Day 15 : Managing telnet and console session

show line - command will show status of all Console, AUX and VTY (telnet) lines (* denotes an active connection on the particular line).

show user - command will show currently active users. If the user is using telnet, it will also show the IP address of the users' host.

clear line [line-number] - command will stop current active user. If the user is using telnet session, the session will be terminated.

show session - command will show all outbound telnet sessions from a router.

disconnect [session-number] - command will stop existing outbound telnet session

Day 15 : Managing OS and Configuration

OS file and Configuration file

Operating System use in Cisco routers and switches is called IOS (Internetwork Operating System). IOS is a monolithic, single-file OS. IOS file is stored in Flash file system.
IOS file can also be saved on a TFTP server.

Configuration on a Cisco router is kept in Non-volatile RAM (nvram). NVRAM retain configuration when the router is power off.
When a router is power on, configuration also stays in RAM. Changes made to configuration only stays in RAM and it is important to save the configuration to NVRAM so that it will not be lost when a router is power cycled.
Configuration can also be saved on a TFTP server.

Configuration in RAM is referred in IOS command as -> running-config.
Configuration in NVRAM is referred in IOS command as -> startup-config.

Command equivalent
write memory (copy running-config startup-config)
write terminal (show running)
write network (copy running-config tftp)

Password recovery (when password is forgotten)

1. Power cycle the router
2. Enter control+break key when the router is starting up (the router will go to ROM Monitor with rommon > prompt)
3. Enter (confreg 0x2142) - to bypass startup configuration where password is kept)
4. Enter "reset" command or power cycle the router
5. After boot is completed, enter "no" at initial startup configuration.
6. Go to Enable mode.
7. Copy configuration from NVRAM to RAM (copy startup-config running-config)
8. Change the forgotten password(s)
9. Change configuration-register value back to 0x2102
10. Save the config.

Day 15 : ISDN Reference Points

Equipment

TE1 - Terminal Equipment type 1 (devices has built-in IDSN connection)
TE2 - Terminal Equipment type 2 (devices that do not understand ISDN standard)
TA - Terminal Adapter (connectes TE2 to ISDN network)

Reference Points

R - ref point between non-ISDN device (TE2) and TA
S - ref point between ISDN device and NT2
T - ref point between NT2 and NT1
U - ref point between NT1 and ISDN network

* In North America and Japan, ISDN devices has U interface. Customer equipment (CPE) has NT1.
** In Europe, ISDN devices has S/T interface. Service provider provide NT1 service in central office equipment.

Day 13 & 14 : OSPF

OSPF uses bandwidth to calculate shortest path. The formula for OSPF cost is 100Mbps/bandwidth.

Every router in OSPF autonomous system advertise link state. Link state advertisement (LSA) contains IP address of the link (interface), netmask, cost, network type. Unlike DV protocols, intermediate router relay LSA to the neighbors without modifying it.

There are 4 OSPF network types.
1. point-to-point (e.g HDLC)
2. broadcast (e.g Ethernet)
3. NBMA
4. virtual-link

Before neighboring OSPF routers exchange LSA, they have to become neighbor first using Hello protocol. To become an OSPF neighbor, both routers must agree on certain criteria (IP address/mask, OSPF area, network type etc.)
OSPF router maintains neighbors in adjacency database. Neighbor routers exchange Hello packets to make sure neighbors are alive. If a neighbor router does not send Hello for a while (Dead timer), the router is marked as dead and removed from adjacency database.
(10 seconds Hello, 40 seconds Dead - for Broadcast and point-to-point network)
(30 seconds Hello, 120 seconds Dead - for NBMA network)
** Dead timer is 4 times of Hello interval.

All LSA are kept in link-state database.
OSPF router runs SPF algorithm against link-state database and produce shortest path tree. The shortest route from the tree is used in routing table.

Once the LSAs are exchanged and SPF algorithm is computed on all the routers, all OSPF routers stopped exchanging LSA except for low overhead Hello between neighbor. OSPF routers refresh LSA database every 30 minutes.
Bandwidth requirement for OSPF routing protocol traffic is minimal as compared to DV protocols.

