The line transition took time from 9 MAY to 22 MAY.
Well, yet still not up yet...
Poor TM, poor me for using this ISP.
Thursday, 22 May 2008
Friday, 16 May 2008
ICND2, 5th Day
IPv6 -> 16 Octet
::1: <- Localhost Address
FF01::1 <- Private Address
1. conf t
2. ipv6 unicast-routing
3. ipv6 address [ipv6prefix/prefix length] [eui-64] Hostname
1. conf t
2. ipv6 host R1 [ipv6:1] RIPng
1. conf t
2. ipv6 router rip [Tag]
3. ipv6 unicast-routing
4. router rip RT0
5. exi
1. conf t
2. int f0/0
3. ipv6 router rip RT0 enable
4. exi
5. show ipv6 route rip
Rapid Spanning Tree Protocol (*Cisco Only)
1. conf t
2. spanning-tree mode ?
3. show spanning-tree
VLAN Trunking Protocol
Must be the same domian name
Run on trunking
1. conf t
1.1 vtp mode server
2. vtp domian UPMicnd
3. vtp version 2
4. exi
5. show vtp status
6. show vtp password
* If VTP not working check VTP password.
*The revision number will be reset when VTP domain changed.
PPPoE, PPPoA-> Can do Authentication as compare to HDLC
PAP(One-way Plain Text pwd) and CHAP(Three-way Encryption pwd)
1. conf t
2. int s0/0/0
3. encapsulation ppp
Set Authentication on interface
1. conf t
2. username R2 password CISCO
3. int s0/0/0
4. ppp authentication chap
Why Serial Line Up\Down?
1. Clock Rate not set
2. Encapsulations mismatch
3. Keep-alive mismatch
Frame Relay
Point-to-Point
Multi Point
R1, R3, TS as Client
R2 as ISP FR
Frame Relay Router
1. conf t
2. int s1/0
3. encap frame
4. frame int dce
5. frame route 123 in s 1/1 321
6. frame route 139 in s 1/2 931
and also set the other interface.
Client Router
1. conf t
2. int s0/0
3. encap frame-relay
4. exi
5. int s0/0.123 point-to-point
6. ip address [] []
7. frame relay interface-dlci 123
8. show frame lmi
9. show frame map
10. show frame pvc
::1: <- Localhost Address
FF01::1 <- Private Address
1. conf t
2. ipv6 unicast-routing
3. ipv6 address [ipv6prefix/prefix length] [eui-64] Hostname
1. conf t
2. ipv6 host R1 [ipv6:1] RIPng
1. conf t
2. ipv6 router rip [Tag]
3. ipv6 unicast-routing
4. router rip RT0
5. exi
1. conf t
2. int f0/0
3. ipv6 router rip RT0 enable
4. exi
5. show ipv6 route rip
Rapid Spanning Tree Protocol (*Cisco Only)
1. conf t
2. spanning-tree mode ?
3. show spanning-tree
VLAN Trunking Protocol
Must be the same domian name
Run on trunking
1. conf t
1.1 vtp mode server
2. vtp domian UPMicnd
3. vtp version 2
4. exi
5. show vtp status
6. show vtp password
* If VTP not working check VTP password.
*The revision number will be reset when VTP domain changed.
PPPoE, PPPoA-> Can do Authentication as compare to HDLC
PAP(One-way Plain Text pwd) and CHAP(Three-way Encryption pwd)
1. conf t
2. int s0/0/0
3. encapsulation ppp
Set Authentication on interface
1. conf t
2. username R2 password CISCO
3. int s0/0/0
4. ppp authentication chap
Why Serial Line Up\Down?
1. Clock Rate not set
2. Encapsulations mismatch
3. Keep-alive mismatch
Frame Relay
Point-to-Point
Multi Point
R1, R3, TS as Client
R2 as ISP FR
Frame Relay Router
1. conf t
2. int s1/0
3. encap frame
4. frame int dce
5. frame route 123 in s 1/1 321
6. frame route 139 in s 1/2 931
and also set the other interface.
Client Router
1. conf t
2. int s0/0
3. encap frame-relay
4. exi
5. int s0/0.123 point-to-point
6. ip address [] []
7. frame relay interface-dlci 123
8. show frame lmi
9. show frame map
10. show frame pvc
Thursday, 15 May 2008
ICND2, 4th Day
Routing Protocol on Cat3560 Switch
1. conf t
2. router ospf 9118
3. net [ ] [ ] area 0
Access Control List (ACL) -> Packet Control List
Doing on Layer 3 device
Types:
Standard ACL-> Check SRC IP
Extended ACL-> Check SRC IP, DEST IP, PORT, PROTOCOL
1. conf t
2. access-list ?
3. access-list 10 deny [SRC IP] [0.0.0.0<-Wildcard for one host] [log] 4. exi 5. show access-list
Apply the access list to the closet interface to the destination
1. conf t
2. int fa0/0
3. ip access-group ?
4. ip access-group [acl no] ?
5. ip access-group [acl no] [in/out]
Since The ACL is implicit deny, solution :
1. conf t
2. access-list 10 allow any
**Type all the access list on notepad, one line removed...all gone!!!
Example for Extended ACL:
Apply closet to the source. It is diff with Standard ACL.
This deny telnet from 20.0.0.1-7 to 172.19.90.22 telnet
1. access-list 110 deny tcp 20.0.0.0 0.0.0.7 172.19.90.22 0.0.0.0 eq 23
2. access-list permit any any
Go to the SRC int
1. conf t
2. int fa0/0
3. ip access-list 110 in
Insert new line into existing ACL
1. conf t
2. ip access-list extended 110
3. [5] permit ip 20.0.0.7 0.0.0.0 172.19.90.22 0.0.0.0
Name Access-List
1. conf t
2. ip access-list standard DenyWAN
3. deny host 172.19.90.24
4. permit any
Deny all 20 network to lin vty TS (ACL)
1. enable
2. conf t
3. access-list 20 deny 20.0.0.0 0.0.0.255
4. access-list 20 permit any
5. exi
6. conf t
7. lin vty 0 30
8. access-class 20 in
** permit tcp any any [must specific port number here]
Reflexive ACL
Time-Based ACLs
Network Address Translation
1. Static (1->1)
2. Dynamic (M->M) FCFS
3. Port Address Translation (M->1) Overload
Inside? Outside?
