Day 1: ICND1 Last Review (WAN basics, NAT/PAT terminology and RIP)

My ICND1 exam is booked on monday but I didn't have much time this week so I'll focus mainly on WAN connections, namings in NAT/PAT and RIP.

There are two major categories for WANs:

1. Dedicated: point-point lines provide a preestablished WAN communications path from the customer premises through the provider network to a remote destination. Usually leased from a carrier and obviously called leased lines.
2. Switched:
1. Circuit-Switched: dynamically establishing a dedicated virtual connection. Before communication can start it's necessary to establish the connection through the network of the service provider. Examples are PSTN and DSL (I know it's also a bit packet-switched but for the exam I'll keep it to this).
2. Packet-Switched: because data flow fluctuates (nobody uses 100% bandwith all the time) so in these networks the data is transmitted in labeled cells, frames or packets. There's no dedicated path between source and destination endpoints, allowing for the sharing of connection links and common carrier resources for data transmission. The carrier can create virtual circuits between customer sites. When the customer is not using the full bandwith on its virtual circuit, the carrier, through statistical multiplexing, can make the unused bandwith available to another customer. Examples are Cable, Frame Relay.
3. Cell-Switched: an example is ATM and it uses small fixed-size cells of 53 bytes (48 bytes for data).

NAT connects two networks together and translates the private addresses (inside local) in the internal network into public addresses (inside global) before packets are forwarded to another network. The inside network is the set of networks that are subject to translation, the outside network refers to all other addresses.

• inside local address: the IP address assigned to a host on the inside network, likely not assigned by the NIC or service provider.
• inside global address: a legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.
• outside local address: the IP address of an outside host as it appears to the inside network, not necessarily legitimate, it's allocated from an address space routable on the inside.
• outside global address: the IP address assigned to a host on the outside network by the host owner. This address is allocated from a globally routable address or network space.

You can verify the NAT and PAT configuration by using
show ip nat translation to display active translations and
clear ip nat translation * to clear all dynamic address translation entries (they'll time out after 24 hours by default).

Static routes are commonly used when you're routing from a network to a stub network. This stub network or leaf node is a network accessed by a single route. They can also be useful for specifying a "gateway of last resort" to which all packets with an unknown destination address will be sent. Obviously the static route must be configured in both directions for end-to-end connectivity. An example:
ip route 172.16.1.0 255.255.255.0 172.16.2.1
Don't mix it up with default route, for this you also give the IP address of the next-hop router to be used as default for packet forwarding, an example:
ip route 0.0.0.0 0.0.0.0 172.16.2.2
The ip classless command tells the route not to drop packets that are destined for a network that's not in the routing table, but to use the default route instead. If you don't use the ip classless command, packets like that would be dropped before being sent to the default route. (ip classless is on by default in IOS 12.x.).

It's recommended to set the bandwith command on the serial interface, this provides a minimum bandwith guarantee during congestion (used by some routing protocols). It has no effect on the actual speed of the line. Bandwith refers to the rate at which data is transferred over the communication link.
1DS0 = 64 kb/s
24DS0s = DS1 or T1 = 1.544 Mb/s

The show controller command displays information about the physical interface itself. Very useful to termine the type of cable connected to the serial interface. Please note that this information is determined when the router initially starts!

High-Level Data Link Control (HDLC) protocol specifies an encapsulation method for data on synchronous serial data links using frame character and checksum. HDLC supports both point-to-point and multipoint configurations and includes a means for authentication. HDLC may not be compatible between vendors from different vendors. There's a Cisco implementation of HDLC which is the default encapsulation for serial lines, as you probably know it doesn't show up in running-config! Cisco HDLC has no windowing or flow control, and only point-to-point connections are allowed. The Cisco HDLC implementation includes proprietary extensions in the data field to allow multiprotocol support at a time before PPP was specified. Use ppp when interoperability is required.

Routing protocols (like RIP, EIGRP) are used between routers to determine paths and maintain routing tables. After the path is determined, a router can route a routed protocol (like IP).

An autonomous system is a collection of networks under a common administrative domain. IGPs operate within an autonomous system and EGPs connect different autonomous systems.