To minimize OSPF link-state database size, OSPF routers can be separated into different areas. Area 0 is required and it is called backbone area. Non-backbone areas MUST touch backbone area.
A router in area 0 is called a backbone router.
A router which is configured with more than 1 area is called ABR (area border router).
A router inside a router is called an internal router.

In broadcast network and NBMA topology, OSPF elect DR (designated router) and BDR (backup designated router) to minimize number of neighbor relationships which in turn minimize Hello protocol updates and LSA updates.
All routers establish adjacency with only DR and BDR regardless of number of routers.
DR/BDR election a tie breaker process is based on OSPF priority value and highest routerID. OSPF priority value 0 means the router will not participate in DR/BDR election process.

Loopback addresses are prefered over physical address for routerID and it is a good practice to configure loopback interface on the router running OSPF.

Day 11 & 12 : Distance Vector Routing Protocols

RIP, RIPv2 and IGRP are distance vector routing protocols.
DV routing protocols use hop count (except IGRP) as the metric to find the best path.

DV routing protocols advertise the whole routing table to the adjacent neighbors as periodic updates.

DV routing protocols do not send subnet mask in routing updates and uses default subnet mask based on IP address class. That is why they are know as classful routing protocols.
* RIPv2 does send subnet mask in routing updates and hence it is a classless routing protocol.

DV routing protocols are subject to routing loops.

DV routing protocols have very slow network convergence time.

Maximum hop count is used to limit the size of the network. (RIP uses 15 as maximum, IGRP as 255)

Due to periodic nature of DV routing protocols, there are several timers.
1. Update timer (time between successive routing updates)
2. Hold timer (time that a router keeps a route without routing updates from neighbor)
3. Flush timer (time that a router keeps before a router deletes the route)

RIP - 30/180/240 (same for RIPv2)
IGRP - 90/280/630

Routing Loop Prevention in DV Routing Protocols
1. Split Horizon (do not advertise a route back to the incoming interface)
2. Triggered update (sends a routing update as soon as the router detects a link failure)
3. Route Poisoning (send a route with metric of 16 when a router detects a route failure)
4. Poison Reverse (split horizon update with route poisoning)

Day 9 & 10 : Intro to Routing Protocols

Static routes are not scalable in large networks. Routing protocols automatically adveertised routing information throughout the network. Routers dynamically learn new routes and remove failed routes.

There are 2 categories of routing protocols based on their use.
1. Interior Gateway Protocols (used in a single organization/autonomous system)
(a) RIP (Routing Information Protocol)
(b) IGRP (Interior Gateway Routing Protocol)
(c) EIGRP (Enhanced IGRP)
(d) OSPF (Open Shortest Path First)
(e) IS-IS (Intermtediate system to Intermediate System)

2. Exterior Gateway Protocols (used for Inter autonomous system/the Internet)
(a) BGP (Border Gateway Protocol)

Routing protocols are also categorized based on their computational algorithm.
1. Distance Vector Protocol
(a) RIP
(b) RIP version 2
(c) IGRP
2. Link State Protocol
(a) OSPF
(b) IS-IS
3. Hyprid (mix of DV and LS)
(a) EIGRP
4. Path Vector
(a) BGP

- Algorithm used in EIGRP is called DUAL (Diffused Update Algorithm)
- IGRP and EIGRP are Cisco proprietary algorithm
- Algorithm used in OSPF and IS-IS is called Dijkstra's Shortest Path First (SPF) algorithm

- DV routing protocols (except RIPv2) do not send subnet mask information in routing updates. Those protocols use default subnet mask based on class of IP address. For that reason, DV routing protocols are called Classful routing protocols.
Classful routing protocols do not support VLSM (variable length subnet mask)

- All routing protocols, except RIP and IGRP, send subnet mask information in routing updates. These routing protocols are known as Classless routing protocols.
Classless routing protocols support VLSM.

Day 7 & 8 : WAN Protocols

WAN protocols specifications are defined in lower layers of OSI protocols, most of them at physical and data link layer and some at network layer.

