After your subnet numbers are chosen, calculate the broadcast addresses and the range of valid...

10.35700737 CH09 Page 508 Wednesday, February 17, 1999 3:05 PM



508



Chapter 9: Scenarios for Final Preparation



Figure 9-5



Scenario 9-3 Network Diagram

Server1



Server2



R1

PC11



PC12

DLCI 301



s0



Frame Relay

Partial Mesh



R2



PC21



s0



s0



DLCI 303



R3



Server3



s0



DLCI 304



R4



PC31



PC32



PC41



PC42



NA260905



DLCI 302



Table 9-10 Scenario 9-3a IP Subnet and IPX Network Planning Chart

Location of Subnet/Network

Geographically

Ethernet off Router 1

Ethernet off Router 2

Ethernet off Router 3

Ethernet off Router 4

Virtual Circuit between R1 and R2

Virtual Circuit between R1 and R3

Virtual Circuit between R1 and R4

Server1 Internal

Server2 Internal

Server3 Internal



Subnet Mask



Subnet

Number



IPX Network



10.35700737 CH09 Page 509 Wednesday, February 17, 1999 3:05 PM



Scenario 9-3



Table 9-11 Scenario 9-3a IP Address Planning Chart

Host



Address



PC11

PC12

PC13

PC21

PC22

PC31

PC32

R1-E0

R1-S0-sub ____

R1-S0-sub ____

R1-S0-sub ____

R2-E0

R2-S0-sub ____

R3-E0

R3-S0-sub ____

R4-E0

R4-S0-sub ____



Table 9-12 Scenario 9-3a IP Subnet Planning Chart

Subnet Number



Subnet Broadcast Address



Range of Valid Addresses



509



10.35700737 CH09 Page 510 Wednesday, February 17, 1999 3:05 PM



510



Chapter 9: Scenarios for Final Preparation



Scenario 9-3a—Planning Answers

The IP subnet design includes the use of mask 255.255.254.0. If the same mask is used

throughout the network, then at least nine host bits are needed because at least one subnet

contains 300 hosts. Only one subnet is needed per Ethernet port on each router because the

transparent bridges and switches do not separate the hosts into different subnets.

The IPX network number assignment is simple, other than remembering that two networks will

be needed on each Ethernet because two encapsulations are used. Each Encapsulation type on

the router requires the use of a separate IPX network. The subnets, networks, and IP addresses

are recorded in Table 9-13 and Table 9-14.

Table 9-13 Scenario 9-3a IP Subnet and IPX Network Planning Chart Completed

Location of Subnet/Network

Geographically



Subnet Mask



Subnet Number



IPX Network



Ethernet off Router 1



255.255.254.0



170.1.2.0



2,3



Ethernet off Router 2



255.255.254.0



170.1.4.0



4,5



Ethernet off Router 3



255.255.254.0



170.1.6.0



6,7



Ethernet off Router 4



255.255.254.0



170.1.8.0



8,9



Virtual Circuit between R1 and R2



255.255.254.0



170.1.10.0



10



Virtual Circuit between R1 and R3



255.255.254.0



170.1.12.0



12



Virtual Circuit between R1 and R4



255.255.254.0



170.1.14.0



14



Server1 Internal



N/A



N/A



101



Server2 Internal



N/A



N/A



102



Server3 Internal



N/A



N/A



103



The choice of IP addresses can conform to any standard you like, as long as the addresses are

in the correct subnets. Refer to Table 9-12 for the list of valid addresses for the subnets chosen.

In Table 9-14, the addresses chosen for the PCs reflect the number of the PC. For the routers,

the addresses chosen are in the second half of the range of addresses in each subnet and are

shown as a reminder of the addresses that are valid in this subnetting scheme.

Table 9-14 Scenario 9-3a IP Address Planning Chart Completed

Host



Address



PC11



170.1.2.11



PC12



170.1.2.12



PC13



170.1.2.13



PC21



170.1.4.21



10.35700737 CH09 Page 511 Wednesday, February 17, 1999 3:05 PM



Scenario 9-3



511



Table 9-14 Scenario 9-3a IP Address Planning Chart Completed (Continued)

