Configuring OSPF: Optional Commands 95Modifying Cost Metrics Authentication: Simple Routerconfig#iinintntteeerrrffafaaccceee ssseeerririiaaalll 000///00 Changes the router to interface
Trang 1Configuring OSPF: Optional Commands 95
Modifying Cost Metrics
Authentication: Simple
Router(config)#iinintntteeerrrffafaaccceee ssseeerririiaaalll 000///00 Changes the router to interface
configuration mode.
Router(config-if)#bbbaaanndnddwwwiiiddtdththh 11122828 If you change the bandwidth, OSPF
recalculates the cost of the link.
Or
Router(config-if)#iiippp ooossspppff f cccooossstt t 11155566644 Changes the cost to a value of 1564.
NOTE: The cost of a link is determined
by dividing the reference bandwidth by the interface bandwidth.
The bandwidth of the interface is a number between 1 and 10,000,000 The unit of measurement is kilobits
The cost is a number between 1 and 65,535 The cost has no unit of measurement—it is just a number.
Router(config)#rrorououuttteeerr r ooosssppfpf f 11 Starts OSPF process 1.
Sets key (password) to fred.
NOTE: The password can be any
continuous string of characters that can
be entered from the keyboard, up to
8 bytes in length To be able to exchange OSPF information, all neighboring routers on the same network must have the same password.
Trang 296 Configuring OSPF: Optional Commands
Authentication: Using MD5 Encryption
Timers
Propagating a Default Route
Router(config)#rrorououuttteeerr r ooosssppfpf f 11 Starts OSPF process 1.
1 is the key-id This value must be the
same as that of your neighboring router.
md5 indicates that the MD5 hash
algorithm will be used.
fred is the key (password) and must be
the same as that of your neighboring router.
NOTE: If the service encryption command is not used when
password-implementing OSPF MD5 authentication, the MD5 secret is stored as plain text in NVRAM.
NOTE: Hello and Dead Interval timers
must match for routers to become neighbors.
Router(config)#iipip p rrrooouututteee 00.0.0.00 000 0.00
0
0 00.0.0.00 000 sss000///00
Creates a default route.
Router(config)#rrorououuttteeerr r ooosssppfpf f 11 Starts OSPF process 1.
Trang 3Verifying OSPF Configuration 97
Verifying OSPF Configuration
Router(config-router)#dddeeeffafauauullltt-t
-i
innnffofororrmmmaaattitiiooonnn oororriiigggiininnaaatttee e aaalllwwawayayyss
The always option propagates a default
“quad-zero” route even if one is not configured on this router.
NOTE: The default-information originate command or the default- information originate always command
is usually only to be configured on your
“entrance” or “gateway” router, the router that connects your network to the outside world—the Autonomous System Boundary Router (ASBR).
Router#sshshhooowww iipipp pprprorootttoooccocooll Displays parameters for all protocols
running on the routerRouter#sshshhooowww iipipp rrorououutttee Displays a complete IP routing tableRouter#sshshhooowww iipipp oosospsppff Displays basic information about OSPF
routing processesRouter#sshshhooowww iipipp oosospsppfff iininnttteeerrfrfafaacccee Displays OSPF info as it relates to all
interfacesRouter#sshshhooowww iipipp oosospsppfff iininnttteeerrfrfafaaccceee
n
nsssssasa-a eeexxxtteteerrrnnnaalal
Displays NSSA external link states
Trang 498 Configuration Example: Single Area OSPF
Troubleshooting OSPF
Configuration Example: Single Area OSPF
Figure 10-1 illustrates the network topology for the configuration that follows, which shows how to configure Single Area OSPF using commands covered in this chapter.