1. conf t
2. ip nat inside source static 20.0.0.88 172.18.70.248
3. ip nat pool ABC 172.18.70.235 172.18.70.239 netmask 255.255.255.0
show ip nat translation
clear ip nat translation *
Port NAT
1. conf t
2. ip nat inside source list 60 int fa0/0 overload
3. int fa0/0
4. ip nat outside
5. ip route 0.0.0.0 0.0.0.0 172.18.70.254
1. conf t
2. router ospf 9118
3. net [ ] [ ] area 0
Access Control List (ACL) -> Packet Control List
Doing on Layer 3 device
Types:
Standard ACL-> Check SRC IP
Extended ACL-> Check SRC IP, DEST IP, PORT, PROTOCOL
1. conf t
2. access-list ?
3. access-list 10 deny [SRC IP] [0.0.0.0<-Wildcard for one host] [log] 4. exi 5. show access-list
Apply the access list to the closet interface to the destination
1. conf t
2. int fa0/0
3. ip access-group ?
4. ip access-group [acl no] ?
5. ip access-group [acl no] [in/out]
Since The ACL is implicit deny, solution :
1. conf t
2. access-list 10 allow any
**Type all the access list on notepad, one line removed...all gone!!!
Example for Extended ACL:
Apply closet to the source. It is diff with Standard ACL.
This deny telnet from 20.0.0.1-7 to 172.19.90.22 telnet
1. access-list 110 deny tcp 20.0.0.0 0.0.0.7 172.19.90.22 0.0.0.0 eq 23
2. access-list permit any any
Go to the SRC int
1. conf t
2. int fa0/0
3. ip access-list 110 in
Insert new line into existing ACL
1. conf t
2. ip access-list extended 110
3. [5] permit ip 20.0.0.7 0.0.0.0 172.19.90.22 0.0.0.0
Name Access-List
1. conf t
2. ip access-list standard DenyWAN
3. deny host 172.19.90.24
4. permit any
Deny all 20 network to lin vty TS (ACL)
1. enable
2. conf t
3. access-list 20 deny 20.0.0.0 0.0.0.255
4. access-list 20 permit any
5. exi
6. conf t
7. lin vty 0 30
8. access-class 20 in
** permit tcp any any [must specific port number here]
Reflexive ACL
Time-Based ACLs
Network Address Translation
1. Static (1->1)
2. Dynamic (M->M) FCFS
3. Port Address Translation (M->1) Overload
Inside? Outside?
1. conf t
2. ip nat inside source static 20.0.0.88 172.18.70.248
3. ip nat pool ABC 172.18.70.235 172.18.70.239 netmask 255.255.255.0
show ip nat translation
clear ip nat translation *
Port NAT
1. conf t
2. ip nat inside source list 60 int fa0/0 overload
3. int fa0/0
4. ip nat outside
5. ip route 0.0.0.0 0.0.0.0 172.18.70.254
Wednesday, 14 May 2008
ICND2, 3rd Day
VLAN Operation
1. show vlan bri
2. conf t
3. vlan 20
4. name MGMT
5. conf t
6. int fa0/19
7. switchport access vlan 20
8. conf t
9. int range fa0/3 - 5
10. switchport access vlan 12
VLAN Trunk Protocol
1. VLAN add/delete
2. Change propagated
3. Sync to latest change
Modes
-Server
-Client
-Transparent
*Pruning
http://en.wikipedia.org/wiki/VTP#VTP_Modes
VTP Operation
1. VTP advertisement are send as multicast frame.
2. Servers and client sync to the latest Revision Number.
3. VTP advertisement are sent every 5 min.
4. All the previous VTP info will be flush before receive.
VTP Syntax
1. show vtp status
2. conf t
3. vtp domain UPMicnd
4. vtp mode server/client/transparent
5. vtp password
6. vtp pruning
7. conf t
8. int fa0/0
9. switchport access trunk encap dot1q
Spanning Tree Protocol
-Avoid Switch Redundant Loops,
-Broadcast Storm, MAC Table Unstable, Multiple Frames Copy
-Elect Root Bridge (Per Broadcast Domain)
-Bridge ID->Priority, MAC address
-Elect Root Port (Per non-Root Bridge)
-Elect Designated Port (Per Segment)
-Remaining Port will be blocked
Spanning-Tree Port States
1. Blocking 20sec <-Topology Change (BPDU Packet Loss) 2. Listening 15sec <- Link comes up 3. Learning 15sec 4. Forwarding
PortFast <- By pass the listening and learning state
1. conf t
2. int fa0/0 (should be only access port/NOT for TRUNK port)
3. spanning-tree portfast
1. show spanning-tree
Per VLAN spanning-tree Plus (PVST+)
Encapsulation->dot1q
Add in SystemID->VLAN
1. conf t
2. spanning-tree mode rapid-pvst
3. exi
4. show spanning-tree
Set Root Bridge
1. config t
2. spanning-tree vlan [1] root primary
Routing between VLAN (Inter VLAN routing)
-Sub interfaces on router
On the switch
1. conf t
2. int [fa0/7]
3. switchport mode trunk
4. switchport trunk encapsulation dot1q
5. conf t
6. int vlan 10
7. ip add [IP] [255.255.255.0]
5. conf t
6. int vlan 20
7. ip add []
