Date post: | 20-Jun-2015 |
Category: |
Technology |
Upload: | arnold-derrick-kinney |
View: | 488 times |
Download: | 0 times |
www.professordkinney.com
Establishing Internet Connectivity
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Lessons Objectives:Exploring the Packet-Delivery Process.Enabling Static Routing.Managing Traffic Using ACLs.Enabling Internet Connectivity.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Exploring the Packet-Delivery Process-Router Paths and Packet SwitchingInternet Protocol (IP) packet format contains fields
that provide information about the packet and the sending and receiving hosts
Fields that are importance for CCNA students:-Destination IP address-Source IP address-Version & TTL-IP header length-Precedence & type of service-Packet length
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
MAC Layer Frame Format-MAC Frames are also divided into fields. They
include:-Preamble-Start of frame delimiter-Destination MAC address-Source MAC address-Type/length-Data and pad-Frame check sequence
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
A Metric is a numerical value used by routing protocols help determine the best path to a destinationThe smaller the metric value the better the path
2 types of metrics used by routing protocols are:-Hop count - this is the number of routers a packet must travel
through to get to its destination-Bandwidth - this is the “speed” of a link also known as the data
capacity of a link
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Equal cost metric is a condition where a router has multiple paths to the same destination that all have the same metric
To solve this problem., a router will use Equal Cost Load Balancing. This means the router sends packets over the multiple exit interfaces listed in the routing table.
Path determination is a process used by a router to pick the best path to a destination
One of 3 path determinations results from searching for the best path Directly connected network Remote network No route determined
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Switching Function of Router is the process used by a router to switch a packet from an incoming interface to an outgoing interface on the same router.A packet received by a router will do the
following: Strips off layer 2 headers. Examines destination IP address located in
Layer 3 header to find best route to destination. Re-encapsulates layer 3 packet into layer 2
frame. Forwards frame out exit interface.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
As a packet travels from one networking device to another
-The Source and Destination IP addresses NEVER change
-The Source & Destination MAC addresses CHANGE as packet is forwarded from one router to the next.
-TTL field decrement by one until a value of zero is reached at which point router discards packet (prevents packets from endlessly traversing the network)
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Path determination and switching function details. PC1 Wants to send something to PC 2 here is part of what happens Step 1 - PC1 encapsulates packet into a frame.
Frame contains R1’s destination MAC address
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Step 2 - R1 receives Ethernet frame. R1 sees that destination MAC address
matches its own MAC. R1 then strips off Ethernet frame. R1 Examines destination IP. R1 consults routing table looking for
destination IP. After finding destination IP in routing table,
R1 now looks up next hop IP address. R1 re-encapsulates IP packet with a new
Ethernet frame. R1 forwards Ethernet packet out Fa0/1
interface.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Path determination and switching function details. PC1 Wants to send something to PC 2 here is part of what happens Step 3 - Packet arrives at R2
R2 receives Ethernet frame R2 sees that destination MAC address matches its
own MAC R2 then strips off Ethernet frame R2 Examines destination IP R2 consults routing table looking for destination IP After finding destination IP in routing table, R2 now
looks up next hop IP address R2 re-encapsulates IP packet with a new data link
frame R2 forwards Ethernet packet out S0/0 interface
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Path determination and switching function details. PC1 Wants to send something to PC 2 here is part of what happens Step 4 - Packet arrives at R3
R3 receives PPP frame R3 then strips off PPP frame R3 Examines destination IP R3 consults routing table looking for destination IP After finding destination IP in routing table, R3 is
directly connected to destination via its fast Ethernet interface
R3 re-encapsulates IP packet with a new Ethernet frame
R3 forwards Ethernet packet out Fa0/0 interfaceStep 5 - IP packet arrives at PC2. Frame is
decapsulated & processed by upper layer protocols.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Purpose of a static routeA manually configured route used when
routing from a network to a stub network
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
IP route command To configure a static route use the following
command: ip route Example:
-Router(config)# ip route network-address subnet-mask {ip-address | exit-interface }
