CertificationZone Page 1 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 Date of Issue: 11-01-2000 ISDN Lab Scenario 1 -- OSPF Build to Specifications Introduction This lab is designed to be a build-to-specifications test. There are numerous issues that need to be addressed for this lab to work correctly. The lab is designed to illustrate some of the problems associated with ISDN and link state routing protocols, such as OSPF. This lab will concentrate on dialer profiles while the second lab scenario will be a troubleshooting scenario based on a distance vector protocol and legacy DDR configuration. The two scenarios are designed to thoroughly test your knowledge of the basics of ISDN configuration. All CCIE candidates are well advised to master all aspects of ISDN. Make use of the question mark for each ISDN command and each PPP command and write your own scenarios so that you have seen every possible option for every command before you attempt the CCIE lab exam. These labs are also designed to force you to concentrate on ISDN configurations by limiting the amount of external equipment, while maximizing IOS features such as virtual token-ring interfaces and loopbacks for added complexity. Network Specifications When you are finished troubleshooting the network, it should meet the following specifications: 1. 1. Configure dialer profiles on each router. 2. 2. Use a form of authentication that does not send the password over the network in the clear where a sniffer might be able to intercept it. Use the hostname CCIE1 for router 1 and CCIE2 for router 2 for authentication; but the router hostnames must be r1 and r2 respectively. 3. 3. Do not allow OSPF hellos to keep the ISDN line up indefinitely. The ISDN line should only come up when the Ethernet connection fails. 4. 4. Configure OSPF for the network. The ISDN link, the Ethernet, and the loopback 0 interfaces on each router should be placed into OSPF area 0. On router 1, loopback 1 should be placed in OSPF area 1, and loopback 2 should be placed into OSPF area 2. On router 2, loopback 1 should be placed into OSPF area 11, and loopback 2 should be placed into area 12. 5. 5. Configure r2 such that the physical BRI interface does not enter the standby mode in case we want to configure AppleTalk on these routers. Configure r2 so that it will monitor the state of the Ethernet port and bring up the ISDN line if the Ethernet port fails. R2 should wait for 2 seconds before bringing up the ISDN line when the Ethernet port fails and should disconnect 2 seconds after the Ethernet port comes back up. The Starting Configurations The actual equipment that I used to develop this lab included a simple switch, a Cisco 1604 router, and a Cisco 2610 router. The ISDN simulator was a Teltone ISDN Demonstrator with 2 U interfaces. You will need to adjust the lab contents to fit your ISDN simulator and/or routers as necessary. Here is the basic starting point for cabling your equipment: ISDN Information for Router1 isdn switch-type basic-ni isdn spid1 0835866101 8358661 isdn spid2 0835866301 8358663 ISDN Information for Router2 isdn spid1 0835866201 8358662 CertificationZone Page 2 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 isdn spid2 0835866401 8358664 Hints l • Do we need any dialer map statements? No, we do not. All we need is a dial string for dialer profiles since we have a dialer remote name. l • Can you ping every interface on both routers? You should be able to. l • To help keep the line quiet, investigate the OSPF demand circuit command. l • To bring up the line when the Ethernet port fails, use the backup set of commands. l • To configure authentication, use the alternate method of ppp chap authentication. Solution Here are the final routing tables for the lab. r1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 192.168.10.0/32 is subnetted, 1 subnets O 192.168.10.1 [110/11] via 192.168.1.201, 00:00:24, Ethernet0/0 172.19.0.0/30 is subnetted, 1 subnets C 172.19.1.4 is directly connected, Dialer0 10.0.0.0/32 is subnetted, 6 subnets O 10.10.11.2 [110/11] via 192.168.1.212, 00:00:24, Ethernet0/0 C 10.10.11.1 is directly