8. ip routing
OR
On the router
*LINK
1. http://testinside.blogspot.com/2007/04/ccna-acl-sim.html
1. show vlan bri
2. conf t
3. vlan 20
4. name MGMT
5. conf t
6. int fa0/19
7. switchport access vlan 20
8. conf t
9. int range fa0/3 - 5
10. switchport access vlan 12
VLAN Trunk Protocol
1. VLAN add/delete
2. Change propagated
3. Sync to latest change
Modes
-Server
-Client
-Transparent
*Pruning
http://en.wikipedia.org/wiki/VTP#VTP_Modes
VTP Operation
1. VTP advertisement are send as multicast frame.
2. Servers and client sync to the latest Revision Number.
3. VTP advertisement are sent every 5 min.
4. All the previous VTP info will be flush before receive.
VTP Syntax
1. show vtp status
2. conf t
3. vtp domain UPMicnd
4. vtp mode server/client/transparent
5. vtp password
6. vtp pruning
7. conf t
8. int fa0/0
9. switchport access trunk encap dot1q
Spanning Tree Protocol
-Avoid Switch Redundant Loops,
-Broadcast Storm, MAC Table Unstable, Multiple Frames Copy
-Elect Root Bridge (Per Broadcast Domain)
-Bridge ID->Priority, MAC address
-Elect Root Port (Per non-Root Bridge)
-Elect Designated Port (Per Segment)
-Remaining Port will be blocked
Spanning-Tree Port States
1. Blocking 20sec <-Topology Change (BPDU Packet Loss) 2. Listening 15sec <- Link comes up 3. Learning 15sec 4. Forwarding
PortFast <- By pass the listening and learning state
1. conf t
2. int fa0/0 (should be only access port/NOT for TRUNK port)
3. spanning-tree portfast
1. show spanning-tree
Per VLAN spanning-tree Plus (PVST+)
Encapsulation->dot1q
Add in SystemID->VLAN
1. conf t
2. spanning-tree mode rapid-pvst
3. exi
4. show spanning-tree
Set Root Bridge
1. config t
2. spanning-tree vlan [1] root primary
Routing between VLAN (Inter VLAN routing)
-Sub interfaces on router
On the switch
1. conf t
2. int [fa0/7]
3. switchport mode trunk
4. switchport trunk encapsulation dot1q
5. conf t
6. int vlan 10
7. ip add [IP] [255.255.255.0]
5. conf t
6. int vlan 20
7. ip add []
8. ip routing
OR
On the router
*LINK
1. http://testinside.blogspot.com/2007/04/ccna-acl-sim.html
Tuesday, 13 May 2008
ICND2, 2nd Day
Terminal Server
Reverse Telnet
1. Set Loopback Address
2. Telnet loopback to port 2000 and above
EIGRP Metric
1. Bandwidth *Can be set in the interface
2. Delay *
3. Reliability ** Always Change
4. Load **
5. MTU
Load Balancing for Unequal Cost Path
1.
2.
Feasible Distance of Successor * Variance = Max Cost Path
Latest IOS have more MAX path=16
EIGRP MD5 Authentication
Send livetime
Accept lifetime
Enter global configuration mode.
Dallas#configure terminal
Create the key chain. MYCHAIN is used in this example.
Dallas(config)#key chain MYCHAIN
Specify the key number. 1 is used in this example.
Note: It is recommended that the key number be the same on all routers involved in the configuration.
Dallas(config-keychain)#key 1
Specify the key-string for the key. securetraffic is used in this example.
Dallas(config-keychain-key)#key-string securetraffic
Dallas(config-keychain-key)#accept-lifetime 09:00:00 13 MAY 2008 17:00:00 13 MAY 2008
Dallas(config-keychain-key)#send-lifetime 09:00:00 13 MAY 2008 duration 28800
End the configuration.
Dallas(config-keychain-key)#end
Dallas#
**Overlap lifetime of two key to have no downtime.
Enter global configuration mode.
Dallas#configure terminal
From global configuration mode, specify the interface that you want to configure EIGRP message authentication on. In this example the first interface is Serial 0/0.1.
Dallas(config)#interface serial 0/0.1
Enable EIGRP message authentication.
The 10 used here is the autonomous system number of the network.
md5 indicates that the md5 hash is to be used for authentication.
Dallas(config-subif)#ip authentication mode eigrp 10 md5
Specify the keychain that should be used for authentication. 10 is the autonomous system number. MYCHAIN is the keychain that was created in the Create a Keychain section.
Dallas(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN
Dallas(config-subif)#end
Complete the same configuration on interface Serial 0/0.2.
Dallas#configure terminal
Dallas(config)#interface serial 0/0.2
Dallas(config-subif)#ip authentication mode eigrp 10 md5
Dallas(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN
Dallas(config-subif)#end
Dallas#
Debug EIGRP
Dallas#debug eigrp packets
Dallas#show key chain
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00807f5a63.shtml
Clock Set
Router# clock set 22:55:05 June 19 2006
Router# show clock detail
Access Control List (ACL)
Assign Into interface, Packet Filtering
OSPF
Shows all the possible path to Destination.
Area 0 <- Root Route Summarized within the Area Border Router. HELLO PACKET->Router ID,
Not more than 50 router in single Area.
Cost = Reference Bandwidth/ Interface Bandwidth
1. enable
2. conf t
3. router ospf [119]
4. network 8.0.1.2 0.0.0.0 area 0
5. network 8.0.1.5 0.0.0.0 area 0
6. network 172.19.90.252 [0.0.0.0] area 0
Line 4 & 5 can be replace by
network 8.0.1.0 0.0.0.7 area 0
Unadvertised Loopback Address
Router ID->Router Name for OSPF-> Ethernet IP address
Link-State Advertisement (LSA) Types:
1. Within the same Area
Got 5 types.
DR's exist for the purpose of reducing network traffic by providing a source for routing updates, the DR maintains a complete topology table of the network and sends the updates to the other routers via multicast
Select :
1. Destinate Router (DR)
2. Backup Destinate Router (BDR)
3. DR Other
*Highest Router ID->DR
*2nd Highest Router ID->BDR
Loop back have Higher Priority than Ethernet
RESET DR
1. enable
2. clear ip ospf process
Set OSPF Priority
1. conf t
2. [interface]
3. ip ospf priority [3]
Debug OSPF
1. debug ospf packets
Load Balance with OSPF?
Tricky...
Set OSPF Cost
1. conf t
2. interface
3. ip ospf cost ?
Manually set all the path cost for every path to be same,
so the router will load balance all the path.
