Monitoring and Testing the Configuration From RouterA, monitor the policy routing using the debug ip policy command Telnet from RouterA to 152.1.1.1 What follows is the output from the debug command; note that the telnet packet matched item 20 of route map lab1 and was forwarded to 151.1.1.2 IP: IP: IP: IP: s=151.1.1.1 (local), d=152.1.1.1, len 44, policy match route map lab1, item 20, permit s=151.1.1.1 (local), d=152.1.1.1 (Serial1), len 44, policy routed local to Serial1 151.1.1.2 From RouterA, use the extended telnet command to send a HTTP packet to 152.1.1.2 To use this command, simply type in Telnet 152.1.1.1 www at the privileged level What follows is the output from the debug command; note that the HTTP packet matched item 10 of route map lab1 and was forwarded to 150.1.1.2 IP: IP: IP: IP: s=151.1.1.1 (local), d=152.1.1.1, len 44, policy match route map lab1, item 10, permit s=151.1.1.1 (local), d=152.1.1.1 (Serial0), len 44, policy routed local to Serial0 150.1.1.2 Lab #67: Load Balancing Across Default Routes Equipment Needed The following equipment is needed to perform this lab exercise: • Two Cisco routers each having one Ethernet port and two serial ports • One Cisco router with one Ethernet port • Cisco IOS 11.0 or higher • A PC running a terminal emulation program for connecting to the console port of the routers • Two Cisco DTE/DCE cross over cables • Cisco rolled cable • One Ethernet crossover cable or an Ethernet hub and two straight−through Ethernet cables Configuration Overview This configuration provides two end users with equal access to two different service providers As per Figure 13−5, RouterA will route packets arriving on Ethernet from the source 192.1.1.11 to default interface S0 if no explicit route for the packets' destination is in the routing table Packets arriving from 192.1.1.12 are sent to default interface S1 if the router has no explicit route for the packets destination Figure 13−5: Load balancing across default routes This lab uses the default interface command, which differs from the next hop interface and next hop IP address set commands we used in previous labs The next hop set commands send the matching packet out that interface or to that IP address regardless of the routing table The default interface command only sends the packet out that particular interface if there is no explicit route in the routing table Note When using the default interface set command, the router will first check the routing table for an explicit route If there is no explicit route available to the destination address of the packet being considered for policy routing, then the router will route the packet out the default interface 507 Router Configurations The configurations for the two routers in this example are as follows (key policy routing configurations are highlighted in bold) RouterA version 11.2 service udp−small−servers service tcp−small−servers ! hostname RouterA ! ! interface Ethernet0 ip address 192.1.1.10 255.255.255.0 ip policy route−map lab1 ← Enables policy routing on interface E0 and identifies the route map lab1, which will be applied to the packet ! interface Serial0 ip address 150.1.1.1 255.255.255.0 no fair−queue ! interface Serial1 ip address 151.1.1.1 255.255.255.0 ! router rip network 150.1.0.0 network 151.1.0.0 network 192.1.1.0 ! no ip classless access−list permit 192.1.1.11 access−list permit 192.1.1.12 route−map lab1 permit 10 ← Defines the route map lab1, the number specifies the order of the route maps This is referred to as item 10 of route map lab1 match ip address ← This defines the match criteria tied to access list set default interface Serial0 ← Sets the default interface to S0 ! route−map lab1 permit 20 ← Defines the route map lab1, the number specifies the order of the route maps This is referred to as item 10 of route map lab1 match ip address ← This defines the match criteria tied to access list set default interface Serial1 ← Sets the default interface to S0 ! ! line line aux line vty login ! end RouterB version 11.2 service udp−small−servers service tcp−small−servers ! hostname routerb ! ! ! 508 interface Loopback0 ip address 152.1.1.1 255.255.255.0 ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 150.1.1.2 255.255.255.0 clockrate 500000 ← Acts as DCE providing clock ! interface Serial1 ip address 151.1.1.2 255.255.255.0 clockrate 500000 ← Acts as DCE providing clock ! router rip passive−interface Serial0 ← Prevents RIP updates from being sent to RouterA passive−interface Serial1 network 152.1.0.0 network 151.1.0.0 network 150.1.0.0 ! ! line line 16 transport input all line aux transport input all line vty login ! end RouterC version 11.2 service udp−small−servers service tcp−small−servers ! hostname routerc ! interface Ethernet0 ip address 192.1.1.12 255.255.255.0 secondary ip address 192.1.1.11 255.255.255.0 ! interface Serial0 no ip address shutdown ! ip route 0.0.0.0 0.0.0.0 192.1.1.10 ← Sets the default route ! ! line line 16 line aux line vty login ! end Monitoring and Testing the Configuration When using the default interface set command, the router will first check the routing table for an explicit route RouterA does not have an explicit route to 152.1.1.1 because RouterB suppresses RIP updates with the 509 passive interface commands From RouterA, monitor the policy routing using the debug ip policy command From RouterC, ping 152.1.1.1 using the extended ping command to source the packet from 192.1.1.11 What follows is the output from the debug command on RouterA; note that the source address 192.1.1.11 matched item 10 of route map lab1 and was forwarded out interface S1 IP: IP: IP: IP: s=192.1.1.11 (Ethernet0), d=152.1.1.1, len 100, policy match route map lab1, item 10, permit s=192.1.1.11 (Ethernet0), d=152.1.1.1 (Serial0), len 100, policy routed Ethernet0 to Serial0 152.1.1.1 From RouterA, ping 152.1.1.1, sourcing the packet from 192.1.1.12 What follows is the output from the debug command on RouterA; note that the source address 192.1.1.12 matched item 20 of route map lab1 and was forwarded out interface S0 IP: IP: IP: IP: s=192.1.1.12 (Ethernet0), d=152.1.1.1, len 100, policy match route map lab1, item 20, permit s=192.1.1.12 (Ethernet0), d=152.1.1.1 (Serial1), len 100, policy routed Ethernet0 to Serial1 152.1.1.1 On RouterB remove the passive interface commands to allow RIP updates to be sent to RouterA Now that RouterA has a route for 152.1.1.1 learned via RIP, it will not policy−route the packet Remember when using the default interface set command, the router will first check the routing table for an explicit route If the router has a route to the destination, the packet is forwarded using that route; if there is no explicit route available to the destination address, then the router will route the packet out the default interface, which is set using policy routing routerb(config)#router rip routerb(config−router)#no passive−interface s0 routerb(config−router)#no passive−interface s1 From RouterC, ping 152.1.1.1 What follows is the output from the debug ip policy command on RouterA; note that the packet matched item 20 in route map lab1 However, the set policy was rejected because the routing table has an explicit route to 152.1.1.1 IP: s=192.1.1.12 (Ethernet0), d=152.1.1.1, len 100, policy match IP: route map lab1, item 20, permit IP: s=192.1.1.12 (Ethernet0), d=152.1.1.1 (Serial1), len 100, policy rejected − normal forwarding Troubleshooting Policy Routing The Cisco IOS provides many tools for troubleshooting policy routing What follows is a list of key commands along with sample output from each {show ip policy} This privileged exec command displays which route map is used on which interface RouterA#show ip policy Interface Route map Ethernet0 lab1 {show route−map} This privileged exec command displays configured route maps This command allows you to view the policies defined by each route map The command also shows how many packets matched the policy clauses RouterA#show route−map route−map lab1, permit, sequence 10 Match clauses: ip address (access−lists): 510 Set clauses: default interface Serial0 Policy routing matches: 129 packets, 14526 bytes route−map lab1, permit, sequence 20 Match clauses: ip address (access−lists): Set clauses: default interface Serial1 Policy routing matches: 205 packets, 23370 bytes {debug ip policy} This exec command helps you determine what policy routing is doing It displays information about whether a packet matches the criteria, and if so, the resulting routing information for the packet The first line indicates that a packet matched the policy The second line indicates the item of the route map that the packet matched In this case, the packet matches item 20 in route map lab1 Line three indicates that the packet was policy−routed out interface S0 IP: IP: IP: IP: s=192.1.1.11 (Ethernet0), d=152.1.1.1, len 100, policy match route map lab1, item 10, permit s=192.1.1.11 (Ethernet0), d=152.1.1.1 (Serial0), len 100, policy routed Ethernet0 to Serial0 152.1.1.1 {show ip local policy} This exec command displays any route maps used for local policy routing By default, packets that are generated by the router are not policy−routed Local policy routing must be enabled on the router using the IP local policy route−map command RouterA#show ip local policy Local policy routing is enabled, using route map lab1 route−map lab1, permit, sequence 10 Match clauses: ip address (access−lists): Set clauses: default interface Serial0 Policy routing matches: 129 packets, 14526 bytes route−map lab1, permit, sequence 20 Match clauses: ip address (access−lists): Set clauses: default interface Serial1 Policy routing matches: 205 packets, 23370 bytes Conclusion Policy−based routing provides network administrators a way to implement packet forwarding according to other criteria than traditional destination−based routing The following are some of the potential applications for policy routing: • Carrier selection is available for WAN transmissions or internal data path selection for Internet access • ISPs can use policy routing to provide equal access to multiple carrier networks • Policy−based routing can be used to set either the precedence or type−of−service bits in an IP datagram, which can be used to provide Quality of Service (QOS) across the backbone • Policy−based routing can be used to separate high− and low−priority traffic over separate links 511 Chapter 14: Cisco Discovery Protocol Overview Topics Covered in This Chapter • CDP overview • Cisco CDP WAN configuration • Cisco CDP LAN configuration • CDP troubleshooting Introduction Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol that is used for neighbor discovery CDP is supported across the entire Cisco product line CDP is very helpful in debugging situations For example, it can be used to verify that a given router is connected to the proper port number on its neighbor This chapter will examine CDP in detail Cisco Discovery Protocol Overview CDP runs on all Cisco routers and switches It can run over any physical media and over any protocol Unlike a routing protocol that shows a next−hop destination port for all known networks, CDP will only show information for directly connected neighbors It is most useful for verifying that a router is connected to the proper port of its neighbor Figure 14−1 gives an overview of the information that CDP can provide A CDP−enabled router will be able to learn directly connected neighbor port and hostname information Additional information such as the neighbor's hardware model number and capabilities are also reported Figure 14−1: CDP overview How Does CDP Work? A CDP−enabled router sends out a periodic multicast packet containing a CDP update The time between these CDP updates is determined by the cdp timer command, the timer value default being 60 seconds The following code shows a captured CDP packet A Network Associates sniffer was put on an Ethernet LAN that also had several Cisco routers connected to it As can be seen from the packet trace, the router sending the packet includes important information including: • Router hostname (Cisco1) • Router port information (Ethernet 0/0) • IOS version information (11.2(7a)P) • IOS platform information (C3620−I−M) • Hardware version information (Cisco 3600) 512 Although neighbor router IOS version, IOS platform, and hardware version are not critical pieces of information, neighbor router hostname and neighbor router port information are critical for debug purposes The use of the show cdp neighbor command is most useful in debug situations where one needs to verify what router and router port a given router is connected to Packet captured at 12/21/1998 12:19:37 AM; Packet size is 318(0x13e)bytes Relative time: 000:00:35.858 Delta time: 0.000.000 ETHER: Address: 00−E0−1E−5B−0A−81 —−>01−00−0C−CC−CC−CC Logical Link Control SSAP Address: 0xAA, CR bit = (Command) DSAP Address: 0xAA, IG bit = (Individual address) Unnumbered frame: UI SubNetwork Access Protocol Organization code: 0x00000c Type: Custom Defined Data: 0000: 01 b4 aa 2b 00 01 00 0a 43 69 73 63 6f 31 00 02 | a+ Cisco1 0010: 00 11 00 00 00 01 01 01 cc 00 04 c1 01 01 01 00 | I A 0020: 03 00 0f 45 74 68 65 72 6e 65 74 30 2f 30 00 04 | Ethernet0/0 0030: 00 08 00 00 00 01 00 05 00 e4 43 69 73 63 6f 20 | aCisco 0040: 49 6e 74 65 72 6e 65 74 77 6f 72 6b 20 4f 70 65 | Internetwork Ope 0050: 72 61 74 69 6e 67 20 53 79 73 74 65 6d 20 53 6f | rating System So 0060: 66 74 77 61 72 65 20 0a 49 4f 53 20 28 74 6d 29 | ftware IOS (tm) 0070: 20 33 36 30 30 20 53 6f 66 74 77 61 72 65 20 28 | 3600 Software ( 0080: 43 33 36 32 30 2d 49 2d 4d 29 2c 20 56 65 72 73 | C3620−I−M), Vers 0090: 69 6f 6e 20 31 31 2e 32 28 37 61 29 50 2c 20 53 | ion 11.2(7a)P, S 00a0: 48 41 52 45 44 20 50 4c 41 54 46 4f 52 4d 2c 20 | HARED PLATFORM, 00b0: 52 45 4c 45 41 53 45 20 53 4f 46 54 57 41 52 45 | RELEASE SOFTWARE 00c0: 20 28 66 63 31 29 0a 43 6f 70 79 72 69 67 68 74 | (fc1).Copyright 00d0: 20 28 63 29 20 31 39 38 36 2d 31 39 39 37 20 62 | (c) 1986−1997 b 00e0: 79 20 63 69 73 63 6f 20 53 79 73 74 65 6d 73 2c | y cisco Systems, 00f0: 20 49 6e 63 2e 0a 43 6f 6d 70 69 6c 65 64 20 57 | Inc Compiled W 0100: 65 64 20 30 32 2d 4a 75 6c 2d 39 37 20 30 38 3a | ed 02−Jul−97 08: 0110: 32 35 20 62 79 20 63 63 61 69 00 06 00 0e 63 69 | 25 by ccai ci 0120: 73 63 6f 20 33 36 32 30 | sco 3620 Commands Discussed in This Chapter • cdp enable • cdp run • cdp timer • clear cdp counters • clear cdp table • show cdp interface • show cdp neighbor • show cdp traffic • debug cdp [packets] [ip] [adjacency] [events] Definitions cdp enable: This interface command is used to enable CDP on a particular interface Since CDP is enabled by default, this command will not be shown in the router configuration cdp run: This global command enables CDP on the entire router Using the no cdp run command will disable any CDP on the router Since CDP is enabled by default, the cdp run command will not shown in the router configuration 513 cdp timer: This global command specifies how often the router sends CDP updates The default time between CDP updates is 60 seconds clear cdp counters: This privileged exec command causes the router's CDP traffic counters to be reset clear cdp table: This privileged exec command causes the router's CDP table to be cleared When this occurs, the show cdp neighbor command will not show any information until another CDP update is received from a neighbor router show cdp interface: This privileged exec command will show the status of CDP for each interface on the router show cdp neighbor: This privileged exec command causes the router to display neighbor information for all directly attached routers show cdp traffic: This privileged exec command will show how many CDP packets have been sent and received by the router It also shows how many errored CDP packets have been received debug cdp [packets] [ip] [adjacency] [events]: This debug command will cause the router to display debugging information for a variety of CDP events IOS Requirements CDP is supported in Cisco IOS releases 10.3 and higher Lab #68: Cisco CDP WAN Example Equipment Needed The following equipment is needed to perform this lab exercise: • Three Cisco routers, one of which must have two serial ports The other two routers can have one serial port • Cisco IOS 10.3 or higher • A PC running a terminal emulation program The PC should be connected to one of the three routers using a Cisco rolled cable • Two Cisco DTE/DCE crossover cables If no crossover cables are available, you can make a crossover cable by connecting a standard Cisco DTE cable to a standard Cisco DCE cable Configuration Overview This configuration will demonstrate the basics of CDP It will allow us to see the difference between information supplied by CDP and information supplied by a routing protocol such as RIP The three routers are serially connected as shown in Figure 14−2 RouterB will act as the DCE supplying clock to RouterA and RouterC A PC running a terminal emulation program should be connected to the console port of one of the three routers using a Cisco rolled cable Figure 14−2: CDP WAN example Note 514 Keep in mind that CDP will only supply information for directly connected neighbors This is in contrast to a routing protocol, which will provide information that allows the router to determine the next interface hop to all known networks Router Configuration The configurations for the three routers in this example are as follows Notice that since CDP is enabled by default, there are no specific CDP commands in the configuration: RouterA Current configuration: ! version 11.2 no service udp−small−servers no service tcp−small−servers ! hostname RouterA ! enable password cisco ! interface Serial0/0 ip address 192.1.1.1 255.255.255.0 encapsulation ppp ! router rip network 192.1.1.0 ! no ip classless ! line line aux line vty password cisco login ! end RouterB Current configuration: ! version 11.2 no service udp−small−servers no service tcp−small−servers ! hostname RouterB ! enable password cisco ! interface Serial0/0 ip address 192.1.1.2 255.255.255.0 encapsulation ppp clockrate 500000 ! interface Serial0/1 ip address 196.1.1.2 255.255.255.0 encapsulation ppp clockrate 19200 ! router rip network 192.1.1.0 network 196.1.1.0 ! no ip classless 