EIGRP = Enhanced Interior Gateway Routing Protocol
It is a Cisco proprietary, Advanced Distance Vector metric. Some folks may refer to it as a hybrid routing protocol, but it is truly not. EIGRP uses Hello packets, much like a link state protocol
Advertised distance - EIGRP metric for blank to reach network
Feasible distance - the metric to reach neighbor + the advertised distance
Features of EIGRP
Rapid convergence using Diffuse Update Algorithm (DUAL) guarantees loop free paths and backup paths. If the primary route in the table fails, the best backup route is added to the table immediately. If no route exists, EIGRP queries the neighbors.
Reduced bandwidth by not sending the entire database and instead using:
Partial updates: only include route changes, incremental updates and not the whole table
Bounded updates: only send updates to routers affected
Multiple Network Layer Support can do Appletalk, IP, IPv6, Novell (IPX)
Less Overhead by using multicast and unicast, not broadcast. The ip address 224.0.0.10 is listed in my notes
Classless Routing
The mask is advertised for each network as this provides smaller subnets and efficient use of IP addresses. The protocol can also support discontiguous subnets and VLSM (variable length subnet masks)
Load Balance
The protocol allows load balancing on equal (by default) and unequal cost paths. Caveat, for unequal cost paths, variance must be specified.
EIGRP does equal metric load balancing by default up to four equal metric routes. This means the variance value is 1 (default). The routing table can have 16 entries for the same destination.
Configuring EIGRP
usage: conf t
router eigrp 100 (automonous system 100, 1 to 65535 possible)
network 10.0.0.0
network 192.168.10.0 0.0.0.15 (the wildcard mask can advertise subnets now)
no auto-summary (what does this do?)
variance 2
Verifiy EIGRP
show ip route eigrp
show ip protocols
show ip eigrp interfaces
show ip eigrp int fa 0/0
show ip eigrp int 100
show ip eigrp topology
show ip eigrp topology all-links
show ip eigrp traffic (this command lists number of packets sent/ received; HELLO, updates, queries, replies, ack etc)
More about the Variance Command
This command allows unequal metric load balancing, metrics being
* bandwidth
* delay
* reliability - the most reliable based on keepalives
* load
* K value - calculation method and AS number must match
Troubleshoot EIGRP
show ip eigrp neighbors
show ip int brief (shows which interfaces are active)
show ip int fa 0/0 (see ip subnets)
show ip protocols (see routing for networks)
show ip eigrp int (check for the process id and the same K method)
debug eigrp packets
show ip route (displays all the routes and eigrp is labeled)
show ip eigrp topology (shows the router id with the highest IP address which should be the loopback 0)
Showing posts with label Cisco ICND1. Show all posts
Showing posts with label Cisco ICND1. Show all posts
Friday, March 16, 2012
Monday, March 12, 2012
ICND 2 Flashcard: Routing OSPF
This material on link-state routing protocols is supposed to be ICND2 but I'm just gonna say that you should still study this for ICND1 because I said so, and wish I did. Hello!
OSPF Configuration Commands
usage: conf t
router ospf 100 (numbers 1 to 65535 valid)
log-adjacency-changes
network ipaddressofnetwork wildcardmask area number
network 10.1.1.0 0.0.0.255 area 0
router-id
Create a router's interface loopback 0 address first
Turn on OSPF
If the IP address ever changes, use the command, clear ip ospf proces
1) This part can be configured here, else
2) Choose the highest of loopback interfaces, else
3) Choose the highest of active interfaces
Verification of OSPF working
show ip route (shows all the routes the router knows and how they are learned, O = OSPF)
show ip protocols
show ip ospf (displays general information)
show ip ospf interface (area id, adjacency info)
show ip ospf neighbor ipaddress mask
The command, show ip route, is very useful because it also shows the interface of the learned routes. I had a scenario to set up two encrypted tunnels for redundancy. I did a show ip route from router2 and I noticed that all the networks I was looking and learned from OSPF were listed; I was quite perplexed that the routes were not learned from the secondary tunnel associated with router2. Everyone thought I was quite the wizard to get all the systems green again, high fives all around, and no one really cared to listen what I was still concerned about.
Eventually I figured out that the routes were obviously learned by OSPF through the interface to router1 whose tunnel is indeed up, which verifies OSPF learned routes to distant networks works but my intended secondary tunnel was not up. I did some digging and discovered I was missing the tunnel's source ip address in the interface tunnel configuration, what a silly rookie typo. But that's proof that OSPF was working so well I had fooled everyone (but not myself).
Logically, a hub and spoke topology or partial mesh? You be the judge.
Authentication of OSPF
service password-encryption (otherwise the key will be in plaintext)
ip ospf authentication-key plainpas
ip ospf authentication OR
area 0 authentication (you can choose md5)
Troubleshooting OSPF
Consider possible errors in neighbor adjacency's, routing table, and authentication.
The authentication methods are 0 = null, 1 = simple pssword, 2 = md5
OSPF means Open Standard Shortest Path First
- It is Classless IGP within a larger AS operating as a single OSPF network on Cisco
- A Link State protocol propagates the LSA's and not routing table updates
These are flood to all OSPF interfaces in the area
- the description of the interface
- advertises immediately state changes
- periodic update of entire database in 30 minutes
- forms a link state database
- calculates the shortest path using a SPF algorithm
- all routers in the area will have the same topological database; knowledge of distant routers
HELLO Protocol
- OSPF sends hello packets on an interface and confirms to OSPF routers the presence of another OSPF on the link, with each other
- bidirectional response
- adjacency is formed when two routers agree on area-id, hello/dead interval, authentication, stub, area flags
To reduce traffic there is one router chosen as the DR (designated router), a BDR (backup designated router) and the rest are DROTHERS. The multicast ip address is used 224.0.0.5 and the router id used is the loopback interface.
COST
To calculate the cost of the link, use the reference bandwidth/ interface bandwidth in bits per second. For link speed greater than 100 Mbps use the ospf auto-cost reference-bandwidth.
http://ccie11440.blogspot.com/2007/11/why-are-some-ospf-routes-in-database.html
OSPF Configuration Commands
usage: conf t
router ospf 100 (numbers 1 to 65535 valid)
log-adjacency-changes
network ipaddressofnetwork wildcardmask area number
network 10.1.1.0 0.0.0.255 area 0
router-id
Create a router's interface loopback 0 address first
Turn on OSPF
If the IP address ever changes, use the command, clear ip ospf proces
1) This part can be configured here, else
2) Choose the highest of loopback interfaces, else
3) Choose the highest of active interfaces
Verification of OSPF working
show ip route (shows all the routes the router knows and how they are learned, O = OSPF)
show ip protocols
show ip ospf (displays general information)
show ip ospf interface (area id, adjacency info)
show ip ospf neighbor ipaddress mask
The command, show ip route, is very useful because it also shows the interface of the learned routes. I had a scenario to set up two encrypted tunnels for redundancy. I did a show ip route from router2 and I noticed that all the networks I was looking and learned from OSPF were listed; I was quite perplexed that the routes were not learned from the secondary tunnel associated with router2. Everyone thought I was quite the wizard to get all the systems green again, high fives all around, and no one really cared to listen what I was still concerned about.
Eventually I figured out that the routes were obviously learned by OSPF through the interface to router1 whose tunnel is indeed up, which verifies OSPF learned routes to distant networks works but my intended secondary tunnel was not up. I did some digging and discovered I was missing the tunnel's source ip address in the interface tunnel configuration, what a silly rookie typo. But that's proof that OSPF was working so well I had fooled everyone (but not myself).
Logically, a hub and spoke topology or partial mesh? You be the judge.
Authentication of OSPF
service password-encryption (otherwise the key will be in plaintext)
ip ospf authentication-key plainpas
ip ospf authentication OR
area 0 authentication (you can choose md5)
Troubleshooting OSPF
Consider possible errors in neighbor adjacency's, routing table, and authentication.
The authentication methods are 0 = null, 1 = simple pssword, 2 = md5
OSPF means Open Standard Shortest Path First
- It is Classless IGP within a larger AS operating as a single OSPF network on Cisco
- A Link State protocol propagates the LSA's and not routing table updates
These are flood to all OSPF interfaces in the area
- the description of the interface
- advertises immediately state changes
- periodic update of entire database in 30 minutes
- forms a link state database
- calculates the shortest path using a SPF algorithm
- all routers in the area will have the same topological database; knowledge of distant routers
HELLO Protocol
- OSPF sends hello packets on an interface and confirms to OSPF routers the presence of another OSPF on the link, with each other
- bidirectional response
- adjacency is formed when two routers agree on area-id, hello/dead interval, authentication, stub, area flags
To reduce traffic there is one router chosen as the DR (designated router), a BDR (backup designated router) and the rest are DROTHERS. The multicast ip address is used 224.0.0.5 and the router id used is the loopback interface.
COST
To calculate the cost of the link, use the reference bandwidth/ interface bandwidth in bits per second. For link speed greater than 100 Mbps use the ospf auto-cost reference-bandwidth.
http://ccie11440.blogspot.com/2007/11/why-are-some-ospf-routes-in-database.html
Saturday, March 10, 2012
ICND1 Take one
When you wake up from a dream and you want to write down every thought or random fleeting memory right away, but it evaporates in front of you too quickly. Here's my list: ARP vs DNS, default clock rate set? DTE/ DCE interface, cell switched? PVC, ATM, wiring solutions between midpoints, DSLAM, TCP headers, sequence numbers, HELLO, NAT, service password-encryption, WAN, T1.
I had enough time to do the exam, but it was one of those things where I wished I could go back and change the answer to a previous question. You can't do that on these exams.
About four questions in, on the first router simulation question I didn't realize that you had to click on the console computer graphic to launch the CLI of the router to access the running-config. I kept looking through all the windows for the console login, but I just didn`t clue in. Well duh, how else would you answer the questions. Anywayz I messed up that question probably worth 30 marks and made a guess on the int fa 0/1 address and the multi-part answers were all based on that first assumption which I probably got wrong.
I only practised subnetting questions in Class C, but in real time I had to do subnetting for Class B. Not a big deal because I think I got that part right but still a bit stressful under time pressure.
Another random fact - Routers breakup broadcast domains; each interface on the router is a separate network. Routers breakup collision domains too but a layer 2 switch can do that too.
WAN is an important topic. Frame relay is not supposed to be part of ICND1 but you still had to know enough about it to get some facts straight. I will need to clarify some aspects of Permanent Virtual Circuits.
Here's the breakdown of the modules tested and my score.
Describe the operation of data networks - 71%
* Implement a small switched network - 60%
Implement an IP addressing scheme and IP services to meet network requirements for a small branch office 80%
Implement a small routed network - 67%
* Explain and select the appropriate administrative tasks required for a WLAN - 0%
Identify security threats to a network and describe general methods to mitigate those threats - 100%
Implement and verify WAN links - 75%
So I end the exam with my score of 787 out of 1000. You need 804 to pass which means I missed it by a margin of 17. That makes me knowledgeable enough to be dangerous.
It is my own fault for not passing I`m sure, but I will still launch a complaint because I noticed a couple of peculiarities with my exam experience. I felt like I was doing question 9 and then I clicked the mouse one too many times and I was on question 13. So I probably missed a four part question. I was a bit perplexed, probably should`ve said something at the time but I was like whatever. I`m wondering if those are the WLAN questions I completely skipped over. I only remember doing two questions on that whole subject and they did not adequately cover the topic of Explain and select the appropriate administrative tasks required for a WLAN.
I have the Pearson Vue 1 800 number so I may lodge a complaint and try to ask Cisco for a rebate on the retake of the exam. But do I really want to do this again after 10 days. Do I really want to re certify in 3 years and do this again. Right now though, I just feel like I want to crawl under a rock and die, but I can`t help but pulling my books to... restudy! All the kids are napping so I have 2 hours!!!
I have the difficult task of explaining to my boss that I didn't pass the exam. Hopefully if I show him the report card with the marks broken down he can see that I passed the important stuff and even got a 100% on the network security portion (comforting). However I feel that I have temporarily lost my geek status so the blog will not be named Barbie Geek Tech Bytes for now...
I had enough time to do the exam, but it was one of those things where I wished I could go back and change the answer to a previous question. You can't do that on these exams.
About four questions in, on the first router simulation question I didn't realize that you had to click on the console computer graphic to launch the CLI of the router to access the running-config. I kept looking through all the windows for the console login, but I just didn`t clue in. Well duh, how else would you answer the questions. Anywayz I messed up that question probably worth 30 marks and made a guess on the int fa 0/1 address and the multi-part answers were all based on that first assumption which I probably got wrong.
I only practised subnetting questions in Class C, but in real time I had to do subnetting for Class B. Not a big deal because I think I got that part right but still a bit stressful under time pressure.
Another random fact - Routers breakup broadcast domains; each interface on the router is a separate network. Routers breakup collision domains too but a layer 2 switch can do that too.
WAN is an important topic. Frame relay is not supposed to be part of ICND1 but you still had to know enough about it to get some facts straight. I will need to clarify some aspects of Permanent Virtual Circuits.
Here's the breakdown of the modules tested and my score.
Describe the operation of data networks - 71%
* Implement a small switched network - 60%
Implement an IP addressing scheme and IP services to meet network requirements for a small branch office 80%
Implement a small routed network - 67%
* Explain and select the appropriate administrative tasks required for a WLAN - 0%
Identify security threats to a network and describe general methods to mitigate those threats - 100%
Implement and verify WAN links - 75%
So I end the exam with my score of 787 out of 1000. You need 804 to pass which means I missed it by a margin of 17. That makes me knowledgeable enough to be dangerous.
It is my own fault for not passing I`m sure, but I will still launch a complaint because I noticed a couple of peculiarities with my exam experience. I felt like I was doing question 9 and then I clicked the mouse one too many times and I was on question 13. So I probably missed a four part question. I was a bit perplexed, probably should`ve said something at the time but I was like whatever. I`m wondering if those are the WLAN questions I completely skipped over. I only remember doing two questions on that whole subject and they did not adequately cover the topic of Explain and select the appropriate administrative tasks required for a WLAN.