PC22



170.1.4.22



PC31



170.1.6.31



PC32



170.1.6.32



PC41



170.1.8.41



PC42



170.1.8.42



R1-E0



170.1.3.1



R1-S0-sub __2__



170.1.10.1



R1-S0-sub __3__



170.1.12.1



R1-S0-sub __4__



170.1.14.1



R2-E0



170.1.5.2



R2-S0-sub __2__



170.1.10.2



R3-E0



170.1.7.3



R3-S0-sub __3__



170.1.12.3



R4-E0



170.1.9.4



R4-S0-sub __4__



170.1.14.4



The IP access lists can be placed in several places effectively. Stopping packets in one of the

two directions will succeed in stopping users from actually connecting to the servers. For the

first set of criteria, an access list stopping packets from entering the serial interface of R1,

stopping packets destined to PC11 and PC12, will suffice. For the second criteria, that of

disallowing traffic between Site 2 and Site 3, the access lists are also placed in R1. The access

lists will indeed stop the packets earlier in their life if they are placed in R2 and R3, but the

traffic will be minimal because no true application traffic will ever successfully be generated

between IP hosts at Sites 2 and 3.

So, the design calls for all filtered packets to be filtered via access lists enabled on subinterfaces

on R1’s S0 interface.

The SAP filter can be performed in one very obvious way. A SAP filter is added on R2 to filter

Server 3 from the SAP table. The filter could filter incoming SAPs on R2’s E0 or filter outgoing

SAP updates out R2’s S0 port. In this case, anticipating the day that a second Ethernet port is

used on R2 and anticipating the fact that the objective probably meant that local clients should

have access to Server 3, the plan in this case is to filter outbound SAPs on R2’s S0 interface.

Finally, the broadcast addresses for each subnet are shown in Table 9-12. As a reminder: to

calculate the broadcast address, write down the subnet number in binary. Then, copy down the

network and subnet portions of the subnet number directly below it, leaving the host bit

positions empty. Then, write all binary 1s in the host bit positions. Finally, convert the number



10.35700737 CH09 Page 512 Wednesday, February 17, 1999 3:05 PM



512



Chapter 9: Scenarios for Final Preparation



back to decimal, eight bits at a time. The result is the subnet broadcast address and is the high

end of the range of assignable addresses in that subnet.

The answers, which include the subnet numbers, their corresponding broadcast addresses, and

the range of valid assignable IP addresses, are shown in Table 9-15.

Table 9-15 Scenario 9-3a IP Subnet Planning Chart



Subnet Number



Subnet Broadcast Address



Range of Valid Addresses

(Last Two Bytes)



170.1.2.0



170.1.3.255



2.1 through 3.254



170.1.4.0



170.1.5.255



4.1 through 5.254



170.1.6.0



170.1.7.255



6.1 through 7.254



170.1.8.0



170.1.9.255



8.1 through 9.254



170.1.10.0



170.1.11.255



10.1 through 11.254



170.1.12.0



170.1.13.255



12.1 through 13.254



170.1.14.0



170.1.15.255



14.1 through 15.254



Scenario 9-3b—Configuration

The next step in your job is to deploy the network designed in Scenario 9-3a. Use the answers

for Scenario 9-3a to direct you in regards to IP and IPX addresses, access lists, and for the

encapsulations to be used. For Scenario 9-3b, perform the following tasks:

1. Configure IP and IPX to be routed. Use IP IGRP and IPX RIP as routing protocols. Use



IGRP process-id 1.

2. Use secondary IPX addresses to accommodate the multiple IPX encapsulation types



described in Scenario 9-3a.

3. Configure Frame Relay using point-to-point subinterfaces. R1’s attached Frame Relay



switch uses LMI type ANSI. Cisco encapsulation should be used for all routers, except for

the VC between R1 and R4.



Scenario 9-3b—Configuration Answers

The configurations for Steps 1, 2, and 3 are shown in Example 9-15, Example 9-16, Example

9-17, and Example 9-18.

Example 9-15 R1 Configuration

ipx routing 0200.aaaa.aaaa

!

interface serial0

encapsulation frame-relay

interface serial 0.2 point-to-point

ip address 170.1.10.1 255.255.254.0



10.35700737 CH09 Page 513 Wednesday, February 17, 1999 3:05 PM



Scenario 9-3



513



Example 9-15 R1 Configuration (Continued)

ipx network 10

frame-relay interface-dlci 302

ip access-group 102 in

!

interface serial 0.3 point-to-point

ip address 170.1.12.1 255.255.254.0

ipx network 12

frame-relay interface-dlci 303

ip access-group 103 in

!

interface serial 0.4 point-to-point

ip address 170.1.12.1 255.255.254.0

ipx network 12

frame-relay interface-dlci 303 ietf

ip access-group 104 in

!

