Today I finally took the Cisco ICND1 exam and passed without any real problems.
As we're not allowed to discuss it, let me just say that you really need to understand it and get some hands on experience.
Monday, March 1, 2010
Sunday, February 28, 2010
Day 1: ICND1 Last Review (WAN basics, NAT/PAT terminology and RIP)
My ICND1 exam is booked on monday but I didn't have much time this week so I'll focus mainly on WAN connections, namings in NAT/PAT and RIP.
There are two major categories for WANs:
show ip nat translation to display active translations and
clear ip nat translation * to clear all dynamic address translation entries (they'll time out after 24 hours by default).
Static routes are commonly used when you're routing from a network to a stub network. This stub network or leaf node is a network accessed by a single route. They can also be useful for specifying a "gateway of last resort" to which all packets with an unknown destination address will be sent. Obviously the static route must be configured in both directions for end-to-end connectivity. An example:
ip route 172.16.1.0 255.255.255.0 172.16.2.1
Don't mix it up with default route, for this you also give the IP address of the next-hop router to be used as default for packet forwarding, an example:
ip route 0.0.0.0 0.0.0.0 172.16.2.2
The ip classless command tells the route not to drop packets that are destined for a network that's not in the routing table, but to use the default route instead. If you don't use the ip classless command, packets like that would be dropped before being sent to the default route. (ip classless is on by default in IOS 12.x.).
It's recommended to set the bandwith command on the serial interface, this provides a minimum bandwith guarantee during congestion (used by some routing protocols). It has no effect on the actual speed of the line. Bandwith refers to the rate at which data is transferred over the communication link.
1DS0 = 64 kb/s
24DS0s = DS1 or T1 = 1.544 Mb/s
The show controller command displays information about the physical interface itself. Very useful to termine the type of cable connected to the serial interface. Please note that this information is determined when the router initially starts!
High-Level Data Link Control (HDLC) protocol specifies an encapsulation method for data on synchronous serial data links using frame character and checksum. HDLC supports both point-to-point and multipoint configurations and includes a means for authentication. HDLC may not be compatible between vendors from different vendors. There's a Cisco implementation of HDLC which is the default encapsulation for serial lines, as you probably know it doesn't show up in running-config! Cisco HDLC has no windowing or flow control, and only point-to-point connections are allowed. The Cisco HDLC implementation includes proprietary extensions in the data field to allow multiprotocol support at a time before PPP was specified. Use ppp when interoperability is required.
Routing protocols (like RIP, EIGRP) are used between routers to determine paths and maintain routing tables. After the path is determined, a router can route a routed protocol (like IP).
An autonomous system is a collection of networks under a common administrative domain. IGPs operate within an autonomous system and EGPs connect different autonomous systems.
Classful routing protocols do not include the subnet mask with the route advertisements (most distance vector routing protocols). When a classful routing protocol is used, all subnetworks of the same major network must use the same subnet mask. Routers that are running a classful routing protocol perform automatic route summarization accross network boundaries. When receiving a routing update packet, the router will apply the default classful mask if the routing update information contains a major network that is different! If the routing update information contains the same major network number as is configured on the receiving interface, the router applies the subnet mask that is configured on the receiving interface.
Classless routing protocols include the subnet mask with the route advertisement, they support variable-length subnet mask (VLSM). The summarization process is controlled manually and can usually be invoked at any bit position with in the address. Manual summarization may be required to keep the size of the routing tables manageable.
RIP is capable of load-balancing over as many as 16 equal-cost paths (default = 4).
RIPv1: classful, no VLSM, subnet mask is not send, broadcast, no manual route summarization and no authentication support.
RIPv2: classless, VLSM, subnet mask is sent, multicast, manual route summarization, authentication support.
router rip command starts the RIP routing process.
version 2 enables RIP version 2
network 10.0.0.0 selects the participating attached networks and requires a major classful network number!