I have the Pearson Vue 1 800 number so I may lodge a complaint and try to ask Cisco for a rebate on the retake of the exam. But do I really want to do this again after 10 days. Do I really want to re certify in 3 years and do this again. Right now though, I just feel like I want to crawl under a rock and die, but I can`t help but pulling my books to... restudy! All the kids are napping so I have 2 hours!!!
I have the difficult task of explaining to my boss that I didn't pass the exam. Hopefully if I show him the report card with the marks broken down he can see that I passed the important stuff and even got a 100% on the network security portion (comforting). However I feel that I have temporarily lost my geek status so the blog will not be named Barbie Geek Tech Bytes for now...
Tuesday, March 6, 2012
Circuit Switched Networks
Here are some quick facts lifted from a CCNA online quiz
Three accurate descriptions of Circuit Switched Networks
* With circuit switching a dedicated physical circuit is established, maintained and terminated through a carrier network for each communication session
* Circuit switching allows multiple sites to connect to the switched network of a carrier and communicate with each other
* ISDN is a circuit switched network
Three statements for PSTN
* Other than a modem, no additional equipment is required
* Relatively lost cost associated with the implementation of a PSTN connection link
* The maintenance of a public telephone network is very high quality with a few instances in which lines are not available
Three statements describe PPP
* A point to point (or serial) comms link provides a single preestablished WAN communications path from the customer premises through the carrier network ie telephone company to a remote network
* Carriers lease point to point lines usually, so they're often called leased lines
* For a point to point line, the carrier dedicates fixed transport capacity and facility hardware to the line of a customer
Three statements describe WAN bandwidth
* North American standard to describe bandwidth in DS numbers (DS0, DS1...) that refers to the rate and format of the signal
* Bandwidth on a serial connection can be incrementally increased to accommodate the need for faster transmission
* Bandwidth refers to the rate at which data is transferred over the comms link
HDLC
* Includes support for both PPP and multipoint configurations
* Cisco HDLC there is no windowing or flow control
* HDLC specifies an encapsulation method for data on synchronous serial data links using frame character and checksum
Function of PPP
* twist: Authentication phase of PPP session is not necessarily required
* PPP originally emerged as an encapsulation protocol for transporting IP traffic over PPP links
* PPP provides router to router and host to network connections over synchronous and asynchronous circuits
* The LCP in PPP is used for establishment, configuration and testing the data-link connection
Considerations for PPP
* PPP links require minimal expertise to install and maintain
* usually offer a high quality of service
* provide permanent dedicated capacity that is always available
Three accurate descriptions of Circuit Switched Networks
* With circuit switching a dedicated physical circuit is established, maintained and terminated through a carrier network for each communication session
* Circuit switching allows multiple sites to connect to the switched network of a carrier and communicate with each other
* ISDN is a circuit switched network
Three statements for PSTN
* Other than a modem, no additional equipment is required
* Relatively lost cost associated with the implementation of a PSTN connection link
* The maintenance of a public telephone network is very high quality with a few instances in which lines are not available
Three statements describe PPP
* A point to point (or serial) comms link provides a single preestablished WAN communications path from the customer premises through the carrier network ie telephone company to a remote network
* Carriers lease point to point lines usually, so they're often called leased lines
* For a point to point line, the carrier dedicates fixed transport capacity and facility hardware to the line of a customer
Three statements describe WAN bandwidth
* North American standard to describe bandwidth in DS numbers (DS0, DS1...) that refers to the rate and format of the signal
* Bandwidth on a serial connection can be incrementally increased to accommodate the need for faster transmission
* Bandwidth refers to the rate at which data is transferred over the comms link
HDLC
* Includes support for both PPP and multipoint configurations
* Cisco HDLC there is no windowing or flow control
* HDLC specifies an encapsulation method for data on synchronous serial data links using frame character and checksum
Function of PPP
* twist: Authentication phase of PPP session is not necessarily required
* PPP originally emerged as an encapsulation protocol for transporting IP traffic over PPP links
* PPP provides router to router and host to network connections over synchronous and asynchronous circuits
* The LCP in PPP is used for establishment, configuration and testing the data-link connection
Considerations for PPP
* PPP links require minimal expertise to install and maintain
* usually offer a high quality of service
* provide permanent dedicated capacity that is always available
Cisco ICND1 Flashcard: A Brief History of the Internet
The US DOD researchers figured out a way to break up messages into smaller parts, and sending each part to the destination, whereupon reassembly of the original message would be possible. This is called the packet system.
In 1972, ARPANET developers created the first email message software for the purpose of communicating and coordinating projects
In 1984, DNS was introduced to give the world domain endings like .edu, .com, .gov, .org and other country codes.
A 3-way handshake
send-SYN
SYN-ACK
TCP ACK
In 1972, ARPANET developers created the first email message software for the purpose of communicating and coordinating projects
In 1984, DNS was introduced to give the world domain endings like .edu, .com, .gov, .org and other country codes.
A 3-way handshake
send-SYN
SYN-ACK
TCP ACK
Monday, March 5, 2012
CCNA, ICND1 and ICND2 Practice Exams
I found a really good link on the Cisco Learning Network website for practice questions here.
There are questions for the six modules:
Module 1: OSI Layer and IP questions
Module 2: Hardware, bridges, Hubs
Module 3: WLAN
Module 4: IP addressing, IOS Commands, Routing basics
Module 5: WAN, nat
Module 6: cdp, hardware and memory
There are tabs and links to study modules, 15-20 training videos and lab simulations.
At the login page I also found an ad for a new "game". Cisco Aspire CCNA Edition! Practice for your Cisco CCNA exam by solving realistic networking problems. Seriously? That's a game?
The website Cisco Tests dot org also has a timed exam with pretty realistic questions! It's not for the ICND1 and ICND2 but it would cover the similar line of questioning if you just wanted a timed practise exam experience.
CCNA
There are questions for the six modules:
Module 1: OSI Layer and IP questions
Module 2: Hardware, bridges, Hubs
Module 3: WLAN
Module 4: IP addressing, IOS Commands, Routing basics
Module 5: WAN, nat
Module 6: cdp, hardware and memory
There are tabs and links to study modules, 15-20 training videos and lab simulations.
At the login page I also found an ad for a new "game". Cisco Aspire CCNA Edition! Practice for your Cisco CCNA exam by solving realistic networking problems. Seriously? That's a game?
The website Cisco Tests dot org also has a timed exam with pretty realistic questions! It's not for the ICND1 and ICND2 but it would cover the similar line of questioning if you just wanted a timed practise exam experience.
CCNA
Thursday, February 16, 2012
Cisco ICND1 Flashcard: Wireless LAN Implementation and Security
The Wireless Access notes for the CCNA Exam in short form.
The topic of Wireless LAN is covered in the ICND1 Exam
Wireless access is a half duplex CSMA/ CA (Carrier Sense Multiple Access - Collision Avoidance) half-duplex type of signal that uses RTS (ready to send) and CTS (clear to send) protocols. Yes I know it is wierd to place the acronym ahead of the definition at first use. For every packet sent, an RTS/CTS and acknowledgment must be received.
About the RF Wireless Signal
While setting up the Access Point, the following parameters are configured. Basic IP address (static or DHCP), subnet mask, default gateway; the wireless protocol being used could be 802.11a, b, g, n; channel adjustments namely channel 1, 6, 11 and a power adjustment. Security parameters include SSID which identifies the network, authentication scheme (WPA, WPA2 PSK) and the encryption method (TKIP, AES).
2.4 GHz used by the 802.11b and g, using DSSS. Max data rate of 11 Mbps (for 802.11g when using DSS) Other rates possible 1,2, 5.
5 GHz used by 802.11a, using OFDM data rate of 6, 9, 12, 18, 24, 36, 48 Mbps to 54 Mbps, 12 non-overlapping frequency channels. When 802.11g operates on OFDM the max data rate of 54 Mbps can be achieved.
The FCC has released three unlicensed bands for public use: 900MHz, 2.4GHz, and 5.7GHz. The 900MHz and 2.4GHz bands are referred to as the Industrial, Scientific, and Medical (ISM) bands, and the 5-GHz band is known as the Unlicensed National Information Infrastructure (UNII) band.
802.11a operating in the 5GHz radio band, makes it immune to interference from devices operating in the 2.4GHz band, like microwave ovens, cordless phones, and Bluetooth devices.
Quiz: Which two 802.11 standards have the highest data rate?
802.11a and 802.11g both up to 54 Mbps
Quiz: Which standards are most widely used today?
802.11b/g being the most widely used wireless network found today. 802.11b operates in the 2.4GHz unlicensed radio band, delivers a maximum data rate of 11Mbps
802.11g 400m 140m
802.11b 40m 140m
802.11a 35m 100m
802.11n 70m 250m
Modulation
802.11a and 802.11g uses OFDM
802.11b uses Direct Sequence Spread Spectrum (DSSS)
though 802.11g is DSSS/ OFDM
802.11n supports more channels using spatial division multiplex and more transmittes to reach a higher data rate of 600Mbps. It also uses OFDM (I need more info) and is backward compatible with 802.11a,b,g
802.11b
It is more accessible, has a higher CCK and data rate. There are 14 channels each 22MHz wide with a 5MHz separation. To completely avoid overlapping, the signalling requires a 5-channel separation; therefore only Channels 1, 6, and 11 are in use.
Wifi Equipment
The Wifi Alliance is a non government, no profit, industry trade organization that promotes interoperability between wifi product manufacturers, and promotes wireless growth. As for securing wireles networks, the evolution of encryption algorithms have come a long way.
The IEEE writes out the technical standards or Engineering specs, publishes technical documentation or journals.
ITU-R is the international union that regulates RF usage bands including wireless.
Quiz: Who created WPA?
Answer: WPA was created by the Wifi Alliance based on the IEEE 802.11i standard
Common standards dealing with wireless client authentication, coding something from plaintext into ciphertext.
The AP encapsulates any 802.1x traffic that is bound for the authentication server and sends it to the server
Modes of Operation
Ad Hoc Mode
IBSS - Client directly connects to the server peer to peer, no access point.
Infrastructure Mode
BSS - clients connect to each other through a network resource. The BSSID is the MAC address of the RF interface card; B for basic.
ESS - Two or more BSS are connected by a common distibution system. E for extended. SSID is the wireless network advertised, user configured.
More than one BSS will form an ESS, that means when a group of BSS (or many AP's) in the WLAN have the same SSID, the client can be mobile and authenticate with the various AP's in the same BSS.
Wireless Zero Configuration
Three basic wireless access point parameters: SSID, authentication, RF channel with optional power. Microsoft has a feature that does all this automatically. Though most Wireless NIC vendors have their own software GUI as well.
Cisco’s Wireless Control System (WCS) actually requires zero configuration. This means the AP will automatically configure itself based on the controller’s information, check for channel overlap and interference and move to a non-overlapping channel; lower its transmitting level to limit interference called by Cisco as "auto RF controls."
I found a really good reference for the Wireless LAN topic. I'd hazard to say that I found nuggets of information that I had missed on the exam from my notes! Lookup the Cisco Tests blog.
The topic of Wireless LAN is covered in the ICND1 Exam
Connecting to a Wireless Network
This is how it happens at Starbucks, MacDonald's, the hotel offering free wireless internet, or your own home. Wireless Access Points send out beacons announcing the SSID, data rates and other information. The client's laptop wifi network card scans all channels while listening for beacons and responses from the AP. Then the client will associate to the AP with the strongest signal. Client repeats the scan if the signal becomes slow to associate to another AP while roaming. During the association phase, SSID, MAC address, and security settings are sent from the client to AP, and verified by the AP. The basic service area is the physical area of RF coverage provided by the AP.Wireless access is a half duplex CSMA/ CA (Carrier Sense Multiple Access - Collision Avoidance) half-duplex type of signal that uses RTS (ready to send) and CTS (clear to send) protocols. Yes I know it is wierd to place the acronym ahead of the definition at first use. For every packet sent, an RTS/CTS and acknowledgment must be received.
About the RF Wireless Signal
While setting up the Access Point, the following parameters are configured. Basic IP address (static or DHCP), subnet mask, default gateway; the wireless protocol being used could be 802.11a, b, g, n; channel adjustments namely channel 1, 6, 11 and a power adjustment. Security parameters include SSID which identifies the network, authentication scheme (WPA, WPA2 PSK) and the encryption method (TKIP, AES).
IBSS - Independent Basic Service Set Identifier, users connected in ad hoc mode without an AP
BSSID - Mac Address of the RF Interface Card
BSSID - Mac Address of the RF Interface Card
SSID - Net Admin configured network identified that is broadcast, sent in the clear
The frequencies of the unlicensed bands are:
900 MHz 2.4 GHz used by the 802.11b and g, using DSSS. Max data rate of 11 Mbps (for 802.11g when using DSS) Other rates possible 1,2, 5.
5 GHz used by 802.11a, using OFDM data rate of 6, 9, 12, 18, 24, 36, 48 Mbps to 54 Mbps, 12 non-overlapping frequency channels. When 802.11g operates on OFDM the max data rate of 54 Mbps can be achieved.
The FCC has released three unlicensed bands for public use: 900MHz, 2.4GHz, and 5.7GHz. The 900MHz and 2.4GHz bands are referred to as the Industrial, Scientific, and Medical (ISM) bands, and the 5-GHz band is known as the Unlicensed National Information Infrastructure (UNII) band.
802.11a operating in the 5GHz radio band, makes it immune to interference from devices operating in the 2.4GHz band, like microwave ovens, cordless phones, and Bluetooth devices.
Quiz: Which two 802.11 standards have the highest data rate?
802.11a and 802.11g both up to 54 Mbps
Quiz: Which standards are most widely used today?
802.11b/g being the most widely used wireless network found today. 802.11b operates in the 2.4GHz unlicensed radio band, delivers a maximum data rate of 11Mbps
Facts to consider: This is the sort of thought process in an exam question, the 802.11g standard delivers the same 54Mbps maximum data rate as 802.11a but runs in the 2.4GHz range—the same as 802.11b
Data rates for Indoor and Outdoor ranges.802.11g 400m 140m
802.11b 40m 140m
802.11a 35m 100m
802.11n 70m 250m
Modulation
802.11a and 802.11g uses OFDM
802.11b uses Direct Sequence Spread Spectrum (DSSS)
though 802.11g is DSSS/ OFDM
IEEE 802.11 was the first, original standardized WLAN at 1 and 2Mbps, running in the 2.4GHz
802.11n the New Wireless Standard802.11n supports more channels using spatial division multiplex and more transmittes to reach a higher data rate of 600Mbps. It also uses OFDM (I need more info) and is backward compatible with 802.11a,b,g
802.11b
It is more accessible, has a higher CCK and data rate. There are 14 channels each 22MHz wide with a 5MHz separation. To completely avoid overlapping, the signalling requires a 5-channel separation; therefore only Channels 1, 6, and 11 are in use.
