WEBVTT 1 00:00:00.080 --> 00:00:03.919 Welcome back to the Deep Dive. Today, we're embarking on 2 00:00:03.960 --> 00:00:06.919 a really fascinating journey. We're going to peel back the 3 00:00:07.040 --> 00:00:08.880 layers of Cisco networking commands. 4 00:00:09.119 --> 00:00:11.400 Yeah, getting into the nitty gritty exactly. 5 00:00:11.400 --> 00:00:13.560 If you've ever felt, you know, maybe a bit overwhelmed 6 00:00:13.560 --> 00:00:15.880 by network complexity, or just wondered how these little boxes 7 00:00:15.880 --> 00:00:18.519 make the Internet work, then you're definitely in the right place. 8 00:00:18.719 --> 00:00:21.800 We'll navigate the essentials from just setting things up to 9 00:00:22.239 --> 00:00:24.359 well some pretty advanced stuff like enterprise routing. 10 00:00:24.480 --> 00:00:26.719 Get ready to understand the language. 11 00:00:26.359 --> 00:00:28.000 Right, you got it, the language of networks. 12 00:00:28.239 --> 00:00:32.840 And this deep dive it's built straight from Ramonenstas's Cisco 13 00:00:32.960 --> 00:00:37.560 CCNA Command Guide. It's a fantastic resource, really geared towards 14 00:00:37.600 --> 00:00:41.200 helping people nail The CCNA. 15 00:00:40.600 --> 00:00:42.240 Exam covers a lot, doesn't it. 16 00:00:42.280 --> 00:00:47.640 Oh Yeah, routing, switching commands, subnetting, VLSM, CIDR, the works. 17 00:00:48.399 --> 00:00:51.880 But our mission today for you listening isn't just about 18 00:00:51.920 --> 00:00:53.039 memorizing commands. 19 00:00:53.159 --> 00:00:54.560 No, it's deeper than that, exactly. 20 00:00:54.560 --> 00:00:58.000 It's about getting the why how you manage, configure, and 21 00:00:58.000 --> 00:01:02.920 troubleshoot these Cisco devices quickly effectively. The guide keeps it simple, 22 00:01:03.119 --> 00:01:05.959 which really helps you learn Cisco iOS properly. 23 00:01:06.239 --> 00:01:08.359 Okay, let's unpack this. Then you get a brand new 24 00:01:08.359 --> 00:01:12.599 Cisco device, plug it in. It's just sitting there. How 25 00:01:12.599 --> 00:01:15.480 do you even like talk to it? What's step one? 26 00:01:15.680 --> 00:01:18.319 Right, the very first step. It all starts with the 27 00:01:18.319 --> 00:01:22.000 command line interface, the CLI. Think of it as, you know, 28 00:01:22.079 --> 00:01:25.640 a direct conversation with a device's brain. When you first connect, 29 00:01:25.959 --> 00:01:28.319 you land in what's called user exec mode. You'll see 30 00:01:28.319 --> 00:01:28.879 a little. 31 00:01:28.640 --> 00:01:29.840 Prompt like the front door. 32 00:01:30.079 --> 00:01:33.000 Pretty much from there, you type enable. That gets you 33 00:01:33.040 --> 00:01:35.760 into privileged mode, and the prompt changes to a hashtag. 34 00:01:36.040 --> 00:01:37.480 Now you can see more, do a. 35 00:01:37.400 --> 00:01:39.400 Bit more, but not change things yet. 36 00:01:39.239 --> 00:01:42.439 Not configuration changes. No, for that the real work. You 37 00:01:42.480 --> 00:01:45.959 type configure terminal or confitive T for short usually H 38 00:01:46.000 --> 00:01:49.120 a shortcut. Yeah, everyone uses the shortcuts. That takes you 39 00:01:49.159 --> 00:01:53.599 into global configuration mode. The prompt changes again to config hashtag. 40 00:01:53.879 --> 00:01:55.840 Each mode kind of unlocks more power. 41 00:01:56.359 --> 00:02:00.519 So once we're past that initial handshake into the configure modes, 42 00:02:01.760 --> 00:02:03.920 how do we give this box an actual name? Make 43 00:02:03.959 --> 00:02:05.400 it identifiable on the network? 44 00:02:05.439 --> 00:02:08.680 Good question. Giving it an identity is well fundamental. You 45 00:02:08.719 --> 00:02:12.240 start with the host name. Simple command host name R one, 46 00:02:12.360 --> 00:02:15.080 for instance, makes it unique R one. Okay, then you 47 00:02:15.159 --> 00:02:17.400 gotta light up its connections right the interfaces. You go 48 00:02:17.439 --> 00:02:21.360 into a specific interface with say interface gigabyte eternet serce. 49 00:02:21.199 --> 00:02:23.080 So you target the specific port exactly. 