Important show commands

show ip route
show int
show ip int
show protocols
show processes
show ip ospf neighbor
show ip ospf interface
show ip ospf 10

[Router#show ip ospf ?
  <1-65535>       Process ID number ]

show vlan
show vlan brief
show vlan id
show vlan name

Switch#show cdp ?

entry Information for specific neighbor entry

interface CDP interface status and configuration

neighbors CDP neighbor entries

<cr>

Switch#show cdp entry ?

* all CDP neighbor entries

WORD Name of CDP neighbor entry

Switch#show cdp neighbors ?

detail Show detailed information

<cr>

show hosts

Stateless Autoconfig vs Stateful.

Stateless Autoconfiguration (eui-64)

1.Devices address themselves with link-local and global-unicast address.
2.Used : Prefix from Router  and hosts own interface MAC address.
3.MAC  changed by inserting FF:FE and inverts 7th bit from left.
4.For a Global Unicast IP , Router prefix is required.
5.For a Link local IP , the hosts MAC is enough.
   A Host/PC uses this method to get a Link Local Address itself.     

Example :
MAC address 0090:2716:fd0f
Router prefix 2001:0db8:0:1::1/64

Host IPv6: 2001:0db8:0:1:0290:27ff:fe16:fd0f

Note ff fe is inserted and in the 7th bit
from the left in the MAC  which is 0000 0000
is inverted and we get 0000 0010.
Binary 0010 is 2 in decimal.

NOTE FOR HOST TO GET IP , ipv6 unicast-routing has
to be enabled in the Router.On the Host use autoconfig
option as shown in figure.

Stateful is DHCPv6 theory is in Cisco Press Odom Books.

Extended Ping

Router#ping
Protocol [ip]:
Target IP address: 192.168.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
[type y or yes here to get extended commands ]
Source address or interface: 192.168.10.1

[ Note : Source  IP or Interface must be up and up meaning
it must be enabled with no shutdown and IP assigned and
line detect or a host/switch etc connected to other end ]
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/7/19 ms

Complete Extended Ping from Cisco.

OSPF Passive Interface

1.Configured on an Interface.
2.Command

Router(config)#router ospf 10
Router(config-router)#passive-interface ?
  Ethernet         IEEE 802.3
  FastEthernet     FastEthternet IEEE 802.3
  GigabitEthernet  GigabitEthernet IEEE 802.3
  Loopback         Loopback interface
  Serial           Serial
  Vlan             Vlan interface
  default          Suppress routing updates on all interfaces
Router(config-router)#passive-interface g0/2 192.168.1.2 

3.What it does ?
 Its a feature you enable on a per interface basis which allows a particular
 interface to participate in a routing process but prevents that interface from
 forming neighbor relationships by not sending hello packets and discarding
 received hello packets.
 Stops sending hello messages down a link.Maybe to restrict hello messages
 being sent down to a L2 Switch.No point sending hello's to a L2 Switch as a
 Router will not form a neighbour relationship with it.
                            Also could be a security risk if someone connected to a
L2 Switch starts replying with fake hello messages and hence forms
neighbour relationships .This could be used to  advertise fake routes.

4.Verification :

             Router#show ip ospf int g0/2
                   >>  No Hellos (Passive interface)

CCENT Labs on Packet Tracer

Labs: All Configuration and
         Show , Debug commands


Ping
IP
Secondary IP - not possible on PT, need GNS3
Interface description
Interface speed, duplex
Enable secret,password -indepth
Banner
Telnet,Console,Aux
Copy command TFTP etc ,backup restore config
CDP
SSH
DHCP
NTP
Static Route
Floating Static Route
Default route