connected, Loopback0 C 10.10.13.1 is directly connected, Loopback2 C 10.10.12.1 is directly connected, Loopback1 O IA 10.10.12.2 [110/11] via 192.168.1.212, 00:00:24, Ethernet0/0 O IA 10.10.13.2 [110/11] via 192.168.1.212, 00:00:25, Ethernet0/0 C 192.168.1.0/24 is directly connected, Ethernet0/0 r1# Notice that the source of the routes here is the Ethernet 0 interface. r2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR CertificationZone Page 3 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 Gateway of last resort is not set 192.168.10.0/32 is subnetted, 1 subnets O 192.168.10.1 [110/11] via 192.168.1.201, 00:00:41, Ethernet0 10.0.0.0/32 is subnetted, 6 subnets C 10.10.11.2 is directly connected, Loopback0 O 10.10.11.1 [110/11] via 192.168.1.211, 00:00:41, Ethernet0 O IA 10.10.13.1 [110/11] via 192.168.1.211, 00:00:41, Ethernet0 O IA 10.10.12.1 [110/11] via 192.168.1.211, 00:00:41, Ethernet0 C 10.10.12.2 is directly connected, Loopback1 C 10.10.13.2 is directly connected, Loopback2 C 192.168.1.0/24 is directly connected, Ethernet0 Notice that the dialer interface is in standby mode, not the physical BRI interface. r2#sh int dialer 0 Dialer0 is standby mode, line protocol is down Hardware is Unknown Internet address is 172.19.1.5/30 MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set DTR is pulsed for 1 seconds on reset Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Notice that the backup interface is specified as Dialer0. Notice also that the failure delay is set to 2 seconds, and the disable delay is also set to 2 seconds. r2#sh int e 0 Ethernet0 is up, line protocol is up Hardware is QUICC Ethernet, address is 0010.7b00.5011 (bia 0010.7b00.5011) Internet address is 192.168.1.212/24 Backup interface Dialer0, kickin load not set, kickout load not set failure delay 2 sec, secondary disable delay 2 sec MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:05, output 00:00:03, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 225 packets input, 33227 bytes, 0 no buffer Received 206 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 input packets with dribble condition detected 128 packets output, 18052 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Now we can see that the Ethernet fails and the ISDN line comes up. Now check the routing table and see that most routes are sourced from the dialer 0 interface. r2#sh debug CertificationZone Page 4 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 General Ethernet: Ethernet network interface debugging is on Dial on demand: Dial on demand events debugging is on r2# 00:18:19: %QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem? 00:18:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down 00:18:22: BRI0: rotor dialout [priority] 00:18:22: BRI0: Dialing cause ip (s=172.19.1.5, d=224.0.0.5) 00:18:22: BRI0: Attempting to dial 8358661 00:18:22: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:18:22: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer0 00:18:22: dialer Protocol up for BR0:1 00:18:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 00:18:24: %LINK-3-UPDOWN: Interface Dialer0, changed state to up 00:18:28: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358661 CCIE1 r2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 192.168.10.0/32 is subnetted, 1 subnets O 192.168.10.1 [110/1796] via 172.19.1.6, 00:00:06, Dialer0 172.19.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.19.1.6/32 is directly connected, Dialer0 C 172.19.1.4/30 is directly connected, Dialer0 10.0.0.0/32 is subnetted, 6 subnets C 10.10.11.2 is directly connected, Loopback0 O 10.10.11.1 [110/1786] via 172.19.1.6, 00:00:06, Dialer0 O IA 10.10.13.1 [110/1786] via 172.19.1.6, 00:00:06, Dialer0 O IA 10.10.12.1 [110/1786] via 172.19.1.6, 00:00:06, Dialer0 C 10.10.12.2 is directly connected, Loopback1 C 10.10.13.2 is directly connected, Loopback2 O 192.168.1.0/24 [110/1795] via 172.19.1.6, 00:00:07, Dialer0 r2#un all R1's Final Configuration version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r1 ! username CCIE2 password 0 cisco ! ip subnet-zero ip host r2 172.19.1.5 ! isdn switch-type basic-ni ! interface Loopback0 ip address 10.10.11.1 255.255.255.255 no ip directed-broadcast ! interface Loopback1 ip address 10.10.12.1 255.255.255.255 no ip directed-broadcast ! interface Loopback2 ip address 10.10.13.