50 00:02:23.280 --> 00:02:25.680 Once you're inside that interface, can figure you give it 51 00:02:25.680 --> 00:02:29.199 an IP address and subnetmask like eep address one ninety 52 00:02:29.199 --> 00:02:31.159 two point one sixty eight one point one two five 53 00:02:31.240 --> 00:02:32.919 five point two five to five point two five. 54 00:02:32.800 --> 00:02:35.280 Five point zero. Standard stuff, standard stuff. 55 00:02:35.280 --> 00:02:38.280 But here's the kicker, the thing everyone trips over it first. 56 00:02:38.680 --> 00:02:43.199 By default, interfaces are off administratively. 57 00:02:42.360 --> 00:02:44.400 Down, so it won't work yet. 58 00:02:44.479 --> 00:02:47.080 Nope, you must use the no shut down command that 59 00:02:47.120 --> 00:02:50.400 actually activates the interface, turns it on. Without that, your 60 00:02:50.400 --> 00:02:51.840 IP address is just sitting there. 61 00:02:51.680 --> 00:02:53.879 Doing nothing, like a light switch, basically. 62 00:02:53.520 --> 00:02:55.439 Exactly like a light switch. The guide shows a good 63 00:02:55.439 --> 00:02:58.159 example for R two right configure one interface it dress 64 00:02:58.159 --> 00:03:00.280 one ninety two point one sixty eight point one one 65 00:03:01.080 --> 00:03:03.319 two five five point two, five five point zero. Then 66 00:03:03.319 --> 00:03:05.960 maybe gigabyte e fin at zero one with each breast 67 00:03:06.000 --> 00:03:08.719 seventy seven point two two point one point one. Both 68 00:03:08.800 --> 00:03:10.919 need that no shutdown crucial. 69 00:03:10.560 --> 00:03:13.159 Got it, no shutdown? Bring that one into memory. Okay, 70 00:03:13.319 --> 00:03:15.479 building on that, what about security? Right from the start 71 00:03:15.479 --> 00:03:18.520 we hear about enable password and enable secret. What's the deal? 72 00:03:18.560 --> 00:03:19.960 There is one better? Oh? 73 00:03:20.000 --> 00:03:23.199 Absolutely one is better. It's all about how protected your 74 00:03:23.240 --> 00:03:26.840 access is. Enable passwords. That's a password, sure, but it's 75 00:03:26.840 --> 00:03:27.960 stored in plaintext. 76 00:03:28.120 --> 00:03:28.879 Plaintext. 77 00:03:29.080 --> 00:03:32.199 Yikes, yeah, big yikes. If someone sees your config file, 78 00:03:32.280 --> 00:03:36.039 they see the password. Enable secret, though that uses strong 79 00:03:36.120 --> 00:03:40.439 encryption a hash it's unreadable. Always always use enable secret 80 00:03:40.439 --> 00:03:41.800 for protecting privilege mode. 81 00:03:41.960 --> 00:03:44.439 So secret is the way to go. What about passwords? 82 00:03:44.439 --> 00:03:45.000 Already there? 83 00:03:45.120 --> 00:03:48.840 Good point their service password encryption. Run that and it'll 84 00:03:48.919 --> 00:03:52.719 encrypt any existing plaintext passwords in the running config. It's 85 00:03:52.759 --> 00:03:55.439 not super strong encryption, mind you, but it's better than 86 00:03:55.479 --> 00:03:57.520 nothing for things like user passwords. 87 00:03:57.639 --> 00:04:00.639 Okay, and what about those warning messages you see log. 88 00:04:00.479 --> 00:04:03.759 In ah, the banner mod message of the day. That's 89 00:04:03.800 --> 00:04:06.120 your digital keepout sign. You set it with banner mod 90 00:04:06.159 --> 00:04:08.879 hashtag and then type your message, ending with another hashtag, 91 00:04:09.159 --> 00:04:12.400 usually something like unauthorized access denied. It's a legal thing, 92 00:04:12.520 --> 00:04:17.279 mostly a deterrent exactly. And the guide also mentions IP 93 00:04:17.319 --> 00:04:20.759 domain name and IP domain look up quick ones, but important. 94 00:04:21.079 --> 00:04:23.759 They let your router resolve names like Google dot Com 95 00:04:23.839 --> 00:04:27.199 to IP addresses, turns on DNS lookup. 96 00:04:26.879 --> 00:04:30.480 Basically so it understands names, not just numbers. Yeah, makes sense. Okay, 97 00:04:30.480 --> 00:04:32.959 we've got basic setups of initial security. How do we 98 00:04:32.959 --> 00:04:36.600 manage these things remotely? Telnet versus SSH comes up all 99 00:04:36.639 --> 00:04:38.920 the time? Is telnet ever? Okay? 100 00:04:39.439 --> 00:04:42.759 Honestly almost never these days. It really comes down to security, 101 00:04:42.800 --> 00:04:44.240 and SSH wins hands down. 102 00:04:44.319 --> 00:04:44.800 Why is that? 103 00:04:44.959 --> 00:04:48.319 Telment configuration is simple? Yeah, h line VT zero four, 104 00:04:48.399 --> 00:04:51.720 set of password, Cisco log in done. But the massive 105 00:04:51.759 --> 00:04:55.680 flaw is it sends everything usernames, passwords, commands in clear text. 106 00:04:55.639 --> 00:04:57.959 Like shouting your password across the office exactly. 