Switch Basic configuration and Management IP and default Gateway
Assigning VLAN 1 or native vlan or any VLAN IP via DHCP and Manually
VLAN
Allowed VLANS all options
Changing Native VLAN of a Trunk Port
IP Default gateway (without which cannot remotely ping or telnet)
Shutdown unsued ports and Port range command
Port modes
Trunk port multi VLAN and changing Trunk encapsulation to dot1q to allow Trunk
InterVLAN Basic Switch and L3 Switch
switchport security and violation modes
Err disable recovery
(When a violation is detected, the switch automatically places the port in the
 "err-disabled" shutdown state.
By default, manual intervention by an administrator is necessary
to restore the interface to working order; this can be done by issuing
shutdown followed by no shutdown on the interface. )

OSPF Basic configuration
OSPF Cost, Priority,hello-interval,dead-interval
OSPF cost : command on interface = ip ospf cost , route (interface ) with lowest cost is preffered
                    in lab a iterfaces cost is increased so that another route/interface/router is choosen
OSPF default information originate
OSPF Passive interface ,passive interface default
Wild card masking
L3 Switch all above configurations.

Standard ACL
Extended ACL
Named ACL
InterVLAN ACL applied to subinterfaces.
Incoming versus Outgoing ACL
Port range used with ACL
DNS Block UDP for PC's as TCP is server and will not work , UDP works.
ICMP ACL incoming other end echo-reply block
Wild card masking
Named ACL incoming from left side http
Log
Log option

Static NAT
Dynamic NAT
PAT

IPv6 Interface address assignment types , IPv6 enable to interface and IPv6 autoconfif config mode
Manual assignment of all types of addresses and ping , different subnets and /
Note Ping possible even to local Router after a unique local or global IP is asigned.
Only link local ping not possible.
IPv6 Static route using Unique local and Global IP
IPv6 Stateless autoconfiguration FF FE and 7th bit
IPv6 DHCP
IPv6 OSPFv3
IPv6 Subnets

Ping, Extended Ping , Traceroute, SSH,Telnet
Troubleshoot and resolve Layer 1 problems
Framing ,CRC , Runts , Giants , Dropped Packets
Late Collisions , Input/Output errors

Fundamental Routing Concept.

Routers and L3 Switches need a way back to respond
to Ping or respond to Routing Protocol communication.
Simply put a Router/L3 Switch needs a Route in it's Routing
Table if communication has to happen either forward or
in response.

Note : L3  switches can be configured with static,default
           and routing protocols.

InterVLAN betwene PC and Router

 

InterVLAN  between a PC and Router

Router configuration on the Router0 on the right :

no ip routing (routing is disabled)

interface GigabitEthernet0/0

 ip address 192.168.2.2 255.255.255.0

ip default-gateway 192.168.2.1(gateway is switch interface)

[Note if gateway is not configured than a default route or

  static routes  have to be configured on the Router as it 

  should know a way to the subnets ]

Switch configuration:

ip routing (routing is enabled)

 interface Vlan10

 ip address 192.168.1.1 255.255.255.0
interface Vlan20
 ip address 192.168.2.1 255.255.255.0

PC is the basic configuration of IP and Gateway.

Headers

             
                                                         TCP

 

                                                             UDP

 

IPv6

DHCP and other pointers

NOTE : Configuring a switch as a DHCP server requires
             the Native VLAN Interface to be UP and assigned
             with an IP.

Native VLAN defaulte is VLAN 1 to change use  switchport
native vlan vlan_id.

Native VLAN setting for trunk should match on all switches.

Can disable Routing on a Router using no ip routing  .

ACL Types

Standard  1-99, 1300-1999
Extended  100 - 199 , 2000 - 2699

Numbered
Named

Dynamic(authenticate than extend)
Reflexive (session based)
Time Based.

VTY access ACL

DR BDR Election explained.

 

Click Figure to Enlarge.  

DR/BDR election is per multi access segment.

Look at the figure.There are three segments.

Segment 1 is the Green one.
This contains interfaces g0/0 ,g0/1 on Router 0
and interfaces g0/0 ,g0/1 on Router 1.

Segment 2 is the Purple one.
This contains interfaces g0/0 ,g0/1 on Router 1
and interfaces g0/0  , g0/1 on Router 2.

