Friday, 27 March 2015

IP sec tunnel between two Cisco Router.





I have created a simple IP SEC tunnel configuration between two cisco router i.e. Router R1 & Router R2.  The loop back address 2.2.2.2 & 3.3.3.3 are communicating over IP sec tunnel formed between router R1 & Router R3. I have used 3 routers on  GNS 3 for the configuration. Find the configuration  of the router below.

R1

 !
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
crypto isakmp policy 1
 encr aes
 hash sha
 authentication pre-share
 group 2
 lifetime 86400
crypto isakmp key san address 15.15.15.1
!
!
crypto ipsec transform-set VPN esp-aes esp-sha-hmac
!
crypto map test 10 ipsec-isakmp
 set peer 15.15.15.1
 set transform-set VPN
 match address traffic
!
!
!
ip tcp synwait-time 5
ip ssh version 1
!
!
!
!
interface Loopback1
 ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
 ip address 14.14.14.1 255.255.255.0
 duplex auto
 speed auto
 crypto map test
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 3.3.3.0 255.255.255.0 14.14.14.2
ip route 15.15.15.0 255.255.255.0 14.14.14.2
!
!
no ip http server
no ip http secure-server
!
ip access-list extended traffic
 permit ip 2.2.2.0 0.0.0.255 3.3.3.0 0.0.0.255
ip access-list extended traffuc
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
R2
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
ip ssh version 1
!
!
!
!
interface FastEthernet0/0
 ip address 14.14.14.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 15.15.15.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

R3

 !
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
crypto isakmp policy 1
 encr aes
hash sha
 authentication pre-share
 group 2
lifetime 86400
crypto isakmp key san address 14.14.14.1
!
!
crypto ipsec transform-set VPN esp-aes esp-sha-hmac
!
crypto map test 10 ipsec-isakmp
 set peer 14.14.14.1
 set transform-set VPN
 match address traffic
!
!
!
ip tcp synwait-time 5
ip ssh version 1
!
!
!
!
interface Loopback1
 ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 15.15.15.1 255.255.255.0
 duplex auto
 speed auto
 crypto map test
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 2.2.2.0 255.255.255.0 15.15.15.2
ip route 14.14.14.0 255.255.255.0 15.15.15.2
!
!
no ip http server
no ip http secure-server
!
ip access-list extended traffic
 permit ip 3.3.3.0 0.0.0.255 2.2.2.0 0.0.0.255
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

 Find the test from both the router.

 test at Router R1.
R1#ping 3.3.3.3 source 2.2.2.2

 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/102/120 ms
R1#sh cry
R1#sh crypto is
R1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status
15.15.15.1      14.14.14.1      QM_IDLE           1001    0 ACTIVE

 IPv6 Crypto ISAKMP SA
 R1#sh crypto ipsec sa

 interface: FastEthernet0/0
    Crypto map tag: test, local addr 14.14.14.1

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (2.2.2.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (3.3.3.0/255.255.255.0/0/0)
   current_peer 15.15.15.1 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 32, #pkts encrypt: 32, #pkts digest: 32
    #pkts decaps: 110, #pkts decrypt: 110, #pkts verify: 110
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 1, #recv errors 0

     local crypto endpt.: 14.14.14.1, remote crypto endpt.: 15.15.15.1
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
     current outbound spi: 0xBFD855E(201164126)

     inbound esp sas:
      spi: 0xCDCC62CF(3452723919)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 1, flow_id: SW:1, crypto map: test
        sa timing: remaining key lifetime (k/sec): (4566030/727)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xBFD855E(201164126)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2, flow_id: SW:2, crypto map: test
        sa timing: remaining key lifetime (k/sec): (4566037/724)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

 TEST at Router R3
R3#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status
15.15.15.1      14.14.14.1      QM_IDLE           1001    0 ACTIVE

 IPv6 Crypto ISAKMP SA

 R3#ping 2.2.2.2 source 3.3.3.3

 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/101/108 ms
R3#sh crypto ipsec sa

 interface: FastEthernet0/1
    Crypto map tag: test, local addr 15.15.15.1

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (3.3.3.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (2.2.2.0/255.255.255.0/0/0)
   current_peer 14.14.14.1 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 115, #pkts encrypt: 115, #pkts digest: 115
    #pkts decaps: 37, #pkts decrypt: 37, #pkts verify: 37
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 15.15.15.1, remote crypto endpt.: 14.14.14.1
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
     current outbound spi: 0xCDCC62CF(3452723919)

     inbound esp sas:
      spi: 0xBFD855E(201164126)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 1, flow_id: SW:1, crypto map: test
        sa timing: remaining key lifetime (k/sec): (4574294/621)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xCDCC62CF(3452723919)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2, flow_id: SW:2, crypto map: test
        sa timing: remaining key lifetime (k/sec): (4574288/619)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:
R3#




