Cisco Packet Tracer 8.x tutorials
Cisco Wireless concepts
The Cisco Wireless Controller (WLC) devices is the Cisco solution to centrally configure, manage enterprise wireless networks, regardless of the number of access points deployed and thei location. Wireless controllers have become very popular as companies move from standalone Access Point (AP) wireless designs, complicated to configure and to secure properly, to centralized controller-based designs, reaping the enhanced visibility, functionality and redundancy benefits that come with those modern designs.
The following youtube video presents the basic concepts of how Wireless Controllers work and interact with Lightweight access points using CAPWAP protocol. A good understanding of the concepts presented in this video is mandatory before starting this Packet Tracer 8.2 wireless tutorial.
The Link Layer Discovery Protocol (LLDP), standardized as 802.1AB, is a standardized network discovery protocol aimed to replace a wide variety of propietary protoclos such as Cisco CDP, Nortel discovery protocol, ... It helps network administrators to identify the neighbors devices (including remote ports) of the device they are configuring. As a link-layer protocol, LLDP works without needing a valid IP configuration on the devices.
What is Precision Time Protocol (PTP) ?
Precision Time Protocol (P2P) is a feature of Packet Tracer 8.2 available in IE2000 industrial switches.
This time synchronization protocol is defined in IEEE-1588 as Precision Clock Synchronization for Networked Measurements and Control Systems, and was developed to synchronize the clocks in networks devices that include distributed device clocks with various levels of precision and stability. Acurate time synchronization is vital for smart grid power automation applications such as virtual power generators and peak-hour billing, but also for network outage monitoring tools which require a high level of time accuracy and stability.
PTP configuration in Packet Tracer 8.2
Precision Time protocol can be simulated in Packet Tracer 8.2 using IE2000 switches. These switches features three PTP modes :
- boundary
- end-to-end transparent
- forward.
Switch(config)#ptp mode ?
boundary Boundary Clock mode
e2etransparent End-to-End Transparent Clock mode
forward Forward packets without processing
1.Configure PTP using the following commands
Switch(config)#ptp mode boundary
Switch(config)#interface fastEthernet 1/1
Switch(config-if)#ptp enable
2. Verify PTP global configuration using the show ptp clock command
Switch#show ptp clock
PTP CLOCK INFO
PTP Device Type: Boundary clock
PTP Device Profile: Default Profile
Clock Identity: 0x00:50:0F:FF:FE:0A:9D:00
Clock Domain: 0
Number of PTP ports: 10
Priority1: 128
Priority2: 128
Clock Quality:
Class: 248
Accuracy: Unknown
Offset (log variance): N/A
Offset From Master(ns): 0
Mean Path Delay(ns): 0
Steps Removed: 0
Local clock time: 01:51:07 UTC mars 30 2011
3. Verify the fastethernet 1.1 configuration using the show ptp port IOS command to make sure PTP clock is forwarded on the network interface.
Switch#show ptp port
PTP PORT DATASET: FastEthernet1/1
Port identity: clock identity: 0x00:50:0F:FF:FE:0A:9D:00
Port identity: port number: 1
PTP version: 2
Port state: MASTER
Delay request interval(log mean): 5
Announce receipt time out: 3
Announce interval(log mean): 1
Sync interval(log mean): 0
Delay Mechanism: End to End
Peer delay request interval(log mean): 0
Sync fault limit: 500000000
Introduction
Access Control Lists (ACL) are used to filter network traffic on Cisco routers. In order to filter network traffic, ACLs control if routed packets have to be forwarded or blocked at the ingress or egress router interface. The router checks each packet to determine whether to forward or drop the packet based on the criteria specified in the ACL applied to the interface.
