check ignore

  39. How to Use the Wildcard any • Accept any address: 0.0.0.0 255.255.255.255; abbreviate the expression using the keyword any Test conditions: Ignore all the address bits (match any) Any IP address 0 . 0 . 0 . 0 Wildcard mask: 255.255.255.255 (ignore all)

  40. How to Use the Wildcard host • Abbreviate the wildcard using the IP address followed by the keyword host. For example, 172.30.16.29 host • Example 172.30.16.29 0.0.0.0 checks all the address bits Test conditions: Check all the address bits (match all) An IP host address, for example: 172.30.16.29 Wildcard mask: 0.0.0.0 (check all bits)

  41. IP Standard Access List Configuration • Sets parameters for this list entry • IP standard access lists use 1 to 99 Router (config) # access-list access-list-number { permit | deny } source [source-mask] Router (config) # ip access-group access-list-number { in | out } • Activates the list on an interface

  42. Inbound Access List Processing For Standard IP Access Lists No Incoming packet Access list? Yes Next entry in list Does source address match? Yes No Yes More entries? Apply condition No Route to interface Deny Permit ICMP Message Forward Packet

  43. Outbound Access List Processing For Standard IP Access Lists No Route to interface Incoming packet Access list? Yes Next entry in list Does source address match? Yes No Yes More entries? Apply condition No Deny Permit ICMP Message Forward Packet

  44. Standard Access List Example 172.16.3.0 Non- 172.16.0.0 172.16.4.0 • Permit my network only 172.16.4.13 S0 E0 E1 access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip accress-group 1 out interface ethernet 1 ip access-group 1 out

  45. Extended IP Access Lists • Allow more precise filtering conditions • check source and destination IP address • Specify an optional IP protocol port number • Use access list number range 100 to 199

  46. Extended Access List Configuration • Activates the extended list on an interface Router (config) # access-list access-list-number { permit | deny } protocol source source-mask destination destination-mask [operator operand] [established] • Sets parameters for this list entry • IP uses a list number in range 100 to 199 ip access-group access-list-number { in | out }

  47. ICMP Command Syntax • Filters based on icmp messages Router (config) # access-list access-list-number { permit | deny }{source source-wildcard |any} {destination destination-wildcard | any } icmp [icmp-type [ icmp-code] | icmp-message ]

  48. TCP Syntax • Filters based on tcp/tcp port number or name Router (config) # access-list access-list-number { permit | deny } [ operator source-port| source-port] {destination destination-wildcard | any } tcp {source source-wildcard |any} [operator destination-port | destination-port ] [established]

  49. UDP Syntax • Filters based on udp protocol or udp port number or name Router (config) # access-list access-list-number { permit | deny }{source source-wildcard |any} [ operator source-port| source-port ] {destination destination-wildcard | any } udp [operator destination-port | destination-port ]

  50. Extended Access List Processing No packet Access list? Does not match Yes Match Source address Match Destination address Match Protocol? * Match Protocol options ? Apply condition Next entry in list Next entry in list Deny Permit ICMP Message Forward Packet * If present in access list

More Related