Configure cisco router clock:
Router# clock set 10:50:00 Oct 26 2006
Router(config)# clock summer-time CDT recurringConfigure access-listaccess-list access-list-number action protocol source source-wildcard destination destination-wildcard [log | log-input]
, which can be used to enable access lists;
A loopback interface is a virtual interface. One of it's uses is when you need an interface that will not go down due to a link or hardware failure.
In OSPF, the IP address of the loopback interface becomes the OSPF router ID. If a loopback interface is not used, then the IP address of a physical (real) interface is used. Should the link connected to that interface go down, then the OSPF router ID would change. Using a loopback interface is this situation insures the router ID will never change.
OSPF is one reason the use a loop back interface, but there are others. For example let’s say you have a router with redundant links, you could use the address of one of the interfaces to telnet to the router, but if that one goes down chances are you will end up having to dig up your documentation on that router to find another interface to telnet to because you are likely to only remember that one you usually use. If you use a loop back instead, you can telnet to the router using the loop back address regardless of what links are up, or down, so long as you have connectivity to it, and your routing is correct.
int loopback 0
ip address 10.1.1.9 255.255.255.255
no shutdownConfiguring and Verifying OSPF
There are a few simple commands that are used to configure and troubleshoot a Cisco router configured to use OSPF in a single area and in a multiple area network. The commands used to configure OSPF are:
. router ospf < process_number > where process_number is a number local to the router. This command configures OSPF as the routing protocol on the router.
. network network_number wildcard_mask defines the networks that are to participate in the OSPF updates and the area that they reside in.. interface loopback < interface_number > ip address < ip_address > < subnet_mask > defines a loopback interface, which is a virtual interface, on the router.
. ip ospf cost < cost > sets the default cost for the router.
. auto-cost reference-bandwidth changes the OSPF cost formula.
Note: The ip ospf cost command overrides the auto-cost reference bandwidth command.
There are a number of show ip commands that can be used when troubleshooting an OSPF network. These commands are:
. show ip ospf, which provides information about the OSPF process and its details.
. show ip ospf database, which provides information about the contents of the topological database.
. show ip ospf interface, which provides information on how OSPF has been configured on each interface.
. show ip ospf neighbor, which displays all the information about the relationship that the router has with its neighbors.
. show ip protocols, which displays the IP configuration on the router, including the interfaces and the configuration of the IP routing protocols.
. show ip route [ip-address [mask] [longer-prefixes]] | [protocol [process-id]], which provides detailed information on the networks that the router is aware of and the preferred paths to those networks. It also gives the next logical hop as the next step in the path.
. debug ip ospf events, which issues log messages for each OSPF packet.
. debug ip ospf packet, which issues log messages describing the contents of all OSPF packets.Setting up NAT int en0
! This is the Ethernet 0 interface on the Router- attached to the local networkip address 10.10.10.10 255.0.0.0ip nat insideint s0
! This is the Serial 0 interface on the Router- attached to the Internetip address 184.108.40.206 255.255.255.128ip nat outsideip nat pool mypool 220.127.116.11 18.104.22.168 netmask 255.255.255.128
! Above is the pool of real Internet addresses which will be overloadedaccess-list 1 permit 10.0.0.0 0.255.255.255
! Above is the access list which allows who from the local network can use the NAT service
ip nat inside source list 1 pool mypool overload
! Above is the command that brings all the other configs together- it says to DO ITip route 0.0.0.0 0.0.0.0 serial0
!the default route to the InternetACLs and HSRP, BGP, OSPF, VRRP, GLBP…
Here’s a handy list of ACL entries to allow your devices to speak routing protocols, availability protocols, and some other stuff. We’ll assume you have ACL 101 applied to your Ethernet inbound; your Ethernet has an IP of 192.168.0.1.
* BGP : Runs on TCP/179 between the neighbors
access-list 101 permit tcp any host 192.168.0.1 eq 179
* EIGRP : Runs on its own protocol number from the source interface IP to the multicast address of 22.214.171.124
access-list 101 permit eigrp any host 126.96.36.199
* OSPF : Runs on its own protocol number from the source interface IP to the multicast address of 188.8.131.52; also talks to 184.108.40.206 for DR/BDR routers
access-list 101 permit ospf any host 220.127.116.11
access-list 101 permit ospf any host 18.104.22.168
* HSRP : Runs on UDP/1985 from the source interface IP to the multicast address of 22.214.171.124. I’ve seen in the past that it runs on UDP/1985, but I didn’t find any evidence of that in a quick Google for it. Can someone verify?
access-list 101 permit udp any host 126.96.36.199 eq 1985
* HSRP version 2 : Runs on UDP/1985 from the source interface IP to the multicast address of 188.8.131.52.
access-list 101 permit udp any host 184.108.40.206 eq 1985
* RIP : Runs on UDP/520 from the source interface IP to the multicast address of 220.127.116.11
access-list 101 permit udp any host 18.104.22.168 eq 520
* VRRP : Runs on its own protocol number from the source interface IP to the multicast address of 22.214.171.124
access-list 101 permit 112 any host 126.96.36.199
* VRRP-E : This is a Foundary thing according to readers, and runs on UDP/8888 from the source interface IP to the multicast address of 188.8.131.52
access-list 101 permit 112 any host 184.108.40.206 eq 8888
* GLBP : Runs on UDP from the source interface IP to the multicast address of 220.127.116.11
access-list 101 permit udp any host 18.104.22.168
* DHCPD (or bootps) : Runs on UDP/67 from 0.0.0.0 (since the client doesn’t have an address yet) to 255.255.255.255 (the broadcast).
access-list 101 permit udp any host 255.255.255.255 eq 67