515 ! line line aux line vty password cisco login ! end RouterC Current configuration: ! version 11.2 no service udp−small−servers no service tcp−small−servers ! hostname RouterC ! enable password cisco ! interface Serial0/0 ip address 196.1.1.3 255.255.255.0 encapsulation ppp ! router rip network 196.1.1.0 ! no ip classless ! line line aux line vty password cisco login ! end Monitoring and Testing the Configuration Let's examine some commands that enable us to monitor the status and results of CDP The first important command is show cdp traffic This command will display the number of CDP packets that have been received and sent by the router since the last clear cdp counter command: RouterA#sh cdp traffic CDP counters : Packets output: 16, Input: 11 Hdr syntax: 0, Chksum error: 0, Encaps failed: No memory: 0, Invalid packet: 0, Fragmented: The show cdp command will display how often CDP updates are sent (60 seconds) as well as how long CDP incoming information is kept until it is discarded (180 seconds) RouterB#sh cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds The show cdp neighbor command will display information on directly connected neighbors of the router, provided that CDP is enabled on these interfaces In the following example, we see that interface S0/0 on RouterA is connected to interface S0/0 on RouterB: Cisco1#sh cdp neigh 516 Specific IPX information for the interface can be displayed with the show ipx int s 0/0 command RouterA#show ipx int s 0/0 Serial0/0 is up, line protocol is up IPX address is 2.000a.000a.000a [up] ← IPX address A WAN interface has a default IPX delay of ↓ Delay of this IPX network, in ticks is throughput link delay IPXWAN processing not enabled on this interface IPX SAP update interval is minute(s) IPX type 20 propagation packet forwarding is disabled Incoming access list is not set Outgoing access list is not set IPX helper access list is not set SAP GNS processing enabled, delay ms, output filter list is not set SAP Input filter list is not set SAP Output filter list is not set SAP Router filter list is not set Input filter list is not set Output filter list is not set Router filter list is not set Netbios Input host access list is not set Netbios Input bytes access list is not set Netbios Output host access list is not set Netbios Output bytes access list is not set Updates each 60 seconds, aging multiples RIP: SAP: SAP interpacket delay is 55 ms, maximum size is 480 bytes RIP interpacket delay is 55 ms, maximum size is 432 bytes Watchdog processing is disabled, SPX spoofing is disabled, idle time 60 IPX accounting is disabled IPX fast switching is configured (enabled) RIP packets received 9, RIP packets sent ← RIP is running on this interface SAP packets received 1, SAP packets sent ← SAP is running on this interface Type show interface e 0/0 to display information on the Ethernet interface of the router There are two important items to note here: There is no IP address on this interface since the IP protocol is not configured on this router The MAC address of the interface is 00e0.1e5b.2601 The interface did not take the 000a.000a.000a MAC address that has been assigned to the Serial0 interface of this router by the command IPX Routing 000A.000A.000A in the router's configuration RouterA#show int e 0/0 Ethernet0/0 is up, line protocol is up Hardware is AmdP2, address is 00e0.1e5b.2601 (bia 00e0.1e5b.2601) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 128/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive not set ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:54, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, drops; input queue 0/75, drops minute input rate bits/sec, packets/sec minute output rate bits/sec, packets/sec packets input, bytes, no buffer Received broadcasts, runts, giants, throttles input errors, CRC, frame, overrun, ignored, abort input packets with dribble condition detected 576 packets output, 96038 bytes, underruns 576 output errors, collisions, interface resets babbles, late collision, deferred 576 lost carrier, no carrier output buffer failures, output buffers swapped out 581 Specific IPX information for the interface can be displayed with the show ipx int e 0/0 command RouterA#show ipx int e 0/0 Ethernet0/0 is up, line protocol is up IPX address is 1.00e0.1e5b.2601, NOVELL−ETHER [up] ← Default IPX encapsulation A LAN interface has a default IPX delay of ↓ Delay of this IPX network, in ticks is throughput link delay IPXWAN processing not enabled on this interface IPX SAP update interval is minute(s) IPX type 20 propagation packet forwarding is disabled Incoming access list is not set Outgoing access list is not set IPX helper access list is not set SAP GNS processing enabled, delay ms, output filter list is not set SAP Input filter list is not set SAP Output filter list is not set SAP Router filter list is not set Input filter list is not set Output filter list is not set Router filter list is not set Netbios Input host access list is not set Netbios Input bytes access list is not set Netbios Output host access list is not set Netbios Output bytes access list is not set Updates each 60 seconds, aging multiples RIP: SAP: SAP interpacket delay is 55 ms, maximum size is 480 bytes RIP interpacket delay is 55 ms, maximum size is 432 bytes IPX accounting is disabled IPX fast switching is configured (enabled) RIP packets received 0, RIP packets sent 200 SAP packets received 0, SAP packets sent 166 RouterB and RouterC should be reachable from RouterA IPX has limited test functionality as compared to IP With IPX, you can only ping another IPX interface Use the ping ipx 2.b.b.b command to verify that you can reach RouterB RouterA#ping ipx 2.b.b.b ← ping RouterB Type escape sequence to abort Sending 5, 100−byte IPX cisco Echoes to 2.000b.000b.000b, timeout is seconds: !!!!! Success rate is 100 percent (5/5), round−trip min/avg/max = 28/29/32 ms Use the ping ipx 3.c.c.c command to verify that you can reach RouterC RouterA#ping ipx 3.c.c.c ← ping RouterC Type escape sequence to abort Sending 5, 100−byte IPX cisco Echoes