Use the show ip protocols command to display values about routing protocols and the routing protocol timer information associated with the routers. Important values is the flushed field (240 seconds) which specifies the time after which the individual routing information will be thrown out. The hold down (180 seconds) field: an update to a route that was down and is now up will stay in the hold down (possibly down) state until 180 seconds have passed.
There are two major categories for WANs:
- Dedicated: point-point lines provide a preestablished WAN communications path from the customer premises through the provider network to a remote destination. Usually leased from a carrier and obviously called leased lines.
- Switched:
- Circuit-Switched: dynamically establishing a dedicated virtual connection. Before communication can start it's necessary to establish the connection through the network of the service provider. Examples are PSTN and DSL (I know it's also a bit packet-switched but for the exam I'll keep it to this).
- Packet-Switched: because data flow fluctuates (nobody uses 100% bandwith all the time) so in these networks the data is transmitted in labeled cells, frames or packets. There's no dedicated path between source and destination endpoints, allowing for the sharing of connection links and common carrier resources for data transmission. The carrier can create virtual circuits between customer sites. When the customer is not using the full bandwith on its virtual circuit, the carrier, through statistical multiplexing, can make the unused bandwith available to another customer. Examples are Cable, Frame Relay.
- Cell-Switched: an example is ATM and it uses small fixed-size cells of 53 bytes (48 bytes for data).
- inside local address: the IP address assigned to a host on the inside network, likely not assigned by the NIC or service provider.
- inside global address: a legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.
- outside local address: the IP address of an outside host as it appears to the inside network, not necessarily legitimate, it's allocated from an address space routable on the inside.
- outside global address: the IP address assigned to a host on the outside network by the host owner. This address is allocated from a globally routable address or network space.
show ip nat translation to display active translations and
clear ip nat translation * to clear all dynamic address translation entries (they'll time out after 24 hours by default).
Static routes are commonly used when you're routing from a network to a stub network. This stub network or leaf node is a network accessed by a single route. They can also be useful for specifying a "gateway of last resort" to which all packets with an unknown destination address will be sent. Obviously the static route must be configured in both directions for end-to-end connectivity. An example:
ip route 172.16.1.0 255.255.255.0 172.16.2.1
Don't mix it up with default route, for this you also give the IP address of the next-hop router to be used as default for packet forwarding, an example:
ip route 0.0.0.0 0.0.0.0 172.16.2.2
The ip classless command tells the route not to drop packets that are destined for a network that's not in the routing table, but to use the default route instead. If you don't use the ip classless command, packets like that would be dropped before being sent to the default route. (ip classless is on by default in IOS 12.x.).
It's recommended to set the bandwith command on the serial interface, this provides a minimum bandwith guarantee during congestion (used by some routing protocols). It has no effect on the actual speed of the line. Bandwith refers to the rate at which data is transferred over the communication link.
1DS0 = 64 kb/s
24DS0s = DS1 or T1 = 1.544 Mb/s
The show controller command displays information about the physical interface itself. Very useful to termine the type of cable connected to the serial interface. Please note that this information is determined when the router initially starts!
High-Level Data Link Control (HDLC) protocol specifies an encapsulation method for data on synchronous serial data links using frame character and checksum. HDLC supports both point-to-point and multipoint configurations and includes a means for authentication. HDLC may not be compatible between vendors from different vendors. There's a Cisco implementation of HDLC which is the default encapsulation for serial lines, as you probably know it doesn't show up in running-config! Cisco HDLC has no windowing or flow control, and only point-to-point connections are allowed. The Cisco HDLC implementation includes proprietary extensions in the data field to allow multiprotocol support at a time before PPP was specified. Use ppp when interoperability is required.
Routing protocols (like RIP, EIGRP) are used between routers to determine paths and maintain routing tables. After the path is determined, a router can route a routed protocol (like IP).
An autonomous system is a collection of networks under a common administrative domain. IGPs operate within an autonomous system and EGPs connect different autonomous systems.
