A subinterface is multiple virtual interfaces on a physical interface, which can be used to connect multiple networks on the same physical interface. We know that to avoid routing loops, the router supports the split horizon rule, which only allows routing updates to be allocated to other interfaces of the router, and will not assign routing updates back to the interface where this route is received.
In any case, when using connection-based interfaces (like X.25 and Frame Relay) in a WAN environment, when the same interface connects multiple remote routers through a virtual circuit (vc), the routing update information from the same interface cannot be sent back to the same interface unless a separate physical interface is forced to be used to connect to different routers. Cisco provides subinterfaces as separate interfaces. You can logically connect the router to different subinterfaces of the same physical interface, so that routing updates from different subinterfaces can be assigned to other subinterfaces, while meeting the split horizon rule.
Router1:
interface Serial0
encapsulation x25
ip address 192.200.10.1 255.255.255.0
x25 address 110101
x25 htc 16
x25 nvc 2
x25 map ip 192.200.10.3 110103 broadcast
!
router rip
network 192.200.10.0
!
Router2:
interface Serial0
encapsulation x25
ip address 192.200.11.2 255.255.255.0
x25 address 110102
x25 htc 16
x25 nvc 2
x25 map ip 192.200.11.3 110103 broadcast
!
router rip
network 192.200.11.0
!
Router:
interface Serial0
encapsulation x25
x25 address 110103
x25 htc 16
x25 nvc 2
!
interface Serial0.1 point-to-point
ip address 192.200.10.3 255.255.255.0
x25 map ip 192.200.10.1 110101 broadcast
!
interface Serial0.2 point-to-point
ip address 192.200.11.3 255.255.255.0
x25 map ip 192.200.11.2 110102 broadcast
!
router rip
network 192.200.10.0
network 192.200.11.0
!
4. Frame Relay
1. Frame relay technology
Frame relay is a high-performance WAN protocol that runs on the physical and data link layers of the OSI reference model. It is a packet switching technology and is a simplified version of X.25. It omits some of the powerful functions of X.25, such as providing windowing technology and data retransmission technology, but relies on high-level protocols to provide error correction functions. This is because frame relay works on better WAN devices, which have more reliable connection services and higher reliability than X.25's WAN devices. It strictly corresponds to the lowest layer 2 of the OSI reference model, while X.25 also provides third layer services, so frame relay has higher performance and more efficient transmission efficiency than X.25.
The equipment of the frame relay wide area network is divided into data terminal equipment (DTE) and data circuit terminal equipment (DCE), and the Cisco router is used as the DTE equipment.
Frame relay technology provides communication to a connected data link layer, where a defined communication link exists between each pair of devices, and the link has a link identification code. This service is implemented through frame relay virtual circuits, each frame relay virtual circuit identifying itself with a Data Link Identification Code (DLCI). The value of DLCI is generally specified by the frame relay service provider. Frame relay supports PVC and SVC.
The Frame Relay Local Management Interface (LMI) is an extension to the basic frame relay standard. It is a signaling standard between routers and frame relay switches, providing a frame relay management mechanism. It provides many features for managing complex Internet networks, including global addressing, virtual circuit status messages, and multi-mesh transmission.
2. Related commands:
Port settings
Tasks Command
Set Frame Relay encapsulation encapsulation frame-relay[ietf] 1
Set Frame Relay LMI type frame-relay lmi-type {ansi |cisco | q933a}2
Setting up sub-interface interface-type -number [multipoint|point-to-point]
Mapping protocol address and DLCI frame-relay map protocol protocol-address dlci [broadcast]3
Set FR DLCI number frame-relay interface-dlci dlci [broadcast]
Note: 1. If the Cisco router is connected to other manufacturer routing devices, use the frame relay encapsulation format specified by the Internet Engineering Task Force (IETF).
2. Starting from Cisco IOS version 11.2, the software supports "automatic feeling" for the local management interface (LMI). "automatic feeling" enables the interface to determine the LMI type supported by the switch, and users can not clearly configure the LMI interface type.
Options allow routing broadcast information to be transmitted on the frame relay network.