107 00:04:58.040 --> 00:05:00.879 Anyone listening on the network can grab it. S secure 108 00:05:00.920 --> 00:05:03.600 shell encrypts the entire session much safer. 109 00:05:03.800 --> 00:05:05.800 So how do you set up SSH? Then? More involved 110 00:05:05.920 --> 00:05:06.360 a bit more. 111 00:05:06.439 --> 00:05:08.839 Yeah, you need to create a username with a password first, 112 00:05:08.879 --> 00:05:12.279 set that IP domain name we mentioned, Then generate encryption keys, 113 00:05:12.560 --> 00:05:15.519 crypto key, generate URSA modulus one to eighty four is 114 00:05:15.519 --> 00:05:18.439 a common one. You should probably use ipsetch version two 115 00:05:18.600 --> 00:05:22.879 for better security. Then on your vty lines line VLO four. 116 00:05:23.120 --> 00:05:26.120 Instead of just log in, you use log in local 117 00:05:26.199 --> 00:05:29.519 to check against the local username database. And the key 118 00:05:29.560 --> 00:05:32.360 part is transport input stish that tells it only allow 119 00:05:32.560 --> 00:05:34.480 SSH connections on these lines. 120 00:05:35.160 --> 00:05:38.439 No telnet locks it down. What about plugging directly in 121 00:05:38.480 --> 00:05:39.319 the console port? 122 00:05:39.399 --> 00:05:43.160 Good point local access that's line console zero. You'd set 123 00:05:43.199 --> 00:05:46.160 a password and log in there too. A really useful 124 00:05:46.160 --> 00:05:50.480 command for the console is logging synchronous stops log messages 125 00:05:50.480 --> 00:05:51.959 from messing up your typing midcommands. 126 00:05:52.040 --> 00:05:54.040 Oh that's andy, I hate that everyone does. 127 00:05:54.319 --> 00:05:56.279 And maybe set an exec time out five so it 128 00:05:56.319 --> 00:06:00.000 logs out idle sessions after five minutes. Basic security hygiene. 129 00:06:00.079 --> 00:06:02.319 It sounds like a fair few commands to get right 130 00:06:02.959 --> 00:06:04.959 after typing all that in. How do we double check 131 00:06:05.000 --> 00:06:07.600 make sure it actually worked or figure out what's wrong 132 00:06:07.639 --> 00:06:08.000 if it did. 133 00:06:08.399 --> 00:06:11.959 Verification is key, absolutely key. Cisco iOS gives you a 134 00:06:11.959 --> 00:06:14.040 bunch of show commands. They're your best friends. Like what 135 00:06:14.279 --> 00:06:16.839 show running config is. The big one shows you the 136 00:06:17.000 --> 00:06:20.480 entire active configuration, what the router is actually using right now, 137 00:06:20.519 --> 00:06:24.560 Live blueprint exactly. For a quick check of interfaces IPS 138 00:06:24.720 --> 00:06:27.600 and whether they're up or down show IP an interface 139 00:06:27.720 --> 00:06:29.879 brief is gold super useful. 140 00:06:30.000 --> 00:06:31.920 Okay, BRIEFE is good if you need. 141 00:06:31.879 --> 00:06:36.199 All the details about an interface, errors, speed, duplex, all 142 00:06:36.199 --> 00:06:40.240 that the's avermeter. Then it's show interfaces more verbose. Gotcha 143 00:06:40.360 --> 00:06:42.839 to see the router's map of the network, how it 144 00:06:43.000 --> 00:06:45.920 knows where to send stuff. That's show ip root shows 145 00:06:45.920 --> 00:06:48.199 the routing table makes sense. And if you just want 146 00:06:48.199 --> 00:06:51.720 to see who's logged in right now, show users. These 147 00:06:51.759 --> 00:06:54.399 commands are how you see what's going on inside. Essential 148 00:06:54.439 --> 00:06:56.120 for checking your work and troubleshooting. 149 00:06:56.199 --> 00:06:59.000 Okay, here's where it gets really interesting for me. We've 150 00:06:59.000 --> 00:07:02.720 got devices talking, sure, but in any decent sized network, 151 00:07:03.000 --> 00:07:05.839 just having everyone yelling in the same big room digitally 152 00:07:05.879 --> 00:07:07.680 speaking gets chaotic fast. 153 00:07:07.759 --> 00:07:10.000 Oh yeah, broadcast storms security issues. 