Classful routing protocols do not include the subnet mask with the route advertisements (most distance vector routing protocols). When a classful routing protocol is used, all subnetworks of the same major network must use the same subnet mask. Routers that are running a classful routing protocol perform automatic route summarization accross network boundaries. When receiving a routing update packet, the router will apply the default classful mask if the routing update information contains a major network that is different! If the routing update information contains the same major network number as is configured on the receiving interface, the router applies the subnet mask that is configured on the receiving interface.
Classless routing protocols include the subnet mask with the route advertisement, they support variable-length subnet mask (VLSM). The summarization process is controlled manually and can usually be invoked at any bit position with in the address. Manual summarization may be required to keep the size of the routing tables manageable.
RIP is capable of load-balancing over as many as 16 equal-cost paths (default = 4).
RIPv1: classful, no VLSM, subnet mask is not send, broadcast, no manual route summarization and no authentication support.
RIPv2: classless, VLSM, subnet mask is sent, multicast, manual route summarization, authentication support.
router rip command starts the RIP routing process.
version 2 enables RIP version 2
network 10.0.0.0 selects the participating attached networks and requires a major classful network number!
Use the show ip protocols command to display values about routing protocols and the routing protocol timer information associated with the routers. Important values is the flushed field (240 seconds) which specifies the time after which the individual routing information will be thrown out. The hold down (180 seconds) field: an update to a route that was down and is now up will stay in the hold down (possibly down) state until 180 seconds have passed.
Friday, February 19, 2010
show users - show sessions
If you want to see who's logged onto a router, use command show users
BE-607NR01#show users
Line User Host(s) Idle Location
* 6 vty 0 admin idle 00:00:00 10.32.20.1
7 vty 1 admin idle 00:00:22 10.32.20.7
Interface User Mode Idle Peer Address
Vi3 PPPoATM 00:00:00 80.1.2.2
This shows the open sessions to your router. The line with the * is the current session, where we used the command. If you want to kill an open Telnet session, use command clear line x
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/5.x/command/reference/sh_ti_tr.html#wp1028456
To see the active sessions from your remote device, use command show sessions
If you enter a sessionnumber you'll access it, use disconnect to leave.
Ctrl-Shift-6-x brings you back, it also suspends Telnet/SSH sessions.
XX-001NR01#show sessions
% No connections openBE-607NR01#show users
Line User Host(s) Idle Location
* 6 vty 0 admin idle 00:00:00 10.32.20.1
7 vty 1 admin idle 00:00:22 10.32.20.7
Interface User Mode Idle Peer Address
Vi3 PPPoATM 00:00:00 80.1.2.2
This shows the open sessions to your router. The line with the * is the current session, where we used the command. If you want to kill an open Telnet session, use command clear line x
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/5.x/command/reference/sh_ti_tr.html#wp1028456
To see the active sessions from your remote device, use command show sessions
If you enter a sessionnumber you'll access it, use disconnect to leave.
Ctrl-Shift-6-x brings you back, it also suspends Telnet/SSH sessions.
XX-001NR01#show sessions
Another useful command is show line which gives a nice overview.
Thursday, February 18, 2010
dash shell
Just noticed that Ubuntu Server 9.10 has dash for default shell.
In case you're wondering what it is:
dash stands for Debian Almquist shell en is a POSIX-compliant implementation of /bin/sh that aims to be as small as possible. It does this without sacrificing speed where possible. In fact, it is significantly faster than bash (the GNU Bourne-Again SHell) for most tasks.
If you want to figure your current shell, the command is
echo $0
Changing the default shell can be done by the command
ln -sf /bin/bash /bin/sh
-s symbolic links instead of hard links
-f force
Useful links:
http://en.wikipedia.org/wiki/POSIX
Tuesday, February 16, 2010
Day 2: Studying Sample Exam Questions
I'm probably not gonna be able to take the exam this weekend plus I'm booked for an Oracle course next week so I'll spend some extra time studying sample exam questions. This is gonna be an overview of interesting questions (for me) collected from various books and sites to review just before exam day.
This post will be updated till I take (and pass) the exam...
This post will be updated till I take (and pass) the exam...
- It is not possible to obtain CDP information about a remote device. Don't answer that you can use SSH or Telnet.