to 3.000c.000c.000c, timeout is seconds: !!!!! Success rate is 100 percent (5/5), round−trip min/avg/max = 56/56/60 ms Now connect to RouterC Type the show ipx route command to display the IPX routing table for RouterC We see that RouterC has two directly connected IPX networks: Network and Network Three networks have been learned via IPX RIP: Network 1, Network 2, and Network All of these RIP routes have a next hop address of RouterB RouterC#show ipx route Codes: C − Connected primary network, c − Connected secondary network S − Static, F − Floating static, L − Local (internal), W − IPXWAN R − RIP, E − EIGRP, N − NLSP, X − External, A − Aggregate s − seconds, u − uses 582 Total IPX routes Up to parallel paths and 16 hops allowed No default route known C C R R R (PPP), (NOVELL−ETHER), Se0/0 Et0/0 The next hop address for all remote networks is RouterB ↓ [13/02] via 3.000b.000b.000b, 57s, Se0/0 [07/01] via 3.000b.000b.000b, 58s, Se0/0 [13/02] via 3.000b.000b.000b, 58s, Se0/0 Type the show ipx interface brief command to display the status of each interface on the router We see that RouterC has two IPX networks configured Network is assigned to interface Ethernet0/0 and Network is assigned to interface S0/0 We see that both networks are in an up/up status RouterC#show ipx interface brief Interface IPX Network Encapsulation Status Ethernet0/0 NOVELL−ETHER up Serial0/0 PPP up IPX State [up] [up] Both RouterB and RouterA should be reachable via an IPX ping Try to ping Network on RouterB RouterC#ping ipx 3.b.b.b Type escape sequence to abort Sending 5, 100−byte IPX cisco Echoes to 3.000b.000b.000b, timeout is seconds: !!!!! Success rate is 100 percent (5/5), round−trip min/avg/max = 28/29/32 ms Make sure that both interfaces on IPX Network are also reachable RouterC#ping ipx 2.b.b.b ← ping RouterB Type escape sequence to abort Sending 5, 100−byte IPX cisco Echoes to 2.000b.000b.000b, timeout is seconds: !!!!! Success rate is 100 percent (5/5), round−trip min/avg/max = 28/29/32 ms RouterC#ping ipx 2.a.a.a ← ping RouterA Type escape sequence to abort Sending 5, 100−byte IPX cisco Echoes to 2.000a.000a.000a, timeout is seconds: !!!!! Success rate is 100 percent (5/5), round−trip min/avg/max = 56/56/56 ms The show ipx traffic command is very useful It gives detailed information on the number of IPX packets that have been sent or received on the router RouterC#show ipx traffic System Traffic for 0.0000.0000.0001 System−Name: RouterC Rcvd: 36 total, format errors, checksum errors, bad hop count, packets pitched, 36 local destination, multicast Bcast: 16 received, 29 sent Sent: 50 generated, forwarded encapsulation failed, no route SAP: SAP requests, SAP replies, servers SAP Nearest Name requests, replies SAP General Name requests, replies SAP advertisements received, sent SAP flash updates sent, SAP format errors RIP: RIP requests, RIP replies, routes RIP advertisements received, 18 sent RIP flash updates sent, RIP format errors 583 Echo: Rcvd requests, 15 replies Sent 15 requests, replies unknown: no socket, filtered, no helper SAPs throttled, freed NDB len Watchdog: packets received, replies spoofed Queue lengths: IPX input: 0, SAP 0, RIP 0, GNS SAP throttling length: 0/(no limit), nets pending lost route reply Delayed process creation: EIGRP: Total received 0, sent Updates received 0, sent Queries received 0, sent Replies received 0, sent SAPs received 0, sent NLSP: Level−1 Hellos received 0, sent PTP Hello received 0, sent Level−1 LSPs received 0, sent LSP Retransmissions: LSP checksum errors received: LSP HT=0 checksum errors received: Level−1 CSNPs received 0, sent Level−1 PSNPs received 0, sent Level−1 DR Elections: Level−1 SPF Calculations: Level−1 Partial Route Calculations: Now let's connect to RouterB Use the show ipx interface brief command to display a summary of all interfaces on the router We see that there are two IPX networks on this router — S0/0 and S0/1 — both of which are in an up/up state RouterB#show ipx interface brief Interface IPX Network Ethernet0/0 unassigned Serial0/0 Serial0/1 Encapsulation not config'd PPP PPP Status administratively down up up IPX State n/a [up] [up] The show ipx route command will display the routing table information for RouterB We see that RouterB has two directly connected networks: Network and Network Networks 1, 4, and have been learned via IPX RIP RouterB#show ipx route Codes: C − Connected primary network, c − Connected secondary network S − Static, F − Floating static, L − Local (internal), W − IPXWAN R − RIP, E − EIGRP, N − NLSP, X − External, A − Aggregate s − seconds, u − uses Total IPX routes Up to parallel paths and 16 hops allowed No default route known C C R R R (PPP), (PPP), [07/01] via [07/01] via [07/01] via Se0/1 Se0/0 2.000a.000a.000a, 3.000c.000c.000c, 2.000a.000a.000a, 30s, Se0/1 ← RIP route 31s, Se0/0 ← RIP route 31s, Se0/ ← RIP route Using the IPX ping command, verify that you can reach RouterC and RouterA: RouterB#ping ipx 3.c.c.c ← ping RouterC Type escape sequence to abort Sending 5, 100−byte IPX cisco Echoes to 3.000c.000c.000c, timeout is seconds: !!!!! Success rate is 100 percent (5/5), round−trip min/avg/max = 28/29/32 ms 584 RouterB#ping ipx 2.a.a.a ← ping RouterA Type escape sequence to abort Sending 5, 100−byte IPX cisco Echoes to 2.000a.000a.000a, timeout is seconds: !!!!! Success rate is 100 percent (5/5), round−trip min/avg/max = 28/29/32 ms Let's try to telnet to RouterC Issue the telnet command and when prompted for a host, enter 3.c.c.c We see that RouterB issues an error message that it is unable to find a computer address Telnet is an IP protocol application IPX does not use telnet, nor does it have an equivalent The only test tool that is available when running IPX on a network is the IPX ping This is why it is important to always run the IP protocol on your network RouterB#telnet Host: 3.c.c.c ← Try to telnet to an IPX address Translating "3.c.c.c" domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address Telnet can only be used with the IP protocol IPX does not support telnet Let's examine how the IPX RIP routing protocol