154 00:07:10.120 --> 00:07:13.319 Right, so we need to create smaller neighborhoods. Yes, logical divisions. 155 00:07:13.399 --> 00:07:16.199 That brings us to vlands right right? Where are they? Fundamentally? 156 00:07:16.399 --> 00:07:20.000 Fundamentally, vlan's virtual lands are a way to take one 157 00:07:20.120 --> 00:07:23.639 physical switch and chop it up into multiple virtual switches, 158 00:07:23.920 --> 00:07:26.399 so devices connected to the same physical box can be 159 00:07:26.439 --> 00:07:29.879 completely separated as if they were on different hardware. 160 00:07:29.639 --> 00:07:32.720 So HR doesn't see engineering's traffic even if they're plugged 161 00:07:32.759 --> 00:07:33.680 into the same switch. 162 00:07:34.040 --> 00:07:38.720 Precisely, the rule is one VLAN equals one network equals 163 00:07:38.720 --> 00:07:43.040 one broadcast domain. That last part is huge broadcasts which 164 00:07:43.079 --> 00:07:45.439 can flood a network stay within their. 165 00:07:45.279 --> 00:07:49.000 Own VLAN ah, So it cuts down noise and improves. 166 00:07:48.600 --> 00:07:53.560 Performances massively, plus huge benefits for security. Logical isolation is powerful, 167 00:07:53.680 --> 00:07:56.680 better network design. You can group users or functions logically 168 00:07:56.879 --> 00:07:59.800 and scalability. Much easier to add a new department or 169 00:07:59.839 --> 00:08:01.639 function as a new vland than rewire. 170 00:08:01.680 --> 00:08:05.319 Everything sounds super powerful. Now. Switches have these two special 171 00:08:05.360 --> 00:08:08.920 port types for VLANs, access and trunk. What's the difference? 172 00:08:08.920 --> 00:08:09.560 How do they work? 173 00:08:09.720 --> 00:08:12.160 That's the core distinction. Yeah, and access port belongs to 174 00:08:12.199 --> 00:08:15.560 one VLAN only. It's for connecting end devices, your PC, 175 00:08:15.839 --> 00:08:18.480 your laptop, a server. Think of it as a driveway 176 00:08:18.480 --> 00:08:19.319 to a single house. 177 00:08:19.360 --> 00:08:21.720 Okay, one VLAN per access port right. 178 00:08:22.279 --> 00:08:24.360 A trunk port, on the other hand, is designed to 179 00:08:24.399 --> 00:08:27.560 carry traffic for multiple vlands at the same time. It's 180 00:08:27.600 --> 00:08:30.879 the highway connecting different neighborhoods or buildings. Use trunks to 181 00:08:30.920 --> 00:08:33.759 connect switches together or a switch to a router that 182 00:08:33.799 --> 00:08:35.320 needs to understand VLANs. 183 00:08:35.639 --> 00:08:38.799 Gotcha highway versus driveway? How do you configure them? 184 00:08:38.960 --> 00:08:41.960 For an access port? It's usually switchport mode Access and 185 00:08:42.000 --> 00:08:44.559 then switchport access of land ten to assign it to 186 00:08:44.679 --> 00:08:47.759 VLAN ten. For example, for a trunk, you'd typically set 187 00:08:47.759 --> 00:08:52.039 the encapsulation first, usually switchport trunk encapsulation DOT one QUE 188 00:08:52.200 --> 00:08:55.679 that's the standard tagging method. Then switchport mode trunk and 189 00:08:55.759 --> 00:08:59.879 often you specify which VLANs are allowed switchport trunk allowed 190 00:09:00.120 --> 00:09:01.720 land ten, thumb and twenty and. 191 00:09:01.639 --> 00:09:03.919 You verify this how Chauvelin. 192 00:09:03.559 --> 00:09:05.600 Brief gives you a nice table of your VLANs and 193 00:09:05.639 --> 00:09:09.080 which ports are in them. Show interfaces trunk shows you 194 00:09:09.120 --> 00:09:11.759 the status of your trunk ports, which vlands are allowed, 195 00:09:11.960 --> 00:09:13.240 and which is the native vilan. 196 00:09:13.399 --> 00:09:16.000 What about locking down those individual ports? Seems like some 197 00:09:16.080 --> 00:09:18.600 could just walk up, plug in a laptop and get 198 00:09:18.600 --> 00:09:20.080 onto the network if we're not careful. 199 00:09:20.200 --> 00:09:22.679 Ah, good point. That's where port security comes in. It's 200 00:09:22.679 --> 00:09:24.559 like having a bouncer on each switch. 