Figure 10-9 Network Topology for Single Area OSPF Configuration
Router#cclclleeeaaarr r iiippp rroroouuutttee e ** Clears entire routing table, forcing it to
rebuildRouter#cclclleeeaaarr r iiippp rroroouuutttee e aaa bb.b.c.cc dd Clears specific route to network a.b.c.dRouter#cclclleeeaaarr r iiippp oopoppsssfff cccooouuunntnteteerrrss Resets OSPF counters
Router#cclclleeeaaarr r iiippp oososspppfff ppprrroooccecesessss Resets entire OSPF process, forcing
OSPF to re-create neighbors, database, and routing table
Router#ddedeebbbuuugg g iiippp oososspppfff eeevvveeenntntsts Displays all OSPF events
Router#ddedeebbbuuugg g iiippp oososspppfff aaadddjjjaacaceceennncccyy Displays various OSPF states and DR/
BDR election between adjacent routersRouter#ddedeebbbuuugg g iiippp oososspppfff pppaaaccckkeketettss Displays OPSF packets
s0/0 172.16.40.1 s0/0
172.16.20.1
Network
172.16.20.0/30
DCE DCE
s0/1 172.16.40.2 s0/1
fa0/0 172.16.50.1
GalvestonHouston
Austin
Trang 5Configuration Example: Single Area OSPF 99
Austin Router
Router>eenennaaabbbllele Moves to privileged mode.
Router#ccocoonnnfffiigiguguurrree e ttteeerrrmmimiinnnaaall Moves to global configuration mode.Router(config)#hhohososstttnnnaamammeee AAuAususstttiiinn Sets the host name.
Austin(config-if)#nnnooo ssshhhuuuttdtdodoowwwnn Enables the interface.
Austin(config-if)#eeexxxiitit Returns to global configuration mode.Austin(config)#rrorououuttteeerr r ooosssppfpf f 11 Starts OSPF process 1.
Austin(config-router)#nnneeettwtwowoorrrkk k
1
177722.2.1.11666 110100 000 00.0 000 00.0 22255555 5 aaarrreeaea a 00
Any interface with an address of
172.16.10.x is to be put into area 0.
Austin(config-router)#nnneeettwtwowoorrrkk k
1
177722.2.1.11666 220200 000 00.0 000 00.0 22255555 5 aaarrreeaea a 00
Any interface with an address of
172.16.20.x is to be put into area 0.
Austin(config-router)#<<<cccttrtrlrll>>> zz Returns to privileged mode.
Trang 6100 Configuration Example: Single Area OSPF
Houston Router
Router>eenennaaabbbllele Moves to privileged mode.
Router#ccocoonnnfffiigiguguurrree e ttteeerrrmmimiinnnaaall Moves to global configuration mode.Router(config)#hhohososstttnnnaamammeee HHoHououussstttoonon Sets the host name.
Houston(config)#iininnttteeerrfrffaaacccee e ssseereririiaaalll 000///11 Moves to interface configuration mode.Houston(config-if)#iiipp p aaadddddrdrereessssss
Any interface with an address of
172.16.x.x is to be put into area 0
One statement will now advertise all three interfaces.
Houston(config-router)#<<<cctctrtrrlll>> > zz Returns to privileged mode.
Trang 7Configuration Example: Single Area OSPF 101
Galveston Router
Router>eenennaaabbbllele Moves to privileged mode.
Router#ccocoonnnfffiigiguguurrree e ttteeerrrmmimiinnnaaall Moves to global configuration mode.Router(config)#hhohososstttnnnaamammeee GGaGalallvvveeesststtooonn Sets the host name.
Trang 8This page intentionally left blank
Trang 10This page intentionally left blank
Trang 11• Resetting switch configuration
• Setting host names
• Setting passwords
• Setting IP addresses and default gateways
• Setting interface descriptions
• Setting duplex operation
• Setting operation speed
• Managing the MAC address table
• Configuring static MAC addresses
• Switch port security
• Verifying switch port security
• Sticky MAC addresses
switch>eeennnaaabblblele User mode, same as a router
switch#dddiiisssaabablbllee Leaves privileged modeswitch>eeexxxiiitt Leaves user mode
Trang 12106 Verifying Commands
Verifying Commands
switch#sshshhooowww vvveeerrrssisioioonn Displays information about
software and hardware.switch#sshshhooowww fflfllaaasshsh:h: Displays information about
flash memory (for the 2900/
2950 series only).
switch#sshshhooowww mmamaaccc a-adadddddrrreesesssss -ttatababblllee Displays the current MAC
address forwarding table.switch#sshshhooowww ccocoonnnttrtroroolllllleererrsss eeteththheeerrrnneneettt -ccocononntttrrroolollllleeerr Displays information about
the Ethernet controller.switch#sshshhooowww rruruunnnnninininnggg -ccocoonnnfffiigig Displays the current
configuration in DRAM.switch#sshshhooowww sststtaaarrtrtutuuppp -ccocoonnnfffiigig Displays the current
configuration in NVRAM.switch#sshshhooowww ppopoossstt Displays whether the switch
passed POST.
switch#sshshhooowww vvlvllaaann Displays the current VLAN
configuration.
switch#sshshhooowww iininnttteererfrffaaaccceeses Displays the interface
configuration and status of line: up/up, up/down, admin down.