4. ISDN access to Capital Online 263 network example:
The local local network address is 10.0.0.0/24, which is a reserved address. Through the NAT address translation function, local area network users can access the Internet through ISDN 263 network. The ISDN phone number of 263 is 2633, the user is 263, and the password is 263. The commands involved are as follows:
Tasks Command
The specified interface obtains IP address through PPP/IPCP address negotiation ip address negotiated
Specify internal and external ports ip nat {inside | outside}
Use ppp/pap for authentication ppp authentication pap callin
The specified interface belongs to the dialer group 1 dialer-group 1
Define dialing group 1 All IP protocols dialer-list 1 protocol ip permit
Set dialing, number is 2633 dialer string 2633
Set the user name and password for login 263 ppp pap sent-username 263 password 263
Set the default route ip route 0.0.0.0 0.0.0.0 bri 0
Set all source addresses that meet access list 2 are translated into the address owned by bri 0 ip nat inside source list 2 interface bri 0 overload
Set access list 2, allow all protocols access-list 2 permit any
The specific configuration is as follows:
hostname Cisco2503
!
isdntch-type basic-net3
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface Ethernet 0
ip address 10.0.0.1 255.255.255.0
ip nat inside
no shutdown
!
interface Serial 0
shutdown
no des cription
no ip address
!
interface Serial 1
shutdown
no des cription
no ip address
!
interface bri 0
ip address negotiated
ip nat outside
encapsulation ppp
ppp authentication pap callin
ppp multilink
dialer-group 1
dialer hold-queue 10
dialer string 2633
dialer idle-timeout 120
ppp pap sent-username 263 password 263
no cdp enable
no ip split-horizon
no shutdown
!
ip classless
!
! Static Routes
!
ip route 0.0.0.0 0.0.0.0 bri 0
!
! Access Control List 2
!
access-list 2 permit any
!
dialer-list 1 protocol ip permit
!
! Dynamic NAT
!
ip nat inside source list 2 interface bri 0 overload
snmp-server community public ro
!
line console 0
exec-timeout 0 0
!
line vty 0 4
!
end
5. Cisco765M dials on 263 via ISDN
Since the Cisco765 setup command is different from the commands of our commonly used Cisco routers, the following lists the specific command line setup steps for accessing the Internet through 263 on Cisco765.
>set system c765
c765> set multidestination on
c765> settch net3
c765> set ppp multilink on
c765> cd lan
c765:LAN> set ip routing on
c765:LAN> set ip address 10.0.0.1
c765:LAN> set ip netmask 255.0.0.0
c765:LAN> set briding off
c765:LAN>cd
c765> set user remotenet
New user remotenet being created
c765:remotenet> set ip routing on
c765:remotenet> set bridging off
c765:remotenet> set ip framing none
c765:remotenet> set ppp clientname 263
c765:remotenet> set ppp password client
Enter new Password: 263
Re-Type new Password: 263
c765:remotenet> set ppp authentication out none
c765:remotenet> set ip address 0.0.0.0
c765:remotenet> set ip netmask 0.0.0.0
c765:remotenet> set ppp address negotiation local on
c765:remotenet> set ip pat on
c765:remotenet> set ip route destination 0.0.0.0/0 gateway 0.0.0.0
c765:remotenet> set number 2633
c765:remotenet> set active
The command description is as follows:
Tasks Command
Set the router system name set system c765
Allow routers to call multiple destinations set multidestination on
Set the ISDN switch type to NET3 settch net3
Allow multiple channel connections between point to point to achieve load balancing set ppp multilink on
Turn off the bridge set briding off
Create user prefabricated files to set dial-up connection parameters - Multiple user prefabricated files can be set for the same physical port to correspond to different connections. set user remotenet
Use PPP/IPCP set ip framing none
Set up an Internet user account set ppp clientname 263
Set the Internet password set ppp password client Enter new Password: 263 Re-Type new Password: 263
No PPP/CHAP or PAP for authentication set ppp authentication out none
Allow address negotiation set ppp address negotiation local on
Set address translation set ip pat on
Set default route set ip route destination 0.0.0.0/0 gateway 0.0.0.0.0
Set the ISP phone number set number 2633
Activate user prefabricated files set active
VI. PSTN
Telephone Network (PSTN) is currently the most popular and least expensive public communication network, and it is also widely used in network interconnection. The applications of telephone networks can generally be divided into two types. One is the interconnection between institutions of the same level in dial-up (DDR) mode, and the other is the remote access service provided by the ISP for dial-up Internet access to users.
1. Remote access
1. Basic Server settings:
Cisco2511 is used as the access server, and the IP address pool is used to dynamically allocate addresses. The remote workstation uses WIN95 dial-up network to achieve connection.