works Enable IPX RIP debugging with the debug ipx routing activity and debug ipx routing events commands If you are not connected to the console port of the router, be sure to also issue the terminal monitor command to send all debug output to your terminal session RouterB#debug ipx routing activity IPX routing debugging is on RouterB#debug ipx routing events IPX routing events debugging is on IPX RIP has many similarities to IP RIP in terms of how updates are sent and received Every 60 seconds a router will send an update to each directly connected neighbor The update consists of all routes that the router can reach and the distance to those routes With IP RIP the metric is hop count With IPX RIP there are two metrics The first metric is hop count The second metric is delay By default, the delay on a WAN interface is and the delay on a LAN interface is The following two show interface outputs for an Ethernet and a serial interface show that the delay is listed in the output of the command RouterA#show ipx int e 0/0 Ethernet0/0 is up, line protocol is up IPX address is 1.00e0.1e5b.2601, NOVELL−ETHER [up] A LAN interface has a default IPX delay of ↓ Delay of this IPX network, in ticks is throughput link delay RouterA#show ipx int s 0/0 Serial0/0 is up, line protocol is up IPX address is 2.000a.000a.000a [up] A WAN interface has a default IPX delay of ↓ Delay of this IPX network, in ticks is throughput link delay IPX RIP will prefer a route with lower delay over a route with a lower hop count The debug ipx routing output below shows the updates sent out from and received on RouterB The first update is sent from RouterB to RouterC It informs RouterC that RouterB has a route to IPX Network 5, IPX Network 1, and IPX Network RouterB sends an update to RouterC ↓ 585 IPXRIP: positing full update to 3.ffff.ffff.ffff via Serial0/0 (broadcast) IPXRIP: src=3.000b.000b.000b, dst=3.ffff.ffff.ffff, packet sent network 5, hops 2, delay 13 network 1, hops 2, delay 13 network 2, hops 1, delay Next, RouterB receives an update from RouterC RouterC informs RouterB that it has a route to IPX Network RouterB receives an update from RouterC ↓ IPXRIP: update from 3.000c.000c.000c in hops, delay RouterB then sends an update to RouterA RouterB tells RouterA that it has a route to IPX Network and IPX Network RouterB sends an update to RouterA ↓ IPXRIP: positing full update to 2.ffff.ffff.ffff via Serial0/1 (broadcast) IPXRIP: src=2.000b.000b.000b, dst=2.ffff.ffff.ffff, packet sent network 4, hops 2, delay 13 network 3, hops 1, delay Finally, RouterB receives an update from RouterA RouterA informs RouterB that it has a route to IPX Network and IPX Network RouterB receives an update from RouterA ↓ IPXRIP: update from 2.000a.000a.000a in hops, delay in hops, delay This process repeats itself every 60 seconds Lab #82: IPX EIGRP Equipment Needed The following equipment is needed to perform this lab exercise: • Three Cisco routers One of the routers must have two serial interfaces, and the other two routers must have one serial interface and one Ethernet interface • Two Cisco crossover cables If a Cisco crossover cable is not available, you can use a Cisco DTE cable connected to a Cisco DCE cable • A Cisco rolled cable for console port connection to the routers • A Cisco IOS image that supports the IPX protocol Configuration Overview This lab will demonstrate IPX routing protocols By default, IPX RIP is enabled on all interfaces EIGRP can also be used as a routing protocol for IPX networks EIGRP has several advantages over RIP, such as • Faster convergence • Less network traffic dedicated to routing updates (EIGRP only sends out periodic updates of its routing table) • Lower CPU utilization 586 • Better scaling in large networks • Automatic redistribution with IPX RIP In this lab, we will be running IPX RIP on the LAN interfaces and EIGRP on all other interfaces Since IPX RIP is enabled on all interfaces by default, we will be explicitly turning it off on those interfaces where we want to run EIGRP As shown in Figure 18−7, this lab defines five IPX networks RouterA, RouterB, and RouterC are each given IPX node numbers a.a.a, b.b.b, and c.c.c, respectively Figure 18−7: IPX EIGRP The three routers are connected as shown in Figure 18−7 RouterB acts as a DCE and supplies clocking to RouterA and RouterC Router Configuration The configurations for the three routers in this example are as follows (key IPX commands are highlighted in bold) RouterA Current configuration: ! version 11.2 no service password−encryption no service udp−small−servers no service tcp−small−servers ! hostname RouterA ! ! ipx routing 000a.000a.000a ← Enable IPX routing 000a.000a.000a ! interface Loopback0 no ip address ipx network ← Make this interface IPX Network ! interface Ethernet0/0 no ip address no keepalive ipx network ! interface Serial0/0 no ip address encapsulation ppp ipx network ← Make this interface IPX Network no fair−queue ! no ip classless ! ! ipx router eigrp ← Enable IPX EIGRP autonomous 587 Define the IPX node to be system network ← Include IPX Network in EIGRP updates ! ! ipx router rip ← Enable IPX RIP on this router no network ← Do not advertise IPX Network in RIP updates ! line line aux line vty login ! end RouterB Current configuration: ! version 11.2 no service password−encryption no service udp−small−servers no service tcp−small−servers ! hostname RouterB ! ! ipx routing 000b.000b.000b ← Enable IPX routing Define the IPX node to be 000b.000b.000b ! interface Serial0/0 no ip address encapsulation ppp ipx network ← Make this interface IPX Network no fair−queue clockrate 64000 ! interface Serial0/1 no ip address encapsulation ppp ipx network ← Make this interface IPX Network clockrate 64000 ! no ip classless ! ! ipx router eigrp ← Enable IPX EIGRP autonomous system network all ← Advertise all IPX networks on this router in EIGRP updates ! ! no ipx router rip ← Do not enable IPX RIP on this router ! ! line line aux line vty login ! end RouterC Current configuration: ! version 11.2 no service password−encryption no service udp−small−servers no service