Wifi Equipment
Access points, wireless controllers, wireless LAN client adapters, security and management servers, wireless management devices, wireless integrated switches and routers—even antennas and accessories
Key Players in WifiThe Wifi Alliance is a non government, no profit, industry trade organization that promotes interoperability between wifi product manufacturers, and promotes wireless growth. As for securing wireles networks, the evolution of encryption algorithms have come a long way.
The IEEE writes out the technical standards or Engineering specs, publishes technical documentation or journals.
ITU-R is the international union that regulates RF usage bands including wireless.
Quiz: Who created WPA?
Answer: WPA was created by the Wifi Alliance based on the IEEE 802.11i standard
Quiz: What is a rogue access point? An unsecured AP that has been placed on the WLAN.
WIFI EncryptionCommon standards dealing with wireless client authentication, coding something from plaintext into ciphertext.
- WEP is a bit outdated and too easy to break, very basic and static.
- Cisco adds CKIP and MIC to protect keys.
- Enhancements are TKIP MIC (Per Packet Keying Message Integrity Check)
- TKIP 802.1x EAP
- WPA uses TKIP/ MIC Encryption
- 802.11i/ WPA2 is the strongest level of WLAN security
- WPA2 includes a AES counter with CBC-MAC Protocol (AES-CCMP)
- Enhancement to TKIP is AES 128 bit, 192 bit, and 256 bit.
- LEAP uses TCP handshake like EAP-TLS and Radius
The AP encapsulates any 802.1x traffic that is bound for the authentication server and sends it to the server
Modes of Operation
Ad Hoc Mode
IBSS - Client directly connects to the server peer to peer, no access point.
Infrastructure Mode
BSS - clients connect to each other through a network resource. The BSSID is the MAC address of the RF interface card; B for basic.
ESS - Two or more BSS are connected by a common distibution system. E for extended. SSID is the wireless network advertised, user configured.
More than one BSS will form an ESS, that means when a group of BSS (or many AP's) in the WLAN have the same SSID, the client can be mobile and authenticate with the various AP's in the same BSS.
WPA
Enterprise mode
used for Business, Education, Government and a term for products tested to be interoperable for authentication in PSK + IEEE 802.1x EAP
Personal mode
for SOHO, home, personal and interoperable in PSK mode of operation only
Issues with Roaming
- Consider the range of combined calls form an extended service area
- Allow 10-15% overlap to allow users to roam without losing RF connection
- Configure three access points with the same SSID so user can roam wirelesly without dropping connectivity
- Allow the range of 15-20% overlap for wireless voice
- Shift the data rate while moving: 11 Mbps, 5.5 Mbps, 2 Mbps
- The higher data rate requires stronger signals at the receiver; a lower data rate, the range is longer
- The clients want the highest data rate
- If there are transmission errors, reduce the data rate
Wireless Zero Configuration
Three basic wireless access point parameters: SSID, authentication, RF channel with optional power. Microsoft has a feature that does all this automatically. Though most Wireless NIC vendors have their own software GUI as well.
Cisco’s Wireless Control System (WCS) actually requires zero configuration. This means the AP will automatically configure itself based on the controller’s information, check for channel overlap and interference and move to a non-overlapping channel; lower its transmitting level to limit interference called by Cisco as "auto RF controls."
I found a really good reference for the Wireless LAN topic. I'd hazard to say that I found nuggets of information that I had missed on the exam from my notes! Lookup the Cisco Tests blog.
Wednesday, February 15, 2012
Test Tips for CCNA, Simulators and a bullet-proof Guarantee!
1. Manage your time
The number one hint I have to give everyone: the CCNA Exam is a test of power and speed, you have to know your material solid and answer the questions quickly. The prof said that the number one reason for failure on the exam is not lack of preparation (I could argue with that) but rather, running out of time! You have remember to ask yourself, "Is this your final answer?" because once you click "yes" or "submit", there is no back button, you cannot go back!
2. Core Knowledge
Videos for ICND1 and ICND2 free on the Cisco Learning Network.
Here is a breakdown of the core areas the exam was testing, taken from my real score sheet in November 2011. I am not breaking any oaths or sharing any secrets about the exam.
A good collection of resources at www.cisco.com/go/ccna-study
3. Hands On Experience
Apparently the original purpose of CCNA was to certify someone already with the job experience as a Network Administrator, who has spent years on the job doing this. In fact Cisco never offered Bootcamp courses and it was the training delivery vendors that developed their own courses to cover relevant subjects, in preparation for the CCNA Exam. Now it seems like everyone is taking the boot camp courses: the newbies, managers, purchasers. The courses often come with extra lab time on the router simulation lab, but it is better to have your own equipment. Unfortunately not many people have access to a test lab or one with enough routers to generate any trouble to troubleshoot!
Packet Tracer is another program folks use for router simulation. My buddy recommends http://www.gns3.net/ and it's free, if you have your own IOS images then you're set.
4. Read the Fine Print
Rather I should say, read between the lines. For multiple choice questions, there will always be an obvious oddball answer, and perhaps one or two that are very close but there is something that makes one answer more correct or superior.Unless of course the question was, choose two then you should make sure you choose two.
If you're really pressed for time, well you still have to give an answer for every question. Make a guess, pick C or ACDC whatever random pattern you have to resort to in a bind.
5. Get it Right the First time...
However, heaven forbid if you should fall short of 825/ 1000, read the fine print on the vendor's exam guarantee. I took my bootcamp course with the Global Knowledge and I'd have to say their certification guarantee is bullet proof. Upon course completion you get one CCNA exam voucher and 10 hours of lab time with KAPLAN. If you have fail the exam, fax in the fail results and ask for a voucher for the retake exam (within one year of the course date). If you fail the second round, perhaps you should reconsider your career choice. JK! Global Knowledge offers a free retake of the course (provide your own course materials from the first run). Then I suppose the brave could do the exam a third time. Just remember you will have to recertifiy again in three years anyway.
The number one hint I have to give everyone: the CCNA Exam is a test of power and speed, you have to know your material solid and answer the questions quickly. The prof said that the number one reason for failure on the exam is not lack of preparation (I could argue with that) but rather, running out of time! You have remember to ask yourself, "Is this your final answer?" because once you click "yes" or "submit", there is no back button, you cannot go back!
2. Core Knowledge
Videos for ICND1 and ICND2 free on the Cisco Learning Network.
Here is a breakdown of the core areas the exam was testing, taken from my real score sheet in November 2011. I am not breaking any oaths or sharing any secrets about the exam.
- Describe how a network works
- Configure, verify, troubleshoot a switch with VLANs and interswitch communications
- Implement an IP addressing scheme and IP services to meet network requirements in a medium-size Enterprise branch office network
- Configure, verify, and troubleshoot basic router operation and routing on Cisco devices
- Explain and select the appropriate administrative tasks required for WLAN
- Identify security threats to a network and describe general methods to mitigate those threats
- Implement, verify and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network
- Implement and verify WAN links
A good collection of resources at www.cisco.com/go/ccna-study
3. Hands On Experience
Apparently the original purpose of CCNA was to certify someone already with the job experience as a Network Administrator, who has spent years on the job doing this. In fact Cisco never offered Bootcamp courses and it was the training delivery vendors that developed their own courses to cover relevant subjects, in preparation for the CCNA Exam. Now it seems like everyone is taking the boot camp courses: the newbies, managers, purchasers. The courses often come with extra lab time on the router simulation lab, but it is better to have your own equipment. Unfortunately not many people have access to a test lab or one with enough routers to generate any trouble to troubleshoot!
Packet Tracer is another program folks use for router simulation. My buddy recommends http://www.gns3.net/ and it's free, if you have your own IOS images then you're set.
4. Read the Fine Print
Rather I should say, read between the lines. For multiple choice questions, there will always be an obvious oddball answer, and perhaps one or two that are very close but there is something that makes one answer more correct or superior.Unless of course the question was, choose two then you should make sure you choose two.
If you're really pressed for time, well you still have to give an answer for every question. Make a guess, pick C or ACDC whatever random pattern you have to resort to in a bind.
5. Get it Right the First time...
However, heaven forbid if you should fall short of 825/ 1000, read the fine print on the vendor's exam guarantee. I took my bootcamp course with the Global Knowledge and I'd have to say their certification guarantee is bullet proof. Upon course completion you get one CCNA exam voucher and 10 hours of lab time with KAPLAN. If you have fail the exam, fax in the fail results and ask for a voucher for the retake exam (within one year of the course date). If you fail the second round, perhaps you should reconsider your career choice. JK! Global Knowledge offers a free retake of the course (provide your own course materials from the first run). Then I suppose the brave could do the exam a third time. Just remember you will have to recertifiy again in three years anyway.
Tuesday, February 14, 2012
Cisco ICND1 Flashcard: OSI Layer Model and PDU's
Pick up any CCNA Exam Preparation Guide. There are plenty enough books or chapters and webpages dedicated to the topic of OSI Layer Model of Internetworking. I'm just providing a short summary of notes to remember. It's guaranteed that there will be questions of the 7 Layer OSI model, the Cisco three layer, model, and even the DoD's model and how all the layers interrelate.
Physical Topology - Defines how the computer and networking devices are connected (physical)
Logical Topology - Describes the path the signals travel from one path to another (routing, tunnels: layer 2 for ipsec, layer 4 for ssl)
ESSENTIAL FACTS
* Each layer of the OSI model is only interested in communicating with its peer later at the destination.
* Each layer provides services to the layer above it.
* Encapsulation: as application data parses down the protocol stack to transmit across network media, each layer adds a header or trailer (containing addressing information).
* OSI model uses structure, forms a good reference model, permits change at one layer without affecting the other layers
Cisco Hierarchical Three Layer Model
Access - provides work group access for end users, desktop layer
Distribution - routing protocols and security, includes LAN based routers and layer 3 switches, enables routing between VLANs
Core - high speed and redundancy, provides high speed data transfer between sites
TCP/IP Stack - 4 Layers
Application - Application, Presentation, Session
Transport - Transport
Internet - Network
Network Access - Data Link, Physical
CCNA Illustrated OSI Layer Graphics
OSI Model - 7 Layers
* Including some quick notes on the pdu, addressing used
Application - data
Presentation - data
Session - data
Transport - segment, port number
Network - packet, ip address
Data-Link - frame, mac address
Physical - bits
Application Issues: Application, Presentation, Session
Data Transport, Implementation details: Transport, Network, Data-Link, Physical
Therefore, the de-encapsulation first occurs at the Transport leve.
Application Layer
* Authentication
* Examples: email, file transfer, terminal emulation
Presentation Layer
* Data representation, such as the format or structure of data (say jpeg, wav etc)
* Negotiates data transfer, syntax
* Provides encryption
* http, ssh operates at this layer
* It's safe to say, it makes sure that information sent at the application layer of one system is readable by the application layer of the other.
Session Layer
* Client - server connection
* Inter host communication
* Establish, manage, terminate sessions between applications. Such as the Shopping Cart?
* Web server, data exchange
* Examples: NFS, SQL, Netbios
Transport Layer
* Establishes end to end connections between hosts
* TCP and UDP ports
* The source port in the UDP Header and TCP Header is a 16 bit calling port.
* Reliability and flow control (windowing)
* Establish, maintain, terminates virtual circuits
Network Layer
* Primarily deals with data delivery
* Routes data packets
* Selects the best path to deliver data
* Provides local addressing and path selection
* Manages connectivity
* IP addresses to route packets
The Ethernet source and destination address is a 6-byte hex
Data Link Layer
* MAC address
* Error detection
* Does Encapsulation Frame Relay or PPP ring a bell?
* The most diverse
Physical Layer
* Examples: Copper, wireless, satellite, fiber
* 1, 0 bits transmitted by electrical pulse, electrons, light
* Think Cabling
CCNA Illustrated OSI Layer Model Graphics Blog
Physical Topology - Defines how the computer and networking devices are connected (physical)
Logical Topology - Describes the path the signals travel from one path to another (routing, tunnels: layer 2 for ipsec, layer 4 for ssl)
ESSENTIAL FACTS
* Each layer of the OSI model is only interested in communicating with its peer later at the destination.
* Each layer provides services to the layer above it.
* Encapsulation: as application data parses down the protocol stack to transmit across network media, each layer adds a header or trailer (containing addressing information).
* OSI model uses structure, forms a good reference model, permits change at one layer without affecting the other layers
Cisco Hierarchical Three Layer Model
Access - provides work group access for end users, desktop layer
Distribution - routing protocols and security, includes LAN based routers and layer 3 switches, enables routing between VLANs
Core - high speed and redundancy, provides high speed data transfer between sites
TCP/IP Stack - 4 Layers
Application - Application, Presentation, Session
Transport - Transport
Internet - Network
Network Access - Data Link, Physical
CCNA Illustrated OSI Layer Graphics
OSI Model - 7 Layers
* Including some quick notes on the pdu, addressing used
Application - data
Presentation - data
Session - data
Transport - segment, port number
Network - packet, ip address
Data-Link - frame, mac address
Physical - bits
Application Issues: Application, Presentation, Session
Data Transport, Implementation details: Transport, Network, Data-Link, Physical
Therefore, the de-encapsulation first occurs at the Transport leve.
Application Layer
* Authentication
* Examples: email, file transfer, terminal emulation
Presentation Layer
* Data representation, such as the format or structure of data (say jpeg, wav etc)
* Negotiates data transfer, syntax
* Provides encryption
* http, ssh operates at this layer
* It's safe to say, it makes sure that information sent at the application layer of one system is readable by the application layer of the other.
Session Layer
* Client - server connection
* Inter host communication
* Establish, manage, terminate sessions between applications. Such as the Shopping Cart?