- A CDP update packet has platform and device identifiers information.
- show cdp entry * produces the same result as the show cdp neighbors detail command.
- show cdp interface displays the frequency at which packets are sent, encapsulation type and holdtime for an interface where CDP is enabled. show cdp traffic displays CDP packet checksum errors. This is an example (thx to David L. from CLN):
FastEthernet0/0 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/1 is administratively down, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial0/0/1 is up, line protocol is up
Encapsulation HDLC
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
P1R1#show cdp traffic
CDP counters :
Total packets output: 38, Input: 34
Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
No memory: 0, Invalid packet: 0, Fragmented: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 38, Input: 34
- ROMMON is a low-level os normally used for manufacturing testing and troubleshooting.
- If the boot field value is 0x2 then the router will check the startup-config file for boot system commands. The boot field is the low-order 4 bits of the configuration register in a Cisco router. the value in part tells the router where to look for a Cisco IOS image to load.
- On most routers, the Cisco IOS software is loaded into RAM to run, but on some routers it's run directly from flahs memory.
- show flash displays the amount of memory that's available where the IOS image is stored, don't mix this up with show run!
- service timestamps command is used to add time stamps to a debug or log message.
- The application layer is the most diverse area of the OSI model and the TCP/IP stack.
Monday, February 15, 2010
Day 3: WAN Connections
A telecommunications service provider (TSP) can offer these WAN connection types:
The Cisco default encapsulation for a serial interface is High-Level Data Link Control (HDLC). This is a Data Link layer protocol used to encapsulate and transmit packets over point-to-point links. It handles the transfer of data in full duplex, as well as link management functions. As an OSI standard, many vendors implement the HDLC protocol in their equipment. These are usually not interoperable. This is because the Cisco HDLC frame uses a proprietary "Type" field that may not be compatible with equipment of other vendors. When the HDLC frame format was defined, it did not enclude a field to identify the Network layer protocol that it was framing. As such, the OSI version of HDLC assumes that any link using HDLC is running only a single Network layer protocol like IP. This has led vendors to implement HDLC using a proprietary frame format that includes a type code field, thus allowing the Network layer protocol within a frame to be identified. Because of this proprietary nature, you should only use HDLC framing on point-to-point links when the routers at each end of a link is from the same vendor. In cases where you want to connect equipment from different vendors over a leased line, the Point-to-Point protocol (or PPP) should be used. Always remember that the router on both sides of a ppp link must be using the same data framing method in order to communicate. You can change the encapsulation to PPP as a more flexible, nonpropietary encapsulation. PPP supports authentication in clear-text Password Authentication Protocol (PAP) or encrypted Challenge Handshake Authentication Protocol (CHAP). A router can also use Frame Relay as an encapsulation. Frame Relay virtual circuits use HDLC encapsulation and each circuit is identified by a data link connection identifier (DLCI).
You can use the encapsulation command in interface configuration mode. An example is encapsulation ppp.
HDLC and PPP are layer 2 protocols. HDLC is actually the default protocol on all Cisco serial interfaces. If you do a show run on a Cisco router, your serial interfaces will have no encapsulation by default (it's HDLC)! Use a show interface serial ... to see that you're running HDLC.
You can select one of the following address types for a serial WAN connection:
- Point-to-Point Protocol (PPP): a specific dedicated path through the TSP network that connects two LANs over a large geographic area. Typically leased lines.
- Circuit-switched: allows the client to create and close connections over the TSP network. Think of the operation as phone call. Examples are ISDN or dialup network access.
- Packet-switched: a client uses a software-managed virtual circuit over a shared connection. Examples are Frame Relay.