OSPF Authentication (MD5/Plain Text)
1. conf t
2. interface
3. ip ospf authentication-key [password]
4. ip ospf authentication [message-digest/null]
HELLO PACKET
* Router ID
* Hello & Date intervals **
* Neighbors
* Area ID **
* ROuter Priority
* DR IP address
* BDR IP address
* Authentication PW **
* Stub Area Flag **
**
Implementing VLANs and Trunks
Logical Network
Segmentation, Flexibility, Security
Trunks Link (Carried Encapsulated VLAN infomation)
-Bridge betweens Swicthes
-Must be Fast Ethernet
Encapsulation types:
1. Inter Switch Link, *Cisco Only
2. IEEE 802.1Q, Native VLAN1(Untagged)
Syntax
1. en
2. vlan 10
3. name HR
4. int [fa0/0]
5. switchport mode access
6. switchport access vlan10
Inter VLAN routing
Router on State
Create two sub interface on single physical interface
HR VLAN-> 10.10.0.0
SALES VLAN->10.20.0.0
Different network
Dynamic VLAN membership Modes
VMPS very expensive
EDS<-Networking Company
Reverse Telnet
1. Set Loopback Address
2. Telnet loopback to port 2000 and above
EIGRP Metric
1. Bandwidth *Can be set in the interface
2. Delay *
3. Reliability ** Always Change
4. Load **
5. MTU
Load Balancing for Unequal Cost Path
1.
2.
Feasible Distance of Successor * Variance = Max Cost Path
Latest IOS have more MAX path=16
EIGRP MD5 Authentication
Send livetime
Accept lifetime
Enter global configuration mode.
Dallas#configure terminal
Create the key chain. MYCHAIN is used in this example.
Dallas(config)#key chain MYCHAIN
Specify the key number. 1 is used in this example.
Note: It is recommended that the key number be the same on all routers involved in the configuration.
Dallas(config-keychain)#key 1
Specify the key-string for the key. securetraffic is used in this example.
Dallas(config-keychain-key)#key-string securetraffic
Dallas(config-keychain-key)#accept-lifetime 09:00:00 13 MAY 2008 17:00:00 13 MAY 2008
Dallas(config-keychain-key)#send-lifetime 09:00:00 13 MAY 2008 duration 28800
End the configuration.
Dallas(config-keychain-key)#end
Dallas#
**Overlap lifetime of two key to have no downtime.
Enter global configuration mode.
Dallas#configure terminal
From global configuration mode, specify the interface that you want to configure EIGRP message authentication on. In this example the first interface is Serial 0/0.1.
Dallas(config)#interface serial 0/0.1
Enable EIGRP message authentication.
The 10 used here is the autonomous system number of the network.
md5 indicates that the md5 hash is to be used for authentication.
Dallas(config-subif)#ip authentication mode eigrp 10 md5
Specify the keychain that should be used for authentication. 10 is the autonomous system number. MYCHAIN is the keychain that was created in the Create a Keychain section.
Dallas(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN
Dallas(config-subif)#end
Complete the same configuration on interface Serial 0/0.2.
Dallas#configure terminal
Dallas(config)#interface serial 0/0.2
Dallas(config-subif)#ip authentication mode eigrp 10 md5
Dallas(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN
Dallas(config-subif)#end
Dallas#
Debug EIGRP
Dallas#debug eigrp packets
Dallas#show key chain
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00807f5a63.shtml
Clock Set
Router# clock set 22:55:05 June 19 2006
Router# show clock detail
Access Control List (ACL)
Assign Into interface, Packet Filtering
OSPF
Shows all the possible path to Destination.
Area 0 <- Root Route Summarized within the Area Border Router. HELLO PACKET->Router ID,
Not more than 50 router in single Area.
Cost = Reference Bandwidth/ Interface Bandwidth
1. enable
2. conf t
3. router ospf [119]
4. network 8.0.1.2 0.0.0.0 area 0
5. network 8.0.1.5 0.0.0.0 area 0
6. network 172.19.90.252 [0.0.0.0] area 0
Line 4 & 5 can be replace by
network 8.0.1.0 0.0.0.7 area 0
Unadvertised Loopback Address
Router ID->Router Name for OSPF-> Ethernet IP address
Link-State Advertisement (LSA) Types:
1. Within the same Area
Got 5 types.
DR's exist for the purpose of reducing network traffic by providing a source for routing updates, the DR maintains a complete topology table of the network and sends the updates to the other routers via multicast
Select :
1. Destinate Router (DR)
2. Backup Destinate Router (BDR)
3. DR Other
*Highest Router ID->DR
*2nd Highest Router ID->BDR
Loop back have Higher Priority than Ethernet
RESET DR
1. enable
2. clear ip ospf process
Set OSPF Priority
1. conf t
2. [interface]
3. ip ospf priority [3]
Debug OSPF
1. debug ospf packets
Load Balance with OSPF?
Tricky...
Set OSPF Cost
1. conf t
2. interface
3. ip ospf cost ?
Manually set all the path cost for every path to be same,
so the router will load balance all the path.
OSPF Authentication (MD5/Plain Text)
1. conf t
2. interface
3. ip ospf authentication-key [password]
4. ip ospf authentication [message-digest/null]
HELLO PACKET
* Router ID
* Hello & Date intervals **
* Neighbors
* Area ID **
* ROuter Priority
* DR IP address
* BDR IP address
* Authentication PW **
* Stub Area Flag **
**
Implementing VLANs and Trunks
Logical Network
Segmentation, Flexibility, Security
Trunks Link (Carried Encapsulated VLAN infomation)
-Bridge betweens Swicthes
-Must be Fast Ethernet
Encapsulation types:
1. Inter Switch Link, *Cisco Only
2. IEEE 802.1Q, Native VLAN1(Untagged)
Syntax
1. en
2. vlan 10
3. name HR
4. int [fa0/0]
5. switchport mode access
6. switchport access vlan10
Inter VLAN routing
Router on State
Create two sub interface on single physical interface
HR VLAN-> 10.10.0.0
SALES VLAN->10.20.0.0
Different network
Dynamic VLAN membership Modes
VMPS very expensive
EDS<-Networking Company
Monday, 12 May 2008
ICND2, 1st Day
Routing
1. Routing Protocol
2. Destination Network ID
3. Exit Interface
Distance Vector
-RIP (120AD), 30s
Hop Count, Exchange Routing Table Periodic Update
-IGRP, 90s
**Rounting Loop (15 Hops MAX)
1. Split Horizon
2. Route Poisoning
3. Poison Reverse
4. Hold Down Timer
5. Triggered Updates
Link State
-OSPF (110AD)
Link State Advertisement (HELO Packet), Triggered Update
Topology Table, Forwarding Table, Adjacency Table
Details Route, Summarize Route
Summarization based on Area 0,1,2, and DEFAULT Subnet Mask
Localized Changes and Minimize Routing Update Traffic
Robust, Fast Convergence, Routers know the Topology
STRICT Network Design
**NOT PERIODIC UPDATE
Advance Distance Vector (Hybrid) *Cisco Only
-EIGRP (90AD), Triggered Update
Bandwidth(*), Delay(*), Loading(Change), Reliability(Change), MTU
Neighbor Table, Topology Table, Routing Table
Primary Route(Successor), Backup Route(Feasible Successor)
Unequal Path Cost Load Balancing * Only in EIGRP
Feasible Distance->My Path
Advertise Distance->Neighbor Path
Advertise Distance(Feasible Successor)Belief the low AD
AD(FS) <> enable
Router# config terminal
Router(config)# router eigrp 1
Router(config-router)# network 10.201.96.0 ?
