Search this blog

Monday, February 15, 2010

Day 8: Network Status Verification

Show commands are important in ICND1 so I'll describe some common commands to verify network status:
  • show running-config: displays running configuration form RAM on the router.
  • show interfaces: displays information about the router interfaces, including encapsulation, address configuration and whether the interface is up or down. I use this one a lot!
  • show arp: displays any address resolution protocol entries learned by the router.
  • show ip route: displays routes manually configured or dynamically discovered by the router.
  • show users: displays any users connected to the router.
  • show version: displays the version of Cisco IOS software running on the router, name of image and amount of RAM.
There are also well-known some utilities to use on hosts like:
  • ipconfig (ifconfig on Linux).
  • ping to test Layer 3 connectivity and basic DNS functionality.
  • tracert (on windows)
  • traceroute
  • netstat show information about devices communicating with a host, including IP address and TCP port information.
  • nslookup
Important reminder:
After all this you can test Layer 7 connectivity by accessing the router through SSH, Telnet and a web browser.

There's also some debugging with the debug commands, for example debug ip rip. Stop debugging with undebug all.
Posted by at No comments:
Labels: , , ,

Day 9: Configuration, IOS and Security

Sometimes you'll use static and default routes.
Any packet for which a router doesn't know the destination will be dropped or forwarded to the default route. This can be done like this:
ip route 0.0.0.0 0.0.0.0 {outgoing-interface | next-hop-address}

If you look in the routing table you'll see static routes identified with prefix S. This is how we manually configure static routes:
ip route 192.168.2.0 255.255.255.0 192.168.1.2

These can all be reviewed with show running-config, and show ip route.

Reviewing IOS configuration files management is also needed for the ICND1 exam. You can either copy/paste the show runs but preferably you have a trivial file transfer protocol (TFTP) server on your network.
  • copy running-config tftp: you'll have to enter the ip/hostname of the server and destination filename (router-config).
  • copy tftp running-config: restoring the file.
The show version command allows to check the name of the IOS image. We can use copy flash tftp to copy the IOS image from flash memory to a TFTP server. To restore it back we can use copy tftp flash.

It's very important to secure the telecommunications room or wiring closets in your facility. The main distribution facility (MDF) and intermediate distribution facilities (IDF) are the backbone of the network and should be protected. Access to these areas should be restricted. Besides this we also have to protect configuration privileges by adding password security. Don't forget that passwords are encrypted if the command service password encryption is entered.
Posted by at No comments:
Labels: , , ,

ESENT - Extensible Storage Engine

Just noticed that this post was unreadable so:

One of my database servers gave this error in event viewer:
svchost (828) The database engine stopped

Windows comes with an embeddable, transactional database engine which is available to developers through the Windows SDK. The ESENT database engine can be used whenever an application wants high-performance, low-overhead storage of structured or semi-structured data. This can range from something as simple as a hash table which is too large to store in memory to a complex application with many tables, columns and indexes. ESENT is used by the Active Directory, Windows Desktop Search, Windows Mail and several other Windows services and a slightly modified version of the code is used by Microsoft Exchange to store all its mailbox data.

Interesting links:
http://msdn.microsoft.com/en-us/library/ms684493%28EXCHG.10%29.aspx
http://managedesent.codeplex.com/
Posted by at No comments:
Labels:

Wednesday, February 3, 2010

err-disabled mode

Today I had a switchport that went in err-disabled mode. Command show interfaces status err-disabled indicated loopback for reason. It took a while but our technicians eventually followed the cables in the ceiling and they were badly patched.

Cisco has a great page with all the details:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml#topic2
Posted by at No comments:
Labels: ,

Tuesday, February 2, 2010

Day 10: CLI Parameter

Cisco IOS Editing keys/commands:
Ctrl-P or up arrow: repeats previous command
Ctrl-A: beginning of command line
Ctrl-E: end of command line
Esc-B: move back one word
Esc-F: move forward one word
Ctrl-Z: exits configuration mode
show history: displays command buffer
terminal history size x: sets history buffer size
terminal no editing: turns off advanced editing (why would you use this...)

Router Initial Configuration:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Cairo
Cairo(config)#banner motd #
Enter TEXT message. End with the character '#'.
Cairo - unauthorized use prohibited
#
Cairo(config)#enable password cisco
Cairo(config)#enable secret sanfran
Cairo(config)#line console 0
Cairo(config-line)#password sanjose
Cairo(config-line)#login
Cairo(config-line)#exit
Cairo(config)#line vty 0 4
Cairo(config-line)#password netadmin
Cairo(config-line)#login
Cairo(config-line)#exit
Cairo(config)#service password-encryption
Cairo(config)#exit
Cairo#
%SYS-5-CONFIG_I: Configured from console by console
Cairo#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Router Ethernet Interface Configuration:
Cairo>enable
Password:
Cairo#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cairo(config)#interface fa0/0
Cairo(config-if)#ip address 192.168.1.1 255.255.255.0
Cairo(config-if)#description Ethernet segment 192.168.1.0
Cairo(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Cairo(config-if)#exit
Cairo(config)#ip host Cairo 192.168.1.1

This last command defines static hostname-to-address mappings in the DNS hostname cache, more info at this link:
http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_ip.html#wp1012102

If the serial interface is a data communications equipment (DCE) device, you'll need to set the clock rate. A router is usually the data terminal equipment (DTE) device so you don't need to set it. As a DTE, the router would accept the clock from a DCE device. Think of it this way, DCE and the C is clock :)

Cairo>enable
Cairo#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Cairo(config)#interface serial 0/0
Cairo(config-if)#ip address 192.168.2.5 255.255.255.252
Cairo(config-if)#clock rate 64000
Cairo(config-if)#no shutdown
Cairo(config)#exit
Cairo#
%SYS-5-CONFIG_I: Configured from console by console
Cairo#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Router Initial Configuration for SDM:
Cairo>enable
Password:
Cairo#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cairo(config)#ip http server
Cairo(config)#ip http secure-server
Cairo(config)#username cisco privilege 15 password 0 class
Cairo(config)#line vty 0 4
Cairo(config-line)#privilege level 15

To establish a username-based authentication system, use the username command in global configuration mode. To enable password checking at login, use the login local command in line configuration mode.