Physical layer specifications define speed and channel. There are
1. Unchannelized circuits
2. Channelized circuits (ISDN PRI, ISDN-BRI)

Both channelized and unchannelized circuits are available at different speed. Minimum speed is 64Kbps and is known as DS0 speed.
DS1, also known as T1, has 24 times of DS0 channel and thus operates at 1.54Mbps.
DS3, also known as T3, has 30 times of DS1 channel and thus operates at 45Mbps
More information about T career
Up to DS3 circuit is delivered over copper cabling. Speed higher than DS3 circuits are delivered over optical cable. More information about Optical career

Data link layer specifications define framing. For example,
1. HDLC (proprietary to Cisco equipment)
2. PPP
3. Frame Relay
4. LAPD (framing for ISDN D channel)

ISDN
ISDN stands for Intergrated Services Digital Network. ISDN protocols define lower 3 layers of OSI protocol.
ISDN BRI has 2 data channels and 1 control channel. Data channel is called B channel and control channel, D channel. ISDN BRI is also called 2B1D. Each B channel has 64Kbps and can carry either a voice conversation or 64Kbps of data. D channel has 16Kbps.
ISDN PRI has 23 data channels and 1 control channel and thus it is called 23B1D. Each B channel has 64Kbps and D channel also has 64Kbps. ISDN PRI is mainly used in PBX systems.

Day 6 (Communication between 2 IP subnets)

1. Static route on a computer (Windows)
2. Default route/Default gateway
3. Trunking between a switch and a router

1. Static route on a computer (Windows)
If Host A wants to communicate with Host B, either host must know how to reach to the other. In other words, proper routes must exist on both hosts.
It is a very important and fundamental concept of routing.
Ask at least 2 questions, all the time.
- Does host A have a route to reach host B?
- And does host B have a route to get back to host A?

On a windows computer, static routes are configured as in following format
route add mask gateway
e.g. route add 192.168.10.0 mask 255.255.255.0 172.16.31.126

On a Cisco router, static routes are configured as in follwing format.
ip route
e.g. ip route 192.168.10.0 255.255.255.0 172.16.31.126

2. Default route/Default gateway
Default route is used when a host/router does not have more specific route.
On a home computer network, default route is the only route and it is automatically assigned to a home computer by the home router via DHCP.
Default route is represented by network address 0.0.0.0, mask 0.0.0.0.

Default gateway is the IP address used by default route.
On a home computer network, default gateway is the IP address of LAN interface of the home router.

On a Cisco router, default gateway is also known as "gateway of last resort".

To configure a default gateway on a Cisco router, a default route is configured as in following format.
ip route 0.0.0.0 0.0.0.0
e.g. ip route 0.0.0.0 0.0.0.0 172.16.31.1

3. Trunking between a switch and a router
A trunk is a single physical connection that can carry more than 1 Vlan.

Day 5 (IP Address)

As discussed in Day 2, there are 3 IP classes. IP classes are based on first octect.
1 - 126, Class A
128 - 191, Class B
192 - 223, Class C

Class A default netmask is 8 bits, described as /8 or 255.0.0.0
Class B default netmask is 16 bits, described as /16 or 255.255.0.0
Class C default netmask is 24 bits, described as /24 or 255.255.255.0

Netmask defines the number of hosts that can be used in a given network.
Class A default netmask allows 16 million addresses in a network.
Class B default netmask allows 65536 addresses in a network.
Class C default netmask allows 256 addresses in a network.

When network addresses are used along with default netmask, they are said to be "classful addressing."

First address of the network cannot be assigned to a host. It is used to identify the network itself and it is known as "network address" or "subnet" address.

Last address of the network cannot be assigend to a host. It is used to identify all hosts in the network and it is called "broadcast address". (e.g. Ping to a broadcast address will be heard by all the hosts in the network.)

Using a netmask value greater than default value is called "Subnetting".
Using a netmask value smaller than default value is called "Supernetting".

Subnetting is used to reduce the number of hosts in a network.
Supernetting is used to increase the number of hosts in a network.

Subnetting and supernetting is called "classless addressing".