A.B.C.D EIGRP wild card bits
Router(config-router)# network 10.201.96.0 0.0.15.255
Router(config-router)# no auto-summary
Router(config-router)# end
Router#show ip eigrp ?
No Auto Summary
Discontiguous Network
A discontiguous network is comprised of a major network separated by another major network.
8.0.1.1<-R1 8.0.1.6<-R2 No affected whether it is auto summarized->8.0.0.0
Because it is from same network.
10.1.2.1<-R1 10.1.1.1<-R3 Above are from 2 different network and being summarized->10.0.0.0
Router(config-router)# no auto-summary
Bandwidth and Delay can be set in the serial interface to
balance with Ethernet to show 2 successor. (Equal Path Cost)
1. conf t
2. router eigrp 88
3. variance [1-128]
Autonomous System
1. Interior Gateway (RIP, OSPF, EIGRP)
2. Exterior Gateway Protocol (BGP)
* The AS Number have to be same
FLSM (Fixed Length Subnet Mask)
- Classful Network
- Waste IPs
* RIPv1, IGRP Supported
VLSM (Variable Length Subnet Mask)
- Classless Network
- Save IP Address
- Based on the number of IPs Host
- Further Break Subnet
* Only EIGRP, OSPF, RIPv2 Supported
Bandwidth, Delay
1. conf t
2. bandwidth ?
3. delay ?
Router Summarization
192.168.5.33/32 Host
192.168.5.32/27 Subnet
192.168.5.0/24 Network
192.168.0.0/16 Block of Network
0.0.0.0/0 Default
Load Balancing Unequal Path Cost
EIGRP maximum metric variance = 1
defaults is ratio 1 to 1
1. Routing Protocol
2. Destination Network ID
3. Exit Interface
Distance Vector
-RIP (120AD), 30s
Hop Count, Exchange Routing Table Periodic Update
-IGRP, 90s
**Rounting Loop (15 Hops MAX)
1. Split Horizon
2. Route Poisoning
3. Poison Reverse
4. Hold Down Timer
5. Triggered Updates
Link State
-OSPF (110AD)
Link State Advertisement (HELO Packet), Triggered Update
Topology Table, Forwarding Table, Adjacency Table
Details Route, Summarize Route
Summarization based on Area 0,1,2, and DEFAULT Subnet Mask
Localized Changes and Minimize Routing Update Traffic
Robust, Fast Convergence, Routers know the Topology
STRICT Network Design
**NOT PERIODIC UPDATE
Advance Distance Vector (Hybrid) *Cisco Only
-EIGRP (90AD), Triggered Update
Bandwidth(*), Delay(*), Loading(Change), Reliability(Change), MTU
Neighbor Table, Topology Table, Routing Table
Primary Route(Successor), Backup Route(Feasible Successor)
Unequal Path Cost Load Balancing * Only in EIGRP
Feasible Distance->My Path
Advertise Distance->Neighbor Path
Advertise Distance(Feasible Successor)
AD(FS) <> enable
Router# config terminal
Router(config)# router eigrp 1
Router(config-router)# network 10.201.96.0 ?
A.B.C.D EIGRP wild card bits
Router(config-router)# network 10.201.96.0 0.0.15.255
Router(config-router)# no auto-summary
Router(config-router)# end
No Auto Summary
Discontiguous Network
A discontiguous network is comprised of a major network separated by another major network.
8.0.1.1<-R1 8.0.1.6<-R2 No affected whether it is auto summarized->8.0.0.0
Because it is from same network.
10.1.2.1<-R1 10.1.1.1<-R3 Above are from 2 different network and being summarized->10.0.0.0
Router(config-router)# no auto-summary
Bandwidth and Delay can be set in the serial interface to
balance with Ethernet to show 2 successor. (Equal Path Cost)
1. conf t
2. router eigrp 88
3. variance [1-128]
1. Interior Gateway (RIP, OSPF, EIGRP)
2. Exterior Gateway Protocol (BGP)
* The AS Number have to be same
FLSM (Fixed Length Subnet Mask)
- Classful Network
- Waste IPs
* RIPv1, IGRP Supported
VLSM (Variable Length Subnet Mask)
- Classless Network
- Save IP Address
- Based on the number of IPs Host
- Further Break Subnet
* Only EIGRP, OSPF, RIPv2 Supported
Bandwidth, Delay
1. conf t
2. bandwidth ?
3. delay ?
Router Summarization
192.168.5.33/32 Host
192.168.5.32/27 Subnet
192.168.5.0/24 Network
192.168.0.0/16 Block of Network
0.0.0.0/0 Default
Load Balancing Unequal Path Cost
EIGRP maximum metric variance = 1
defaults is ratio 1 to 1
Friday, 9 May 2008
ICND1, 5th Day
CDP (only Cisco) Layer 2
1. show cdp nei
2. show cdp nei det
3. config t
4. cdp timer [60]
5. cdp holdtime [60]
6. no cdp run
7. int s0/0
8. no cdp enable
Show Memory
1. show run
2. show start
3. show flash
Erase StartUp Config
1. write erase
TFTP Configuration Backup
Download
1. copy running-config tftp:
Upload
2. copy tftp run
IOS Backup
Download
1. show flash (get filename)
2. copy flash tftp
Upload
1. copy tftp flash
Domian lookup
1. no ip domain-lookup
2. conf t
3. ip host [domain] [IP]
Debug Command
1. debug ip [rip]
2. conf t
3. service timestamps debug dattime msec (add timestamp inti debug info)
Cisco Security Device Manager (S1800, S2800)
1. Enable
2. conf t
3. ip http server (port 80 listen)
Password Recovery
Must go thru the console cable
2600 Router
1. Power CYcle
2.