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Understanding static route syntax ip route - Static route command 172.16.1.0 – Destination network address 255.255.255.0 - Subnet mask of destination
network 172.16.2.2 - Serial 0/0/0 interface IP address
on R2, which is the "next-hop" to this network
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Configuring routes to 2 or more remote networksUse the following commands for R1
-R1(config)#ip route 192.168.1.0 255.255.255.0 172.16.2.2
-R1(config)#ip route 192.168.2.0 255.255.255.0 172.16.2.2
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Modifying Static routes Existing static routes cannot be modified. The
old static route must be deleted by placing no in front of the ip route
Example:-no ip route 192.168.2.0 255.255.255.0 172.16.2.2
A new static route must be rewritten in the configuration
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Verifying the Static Route Configuration-Use the following commands
Step 1 show running-config Step 2 verify static route has been entered correctly Step 3 show ip route Step 4 verify route was configured in routing table Step 5 issue ping command to verify packets can
reach destination and that Return path is working
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Ethernet interfaces and ARP. – If a static route is configured on an
Ethernet link-If the packet is sent to the next-hop router then… the destination MAC address will be the address of the next hop’s Ethernet interface
This is found by the router consulting the ARP table. If an entry isn’t found then an ARP request will be sent out
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
What are ACLs?ACLs are lists of instructions you apply to a
router's interface. These lists tell the router what kinds of packets to accept and what kinds of packets to deny. Acceptance and denial can be based on certain specifications, such as source address, destination address and port number. ACLs enable you to manage traffic and scan specific packets by applying the ACL to a router interface. Any traffic going through the interface is tested against certain conditions that are part of the ACL.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Reasons for ACLsThere are many reasons to create ACLs. For example,
ACLs can be used to:Limit network traffic and increase network performance.
For example, ACLs can designate certain packets to be processed by a router before other traffic, on the basis of a protocol. This is referred to as queuing, which ensures that routers will not process packets that are not needed. As a result, queuing limits the network traffic and reduces network congestion.
Provide traffic flow control. For example, ACLs can restrict or reduce the contents of routing updates. These restrictions are used to limit information about specific networks from propagating through the network.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Provide a basic level of security for network access. For example, ACLs can allow one host to access a part of your network and prevent another host from accessing the same area. Host A is allowed to access the Human Resources network and Host B is prevented from accessing the Human Resources network. If you do not configure ACLs on your router, all packets passing through the router could be allowed onto all parts of the network.
Decide which types of traffic are forwarded or blocked at the router interfaces. For example, you can permit e-mail traffic to be routed, but at the same time block all TELNET traffic.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
How ACLs WorkAn ACL is a group of statements that define how packets: Enter inbound interfaces Relay through the router Exit outbound interfaces of the router The beginning of the communication process is the same, whether ACLs are
used or not. As a packet enters an interface, the router checks to see whether the packet is routable or bridgeable. Now the router checks whether the inbound interface has an ACL. If one exists, the packet is now tested against the conditions in the list. If the packet is allowed it will then be checked against routing table entries to determine the destination interface.
Next, the router checks whether the destination interface has an ACL. If it does not, the packet can be sent to the destination interface directly; for example, if it will use E0, which has no ACLs, the packet uses E0 directly.
ACL statements operate in sequential, logical order. If a condition match is true, the packet is permitted or denied and the rest of the ACL statements are not checked. If all the ACL statements are unmatched, an implicit "deny any" statement is imposed. This means that even though you will not see the "deny any" as the last line of an ACL, it is there.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
ACL commands can be lengthy character strings. Key tasks covered in this section for creating ACLs include the following:
You create ACLs by using the global configuration mode. Specifying an ACL number from 1 to 99 instructs the router to accept
standard ACL statements. Specifying an ACL number from 100 to 199 instructs the router to accept extended ACL statements. (see table below)
You must carefully select and logically order the ACL. Permitted IP protocols must be specified; all other protocols should be denied.