Classful routing protocols do not include the subnet mask with the route advertisements (most distance vector routing protocols). When a classful routing protocol is used, all subnetworks of the same major network must use the same subnet mask. Routers that are running a classful routing protocol perform automatic route summarization accross network boundaries. When receiving a routing update packet, the router will apply the default classful mask if the routing update information contains a major network that is different! If the routing update information contains the same major network number as is configured on the receiving interface, the router applies the subnet mask that is configured on the receiving interface.
Classless routing protocols include the subnet mask with the route advertisement, they support variable-length subnet mask (VLSM). The summarization process is controlled manually and can usually be invoked at any bit position with in the address. Manual summarization may be required to keep the size of the routing tables manageable.

RIP is capable of load-balancing over as many as 16 equal-cost paths (default = 4).
RIPv1: classful, no VLSM, subnet mask is not send, broadcast, no manual route summarization and no authentication support.
RIPv2: classless, VLSM, subnet mask is sent, multicast, manual route summarization, authentication support.

router rip command starts the RIP routing process.
version 2 enables RIP version 2
network 10.0.0.0 selects the participating attached networks and requires a major classful network number!
Use the show ip protocols command to display values about routing protocols and the routing protocol timer information associated with the routers. Important values is the flushed field (240 seconds) which specifies the time after which the individual routing information will be thrown out. The hold down (180 seconds) field: an update to a route that was down and is now up will stay in the hold down (possibly down) state until 180 seconds have passed.

show users - show sessions

If you want to see who's logged onto a router, use command show users

BE-607NR01#show users
    Line       User       Host(s)              Idle       Location
*  6 vty 0     admin      idle                 00:00:00 10.32.20.1
   7 vty 1     admin      idle                 00:00:22 10.32.20.7

  Interface    User               Mode         Idle     Peer Address
  Vi3                             PPPoATM      00:00:00 80.1.2.2

This shows the open sessions to your router. The line with the * is the current session, where we used the command. If you want to kill an open Telnet session, use command clear line x

Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/5.x/command/reference/sh_ti_tr.html#wp1028456

To see the active sessions from your remote device, use command show sessions
If you enter a sessionnumber you'll access it, use disconnect to leave.
Ctrl-Shift-6-x brings you back, it also suspends Telnet/SSH sessions.

XX-001NR01#show sessions

% No connections open

Another useful command is show line which gives a nice overview.

dash shell

Just noticed that Ubuntu Server 9.10 has dash for default shell.

In case you're wondering what it is:

dash stands for Debian Almquist shell en is a POSIX-compliant implementation of /bin/sh that aims to be as small as possible. It does this without sacrificing speed where possible. In fact, it is significantly faster than bash (the GNU Bourne-Again SHell) for most tasks.

If you want to figure your current shell, the command is

echo $0

Changing the default shell can be done by the command  

ln -sf /bin/bash /bin/sh

-s symbolic links instead of hard links

-f force

Useful links:

http://en.wikipedia.org/wiki/Debian_Almquist_shell

http://en.wikipedia.org/wiki/POSIX

Day 2: Studying Sample Exam Questions

I'm probably not gonna be able to take the exam this weekend plus I'm booked for an Oracle course next week so I'll spend some extra time studying sample exam questions. This is gonna be an overview of interesting questions (for me) collected from various books and sites to review just before exam day.

This post will be updated till I take (and pass) the exam...

• It is not possible to obtain CDP information about a remote device. Don't answer that you can use SSH or Telnet.
• A CDP update packet has platform and device identifiers information.
• show cdp entry * produces the same result as the show cdp neighbors detail command.
• show cdp interface displays the frequency at which packets are sent, encapsulation type and holdtime for an interface where CDP is enabled. show cdp traffic displays CDP packet checksum errors. This is an example (thx to David L. from CLN):

          P1R1#show cdp interface

          FastEthernet0/0 is up, line protocol is down

          Encapsulation ARPA

          Sending CDP packets every 60 seconds

          Holdtime is 180 seconds

          FastEthernet0/1 is administratively down, line protocol is down

          Encapsulation ARPA

          Sending CDP packets every 60 seconds

          Holdtime is 180 seconds

          Serial0/0/1 is up, line protocol is up

          Encapsulation HDLC

          Sending CDP packets every 60 seconds

          Holdtime is 180 seconds

          P1R1#show cdp traffic

          CDP counters :