3. confreg 0x2142
4. reset
2500 Router
1. Power CYcle
2.
3. 0/r 0x2142
**Change the register back to 0x2102
1. enable
2. confi t
3. enable secret cisco
4. write
5. conf t
6. config-reg 0x2102
* Privilege Level 1 most restrict - Level 15 admin
Format Router
1. write erase
2. reload
Catalyst
VLAN
1. vlan 50
2. name 3P
3. conf t
4. int fa0/0
5. switchport access vlan 50
6. show vlan brie
7. show flash (stored vlan info)
* delete vlan.dat (Clean VLAN info)
RESET Switches Password
1. Hyper Terminal
2. Power Cycle
3. Hold Mode Button and Power On,
Release after the STAT LED goes out
4. Flash Init
5. load_helper
6. dir flash:
7. rename flash:config.text
8. boot
9. n
10. en
11. rename flash:config.old flash:config.text
12. copy flash:config.text system:running-config
13. config t
14. enable secret cisco
15. exi
16. dis en
Configure EIGRP
1. conf t
2. router [eigrp] [autonomous number]
3. network [2.0.2.0] [0.0.0.3, REVERSE MASK]
Redistribution for Routing Protocol
1. router eigrp [500]
2. redistribute rip metric 100000 1000 255 1 1500
1. router rip
2. redistribute eigrp 500 metric 2
Prepare for ICND2:
1. Frame Relay
2. VLAN trunking protocol, spanning tree protocol
3. RP-> OSPF
4. Wildcard Mask
5. IPV6-> OSPFv3, RIPng
1. show cdp nei
2. show cdp nei det
3. config t
4. cdp timer [60]
5. cdp holdtime [60]
6. no cdp run
7. int s0/0
8. no cdp enable
Show Memory
1. show run
2. show start
3. show flash
Erase StartUp Config
1. write erase
TFTP Configuration Backup
Download
1. copy running-config tftp:
Upload
2. copy tftp run
IOS Backup
Download
1. show flash (get filename)
2. copy flash tftp
Upload
1. copy tftp flash
Domian lookup
1. no ip domain-lookup
2. conf t
3. ip host [domain] [IP]
Debug Command
1. debug ip [rip]
2. conf t
3. service timestamps debug dattime msec (add timestamp inti debug info)
Cisco Security Device Manager (S1800, S2800)
1. Enable
2. conf t
3. ip http server (port 80 listen)
Password Recovery
Must go thru the console cable
2600 Router
1. Power CYcle
2.
3. confreg 0x2142
4. reset
2500 Router
1. Power CYcle
2.
3. 0/r 0x2142
**Change the register back to 0x2102
1. enable
2. confi t
3. enable secret cisco
4. write
5. conf t
6. config-reg 0x2102
* Privilege Level 1 most restrict - Level 15 admin
Format Router
1. write erase
2. reload
Catalyst
VLAN
1. vlan 50
2. name 3P
3. conf t
4. int fa0/0
5. switchport access vlan 50
6. show vlan brie
7. show flash (stored vlan info)
* delete vlan.dat (Clean VLAN info)
RESET Switches Password
1. Hyper Terminal
2. Power Cycle
3. Hold Mode Button and Power On,
Release after the STAT LED goes out
4. Flash Init
5. load_helper
6. dir flash:
7. rename flash:config.text
8. boot
9. n
10. en
11. rename flash:config.old flash:config.text
12. copy flash:config.text system:running-config
13. config t
14. enable secret cisco
15. exi
16. dis en
Configure EIGRP
1. conf t
2. router [eigrp] [autonomous number]
3. network [2.0.2.0] [0.0.0.3, REVERSE MASK]
Redistribution for Routing Protocol
1. router eigrp [500]
2. redistribute rip metric 100000 1000 255 1 1500
1. router rip
2. redistribute eigrp 500 metric 2
Prepare for ICND2:
1. Frame Relay
2. VLAN trunking protocol, spanning tree protocol
3. RP-> OSPF
4. Wildcard Mask
5. IPV6-> OSPFv3, RIPng
Thursday, 8 May 2008
ICND1, 4th Day
LoopBack
1. config t
2. int loopback 0
3. ip add [IP] [Netmask]
Static Route (Two Way)
1. config t
2. ip route [DEST Network ID] [DEST Network Netmask] [Gateway IP]
3. exit
4. show ip route
Set Hostname
1. config t
2. ip host [DEST hostname] [DEST host ip]
Show Telnet
1. show seesion
2. show line
Show SSH
1. show ssh
Set Banner
1. conf t
2. banner motd *
Data-Link Protocol
-HDLC (High Level Data-Link Control)
-PPP (Point to Point)
-Multi Protocol Layer Switching (Take Over Frame Relay)
-Frame Relay (Take Over ATM) Using Virtual Circuit
-ATM
Packet Switching->Frame Relay
1. Share BandWidth
Network Address Translation, Firewall
- An IP address is either local / global
- Local IP address are seen in the inside network(LAN)
-Global IP address are seen in the outside network(WAN)
-Assignment can be static or dynamic
-Overloading an Inside Global Address
Static NAT
-Define Inside/Outside Interface
-Inside source address translation
1. config t
2. int s1/1
3. ip nat inside
4. int s1/0
5. ip nat outside
6. ip nat inside [SRC IP] [DEST IP]
7. show ip nat trans
Go to inside router
8. ip route 0.0.0.0 0.0.0.0 2.0.2.1
Change Encapsulation (Device Dependent)
-HDLC (default)
-PPP (support authentication)
1. encapsulation hdlc/ppp
Frame Relay
-Digital Link Connection Identifier,DLCI
Autonomous System (ISP)
-Border Gateway Protocol used among different AS.