The Cisco default encapsulation for a serial interface is High-Level Data Link Control (HDLC). This is a Data Link layer protocol used to encapsulate and transmit packets over point-to-point links. It handles the transfer of data in full duplex, as well as link management functions. As an OSI standard, many vendors implement the HDLC protocol in their equipment. These are usually not interoperable. This is because the Cisco HDLC frame uses a proprietary "Type" field that may not be compatible with equipment of other vendors. When the HDLC frame format was defined, it did not enclude a field to identify the Network layer protocol that it was framing. As such, the OSI version of HDLC assumes that any link using HDLC is running only a single Network layer protocol like IP. This has led vendors to implement HDLC using a proprietary frame format that includes a type code field, thus allowing the Network layer protocol within a frame to be identified. Because of this proprietary nature, you should only use HDLC framing on point-to-point links when the routers at each end of a link is from the same vendor. In cases where you want to connect equipment from different vendors over a leased line, the Point-to-Point protocol (or PPP) should be used. Always remember that the router on both sides of a ppp link must be using the same data framing method in order to communicate. You can change the encapsulation to PPP as a more flexible, nonpropietary encapsulation. PPP supports authentication in clear-text Password Authentication Protocol (PAP) or encrypted Challenge Handshake Authentication Protocol (CHAP). A router can also use Frame Relay as an encapsulation. Frame Relay virtual circuits use HDLC encapsulation and each circuit is identified by a data link connection identifier (DLCI).
You can use the encapsulation command in interface configuration mode. An example is encapsulation ppp.
HDLC and PPP are layer 2 protocols. HDLC is actually the default protocol on all Cisco serial interfaces. If you do a show run on a Cisco router, your serial interfaces will have no encapsulation by default (it's HDLC)! Use a show interface serial ... to see that you're running HDLC.
You can select one of the following address types for a serial WAN connection:
- A static IP address allows the administrator to manually enter the IP address and subnet mask. Available for PPP, Frame Relay and HDLC.
- IP unnumbered sets the interface to match the IP address of another enabled interface on the router. Available for PPP, Frame Relay and HDLC.
- IP negotiated is available for PPP and allows the router to obtain address information automatically from the ISP.
Day 4: Security Applications
Besides antivirus, antispam and antispyware software you should make use of a firewall. This can come packaged as a standalone security appliance, a server-based firewall that installs on a network operating system (NOS), a module that can be installed or is integrated inside an existing router, or a personal firewall that installs on a network host. Firewalls are installed between two networks and can control traffic in the following ways:
On larger networks you usually design firewall security in layers. Border routers filter packets and route traffic to the DMZ or an internal firewall. The internal firewall only allows outside traffic that was specifically requested by an internal device. Additional internal firewalls may seperate and protect sensitive areas. These can provide an extra layer of security in case an internal host is infected.
Short overview of two types of sensors available to detect and prevent network intrusions:
Network security can also be improved by:
- Filter traffic based on destination and source IP address or MAC address, block websites based on url or keywords, and filter traffic based on the type of application used for network transmission.
- Inspect incoming traffic and ensure that each incoming packet is a response to a legitimate outgoing request. This stateful packet inspection (SPI) can prevent DoS attacks.
- Firewalls can also provide network address translation (NAT) for additional security on an internal network.
On larger networks you usually design firewall security in layers. Border routers filter packets and route traffic to the DMZ or an internal firewall. The internal firewall only allows outside traffic that was specifically requested by an internal device. Additional internal firewalls may seperate and protect sensitive areas. These can provide an extra layer of security in case an internal host is infected.
Short overview of two types of sensors available to detect and prevent network intrusions:
- Intrusion Detection Systems (IDS): monitors traffic on one port and notifies a management station. Can detect only the first malicious transmission but can reconfigure the router to block future attacks. Used on the network perimeter in front of a firewall to analyze attacks or behind a firewall to detect firewall configuration issues.
- Intrusion Prevention Systems (IPS): traffic passes through the IPS in one port and out another which filters suspicious traffic in real time. Can examine the entire data packet from L7 to L2. Usually placed behind a firewall to further examine packets destined for the internal network.
Network security can also be improved by:
- Authentication requires users to verify their identity with a username and password using a RADIUS or TACACS server.
- Authorization limits access for users based on rights assigned to the user account by the administrator.
- Accounting tracks user network activity and application use.
Subscribe to:
Posts (Atom)