interface ethernet 0

ip address 170.1.3.1 255.255.254.0

ipx network 2 encapsulation sap

ipx network 3 encapsulation snap secondary

!

router igrp 1

network 170.1.0.0

!

access-list

access-list

access-list

access-list

access-list

access-list

!

access-list

access-list

access-list

access-list

access-list

access-list

!

access-list

access-list

access-list

access-list

access-list



102

102

102

102

102

102



deny tcp any host

deny tcp any host

deny tcp any host

deny tcp any host

deny ip 170.1.4.0

permit ip any any



170.1.2.11 eq ftp

170.1.2.11 eq www

170.1.2.12 eq ftp

170.1.2.12 eq www

0.0.1.255 170.1.6.0 0.0.1.255



103

103

103

103

103

103



deny tcp any host

deny tcp any host

deny tcp any host

deny tcp any host

deny ip 170.1.6.0

permit ip any any



170.1.2.11 eq ftp

170.1.2.11 eq www

170.1.2.12 eq ftp

170.1.2.12 eq www

0.0.1.255 170.1.4.0 0.0.1.255



104

104

104

104

104



deny tcp any host

deny tcp any host

deny tcp any host

deny tcp any host

permit ip any any



170.1.2.11

170.1.2.11

170.1.2.12

170.1.2.12



eq

eq

eq

eq



ftp

www

ftp

www



Example 9-16 R2 Configuration

ipx routing 0200.bbbb.bbbb

!

interface serial0

encapsulation frame-relay

interface serial 0.2 point-to-point



continues



10.35700737 CH09 Page 514 Wednesday, February 17, 1999 3:05 PM



514



Chapter 9: Scenarios for Final Preparation



Example 9-16 R2 Configuration (Continued)

ip address 170.1.10.2 255.255.254.0

ipx network 10

frame-relay interface-dlci 301

ipx output-sap-filter 1001

!

interface ethernet 0

ip address 170.1.5.2 255.255.254.0

ipx network 4 encapsulation sap

ipx network 5 encapsulation snap secondary

!

router igrp 1

network 170.1.0.0

!

access-list 1001 deny 103

access-list 1001 permit -1



Example 9-17 R3 Configuration

ipx routing 0200.cccc.cccc

!

interface serial0

encapsulation frame-relay

interface serial 0.3 point-to-point

ip address 170.1.12.3 255.255.254.0

ipx routing 0200.0000.0000

ipx network 12

frame-relay interface-dlci 301

!

interface ethernet 0

ip address 170.1.7.3 255.255.254.0

ipx network 6 encapsulation sap

ipx network 7 encapsulation snap secondary

!

router igrp 1

network 170.1.0.0



Example 9-18 R4 Configuration

lpz routing 0200.dddd.dddd

!

interface serial0

encapsulation frame-relay ietf

interface serial 0.4 point-to-point

ip address 170.1.14.4 255.255.254.0

ipx network 14

frame-relay interface-dlci 301

!

interface ethernet 0

ip address 170.1.9.4 255.255.254.0

ipx network 8 encapsulation sap

ipx network 9 encapsulation snap secondary



10.35700737 CH09 Page 515 Wednesday, February 17, 1999 3:05 PM



Scenario 9-3



515



Example 9-18 R4 Configuration (Continued)

!

router igrp 1

network 170.1.0.0



Three different access lists are shown on R1. List 102 is used for packets entering subinterface

2. List 103 is used for packets entering subinterface 3, and list 104 is used for packets entering

subinterface 4. Lists 102 and 103 check for packets between sites 2 and 3, as well as check for

packets to PC11 and PC12. The mask used to check all hosts in subnets 170.1.4.0 and 170.1.6.0

is rather tricky. The mask represents 23 binary 0s and 9 binary 1s—meaning that the first 23 bits

of the number in the access list must match the first 23 bits in the source or destination address

in the packet. This matches all hosts in each subnet because there are 23 combined network and

subnet bits.

Two IPX networks are used on each Ethernet because two encapsulations are used.

The Frame Relay configuration was relatively straightforward. The LMI type is autosensed.

The encapsulation of ietf between R1 and R4 is configured in two ways. First, R1 uses the ietf

keyword on the frame-relay interface-dlci command. On R4, the encapsulation command

lists the ietf option, implying ietf encapsulation for all VCs on this serial interface.