201 00:09:24.320 --> 00:09:26.519 Port, okay, checking IDs sort of. 202 00:09:26.679 --> 00:09:29.080 It checks the m messy address of the device plugging in. 203 00:09:29.559 --> 00:09:32.759 You enable it with port security, Then you decide what 204 00:09:32.840 --> 00:09:36.200 happens if an unauthorized device connects the violation mode. 205 00:09:36.279 --> 00:09:37.000 What are the options? 206 00:09:37.039 --> 00:09:39.559 Shut Down is the most common. It just disables the port, 207 00:09:39.759 --> 00:09:42.919 needs an admin to re enable it. Restrict drops the 208 00:09:42.960 --> 00:09:45.879 bad traffic, but keeps the port up and logs the violation. 209 00:09:46.720 --> 00:09:48.720 Protect is similar, but doesn't even. 210 00:09:48.600 --> 00:09:50.799 Log it shut down seems safest often is. 211 00:09:51.360 --> 00:09:54.559 You also control how it learns the allowed EMCY addresses. 212 00:09:54.919 --> 00:09:57.639 Sticky tells the switch to learn the first MC address 213 00:09:57.639 --> 00:10:00.600 it sees and stick it to the config. Or you 214 00:10:00.639 --> 00:10:04.320 can manually define static MD addresses, and you can set 215 00:10:04.360 --> 00:10:07.200 a maximum number of allowed max purport often just one 216 00:10:07.240 --> 00:10:08.080 for user ports. 217 00:10:08.399 --> 00:10:12.200 So switch port security maximum one logs it down tight. 218 00:10:12.159 --> 00:10:14.360 Exactly prevents simple plug in attacks. 219 00:10:14.919 --> 00:10:18.039 Okay, so we've neatly separated our networks with VLANs. We've 220 00:10:18.039 --> 00:10:21.120 secured the ports. But wait, now, HR can't talk to 221 00:10:21.159 --> 00:10:23.919 engineering at all. That's maybe too much separation, right, How 222 00:10:23.919 --> 00:10:25.240 do they communicate when needed? 223 00:10:25.440 --> 00:10:28.399 That's the next logical problem. Switches operate at layer two. 224 00:10:28.679 --> 00:10:31.120 They forward frames within a v LAN. They won't route 225 00:10:31.159 --> 00:10:34.200 packets between vlands or networks. For that, you need a 226 00:10:34.240 --> 00:10:35.519 layer three device, a router. 227 00:10:35.799 --> 00:10:37.720 Okay, so we need a router involved yep. 228 00:10:37.840 --> 00:10:40.759 And a very common, slightly older but still widely used 229 00:10:40.799 --> 00:10:42.120 technique is called router on. 230 00:10:42.080 --> 00:10:45.120 A stick or a row rider on a stick. Sounds funny, 231 00:10:45.240 --> 00:10:45.960 it does. 232 00:10:45.720 --> 00:10:48.440 But it describes it. Well, yeah, you take one physical 233 00:10:48.480 --> 00:10:51.320 router interface, connect it to your switch, and configure that 234 00:10:51.399 --> 00:10:53.879 switch port as a trunk carrying all the v lands. 235 00:10:54.200 --> 00:10:56.960 Ah, so the router sees all the vland traffic on 236 00:10:57.000 --> 00:10:58.200 that one link precisely. 237 00:10:58.519 --> 00:11:01.399 Then on the router side, you create virtual sub interfaces, 238 00:11:01.519 --> 00:11:04.320 one for each VLAN you need to rout between, like 239 00:11:04.399 --> 00:11:08.320 interface gigabyte ethernet zero zero point zero for VLAN. 240 00:11:08.080 --> 00:11:09.440 Ten got ten ten. Okay. 241 00:11:09.559 --> 00:11:11.919 Inside that sub interface, you tell it which VLAN it's 242 00:11:11.960 --> 00:11:14.279 four using encapsulation dot one Q ten and give it 243 00:11:14.320 --> 00:11:17.200 an IP address like EP address one ninety two point 244 00:11:17.240 --> 00:11:19.759 one sixty eight point zero point one two FY five 245 00:11:19.840 --> 00:11:22.000 point two FI five point two five five point zero. 246 00:11:22.240 --> 00:11:25.240 That IP becomes the defunct gateway for devices in VLAN 247 00:11:25.360 --> 00:11:25.799 ten whatever. 248 00:11:26.159 --> 00:11:29.639 So the router handles the traffic between the sub interfaces exactly. 249 00:11:29.679 --> 00:11:33.200 It routes between VLAN tens network and say VLAN twenty's 250 00:11:33.240 --> 00:11:36.320 network via its sub interfaces. It's cost effective because you 251 00:11:36.360 --> 00:11:38.360 only need one router port, which is why it's still 252 00:11:38.399 --> 00:11:39.840 around even in big companies. 