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 ip address 192.168.1.211 255.255.255.0 no ip directed-broadcast CertificationZone Page 5 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 ! interface Serial0/0 no ip address shutdown ! interface BRI0/0 no ip address no ip directed-broadcast encapsulation ppp dialer pool-member 1 isdn switch-type basic-ni isdn spid1 0835866101 8358661 isdn spid2 0835866301 8358663 ppp authentication chap ! interface Dialer0 ip address 172.19.1.6 255.255.255.252 no ip directed-broadcast encapsulation ppp ip ospf demand-circuit dialer remote-name CCIE2 dialer pool 1 dialer string 8358662 dialer-group 1 ppp authentication chap ppp chap hostname CCIE1 ! router ospf 1 network 10.10.11.1 0.0.0.0 area 0 network 10.10.12.1 0.0.0.0 area 1 network 10.10.13.1 0.0.0.0 area 2 network 172.19.1.4 0.0.0.3 area 0 network 192.168.1.0 0.0.0.255 area 0 ! ip classless no ip http server ! dialer-list 1 protocol ip permit ! line con 0 transport input none line aux 0 line vty 0 4 login ! no scheduler allocate end R2's Final Configuration version 11.3 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname r2 ! ! username CCIE1 password 0 cisco username r1 password 0 cisco ip subnet-zero no ip domain-lookup ip host r1 172.19.1.6 isdn switch-type basic-ni1 ! ! interface Loopback0 ip address 10.10.11.2 255.255.255.255 ! interface Loopback1 ip address 10.10.12.2 255.255.255.255 ! CertificationZone Page 6 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 interface Loopback2 ip address 10.10.13.2 255.255.255.255 ! interface Ethernet0 backup delay 2 2 backup interface Dialer0 ip address 192.168.1.212 255.255.255.0 ! interface BRI0 no ip address encapsulation ppp shutdown dialer pool-member 1 isdn spid1 0835866201 8358662 isdn spid2 0835866401 8358664 ppp authentication chap ! interface Dialer0 ip address 172.19.1.5 255.255.255.252 encapsulation ppp ip ospf demand-circuit dialer remote-name CCIE1 dialer string 8358661 dialer pool 1 dialer-group 1 ppp authentication chap ppp chap hostname CCIE2 ! router ospf 1 network 10.10.11.2 0.0.0.0 area 0 network 10.10.12.2 0.0.0.0 area 11 network 10.10.13.2 0.0.0.0 area 12 network 172.19.1.4 0.0.0.3 area 0 network 192.168.1.0 0.0.0.255 area 0 ! ip classless ! dialer-list 1 protocol ip permit ! line con 0 line vty 0 4 login ! end Now we can ping end to end. r1# ping 172.19.1.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.19.1.5, timeout is 2 seconds: !.!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 36/39/48 ms r1#ping 10.10.11.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.11.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/40 ms r1#ping 10.10.11.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.12.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms r1#ping 10.10.13.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.13.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms Checking the OSPF database, we can see that there are Do Not Age (DNA) entries and that there is no dead time listed for the dialer0 interface. R2 would have similar entries. CertificationZone Page 7 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 r1#sh ip ospf data OSPF Router with ID (10.10.11.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.10.11.1 10.10.11.1 250 0x80000006 0x7501 4 10.10.13.2 10.10.13.2 1 (DNA) 0x80000005 0x748B 3 192.168.10.1 192.168.10.1 1135 0x80000135 0x1EFF 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 192.168.1.201 192.168.10.1 1135 0x80000002 0x1AE1 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.10.12.1 10.10.11.1 241 0x80000001 0xCEE 10.10.12.2 10.10.13.2 1 (DNA) 0x80000001 0xED09 10.10.13.1 10.10.11.1 231 0x80000001 0x1F8 10.10.13.2 10.10.13.2 1 (DNA) 0x80000001 0xE213 Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 10.10.11.1 10.10.11.1 250 0x80000001 0x8E41 1 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 10.10.11.1 10.10.11.1 251 0x80000001 