NOTE: This command is
unsupported in some Cisco IOS Software releases, such
as 12.2(25)FX.
switch#sshshhooowww iininnttteererfrffaaacccee e vvvlllaanan1n1 Displays setting of virtual
interface VLAN 1, the default VLAN on the switch.
NOTE: This command is
unsupported in some Cisco IOS Software releases, such
as 12.2(25)FX.
Trang 13Setting Passwords 107
Resetting Switch Configuration
Setting Host Names
Setting Passwords
Setting passwords for the 2960 series switches is the same method as used for a router.
Switch#ddedeellleeettete e fffllalasasshhh:::vvlvllaaannn d.dadaatt Removes the VLAN database
from flash memory.
Delete filename [vlan.dat]? Press ®
Delete flash:vlan.dat? [confirm] Reconfirm by pressing
Switch#eererraaasssee e ssstttaarartrttuuuppp c-ccooonnnffifigig Erases the file from NVRAM.
<output omitted>
Switch#rrereellloooaadad Restarts the switch.
Switch#ccocoonnnfffiigiguguurrree e ttteeerrrmmimiinnnaaall Moves to global configuration
mode.
Switch(config)#hhohososstttnnnaamammeee 229296966000SSSwwiwiitttccchh Creates a locally significant
host name of the switch This
is the same command as the router.
2960Switch(config-line)#eexexixiitt Exits line console mode2960Switch(config-line)#llilininneee aauauuxxx 00 Enters line auxiliary mode
Trang 14108 Setting Interface Descriptions
Setting IP Addresses and Default Gateways
TIP: For the 2960 series switches, the IP address of the switch is just that—the IP
address for the entire switch That is why you set the address in VLAN 1 (the
default VLAN of the switch) and not in a specific Ethernet interface
Setting Interface Descriptions
TIP: The 2960 series switches have either 12 or 24 Fast Ethernet ports named fa0/1, fa0/2, fa0/24—there is no fastethernet 0/0
2960Switch(config-line)#llologoggiiinn Enables password checking2960Switch(config-line)#ppapasassssswwowororrddd cciciissscccoo Sets the password to cisco
2960Switch(config-line)#eexexixiitt Exits line auxiliary mode2960Switch(config-line)#llilininneee vvtvttyyy 00 0 44 Enters line vty mode for all
five virtual ports2960Switch(config-line)#llologoggiiinn Enables password checking2960Switch(config-line)#ppapasassssswwowororrddd cciciissscccoo Sets the password to cisco
2960Switch(config-line)#eexexixiitt Exits line vty mode
2960Switch(config)#
2960Switch(config)#iiinntntteeerrrffafacacceee vvlvllaaannn11 Enters the virtual interface
for VLAN 1, the default VLAN on the switch2960Switch(config-if)#iiippp aaadddddrdrreeesssss s 117172722 11166.6 111000 2.2 2
2
255555.5.2.22555555 2.22555555 0.0
Sets the IP address and netmask to allow for remote access to the switch2960Switch(config-if)#eeexxxiitit
2960Switch(config)#iiipp p dddeeeffafauauulllttt g-ggaaattteewewwaaayyy
1
177722.2.1.11666 110100 11
Allows IP information an exit past the local network
2960Switch(config)#iiinntntteeerrrffafacacceee ffafaasssttteetetthhheeerrnrneneettt 00/0//11 Enters interface
configuration mode2960Switch(config-if)#dddeeesscscrcrriiipppttitiiooonnn FFFiininanaannncccee e VVLVLALAANN Adds a description of the
interface
Trang 15Configuring Static MAC Addresses 109
Setting Duplex Operation
Setting Operation Speed
Managing the MAC Address Table
Configuring Static MAC Addresses
2960Switch2960Switch(config)#iininnttteeerrfrffaaacccee e
f
faaasststeteettthhheererrnnneeett t 000///11
Moves to interface configuration mode2960Switch(config-if)#ddduuupplpleleexxx ffufuulllll Forces full-duplex