253 00:11:39.879 --> 00:11:42.360 Sometimes, what's the catch that that's too easy? 254 00:11:42.720 --> 00:11:45.559 The catch is that all intervaland traffic has to go 255 00:11:45.759 --> 00:11:47.960 up the stick to the router and back down again. 256 00:11:48.240 --> 00:11:51.480 That single link can become a bottleneck, especially if you 257 00:11:51.480 --> 00:11:54.759 have heavy traffic between vlands. That's why using a one 258 00:11:54.840 --> 00:11:58.399 gbps or faster interface on the router is pretty much essential. 259 00:11:58.559 --> 00:12:02.360 Makes sense avoid the time traffic jam on the stick. Hmm, okay, 260 00:12:02.559 --> 00:12:05.399 let's shift gears to routing itself. A router fresh out 261 00:12:05.440 --> 00:12:08.279 of the box only knows about networks it's directly plugged 262 00:12:08.320 --> 00:12:09.159 into right its. 263 00:12:09.000 --> 00:12:12.679 Own little world spot on it's routing tables pretty empty initially, 264 00:12:12.840 --> 00:12:14.799 just the networks on its active interfaces. 265 00:12:15.080 --> 00:12:16.559 So how do we teach it about the rest of 266 00:12:16.559 --> 00:12:19.240 the world, other networks it needs to reach? Yeah, this 267 00:12:19.279 --> 00:12:21.279 gets us into static versus dynamic routing. 268 00:12:21.360 --> 00:12:24.240 Yeah, exactly two main ways to build that network map. 269 00:12:24.519 --> 00:12:28.279 Static roots are where you the administrator manually tell the 270 00:12:28.360 --> 00:12:31.399 router exactly how to reach every single remote network. 271 00:12:31.440 --> 00:12:32.120 How does that look? 272 00:12:32.320 --> 00:12:35.159 The command is ip rot, then the destination network the mask, 273 00:12:35.240 --> 00:12:38.320 and finally the next top IP address the IP of 274 00:12:38.360 --> 00:12:40.399 the next router in line that knows how to get there. 275 00:12:40.519 --> 00:12:44.159 So very explicit. Hip route ten point zero point zero 276 00:12:44.200 --> 00:12:46.120 two five five point two five five point two five 277 00:12:46.200 --> 00:12:49.159 five point two five five point zero one ninety two 278 00:12:49.159 --> 00:12:51.759 point one six eight point one point two something like that. 279 00:12:51.879 --> 00:12:54.919 Perfect example. It's precise low overhead on the router, But 280 00:12:55.440 --> 00:12:59.120 imagine doing that for hundreds of networks. It gets unmanageable. 281 00:12:58.480 --> 00:13:00.879 Fast, right mare? What about your getting to the internet? 282 00:13:00.919 --> 00:13:04.440 AH. For that, you use a static default route EP 283 00:13:04.720 --> 00:13:07.720 root zero point zero point zero point zero point zero 284 00:13:07.799 --> 00:13:10.320 point zero, followed by the next hop IP usually your 285 00:13:10.360 --> 00:13:11.240 ISP's router. 286 00:13:11.200 --> 00:13:14.120 Zero zero zero zero, meaning any network I don't already. 287 00:13:13.840 --> 00:13:16.480 Know about exactly. It's the root of last resort. If 288 00:13:16.519 --> 00:13:18.960 the router has no specific match in its table, it 289 00:13:19.039 --> 00:13:21.840 sends the packet out via the default route essential for 290 00:13:21.919 --> 00:13:22.639 Internet access. 291 00:13:22.679 --> 00:13:25.519 Okay, Static routes are good for small, predictable setups or 292 00:13:25.559 --> 00:13:29.080 default routes, but for bigger, changing networks that manual of 293 00:13:29.159 --> 00:13:31.440 coaches out. That's where dynamic routing comes in, right yeah, 294 00:13:31.519 --> 00:13:32.320 Routers talking. 295 00:13:32.120 --> 00:13:35.799 To each other precisely. Dynamic routing protocols allow routers to 296 00:13:35.840 --> 00:13:39.320 automatically learn about remote networks from their neighbors. They share 297 00:13:39.360 --> 00:13:42.159 information and build their routing tables collaboratively. 298 00:13:42.600 --> 00:13:45.679 Let's start with an older, simpler one RIPv two. What's 299 00:13:45.679 --> 00:13:46.080 its deal? 300 00:13:46.559 --> 00:13:51.000 RIPv two Routing Information Protocol version two. It's simple because 301 00:13:51.000 --> 00:13:54.000 it's metric. How it decides the best path is just 302 00:13:54.039 --> 00:13:56.799 the hop count. How many routers away is the destination? 303 00:13:57.120 --> 00:13:58.200 Fewer hops is better? 