-IGRP, EIGRP, RIP used inside same AS.
Classful RP
-RIPv1 (Send the whole Routing Table every 30s)
Only advertise own network.
-IGRP
Classless RP
-RIPv2
-OSPF
-EIGRP (Trigger Update)
-IS-IS
1. config t
2. router rip
3. version [2]
4. network [NetworkID]
5. exit
6. show ip protocols / show ip route
7. debug ip rip
8. un all
TIPS:
Router initial setup, Configuration
1. setup
Exit from continue ping
2.Ctrl -Shift-6 x
1. config t
2. int loopback 0
3. ip add [IP] [Netmask]
Static Route (Two Way)
1. config t
2. ip route [DEST Network ID] [DEST Network Netmask] [Gateway IP]
3. exit
4. show ip route
Set Hostname
1. config t
2. ip host [DEST hostname] [DEST host ip]
Show Telnet
1. show seesion
2. show line
Show SSH
1. show ssh
Set Banner
1. conf t
2. banner motd *
Data-Link Protocol
-HDLC (High Level Data-Link Control)
-PPP (Point to Point)
-Multi Protocol Layer Switching (Take Over Frame Relay)
-Frame Relay (Take Over ATM) Using Virtual Circuit
-ATM
Packet Switching->Frame Relay
1. Share BandWidth
Network Address Translation, Firewall
- An IP address is either local / global
- Local IP address are seen in the inside network(LAN)
-Global IP address are seen in the outside network(WAN)
-Assignment can be static or dynamic
-Overloading an Inside Global Address
Static NAT
-Define Inside/Outside Interface
-Inside source address translation
1. config t
2. int s1/1
3. ip nat inside
4. int s1/0
5. ip nat outside
6. ip nat inside [SRC IP] [DEST IP]
7. show ip nat trans
Go to inside router
8. ip route 0.0.0.0 0.0.0.0 2.0.2.1
Change Encapsulation (Device Dependent)
-HDLC (default)
-PPP (support authentication)
1. encapsulation hdlc/ppp
Frame Relay
-Digital Link Connection Identifier,DLCI
Autonomous System (ISP)
-Border Gateway Protocol used among different AS.
-IGRP, EIGRP, RIP used inside same AS.
Classful RP
-RIPv1 (Send the whole Routing Table every 30s)
Only advertise own network.
-IGRP
Classless RP
-RIPv2
-OSPF
-EIGRP (Trigger Update)
-IS-IS
1. config t
2. router rip
3. version [2]
4. network [NetworkID]
5. exit
6. show ip protocols / show ip route
7. debug ip rip
8. un all
TIPS:
Router initial setup, Configuration
1. setup
Exit from continue ping
2.Ctrl -Shift-6 x
Wednesday, 7 May 2008
ICND1, 3rd Day
Boson Netsim
1. Set up Serial Connection
Security->Console
1. config terminal
2. line console 0
3. password [cisco]
4. password secret [ccna]
Security->Enable
1. config terminal
2. enable password [cisco]
3. enable password secret [ccna]
Security->Encryption
1. service password-encryption
Security->SSH
1. line vty 0 15
2. transport input ssh
Security->Port Security
1. interface fa0/5
2. switchport mode access
3. switchport-security
4. switchport-security maximum 1
5. switchport-security mac-address sticky (learn SRC MAC of 1st Frame)
OR
switchport-security mac-address 0016.2233.4455
6. switchport-security violation shutdown
Protect - Stop Frame
Restrict - Keep Track wrong MAC
Shutdown - Close the port until admin reopen
7. show port-security interface fastEthernet 0/1
8. show port-security address
* Trunk port is carry all vlan info
* Access port is only carry one vlan info
Setting Duplex and Speed
1. duplex full
2. speed 100
Loops
1. Broadcast Storm
2. MAC Database Instability
3. Multiple Frame Copies
Spanning Tree Protocol
->Block
->Listening
->Learning
->Forwarding
Cat Switches
-Micro segmentation
-VLAN
Routing Protocol
Router learn indirectly connected network with RP.
-Routing Information Protocol, Distance Vector Routing
RIP (Hop Count MAX 15)
Periodic Update Routing Table, 30s
-IGRP , 90s
-Open Shortest Path First, Link State Advertisement
OSPF (Path Cost, MAX hop 255), Fast RP
3 Tables (Neigbours, Topology, Routing)
-Interior Gateway Routing Protocol, Balance Hybrid
-EIGRP
(Only Update when path change), Fast RP
Primary Route, Keep Backup Route
(K Value->Bandwidth,Delay,Loading,MaxTransferUnit,Reliability)
*Prior the lowest Administrative Distance (AD) of Routing Protocol
EIGRP-90AD
RIP-120AD
OSPF-110AD
IP Route (Static/Dynamic)
-show ip route
Save configuration
1. copy running-config startup-config
2. write memory
TIPS:
Add prefix {no} onto snytax command to remove settings.
1. Set up Serial Connection
Security->Console
1. config terminal
2. line console 0
3. password [cisco]
4. password secret [ccna]
Security->Enable
1. config terminal
2. enable password [cisco]
3. enable password secret [ccna]
Security->Encryption
1. service password-encryption
Security->SSH
1. line vty 0 15
2. transport input ssh
Security->Port Security
1. interface fa0/5
2. switchport mode access
3. switchport-security
4. switchport-security maximum 1
5. switchport-security mac-address sticky (learn SRC MAC of 1st Frame)
OR
switchport-security mac-address 0016.2233.4455
6. switchport-security violation shutdown
Protect - Stop Frame
Restrict - Keep Track wrong MAC
Shutdown - Close the port until admin reopen
7. show port-security interface fastEthernet 0/1
8. show port-security address
* Trunk port is carry all vlan info
* Access port is only carry one vlan info
Setting Duplex and Speed
1. duplex full
2. speed 100
Loops
1. Broadcast Storm
2. MAC Database Instability
3. Multiple Frame Copies
Spanning Tree Protocol
->Block
->Listening
->Learning
->Forwarding
Cat Switches
-Micro segmentation
-VLAN
Routing Protocol
Router learn indirectly connected network with RP.