* Web server, data exchange
* Examples: NFS, SQL, Netbios
Transport Layer
* Establishes end to end connections between hosts
* TCP and UDP ports
* The source port in the UDP Header and TCP Header is a 16 bit calling port.
* Reliability and flow control (windowing)
* Establish, maintain, terminates virtual circuits
Network Layer
* Primarily deals with data delivery
* Routes data packets
* Selects the best path to deliver data
* Provides local addressing and path selection
* Manages connectivity
* IP addresses to route packets
The Ethernet source and destination address is a 6-byte hex
Data Link Layer
* MAC address
* Error detection
* Does Encapsulation Frame Relay or PPP ring a bell?
* The most diverse
Physical Layer
* Examples: Copper, wireless, satellite, fiber
* 1, 0 bits transmitted by electrical pulse, electrons, light
* Think Cabling
CCNA Illustrated OSI Layer Model Graphics Blog
Monday, February 13, 2012
Cisco ICND1 Flashcard: IP Subnetting Quick Tips
Classes of IP Addresses
Sample Quiz
Will these IP's require a router to talk to each other? This is another way of asking are these hosts on the same network or subnet?
Given 192.168.1.0/ 24
Host a: 192.168.1.33/ 27
Host b: 192.168.1.50/ 28
Host c: 192.168.1.100/ 26
Host d: 192.168.1.90/ 27
There are whole chapters in books dedicated to subnetting. This can be easily simplified into two rows of numbers; it would be a very short book if I was writing it. This is like subnetting in your brain!
Write this down:
128 64 32 16 8 4 2 1
128 192 224 240 248 252 254 255
Start with Host a 192.168.1.33
/ 27 mask means a mask of 255.255.255.224
Then valid networks are 0, 32, 64, etc *
Network address would be .32
Valid hosts would be .33 to 62
Broadcast address would be .63
The number of subnets 2^3 = 8 where 3 is the number of masked bits or 1s
The number of hosts in each subnet 2^5 -2 = 30
* Finding the subnet base number
256 - mask = base number
Host b 192.168.1.50
/28 means a mask of 255.255.255.240
The valid networks would be 0, 16, 32, 48, 64 etc
Network address would be .48
Valid hosts would be .49 to 62
Broadcast address would be .63
Host c 192.168.1.100
/26 means a mask of 255.255.255.192
The valid networks are 0, 64, 128 etc
Network address is .64
Valid hosts .65 to 126
Broadcast .127
Host d 192.168.1.90
/27 mask means 255.255.255.224
Valid networks 0, 32, 64, 96
Network address is .64
Valid hosts .65 to .94
Broadcast .95
Answer, no body can talk to each other because they're on different subnets (different network addresses). A router would be required.
Binary Quiz
Convert 452 into binary
answer: 111000100
What is 11000111?
answer: 199
Convert 11101000111 into decimal
answer: 1863
A Class A network has 3 octets for the host field.
What is the practical minimum number of bits to borrow? 2
Using six subnet bits, how many usual subnets are created?
62
How many subnet bits do you borrow?
To see how many bits you should borrow from the host portion of the network address to give the required number of subnets, you should...
answer: substract the number of subnets you need from the network portion
Sample Quiz
Will these IP's require a router to talk to each other? This is another way of asking are these hosts on the same network or subnet?
Given 192.168.1.0/ 24
Host a: 192.168.1.33/ 27
Host b: 192.168.1.50/ 28
Host c: 192.168.1.100/ 26
Host d: 192.168.1.90/ 27
There are whole chapters in books dedicated to subnetting. This can be easily simplified into two rows of numbers; it would be a very short book if I was writing it. This is like subnetting in your brain!
Write this down:
128 64 32 16 8 4 2 1
128 192 224 240 248 252 254 255
Start with Host a 192.168.1.33
/ 27 mask means a mask of 255.255.255.224
Then valid networks are 0, 32, 64, etc *
Network address would be .32
Valid hosts would be .33 to 62
Broadcast address would be .63
The number of subnets 2^3 = 8 where 3 is the number of masked bits or 1s
The number of hosts in each subnet 2^5 -2 = 30
* Finding the subnet base number
256 - mask = base number
Host b 192.168.1.50
/28 means a mask of 255.255.255.240
The valid networks would be 0, 16, 32, 48, 64 etc
Network address would be .48
Valid hosts would be .49 to 62
Broadcast address would be .63
Host c 192.168.1.100
/26 means a mask of 255.255.255.192
The valid networks are 0, 64, 128 etc
Network address is .64
Valid hosts .65 to 126
Broadcast .127
Host d 192.168.1.90
/27 mask means 255.255.255.224
Valid networks 0, 32, 64, 96
Network address is .64
Valid hosts .65 to .94
Broadcast .95
Answer, no body can talk to each other because they're on different subnets (different network addresses). A router would be required.
Binary Quiz
Convert 452 into binary
answer: 111000100
What is 11000111?
answer: 199
Convert 11101000111 into decimal
answer: 1863
A Class A network has 3 octets for the host field.
What is the practical minimum number of bits to borrow? 2
Using six subnet bits, how many usual subnets are created?
62
How many subnet bits do you borrow?
To see how many bits you should borrow from the host portion of the network address to give the required number of subnets, you should...
answer: substract the number of subnets you need from the network portion
Thursday, February 9, 2012
Cisco ICND1 Flashcard: NAT, PAT, Overloading
Network Address Translation
When you have internal IP addresses routing to another network and you don't want someone to know the originating IP address, you can use NAT. Or if you have internal IP addresses mapping to the Internet and you have a limited number of Public IP addresses to give out.
NAT operates on a Cisco Layer 3 and designed for IP address simplification and conservation by converting private IP addresses into public IP addresses. Apparently, NAT is not to be used with tunneling protocols or IPSec.
STATIC NAT
This means statically assigned by a network adminstrator I presume, one by one. The steps include, applying the NAT to the interface
LAB SUMMARY
Configure Static NAT on Router 1, inside and outside interfaces, x = 2 for my Pod 2
usage: conf t
ip nat inside source static 192.168.xx.10 172.16.xx.10
int fa 0/0
ip nat inside
int serial 1/1
ip nat outside
end
show ip nat translations
debug ip nat
ping 10.1.1.1
show ip nat statistics
Remove Static NAT from Router 1
usage: conf t
no ip nat inside source static 192.168.xx.10 172.16.xx.10
DYNAMIC NAT
Use the IP address assignment by DHCP. The quickest way would be to use a DHCP server. Create a pool name, range
Create a standard ACL to permit traffic from the switch network and deny everyone else.
usage: conf t
access-list 3 permit 192.168.xx.0 0.0.0.255
ip nat pool LAN 172.16.xx.65 172.16.xx.126 netmask 255.255.255.192
Enable the translation by tying the access list (3) to the pool (LAN) and leave config mode
ip nat inside source list 3 pool LAN
end
show ip nat translations
debug ip nat
ping 10.1.1.1
show ip nat statistics
To clear the entire NAT table usage: clear ip nat translations *
To remove Dynamic NAT from router 1 usage: no ip nat inside source list 3 pool LAN
Another day, I'll add more info about PAT
PAT is many-to-one dynamic translation.
Bonus
I wonder if this is the same way to NAT IPv4 addresses with IPv6. In fact, on newer computers and laptops, the Network Settings Info will also include an IP v6 address. In the late 1990's the US DOD issued a command that all new computer systems being purchased must be IP v6 compatible. Most are, as the IPv6 address is formed from the MAC address. It's HEX and the initial digit assigned is a 2 (the number 2) which indicates planet Earth. Now that's planning ahead for future implementation, scalable to include the rest of the galaxies. To Infinity and Beyond!
Troubleshooting NAT
* Determine if there are enough addresses in the NAT pool
* Verify that the router interfaces are appropriately defined as NAT inside or NAT outside
* Verify that the ACL referenced by NAT command is permiting the necessary inside local IP addresses
When you have internal IP addresses routing to another network and you don't want someone to know the originating IP address, you can use NAT. Or if you have internal IP addresses mapping to the Internet and you have a limited number of Public IP addresses to give out.
NAT operates on a Cisco Layer 3 and designed for IP address simplification and conservation by converting private IP addresses into public IP addresses. Apparently, NAT is not to be used with tunneling protocols or IPSec.
STATIC NAT
This means statically assigned by a network adminstrator I presume, one by one. The steps include, applying the NAT to the interface
LAB SUMMARY
Configure Static NAT on Router 1, inside and outside interfaces, x = 2 for my Pod 2
usage: conf t
ip nat inside source static 192.168.xx.10 172.16.xx.10
int fa 0/0
ip nat inside
int serial 1/1
ip nat outside
end
show ip nat translations
debug ip nat
ping 10.1.1.1
show ip nat statistics
Remove Static NAT from Router 1
usage: conf t
no ip nat inside source static 192.168.xx.10 172.16.xx.10
DYNAMIC NAT
Use the IP address assignment by DHCP. The quickest way would be to use a DHCP server. Create a pool name, range
Create a standard ACL to permit traffic from the switch network and deny everyone else.
usage: conf t
access-list 3 permit 192.168.xx.0 0.0.0.255
ip nat pool LAN 172.16.xx.65 172.16.xx.126 netmask 255.255.255.192
Enable the translation by tying the access list (3) to the pool (LAN) and leave config mode
ip nat inside source list 3 pool LAN
end
show ip nat translations
debug ip nat
ping 10.1.1.1
show ip nat statistics
To clear the entire NAT table usage: clear ip nat translations *
To remove Dynamic NAT from router 1 usage: no ip nat inside source list 3 pool LAN
Another day, I'll add more info about PAT
PAT is many-to-one dynamic translation.
Bonus
I wonder if this is the same way to NAT IPv4 addresses with IPv6. In fact, on newer computers and laptops, the Network Settings Info will also include an IP v6 address. In the late 1990's the US DOD issued a command that all new computer systems being purchased must be IP v6 compatible. Most are, as the IPv6 address is formed from the MAC address. It's HEX and the initial digit assigned is a 2 (the number 2) which indicates planet Earth. Now that's planning ahead for future implementation, scalable to include the rest of the galaxies. To Infinity and Beyond!
Troubleshooting NAT
* Determine if there are enough addresses in the NAT pool
* Verify that the router interfaces are appropriately defined as NAT inside or NAT outside
* Verify that the ACL referenced by NAT command is permiting the necessary inside local IP addresses
Wednesday, February 8, 2012
Cisco ICND1 Flashcard: Router RIP and IGRP
ICND1 Topic: RIP
ICND2 Topics: RIPv2 VLSM, single area OSPF, EIGRP
Routing is taking a packet from one device and sending it over the network to another device on a different network. Routing requires routers. Routers learn about remote networks from neighbor routers (dynamic) or programmed static routes by the administrator. All Cisco routers are classful routers, that means expecting a default subnet mask on each interface on the router, otherwise the packet will be dropped. For default routing, the command "ip classless" must be used.
Two types of interior routing protocols
Static, Default and Dynamic Routes
IP Routing requirements
On directly connected networks, hosts and routers find the destination MAC address for the destination IP addresses using ARP.
Strategies to prevent routing loops:
Split Horizon Rule: the router will not advertise a route back through the same interface from which the route was learned
Route Poisoning: to poison a route, set the metric to infinite; for RIP that number would be 16 for the maximum number of hops. When used with Split Horizon, this strategy is called Split-Horizon with Poison Reverse.
Holddown: holddown timer is used in route convergence, by preventing route from reinstating the route until all routers have enough time to "age out" the route from the tables. Prevents routes from advertising bad or expired routing information.
a) hop count based
b) link state
c) cost based
d) distance-vector
e) advanced distance-vector (hybrid)
f) bndwidth based
answer 1. b,d,e
Name two IGP (interior gateway protocol) Distance Vector protocols: RIP, IGRP (Cisco proprietary)
conf t usage:
router rip
network 192.5.5.0
network 10.0.0.0 0.255.255.255
A handy command to create an interface to learn routes but not advertise
In router config mode usage: passive-interface interface#
IGRP - Cisco Proprietary
Interior Gateway Routing Protocol. All routers within the same autonomous system should use the same AS number, and all routers should be Cisco if IGRP is used. IGRP was created to overcome the problems with RIP such as 15 hop count limit. The maximum hop count for IGRP is 255 though 100 is the default. The IGRP metric (value to calculate best route) based on bandwidth and delay of the line called a composite metric; others factors optional but not required are reliability, load, maximum transmission unit (MTU). Sends a periodic update every 90s
usage: conf t
router igrp 10
network 172.16.0.0
IGRP can load balance up to six unequal links to a remote network (RIP networks must have the same hop count to load balance).
Summary
How does RIP work in the internetwork?
RIP uses hop counts to determine the best route to a network, with an upper hop count limit of 15
Know the RIP commands
router rip
show ip route
show ip route rip
Administrative distance
Rates the trustworthiness of routing information received on a router from a neighbor; an integer between 0 to 255, where 0 is the most trusted and 255 means no traffic will pass through this route.
Default Administrative Distances
Route Source, Default Distance
Connected interface = 0
Static route = 1
EIGRP = 90
IGRP = 100
OSPF = 110
RIP = 120
External EIGRP = 170
Unknown = 255 not routable
What is AS, autonomous system
An AS is a group of routers that share the same routing information.
Know the difference between RIP and IGRP
Describe the metrics used. RIP only uses hop count.
Others are hop count, bandwidth, delay.
Three truths, from a quiz:
Routers evaluate the available paths to a destination
The routing process uses metrics and administrative distances when evaluating network paths
Dynamic routing occurs when information is learned using routing information that is obtained from routing protocols.
Note: the routing table is only displaying the information to the user
Routing table provides an ordered list of known network addresses.
Routing tables contain metrics that are used to determine the desirability of the route
Routing table associations tell a router that a particular destination is either directly connected to the router (C) or that it can reached via another router (the next-hop router or exit interface) on the way to the final destination
Link State Routing Protocols
Link state routing protocol respond quickly to network changes
Link state routing protocols send peridoic updates (link state refreshes) at long time intervals, about once every 30 minutes!!
In link state routing protocols, every router tries to build its own internap map of the network topology
ICND2 Topics: RIPv2 VLSM, single area OSPF, EIGRP
Routing is taking a packet from one device and sending it over the network to another device on a different network. Routing requires routers. Routers learn about remote networks from neighbor routers (dynamic) or programmed static routes by the administrator. All Cisco routers are classful routers, that means expecting a default subnet mask on each interface on the router, otherwise the packet will be dropped. For default routing, the command "ip classless" must be used.