Segment 3 is the Blue one.
This contains interfaces g0/0 ,g0/1 on Router 2
and interfaces g0/0 , g0/1 on Router 0.

Now I ran show ip ospf neighbor on all the Routers.

Router1#show ip ospf neighbor


Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.3.1       1   FULL/DR         00:00:31    192.168.1.1     GigabitEthernet0/0
192.168.3.2       1   FULL/DR         00:00:37    192.168.2.2     GigabitEthernet0/1
Router#

Router2#show ip ospf neighbor


Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.2.1       1   FULL/BDR        00:00:31    192.168.2.1     GigabitEthernet0/0
192.168.3.1       1   FULL/BDR        00:00:31    192.168.3.1     GigabitEthernet0/1


Router0#show ip ospf neighbor


Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.2.1       1   FULL/BDR        00:00:39    192.168.1.2     GigabitEthernet0/0
192.168.3.2       1   FULL/DR         00:00:35    192.168.3.2     GigabitEthernet0/1

This is the output.

Note show ip ospf neighbor  shows the router-id of 
neighbouring routers.
 router-id is assigned/selected as follows:
1.Manually using router-id command , if not than
2.The highest ip of a loopback interface ,if not than
3.The highest IP of a physical interface .


The command show ip ospf neighbor shows the highest IP on its
neighbouring Routers.And it shows in each segment and I mean
specifically in that segment what state that neighbouring Router
is in DR or BDR.

For example in Router1 on the top it shows in segment 1 which is
the green one that Router0 with associated IP 192.168.3.1 is the
DR as in that segment 192.168.3.1 is the highest IP.


In segment 2 the purple one , Router2 with associated IP 192.168.3.2
is the DR as 192.168.3.2 is the highest IP in that segment.

Next running command on Router2:
This shows its neighbours Router1 and Router0.
Router1 along with Router2 comes in segment 2 and 192.168.2.1
is the BDR . Note there is IP 192.168.2.2 in this segment , but this
is on the same Router as the DR .Cannot have DR and BDR on the
same router.The idea of having a BDR is if the DR goes down.

Again same output of Router2 192.168.3.1  is the BDR as on that
segment which is segment 3 the blue one 192.168.3.1 is the second
highest IP and 192.168.3.2 is the first highest or simply highest IP.
Therefore 192.168.3.2 is the DR and 192.168.3.1 is the BDR.

Next I added a loopback interface on Router1 and the DR/BDR
election process is influenced as the loopback interface takes
precedence.

Output on Router2
Router2#show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.10.10     1   FULL/DR      00:00:30   192.168.2.1     GigabitEthernet0/0
192.168.3.1       1   FULL/BDR        00:00:30    192.168.3.1     GigabitEthernet0/1



DR/BDR election is per multi-access segment not per area!.
This is the reason we see multiple  DR's and BDR's.

NOTE:
OSPF sends multicast traffic using a TTL of 1.This can be a issue 
in an Hub and Spoke Network(Frame Relay).Hence in a hub and 
spoke network if Multicast traffic traverses more than one Router 
than the packet TTL is decremented to zero and dropped.
In such cases certain Routers must be configured never to 
become DR/BDR  by setting interface priority to 0.

Ping Fundamentals.

1.PC to PC connected directly  using crossover cable.
   Will Ping if IP subnet is same.
   Will not Ping if IP Subnet differs.

2.Two PC's connected to a Switch ,each in a different Subnet
   will not ping as Switch cannot do routing.Even on L3 Switch
   with IP Routing enabled Ping will not work as the Host/PC
   needs a default Gateway and the switch interface cannot be
   assigned gateway IP like a Router and int vlan 1 / native vlan
   can be assigned only one IP (wonder if vlan interfaces can
   be assigned secondary IP's). To do this on an L3 switch
   add interface to another VLAN and give that interface
   an IP and enable ip routing which would be inter VLAN
   routing on an L3 switch.