0x17E4 10.10.11.2 10.10.11.1 251 0x80000001 0x7F3 10.10.12.2 10.10.11.1 181 0x80000001 0xFBFD 10.10.13.1 10.10.11.1 232 0x80000001 0x1F8 10.10.13.2 10.10.11.1 181 0x80000001 0xF008 172.19.1.4 10.10.11.1 252 0x80000001 0x96C4 192.168.1.0 10.10.11.1 252 0x80000001 0x3375 192.168.10.1 10.10.11.1 252 0x80000001 0xCFCD Router Link States (Area 2) Link ID ADV Router Age Seq# Checksum Link count 10.10.11.1 10.10.11.1 240 0x80000001 0x9737 1 Summary Net Link States (Area 2) Link ID ADV Router Age Seq# Checksum 10.10.11.1 10.10.11.1 232 0x80000001 0x17E4 10.10.11.2 10.10.11.1 233 0x80000001 0x7F3 10.10.12.2 10.10.11.1 183 0x80000001 0xFBFD 10.10.13.2 10.10.11.1 183 0x80000001 0xF008 172.19.1.4 10.10.11.1 233 0x80000001 0x96C4 192.168.1.0 10.10.11.1 233 0x80000001 0x3375 192.168.10.1 10.10.11.1 233 0x80000001 0xCFCD r1# sh ip ospf neigh Neighbor ID Pri State Dead Time Address Interface 192.168.10.1 1 FULL/DR 00:00:37 192.168.1.201 Ethernet0/0 10.10.13.2 1 FULL/ - - 172.19.1.5 Dialer0 Finally, we can check and see that authentication is working correctly by using the debug ppp authentication command. Notice that the challenges and replies come from CCIE1 and CCIE2, not the router hostnames r1 and r2. We already knew it was working correctly through indirect observation since the calls were being properly made, so this is an additional confirmation. r2#ping 10.10.11.13.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.13.1, timeout is 2 seconds: 00:29:57: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:29:57: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer0.! CertificationZone Page 8 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 00:29:57: BR0:1 PPP: Treating connection as a callout 00:29:57: BR0:1 PPP: Phase is AUTHENTICATING, by both 00:29:57: BR0:1 CHAP: Using hostname CCIE2 from interface Di0 00:29:57: BR0:1 CHAP: O CHALLENGE id 2 len 26 from "CCIE2" 00:29:57: BR0:1 CHAP: I CHALLENGE id 2 len 26 from "CCIE1" 00:29:57: BR0:1 CHAP: Using hostname CCIE2 from interface Di0 00:29:57: BR0:1 CHAP: O RESPONSE id 2 len 26 from "CCIE2" 00:29:57: BR0:1 CHAP: I SUCCESS id 2 len 4 00:29:57: BR0:1 CHAP: I RESPONSE id 2 len 26 from "CCIE1" 00:29:57: BR0:1 CHAP: O SUCCESS id 2 len 4 00:29:58: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up.!! Success rate is 60 percent (3/5), round-trip min/avg/max = 32/38/48 ms r2# [IE-ISDN-LS1-F03] ISDN Lab Scenario 2 -- Troubleshooting ISDN This lab is designed to be a complex ISDN troubleshooting scenario. There are numerous issues that need to be fixed for this lab to work correctly. The lab is designed to illustrate some of the problems associated with ISDN and distance vector protocols such as RIP. This lab will concentrate on legacy DDR and snapshot routing with a more conventional authentication scenario. This troubleshooting lab will also cover floating static routes and redistribution problems. Additionally, this lab will introduce a valuable IOS feature found in IOS version 11.3 or greater, the virtual token-ring interface. Dynamic routing can be quite a challenge to DDR. First- and second-generation distance vector routing protocols such as RIP and IGRP periodically send their routing table whether or not it contains new information. More advanced routing protocols, such as EIGRP and OSPF, still send information periodically, but the information is a much smaller HELLO packet. HELLOs, however, still can bring up a DDR link. The demand network features of OSPF and RIP are intended to avoid situations in which routing traffic would bring up the link. Network Specifications When you are finished troubleshooting the network, it should meet the following specifications: 1. 1. You should configure legacy DDR on each router, using dialer map statements. 2. 2. Use a form of authentication that does not send the password over the network in the clear where a sniffer might be able to intercept it. 3. 3. Do not allow periodic routing updates to keep the line up indefinitely. You may use a single static route on each router to initiate DDR. The ISDN line should only come up if the Ethernet connection fails. You may not use the backup command. You may not use the default-information originate command to establish a default route. 