Posted by at No comments:

Monday, 16 July 2012

Here we discuss about the uses of  VLAN access-map. Suppose your company give you a task to block communication between two hosts in a same VLAN. Definitely IP access-list does not going to help you because the communication does not use the vlan gateway. Vlan access-map will do the job for you. on The below figure I have create the scenario.






There are three host connected with a 3560 switch.There IP address is 10.10.10.100 ,10.10.10.50 & 10.10.10.200.All the three hosts are member of vlan 10.The vlan gateway is 10.10.10.1.We need to block the communication between 10.10.10.100 & 10.10.10.200.find the configuration below.After done the configuration try ping from 10.10.10.100 & 10.10.10.200 & vice verse. you will observe a drop. if you ping to 10.10.10.50 you will get a reply. The configuration is simple but the output is very powerful.

vlan access-map deny-IP 20
 action drop
 match ip address 101
vlan access-map deny-IP 30
 action forward

vlan filter deny-IP vlan-list 10

interface FastEthernet0/1
 switchport access vlan 10

interface FastEthernet0/2
 switchport access vlan 10

interface FastEthernet0/8
 switchport access vlan 10

interface Vlan10
 ip address 10.10.10.1 255.255.255.0
Posted by at 1 comment:

Tuesday, 6 March 2012

Overlapping destinations IP address from network


scenario: Suppose your company buys a company . Now your management want you to connect the new company network with the exiting company network. Now you have got a very serious problem. one of your network is overlapping with the new company network. How to go about it. Find the network diagram below. suppose SITEA is your company. SITE A already connected with SITEB.Your  new company is SITEC. SITEB & SITEC having overlapping network i.e 10.10.10.0/24. I have created NAT on SITEC router & the problem get resloved. Find the router configuration below. You can simulated the same scenario on GNS3 & check yourself.


SITEA
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SITEA
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
interface Loopback0
 ip address 172.29.55.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 2.2.2.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 3.3.3.2 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 10.10.10.0 255.255.255.0 3.3.3.1
ip route 192.168.1.0 255.255.255.0 2.2.2.1
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login
!
!
end
SITEB

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SITEB
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
interface Loopback0
 ip address 10.10.10.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 3.3.3.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 172.29.55.0 255.255.255.0 3.3.3.2
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

SITEC
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SMP
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
interface Loopback0
 no ip address
 ip nat inside
!
interface FastEthernet0/0
 ip address 2.2.2.1 255.255.255.0
 ip nat outside
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 172.29.55.0 255.255.255.0 2.2.2.2
!
no ip http server
no ip http secure-server
ip nat inside source static network 10.10.10.0 192.168.1.0 /24
!
access-list 50 permit 10.10.10.0 0.0.0.255
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

R5
!
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
!
!
interface FastEthernet0/0
 ip address 10.10.10.20 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login
!
!
end

On SITEC router Check by excute the following command.

SITEC#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 192.168.1.1        10.10.10.1         ---                ---
--- 192.168.1.2        10.10.10.2         ---                ---
--- 192.168.1.20       10.10.10.20        ---                ---
--- 192.168.1.0        10.10.10.0         ---                ---

Cheers




Posted by at No comments:

Saturday, 20 August 2011

network: GRE tunnel

scenario: 
There are 3 router as shown in the picture. Consider they are in three different location & manage by three different administrator.Find the configuration of all the router below. you can see every thing is working fine by static route. The  ip 10.10.10.1 & 11.11.11.1 between router R2 & R6 are working fine. The corresponding static route has been given in router R3.
  consider there is another network 192.168.1.1 /192.168.1.2 need to communicate between Router R2 & router R6 & the administrator of router R3 is not available.So what the administrator of router R2 & R6 will do.
They can able to do this by GRE tunnel. The tunnel will be form between router R2 & R6. And any destination can be directly pass through the tunnel.
  find all the router configuration below with the diagram & do the lab by yourself.