Scenario 9-3c—Verification and Questions

The CCNA exam will test you on your memory of the kinds of information you can find in the

output of various show commands. Using Example 9-19, Example 9-20, Example 9-21, and

Example 9-22 as references, answer the questions following the examples.

Example 9-19 Scenario 9-3c R1 show and debug Output

R1#show ip interface brief

Interface

IP-Address

Serial0

unassigned

Serial0.2

170.1.10.1

Serial0.3

170.1.12.1

Serial0.4

170.1.14.1

Serial1

unassigned

Ethernet0

170.1.3.1



OK?

YES

YES

YES

YES

YES

YES



Method

unset

NVRAM

NVRAM

NVRAM

unset

NVRAM



Status

Protocol

up

up

up

up

up

up

up

up

administratively down down

up

up



R1#show cdp neighbor detail

------------------------Device ID: R2

Entry address(es):

IP address: 170.1.10.2

Novell address: 10.0200.bbbb.bbbb

Platform: cisco 2500, Capabilities: Router

Interface: Serial0.2, Port ID (outgoing port): Serial0.1

Holdtime : 132 sec



continues



10.35700737 CH09 Page 516 Wednesday, February 17, 1999 3:05 PM



516



Chapter 9: Scenarios for Final Preparation



Example 9-19 Scenario 9-3c R1 show and debug Output (Continued)

Version :

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-AINR-L), Version 11.2(11), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1997 by Cisco Systems, Inc.

Compiled Mon 29-Dec-97 18:47 by ckralik

------------------------Device ID: R3

Entry address(es):

IP address: 170.1.12.3

Novell address: 12.0200.cccc.cccc

Platform: Cisco 2500, Capabilities: Router

Interface: Serial0.3, Port ID (outgoing port): Serial0.1

Holdtime : 148 sec

Version :

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-AINR-L), Version 11.2(11), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1997 by Cisco Systems, Inc.

Compiled Mon 29-Dec-97 18:47 by ckralik

------------------------Device ID: R4

Entry address(es):

IP address: 170.1.14.4

Novell address: 14.0200.dddd.dddd

Platform: Cisco 2500, Capabilities: Router

Interface: Serial0.4, Port ID (outgoing port): Serial0.1

Holdtime : 149 sec

Version :

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-AINR-L), Version 11.2(11), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1997 by Cisco Systems, Inc.

Compiled Mon 29-Dec-97 18:47 by ckralik

R1#show ipx servers

Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H - Holddown, + = detail

2 Total IPX Servers

Table ordering is based on routing and server info

Type Name

P

4 Server1

P

4 Server2

R1#

R1#debug ipx sap activity

IPX service debugging is on



Net

Address

Port

101.0000.0000.0001:0451

102.0000.0000.0001:0451



Route Hops Itf

2/02

2 E0

2/02

2 E0



R1#

IPXSAP: positing update to 2.ffff.ffff.ffff via Ethernet0 (broadcast) (full)

IPXSAP: suppressing null update to 2.ffff.ffff.ffff

IPXSAP: positing update to 3.ffff.ffff.ffff via Ethernet0 (broadcast) (full)



10.35700737 CH09 Page 517 Wednesday, February 17, 1999 3:05 PM



Scenario 9-3



517



Example 9-19 Scenario 9-3c R1 show and debug Output (Continued)

IPXSAP: Update type 0x2 len 160 src:3.0000.0ccf.21cd dest:3.ffff.ffff.ffff(452)

type 0x4, "Server2", 102.0000.0000.0001(451), 3 hops

type 0x4, "Server1", 101.0000.0000.0001(451), 3 hops

IPXSAP: Response (in) type 0x2 len 160 src:2.0000.0c89.b130

dest:2.ffff.ffff.ffff(452)

type 0x4, "Server1", 101.0000.0000.0001(451), 2 hops

type 0x4, "Server2", 102.0000.0000.0001(451), 2 hops

IPXSAP: positing update to 10.ffff.ffff.ffff via Serial0.2 (broadcast) (full)

IPXSAP: Update type 0x2 len 160 src:10.0200.aaaa.aaaa dest:10.ffff.ffff.ffff(452)

type 0x4, "Server2", 102.0000.0000.0001(451), 3 hops

type 0x4, "Server1", 101.0000.0000.0001(451), 3 hops

IPXSAP: positing update to 14.ffff.ffff.ffff via Serial0.4 (broadcast) (full)