IP ACL types
Two types of IP ACL can be configured in Cisco Packet Tracer 7.2 :
- Standard ACLs : This is the oldest ACL type which can be configured on Cisco routers. Traffic is filtered based on the source IP address of IP packets. The access-list number can be any number from 1 to 99. This kind of ACL has to be placed near the destination to avoid blocking legitimate trafic from the source.
access-list 1 permit 10.2.25.0 0.0.0.255
access-list 1 deny any
- Extended ACLs : Introduced in IOS version 8.3, the extended ACLs are more complex and allow filtering of the IP traffic based on a combination of multiple criterias : source IP address, destination IP address, TCP or UDP port, protocol, .... In numbered ACLs, the access-list number can be any number from 100 to 199 or 2000 to 2699 (available in IOS versions >12.0.1). Such ACLs can also be named access lists in which the ACL number is replaced by a keyword. This kind of ACL has to be placed near the source as it allows fine grained control to ressources accessed. Placing the ACL near the destination will make the trafic travel through the network before beeing blocked, resulting in bandwidth waste.
access-list 1 permit ip 10.2.25.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 101 permit icmp any 10.1.0.0 0.0.255.255 echo
access-list 1 deny ip any any
Configuration on Cisco 2911 ISR Router
Restrict remote telnet or SSH access to the ISR router
Access lists can be used to restrict remote SSH or Telnet access to the ISR router management interface (VTY) from specific networks only. Only numbered access-lists are supported on the Virtual Terminal Line.
The access-class command is used to apply the access list on the Virtual Terminal Line. The following configuration deny administrative access to the router except for the 192.168.1.0/24 network hosting admin workstations. Note the wildcard mask used in the access-list configuration for the /24 network.
access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 4
access-class 1 in
login
line vty 5 15
access-class 1 in
login
BGP in Packet Tracer
BGP (Border Gateway Protocol) is the core routing protocol of the Internet. It is described as a path vector protocol as BGP does not use traditional IGP (OSPF, EIGRP, RIP) metrics, but makes routing decisions based on path, network policies and/or rulesets. It maintains a table of IP networks or 'prefixes' which designate network reachability among autonomous systems (AS).
BGP protocol support has been added in Packet Tracer in the 5.3 version. This allows Cisco CCNP Route students to better understand this complex routing protocol and to be prepared for the simulation questions in the exam.
Internal BGP (iBGP) is currently not supported in Packet Tracer (see screenshot below). iBGP support has still not been added in the new Packet Tracer 7.1.1 version
IOS commands available in Packet Tracer 7.1.1
enable mode
- show ip bgpexit
- show ip bgp neighbors
- show ip bgp summary
- clear ip bgp *
router bgp mode
- bgp log-neighbor-changes
- bgp redistribute-internal
- bgp router-id A.B.C.D
- exit
- neighbor A.B.C.D next-hop-self
- neighbor A.B.C.D remote-as <1-65535>
- network A.B.C.D
- network A.B.C.D mask A.B.C.D
- redistribute connected / eigrp <1-65535> / ospf <1-65535> / static
- synchronization
- timers bgp <0-65535> <0-65535>
Sample BGP network
WAN1 router configuration :
A simple eBGP peering with ISP1 router is configured in the WAN1 router.
interface Serial0/0/0
ip address 156.12.1.6 255.255.255.252
!
router bgp 65000
bgp log-neighbor-changes
no synchronization
neighbor 156.12.1.5 remote-as 10000
ISP1 router configuration :
Several loopback interfaces are configured in ISP1 router to simulate connected networks whose are advertised to WAN1 router through the BGP peering.
interface Loopback0
ip address 156.100.1.1 255.255.255.0
!
interface Loopback1
ip address 156.100.2.1 255.255.255.0
!
interface Loopback2
ip address 156.100.4.1 255.255.254.0
!
interface Serial0/0/0
ip address 156.12.1.5 255.255.255.252
clock rate 500000
!
router bgp 10000
bgp log-neighbor-changes
no synchronization
neighbor 156.12.1.6 remote-as 65000
network 156.100.4.0 mask 255.255.254.0
network 156.100.2.0 mask 255.255.255.0
network 156.100.1.0 mask 255.255.255.0
!