Two types of interior routing protocols
Static, Default and Dynamic Routes
IP Routing requirements
- destination address and a source address
- routing table for destination
- neighbor
On directly connected networks, hosts and routers find the destination MAC address for the destination IP addresses using ARP.
Strategies to prevent routing loops:
Split Horizon Rule: the router will not advertise a route back through the same interface from which the route was learned
Route Poisoning: to poison a route, set the metric to infinite; for RIP that number would be 16 for the maximum number of hops. When used with Split Horizon, this strategy is called Split-Horizon with Poison Reverse.
Holddown: holddown timer is used in route convergence, by preventing route from reinstating the route until all routers have enough time to "age out" the route from the tables. Prevents routes from advertising bad or expired routing information.
Routing Protocols QUIZ
Most common metrics used by routing protocols to determine a network path
hop count
bandwidth - data capacity. Say 10 Mbps is better than 64 kbps leased line
delay
load
reliability - bit error rate of each network link
cost - configuraable, by default based on bandwidth
not packet length, distance.
1. What are three types of routing protocols?Most common metrics used by routing protocols to determine a network path
hop count
bandwidth - data capacity. Say 10 Mbps is better than 64 kbps leased line
delay
load
reliability - bit error rate of each network link
cost - configuraable, by default based on bandwidth
not packet length, distance.
a) hop count based
b) link state
c) cost based
d) distance-vector
e) advanced distance-vector (hybrid)
f) bndwidth based
answer 1. b,d,e
Name two IGP (interior gateway protocol) Distance Vector protocols: RIP, IGRP (Cisco proprietary)
- uses hop count as a metric
- sends entire routing table to neighbor, called routing by rumour and periodic updates
- lower CPU overhead than link-state protocols
- uses split horizon, route poisoning, and holddown to protect from routing loops
RIP - Routing Information Protocol
Configure RIP to run on the router:conf t usage:
router rip
network 192.5.5.0
network 10.0.0.0 0.255.255.255
- RIP v1 and RIP v2
- RIP Classful
- RIP v2 supports VLSM (variable length subnet mask), route authentication
- distance vector protocol
- can load balance up to 6 equal cost paths
- uses hop count as the metric. The maximum hop count is 15, therefore 16 is infinite and unreachable
- sends periodic update every 30 seconds
- RIP timers include: update, invalid, holddown, flush (and garbage collection).
A handy command to create an interface to learn routes but not advertise
In router config mode usage: passive-interface interface#
IGRP - Cisco Proprietary
Interior Gateway Routing Protocol. All routers within the same autonomous system should use the same AS number, and all routers should be Cisco if IGRP is used. IGRP was created to overcome the problems with RIP such as 15 hop count limit. The maximum hop count for IGRP is 255 though 100 is the default. The IGRP metric (value to calculate best route) based on bandwidth and delay of the line called a composite metric; others factors optional but not required are reliability, load, maximum transmission unit (MTU). Sends a periodic update every 90s
usage: conf t
router igrp 10
network 172.16.0.0
IGRP can load balance up to six unequal links to a remote network (RIP networks must have the same hop count to load balance).
Summary
How does RIP work in the internetwork?
RIP uses hop counts to determine the best route to a network, with an upper hop count limit of 15
Know the RIP commands
router rip
show ip route
show ip route rip
Administrative distance
Rates the trustworthiness of routing information received on a router from a neighbor; an integer between 0 to 255, where 0 is the most trusted and 255 means no traffic will pass through this route.
Default Administrative Distances
Route Source, Default Distance
Connected interface = 0
Static route = 1
EIGRP = 90
IGRP = 100
OSPF = 110
RIP = 120
External EIGRP = 170
Unknown = 255 not routable
What is AS, autonomous system
An AS is a group of routers that share the same routing information.
Know the difference between RIP and IGRP
Describe the metrics used. RIP only uses hop count.
Others are hop count, bandwidth, delay.
Three truths, from a quiz:
Routers evaluate the available paths to a destination
The routing process uses metrics and administrative distances when evaluating network paths
Dynamic routing occurs when information is learned using routing information that is obtained from routing protocols.
Note: the routing table is only displaying the information to the user
Routing table provides an ordered list of known network addresses.
Routing tables contain metrics that are used to determine the desirability of the route
Routing table associations tell a router that a particular destination is either directly connected to the router (C) or that it can reached via another router (the next-hop router or exit interface) on the way to the final destination
Link State Routing Protocols
Link state routing protocol respond quickly to network changes
Link state routing protocols send peridoic updates (link state refreshes) at long time intervals, about once every 30 minutes!!
In link state routing protocols, every router tries to build its own internap map of the network topology
Tuesday, February 7, 2012
Cisco ICND1 Flashcard: Are you tech savvy about DSL, the Last Mile, NAT and PAT?
The topic of DSL was covered in the CCNA Bootcamp course as a requirement for the ICND1 Exam.
Internet Resellers
TekSavvy talk has been making the rounds lately on forums at work and online. They're in the news among the other victims of the ongoing CRTC ruling on the "usage based billing" or wholesale billing regulations from large ISPs to small ISPs. I decided to take a look at what folks were talking about - really cheap rates for high speed internet, long distance calling, residential phone and even cable at much lower rates than the standard Bell or Rogers! However the ruling will make unlimited packages impossible or too expensive, as the cost of using Bell or Internet backbone services is transferred to the consumer, say for example Bell will charge TekSavvy or Acanac an extra $22/ Mbit or 22k for 1 Gbps link. The other thing is I didn't quite understand right away, why when the TekSavvy customers had a problem and they called up TekSavvy tech support, a service call would be sent out to Bell or Rogers. Ok I get it, Bell or Rogers still provide the DSL or last mile connection. TekSavvy is an "internet reseller" or ISP.
There is a business arguement for open competition that folks are feeling very strongly about for Open Media debate and a petition. My article is purely about the electrons not the politics. Back to the basics.
What is DSL and the Last Mile?
The story begins with the telephone cabling we are already familiar with. It's copper and can carry 300 Hz to 1 MHz of data. However the human voice is only using the 300Hz to 3 kHz portion of the link, DSL can use the remainder 3 kHz to 1 MHz for high speed data, "always on". DSL stands for Digital Subscriber Line, and this allows the packets to be sent over copper, owned by an ISP. It is not a shared medium, each user has his own direct connection to the DSLAM. It's scalable, adding new users does not impede the network performance. DSL can be used simultaneously as voice.
The cabling part there is also refered to as the local-loop or last-mile or the last step of the local telephone network connection. DSL may be added incrementally in any area with some distance limitations, but is not universally available everywhere in all geographic locations. Equipment required includes the CPE (Customer Premise Equipment) and DSL-Access Multiplexer (Time Division Multiplexer). There is a physical geographic limitation of 5.5km distance for ASDL, and some folks would consider the "always on" aspect of the DLS as hackable; well whatever.
DSL can be used by a large company to support the "work at home" workers. The worker cannot connect to the enterprise network directly; instead he first connects to the ISP and then an IP connection is made from the Internet to the enterprise network.
There are two categories of DSL
DSL places the data upload and download above the 4kHz window, allowing voice and data transmission to occur simulataneously on the same DSL service.
ADSL Asychronous, higher download bandwidth than upload (less than 5.5 km distance)
VDSL, VDSL 2 is very high data rate
250 Mbps at the source
100 Mbps at 0.5km
500 Mbps at 1km
G Lite, G 992.2
ADSL, ADSL2, ADSL 2+
Consumer DSL aka G.Lite or G992.2
SDSL Synchronous, same capacity both directions
HDSL high data rate DSL
ISDN DSL(IDSL)
G.shdsl, symmetric high bit data rate DSL
In all instances, it's WAN access. It is not cable; cable is best described as a bus network topology, fiber under the street, copper to the home. (Why do I have this in my notes?)
Transceiver - connects the computer of the worker to the DSL, usually a modem with USB or Ethernet cable. Newer DSL transceiver can be installed on routers with 10/100 switch ports for home and office use.
DSLAM - located at Central Office of the carrier. DSLAM combines individual DSL connections into one high capacity link to the ISP and Internet.
Assigning an IP Address
Used to be that when you turned on your computer the ISP would assign an IP address to your computer by DHCP, and then when you were finished with your connection the computer would return the IP address to the pool. The only thing is, people don't usually turn off the computer so this IP address will almost permanently taken. I suppose if it was a work computer, the network administrator could use Private and Public IP addresses translation.
The global internet is like a large WAN. Servers need an IP address from the ISP and interfaces - which are manualy assigned by the ISP or dynamically assigned. When you have private IP address and need to go on line. The IP addresses will have to be translated by NAT from an Internal lab to the outside world.
Next Topic:
NAT, PAT and Overloading
Internet Resellers
TekSavvy talk has been making the rounds lately on forums at work and online. They're in the news among the other victims of the ongoing CRTC ruling on the "usage based billing" or wholesale billing regulations from large ISPs to small ISPs. I decided to take a look at what folks were talking about - really cheap rates for high speed internet, long distance calling, residential phone and even cable at much lower rates than the standard Bell or Rogers! However the ruling will make unlimited packages impossible or too expensive, as the cost of using Bell or Internet backbone services is transferred to the consumer, say for example Bell will charge TekSavvy or Acanac an extra $22/ Mbit or 22k for 1 Gbps link. The other thing is I didn't quite understand right away, why when the TekSavvy customers had a problem and they called up TekSavvy tech support, a service call would be sent out to Bell or Rogers. Ok I get it, Bell or Rogers still provide the DSL or last mile connection. TekSavvy is an "internet reseller" or ISP.
There is a business arguement for open competition that folks are feeling very strongly about for Open Media debate and a petition. My article is purely about the electrons not the politics. Back to the basics.
 |
| Image Source |
The story begins with the telephone cabling we are already familiar with. It's copper and can carry 300 Hz to 1 MHz of data. However the human voice is only using the 300Hz to 3 kHz portion of the link, DSL can use the remainder 3 kHz to 1 MHz for high speed data, "always on". DSL stands for Digital Subscriber Line, and this allows the packets to be sent over copper, owned by an ISP. It is not a shared medium, each user has his own direct connection to the DSLAM. It's scalable, adding new users does not impede the network performance. DSL can be used simultaneously as voice.
The cabling part there is also refered to as the local-loop or last-mile or the last step of the local telephone network connection. DSL may be added incrementally in any area with some distance limitations, but is not universally available everywhere in all geographic locations. Equipment required includes the CPE (Customer Premise Equipment) and DSL-Access Multiplexer (Time Division Multiplexer). There is a physical geographic limitation of 5.5km distance for ASDL, and some folks would consider the "always on" aspect of the DLS as hackable; well whatever.
DSL can be used by a large company to support the "work at home" workers. The worker cannot connect to the enterprise network directly; instead he first connects to the ISP and then an IP connection is made from the Internet to the enterprise network.
There are two categories of DSL
DSL places the data upload and download above the 4kHz window, allowing voice and data transmission to occur simulataneously on the same DSL service.
ADSL Asychronous, higher download bandwidth than upload (less than 5.5 km distance)
VDSL, VDSL 2 is very high data rate
250 Mbps at the source
100 Mbps at 0.5km
500 Mbps at 1km
G Lite, G 992.2
ADSL, ADSL2, ADSL 2+
Consumer DSL aka G.Lite or G992.2
SDSL Synchronous, same capacity both directions
HDSL high data rate DSL
ISDN DSL(IDSL)
G.shdsl, symmetric high bit data rate DSL
In all instances, it's WAN access. It is not cable; cable is best described as a bus network topology, fiber under the street, copper to the home. (Why do I have this in my notes?)
Transceiver - connects the computer of the worker to the DSL, usually a modem with USB or Ethernet cable. Newer DSL transceiver can be installed on routers with 10/100 switch ports for home and office use.
DSLAM - located at Central Office of the carrier. DSLAM combines individual DSL connections into one high capacity link to the ISP and Internet.
Assigning an IP Address
Used to be that when you turned on your computer the ISP would assign an IP address to your computer by DHCP, and then when you were finished with your connection the computer would return the IP address to the pool. The only thing is, people don't usually turn off the computer so this IP address will almost permanently taken. I suppose if it was a work computer, the network administrator could use Private and Public IP addresses translation.
The global internet is like a large WAN. Servers need an IP address from the ISP and interfaces - which are manualy assigned by the ISP or dynamically assigned. When you have private IP address and need to go on line. The IP addresses will have to be translated by NAT from an Internal lab to the outside world.
Next Topic:
NAT, PAT and Overloading
Cisco ICND1 Flashcard: CDP Cisco Discovery Protocol
This is a very useful command for troubleshooting or verifying connectivity to directly connected devices. The physical media must support SNAP (subnetwork access protocol). When you issue the cdp commands, the output display gives a summary of the protocol and address information for the Cisco devices, as well as the devices' hardware and software information.
CDP is a Cisco proprietary layer 2 only protocol for Ethernet and Serial.
Question: Note to self, what does this really mean? Devices connected on the fast ethernet and serial ports!
Answer: This means that it does not need a configured IP address to function (layer 3).
usage: show cdp
This will load information about timers, perhaps not quite what you want.
List of Device Identifiers (Variables)
usage: show cdp neighbor
Device ID: the hostname of the directly attached device
Local interface: the port identifier where the device is directly connected to
Hold time: the amount of time the device will hold the CDP information before discarding
Capability: identified as router, switch, hub, repeater
Hardware platform: Cisco series
Port ID: port on the remote device that this device is attached to
Commands gives additional and more complete information about the neighbor; both the following commands display the same output
usage: show cdp neighors detail
usage: show cdp entry hostname
Issue the commands in Global Configuration mode
usage: show cdp ?
entry - gives info about specific device
interface - displays interfaces enabled with CDP and other parameters such as encapsulation, status and configuration
neighbors - CDP neighbor entries
traffic - CDP statistics
Configuring CDP with Security In Mind
usage: no cdp run - issue in global conf mode, to turn off CDP globally; prevents other CDP capable devices from accessing info on this device
usage: no cdp enable - disables cdp on a particular interface; recommended to turn off cdp on the interface facing the WAN side.
usage: cdp enable - enables cdp on the interface!