          Total packets output: 38, Input: 34

          Hdr syntax: 0, Chksum error: 0, Encaps failed: 0

          No memory: 0, Invalid packet: 0, Fragmented: 0

          CDP version 1 advertisements output: 0, Input: 0

          CDP version 2 advertisements output: 38, Input: 34

• ROMMON is a low-level os normally used for manufacturing testing and troubleshooting.
• If the boot field value is 0x2 then the router will check the startup-config file for boot system commands. The boot field is the low-order 4 bits of the configuration register in a Cisco router. the value in part tells the router where to look for a Cisco IOS image to load.
• On most routers, the Cisco IOS software is loaded into RAM to run, but on some routers it's run directly from flahs memory.
• show flash displays the amount of memory that's available where the IOS image is stored, don't mix this up with show run!
• service timestamps command is used to add time stamps to a debug or log message.
• The application layer is the most diverse area of the OSI model and the TCP/IP stack.

Day 3: WAN Connections

A telecommunications service provider (TSP) can offer these WAN connection types:

• Point-to-Point Protocol (PPP): a specific dedicated path through the TSP network that connects two LANs over a large geographic area. Typically leased lines.
• Circuit-switched: allows the client to create and close connections over the TSP network. Think of the operation as phone call. Examples are ISDN or dialup network access.
• Packet-switched: a client uses a software-managed virtual circuit over a shared connection. Examples are Frame Relay.

After connecting your router or customer premises equipment (CPE) device to the Channel Service Unit/Data Service Unit (CSU/DSU) provided by the ISP, you need to configure the interface on the router. If its a serial interface, the CSU/DSU provides the clock rate as the data circuit-terminating equipment (DCE) and your router acts as the data terminal equipment (DTE).

The Cisco default encapsulation for a serial interface is High-Level Data Link Control (HDLC). This is a Data Link layer protocol used to encapsulate and transmit packets over point-to-point links. It handles the transfer of data in full duplex, as well as link management functions. As an OSI standard, many vendors implement the HDLC protocol in their equipment. These are usually not interoperable. This is because the Cisco HDLC frame uses a proprietary "Type" field that may not be compatible with equipment of other vendors. When the HDLC frame format was defined, it did not enclude a field to identify the Network layer protocol that it was framing. As such, the OSI version of HDLC assumes that any link using HDLC is running only a single Network layer protocol like IP. This has led vendors to implement HDLC using a proprietary frame format that includes a type code field, thus allowing the Network layer protocol within a frame to be identified. Because of this proprietary nature, you should only use HDLC framing on point-to-point links when the routers at each end of a link is from the same vendor. In cases where you want to connect equipment from different vendors over a leased line, the Point-to-Point protocol (or PPP) should be used. Always remember that the router on both sides of a ppp link must be using the same data framing method in order to communicate. You can change the encapsulation to PPP as a more flexible, nonpropietary encapsulation. PPP supports authentication in clear-text Password Authentication Protocol (PAP) or encrypted Challenge Handshake Authentication Protocol (CHAP). A router can also use Frame Relay as an encapsulation. Frame Relay virtual circuits use HDLC encapsulation and each circuit is identified by a data link connection identifier (DLCI).

You can use the encapsulation command in interface configuration mode. An example is encapsulation ppp.

HDLC and PPP are layer 2 protocols. HDLC is actually the default protocol on all Cisco serial interfaces. If you do a show run on a Cisco router, your serial interfaces will have no encapsulation by default (it's HDLC)! Use a show interface serial ... to see that you're running HDLC.

You can select one of the following address types for a serial WAN connection:

• A static IP address allows the administrator to manually enter the IP address and subnet mask. Available for PPP, Frame Relay and HDLC.
• IP unnumbered sets the interface to match the IP address of another enabled interface on the router. Available for PPP, Frame Relay and HDLC.
• IP negotiated is available for PPP and allows the router to obtain address information automatically from the ISP.

Day 4: Security Applications

Besides antivirus, antispam and antispyware software you should make use of a firewall. This can come packaged as a standalone security appliance, a server-based firewall that installs on a network operating system (NOS), a module that can be installed or is integrated inside an existing router, or a personal firewall that installs on a network host. Firewalls are installed between two networks and can control traffic in the following ways:

• Filter traffic based on destination and source IP address or MAC address, block websites based on url or keywords, and filter traffic based on the type of application used for network transmission.
• Inspect incoming traffic and ensure that each incoming packet is a response to a legitimate outgoing request. This stateful packet inspection (SPI) can prevent DoS attacks.
• Firewalls can also provide network address translation (NAT) for additional security on an internal network.