R2
interface Loopback0
 ip address 10.10.10.1 255.255.255.0
!
interface Loopback2
 ip address 192.168.1.1 255.255.255.0
!
interface Tunnel1
 ip address 10.100.100.1 255.255.255.0
 tunnel source 10.10.10.1
 tunnel destination 11.11.11.1
!
interface FastEthernet0/0
 ip address 2.2.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 3.3.3.2 255.255.255.255 2.2.2.2
ip route 11.11.11.1 255.255.255.255 2.2.2.2
ip route 192.168.1.2 255.255.255.255 10.100.100.2

R3
interface FastEthernet0/0
 ip address 2.2.2.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 3.3.3.1 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 10.10.10.1 255.255.255.255 2.2.2.1
ip route 11.11.11.1 255.255.255.255 3.3.3.2

 R6
interface Loopback1
 ip address 11.11.11.1 255.255.255.0
!
interface Loopback2
 ip address 192.168.1.2 255.255.255.0
!
interface Tunnel1
 ip address 10.100.100.2 255.255.255.0
 tunnel source 11.11.11.1
 tunnel destination 10.10.10.1
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 3.3.3.2 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 2.2.2.1 255.255.255.255 3.3.3.1
ip route 10.10.10.1 255.255.255.255 3.3.3.1
ip route 192.168.1.1 255.255.255.255 10.100.100.1
!


R6#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 276/323/352 ms


Posted by at 2 comments:

Wednesday, 27 July 2011

IP SLA


 Scenario
 The diagram show four routers are connected. The router R4 having a loop-back interface with IP address 192.168.1.1/24. There are two path to reach the loop back form router R1. Let's say the primary   path is through router R2 and secondary path through router R3.The problem is if the router interface s0/0  of router R4 will down the router R1 keep on sending packet to via router  R2. To address this problem we will implement Cisco's wonderful technology IPSLA.
Find the configuration of all the routers. The IP SLA has been configured in ROUTER R1.You also can verify this by
command given below.


R1
R1#show run
Building configuration...

Current configuration : 926 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
no ip domain lookup
!
!
ip sla monitor 1
 type echo protocol ipIcmpEcho 4.4.4.2 source-ipaddr 2.2.2.1
 timeout 500
 frequency 10
ip sla monitor schedule 1 life forever start-time now

!
track 1 rtr 1 reachability
!

!
interface FastEthernet0/0
 ip address 2.2.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 3.3.3.1 255.255.255.0
 duplex auto
 speed auto
!
ip route 0.0.0.0 0.0.0.0 2.2.2.2 track 1
ip route 0.0.0.0 0.0.0.0 3.3.3.2 100
!
no ip http server
no ip http secure-server

!
control-plane

gatekeeper
 shutdown
!

line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4

end
R2
R2#show run
Building configuration...

Current configuration : 703 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
!

interface FastEthernet0/0
 ip address 2.2.2.2 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 4.4.4.1 255.255.255.0
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
!
no ip http server
ip classless
ip route 192.168.1.0 255.255.255.0 4.4.4.2

line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!

end

R3
3#show run
Building configuration...

Current configuration : 693 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
!

interface FastEthernet0/0
 ip address 3.3.3.2 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 5.5.5.1 255.255.255.0
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 5.5.5.2
!

line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
end
R4 
R4#show run
Building configuration...

Current configuration : 789 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
!


interface Loopback0
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 4.4.4.2 255.255.255.0
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 5.5.5.2 255.255.255.0
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 4.4.4.1
ip route 0.0.0.0 0.0.0.0 5.5.5.1 10
!

line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end
For Verify
R1#  sh track
Track 1
  Response Time Reporter 1 reachability
  Reachability is Up
    12 changes, last change 00:08:16
  Latest operation return code: OK
  Latest RTT (millisecs) 476
  Tracked by:
    STATIC-IP-ROUTING 0


R1#traceroute 192.168.1.1

Type escape sequence to abort.
Tracing the route to 192.168.1.1

  1 2.2.2.2 248 msec 204 msec 108 msec
  2 4.4.4.2 516 msec *  420 msec
R1#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 264/380/580 ms
Now  shutdown the s0/0 of router R4 & checked the above command. Now no shutdown the s0/0 of router R4 & checked the above command.


Cheers
Posted by at No comments:
Subscribe to: Posts (Atom)