CDP is a Cisco proprietary layer 2 only protocol for Ethernet and Serial.
Question: Note to self, what does this really mean? Devices connected on the fast ethernet and serial ports!
Answer: This means that it does not need a configured IP address to function (layer 3).
usage: show cdp
This will load information about timers, perhaps not quite what you want.
List of Device Identifiers (Variables)
usage: show cdp neighbor
Device ID: the hostname of the directly attached device
Local interface: the port identifier where the device is directly connected to
Hold time: the amount of time the device will hold the CDP information before discarding
Capability: identified as router, switch, hub, repeater
Hardware platform: Cisco series
Port ID: port on the remote device that this device is attached to
Commands gives additional and more complete information about the neighbor; both the following commands display the same output
usage: show cdp neighors detail
usage: show cdp entry hostname
Issue the commands in Global Configuration mode
usage: show cdp ?
entry - gives info about specific device
interface - displays interfaces enabled with CDP and other parameters such as encapsulation, status and configuration
neighbors - CDP neighbor entries
traffic - CDP statistics
Configuring CDP with Security In Mind
usage: no cdp run - issue in global conf mode, to turn off CDP globally; prevents other CDP capable devices from accessing info on this device
usage: no cdp enable - disables cdp on a particular interface; recommended to turn off cdp on the interface facing the WAN side.
usage: cdp enable - enables cdp on the interface!
Sunday, February 5, 2012
Cisco ICND1 Flashcard: Static Routing
Use of Static Routes
When the network is small and there are few routers, a network administrator can program static routes to set the path from one LAN to another. In a small network, this results in more security because routing table updates don't have to be sent over the network periodically because things won't change!
usage: ip route network-address-destination subnet-mask-remote-network ip-address of next hop router or exit-interface
Default Static Route
A default static route allows a stub network to reach all known networks beyond the next hop router. It is useful when the route from source to destination is not known or there are just too many routers to name. This is the perfect setting for the edge router of a company reaching to the ISP network.
conf t
usage: ip route 0.0.0.0 0.0.0.0 ip-address or the exit-interface
This can be imagined as the gateway of the last resort.
Dynamic Routes
Dynamic routers use a route that a network protocol adjusts automatically for topology or traffic changes. The protocols could include IGRP, RIP, EIGRP, OSP and EGP to name a few.
Confirm, but I believe you use the command
router rip to configure the routing protocol, just like that.
Verify the Routes
usage: show ip route
The output will list the path to networks the router knows by identifying S for a static route and the exit-interface, or a C for directly connected network. The reason it lists the exit-interface rather than the next hop router ip address is to supply the maximum information in a single lookup.
When the network is small and there are few routers, a network administrator can program static routes to set the path from one LAN to another. In a small network, this results in more security because routing table updates don't have to be sent over the network periodically because things won't change!
usage: ip route network-address-destination subnet-mask-remote-network ip-address of next hop router or exit-interface
Default Static Route
A default static route allows a stub network to reach all known networks beyond the next hop router. It is useful when the route from source to destination is not known or there are just too many routers to name. This is the perfect setting for the edge router of a company reaching to the ISP network.
conf t
usage: ip route 0.0.0.0 0.0.0.0 ip-address or the exit-interface
This can be imagined as the gateway of the last resort.
Dynamic Routes
Dynamic routers use a route that a network protocol adjusts automatically for topology or traffic changes. The protocols could include IGRP, RIP, EIGRP, OSP and EGP to name a few.
Confirm, but I believe you use the command
router rip to configure the routing protocol, just like that.
Verify the Routes
usage: show ip route
The output will list the path to networks the router knows by identifying S for a static route and the exit-interface, or a C for directly connected network. The reason it lists the exit-interface rather than the next hop router ip address is to supply the maximum information in a single lookup.
Cisco ICND1 Flashcard: WAN Protocols and Serial Encapsulation, PPP, HDLC
The Usual Scenario that describes most WANs
Use serial point to point connection to connect the LAN to service provider WAN
Have serial point to point connections within the LAN
Use Circuit Switching technology (ICND1 Topic)
ICND2: Packet Switching in Frame Relay and ATM
The Telco provides clocking info for CSUé DSU. The DCE provides clocking, set the clock rate command here, while the receiving device say the customer`s router is a DTE.
What is a T1
T1: 24 DSO's each 64 k
1 DSO is the bandwidth is required for an uncompressed, digitized phone call
a point to point leased line bandwidth specified by a DS number (DS0, DS1 etc)
T1: 1.544Mbps, 24 DSO`s 64 kbps each, 8 kbps overhead
E1: 2.048 MBps, 32 DSO 64 kbps channels
Circuit Switching
A dedicated path is established, maintained, terminated through a carrier network for each session.
Therefore circuit switching creates a dedicated physical connection running PPP, HDLC on Layer 2. Most likely this will be a leased line at fixed capacity, dedicated for the WAN connection. The Point to Point serial line to form a preestablished WAN communications path
HOW TO Configure a Serial Interface
The serial interface will connect WAN to routers at a remote site
conf t
interface serial 0/0/0
bandwidth 64
clock rate 64000
encapsulation hdlc
no shutdown
Notes: by default Cisco devices are DTE devices but may be configured as DCE
bandwidth: metric used by IGRP routing protocol
clockrate: set clockrate on DCE interfaces in bps, possible 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000 to name a few and 4000000
The default value could be no clock rate configured, or on a serial interface card I plugged in, it was 2000000 bps.
Clock rate vs Bandwidth
My summary taken from cisco discussion pages on this subject.
Take the example of simple serial PPP linke: on the DCE side of the circuit (that would be the internal part connecting to the CPE of the Service Provider) put "clock rate 64000". Depending on the IOS version, on the DTE side, you may be able to see this with "show controllers (intf) | include clock" ; reveals the actual tx/rx clock. The clock rate is required to match the clocks on the receiver and transmitter on remote and local router.the two routers need to sync up their clocks in order to decode the packets coming on their interfaces
Then on the DTE side, look at "show interface (intf) | include BW" and the regular serial link is showing 1544K even though it's only physically possible to send 64K. By default, the routers do not have any mechanism to detect the actual bandwith of a serial line and its is set to a default value of 1.544 MBPs. If there is one 64K serial line and another T1 line on the same router, if the bandwidth value on the 64K serial line is not changed, the router will treat both as T1 lines. Its a method to tell the router that it is a slower link so that actual metrics can be computed accurately.
This bandwidth command tells IOS how to perceive the speed of any particular interface in order to manipulate routing metrics (EIGRP, OSPF); note that the bandwidth command doesn't physically change the speed of an interface like the clock rate command does.
Other commands
show controller serial 1/0, displays information about the physical interface, including clock rate
show interface
HDLC - High Level Data Link Control protocol
HDLC is one of two major data-link protocols, the encapsulation method for data on synchronous serial data links. Error checking built in, enables flow control and error checking using ack, control characters, checksum. However HDLC is not compatible between different vendors. Remember, it uses a frame delimiter to mark the start/ end of each frame
HDLC has a type field that may not be compatible with equipment from other vendors.
Cisco HDLC
Cisco HDLC is a datalink protocol for point to point WAN connections. It is the default encapsulation for serial lines. There is no windowing no flow control, only point to point. Some extensions allow multiprotocol support before ppp was specified
* will not interoperate with other HDLC implementations
* use PPP when interoperability is required, for example if two Nortel and Cisco devices were connecting
ISDN
Different ISDN services - voice and data can run over existing telephone lines. The BRI (basic rate interface) uses two B channels (64 kbps each, may be combined) and one D channel (16 kbps). B for bearer for voice and data; D for data for call signalling or clocking.
An ISDN interface can run these protocols:
E protocols for ISDN on existing telephone network.
I protocols for concepts, terminology and services.
Q protocols refer to switching and signaling.
A Service Provider may use Signaling System 7 (SS7) between the two switches—the same protocol used inside phone company networks to set up circuits for phone calls. ISDN PRI in North America is like a digital T1 circuit
ISDN BRI and PRI Reference Point Diagrams
PPP
Point to Point protocol is a data-link protocol, provides router to router and host to network connections over both synchronous and asynchronous circuits. So, it transports Layer 3 packets across the data-link layer. PPP can be applied to these physical interfaces:
1) asynchronous connection - think of a dial up connection
2) synchronous connection - think of a leased line, like ISDN media
3) High Speed Serial Interface HSSI
What features not available in HDLC but found in PPP:
1) link quality management feature to monitor quality of link. Too many errors detected, ppp takes down the link
2) supports Password Authentication Protocol PAP and CHAP (three way hash authentication)
Three phases of PPP
The method for encapsulating multiprotocol datagrams
* Link establishment phase- LCP extensible link control protocol, establish, configure, test the WAN link
* authentication phase of ppp is optional (choose PAP or CHAP)
* Network Layer protocol phase - NCP network control protocol, to establish and configure different network layer protocols, example IPCP, Appletalk Control Protocol, Novell IPX Control Protocol, Cisco Systems CP, Systems Network Architecture (SNA) CP, Compression CP
Main components:
E1A/ T1A 232C - connector, physical layer standard for serial comms
HDLC - high level data link control, for encapsulating datagrams over serial links
LCP negotiates traffic, maintaining or terminating traffic
NCP encapsulates traffic, multiple network layer protocols.
LCP configuration options
Authentication - identifying the sender, PAP or CHAP
Compression - Cisco uses Stacker and Predictor compression methods
Error Detection - Quality and Magic Numbers
Multilink - splits the load over two or more parallel circuits, or a bundle
PAP
- Password Authentication Protocol; passwords are sent in the cleartext, PAP is only for the initial link establishment
CHAP
- Challenge Authentication Protocol; used at the initial startup of the link and at periodic checkup times to make sure the router is still communicating with the same host. Router sends challenge request to the remote device, expects a value calculated by the one way hash function MD5. If the values don't match, the link is terminated.
Configuring PPP and authentication
* hostname RouterX, assign a hostname to RouterX
* username RouterY password B007! , identify the username RouterY and password of remote router
* conf t, then go to the serial interface in question
* encapsulation ppp, enable ppp encapsulation
* ppp authentication chap, enable chap authentication or use pap instead
Sample configuration
conf t
int s0
encapsulation ppp
Conf t
hostname routerX
username routerY privilege 15 secret 0 password B007!!
encapsulation ppp
ppp authentication chap
(or ppp authentication pap)
debug ppp authentication
Verify
show interfaces
show interface serial
show interface s0
Use serial point to point connection to connect the LAN to service provider WAN
Have serial point to point connections within the LAN
Use Circuit Switching technology (ICND1 Topic)
ICND2: Packet Switching in Frame Relay and ATM
The Telco provides clocking info for CSUé DSU. The DCE provides clocking, set the clock rate command here, while the receiving device say the customer`s router is a DTE.
What is a T1
T1: 24 DSO's each 64 k
1 DSO is the bandwidth is required for an uncompressed, digitized phone call
a point to point leased line bandwidth specified by a DS number (DS0, DS1 etc)
T1: 1.544Mbps, 24 DSO`s 64 kbps each, 8 kbps overhead
E1: 2.048 MBps, 32 DSO 64 kbps channels
Circuit Switching
A dedicated path is established, maintained, terminated through a carrier network for each session.
Therefore circuit switching creates a dedicated physical connection running PPP, HDLC on Layer 2. Most likely this will be a leased line at fixed capacity, dedicated for the WAN connection. The Point to Point serial line to form a preestablished WAN communications path
HOW TO Configure a Serial Interface
The serial interface will connect WAN to routers at a remote site
conf t
interface serial 0/0/0
bandwidth 64
clock rate 64000
encapsulation hdlc
no shutdown
Notes: by default Cisco devices are DTE devices but may be configured as DCE
bandwidth: metric used by IGRP routing protocol
clockrate: set clockrate on DCE interfaces in bps, possible 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000 to name a few and 4000000
To configure the clock rate for the hardware connections on serial interfaces, use the clock rate interface configuration command. Use the no form to remove the clock rate if you change the interface from a DCE to a DTE device. Using the no form of this command on a DCE interface sets the clock rate to the hardware-dependent default value.
clock rate bpsno clock rate
The default value could be no clock rate configured, or on a serial interface card I plugged in, it was 2000000 bps.
Clock rate vs Bandwidth
My summary taken from cisco discussion pages on this subject.
Take the example of simple serial PPP linke: on the DCE side of the circuit (that would be the internal part connecting to the CPE of the Service Provider) put "clock rate 64000". Depending on the IOS version, on the DTE side, you may be able to see this with "show controllers (intf) | include clock" ; reveals the actual tx/rx clock. The clock rate is required to match the clocks on the receiver and transmitter on remote and local router.the two routers need to sync up their clocks in order to decode the packets coming on their interfaces
This bandwidth command tells IOS how to perceive the speed of any particular interface in order to manipulate routing metrics (EIGRP, OSPF); note that the bandwidth command doesn't physically change the speed of an interface like the clock rate command does.
Other commands
show controller serial 1/0, displays information about the physical interface, including clock rate
show interface
HDLC - High Level Data Link Control protocol
HDLC is one of two major data-link protocols, the encapsulation method for data on synchronous serial data links. Error checking built in, enables flow control and error checking using ack, control characters, checksum. However HDLC is not compatible between different vendors. Remember, it uses a frame delimiter to mark the start/ end of each frame
HDLC has a type field that may not be compatible with equipment from other vendors.
Cisco HDLC
Cisco HDLC is a datalink protocol for point to point WAN connections. It is the default encapsulation for serial lines. There is no windowing no flow control, only point to point. Some extensions allow multiprotocol support before ppp was specified
* will not interoperate with other HDLC implementations
* use PPP when interoperability is required, for example if two Nortel and Cisco devices were connecting
ISDN
Different ISDN services - voice and data can run over existing telephone lines. The BRI (basic rate interface) uses two B channels (64 kbps each, may be combined) and one D channel (16 kbps). B for bearer for voice and data; D for data for call signalling or clocking.
An ISDN interface can run these protocols:
E protocols for ISDN on existing telephone network.
I protocols for concepts, terminology and services.
Q protocols refer to switching and signaling.