A firewall can protect users on the intranet but some network devices may need greater access. Servers outside the internal network protected by another firewall are in the demilitarized zone (DMZ). This is typically an area more secure than a direct connection to the Internet lcoated between an internal and external firewall. When setting up a smaller network, you can create a subnet and configure a single integrated router/firewall to provide DMZ levels of security to only specific devices. A standard DMZ allows incoming requests on standard server ports like 80, 21 and 110 (POP3). I bet you know the other two :)
On larger networks you usually design firewall security in layers. Border routers filter packets and route traffic to the DMZ or an internal firewall. The internal firewall only allows outside traffic that was specifically requested by an internal device. Additional internal firewalls may seperate and protect sensitive areas. These can provide an extra layer of security in case an internal host is infected.

Short overview of two types of sensors available to detect and prevent network intrusions:

• Intrusion Detection Systems (IDS): monitors traffic on one port and notifies a management station. Can detect only the first malicious transmission but can reconfigure the router to block future attacks. Used on the network perimeter in front of a firewall to analyze attacks or behind a firewall to detect firewall configuration issues.
• Intrusion Prevention Systems (IPS): traffic passes through the IPS in one port and out another which filters suspicious traffic in real time. Can examine the entire data packet from L7 to L2. Usually placed behind a firewall to further examine packets destined for the internal network.

Both are implemented as software (Cisco IOS ISP), hardware and Adaptive Security Appliance (ASA).

Network security can also be improved by:

• Authentication requires users to verify their identity with a username and password using a RADIUS or TACACS server.
• Authorization limits access for users based on rights assigned to the user account by the administrator.
• Accounting tracks user network activity and application use.

Day 5: Security Threats

These are some common techniques that focus on the user as the weak link:

• Pretexting: an attacker masquerades as the helpdesk or creates a legitimate-sounding scenario to convince the user to reveal sensitive network information.
• Phishing: an attacker sends an email posing as a legitimate organization and requests verification of account username and passwords.
• Vishing/phone phishing: an attacker uses Voice over Internet Protocol (VoIP) to leave a message with a user that claims to be from a banking service with a callback number.

Attackers can also use software in many forms to gain access to a network:

• Virus: typically attached to and activated within another legitimate program.
• Worm: runs independently to send copies of itself.
• Trojan horse: looks like a legitimate program to trick the user into intalling.
• Denial of service (DoS): attackers also use bandwith and available connections to affect the network's operation. A DoS attack floods a network or server with traffic, preventing any legitimate connections or use.

Overview of various Network Service Attacks:

• DoS - Synchronous (SYN) flooding: flooding a server with requests from a fake IP address and cause the server to use resources responding to these requests.
• DoS - Ping of death: attackers send a ping greater than the maximum allowed and causes a system to shut down.
• DDoS - Distributed Denial of Service: attackers use multiple hosts to attack a single server or servcie. Usually there'll be botnets used to attack a target site.
• Brute force: repeated attempts to crack usernames/passwords with software that uses combinations.

Besides all these there are also spyware, cookies, spam, even randomware nowadays:
https://patrickwbarnes.com/blog/2009/11/on-borrowed-time-the-threat-of-ransomware/

Don't forget that internal users can also (un)intentionally harm a network and an ISP should be the first line of defence!

Here are some common methods for protecting our networks:

• Patch
• Update
• Virus protection
• Spyware protection
• Spam blocker
• Popup blocker
• Firewall

Day 6: Wireless Security

A network administrator shoudl implement the following security features on a WLAN during initial setup (mind you they're easily avoided):

• Disable SSID broadcast.
• Change default settings.
• Enable MAC address filtering.

We can implement authentication for the WLAN (by username or password). This will occur before MAC filtering and there are three types of wireless authentication:

1. Open authentication: all clients can connect to the WLAN.
2. Preshared keys (PSK): both AP and client are configured with the same key. This is a one-way authentication because the AP doesn't authenticate with the host (user doesn't have to authenticate).
3. Extensible Authentication Protocol (EAP): the EAP software on the client communicates with an authentication server as RADIUS which maintains a database of users separate from the AP. 802.1x can also provide AP security through user authentication (EAP).

