218 Chapter 2  Implementation & Operation Configuring Static Routes To forward traffic across the ISDN link, you configure static routes in each of the routers. You certainly can configure dynamic routing protocols to run on your ISDN link, but then the link never drops. So the better choice would be static routes. Keep the following in mind when you are creating static routes:  All participating routers must have static routes defining all routes of known networks.  Default routing can be used if the network is a stub network. Here’s an example of static routing with ISDN: RouterA(config)#ip route 172.16.50.0 255.255.255.0 172.16.60.2 RouterA(config)#ip route 172.16.60.2 255.255.255.255 bri0 What this does is tell the router how to get to network 172.16.50.0 through 172.16.60.2. The second line tells the router how to get to 172.16.60.2. Specifying Interesting Traffic After setting the route tables in each router, you need to configure the router to determine what brings up the ISDN line. An administrator using the dialer-list global configuration com- mand defines interesting packets. The command to turn on all IP traffic is shown in this output: 804A(config)#dialer-list 1 protocol ip permit 804A(config)#int bri0 804A(config-if)#dialer-group 1 The dialer-group command sets the access list on the BRI interface. Extended access lists can be used with the dialer-list command to define interesting traffic to just certain appli- cations. I’ll cover that in a minute. If you use the dialer-list command, you must enter the dialer-group com- mand on an interface before this will work! Configuring the Dialer Information There are five steps to configuring the dialer information: 1. Choose the interface. 2. Set the IP address. 3. Configure the encapsulation type. 4. Link interesting traffic to the interface. 5. Configure the number or numbers to dial. 4309c02.fm Page 218 Friday, October 24, 2003 2:55 PM 2.11 Implement Simple WAN Protocols 219 Here’s how to configure those five steps: 804A#config t 804A(config)#int bri0 804A(config-if)#ip address 172.16.60.1 255.255.255.0 804A(config-if)#no shut 804A(config-if)#encapsulation ppp 804A(config-if)#dialer-group 1 804A(config-if)#dialer string 8350661 Instead of the dialer string command, you can use a dialer map. It provides more security. 804A(config-if)#dialer map ip 172.16.60.2 name 804B 8350661 You can use the dialer map command with the dialer-group command and its associated access list to initiate dialing. The dialer map command uses the IP address of the next hop router, the hostname of the remote router for authentication, and then the number to dial to get there. The five basic Dialer Map steps that you must be aware of are: 1. Dialer 2. Map 3. Protocol 4. Next hop 5. Dial string Remember, the dialer map command is used to associate an ISDN phone number with the next hop router address. Take a look at the configuration of an 804 router: 804B#sh run Building configuration Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! 4309c02.fm Page 219 Friday, October 24, 2003 2:55 PM 220 Chapter 2  Implementation & Operation hostname 804B ! ip subnet-zero ! isdn switch-type basic-ni ! interface Ethernet0 ip address 172.16.50.10 255.255.255.0 no ip directed-broadcast ! interface BRI0 ip address 172.16.60.2 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer idle-timeout 300 dialer string 8358661 dialer load-threshold 2 either dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 8358662 isdn spid2 0835866401 8358664 hold-queue 75 in ! ip classless ip route 172.16.30.0 255.255.255.0 172.16.60.1 ip route 172.16.60.1 255.255.255.255 BRI0 ! dialer-list 1 protocol ip permit ! What can you determine by looking at this output? Well, first, the BRI interface is running the PPP encapsulation, and it has a timeout value of 300 seconds. The load-threshold command makes both BRI interfaces come up immediately—hey, I feel that if I am paying for both, I want them both up all the time! The one thing you really want to notice is the dialer-group 1 command. That number must match the dialer-list number. The hold-queue 75 in command tells the router that when it receives an interesting packet, it should queue up to 75 packets while it’s waiting for the BRI to come up. If there are more than 75 packets queued before the link comes up, the packets will be dropped. 