Cairo(config-line)#login local
Cairo(config-line)#transport input telnet
Cairo(config-line)#transport input telnet ssh
Cairo(config-line)#exit
Posted by at No comments:
Labels: , , ,

Day 11: RIP Configuration

RIP version 2 or RIPv2 allows a router to discover the location of remote networks dynamically from other routers running RIPv2. In order to confiure it, you'll have to connect to each router and determine which networks are directly connected to each router, and use RIP to configure that router to advertise the location of those networks.

Enter the router configuration mode, tell it's version 2 and specify that RIP will send update information about the directly connected networks. It's extremy simple, you only have to use router rip, version 2, network directly-connected-network.
The most important is that you have to enter the networks CLASSFUL, so a class A is for example 65.0.0.0 instead of the 65.3.0.0!!!!

Cairo>enable
Password:
Cairo#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cairo(config)#router rip
Cairo(config-router)#version 2
Cairo(config-router)#network 192.168.1.0
Cairo(config-router)#network 192.168.2.0
Cairo(config-router)#end
Cairo#
%SYS-5-CONFIG_I: Configured from console by console
Cairo#

show ip route displays all routes in the routing table and indicates routes learned through RIPv2 using the prefix R.

show ip protocols verifies that RIPv2 is configured and operating on the router and that the router is receiving updates and advertising routes. Important to notice are the updates that're being sent every 30 seconds, hold down of 180 seconds and flushed after 240!

debug ip rip displays RIP advertisements on the network in real time. This is very CPU-intensive, so it should be turned off with the undebug all command after use.

The Cisco Learning Network CCENT page has a good 15' video on this subject:
https://learningnetwork.cisco.com/docs/DOC-1300
Posted by at No comments:
Labels: , , ,

Day 12: Routing and Routers

Routers see networks, not hosts. There's a big difference between routed and routing protocols.
  • Protocols such as IP are routed protocols because the router uses the protocol to forward a packet from one router to another.
  • Routing protocols are used by routers to exchange routing information.
Routers decide where to forward a packet by using information stored in routing tables. They maintain a list of its interfaces and which networks are connected to those interfaces in its routing tables. Routers can dynamically learn about routes from other routers (routing protocol!) or the administrator can manually add a static route. When a packet arrives at a router, it'll look at the subnet mask, its routing table and cost.

We have four types of routes that exist in a routing table:
  1. Directly connected: a router detects configured networks connected to its interfaces and adds them to the routing table automatically (identified by prefix C). These are automatically updated when the configuration changes or an interface is shut down.
  2. Static: manually configured route, identifed by prefix S.
  3. Dynamic: these are dynamically updated by the router protocol. Prefix depends on the type of protocol, Routing Information Protocol (RIP) has prefix R.
  4. Default: static route that identifies the default gateway for packets addressed with a destination network that a router doesn't have in its routing table.
Dynamic routing protocols typically use the distance vector or link-state algorithm:

Distance Vector:
  • Periodically exchanges routing tables with neighboring routers.
  • Routes are evaluated on distance (how far) and vector (what direction).
  • Distance is expressed in a route cost or metric.
  • When a routing table is received it updates its routing information and forwards its routing table with an added hop to neighboring routers.
Link-State:
  • Exchanges link-state advertisements (LSA) when a change occurs in a link.
  • Maintains a topological database of the network and builds a shortest path first (SPF) tree.
  • When an LSA is received, the router will update and recalculate paths.
Routing Information Protocol (RIP):
  • Simple distance vector protocol, an interior routing protocol.
  • Exchanges complete copies of routing table.
  • Maximum 15 hop count - this to determine best path.
  • RIP version 2 (RIPv2) is preferred because it includes subnet mask information, where RIPv1 relies on classful default subnet masks. This means that RIPv2 allows VLSM and CIDR.
Enhanced Interior Gateway Routing Protocol (EIGRP):
  • Cisco-proprietary interior routing protocol.
  • Uses hop count (maximum 224), metrics and advertisements.
  • Maintains routing table, neighbor table and topology table.
Open Shortest Path First (OSPF):
  • Nonproprietary link-state interior routing protocol that sends LSA updates when there's a topology change.
Router Bootup Process, POST and loading Cisco IOS software:
  1. Router performs power-on self-test (POST) to check hardware.
  2. Loads bootstrap and initializes Cisco IOS from flash, TFTP or ROM. The location is defined in configuration register.
  3. Loads startup configuration file from nonvolatile random-access memory (NVRAM) to random-access memory (RAM) as running configuration.
  4. If NVRAM has no configuration file, the router will look for a TFTP-server. If it can't find it, it starts setup.
Posted by at 1 comment:
Labels: , , ,
Subscribe to: Posts (Atom)