tcp−small−servers 588 ! hostname RouterC ! ! ipx routing 000c.000c.000c ← Enable IPX routing Define the IPX node to be 000c.000c.000c ! interface Ethernet0/0 no ip address no keepalive ipx network ← Make this interface IPX Network ! interface Serial0/0 no ip address encapsulation ppp ipx network ← Make this interface IPX Network no fair−queue ! no ip classless ! ! ipx router eigrp ← Enable IPX EIGRP autonomous system network ← Include IPX Network in EIGRP updates ! ! ipx router rip ← Enable IPX RIP on this router no network ← Do not advertise IPX Network in RIP updates ! line line aux line vty login ! end Notice that IPX SAP has to be turned off on those interfaces where we not want it to run Monitoring and Testing the Configuration Let's start by connecting to RouterA Verify that all IPX interfaces are up and active with the show ipx interface brief command RouterA#show ipx interface brief Interface IPX Network Ethernet0/0 Serial0/0 Loopback0 Encapsulation NOVELL−ETHER PPP UNKNOWN Status up up up IPX State [up] [up] [up] The show ipx route command shows us that we have three directly connected networks (Network 1, Network 2, and Network 5) Two remote networks have been learned via EIGRP These are Networks 3, and Notice that there are no RIP learned routes in this routing table RouterA#show ipx route Codes: C − Connected primary network, c − Connected secondary network S − Static, F − Floating static, L − Local (internal), W − IPXWAN R − RIP, E − EIGRP, N − NLSP, X − External, A − Aggregate s − seconds, u − uses Total IPX routes Up to parallel paths and 16 hops allowed No default route known C C C (NOVELL−ETHER), (PPP), (UNKNOWN), Et0/0 Se0/0 Lo0 589 EIGRP learned route ↓ E [2681856/0] via 2.000b.000b.000b, age 02:08:01, EIGRP learned route ↓ E [2707456/1] via 385u, Se0/0 2.000b.000b.000b, age 02:07:52, The show ipx eigrp neighbor command will display information on what neighboring EIGRP routers have been discovered RouterA#show ipx eigrp neigh IPX EIGRP Neighbors for process H Address Interface Hold Uptime SRTT (sec) (ms) 13 02:10:19 53 2.000b.000b.000b Se0/0 RouterB, interface S0/1 is an EIGRP neighbor RTO Q Seq Cnt Num 318 38 The show ipx eigrp interfaces command will show what router interfaces are running EIGRP Notice that only interface S0/0 of RouterA is an EIGRP interface Interface E0/0 on RouterA is still running IPX RIP RouterA#show ipx eigrp interfaces IPX EIGRP Interfaces for process Xmit Queue Mean Pacing Time Multicast Pending Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes Se0/0 0/0 53 0/15 263 Only interface S0/0 is running EIGRP Interface E0/0 is still running EIGRP Now let's connect to RouterB The show ipx interface brief command should show us that all interfaces are up and active RouterB#show ipx interface brief Interface IPX Network Ethernet0/0 unassigned Serial0/0 Serial0/1 Encapsulation not config'd PPP PPP Status administratively down up up IPX State n/a [up] [up] The show ipx route command should show EIGRP routes to three IPX networks: 1, 4, and RouterB#show ipx route Codes: C − Connected primary network, c − Connected secondary network S − Static, F − Floating static, L − Local (internal), W − IPXWAN R − RIP, E − EIGRP, N − NLSP, X − External, A − Aggregate s − seconds, u − uses Total IPX routes Up to parallel paths and 16 hops allowed No default route known C C E E E (PPP), Se0/1 (PPP), Se0/0 [2195456/1] via 2.000a.000a.000a, age 02:08:28, 392u, Se0/1 [2195456/1] via 3.000c.000c.000c, age 02:08:28, 3u, Se0/0 [2297856/1] via 2.000a.000a.000a, age 02:08:28, 1u, Se0/1 590 There should be two discovered EIGRP neighbors: IPX Network and IPX Network Verify this with the show ipx eigrp neighbor command RouterB#show ipx eigrp neigh IPX EIGRP Neighbors for process H Address Interface Hold Uptime (sec) SRTT (ms) RTO Q Seq Cnt Num EIGRP neighbor RouterA ↓ 2.000a.000a.000a Se0/1 10 02:11:10 22 200 20 EIGRP neighbor RouterC ↓ 3.000c.000c.000c Se0/0 14 02:11:41 43 258 22 Verify with the show ipx eigrp interfaces command that both serial interfaces on RouterB are running EIGRP RouterB#show ipx eigrp interfaces IPX EIGRP Interfaces for process Xmit Queue Mean Pacing Time Multicast Pending Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes Se0/0 0/0 43 0/15 207 Se0/1 0/0 22 0/15 103 Both serial interfaces on RouterB are using EIGRP for their routing protocol The show ipx eigrp traffic command is a useful command that shows how much EIGRP traffic has been sent and received on the router RouterB#show ipx eigrp traffic IP−EIGRP Traffic Statistics for process Hellos sent/received: 3433/3430 Updates sent/received: 11/11 Queries sent/received: 10/7 Replies sent/received: 7/10 Acks sent/received: 37/33 Input queue high water mark 2, drops Now connect to RouterC Verify that all IPX interfaces are active with the show ipx interface brief command RouterC#show ipx interface brief Interface IPX Network Ethernet0/0 Serial0/0 BRI0/0 unassigned BRI0/0:1 unassigned BRI0/0:2 unassigned Encapsulation NOVELL−ETHER PPP not config'd not config'd not config'd Status up up administratively down administratively down administratively down IPX State [up] [up] n/a n/a n/a The show ipx route command should reveal that there are three networks that have been learned via EIGRP These should be Networks 1, 2, and RouterC#show ipx route Codes: C − Connected primary network, c − Connected secondary network S − Static, F − Floating static, L − Local (internal), W − IPXWAN R − RIP, E − EIGRP, N − NLSP, X − External, A − Aggregate s − seconds, u − uses Total IPX routes Up to parallel paths and 16 hops allowed 591 No default route known C C E (PPP), Se0/0 (NOVELL−ETHER), Et0/0 [2707456/1] via 3.000b.000b.000b, age 02:09:47, 4u, Se0/0 [2681856/0] via 3.000b.000b.000b, age 02:09:47, 1u, Se0/0 [2809856/1] via 3.000b.000b.000b, age 02:09:47, 1u, Se0/0 E E The show ipx eigrp interfaces command should show that there is one interface on this router that is running EIGRP, Serial0/0 RouterC#show ipx eigrp interfaces IPX EIGRP Interfaces for process Interface Se0/0 Peers Xmit Queue Un/Reliable 0/0 Mean SRTT 20 Pacing Time