4309c02.fm Page 220 Friday, October 24, 2003 2:55 PM Exam Essentials 221 Optional Commands There are two other commands that you should configure on your BRI interface: the dialer load-threshold command and the dialer idle-timeout command. The dialer load-threshold command tells the BRI interface when to bring up the second B channel. The option is from 1 to 255, where 255 tells the BRI to bring up the second B channel only when the first channel is 100 percent loaded. The second option for that command is in, out, or either. This calculates the actual load on the interface either on outbound traffic, inbound traffic, or combined. The default is outbound. The dialer idle-timeout command specifies the number of seconds before a call is dis- connected after the last interesting traffic is sent. The default is 120 seconds. RouterA(config-if)#dialer load-threshold 125 either RouterA(config-if)#dialer idle-timeout 180 The dialer load-threshold 125 tells the BRI interface to bring up the second B channel if either the inbound or outbound traffic load is 50 percent. The dialer idle-timeout 180 changes the default disconnect time from 120 to 180 seconds. DDR with Access Lists You can use access lists to be more specific about what is, or is not interesting traffic. In the pre- ceding example you just set the dialer list to allow any IP traffic to bring up the line. That’s great if you’re testing, but it can defeat the purpose of why you use a DDR line in the first place. You can use extended access lists to set the restriction, for instance, to only e-mail or Telnet. Here’s how you define the dialer list to use an access list: 804A(config)#dialer-list 1 list 110 804A(config)#access-list 110 permit tcp any any eq smtp 804A(config)#access-list 110 permit tcp any any eq telnet 804A(config)#int bri0 804A(config-if)#dialer-group 1 I configured the dialer-list command to look at an access list. This doesn’t have to be IP—it can be used with any protocol. Create your list, then apply it to the BRI interface with the dialer-group command. Exam Essentials Know the commands for PPP encapsulation. You can use the encapsulation ppp command on a serial interface to change from HDLC to PPP encapsulation. Also, you can further configure authentication using the ppp authentication command. 4309c02.fm Page 221 Friday, October 24, 2003 2:55 PM 222 Chapter 2  Implementation & Operation Know the commands for Frame Relay encapsulation. You can use the encapsulation frame- relay command on a serial interface to change the encapsulation to Frame Relay. Additionally, you will need to configure DLCI information, LMI and encapsulation types if they will differ from the default, and potentially subinterfaces if you will have multiple PVCs per physical interface. Understand the five basis dialer map steps for configuring DDR. The five steps are as follows: 1. Dialer 2. Map 3. Protocol 4. Next hop 5. Dial string 4309c02.fm Page 222 Friday, October 24, 2003 2:55 PM Review Questions 223 Review Questions 1. How is EIGRP implemented on a router? A. ip router eigrp as B. router ip eigrp as C. router eigrp process-id D. router eigrp as 2. Which of the following commands will display a backup configuration? A. sh running-config B. show startup-config C. show version D. show backup-config 3. Which command will show you whether a DTE or DCE cable is plugged into Serial 0? A. sh int s0 B. sh int serial 0 C. sho controllers s 0 D. sho controllers s0 4. Which command will copy the IOS to a backup host on your network? A. transfer IOS to 172.16.10.1 B. copy run start C. copy tftp flash D. copy start tftp E. copy flash tftp 5. Which command will copy a router configuration stored on a TFTP host to the router’s NVRAM? A. transfer IOS to 172.16.10.1 B. copy run start C. copy tftp startup D. copy tftp run E. copy flash tftp 4309c02.fm Page 223 Friday, October 24, 2003 2:55 PM 224 Chapter 2  Implementation & Operation 6. If you configure the following access list: access-list 110 deny 10.1.1.128 0.0.0.63 eq smtp access-list 110 deny any any eq 23 int ethernet 0 ip access-group 110 out What will the result of this access list be? A. E-mail and Telnet will be allowed out E0. B. E-mail and Telnet will be allowed in E0. C. Everything but e-mail and Telnet will be allowed out E0. D. No IP traffic will be allowed out E0. 