304 00:13:58.559 --> 00:14:01.000 Sound straightforward? Can figure youuration easy. 305 00:14:00.720 --> 00:14:03.240 Pretty easy. You go into router RIP mode tell it 306 00:14:03.320 --> 00:14:07.279 version two critically, use no auto summary that prevents some 307 00:14:07.360 --> 00:14:10.919 old problematic behaviors. Then you use network commands to tell 308 00:14:11.080 --> 00:14:14.200 RIP which of your directly connected networks it should advertise 309 00:14:14.240 --> 00:14:14.919 to neighbors. 310 00:14:15.080 --> 00:14:17.600 So network one ninety two point one sixty eight point 311 00:14:17.600 --> 00:14:18.279 one point. 312 00:14:18.120 --> 00:14:21.639 Zero exactly, and optionally default information originate. If you want 313 00:14:21.679 --> 00:14:24.480 this RIP router to advertise a default route, it knows about. 314 00:14:24.600 --> 00:14:28.519 Okay, simple hopcount. Now what's fascinating here is how does 315 00:14:28.519 --> 00:14:31.639 this apply to IPv six, the next generation ip is 316 00:14:31.639 --> 00:14:32.600 it totally different? 317 00:14:32.799 --> 00:14:35.879 The core ideas are similar, but the commands change naturally. 318 00:14:36.320 --> 00:14:39.399 First big thing for IPv six routing you must enable 319 00:14:39.440 --> 00:14:43.200 it globally with IPv six unicast routing. Without that, nothing happens. 320 00:14:43.240 --> 00:14:45.360 Okay, master switch for IPv six routing. 321 00:14:45.200 --> 00:14:48.279 YEP Assigning an IPv six address is IPv six address 322 00:14:48.320 --> 00:14:51.240 of TBCD dot ABCD dot one two five four point 323 00:14:51.240 --> 00:14:54.919 one sixty four for example, static routes very similar pattern 324 00:14:55.200 --> 00:14:58.279 IV six route destination, network prefix, next stop. 325 00:14:58.360 --> 00:15:01.279 IPv six makes sense. And the dynamic protocol is there 326 00:15:01.279 --> 00:15:02.879 an IPv six RIP there is. 327 00:15:02.919 --> 00:15:06.080 It's called RIP and RIP next generation. You can figure 328 00:15:06.080 --> 00:15:08.360 it with IPv six router rip name. You give it 329 00:15:08.360 --> 00:15:10.559 a name, then you enable it on the interfaces you 330 00:15:10.559 --> 00:15:12.840 want it to run on using IPv six RIP me 331 00:15:12.919 --> 00:15:15.919 name enable. So similar logic, different commands got it. 332 00:15:16.120 --> 00:15:19.840 Moving up the latter to more serious scalable protocols OSPF. 333 00:15:19.879 --> 00:15:21.559 You hear this one all the time, the workhorse, Right, 334 00:15:21.840 --> 00:15:22.720 Why is it so popular? 335 00:15:22.799 --> 00:15:26.240 OSPF Open shortest Path? First, it's huge, probably the most 336 00:15:26.240 --> 00:15:29.919 widely deployed internal routing protocol. Big reason. It's an open standard, 337 00:15:30.000 --> 00:15:33.320 vendor independent, works on Cisco, Juniper or whatever, unlike some others. 338 00:15:33.559 --> 00:15:36.000 Unlike some others. Yes, and it's a link state protocol. 339 00:15:36.279 --> 00:15:39.639 That means every OSPF router build a complete map a 340 00:15:39.679 --> 00:15:42.960 topology database of the entire network area. 341 00:15:42.720 --> 00:15:44.639 It's in, so it knows the whole layout it does. 342 00:15:44.879 --> 00:15:47.960 Then it runs Dikstra's algorithm clever math to taculate the 343 00:15:48.000 --> 00:15:51.559 absolute shortest path to every destination based on cost which 344 00:15:51.600 --> 00:15:55.559 is usually calculated from interface bandwidth. Faster links have lower costs, 345 00:15:55.559 --> 00:15:56.360 so they're preferred. 346 00:15:56.360 --> 00:15:57.480 Smart How do you set it up? 347 00:15:57.559 --> 00:16:01.159 Two main ways. The older way is router ASP process ID, 348 00:16:01.360 --> 00:16:04.519 then using network commands with a wildcard mask and specifying 349 00:16:04.519 --> 00:16:07.120 the area like network one nine to two point one 350 00:16:07.200 --> 00:16:09.600 six eight point one point zero point zero point two 351 00:16:09.639 --> 00:16:10.960 five five Area zero. 352 00:16:11.159 --> 00:16:14.320 The wild card mask the inverse of a subnetmask exactly. 