You should select which IP protocols to check; any other protocols are not checked. Later in the procedure, you can also specify an optional destination port for more precision.
Assigning a unique number to each ACL When configuring ACLs on a router, you must identify each ACL uniquely
by assigning a number to the protocol's ACL. When you use a number to identify an ACL, the number must be within the specific range of numbers that is valid for the protocol.
You can specify ACLs by numbers for the protocols listed in the table. The table also lists the range of ACL numbers that is valid for each protocol.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
After you create a numbered ACL, you must assign it to an interface for it to be used. If you want to alter an ACL containing numbered ACL statements, you need to delete all the statements in the numbered ACL by using the command no access-list[list-number].
Establishing Internet Connectivity
Purpose and Function of Wildcard Mask Bits
wildcard mask is a 32-bit quantity that is divided into four octets, with each octet containing 8 bits. A wildcard mask bit 0 means "check the corresponding bit value" and a wildcard mask bit 1 means "do not check (ignore) that corresponding bit value".
A wildcard mask is paired with an IP address. The numbers one and zero are used to identify how to treat the corresponding IP address bits. ACLs use wildcard masking to identify a single or multiple addresses for permit or deny tests. The term wildcard masking is a nickname for the ACL mask-bit matching process and comes from of an analogy of a wildcard that matches any other card in a poker game.
Although both are 32-bit quantities, wildcard masks and IP subnet masks operate differently. Recall that the zeros and ones in a subnet mask determine the network, subnet and host portions of the corresponding IP address. The zeros and ones in a wildcard, as just noted, determine whether the corresponding bits in the IP address should be checked or ignored for ACL purposes.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
The ANY CommandWorking with decimal representations of binary wildcard mask bits can be tedious.
For the most common uses of wildcard masking, you can use abbreviations. These abbreviations reduce the amount of typing you need to do when configuring address test conditions. For example, say you want to specify that any source address will be permitted in an ACL test. To indicate any IP address, you would enter 0.0.0.0; then, to indicate that the ACL should ignore (that is, allow without checking) any value, the corresponding wildcard mask bits for this address would be all ones (that is, 255.255.255.255). You can use the abbreviation any to communicate this same test condition to Cisco IOS ACL software. Instead of typing 0.0.0.0 255.255.255.255, you can use the word any by itself as the keyword.
For example, instead of using this: Router(config)# access-list 1 permit 0.0.0.0 255.255.255.255 you can use this: Router(config)# access-list 1 permit any
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
The HOST CommandA second common condition where Cisco IOS permits an abbreviation in the
ACL wildcard mask is when you want to match all the bits of an entire IP host address. For example, say you want to specify that a specific IP host address will be denied in an ACL test. To indicate a host IP address, you would enter the full address (for example, 172.30.16.29); then, to indicate that the ACL should check all the bits in the address, the corresponding wildcard mask bits for this address would be all zeros (that is, 0.0.0.0). You can use the abbreviation host to communicate this same test condition to Cisco IOS ACL software. In the example, instead of typing 172.30.16.29 0.0.0.0, you can use the word host in front of the address.
For example, instead of using this: Router(config)# access-list 1 deny 172.30.16.29 0.0.0.0 you can use this: Router(config)# access-list 1 deny host 172.30.16.29
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Standard ACLs You use standard ACLs when you want to block all traffic from a network,
allow all traffic from a specific network, or deny protocol suites. Standard ACLs check the source address of packets that could be routed. The result permits or denies output for an entire protocol suite, based on the network, subnet and host addresses. For example, packets coming in E0 are checked for source address and protocol. If they are permitted, the packets are output through S0, which is grouped to the ACL. If they are not permitted they are dropped.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
We use the standard version of the access-list global configuration command to define a standard ACL with a number. This command is used in global configuration command mode.