Its obvious that we need to protect transmission by using some form of WLAN encryption:

• Wired Equivalent Privacy - WEP key is 64 to 256 bits but all devices (including AP) must have the same manually configured static key to understand transmissions. This is easily avoided nowadays with hacking software.
• Wi-Fi Protected Access (WPA) is also 64 to 256 but has a more secure encryption because it rotates keys. WPA uses TKIP (temporal key integrity protocol) to generate new keys for clients and rotate them at a configurable interval, both client and AP have the key. Remember that WPA dynamically generates a different key with each client communication with the AP.
• 802.11i/WPA2 is a better version that uses advanced encryption standard (AES) technology.

WPA is a more powerful security technology for Wi-Fi networks than WEP. It provides strong data protection by using encryption as well as strong access controls and user authentication. WPA utilizes 128-bit encryption keys and dynamic session keys to ensure your wireless network's privacy and enterprise security. There are two basic forms of WPA: WPA Enterprise (requires a Radius server) and WPA Personal (also known as WPA-PSK). Either can use TKIP or AES for encryption. Not all WPA hardware supports AES. WPA-PSK is basically an authentication mechanism in which users provide some form of credentials to verify that they should be allowed access to a network. This requires a single password entered into each WLAN node. As long as the passwords match, a client will be granted access to a WLAN. Encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is in WPA-PSK, authentication is reduced to a simple common password, instead of user-specific credentials. The Pre-Shared Key (PSK) mode of WPA is considered vulnerable to the same risks as any other shared password system - dictionary attacks for example. Another issue may be key management difficulties such as removing a user once access has been granted when the key is shared among multiple users, not likely in a home environment.

Consider these points when planning/troubleshooting a WLAN:

• Signal: 802.11b/g/n have a larger coverage area than 802.11a. Generally speaking: the more data rates the lower the coverage area. There's also interference and reflection (RF waves bounce off metal or glass surfaces).
• Standards: be careful with backward-compatibility, some AP's don't support the 5 GHz frequency (802.11a).
• Bandwith: all users share the same bandwith on a BSS.
• Association: make sure that the SSID is correct on clients and AP.
• Total cost of ownership (TCO).
• Channels and correct placing.
• Authentication/security.

Day 7: Wireless Standards

Wireless devices use electromagnetic waves as the physical media for data transmission. Infrared (IR)  transmits over short distances, radio frequency (RF) waves can be used for "real networking". The Industrial, Scientific and Medical (ISM) bands are free to use by unlicensed devices for communication:

• 900 MHz (902 to 928 MHz) supports devices such as wireless headphones and cordless phones.
• 2.4 GHz (2.400 to 2.4835) supports lower-speed, short-range Bluetooth as well as wireless LAN technologies compliant with IEEE 802.11 standards.
• 5 GHz (5.725 to 5.850) supports IEEE 802.11 standards at a higher power level, providing a wider range and increased speeds.

Unfortunately Wireless LANs can interfere with each other. Reduced cost and increased mobility are major advantages.

We can define wireless networks in three categories:

• WPAN - wireless personal-area network: these include PDAs, mice, keyboards and other short-range IR or Bluetooth devices.
• WLAN - wireless local-area network: typically the wireless portion of a LAN that uses RF technology and IEEE 802.11 standards. An access point (AP) usually provides connectivity fro the wireless clients to the wired Ethernet network.
• WWAN - wireless wide-area network: networks that can use cell phone technologies such as Global System for Mobile Communication (GSM) or Code Division Multiple Access (CDMA) to cover large geographic areas.

The Wireless Fidelity (Wi-Fi) Alliance tests wireless devices from different manufacturers and ensures that each device meets standards and will function with devices using the same standards. So its a global, nonprofit industry trade assocation devoted to promoting the growth and acceptance of wireless LANs. The IEEE 802.11 standard governs implementations of WLANs.

IEEE 802.11 Wireless LAN Standards

• 802.11: This original standard was released in 1997 and supports a 2 Mbps data rate over the 2.4 GHz frequency. A maximum range is undefined.
• 802.11a: This amendment was released in 1999 and supports a 54 Mbps data rate over the 5 GHz frequency. The maximum range is estimated at about 50 meters. Interesting sidenote is that this didn't make due to shortage of material at the time, so 802.11b made it.
• 802.11b: released at the same time as 802.11a and made it despite supporting an 11 Mbps data rate over the 2.4 GHz frequency. Maximum range is estimated at about 100 meters.
• 802.11g: This amendment was released in 2003 and supports a 54 Mbps data rate over the 2.4 GHz frequency. Maximum range is estimated at about 100 meters. 802.11g is backwards compatible with 802.11b!
• 802.11n: This is a recent amendment (october 2009) and adds multiple-input and multiple output (MIMO). 802.11n is backwards compatible with 802.11a, 802.11b and 802.11g!