7. Which of the following series of commands will restrict Telnet access to the router? A. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line con 0 Lab_A(config-line)#ip access-group 10 in B. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 10 out C. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 10 in D. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#ip access-group 10 in 8. What is the default encapsulation type for Frame Relay in a Cisco router? A. HDLC B. IEFT C. Cisco D. PPP E. Ansi F. Q933i 4309c02.fm Page 224 Friday, October 24, 2003 2:55 PM Review Questions 225 9. Which of the following are the five basic steps to set up a dialer map command string? A. Dial-string, dialer, map, protocol, next-hop B. Dialer, dial-string, map, protocol, next hop C. Dialer, map, protocol, next hop, dial string D. Dialer, map, next-hop, protocol, dial-string 10. Which of the following are valid PPP authentication methods? (Choose two options.) A. LCP B. PAP C. CHAP D. MD5 4309c02.fm Page 225 Friday, October 24, 2003 2:55 PM Answers to Review Questions 1. D. The command router eigrp followed by the autonomous system number is used to imple- ment EIGRP. Process numbers are not used by EIGRP. All of the other command options have rad- ically incorrect command syntax. 2. B. The show startup-config command will display the configuration that will be loaded the next time the router is booted. 3. C. The show controllers serial 0 command will show you whether either a DTE or DCE cable is connected to the interface. 4. E. To copy the IOS to a backup host, which is stored in flash memory by default, use the copy flash tftp command. 5. C. To copy a configuration of a router stored on a TFTP host to a router’s NVRAM, use the copy tftp startup-config command. 6. D. If you add an access list to an interface and you do not have at least one permit statement, then you will effectively shut down the interface because of the implicit deny any at the end of every list. 7. C. Telnet access to the router is restricted by using either a standard or extended IP access list to the VTY lines on the router. The command access-class is used to apply the access list to the VTY lines. 8. C. If you just type from interface configuration mode, encapsulation frame-relay, the encapsulation type will be Cisco. 9. C. The five basic Dialer Map steps that you must be aware of are: 1. Dialer 2. Map 3. Protocol 4. Next hop 5. Dial string 10. B, C. PAP and CHAP are valid authentication methods available to PPP authentication. 4309c02.fm Page 226 Friday, October 24, 2003 2:55 PM Chapter 3 Troubleshooting CISCO CCNA EXAM OBJECTIVES COVERED IN THIS CHAPTER:  3.1 Utilize the OSI model as a guide for systematic network troubleshooting  3.2 Perform LAN and VLAN troubleshooting  3.3 Troubleshoot routing protocols  3.4 Troubleshoot IP addressing and host configuration  3.5 Troubleshoot a device as part of a working network  3.6 Troubleshoot an access list  3.7 Perform simple WAN troubleshooting 4309c03.fm Page 227 Thursday, October 23, 2003 4:48 PM [...]