Global settings:
Tasks Command
Set username and password username username password password
Set up the user's IP address pool ip local pool {default | pool-name low-ip-address [high-ip-address]}
How to work for a specified address pool ip address-pool [dhcp-proxy-client | local]
Basic interface setting command:
Tasks Command
Set the encapsulation form as PPP encapsulation ppp
Start the routing function of the asynchronous port async default routing
Set up the PPP working method of the asynchronous port async mode {dedicated | interactive}
Set the user's IP address peer default ip address {ip-address | dhcp | pool [pool-name]}
Set the IP address the same as Ethernet0 ip unnumbered ethernet0
Line dialing line settings:
Tasks Command
Set the working modem modem {inout|dialin}
Automatically configure modem type modem autoconfig discovery
Set the communication rate of the dial line speed speed
Set up flow control mode of communication lines flowcontrol {none | software [lock] [in | out] | hardware [in | out]}
Automatically execute commands after connection autocommand command
The access server settings are as follows:
Router:
hostname Router
enable secret 5 $1$EFqU$tYLJLrynNUKzE4bx6fmH//
!
interface Ethernet0
ip address 10.111.4.20 255.255.255.0
!
interface Async1
ip unnumbered Ethernet0
encapsulation ppp
keepalive 10
async mode interactive
peer default ip address pool Cisco2511-Group-142
!
ip local pool Cisco2511-Group-142 10.111.4.21 10.111.4.36
!
line con 0
exec-timeout 0 0
password cisco
!
line 1 16
modem InOut
modem autoconfigure discovery
flowcontrol hardware
!
line aux 0
transport input all
line vty 0 4
password cisco
!
end
Related debugging commands:
show interface
show line
1.2. Access Server implements secure authentication through the Tacacs server:
Use a WINDOWS NT server as the Tacacs server with the address 10.111.4.2, and run the Easy ACS 1.0 software randomly brought by Cisco2511 to realize the user authentication function.
Related settings:
Tasks Command
Activate AAA Access Control aaa new-model
When users log in, Tacacs+ is used for AAA authentication aa authentication login default tacacs+
The list name is no_tacacs using the ENABLE password for authentication aaa authentication login no_tacacs enable
Use Tacacs+ for authentication on the serial line running PPP aa authentication ppp default tacacs+
EXEC is authorized by the TACACS+ server to run EXEC aaa authorization exec tacacs+
Network-related service requests are authorized by the TACACS+ server. aaa authorization network tacacs+
Run accounting for EXEC session. Announces to the TACACS+ server at the beginning and end of the process. aaa accounting exec start-stop tacacs+
Run accounting for network-related service requirements including SLIP, PPP, PPP NCPs, ARAP, etc. Distribute notifications to the TACACS+ server at the beginning and end of the process. aaa accounting network start-stop tacacs+
Specify the Tacacs server address tacacs-server host 10.111.4.2
Set the shared keywords on the Tacacs+ server and the access server. Use this keyword to encrypt passwords and response information. Tac is used here as the keyword. tacacs-server key tac
The access server settings are as follows:
hostname router
!
aaa new-model
aaa authentication login default tacacs+
aaa authentication login no_tacacs enable
aaa authentication ppp default tacacs+
aaa authorization exec tacacs+
aaa authorization network tacacs+
aaa accounting exec start-stop tacacs+
aaa accounting network start-stop tacacs+
enable secret 5 $1$kN4g$/0hvE0
!
interface Ethernet0
ip address 10.111.4.20 255.255.255.0
!
interface Serial0
no ip address
shutdown
interface Serial1
no ip address
shutdown
!
interface Group-Async1
ip unnumbered Ethernet0
encapsulation ppp
async mode interactive
peer default ip address pool Cisco2511-Group-142
no cdp enable
group-range 1 16
!
ip local pool Cisco2511-Group-142 10.111.4.21 10.111.4.36
tacacs-server host 10.111.4.2
tacacs-server key tac
!
line con 0
exec-timeout 0 0
password cisco
login authentication no_tacacs
line 1 16
login authentication tacacs
modem InOut
modem autoconfigure type usr_courier
autocommand ppp
transport input all
stopbits 1
rxspeed 115200
txspeed 115200
flowcontrol hardware
line aux 0
transport input all
line vty 0 4
password cisco
!
end
2. DDR (dial-on-demand routing) example
This example implements asynchronous dial-up DDR connection through the aux port of the Cisco 2500 series router. Router1 dialing is connected to Router2. Among them, PPP/CHAP is used for security authentication, and a user should be established in Router1, using the host name of the peer router as the user name, that is, the user name should be Router2. At the same time, a user should be established in Router2, and the peer router host name should be used as the user name, that is, the user name should be Router1. The passwords of the two users created must be the same.