IOS commands

IOS Command Modes

IOS has several command modes. Each mode can be identified by the prompt.
Switch>           - user mode
Switch#           - enable mode
Switch(vlan)#           - Vlan database mode
Switch(config)#           - global configuration mode
Switch(config-if)#           - interface configuration mode
Switch(config-line)#           - line (vty/aux/console) configuration mode

enable - change to enable/privilige mode
disable - change to user mode
configure terminal - change to global config mode
show interface
show version
show vlan
vlan database - change to vlan database mode
vlan [VlanID] - create a new vlan in vlan database mode
switchport access vlan [VlanID] - change a switch port to a new Vlan

3/4/07

switchport mode trunk - change a switch port to trunk mode
switchport trunk encapsulation [ISL/Dot1q] - change trunk type of a switch port
switchport trunk vlan allow [VlanID] - set allowable vlan to a trunk port
switchport trunk vlan allow add [VlanID] - add allowable vlan to a trunk port
switchport trunk vlan remove [VlanID] - remove allowable vlan from a trunk port

encapsulation dot1q [VlanID] - configure router subinterface as a vlan trunk

show ip interface brief - check current ip interfaces
show running-config - check current configuration
enable password [PASSWORD] - set privilege level password (insecure)
enable secret [PASSWORD] - set privilege level password (secure)
line vty 0 4 - change to vty (telnet) line config mode
line aux 0 - change to aux (modem) line config mode
line console 0 - change to console line config mode
service password-encryption - scramble/encrypt clear text passwords

Day 4

1. Vlan
2. Spanning Tree

1. Vlan
Vlans let network administrator create multiple virtual broadcast domains in a single switch.
Hosts between differnent Vlans cannot communicate without a router or a layer 3 device.

By default, Cisco switches has one Vlan, which is Vlan1 and all the switch ports are in Vlan1.

Following config depicts how to create a new Vlan (vlan 2) and move port 1 to newly created vlan. Configuration is for Cisco 2900 XL series switch.



2. Spanning Tree
Multiple connections between switches cause traffic loop which in turn leads to traffic/broadcast storms.
Multiple connections between switches are desirable for redundancy.

Spanning tree allows multiple inter-switch connections by automatically blocking one of the connections leaving only one active connection. In case of active connection failure, blocking port will become the active one.

Day 3

1. Names and Numbers
2. Internet Standards (RFCs)
3. Private and Public IP Addresses

1. Names and Numbers
Every name in TCP/IP protocol layers has it own number associated with it. After all, computers only understand numbers.
People remember websites by its name, e.g., www.yahoo.com, www.google.com.
www.yahoo.com has its own IP address 69.147.114.210
www.google.com has its own IP address 64.233.161.99

Computer name (hostname) to IP address translation is provided by Domain Name Service (DNS).
DNS also provide IP address to computer name, known as reverse DNS.

Also, applications have their own number known as port number. They are also called well-known ports.
HTTP (Hyper Text Transfer Protocol) used by web pages uses TCP port number 80.
HTTPS (Secure HTTP) uses port number 443.
DNS (Domain Name Service) uses port number 53.
Telnet uses port number 23.
SSH uses port number 22.

Here is the updated list of well-known port numbers.

IANA (http://www.iana.org/) is the governing body that control names and numbers of the Internet.



2. Internet Standards (RFCs)
Internet standards are called RFCs (Request For Comments).
Current standards RFCs can be found here. [It is not required to read RFC for CCNA exam]

RFCs are contributed and maintained by industry experts.

3. Private and Public IP Addresses
3 blocks of IP addresses are reserved for private use. Private IP addresses can be used in an organization provided that those hosts will not be connected to the Internet directly.
Private IP address standard is defined in RFC1918.
Private address blocks are
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

If an organzation wants to connet to the Internet, a public IP address is required. The organization can get public IP address either from an ISP or from ARIN (in United States).
Small organizations should request public IP address from ISP and larger ones from ARIN.

RIPE controls IP names and number for Europe and Middle East.
APNIC controls IP names and number for Asia Pacific.
AFRINIC controls IP names and number for Europe and Africa.
LACNIC controls IP names and number for Latin America and Carribean.

Day 2

1. TCP/IP Layers Model
2. Encapsulation and De-encapsulation
3. Legacy IP classes

1. TCP/IP Layers Model

TCP/IP protocol suite is the result of academic research started in 1970s funded by Department of Defense.
(For those interested in history of Interet should read Where wizards stay up late book.)
TCP/IP use 4 layers model as opposed to ISO 7 layers model.
Studying sniffer traces in Wireshark can help understanding TCP/IP layering model.