operation2960Switch(config-if)#ddduuupplpleleexxx aauauutttoo Enables auto-duplex config2960Switch(config-if)#ddduuupplpleleexxx hhahaalllff Forces half-duplex operation
2960Switch(config)#iiinntntteeerrrffafacacceee ffafaasssttteetetthhheeerrnrnneeettt 00/0//11
2960Switch(config-if)#ssspppeeeeeeddd 11010 Forces 10-Mbps operation2960Switch(config-if)#ssspppeeeeededd 11010000 Forces 100-Mbps operation2960Switch(config-if)#ssspppeeeeededd aauaututtoo Enables autospeed
configuration
switch#sshshhooowww mmamaaccc aadadddddrrreesesssss -ttatababblllee Displays current MAC
address forwarding tableswitch#cclclleeeaaarr r mmmaaacc c aaaddddddrrereessssss t-tataabbblllee Deletes all entries from
current MAC address forwarding tableswitch#cclclleeeaaarr r mmmaaacc c aaaddddddrrereessssss t-tataabbblllee e dddyyynnanamammiiicc Deletes only dynamic
entries from table
Trang 16110 Switch Port Security
Switch Port Security
Switch(config)#iinintntteeerrrffafaaccceee ffafaasssttteetetthhheeerrnrnneeettt 00/0//11 Moves to interface
configuration mode.Switch(config-if)#ssswwwiitittccchhhppopororrttt ppopoorrrttt s-sseeecccuuruririitttyy Enables port security on the
NOTE: The maximum
number of secure MAC addresses that you can configure on a switch is set
by the maximum number of available MAC addresses allowed in the system.Switch(config-if)#ssswwwiitittccchhhppopororrttt ppopoorrrttt s-sseeecccuuruririitttyyy
m
maaacc-c-a-aaddddddrrereessssss 112122333444 5.5566677788.8 999000aabab
Sets a specific secure MAC address 1234.5678.90ab You can add additional secure MAC addresses up to the maximum value configured.
NOTE: In shutdown mode,
the port is errdisabled, a log entry is made, and manual intervention or errdisable recovery must be used to reenable the interface.Switch(config-if)#ssswwwiitittccchhhppopororrttt ppopoorrrttt s-sseeecccuuruririitttyyy
v
viiioololalaatttiiioononn rrreeseststtrrriiicctct
Configures port security to restrict mode if a security violation occurs.
Trang 17Verifying Switch Port Security 111
Verifying Switch Port Security
NOTE: In restrict mode,
frames from a nonallowed address are dropped, and
a log entry is made The interface remains operational.
NOTE: In protect mode,
frames from a nonallowed address are dropped, but no log entry is made The interface remains operational.
Switch#sshshhooowww ppopoorrrtt-t-s-sseeecccuururriiitttyy Displays security
information for all interfaces
Switch#sshshhooowww ppopoorrrtt-t-s-sseeecccuururriiitttyy y iiinnnttteererrfffaaaccece e
f
faaasststeteettthhheererrnnneeett t 000///55
Displays security information for interface fastethernet 0/5
Switch#sshshhooowww ppopoorrrtt-t-s-sseeecccuururriiitttyy y aaaddddddrrereesssss Displays MAC address
table security informationSwitch#sshshhooowww mmamaaccc aadadddddrrreesesssss -ttatababblllee Displays the MAC address
tableSwitch#cclclleeeaaarr r mmmaaacc c aaaddddddrrereessssss t-tataabbblllee e dddyyynnanamammiiicc Deletes all dynamic MAC
addressesSwitch#cclclleeeaaarr r mmamacacc aaaddddddrrereessssss -ttataabbblllee e ddydynynnaaammmiicic c aaaddddddrrreesesssss
aaaa.bbbb.cccc
Deletes the specified dynamic MAC addressSwitch#cclclleeeaaarr r mmmaaacc c aaaddddddrrereessssss t-tataabbblllee e dddyyynnanamammiiiccc
i
innnttetererrfffaaaccecee fffaasaststteeettthheheerrrnnneetett 000//5/5
Deletes all dynamic MAC addresses on interface fastethernet 0/5Switch#cclclleeeaaarr r mmmaaacc c aaadddddrdrreeesssss-s tttaaabblblelee ddydyynnnaaammimicicc vvlvllaaannn 11100 Deletes all dynamic MAC
addresses on VLAN 10