... is another debug 07: 12:58: RIP: sending v1 update to 255.255.255.255 via FastEthernet0/0 (192.168.30.1) 07: 12:58: subnet 192.168.50.0, metric 1 07: 12:58: subnet 192.168.40.0, metric 1 07: 12:58: subnet 192.168.20.0, metric 1 07: 12:58: subnet 192.168.10.0, metric 1 07: 12:58: RIP: sending v1 update to 255.255.255.255 via Serial0/0 ( 172 .16.20.2) 07: 12:58: subnet 192.168,50.0, metric 1 07: 12:58: subnet 192.168.40.0,... debugging is on 07: 14:05: IGRP: received request from 192.168.40.2 on Serial1 07: 14:05: IGRP: sending update to 192.168.40.2 via Serial1 ( 172 .16.40.1) 07: 14:05: subnet 192.168.30.0, metric=1100 07: 14:05: subnet 8192.16.20.0, metric=158250 07: 14:05: subnet 192.168.10.0, metric=158350 07: 14:06: IGRP: received update from 192.168.40.2 on Serial1 07: 14:06: subnet 192.168.50.0, metric 8 576 (neighbor 1100)... debugging is on 07: 13:50: IGRP: received request from 192.168.40.2 on Serial0/1 07: 13:50: IGRP: sending update to 192.168.40.2 via Serial1 (192.168.40.1) 07: 13:51: IGRP: Update contains 3 interior, 0 system, and 0 exterior routes 3.3 Troubleshoot Routing Protocols 07: 13:51: IGRP: Total routes in 07: 13:51: IGRP: received update Serial0/1 07: 13:51: IGRP: Update contains 0 exterior routes 07: 13:51: IGRP:... Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 192.168.40.0/24, 1 successors, FD is 2169856 via Connected, Serial0 P 192.168.50.0/24, 1 successors, FD is 281600 via Connected, Ethernet0 P 192.168.10.0/24, 1 successors, FD is 270 7456 via 192.168.40.1 ( 270 7456/2195456), Serial0/0 P 192.168.30.0/24, 1 successors, FD is 2 172 416 via 192.168.40.1 (2 172 416/28160),... Serial0/0 ( 172 .16.20.2) 07: 12:58: subnet 192.168,50.0, metric 1 07: 12:58: subnet 192.168.40.0, metric 1 07: 12:58: subnet 192.168.30.0, metric 1 07: 12:58: RIP: sending v1 update to 255.255.255.255 via Serial0/1 ( 172 .16.40.1) 07: 12:58: subnet 192.168.30.0, metric 1 07: 12:58: subnet 192.168.20.0, metric 1 07: 12:58: subnet 192.168.10.0, metric 1 238 Chapter 3 Troubleshooting In the preceding output, split-horizon... Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation : : : : : : : : : 2 1 64 7 Server routersim Disabled Disabled Disabled 234 Chapter 3 Troubleshooting MD5 digest : 0x4C 0x60 0xA6 0x5D 0xD7 0x41 0x8C 0x 37 Configuration last modified by 172 .16.10.1 at 3-1-94 06:40:09 Local updater ID is 172 .16.10.1 on interface Vl1 (lowest numbered VLAN interface found) Exam Essentials Know the commands... This is a sweet troubleshooting tool! The metric is the hop count Lab_B#debug ip rip RIP protocol debugging is on Lab_B# 07: 12:56: RIP: received v1 update from 192.168.40.2 on Serial0/1 07: 12:56: 192.168.50.0 in 1 hops 07: 12:56: RIP: received v1 update from 192.168.20.1 on Serial0/0 07: 12:56: 192.168.10.0 in 1 hops In the preceding debug output, notice the route updates received on the Lab_B serial 0/0... ip route [output cut] Gateway of last resort is not set D 192.168.30.0/24 [90/2 172 416] via 192.168.20.2,00:04:36, Serial0/0 C 192.168.10.0/24 is directly connected, FastEthernet0/0 D 192.168.40.0/24 [90/2681856] via 192.168.20.2,00:04:36, Serial0/0 C 192.168.20.0/24 is directly connected, Serial0/0 D 192.168.50.0/24 [90/ 270 7456] via 192.168.20.2,00:04:35, Serial0/0 Lab_A# 3.3 Troubleshoot Routing Protocols... do you do? FIGURE 3.2 IP Address Problem 1 Sales 192.168.1.33 Default gateway: 192.168.1 62 F0/ 27 Marketing ServerA ServerB 192.168.1.66 192.168.1.65 Default gateway: Default gateway 192.168.1.95 192.168.1.95 F0/2 1900 F0/3 2950 F0/26 F0/0 F0/1 192.168.1.62 F0/0 S0/0 S0/0 DCE 192.168.1 97. 27 192.168.1.100/ 27 Lab_A Lab_B 192.168.1.95 S0/1 DCE 3.4 Troubleshoot IP Addressing and Host Configuration 251 You... Key-chain FastEthernet0 1 1 2 Serial0/0 1 1 2 Serial0/1 1 1 2 236 Chapter 3 Troubleshooting Routing for Networks: 192.168.10.0 192.168.20.0 192.168.30.0 Routing Information Sources: Gateway Distance Last Update 192.168.40.2 120 00:00:21 192.168.20.1 120 00:00:23 Distance: (default is 120) Routing Protocol is "igrp 10" Sending updates every 90 seconds, next due in 42 seconds Invalid after 270 seconds, . ISDN: RouterA(config)#ip route 172 .16.50.0 255.255.255.0 172 .16.60.2 RouterA(config)#ip route 172 .16.60.2 255.255.255.255 bri0 What this does is tell the router how to get to network 172 .16.50.0 through 172 .16.60.2 another debug. 07: 12:58: RIP: sending v1 update to 255.255.255.255 via FastEthernet0/0 (192.168.30.1) 07: 12:58: subnet 192.168.50.0, metric 1 07: 12:58: subnet 192.168.40.0, metric 1 07: 12:58: subnet. 192.168.20.0, metric 1 07: 12:58: subnet 192.168.10.0, metric 1 07: 12:58: RIP: sending v1 update to 255.255.255.255 via Serial0/0 ( 172 .16.20.2) 07: 12:58: subnet 192.168,50.0, metric 1 07: 12:58: subnet