IPXSAP: Update type 0x2 len 160 src:14.0200.aaaa.aaaa dest:14.ffff.ffff.ffff(452)

type 0x4, "Server2", 102.0000.0000.0001(451), 3 hops

type 0x4, "Server1", 101.0000.0000.0001(451), 3 hops

R1#

IPXSAP: positing update to 12.ffff.ffff.ffff via Serial0.3 (broadcast) (full)

IPXSAP: Update type 0x2 len 160 src:12.0200.aaaa.aaaa dest:12.ffff.ffff.ffff(452)

type 0x4, "Server2", 102.0000.0000.0001(451), 3 hops

type 0x4, "Server1", 101.0000.0000.0001(451), 3 hops

R1#undebug all

All possible debugging has been turned off

R1#

R1#debug ipx routing activity

IPX routing debugging is on

R1#

IPXRIP: update from 12.0200.cccc.cccc

7 in 1 hops, delay 7

6 in 1 hops, delay 7

IPXRIP: positing full update to 14.ffff.ffff.ffff via

IPXRIP: src=14.0200.aaaa.aaaa, dst=14.ffff.ffff.ffff,

network 4, hops 2, delay 13

network 5, hops 2, delay 13

network 103, hops 4, delay 14

network 10, hops 1, delay 7

network 6, hops 2, delay 13

network 7, hops 2, delay 13

network 3, hops 1, delay 7

network 2, hops 1, delay 7

network 101, hops 3, delay 8

network 102, hops 3, delay 8

network 12, hops 1, delay 7

IPXRIP: positing full update to 12.ffff.ffff.ffff via

IPXRIP: src=12.0200.aaaa.aaaa, dst=12.ffff.ffff.ffff,

network 8, hops 2, delay 13

network 9, hops 2, delay 13

network 14, hops 1, delay 7

network 4, hops 2, delay 13

network 5, hops 2, delay 13

network 103, hops 4, delay 14



Serial0.4 (broadcast)

packet sent



Serial0.3 (broadcast)

packet sent



continues



10.35700737 CH09 Page 518 Wednesday, February 17, 1999 3:05 PM



518



Chapter 9: Scenarios for Final Preparation



Example 9-19 Scenario 9-3c R1 show and debug Output (Continued)

network 10, hops 1, delay 7

network 3, hops 1, delay 7

network 2, hops 1, delay 7

network 101, hops 3, delay 8

network 102, hops 3, delay 8

IPXRIP: update from 14.0200.dddd.dddd

9 in 1 hops, delay 7

8 in 1 hops, delay 7

IPXRIP: update from 10.0200.bbbb.bbbb

444 in 2 hops, delay 8

103 in 3 hops, delay 8

5 in 1 hops, delay 7

4 in 1 hops, delay 7

IPXRIP: positing full update to 3.ffff.ffff.ffff via Ethernet0 (broadcast)

IPXRIP: src=3.0000.0ccf.21cd, dst=3.ffff.ffff.ffff, packet sent

network 8, hops 2, delay 8

network 9, hops 2, delay 8

network 14, hops 1, delay 2

network 4, hops 2, delay 8

network 5, hops 2, delay 8

network 103, hops 4, delay 9

network 10, hops 1, delay 2

network 6, hops 2, delay 8

network 7, hops 2, delay 8

network 2, hops 1, delay 2

network 101, hops 3, delay 3

network 102, hops 3, delay 3

network 12, hops 1, delay 2

IPXRIP: update from 2.0000.0c89.b130

102 in 2 hops, delay 2

101 in 2 hops, delay 2

IPXRIP: positing full update to 2.ffff.ffff.ffff via Ethernet0 (broadcast)

IPXRIP: src=2.0000.0ccf.21cd, dst=2.ffff.ffff.ffff, packet sent

network 8, hops 2, delay 8

network 9, hops 2, delay 8

network 14, hops 1, delay 2

network 4, hops 2, delay 8

network 5, hops 2, delay 8

network 103, hops 4, delay 9

network 10, hops 1, delay 2

network 6, hops 2, delay 8

network 7, hops 2, delay 8

network 3, hops 1, delay 2

network 12, hops 1, delay 2

IPXRIP: positing full update to 10.ffff.ffff.ffff via Serial0.2 (broadcast)

IPXRIP: src=10.0200.aaaa.aaaa, dst=10.ffff.ffff.ffff, packet sent

network 8, hops 2, delay 13

network 9, hops 2, delay 13

network 14, hops 1, delay 7

network 6, hops 2, delay 13

network 7, hops 2, delay 13

network 3, hops 1, delay 7

network 2, hops 1, delay 7