Un/Reliable 0/15 Multicast Flow Timer 95 Pending Routes Lab #83: Static SAP Entries andSAP Access Lists Equipment Needed The following equipment is needed to perform this lab exercise: • Three Cisco routers One of the routers must have two serial interfaces, and the other two routers must have one serial interface and one Ethernet interface • Two Cisco crossover cables If a Cisco crossover cable is not available, you can use a Cisco DTE cable connected to a Cisco DCE cable • A Cisco rolled cable for console port connection to the routers • Cisco IOS image that supports the IPX protocol Configuration Overview This lab will demonstrate how SAP advertisements work on a Cisco router We will define static SAPs on our routers and explore how these work SAP updates can take up a lot of bandwidth on an IPX network The Cisco IOS allows static SAP entries to be created Finally, we will demonstrate how a Cisco router can filter SAP updates As shown in Figure 18−8, this lab defines five IPX networks RouterA, RouterB, and RouterC are each given IPX node numbers a.a.a, b.b.b, and c.c.c, respectively 592 Figure 18−8: IPX SAP The three routers are connected as shown in Figure 18−8 RouterB acts as a DCE and supplies clocking to RouterA and RouterC Note Even though we are not running IPX RIP/SAP on the wide area network, we will see that SAP updates are still propagated throughout the network Router Configuration The configurations for the three routers in this example are as follows (key IPX commands are highlighted in bold) RouterA Current configuration: ! version 11.2 no service password−encryption no service udp−small−servers no service tcp−small−servers ! hostname RouterA ! ! ipx routing 000a.000a.000a ← Enable IPX routing Define the IPX node to be 000a.000a.000a ! interface Loopback0 no ip address ipx network ← Make this interface IPX Network ! interface Ethernet0/0 no ip address no keepalive ipx network ← Make this interface IPX Network ! interface Serial0/0 no ip address encapsulation ppp ipx network ← Make this interface IPX Network no fair−queue ! no ip classless ! ! ipx router eigrp ← Enable IPX EIGRP autonomous system network ← Include IPX Network in EIGRP updates ! ! ipx router rip ← Enable IPX RIP on this router no network ← Do not advertise IPX Network in RIP updates ! 593 ! ipx sap Server4 4.00e0.1e5b.0a81 451 ← Define a static SAP entry on this router ! ! line line aux line vty login ! end RouterB Current configuration: ! version 11.2 no service password−encryption no service udp−small−servers no service tcp−small−servers ! hostname RouterB ! ! ipx routing 000b.000b.000b ← Enable IPX routing Define the IPX node to be 000b.000b.000b ! interface Serial0/0 no ip address encapsulation ppp ipx network ← Make this interface IPX Network no fair−queue clockrate 64000 ! interface Serial0/1 no ip address encapsulation ppp ipx network clockrate 64000 ! no ip classless ! ! ipx router eigrp ← Enable IPX EIGRP autonomous system network all ← Include all IPX networks in EIGRP advertisements ! ! no ipx router rip ← Do not enable IPX RIP on this router ! ipx sap Server1 1.00e0.1e5b.2601 451 ← Define a static SAP entry on this router ipx sap Server2 1.00e0.1e5b.2601 451 ← Define a static SAP entry on this router ! ! line line aux line vty login ! end RouterC Current configuration: ! 594 version 11.2 no service password−encryption no service udp−small−servers no service tcp−small−servers ! hostname RouterC ! ! ipx routing 000c.000c.000c ← Enable IPX routing Define the IPX node to be 000c.000c.000c ! interface Ethernet0/0 no ip address no keepalive ipx network ← Make this interface IPX Network ! interface Serial0/0 no ip address encapsulation ppp ipx network ← Make this interface IPX Network no fair−queue ! no ip classless ! ! ipx router eigrp ← Enable IPX EIGRP autonomous system network ← Include IPX Network in EIGRP updates ! ! ipx router rip ← Enable IPX RIP on this router no network ← Do not advertise IPX Network in RIP updates ! line line aux line vty login ! end Monitoring and Testing the Configuration Looking at the configurations of our three routers we see that we have defined three static SAP entries: RouterA has a static SAP entry to a server (Server4) that is located on IPX Network RouterB has a static SAP entry to a server (Server1) that is located on IPX Network RouterB has a second static SAP entry to a server (Server2) that is also located on IPX Network Let's connect to RouterA We can view the known IPX servers with the show ipx servers command Notice that RouterA only knows of one IPX server, Server4 This is the server that we have statically defined on RouterA Why does RouterA not know about the two servers (Server1 and Server2) that we statically defined on RouterB? The answer requires an understanding of RIP/SAP split horizon RIP/SAP split horizon says that a router will never advertise RIP routing or SAP server information out of the same interface that it learned the information from In this case, the static SAP entry on RouterB that points to two servers on RouterA will never be broadcast to RouterA since RouterB treats the static entry as if it was learned from RouterA Thus, RouterA should not have an entry for the two servers that were statically defined on RouterB RouterA#show ipx servers Codes: S − Static, P − Periodic, E − EIGRP, N − NLSP, H − Holddown, + = detail Total IPX Servers Table ordering is based on routing and server info S Type Name Server4 Net Address Port 4.00e0.1e5b.0a81:0451 595 Route Hops 2707456/01 Itf ... 0050: 72 61 74 69 6e 67 20 53 79 73 74 65 6d 20 53 6f | rating System So 0060: 66 74 77 61 72 65 20 0a 49 4f 53 20 28 74 6d 29 | ftware IOS (tm) 0 070 : 20 33 36 30 30 20 53 6f 66 74 77 61 72 65... 03 00 0f 45 74 68 65 72 6e 65 74 30 2f 30 00 04 | Ethernet0/0 0030: 00 08 00 00 00 01 00 05 00 e4 43 69 73 63 6f 20 | aCisco 0040: 49 6e 74 65 72 6e 65 74 77 6f 72 6b 20 4f 70 65 | Internetwork... 79 20 63 69 73 63 6f 20 53 79 73 74 65 6d 73 2c | y cisco Systems, 00f0: 20 49 6e 63 2e 0a 43 6f 6d 70 69 6c 65 64 20 57 | Inc Compiled W 0100: 65 64 20 30 32 2d 4a 75 6c 2d 39 37 20 30 38 3a