4. 4. Configure RIP version 2 for the network. 5. 5. Configure snapshot routing so that r1 is the snapshot server and r2 is the snapshot client. Verify that snapshot routing is working correctly. Disable the exchange of routing updates each time the line protocol goes from "down" to "up." The active time should be 5 minutes, and the quiet time should be 8 minutes. The client should be able to dial in the absence of regular traffic. 6. 6. Create a virtual token-ring interface on r1 using a ring speed of 16 Mbps and assign the ip address 10.10.111.1/24 to this interface. The Starting Configurations CertificationZone Page 9 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 The actual equipment that I used to develop this lab included a simple switch, a Cisco 1604 router, and a Cisco 2610 router. The ISDN simulator was a Teltone ISDN Demonstrator with 2 U interfaces. You will need to adjust the lab contents to fit your ISDN simulator and/or routers as necessary. Here is the basic starting point for cabling your equipment: ISDN Information for Router1: isdn switch-type basic-ni isdn spid1 0835866101 8358661 isdn spid2 0835866301 8358663 ISDN Information for Router2: isdn spid1 0835866201 8358662 isdn spid2 0835866401 8358664 The labs will work best if you cut and paste the starting configurations below, adjusting as necessary for your particular equipment, e.g. SPIDS or interface Ethernet 0 instead of interface Ethernet 0/0. R1's starting configuration version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r1 ! username r2 password 0 cisco ! ip subnet-zero ip host r2 172.19.1.5 ! isdn switch-type basic-dms100 isdn voice-call-failure 0 ! interface Loopback0 ip address 10.10.11.1 255.255.255.255 no ip directed-broadcast ! interface Loopback1 ip address 10.10.12.1 255.255.255.255 no ip directed-broadcast ! interface Loopback2 ip address 10.10.13.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 ip address 192.168.1.211 255.255.255.0 no ip directed-broadcast ! interface Serial0/0 no ip address no ip directed-broadcast no ip mroute-cache CertificationZone Page 10 of 16 http://www.certificationzone.com/studyguides ./?Issue=24&IssueDate=11-01-2000&CP= 11/06/01 shutdown no fair-queue ! interface BRI0/0 ip address 172.19.1.6 255.255.255.252 no ip directed-broadcast encapsulation ppp dialer map snapshot 1 name r2 broadcast 8358662 dialer map ip 172.19.1.5 name r2 broadcast 8358662 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866101 8358661 isdn spid2 0835866301 8358663 snapshot server 5 dialer ppp authentication chap ! interface Virtual-TokenRing0 ip address 10.10.111.1 255.255.255.0 no ip directed-broadcast ring-speed 16 ! router rip redistribute static network 10.0.0.0 network 172.19.0.0 network 192.168.1.0 ! ip classless ip route 0.0.0.0 255.255.255.255 172.19.1.5 200 no ip http server ! ! dialer-list 1 protocol ip permit ! line con 0 transport input none line aux 0 line vty 0 4 login ! no scheduler allocate end R2's Sstarting Cconfiguration service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname r2 ! ! username r1 password 0 cisco ip subnet-zero no ip domain-lookup ip host r1 172.19.1.6 isdn switch-type basic-ni1 ! ! interface Loopback0 ip address 10.11.11.2 255.255.255.255 ! interface Loopback1 ip address 10.12.12.2 255.255.255.255 ! interface Loopback2 ip address 10.13.13.2 255.255.255.255 ! interface Ethernet0 ip address 192.168.1.212 255.255.255.0 ! interface BRI0 [...]... 17 2 .19 .0.0 /16 is variably subnetted, 2 subnets, 2 masks 17 2 .19 .1. 4/30 is directly connected, BRI0/0 17 2 .19 .1. 5/32 is directly connected, BRI0/0 10 .0.0.0/8 is variably subnetted, 5 subnets, 3 masks 10 .0.0.0/8 [12 0 /1] via 17 2 .19 .1. 5, 00:00: 01, BRI0/0 10 .10 .11 .1/ 32 is directly connected, Loopback0 10 .10 .13 .1/ 32 is directly connected, Loopback2 10 .10 .12 .1/ 32 is directly connected, Loopback1 10 .10 .11 1.0/24... /?Issue=24&IssueDate =11 - 01- 2000&CP= 11 /06/ 01 CertificationZone C C C C R S* Page 13 of 16 17 2 .19 .1. 