A Service Provider may use Signaling System 7 (SS7) between the two switches—the same protocol used inside phone company networks to set up circuits for phone calls. ISDN PRI in North America is like a digital T1 circuit
ISDN BRI and PRI Reference Point Diagrams
PPP
Point to Point protocol is a data-link protocol, provides router to router and host to network connections over both synchronous and asynchronous circuits. So, it transports Layer 3 packets across the data-link layer. PPP can be applied to these physical interfaces:
1) asynchronous connection - think of a dial up connection
2) synchronous connection - think of a leased line, like ISDN media
3) High Speed Serial Interface HSSI
What features not available in HDLC but found in PPP:
1) link quality management feature to monitor quality of link. Too many errors detected, ppp takes down the link
2) supports Password Authentication Protocol PAP and CHAP (three way hash authentication)
Three phases of PPP
The method for encapsulating multiprotocol datagrams
* Link establishment phase- LCP extensible link control protocol, establish, configure, test the WAN link
* authentication phase of ppp is optional (choose PAP or CHAP)
* Network Layer protocol phase - NCP network control protocol, to establish and configure different network layer protocols, example IPCP, Appletalk Control Protocol, Novell IPX Control Protocol, Cisco Systems CP, Systems Network Architecture (SNA) CP, Compression CP
Main components:
E1A/ T1A 232C - connector, physical layer standard for serial comms
HDLC - high level data link control, for encapsulating datagrams over serial links
LCP negotiates traffic, maintaining or terminating traffic
NCP encapsulates traffic, multiple network layer protocols.
LCP configuration options
Authentication - identifying the sender, PAP or CHAP
Compression - Cisco uses Stacker and Predictor compression methods
Error Detection - Quality and Magic Numbers
Multilink - splits the load over two or more parallel circuits, or a bundle
PAP
- Password Authentication Protocol; passwords are sent in the cleartext, PAP is only for the initial link establishment
CHAP
- Challenge Authentication Protocol; used at the initial startup of the link and at periodic checkup times to make sure the router is still communicating with the same host. Router sends challenge request to the remote device, expects a value calculated by the one way hash function MD5. If the values don't match, the link is terminated.
Configuring PPP and authentication
* hostname RouterX, assign a hostname to RouterX
* username RouterY password B007! , identify the username RouterY and password of remote router
* conf t, then go to the serial interface in question
* encapsulation ppp, enable ppp encapsulation
* ppp authentication chap, enable chap authentication or use pap instead
Sample configuration
conf t
int s0
encapsulation ppp
Conf t
hostname routerX
username routerY privilege 15 secret 0 password B007!!
encapsulation ppp
ppp authentication chap
(or ppp authentication pap)
debug ppp authentication
Verify
show interfaces
show interface serial
show interface s0
Friday, February 3, 2012
Cisco ICND1 Flashcard: WAN Hardware and Encapsulation
ICND1: PPP
ICND2: Frame Relay
Wide Area Networks
A LAN will cover an area in the same building or vicinity; a WAN spans a much larger geographically connected sites. Setting up and maintain a WAN is very expensive, most private companies would rather purchase a WAN connection from the ISP, who will manage the WAN infrastructure and back-end network backbone. Services include T1, T3, E1 and E3, DSL, cable, frame-relay and ATM.
WAN operations cover the Layer 2 Data Link Layer (Metro Ethernet, MPLS, frame-relay, ATM, HDLC)and Layer 1 Physical Layer components (electrical, mechanical, operational connections).
WAN Devices
Equipment required includes a modem CSU/DSU to connect to the service provider, and edge devices modify the Ethernet encapsulation to the serial WAN
Modem - modulates an analog carrier signal to encode the digital signal, and modulates the carrier signal to decode the transmitted information.
CSU/ DSU - Channel Service Unit/ Data Service Unit. CSU is termination for the digital signal ensures integrity, error correction, and line monitoring. DSU converts T Carrier line frames into LAN frames. Provides a clocking signal to the customer equipment interface from the DSU, terminate the channelized transport media of the carrier on the CSU. CSU also provides a loopback test diagnostic.
Demarcation Point, the point where a service provider considers the services delivered, such as the CSU/DSU on customer's premises to the provider's Central Office.
Access Server - I'll check my notes what that is for.
WAN Switch - used in carrier networks to carry Frame Relay, ATM, X.25 and PSTN in the cloud
Router - The router can be a WAN connection device, with serial interface ports to connect to the service provider and the internetwork for the LAN. Basically a router will connect to the POP router of the ISP
Core Router - needs explaining
CPE - Customer Premise Equipment that includes a DCE/ DTE.
DCE - Data Circuit-terminating Equipment or Data Communications Equipment, the device that ports data on the local loop.Configure the clock rate for the DCE interface.
DTE - Data Terminal Equipment, customer equipment that passes data to the DCE such as the routers. Synchronizes to the clock rate.
There is a lengthy description of EIA/ TIA connectors, but the most important part is the router end of the shielded serial transition cable which has a DB-60 connector. The DB-60 port on a serial WAN interface car is a 5 in 1 port. There is a new type of cable called a Smart Serial Cable.
Summary of WAN Links Hierarchy
Three main WAN types: Dedicated, Circuit Switched and Packet Switched.
DEDICATED
Leased Lines: T1/ E1
For companies who constantly send traffic, expensive.
SWITCHED
Circuit Switched: PSTN, ISDN, analog modem
For companies who send occassional traffic, least expensive.
Packet Switched: Frame Relay, x.25
Ideal for companies requiring a minimum constant service without the cost of dedicated lines.
Cell Switched: ATM
INTERNET
Broadband:VPN
Other: DSL Cable, Broadband, Wireless
The Last Mile
This refers to the local loop, the last mile connection that defines how the local user gets to the ISP perhaps? One example is for example, installing a new fiber optic cable from the exchange outside the building into the networking lab perhaps. Another example could be a satellite hop.
Long Range Connectivity
The protocols SONET and Synchronous Digital Hierarchy (SDH) have been around for ages. These are used to move large amounts of data over great distances through fiber optic cables, mostly refering to voice and data. A newer optical technology, Dense Wavelength Division Multiplex (DWDM) provides extremely long range communications by assigning a specific frequency (or wavelength) of light to incoming signals. Equipment can amplify the wavelength to boost signal strength. A single DWDM fiber can have more than 80 different wavelengths or channels multiplexed, each channel carrying up to 10 Gb/s. The other important feature is that DWDM can carry IP, SONET, ATM at the same time on the same optical fiber.
At the receiving end, the router needs the right optical SFP.
Related Topics: PPP Encapsulation, ISDN
Next Topic: DSL two types-ADSL and SDSL
Followed by: Cisco IPSec VPN
ICND2: Frame Relay
Wide Area Networks
A LAN will cover an area in the same building or vicinity; a WAN spans a much larger geographically connected sites. Setting up and maintain a WAN is very expensive, most private companies would rather purchase a WAN connection from the ISP, who will manage the WAN infrastructure and back-end network backbone. Services include T1, T3, E1 and E3, DSL, cable, frame-relay and ATM.
WAN operations cover the Layer 2 Data Link Layer (Metro Ethernet, MPLS, frame-relay, ATM, HDLC)and Layer 1 Physical Layer components (electrical, mechanical, operational connections).
WAN Devices
Equipment required includes a modem CSU/DSU to connect to the service provider, and edge devices modify the Ethernet encapsulation to the serial WAN
 |
| Wan Ecapsulation Answer Hack. Is this legal? |
Modem - modulates an analog carrier signal to encode the digital signal, and modulates the carrier signal to decode the transmitted information.
CSU/ DSU - Channel Service Unit/ Data Service Unit. CSU is termination for the digital signal ensures integrity, error correction, and line monitoring. DSU converts T Carrier line frames into LAN frames. Provides a clocking signal to the customer equipment interface from the DSU, terminate the channelized transport media of the carrier on the CSU. CSU also provides a loopback test diagnostic.
Demarcation Point, the point where a service provider considers the services delivered, such as the CSU/DSU on customer's premises to the provider's Central Office.
Access Server - I'll check my notes what that is for.
WAN Switch - used in carrier networks to carry Frame Relay, ATM, X.25 and PSTN in the cloud
Router - The router can be a WAN connection device, with serial interface ports to connect to the service provider and the internetwork for the LAN. Basically a router will connect to the POP router of the ISP
Core Router - needs explaining
CPE - Customer Premise Equipment that includes a DCE/ DTE.
DCE - Data Circuit-terminating Equipment or Data Communications Equipment, the device that ports data on the local loop.Configure the clock rate for the DCE interface.
DTE - Data Terminal Equipment, customer equipment that passes data to the DCE such as the routers. Synchronizes to the clock rate.
There is a lengthy description of EIA/ TIA connectors, but the most important part is the router end of the shielded serial transition cable which has a DB-60 connector. The DB-60 port on a serial WAN interface car is a 5 in 1 port. There is a new type of cable called a Smart Serial Cable.
Summary of WAN Links Hierarchy
Three main WAN types: Dedicated, Circuit Switched and Packet Switched.
DEDICATED
Leased Lines: T1/ E1
For companies who constantly send traffic, expensive.
SWITCHED
Circuit Switched: PSTN, ISDN, analog modem
For companies who send occassional traffic, least expensive.
Packet Switched: Frame Relay, x.25
Ideal for companies requiring a minimum constant service without the cost of dedicated lines.
Cell Switched: ATM
INTERNET
Broadband:VPN
Other: DSL Cable, Broadband, Wireless
The Last Mile
This refers to the local loop, the last mile connection that defines how the local user gets to the ISP perhaps? One example is for example, installing a new fiber optic cable from the exchange outside the building into the networking lab perhaps. Another example could be a satellite hop.
Long Range Connectivity
The protocols SONET and Synchronous Digital Hierarchy (SDH) have been around for ages. These are used to move large amounts of data over great distances through fiber optic cables, mostly refering to voice and data. A newer optical technology, Dense Wavelength Division Multiplex (DWDM) provides extremely long range communications by assigning a specific frequency (or wavelength) of light to incoming signals. Equipment can amplify the wavelength to boost signal strength. A single DWDM fiber can have more than 80 different wavelengths or channels multiplexed, each channel carrying up to 10 Gb/s. The other important feature is that DWDM can carry IP, SONET, ATM at the same time on the same optical fiber.
At the receiving end, the router needs the right optical SFP.
Related Topics: PPP Encapsulation, ISDN
Next Topic: DSL two types-ADSL and SDSL
Followed by: Cisco IPSec VPN
Tuesday, January 31, 2012
Cisco ICND1 Flashcard: DHCP
The starting point for understanding DHCP for the CCNA Exam or ICND1 and ICND2, is that DHCP is based on a client-server model.
There are three types of IP address allocation by DHCP
The Client requests an IP address allocation and initialization parameters from the DHCP Server through the following exchange of messages.
DHCPDISCOVER
When a client boots up for the first time, it sends a DHCPDISCOVER message broadcast to 255.255.255.255 all destinations with a source IP address of 0.0.0.0 (because it doesn't have one)
DHCPOFFER
The DHCP server receives the message and replies with a DHCPOFFER unicast, and contains fields to specify a subnet mask or the default gateway (router), and other values including the IP address lease time, renewal time, DNS, and NetBIOS name. The message is sent on Layer 2 to the client MAC address. The destination IP address is the address being offered by the server.
DHCPREQUEST
Client responds to the offer with this message, showing intent to accept the parameters, sent to broadcast address (Layer 2 and Layer 3), uncertain if address is safe to use or if another DHCP client will grab it.
DHCPACK
The DHCP Server receives the request message, acknowledges the request with this unicast message
Setting DHCP Pool Parameters using a Wizard
The DHCP pool may be configured from the Cisco SDM page, according to the parameters below
DHCP Pool Name - Name that clearly identifies the DHCP pool
DHCP Pool Network and Subnet Mask- the assigned IP address is drawn from the pool, specifying a starting and ending IP address in the range.
Hints: The IP address range should be within the private address range
10.1.1.1 to 10..255.255.255
172.16.1.1 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Must not use the reserved address in this range specified
The network or subnetwork IP address
The broadcast address on the network
Starting IP
Ending IP
Lease Length - integer number in days
DHCP options
DNS Server 1
DNS Server 2
Domain Name
WINS Server 1
WINS Server 2
Default Router - IP address of router to use as the default gateway
Import all DHCP options into the DHCP Server database
CLI Cisco IOS DCHP server on a router
ip dhcp pool mydhcppool
network 10.10.10.0 /8
domain-name mydhcpdomain.com
dns-server 10.10.10.98 10.10.10.99
default-router 10.10.10.1
lease 7
exit
ip dhcp excluded-address 10.10.10.0 10.10.10.99
There are three types of IP address allocation by DHCP
- Automatic - assigns a permanently binding IP address to the client
- Dynamic - assigns an IP address to the client for a limited time, until lease expires and the IP address is returned to the pool for reuse
- Manual - a network administrator assigns the IP address to the client, DHCP conveys it (not completely sure I understand this to be a kind of DHCP).
The Client requests an IP address allocation and initialization parameters from the DHCP Server through the following exchange of messages.
DHCPDISCOVER
When a client boots up for the first time, it sends a DHCPDISCOVER message broadcast to 255.255.255.255 all destinations with a source IP address of 0.0.0.0 (because it doesn't have one)
DHCPOFFER
The DHCP server receives the message and replies with a DHCPOFFER unicast, and contains fields to specify a subnet mask or the default gateway (router), and other values including the IP address lease time, renewal time, DNS, and NetBIOS name. The message is sent on Layer 2 to the client MAC address. The destination IP address is the address being offered by the server.
DHCPREQUEST
Client responds to the offer with this message, showing intent to accept the parameters, sent to broadcast address (Layer 2 and Layer 3), uncertain if address is safe to use or if another DHCP client will grab it.
DHCPACK
The DHCP Server receives the request message, acknowledges the request with this unicast message
Setting DHCP Pool Parameters using a Wizard
The DHCP pool may be configured from the Cisco SDM page, according to the parameters below
DHCP Pool Name - Name that clearly identifies the DHCP pool
DHCP Pool Network and Subnet Mask- the assigned IP address is drawn from the pool, specifying a starting and ending IP address in the range.