TCP/IP 4 layers, in order of bottom to top, are
a. Network Interface Layer
b. Internetwork Layer
c. Transport Layer (aka Host-to-Host Layer)
d. Application Layer

Followings are a few examples of avaiable technology/protocol in today (2007) computer networks.
a. Network Interface Layer - Ethernet, T1, DS3, ISDN
b. Internetwork Layer - IP
c. Transport Layer - TCP, UDP
d. Application Layer - HTTP, SSH, Telnet, DNS



2. Encapsulation and De-encapsulation
When Host A sends data to Host B via a TCP/IP network, sender (Host A) encapsulates data with required information from lower layer protocol. Receiver (Host B) de-encapsulates by removing lower layer protocol overhead until it can retrieves data sent from Host A.

For a HTTP traffic, following occurs at Host A before it is sent to the network in that order.
a. HTTP layer encapsulation
b. TCP layer encapsulation
c. IP layer encapsulation
d. Ethernet layer encapsulation

Once Host B receive data, following happens.
a. Ethernet layer de-encapsulation
b. IP layer encapsulation
c. TCP layer encapsulation
d. HTTP layer encapsulation
- and Host B receives data sent from Host A.



3. Legacy IP classes

IP address were divided into 3 classes.
Class A was meant for large schools and companies, those who need up to 16 milliion IP addresses.
Class B was meant for medium schools and companies, those who need up to 65,534 IP addresses.
Class C was meant for small schools and companies, those who need less than 255 IP addresses.

Soon, designer of IP classes realize that the size of companies or schools do not neatly fit into just 3 categorizes and that it is ineffecient and wasteful.
For example, a Class B must be assigned a school that needs 4,000 IP address, wasting almost 60,000 IP addresses.

Idea of classful addressing is no longer valid these days. But the term Class A, B and C are still used in the industry and it is required to understand and memorize those classes and their addressing system.

Class of an IP address can be recognized by looking at the first byte (aka first octect). Following is the relation of first octect of IP address to IP class.
1 - 126, Class A
128 - 191, Class B
192 - 223, Class C

* Classes are based on location of 1st zero in binary value of first octect (which is easier for computer but not so for human beings).

Day 1

1. MAC Address
2. Sniffer
3. Connecting two computers with a hub, a switch and a router

1. MAC Address

Every NIC has a universally unique MAC address. (Some manufacturers allow user-configurable MAC address.)
Use ipconfig/all (Windows) , ifconfig (Linux) to check MAC address of NIC.

MAC address is 6 bytes (48 bits) long.
First 3 bytes (24 bits) is OUI and is controlled by IEEE (http://www.ieee.org).
NIC manufacture buys OUI from IEEE.
Last 3 bytes (24 bits) is assigend by NIC maker.

NIC maker can be found by using OUI at IEEE website. (http://standards.ieee.org/regauth/oui/index.shtml)


2. Sniffer

A sniffer is a software program that can intercept data going across a computer network. A packet sniffer is also known as network analyzer or a protocol analyzer.

Probably the most popular and free packet sniffer is Wireshark. (http://www.wireshark.org). It was known as Ethereal until recently. Due to trademark issue, the program was renamed.

Free sniffer programs for Unix are tcpdump (Linux/BSD) and snoop (solaris).

Sniffer put NIC into "prosmiscous mode" so that it can see all the data going over the network. Proper setup of network devices (hub, switch or router) is required so that a sniffer can capture data. (Wireshark will NOT properly work with Wifi NIC. )

3. Connecting computers with a hub, and a switch

Computer A, B and C are connected to a network device.

If Computer A sees unicast traffic between Computer B & C, then all three computers are in the same collision domain. The network device will be a hub.

Computer A does not see unicast traffic between Computer B & C but if it sees broadcast traffic from B or C, then all three computers are the same broadcast domain. They are NOT in the same collision domain. The network device will be a switch.

If Computer A does not see unicast or broadcast traffic between Computer B & C, then Computer A is in different broadcast domain from Computer B & C. The network device will be a router.