The full syntax of the command is Router(config)# access-list access-list-number {deny | permit} source
[source-wildcard ] [log] You use the no form of this command to remove a standard ACL. This is the
syntax: Router(config)# no access-list access-list-number Examples of ACLsAccess-list 33 permit 172.16.0.0 0.0.255.255 (permits all
traffic from 172.16.0.0) Access-list 44 deny 172.16.13.7 0.0.0.0 (denies traffic from host
172.16.13.7) Access-list 55 deny 172.16.64.0 any (denies all traffic from network
172.16.64.0)
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Placing ACLsThe second part of establishing an access list is applying the list to a specific
interface. Router(config-if)# ip access-group 33 in (applies access-list 33 to the packets
inbound to the interface being configured) Router(config-if)# ip access-group 44 out (applies access-list 44 to packets
outbound from the interface being configured)
How to Verify Standard ACLsYou use the show access-lists EXEC command to display the contents of all
ACLs. In addition, you use the show access-lists EXEC command followed by the name or number of an ACL to display the contents of one ACL. The following example of a standard ACL allows access for hosts on the three specified networks:
access-list 1 permit 192.5.34.0 0.0.0.255 access-list 1 permit 128.88.0.0 0.0.255.255 access-list 1 permit 36.0.0.0 0.255.255.255
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
In the example, the wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the ACL statements will be rejected. To specify a large number of individual addresses more easily, you can omit the wildcard if it is all zeros. Thus, the following two configuration commands have the same effect:
access-list 2 permit 36.48.0.3 access-list 2 permit 36.48.0.3 0.0.0.0 The ip access-group command groups an existing ACL to an interface.
Remember that only one ACL per port per protocol per direction is allowed. The format of the command is:
Router(config)#ip access-group access-list-number {in | out}
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Example of a Standard ACL In the example below, the ACL allows only traffic from source network
172.16.0.0 to be forwarded. Non-172.16.0.0 network traffic is blocked. The example shows how the ACL allows only traffic from source network 172.16.0.0 to be forwarded and non-172.16.0.0 to be blocked.
Also shown in the example, the command ip access-group 1 out groups the ACL to an outgoing interface.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Permitting Traffic from Source Network 172.16.0.0
access-list 1 permit 172.16.0.0 0.0.255.255(implicit deny any - not visible in the list)(access-list 1 deny 0.0.0.0 255.255.255.255)interface ethernet 0ip access-group 1 outinterface ethernet 1ip access-group 1 out
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Writing an ACL to deny a Specific HostThe example below shows how an ACL is designed to block traffic from a
specific address, 172.16.4.13 and to allow all other traffic to be forwarded on interface Ethernet 0
In the second access-list command, the 0.0.0.0 255.255.255.255 IP address/ wildcard mask combination identifies traffic from any source. This combination can also be written using the keyword any. All zeros in the address indicate a placeholder and all ones in the wildcard mask indicate that all 32 bits will not be checked in the source address. Any packet that does not match the first line of the ACL will match the second one and be forwarded.
Denying a Specific Host access-list 1 deny host 172.16.4.13 0.0.0.0 access-list 1 permit 0.0.0.0 255.255.255.255 (implicit deny any) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 1 out
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
ST
AN
DA
RD
AC
L E
XA
MP
LE
Establishing Internet Connectivity
Writing a Standard ACL to deny a Specific Network
0.0.0.255: The zeros in the first three octets indicate that those bits will be tested for matches while the last octet of all ones indicates a don't care condition for matching the last octet of the IP address (the host portion). Note also that the any abbreviation has been used for the IP address of the source.