A wireless networks consists of the following components:

• Wireless clients or wireless stations (STA) are devices that participate in a wireless network.
• Wireless access point (AP) provides connectivity between a wired and wireless network by converting Ethernet frames into 802.11-compliant frames or vice versa. APs support connectivity in a basic service set (BSS) or limited area.
• Wireless bridge provides connectivity between two wired networks with a wireless link - typically a long-range ppp connection over RF frequencies.
• Wireless antenna can be a directional antenna that concentrates the signal in one direction or an omnidirectional antenna that increases the signal in all directions. Antennas increase signal strength or gain an can increase distances.

A WLAN is located with a Service Set Identifier (SSID). This is a 32-character, case-sensitive, alphanumeric string located in the header of WLAN frames. WLANs can be set up in od-hoc or infrastructure mode:

• Ad-hoc: Independent basic service set (IBSS) in which devices communicate with each other and are not part of a network. This is a simple peer-to-peer connection among clients to exchange files and data without an access point.
• Infrastructure: BSS in which a group of devices are connnected to an AP. Devices cannot communicate directly; connectivity is centralized, controlle and directed by an access point.

Multiple BSS access points can be connected by a distribution system (DS) to form an extended service set (ESS). To create it, each BSS AP's range must overlap by 10 to 15 percent! This allows a client to move through the ESS without a loss of signal. The ability to shift data rates allows a client to communicate while moving!
Another important aspect is to use different channels for efficient communicatino. Multiple AP's can overlap in range and divide the available RF spectrum by using separate channels (for example 1-6-11).

Wireless networks use an access method called Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). These points define this process and how a client can reserve a channel:

• A device on a BSS asks permission from the AP to communicate in the form of a request to send (RTS).
• If the channel's available, the AP responds with a clear to send (CTS) message.
• The CTS is broadcast to all devices on the BSS so that all devices know that the channel is in use or that a reservation is in place on the channel.
• When the communication is complete, the sending device sends an acknowledgement (ACK)  to the AP, saying that the channel can be released. This ACK is also broadcast to all devices on the BSS to indicate that the channel is available.

The following common parameters must be configured on a wireless access point to provide connectivity:

• Wireless or network mode: can be 802.11a , 802.11b, 802.11g, 802.11n or mixed mode.
• SSID or network name: all devices connected to the WLAN must have the same SSID. It may be a good idea to disable broadcast of the SSID.
• Wireless channel: you can manually configure a channel that doesn't overlap with nearby BSSs or you can allow the AP to automatically find the best channel.

Day 8: Network Status Verification

Show commands are important in ICND1 so I'll describe some common commands to verify network status:

• show running-config: displays running configuration form RAM on the router.
• show interfaces: displays information about the router interfaces, including encapsulation, address configuration and whether the interface is up or down. I use this one a lot!
• show arp: displays any address resolution protocol entries learned by the router.
• show ip route: displays routes manually configured or dynamically discovered by the router.
• show users: displays any users connected to the router.
• show version: displays the version of Cisco IOS software running on the router, name of image and amount of RAM.

There are also well-known some utilities to use on hosts like:

• ipconfig (ifconfig on Linux).
• ping to test Layer 3 connectivity and basic DNS functionality.
• tracert (on windows)
• traceroute
• netstat show information about devices communicating with a host, including IP address and TCP port information.
• nslookup

Important reminder:
After all this you can test Layer 7 connectivity by accessing the router through SSH, Telnet and a web browser.

There's also some debugging with the debug commands, for example debug ip rip. Stop debugging with undebug all.

Day 9: Configuration, IOS and Security

Sometimes you'll use static and default routes.
Any packet for which a router doesn't know the destination will be dropped or forwarded to the default route. This can be done like this:
ip route 0.0.0.0 0.0.0.0 {outgoing-interface | next-hop-address}

If you look in the routing table you'll see static routes identified with prefix S. This is how we manually configure static routes:
ip route 192.168.2.0 255.255.255.0 192.168.1.2

These can all be reviewed with show running-config, and show ip route.

Reviewing IOS configuration files management is also needed for the ICND1 exam. You can either copy/paste the show runs but preferably you have a trivial file transfer protocol (TFTP) server on your network.