The relevant commands are as follows:
Tasks Command
Set the interface instructions between the router and modem chat-s script s script-name EXPECT SEND EXPECT SEND (etc.)
Set the waiting time for the port before hang up dialer idle-timeout seconds
Set the mapping of protocol address and phone number dialer map protocol next-hop-address [name hostname] [broadcast] [modem-s script modem-regexp] [system-s script system-regexp] [dial-string]
Set phone number dialer string dial-string
Specify the default chat-s script s script {dialer|reset} s script-name
Router1:
hostname Router1
!
enable secret 5 $1$QKI7$wXjpFqC74vDAyKBUMallw/
!
username Router2 password cisco
chat-s cript cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
!
interface Async1
ip address 192.200.10.1 255.255.255.0
encapsulation ppp
async default routing
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer map ip 192.200.10.2 name Router2 modem-s cript cisco-default 573
dialer-group 1
ppp authentication chap
!
ip route 10.0.1.0 255.255.255.0 192.200.10.2
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
modem InOut
modem autoconfigure discovery
flowcontrol hardware
Router2:
hostname Router2
!
enable secret 5 $1$F6EV$5U8puzNt2/o9g.t56PXHo.
!
username Router1 password cisco
!
interface Ethernet0
ip address 10.0.1.1 255.255.255.0
!
interface Async1
ip address 192.200.10.2 255.255.255.0
encapsulation ppp
async default routing
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer map ip 192.200.10.1 name Router1
dialer-group 1
ppp authentication chap
!
ip route 10.0.0.0 255.255.255.0 192.200.10.1
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
modem InOut
modem autoconfigure discovery
flowcontrol hardware
!
Related debugging commands:
debug dialer
debug ppp authentication
debug ppp error
debug ppp negotiation
debug ppp packet
show dialer
3. Asynchronous dialing backup DDN dedicated line:
This example uses a DDN dedicated line for the main connection, and the backup line is for telephone dialing. When the DDN dedicated line is connected normally, the main port S0 state is up, and line protocol is also up, then the backup line state is standby and line protocol is down. At this time, all communications are carried out through the main interface. When the main interface connection fails and the port status is down, the backup interface is activated to complete data communication. This method is not suitable for backups for X.25. Because, as long as the connection between the interface packaged with X.25 and the X.25 switch is normal, the interface and line protocol status are also up, it does not consider the status of the router that needs to communicate with other places. Therefore, if the local router is normal and the other router connection fails, the backup line will not be activated locally. Example 4 will describe how to do dial-up backup for X.25.
The following are the relevant commands:
Tasks Command
Specify the delay time when the secondary line state changes after the main line changes backup delay {enable-delay | never} {disable-delay | never}
Specify an interface as the backup interface backup interface type number
hostname c2522rb
!
enable secret 5 $1$J5vn$ceYDe2FwPhrZi6qsIIz6g0
enable password cisco
!
username c4700 password 0 cisco
ip subnet-zero
chat-s cript cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c
chat-s cript reset atz
!
interface Ethernet0
ip address 16.122.51.254 255.255.255.0
no ip mroute-cache
!
interface Serial0
backup delay 10 10
backup interface Serial2
ip address 16.250.123.18 255.255.255.252
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
!
interface Serial2
physical-layer async
ip address 16.249.123.18 255.255.255.252
encapsulation ppp
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer map ip 16.249.123.17 name c4700 6825179
dialer-group 1
ppp authentication chap
!
interface Serial3
no ip address
shutdown
no cdp enable
!
interface Serial4
no ip address
shutdown
no cdp enable
!
interface Serial5
no ip address
no ip mroute-cache
shutdown
!
interface Serial6
no ip address
no ip mroute-cache
shutdown
!
interface Serial7
no ip address
no ip mroute-cache
shutdown
!
interface Serial8
no ip address
no ip mroute-cache
shutdown
!
interface Serial9
no ip address
no ip mroute-cache
shutdown
!
interface BRI0
no ip address
no ip mroute-cache
shutdown
!
router eigrp 200
network 16.0.0.0
!
ip classless
!
dialer-list 1 protocol ip permit
!
line con 0
line 2
s cript dialer cisco-default
s cript reset reset
modem InOut
modem autoconfigure discovery
rxspeed 38400
txspeed 38400
flowcontrol hardware
line aux 0
line vty 0 4
password cisco
login
!
end
c2522rb#
4. Asynchronous dialing backup X.25:
To set up dial-up backup for X.25, first of all, the ports connected to X.25 must run the dynamic routing protocol, and the asynchronous dial-up port must use static routing. In this example, select EIGRP as the routing protocol, and set the static routed Metric value to 200. Since the default metric of EIGRP is 90, when two paths lead to the same network segment at the same time, the path with a small Metric value takes effect. When there is a problem with X.25 connection, the router cannot learn the routing table through the routing protocol, then the static route takes effect and access is achieved through the dial-up port. When the X.25 connection returns to normal, the router can learn the routing table again. Due to the different Metric values, the static route is automatically replaced by dynamic routes, which realizes the backup function.