Denying a Specific Subnet (access-list 1 deny) 172.16.4.0 0.0.0.255
access-list 1 permit any (implicit deny any) access-list 1 deny any interface ethernet 0 ip access-group 1 out
04/13/23Instructional Design-Computer Networking - Bridges Educational Group S
TA
ND
AR
D A
CL
EX
AM
PLE
Establishing Internet Connectivity
Extended ACLs Extended ACLs are used most often to test conditions because they provide a
greater range of control than standard ACLs. You would use an extended ACL when you want to allow Web traffic but deny File Transfer Protocol (FTP) or TELNET from non-company networks. Extended ACLs check for both source and destination packet addresses. They also can check for specific protocols, port numbers and other parameters. This gives you more flexibility to describe what checking the ACL will do. Packets can be permitted or denied output based on where the packet originated and based on its destination. For example, the extended ACL can allow e-mail traffic from E0 to specific S0 destinations, while denying remote logins or file transfers.
The standard ACL (numbered 1 to 99) might not provide the traffic-filtering control you need. Standard ACLs filter traffic based on a source address and mask. Standard ACLs also permit or deny the entire Transmission Control Protocol (TCP) protocol suite. You might need a more precise way to control traffic and access.
For more precise traffic-filtering control, you use extended ACLs. Extended ACL statements check for source address and for destination address. In addition, at the end of the extended ACL statement, you gain additional precision from a field that specifies the optional TCP or User Datagram Protocol (UDP) protocol port number. These can be the well-known port numbers for TCP/IP. A few of the most common port numbers are shown in Figure. You can specify the logical operation the extended ACL will perform on specific protocols. Extended ACLs use a number in the range 100 to 199.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Extended ACL ParametersThe complete form of the access-list command is:
Router(config)# access-list [access-list-number] {permit | deny}
protocol source [source-mask destination destination-mask operator operand] [established]
The ip access-group command links an existing extended ACL to an interface. Remember that only one ACL per interface, per direction, per protocol is allowed. The format of the command is:
Router(config)# access-list access-list-number {in | out}
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Writing an ACL to Deny FTP on an Ethernet Interface
The figure shows an example of an extended ACL that blocks FTP traffic. The interface E0 access-group 101 command links ACL 101 to outgoing
interface E0. Note that blocking port 21 prevents FTP commands from being
transmitted, thus preventing FTP file transfers. Blocking port 20 prevents the traffic itself from being transmitted, but does not block FTP commands. FTP servers can easily be configured to work on different ports.
You should understand that well-known port numbers are just that: well-known. There are no guarantees that services will be on those ports, although they usually are.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
ST
AN
DA
RD
AC
L E
XA
MP
LE
Establishing Internet Connectivity
Writing an ACL that denies SMTP out of an Ethernet Port but permits all other Traffic
The figure shows an example of an extended ACL that blocks SNMP traffic. The interface E0 access-group 101 command links ACL 101 to outgoing
interface E0. Note that blocking port 25 prevents SMTP traffic from being transmitted.
Mail servers can easily be configured to work on different ports. You should understand that well-known port numbers are just that: well-known. There are no guarantees that services will be on those ports, although they usually are.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
ST
AN
DA
RD
AC
L E
XA
MP
LE
Establishing Internet Connectivity
Configuring Named ACLsNamed ACLs allow standard and extended IP ACLs to be identified with an alphanumeric
string (name) instead of the current numeric (1 to 199) representation. Named ACLs can be used to delete individual entries from a specific ACL. This enables you to modify your ACLs without deleting and then reconfiguring them. Use named ACLs when:
You want to intuitively identify ACLs using an alphanumeric name.You have more than 99 simple and 100 extended ACLs to be configured in a router
for a given protocol.Consider the following before implementing named ACLs: Named ACLs are not compatible with Cisco IOS releases prior to Release 11.2. You cannot use the same name for multiple ACLs. In addition, ACLs of different types
cannot have the same name. For example, it is illegal to specify a standard ACL named George and an extended ACL with the same name.