• copy running-config tftp: you'll have to enter the ip/hostname of the server and destination filename (router-config).
• copy tftp running-config: restoring the file.

The show version command allows to check the name of the IOS image. We can use copy flash tftp to copy the IOS image from flash memory to a TFTP server. To restore it back we can use copy tftp flash.

It's very important to secure the telecommunications room or wiring closets in your facility. The main distribution facility (MDF) and intermediate distribution facilities (IDF) are the backbone of the network and should be protected. Access to these areas should be restricted. Besides this we also have to protect configuration privileges by adding password security. Don't forget that passwords are encrypted if the command service password encryption is entered.

ESENT - Extensible Storage Engine

Just noticed that this post was unreadable so:

One of my database servers gave this error in event viewer:
svchost (828) The database engine stopped

Windows comes with an embeddable, transactional database engine which is available to developers through the Windows SDK. The ESENT database engine can be used whenever an application wants high-performance, low-overhead storage of structured or semi-structured data. This can range from something as simple as a hash table which is too large to store in memory to a complex application with many tables, columns and indexes. ESENT is used by the Active Directory, Windows Desktop Search, Windows Mail and several other Windows services and a slightly modified version of the code is used by Microsoft Exchange to store all its mailbox data.

Interesting links:
http://msdn.microsoft.com/en-us/library/ms684493%28EXCHG.10%29.aspx
http://managedesent.codeplex.com/

err-disabled mode

Today I had a switchport that went in err-disabled mode. Command show interfaces status err-disabled indicated loopback for reason. It took a while but our technicians eventually followed the cables in the ceiling and they were badly patched.

Cisco has a great page with all the details:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml#topic2

Day 10: CLI Parameter

Cisco IOS Editing keys/commands:
Ctrl-P or up arrow: repeats previous command
Ctrl-A: beginning of command line
Ctrl-E: end of command line
Esc-B: move back one word
Esc-F: move forward one word
Ctrl-Z: exits configuration mode
show history: displays command buffer
terminal history size x: sets history buffer size
terminal no editing: turns off advanced editing (why would you use this...)

Router Initial Configuration:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Cairo
Cairo(config)#banner motd #
Enter TEXT message. End with the character '#'.
Cairo - unauthorized use prohibited
#
Cairo(config)#enable password cisco
Cairo(config)#enable secret sanfran
Cairo(config)#line console 0
Cairo(config-line)#password sanjose
Cairo(config-line)#login
Cairo(config-line)#exit
Cairo(config)#line vty 0 4
Cairo(config-line)#password netadmin
Cairo(config-line)#login
Cairo(config-line)#exit
Cairo(config)#service password-encryption
Cairo(config)#exit
Cairo#
%SYS-5-CONFIG_I: Configured from console by console
Cairo#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Router Ethernet Interface Configuration:
Cairo>enable
Password:
Cairo#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cairo(config)#interface fa0/0
Cairo(config-if)#ip address 192.168.1.1 255.255.255.0
Cairo(config-if)#description Ethernet segment 192.168.1.0
Cairo(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Cairo(config-if)#exit
Cairo(config)#ip host Cairo 192.168.1.1

This last command defines static hostname-to-address mappings in the DNS hostname cache, more info at this link:
http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_ip.html#wp1012102

If the serial interface is a data communications equipment (DCE) device, you'll need to set the clock rate. A router is usually the data terminal equipment (DTE) device so you don't need to set it. As a DTE, the router would accept the clock from a DCE device. Think of it this way, DCE and the C is clock :)

Cairo>enable
Cairo#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Cairo(config)#interface serial 0/0
Cairo(config-if)#ip address 192.168.2.5 255.255.255.252
Cairo(config-if)#clock rate 64000
Cairo(config-if)#no shutdown
Cairo(config)#exit
Cairo#
%SYS-5-CONFIG_I: Configured from console by console
Cairo#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Router Initial Configuration for SDM:
Cairo>enable
Password:
Cairo#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cairo(config)#ip http server
Cairo(config)#ip http secure-server
Cairo(config)#username cisco privilege 15 password 0 class
Cairo(config)#line vty 0 4
Cairo(config-line)#privilege level 15

To establish a username-based authentication system, use the username command in global configuration mode. To enable password checking at login, use the login local command in line configuration mode.