-Routing Information Protocol, Distance Vector Routing
RIP (Hop Count MAX 15)
Periodic Update Routing Table, 30s
-IGRP , 90s
-Open Shortest Path First, Link State Advertisement
OSPF (Path Cost, MAX hop 255), Fast RP
3 Tables (Neigbours, Topology, Routing)
-Interior Gateway Routing Protocol, Balance Hybrid
-EIGRP
(Only Update when path change), Fast RP
Primary Route, Keep Backup Route
(K Value->Bandwidth,Delay,Loading,MaxTransferUnit,Reliability)
*Prior the lowest Administrative Distance (AD) of Routing Protocol
EIGRP-90AD
RIP-120AD
OSPF-110AD
IP Route (Static/Dynamic)
-show ip route
Save configuration
1. copy running-config startup-config
2. write memory
TIPS:
Add prefix {no} onto snytax command to remove settings.
Tuesday, 6 May 2008
ICND1, 2nd Day
Straight Cables
-Connect different devices, Host to Switch, Router to Switch,
Crossover Cables
-Connect same devices
-Router to Host, Host to Host, Switch to Switch(Trunk Link), Hub to Hub, Hub to Switch
Serial Cables
-DCE(ISP), DTE
Core Layer
Distribution Layer (QoS, Packet Filtering)
Access Layer (10BT/100BT)
ROM(Bootstrap)->Flash(InterNetworkingOS)->NV(StartUpConfig)->V(RunningConfig)
IOS->v12.4
Register
0x2102->Normal
0x2142->RESET password
Cisco Routers Basic Configuration Using Telnet
ADMINISTRATIVE CONFIG
enable/disable (enable secret [password])
'>' USER
'#' ADMINISTRATOR
SET HOSTNAME
configure terminal (config t)
hostname [routername]
SET TELNET CONN AND SET PASSWORD
lin vty 0 30 (Allow 31 user telnet)
password [cisco] (Set Telnet Password)
no login (Do not prompt for password)
GET CONSOLE MESSSAGE
terminal monitor
configure terminal (config t)
lin console 0 (Console User 1)
password [cisco] (Set Console Password)
login (Prompt Console User for Password)
BASICS CONNECTIVITY:
LAYER 1 & 2 Info
show ip interface brief
CONFIG INTERFACE (LAYER 1)
int serial[0/0]
no shutdown
CAUSE FOR UP/DOWN INTERFACE
1. Clock Rate (DCE)
2. Mismatch Encapsulation (High Level Datalink Control)
3. Keep Alive
SHOW CONTROLLER (Check DCE or DTE)
-show controllers s[1/0]
SET CLOCK RATE (LAYER 2)
1. sh s[1/0]
2. config t
3. int s[1/0]
4. clock rate ?
5. show controllers s[1/0]
SET IP ADDRESS (LAYER 3)
1. config t
2. ip address [IP] [NETMASK]
VERIFY INTERFACE
1. show cdp neighbour (LAYER 2 Cisco Discovery Protocol)
2. ping IP address (LAYER 3 IP NETMASK)
3. show ip int bri (ALL 1,2,3 LAYER)
SHOW MEMORY
1. show running-config
2. show startup-config
SHORTCUT KEY
Refer to the book pg197.
WRITE to Interface
Wiki :
DHCP
-Discover
-Offer
-Request
-Acknowledge
IP
Establish Connection (Three-Way Handshake)
TCP
1. Flow Control
2. TCP Acknowledgement
3. Fixed Windowing/Sliding Windowing
4. Packet Sequence Number
ARP (Address Resolution Protocol)
Use to troubleshoot
arp -a
arp -s 172.19.90.17 00-00-00-00-00-00
LAN Switch Modes
-Cut through
-Fragment Free
-Store & Forward
VLAN Overview
-Logically segmenting the switches.
-Separates broadcast domain.
* Different Clock Rate will be cap down
to the slow setting for 2 different clock rate
for Serial Conn.
Monday, 5 May 2008
ICND1, 1st Day
OSI Model-> 7 Layer
Concentrated On First 4 Layer.
T->UDP/TCP
N->Packet(IP): Routers
D->Frame(MAC): Switches
P->Binary: Cables, Hubs
Cisco Icon-> Hub, Switch, Router
Collision Domain, Broadcast Domain
Hub-> 1CD, 1BD
Switch-> *CD, 1BD
Router-> *CD, *BD
IP -> 5 Classes, Prefix, Network ID, Broadcast ID, Valid IP?
IP Address->NetworkHost
Subnet Mask shows Networks and Hide Hosts
Subnetting based on Networks/Hosts
1. Find Bits
2. Borrow Bits
3. Find New Subnet Mask
4. Find Range
Valid IP address?
1. On the same network
2. Must be valid IP (Excluded NetworkID & BroadcastID)
References:
1. http://www.subnetmask.info/
*Troubleshoot from bottom layer.
Concentrated On First 4 Layer.
T->UDP/TCP
N->Packet(IP): Routers
D->Frame(MAC): Switches
P->Binary: Cables, Hubs
Cisco Icon-> Hub, Switch, Router
Collision Domain, Broadcast Domain
Hub-> 1CD, 1BD
Switch-> *CD, 1BD
Router-> *CD, *BD
IP -> 5 Classes, Prefix, Network ID, Broadcast ID, Valid IP?
IP Address->NetworkHost
Subnet Mask shows Networks and Hide Hosts
Subnetting based on Networks/Hosts
1. Find Bits
2. Borrow Bits
3. Find New Subnet Mask
4. Find Range
Valid IP address?
1. On the same network
2. Must be valid IP (Excluded NetworkID & BroadcastID)
References:
1. http://www.subnetmask.info/
*Troubleshoot from bottom layer.
Friday, 2 May 2008
Thesis Draft
Finally i get my first approved (signature)
from one of my FYP examiners-> Dr. Adzir
Two more to go.
Well, at the end of this week i hope to get my hard bound ready...
from one of my FYP examiners-> Dr. Adzir
Two more to go.
Well, at the end of this week i hope to get my hard bound ready...
Subscribe to:
Posts (Atom)