To name the ACL, use the following command: Router(config)# ip access-list {standard | extended} name In ACL configuration mode, specify one or more conditions permitted or denied. This
determines whether the packet is passed or dropped: Router(config {std- | ext-}nacl)# deny {source [source-wildcard] | any}or Router(config {std- | ext-}nacl)# permit {source [source-wildcard] | any}. The configuration shown in the Figure creates a standard ACL named Internetfilter and an
extended ACL named marketing_group.
04/13/23
Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
The DENY Command You use the deny ACL configuration command to set conditions for a
named ACL. The full syntax for this command is: deny {source [source-wildcard] | any} You use the no form of this command to remove a deny condition, using
the following syntax: no deny {source [source-wildcard] | any}
The PERMIT Command You use the permit access-list configuration command to set conditions for
a named standard ACL. The full syntax of this command is: permit {source [source-wildcard] | any}[log] You use the no form of this command to remove a condition from an ACL,
using the following syntax: no permit {source [source-wildcard]| any} You use this command in access list configuration mode, following the ip
access-list command, to define the conditions under which a packet passes the ACL.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
The following example is for a standard ACL named Internetfilter: ip access-list standard Internetfilter deny 192.5.34.0 0.0.0.255 permit 128.88.0.0 0.0.255.255 permit 36.0.0.0 0.255.255.255 !(Note: all other access implicitly denied) In this example, permit and deny statements have no number and no removes
the specific test from the named ACL: Router(config {std- | ext-}nacl)# {permit | deny} {ip ACL test conditions}
{permit | deny} {ip ACL test conditions}no {permit | deny} {ip ACL text conditions}
This example activates the IP named ACL on an interface: Router(config-if)# ip access-group {name | 1-199 {in | out}}
Verifying ACLsThe show ip interface command displays IP interface information and indicates
whether any ACLs are set. The show access-lists command displays the contents of all ACLs. By entering the ACL name or number as an option for this command, you can see a specific list.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Establishing Internet ConnectivityConfigure a router interface
Paris(config)#interface FastEthernet 0/0 Paris(config-if)#ip address 172.16.1.1
255.255.0.0Paris(config-if)#no shutdownParis(config-if)#exit Interface names vary, depending on whether
the router is modular and on the bandwidth.E.g. interface Ethernet 0 on an older router
Establishing Internet Connectivity
Paris(config)#interface serial 0/0 Paris(config-if)#ip address 192.168.4.1
255.255.255.0(Paris(config-if)#clock rate 64000)Paris(config-if)#no shutdownParis(config-if)#exit Give Switch IP ADDRESS :The switch IP address goes on a virtual interface, not a real one, normally
VLAN1. SwA(config)#interface VLAN1 SwA(config-if)#ip address 172.16.255.1 255.255.0.0 SwA(config-if)#no shutdown SwA(config-if)#exit
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Give Switch A default GatewaySwA(config)#ip default gateway
172.16.255.254 Just like a workstation, a switch needs a
default gateway if it exchanges messages with devices on a different network.
The default gateway is the address of the local router.
Establishing Internet Connectivity
Up And Down:
Interface status: Layer 1UpDownAdministratively down (no shutdown to bring
up)Protocol: Layer 2
UpDown (no keepalive signal received)
Establishing Internet Connectivity
Ping – step by stepPing 127.0.0.1 (loopback, is TCP/IP OK?)Ping own IP address (are NIC hardware and
software all right? Is IP address bound?)Ping local hosts (checks own configuration
and that of others)Ping gatewayPing other intermediate routersPing hosts on remote networks
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity
Find out about nodesPing – used from workstation, router or
switch – shows if destination can be reachedTraceroute – shows hops along the pathArp -a on workstation – shows list of MAC
and IP addressesshow mac-address-table on switch – shows
list of MAC addresses and switch ports
Establishing Internet Connectivity
Lesson Summary:Packet Delivery Process.Exploring ACL.Configuring Static Routing.Establishing Internet Connectivity.
04/13/23Instructional Design-Computer Networking - Bridges Educational Group
Establishing Internet Connectivity