The router Router1 is configured as follows:
hostname router1
!
enable secret 5 $1$UTvD$.
enable password cisco
!
username router2 password cisco
ip subnet-zero
chat-s cript cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c
chat-s cript reset atz
interface Ethernet0
ip address 202.96.38.100 255.255.255.0
!
interface Serial0
ip address 202.96.0.1 255.255.255.0
encapsulation x25
x25 address 10112227
x25 htc 16
x25 map ip 202.96.0.2 10112225 broadcast
!
interface Serial1
no ip address
shutdown
!
!
interface Async 1
ip address 202.96.1.1 255.255.255.252
encapsulation ppp
dialer in-band
dialer idle-timeout 60
dialer map ip 202.96.1.2 name router2 modem-s cript cisco-default 2113470
dialer-group 1
ppp authentication chap
!
router eigrp 200
redistribute connected
network 202.96.0.0
!
ip route 202.96.37.0 255.255.255.0 202.96.1.2 200
dialer-list 1 protocol ip permit
line con 0
line aux 0
s cript dialer cisco-default
s cript reset reset
modem InOut
modem autoconfigure discovery
transport input all
rxspeed 38400
txspeed 38400
flowcontrol hardware
line vty 0 4
password cisco
login
!
end
The router Router2 configuration is as follows:
hostname router2
!
enable secret 5 $1$T4IU$2cIqak8f/E4Ug6dLT0k.J0
enable password cisco
!
username router1 password cisco
ip subnet-zero
chat-s cript cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c
chat-s cript reset atz
!
interface Ethernet0
ip address 202.96.37.100 255.255.255.0
!
interface Serial0
ip address 202.96.0.2 255.255.255.0
no ip mroute-cache
encapsulation x25
x25 address 10112225
x25 htc 16
x25 map ip 202.96.0.1 10112227 broadcast
!
interface Serial1
no ip address
shutdown
!
interface Async1
ip address 202.96.1.2 255.255.255.252
encapsulation ppp
keepalive 30
async default routing
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer wait-for-carrier-time 120
dialer map ip 202.96.1.1 name router1 modem-s cript cisco-default 2113469
dialer-group 1
ppp authentication chap
!
router eigrp 200
redistribute static
network 202.96.0.0
!
no ip classless
ip route 202.96.38.0 255.255.255.0 202.96.1.1 200
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
line aux 0
s cript reset reset
modem InOut
modem autoconfigure discovery
transport input all
rxspeed 38400
txspeed 38400
flowcontrol hardware
line vty 0 4
password cisco
login
!
end
Chapter 3 Routing Protocol Settings
1. RIP protocol
RIP (Routing information Protocol) is an early and more common internal gateway protocol (Interior Gateway Protocol, referred to as IGP), which is suitable for small and similar networks and is a typical distance vector (distance-vector) protocol. See RFC1058 and RFC1723 for documentation.
RIP exchanges routing information by broadcasting UDP packets and sends routing information updates every 30 seconds. RIP provides a hop count as a scale to measure routing distance. The hop count is the number of routers a packet must pass through to reach the target. If there are two routers with uneven speed or different bandwidth to the same target, but the hop count is the same, RIP considers the two routes to be equally distanced. The maximum number of hops supported by RIP is 15, that is, the number of routers to pass between the source and destination network is 15, and the number of hops 16 means unreachable.
1. Related Commands
Tasks Command
Specify the use of RIP protocol router rip
Specify RIP version version {1|2}1
Specify the network connected to this router.network.network.
Note: RIP version 2 supports verification, key management, routing summary, classless inter-domain routing (CIDR) and variable-length subnet masks (VLSMs)
2. Give an example
Router1:
router rip
version 2
network 192.200.10.0
network 192.20.10.0
!
Related debugging commands:
show ip protocol
show ip route
Previous page1234Next pageRead the full text