3.If an IP is assigned to a Router interface and Ping is tested
   from same Router, Ping will not work until there is a line
   detect / keepalives that is a Host/Router is connected to other
   end.This is needed even to test Ping from same Router.

4.Ping between Two switches possible.If
      > both connecting interface's belong to same VLAN
         Number on there respective switch
      > IP Subnet is same.

5.A Loopback Interface can be pinged from another Router
   as long as there is a Route to the loopback IP subnet in
   the Routing Table of the Router from which the Ping is
   issued.The Route can be got from a Routing protocol
   from the Router having the loopback int or a static or
   default route has to be added.
   Simply No Route in the Routing Table no Path hence no Ping.

6.Two Routers connected to a switch with IP in same subnet will
   ping each other.Connected directly will also ping as along gas
   subnet is same.

7.  Ping to a Router/Host  will not work if there is not a reverse 
    path.This is the most fundamental routing fact.Packets need 
    to know a route back to the originating ping or any other form 
    of communication.Hosts/PC's will go back to the gateway which 
    will be a Router and the Router must have a route back in its 
    routing table.The route can be from a routing protocol or 
    default or static route.

OSPF DR BDR Cram

OSPF:
 DR is designated Router
 BDR is backup designated Router
 DROTHER when a Router is not a DR or BDR

 DR BDR Election
 DR highest Priority or highest router-id
 BDR is second highest Priority or second highest router-id.

 Router-id election :
1.Highest router-id manually configured.
1.Highest loopback IP
2.Highest interface IP

Note OSPFv3 uses the same election process and the 
loopback or interface ip must be IPv4 note. 

Priority configuration

Router(config)#interface fastEthernet 0/0
Router(config-if)#ip ospf priority 200

Priority is a number between 0 to 255
0 means that Router will never become DR/BDR


Two Multicast addresses:
224.0.0.6: All Routers send messages/LSA's to only the DR and BDR using 
                this Multicast address. All designated Routers address.
224.0.0.5: Designated Routers or DR's send information too all Routers
                 using this Multicast address. All OSPF Routers address.

The way in which OSPF routers address OSPF packets varies with the
OSPF network type.
Broadcast Networks    For broadcast networks, OSPF routers use
the following two reserved IP multicast addresses:

• 224.0.0.5 - AllSPFRouters: Used to send OSPF messages to all OSPF routers on the same network. The AllSPFRouters address is used for
  Hello packets. The DR and BDR use this address to send Link State
  Update and Link State Acknowledgment packets.
  
• 224.0.0.6 - AllDRouters: Used to send OSPF messages to all OSPF DRs
  (the DR and the BDR) on the same network. All OSPF routers except
  the DR use this address when sending Link State Update and Link
  State Acknowledgment packets to the DR.
  

Point-to-Point Networks    Point-to-Point networks use the AllSPFRouters address (224.0.0.5) for all OSPF messages.
NBMA Networks    NBMA networks have no multicasting capability.
Therefore, the destination IP address of any Hello or Link State packets
is the unicast IP address of a specific neighbor. The neighbor IP address
is a required part of OSPF configuration for NBMA network links.



If DR fails, BDR takes over its role of  redistributing routing information.

NOTE – on point-to-point links a DR and BDR are not elected 
since only  two routers are directly connected.

On LANs, DR and BDR have to be elected.

DR/BDR election is per multi-access segment,not per area. 
Multi access segment is not a subnet as can have multiple 
subnets.For each segment there will be a DR/BDR election.

Router#clear ip ospf process
or use
Router#reload

show ip ospf neighbor

Best Place to Learn LINK

Secondary IP

Secondary IP
Enables one Router interface to be assigned with Two/Many IP's.
[No limit to secondary IP's assigned to a Router Interface ]
This enables more than One Subnet to exist on the LAN which will have
the same Router Interface as Gateway but IP address/subnet is different.

 

http://blog.alwaysthenetwork.com/tutorials/secondary-ip-addresses/