Hints: The IP address range should be within the private address range
10.1.1.1 to 10..255.255.255
172.16.1.1 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Must not use the reserved address in this range specified
The network or subnetwork IP address
The broadcast address on the network
Starting IP
Ending IP
Lease Length - integer number in days
DHCP options
DNS Server 1
DNS Server 2
Domain Name
WINS Server 1
WINS Server 2
Default Router - IP address of router to use as the default gateway
Import all DHCP options into the DHCP Server database
CLI Cisco IOS DCHP server on a router
ip dhcp pool mydhcppool
network 10.10.10.0 /8
domain-name mydhcpdomain.com
dns-server 10.10.10.98 10.10.10.99
default-router 10.10.10.1
lease 7
exit
ip dhcp excluded-address 10.10.10.0 10.10.10.99
Monday, January 30, 2012
Cisco ICND1 Flashcard: Copper Cable Pinouts for RJ-45
There are three types of copper cabling most concerning to Ethernet for the RJ-45 jacks: straight-through, cross-over, and roll-over. You can do a simple visual inspection to determine the pairing and type of cable it is. If you're constructing the cables to a custom length, you could use a special board with the input pins and output pins labelled 1 to 8 and they light up as you decide which order you want them in as you clip on the head. Click!
RJ-45 jacks for Ethernet, also used for ISDN BRI
(Deconflict DB-60 used for connecting synchronous serial interfaces and Cisco routers, configuring WAN links and T1, E1 high speed lines)
RJ-11 jacks for telephone
RJ-48 connectors on CSU/DSU WAN interface EIA-TIA 232 at the customer end.
Cabling
An insulating material covers each individual copper wire in the UTP cable; the wires wrap around each other (twisted pair). They are subject to electromagnetic interference.
Straight Through, UTP (unshielded twisted pair)
Pins 1,2,3 and 6 used
Pin 1 to 1, 2 to 2, 3 to 3, 6 to 6
Best to have the other unused pairs match up too.
Hubs or switches provide the "twist" to match TX to RX
Connects devices at the different layers of the OSI model, ie. Server to Switch
Cross Over
Pins 1,2,3 and 6 used
Pin 1 to 3, 3 to 1
Pin 2 to 6, 6 to 2
Connects devices at the same layer of the OSI model, ie. Router to Router
Roll Over
Used for connecting the console port on router to computer.
Cable is rolled, simply reverse the pins
Pin 1 to 8, 2 to 7, 3 to 6, 4 to 5, 5 to 4, 6 to 3, 7 to 2, 8 to 1
The console port is used for local access to the router, when physical access is required, like for password recovery.
Another way of looking at the pinouts.
Straight Through
sender receiver
1 1
2 2
receiver sender
3 3
6 6
Cross Over
sender receiver
1 3
2 6
receiver sender
3 1
6 2
RJ-45 jacks for Ethernet, also used for ISDN BRI
(Deconflict DB-60 used for connecting synchronous serial interfaces and Cisco routers, configuring WAN links and T1, E1 high speed lines)
RJ-11 jacks for telephone
RJ-48 connectors on CSU/DSU WAN interface EIA-TIA 232 at the customer end.
Cabling
An insulating material covers each individual copper wire in the UTP cable; the wires wrap around each other (twisted pair). They are subject to electromagnetic interference.
Straight Through, UTP (unshielded twisted pair)
Pins 1,2,3 and 6 used
Pin 1 to 1, 2 to 2, 3 to 3, 6 to 6
Best to have the other unused pairs match up too.
Hubs or switches provide the "twist" to match TX to RX
Connects devices at the different layers of the OSI model, ie. Server to Switch
Cross Over
Pins 1,2,3 and 6 used
Pin 1 to 3, 3 to 1
Pin 2 to 6, 6 to 2
Connects devices at the same layer of the OSI model, ie. Router to Router
Roll Over
Used for connecting the console port on router to computer.
Cable is rolled, simply reverse the pins
Pin 1 to 8, 2 to 7, 3 to 6, 4 to 5, 5 to 4, 6 to 3, 7 to 2, 8 to 1
The console port is used for local access to the router, when physical access is required, like for password recovery.
Another way of looking at the pinouts.
Straight Through
sender receiver
1 1
2 2
receiver sender
3 3
6 6
Cross Over
sender receiver
1 3
2 6
receiver sender
3 1
6 2
Cisco Router Configuration: Cheat Sheet for Router IOS Modes and CLI
Here are some basic commands so frequently used they're second nature and you'll only find them in your Study Notes for the CCNA Exam.
Cisco Command Line interface (CLI). I am most familiar with the CLI, however I was warned that with the newer exams it was important to be somewhat familiar with SDM.
Cisco SDM - Security Device Manager, web based management system to do router configuration. How do you know if SDM is already loaded on a router, show flash.
Several modes in the various stages of IOS
setup mode: when no valid configuration file is found in NVRAM
user mode: to view statistics and basic information. The prompt Router>
Privileged mode: type enable to view and modify the configuration. The prompt Router#
Global configuration mode: to make global changes; to access this mode from the privileged mode, type enable. The prompt Router(config)#
Interface configuration mode: to make changes to a specific interface, type conf t The prompt Router(config-if)#
The basic Cisco commands:
enable: puts you in Privileged mode
disable: takes you back to User mode
logout: completely exits the router
exit: exits the current configuration mode
conf t: shortcut for configure terminal, moves you to global configuration mode
int #: you're in the configuration mode of the specific interface by number, example int fast-ethernet 0/15
line console 0: a subcommand from global configuration mode, modifications to console access, passwords line vty 0 4: a subcommand, from global configuration mode, modifications to vty (telnet) access, passwords
line aux 0: a subcommand, from global configuration mode to modify auxilary (telnet) access, passwords
Ctrl Z, end: like logout, disable
The quick reference guide for more Cisco commands
router protocol: in global configuration mode, configure that protocol eg. router RIP
show running-config: in privileged mode, show the running configuration in RAM
show startup-config: in privileged mode, show the startup config in NVRAM
show compress
show post command when the system runs, in order to see if any port had failed a POST test
show controllers: view the hardware related info on the router/ switch interfaces. Does not show operational status of the switchport
show interface: shows detailed information regarding interfaces or specify the interface, eg. show int fa 0/15
more precisely, show interfaces fa 0/15 switchport
show history: shows the last ten commands
show version: displays hardware and software versions
show user: see who has telnet sessions to the router
clock set: clock set hh:mm:ss mmm yyyy
banner [motd | incoming | login | exec]: sets the Message of the Day banner. Incoming for users using reverse telnet, login on all terminals, exec banner used on line activation like vty.
clock rate rate: in interface configuration mode, setting the device as a DCE. The DCE end of cable must be connected and detected to use the command.
bandwidth rate: not for setting the bandwidth rate all, but used for routing protocols to choose the best path
hostname: in global configuration mode, sets the hostname of the system eg. Router1
username: Example username admin priv 15 password cisco username bob priv 7 password cisco
enable password: in global configuration mode, sets the enable password for the router
enable secret: in global configuration mode, sets the secret password. It's encrypted and overrides the enable password. Cannot be the same as the enable password or it's bad!
no ip domain-lookup: this is a handy command to include so that when you make a typo or incomplete command, the router won't assume you are trying to telnet to a hostname and try to resolve it
ip name-server name-of-DNS-server: the router will use this server for DNS
ip domin-name name: this will append the fully qualified domain name to the hostname
show ip route: will show the contents of the routing table
show ip interface: shows the IP information on interfaces (including access-lists)
encapsulation (hdlc | ppp | frame-relay): choose the encapsulation on serial interface
ppp encapsulation (pap| chap): set the password for ppp authentication
show frame-relay pvc: shows permanent virtual circuit information including the status
show frame-relay map: shows layer 3 (IP) to layer 3 (DLCI) mapping of PVC
Shortcut commands may pop up in the CCNA Exam Questions
Ctrl+ A: move cursor to beginning of line
Ctrl+ E: end
Ctrl+ Z: move back to the EXEC prompt in privileged mode
Tab: complete a partially entered command, autofill
Esc+ F: move forward one word
Esc+ B: move back one word
Ctrl+ F: move forward one character
Ctrl+ B: back
Ctrl+ D: delete a character
Backspace: delete a character
Ctrl+ U: delete everything on a line before the cursor
Ctrl+ W: delete a word
Ctrl+ P: recall the last line
Up and Down arrows: Recall previous older commands or recall more recent commands
Commands related to debug
Before running the debug command, turn on the synchronous logging first.
conf t
line con 0
logging synchronous
Use the debug command sparingly and be very specific for which item you are debugging. Never debug EVERYTHING (debug all) becuase the output buffer to the screen will fill up very quickly and you will be unable to stop it and the router will certainly crash. Privileged EXEC mode -
Add a timestamp to debug or log message
usage: service timestamps debug datetime msec
Display CPU usage
usage: show processes
Disable all debug commands
usage: undebug all (shortcut u all)
Display debug output to current vty session
usage: terminal monitor
Fancy stuff to be used only by a super geek:
conf t: configure from terminal (user input command line interface)
conf mem: merge startup configuration in NVRAM with the running config
conf network: merge startup config stored on a TFTP server with the running config
conf overwrite-network: overwrite the startup config stored in NVRAM with a configuration from the TFTP server
Cisco Command Line interface (CLI). I am most familiar with the CLI, however I was warned that with the newer exams it was important to be somewhat familiar with SDM.
Cisco SDM - Security Device Manager, web based management system to do router configuration. How do you know if SDM is already loaded on a router, show flash.
Several modes in the various stages of IOS
setup mode: when no valid configuration file is found in NVRAM
user mode: to view statistics and basic information. The prompt Router>
Privileged mode: type enable to view and modify the configuration. The prompt Router#
Global configuration mode: to make global changes; to access this mode from the privileged mode, type enable. The prompt Router(config)#
Interface configuration mode: to make changes to a specific interface, type conf t The prompt Router(config-if)#
If both the enable secret and the enable password commands are configured on your router, how do you get to the # prompt? | |
Enter the enable secret command. If you try to make the enable and enable secret password the same despite the warning messages, neither will work and then you have to do Password Recovery. This happened to me! |
The basic Cisco commands:
enable: puts you in Privileged mode
disable: takes you back to User mode
logout: completely exits the router
exit: exits the current configuration mode
conf t: shortcut for configure terminal, moves you to global configuration mode
int #: you're in the configuration mode of the specific interface by number, example int fast-ethernet 0/15
line console 0: a subcommand from global configuration mode, modifications to console access, passwords line vty 0 4: a subcommand, from global configuration mode, modifications to vty (telnet) access, passwords
line aux 0: a subcommand, from global configuration mode to modify auxilary (telnet) access, passwords
Ctrl Z, end: like logout, disable
The quick reference guide for more Cisco commands
router protocol: in global configuration mode, configure that protocol eg. router RIP
show running-config: in privileged mode, show the running configuration in RAM
show startup-config: in privileged mode, show the startup config in NVRAM
show compress
show post command when the system runs, in order to see if any port had failed a POST test
show controllers: view the hardware related info on the router/ switch interfaces. Does not show operational status of the switchport
show interface: shows detailed information regarding interfaces or specify the interface, eg. show int fa 0/15
more precisely, show interfaces fa 0/15 switchport
show history: shows the last ten commands
show version: displays hardware and software versions
show user: see who has telnet sessions to the router
clock set: clock set hh:mm:ss mmm yyyy
banner [motd | incoming | login | exec]: sets the Message of the Day banner. Incoming for users using reverse telnet, login on all terminals, exec banner used on line activation like vty.
clock rate rate: in interface configuration mode, setting the device as a DCE. The DCE end of cable must be connected and detected to use the command.
bandwidth rate: not for setting the bandwidth rate all, but used for routing protocols to choose the best path
hostname: in global configuration mode, sets the hostname of the system eg. Router1
username: Example username admin priv 15 password cisco username bob priv 7 password cisco
enable password: in global configuration mode, sets the enable password for the router
enable secret: in global configuration mode, sets the secret password. It's encrypted and overrides the enable password. Cannot be the same as the enable password or it's bad!
no ip domain-lookup: this is a handy command to include so that when you make a typo or incomplete command, the router won't assume you are trying to telnet to a hostname and try to resolve it
ip name-server name-of-DNS-server: the router will use this server for DNS
ip domin-name name: this will append the fully qualified domain name to the hostname
show ip route: will show the contents of the routing table
show ip interface: shows the IP information on interfaces (including access-lists)
encapsulation (hdlc | ppp | frame-relay): choose the encapsulation on serial interface
ppp encapsulation (pap| chap): set the password for ppp authentication
show frame-relay pvc: shows permanent virtual circuit information including the status
show frame-relay map: shows layer 3 (IP) to layer 3 (DLCI) mapping of PVC
Shortcut commands may pop up in the CCNA Exam Questions
Ctrl+ A: move cursor to beginning of line
Ctrl+ E: end
Ctrl+ Z: move back to the EXEC prompt in privileged mode
Tab: complete a partially entered command, autofill
Esc+ F: move forward one word
Esc+ B: move back one word
Ctrl+ F: move forward one character
Ctrl+ B: back
Ctrl+ D: delete a character
Backspace: delete a character
Ctrl+ U: delete everything on a line before the cursor
Ctrl+ W: delete a word
Ctrl+ P: recall the last line
Up and Down arrows: Recall previous older commands or recall more recent commands
Commands related to debug
Before running the debug command, turn on the synchronous logging first.
conf t
line con 0
logging synchronous
Use the debug command sparingly and be very specific for which item you are debugging. Never debug EVERYTHING (debug all) becuase the output buffer to the screen will fill up very quickly and you will be unable to stop it and the router will certainly crash. Privileged EXEC mode -
Add a timestamp to debug or log message
usage: service timestamps debug datetime msec
Display CPU usage
usage: show processes
Disable all debug commands
usage: undebug all (shortcut u all)
Display debug output to current vty session
usage: terminal monitor
Fancy stuff to be used only by a super geek:
conf t: configure from terminal (user input command line interface)
conf mem: merge startup configuration in NVRAM with the running config
conf network: merge startup config stored on a TFTP server with the running config
conf overwrite-network: overwrite the startup config stored in NVRAM with a configuration from the TFTP server
Subscribe to:
Comments (Atom)