Cairo(config-line)#login local
Cairo(config-line)#transport input telnet
Cairo(config-line)#transport input telnet ssh
Cairo(config-line)#exit

Day 11: RIP Configuration

RIP version 2 or RIPv2 allows a router to discover the location of remote networks dynamically from other routers running RIPv2. In order to confiure it, you'll have to connect to each router and determine which networks are directly connected to each router, and use RIP to configure that router to advertise the location of those networks.

Enter the router configuration mode, tell it's version 2 and specify that RIP will send update information about the directly connected networks. It's extremy simple, you only have to use router rip, version 2, network directly-connected-network.
The most important is that you have to enter the networks CLASSFUL, so a class A is for example 65.0.0.0 instead of the 65.3.0.0!!!!

Cairo>enable
Password:
Cairo#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cairo(config)#router rip
Cairo(config-router)#version 2
Cairo(config-router)#network 192.168.1.0
Cairo(config-router)#network 192.168.2.0
Cairo(config-router)#end
Cairo#
%SYS-5-CONFIG_I: Configured from console by console
Cairo#

show ip route displays all routes in the routing table and indicates routes learned through RIPv2 using the prefix R.

show ip protocols verifies that RIPv2 is configured and operating on the router and that the router is receiving updates and advertising routes. Important to notice are the updates that're being sent every 30 seconds, hold down of 180 seconds and flushed after 240!

debug ip rip displays RIP advertisements on the network in real time. This is very CPU-intensive, so it should be turned off with the undebug all command after use.

The Cisco Learning Network CCENT page has a good 15' video on this subject:
https://learningnetwork.cisco.com/docs/DOC-1300

Day 12: Routing and Routers

Routers see networks, not hosts. There's a big difference between routed and routing protocols.

• Protocols such as IP are routed protocols because the router uses the protocol to forward a packet from one router to another.
• Routing protocols are used by routers to exchange routing information.

Routers decide where to forward a packet by using information stored in routing tables. They maintain a list of its interfaces and which networks are connected to those interfaces in its routing tables. Routers can dynamically learn about routes from other routers (routing protocol!) or the administrator can manually add a static route. When a packet arrives at a router, it'll look at the subnet mask, its routing table and cost.

We have four types of routes that exist in a routing table:

1. Directly connected: a router detects configured networks connected to its interfaces and adds them to the routing table automatically (identified by prefix C). These are automatically updated when the configuration changes or an interface is shut down.
2. Static: manually configured route, identifed by prefix S.
3. Dynamic: these are dynamically updated by the router protocol. Prefix depends on the type of protocol, Routing Information Protocol (RIP) has prefix R.
4. Default: static route that identifies the default gateway for packets addressed with a destination network that a router doesn't have in its routing table.

Dynamic routing protocols typically use the distance vector or link-state algorithm:

Distance Vector:

• Periodically exchanges routing tables with neighboring routers.
• Routes are evaluated on distance (how far) and vector (what direction).
• Distance is expressed in a route cost or metric.
• When a routing table is received it updates its routing information and forwards its routing table with an added hop to neighboring routers.

Link-State:

• Exchanges link-state advertisements (LSA) when a change occurs in a link.
• Maintains a topological database of the network and builds a shortest path first (SPF) tree.
• When an LSA is received, the router will update and recalculate paths.

Routing Information Protocol (RIP):

• Simple distance vector protocol, an interior routing protocol.
• Exchanges complete copies of routing table.
• Maximum 15 hop count - this to determine best path.
• RIP version 2 (RIPv2) is preferred because it includes subnet mask information, where RIPv1 relies on classful default subnet masks. This means that RIPv2 allows VLSM and CIDR.

Enhanced Interior Gateway Routing Protocol (EIGRP):

• Cisco-proprietary interior routing protocol.
• Uses hop count (maximum 224), metrics and advertisements.
• Maintains routing table, neighbor table and topology table.

Open Shortest Path First (OSPF):

• Nonproprietary link-state interior routing protocol that sends LSA updates when there's a topology change.

Router Bootup Process, POST and loading Cisco IOS software:

1. Router performs power-on self-test (POST) to check hardware.
2. Loads bootstrap and initializes Cisco IOS from flash, TFTP or ROM. The location is defined in configuration register.
3. Loads startup configuration file from nonvolatile random-access memory (NVRAM) to random-access memory (RAM) as running configuration.
4. If NVRAM has no configuration file, the router will look for a TFTP-server. If it can't find it, it starts setup.