4/30 is directly connected, BRI0 10 .0.0.0/32 is subnetted, 3 subnets 10 .13 .13 .2 is directly connected, Loopback2 10 .12 .12 .2 is directly connected, Loopback1 10 .11 .11 .2 is directly connected, Loopback0 19 2 .16 8 .1. 0/24 [12 0 /1] via 17 2 .19 .1. 6, 00:00:22, BRI0 0.0.0.0/0 [200/0] via 17 2 .19 .1. 6 Now we can see that r2 is set to be the... broad/multicast 01: 11: 39: BRI0/0 DDR: ip (s =17 2 .19 .1. 6, d=224.0.0.9), 52 bytes, outgoing uninteresting (set by snapshot) Now we can ping end -to- end r2# ping 10 .10 .11 .1 Type escape sequence to abort Sending 5, 10 0-byte ICMP Echos to 10 .10 .11 .1, timeout is 2 seconds: !!!!! Success rate is 10 0 percent (5/5), round-trip min/avg/max = 36/36/36 ms r2#ping 10 .10 .11 2 .1 Type escape sequence to abort Sending 5, 10 0-byte... 10 0-byte ICMP Echos to 10 .10 .12 .1, timeout is 2 seconds: !!!!! Success rate is 10 0 percent (5/5), round-trip min/avg/max = 32/34/36 ms r2#ping 10 .10 .13 .1 Type escape sequence to abort Sending 5, 10 0-byte ICMP Echos to 10 .10 .13 .1, timeout is 2 seconds: http://www.certificationzone.com/studyguides /?Issue=24&IssueDate =11 - 01- 2000&CP= 11 /06/ 01 CertificationZone Page 14 of 16 !!!!! Success rate is 10 0 percent (5/5),... username r1 password 0 cisco ip subnet-zero no ip domain-lookup ip host r1 17 2 .19 .1. 6 isdn switch-type basic-ni1 ! ! interface Loopback0 ip address 10 .11 .11 .2 255.255.255.255 ! interface Loopback1 ip address 10 .12 .12 .2 255.255.255.255 ! interface Loopback2 ip address 10 .13 .13 .2 255.255.255.255 ! interface Ethernet0 ip address 19 2 .16 8 .1. 212 255.255.255.0 shutdown ! interface BRI0 ip address 17 2 .19 .1. 5 255.255.255.252... /?Issue=24&IssueDate =11 - 01- 2000&CP= 11 /06/ 01 CertificationZone Page 16 of 16 encapsulation ppp dialer map snapshot 1 name r1 broadcast 83586 61 dialer map ip 17 2 .19 .1. 6 name r1 broadcast 83586 61 dialer-group 1 isdn spid1 08358662 01 8358662 isdn spid2 08358664 01 8358664 snapshot client 5 8 suppress-statechange-update dialer ppp authentication chap ! router rip version 2 redistribute static network 10 .0.0.0 network 17 2 .19 .0.0... network 17 2 .19 .0.0 network 19 2 .16 8 .11 .0 network 19 2 .16 8 .12 .0 network 19 2 .16 8 .13 .0 ! ip classless ip route 0.0.0.0 0.0.0.0 17 2 .19 .1. 6 200 ! dialer-list 1 protocol ip permit ! line con 0 line vty 0 4 login ! end [IE -ISDN- LS2-F03] [2000 -10 - 31- 01] Copyright © 2000 Genium Publishing Corporation http://www.certificationzone.com/studyguides /?Issue=24&IssueDate =11 - 01- 2000&CP= 11 /06/ 01 ... Page 11 of 16 ip address 17 2 .19 .1. 5 255.255.255.252 encapsulation ppp dialer map snapshot 1 name r2 8358662 dialer map ip 17 2 .19 .1. 6 name r2 8358662 dialer-group 1 isdn spid1 08358662 01 8358662 isdn spid2 08358664 01 8358664 snapshot client 5 8 suppress-statechange-update dialer ppp authentication chap ! router rip version 2 redistribute static network 10 .0.0.0 network 17 2 .19 .0.0 network 19 2 .16 8 .11 .0... ip address 17 2 .19 .1. 6 255.255.255.252 no ip directed-broadcast encapsulation ppp dialer map snapshot 1 name r2 broadcast 8358662 dialer map ip 17 2 .19 .1. 5 name r2 broadcast 8358662 dialer-group 1 isdn switch-type basic-ni isdn spid1 083586 610 1 83586 61 isdn spid2 08358663 01 8358663 snapshot server 5 dialer ppp authentication chap ! interface Virtual-TokenRing0 ip address 10 .10 .11 1 .1 255.255.255.0 no... r2#ping 19 2 .16 8 .1. 211 Type escape sequence to abort Sending 5, 10 0-byte ICMP Echos to 19 2 .16 8 .1. 211 , timeout is 2 seconds: !!!!! Success rate is 10 0 percent (5/5), round-trip min/avg/max = 36/36/36 ms r2#un all Finally, we can check and see that authentication is working correctly by using the debug ppp authentication command Notice that the challenges and replies come from r1 and r2 r2#ping 10 .10 .11 .13 .1 . Checksum 10 .10 .11 .1 10 .10 .11 .1 2 51 0x800000 01 0x17E4 10 .10 .11 .2 10 .10 .11 .1 2 51 0x800000 01 0x7F3 10 .10 .12 .2 10 .10 .11 .1 1 81 0x800000 01 0xFBFD 10 .10 .13 .1 10 .10 .11 .1. 0x800000 01 0x7F3 10 .10 .12 .2 10 .10 .11 .1 183 0x800000 01 0xFBFD 10 .10 .13 .2 10 .10 .11 .1 183 0x800000 01 0xF008 17 2 .19 .1. 4 10 .10 .11 .1 233 0x800000 01 0x96C4 19 2 .16 8 .1. 0