353 00:16:14.799 --> 00:16:17.559 The newer, often easier way is just to go into 354 00:16:17.559 --> 00:16:20.879 the INFHASE configuration and type ip AS process ID. Areas 355 00:16:20.960 --> 00:16:23.559 zero enables OSPF directly on that link. 356 00:16:23.720 --> 00:16:25.440 Seems simpler. You mentioned area yeah. 357 00:16:25.480 --> 00:16:28.679 OSPF uses areas to break up large networks, improve scalability 358 00:16:28.720 --> 00:16:31.559 and control routing updates. Area zero is the backbone. You 359 00:16:31.559 --> 00:16:35.879 can have other areas like STDU areas, totally SSDUB areas, NSSA, 360 00:16:36.360 --> 00:16:39.600 different types to optimize things. Gets complex but powerful. 361 00:16:39.840 --> 00:16:45.120 Okay. Next step EI g RP OSBF Cisco only cousin. 362 00:16:45.240 --> 00:16:48.480 You could say you called it hybrid earlier. What's that mean? 363 00:16:48.759 --> 00:16:53.559 EI g RP Enhanced Interior Gateway Routing Protocol. Yes, key 364 00:16:53.600 --> 00:16:57.360 thing Cisco Proprietary only runs on Cisco gear. That's its 365 00:16:57.399 --> 00:17:01.279 biggest drawback in mixed environments, so why it's very fast 366 00:17:01.320 --> 00:17:04.799 to CONVERGEIU link fails often faster than OSPF initially, and 367 00:17:04.839 --> 00:17:07.880 it's called hybrid or sometimes advanced distance vector because it 368 00:17:07.920 --> 00:17:11.440 borrows cool features from both link state and distance vector worlds. 369 00:17:11.799 --> 00:17:14.799 Like what from link state, it uses Hello packets to 370 00:17:14.839 --> 00:17:18.319 find neighbors quickly, maintains neighbor and topology tables, and sends 371 00:17:18.359 --> 00:17:22.039 updates reliably. But like distance vector, it primarily relies on 372 00:17:22.119 --> 00:17:24.720 information from its neighbors to calculate routes, rather than having 373 00:17:24.759 --> 00:17:27.759 the full map itself. It keeps track of feasible successor 374 00:17:27.839 --> 00:17:29.039 routes for instant failover. 375 00:17:29.160 --> 00:17:32.480 Best to both worlds. Maybe house configuration also pretty straightforward. 376 00:17:32.680 --> 00:17:36.440 Router I group as number, that as number must match 377 00:17:36.519 --> 00:17:39.319 on all EIGRP routers in the same system for them 378 00:17:39.359 --> 00:17:42.920 to talk. Critical Then, similar to RIP, you use network 379 00:17:42.960 --> 00:17:45.799 commands for the interfaces you want included, and no auto 380 00:17:45.799 --> 00:17:47.720 summary is usually recommended here too. 381 00:17:47.799 --> 00:17:51.839 Okay, and presumably they're IPv six versions two, OSPF three 382 00:17:51.920 --> 00:17:53.319 and EIGRPV six. 383 00:17:53.160 --> 00:17:57.359 Absolutely OSPF three for IPB six, OSPF and eigrpv six 384 00:17:57.799 --> 00:18:01.480 similar principles, different command sets. TAP for IPB six addressing 385 00:18:01.559 --> 00:18:02.200 and features. 386 00:18:02.440 --> 00:18:04.720 All right, so we can get packets flowing between networks. 387 00:18:04.799 --> 00:18:07.079 But networks need more than just basic routing to be 388 00:18:07.160 --> 00:18:10.599 usable day to day. What about getting IP addresses automatically? 389 00:18:11.039 --> 00:18:14.000 DHCP seems vital for just plugging in and working. 390 00:18:14.119 --> 00:18:19.559 Oh, DHCP is fundamental dynamic host configuration protocol. Imagine manually 391 00:18:19.599 --> 00:18:23.680 setting the IP mask, gateway and DNS on every single computer. 392 00:18:23.960 --> 00:18:27.079 Chaos typos everywhere, IP conflicts exactly. 393 00:18:27.279 --> 00:18:30.119 DHCP automates all that. That device boots up, ask for 394 00:18:30.160 --> 00:18:32.400 an address, and the DHCP server hands out all the 395 00:18:32.400 --> 00:18:36.240 necessary info dynamically from a predefined pool. In smaller networks, yeah, 396 00:18:36.240 --> 00:18:38.680 the router itself often acts as the DHCP server. 397 00:18:38.759 --> 00:18:40.240 How do you set that up on a Cisco router? 398 00:18:40.319 --> 00:18:42.920 Pretty easy? First, you might want to exclude some addresses 399 00:18:42.960 --> 00:18:45.079 from being handed out, maybe for your servers or printers. 400 00:18:45.240 --> 00:18:48.079 You use IPDHGP excluded address startup. 401 00:18:47.920 --> 00:18:49.920