Networking,Security and Wireless Fest: October 2011

Monday, October 17, 2011

CCNA :: Part 9 - IP Access Lists - Named Acess List

Named IP Access Lists

Named ACLs can be used to match the same packets, with the same parameters, you can match with standard and extended IP ACLs. Named IP ACLs do have some differences, however, some of which make them easier to work with. The most obvious difference is that IOS identifies named ACLs using names you make up, as opposed to numbers—and you have a better chance of remembering names. Named ACLs also have another key feature that numbered ACLs do not: You can delete individual lines in a named IP access list. With numbered ACLs, if you enter no access-list 101 and then enter the rest of the command, you don’t just delete that single line—you delete the whole list! With named ACLs, you can enter a command that removes individual lines in an ACL. Other than that, the only differences are the changes in the configuration syntax.

Extended IP Access Control Lists

Extended IP access lists have both similarities and differences compared to standard IP ACLs. Just like standard lists, you enable extended access lists on interfaces for packets either entering or exiting the interface. IOS searches the list sequentially. The first statement matched stops the search through the list and defines the action to be taken. The one key difference between the two is the variety of fields in the packet that can be compared for matching by extended access lists. A single ACL statement can examine multiple parts of the packet headers, requiring that all the parameters be matched correctly in order to match that one ACL statement. That matching logic is what makes extended access lists both much more useful and much more complex than standard IP ACLs

Standard IP Access Control Lists

IP access control lists (ACLs) cause a router to discard some packets based on criteria defined by the network engineer. The goal of these filters is to prevent unwanted traffic in the network—whether to prevent hackers from penetrating the network or just to prevent employees from using systems they should not be using. IP access lists can also be used to filter routing updates, to match packets for prioritization, to match packets for VPN tunneling, and to match packets for implementing quality of service features.

Frame Relay Technology

Frame Relay is still one of the most popular WAN services deployed over the past decade, and there’s a good reason for this—cost. By default, Frame Relay is classified as a non-broadcast multi-access (NBMA) network, meaning it doesn’t send any broadcasts like RIP updates across the network. Frame Relay has at its roots a technology called X.25, and it essentially incorporates the components of X.25 that are still relevant to today’s reliable and relatively “clean” telecommunications networks while leaving out the no-longer-needed error-correction components.

CCNA :: Part 8 - Frame Relay Monitoring and Troubleshooting

Several commands are used frequently to check the status of your interfaces and PVCs once you have Frame Relay encapsulation set up and running:

iscoTests-HQ#sh frame ?
  end-to-end     Frame-relay end-to-end VC information
  fragment       show frame relay fragmentation information
  ip             show frame relay IP statistics
  lapf           show frame relay lapf status/statistics
  lmi            show frame relay lmi statistics
  map            Frame-Relay map table

CCNA :: Part 8 - Frame Relay Implementation

Let’s get started by looking at a simple example given on Fig. 44 from the previous page:

Fig - 44

Here are how these configurations would look about all of the routers:

Authentication

Security issues in a WAN can differ compared to security in a LAN. In a LAN, most devices can be under the control of the organization owning the devices. Traffic between devices in the same building might not ever leave the confines of the office space used by that company. However, with WANs, by definition, the traffic leaves one location and travels through some other network owned by the service provider and back into another site.

Configuration

HDLC and PPP configuration is pretty simple. You just need to be sure to configure the same WAN data-link protocol on each end of the serial link. Otherwise, the routers will misinterpret the incoming frames, because each WAN data-link protocol uses a different frame format. The following table summarize the configuration commands and EXEC commands used for HDLC and PPP configuration.

CCNA :: Part 7 - Point-to-Point Lines

Data-Link Protocols

WAN data-link protocols used on point-to-point serial links provide the basic function of data delivery across that one link. The two most popular WAN data-link protocols are High-Level Data Link Control (HDLC) and PPP. Each of these WAN protocols has the following functions in common:

WAN Basics

The following table gives the basic definitions for the three types of WAN services:

Term	Description
Leased Line	A dedicated, always-on circuit between two endpoints. The service provider just passes a constant rate bit stream; it does not interpret or make decisions based on the bits sent over the circuit. Generally is more expensive than packet switching today.

Configuring OSPF

After identifying the OSPF process, you need to identify the interfaces that you want to activate OSPF communications on as well as the area in which each resides. This will also configure the networks you’re going to advertise to others. OSPF uses wildcards in the configuration. Also, when you configuring an OSPF

CCNA :: Part 6 - OSPF

Open Shortest Path First (OSPF) is an open standard routing protocol that’s been implemented by a wide variety of network vendors, including Cisco. If you have routers from different vendors then you can’t use EIGRP. So your remaining CCNA objective options are basically RIP, RIPv2, and OSPF. If it’s a large network, then, really, your only options are OSPF and something called route redistribution-a translation service between routing protocols that we discussed earlier in this chapter.

OSPF works by using the Dijkstra algorithm. First, a shortest path tree is constructed, and then the routing table is populated with the resulting best paths. OSPF converges quickly, although perhaps not as quickly as EIGRP, and it supports multiple, equal-cost routes to the same destination. Like EIGRP, it does support both IP and IPv6 routed protocols.

CCNA :: Part 5 - EIGRP Configuration

There are two modes from which EIGRP commands are entered: router configuration mode and interface configuration mode. Router configuration mode enables the protocol, determines which networks will run EIGRP, and sets global characteristics. Interface configuration mode allows customization of summaries, metrics, timers, and bandwidth. To start an EIGRP session on a router, use the router eigrp command followed by the autonomous system number of your network. You then enter the network numbers connected to the router using the network command followed by the network number.

EIGRP Features

Enhanced IGRP (EIGRP) is a classless, enhanced distance-vector protocol that gives us a real edge over another Cisco proprietary protocol, Interior Gateway Routing Protocol (IGRP). That’s basically why it’s called Enhanced IGRP.

CCNA :: Part 5 - IP Routing - RIPv2

RIP Version 2 (RIPv2)

Just to mention it. RIP version 2 is mostly the same as RIP version 1. Both RIPv1 and RIPv2 are distance-vector protocols, which means that each router running RIP sends its complete routing tables out all active interfaces at periodic time intervals. Also, the timers and loop-avoidance schemes are the same in both RIP versions-i.e.,

RIP and IGRP

RIP and IGRP have many similarities in their general logic but several differences in the details of their implementation.

Feature	RIP (Default)	IGRP (Default)
Update Timer	30 sec	90 sec
Metric	Hop Count	Function of bandwidth and delay (the default). Can include reliability, load, and MTU.

CCNA :: Part 5 - IP Routing Distance Vector

Distance Vector Routing Protocols

Distance vector protocols work by having each router advertise all the routes they know out all their interfaces. Other routers that share the same physical network receive the routing updates and learn the routes. The routers that share a common physical network are generally called neighbors.

Static Routes

The purpose of configuring static routes, as well as RIP and IGRP, is to add routes to a router’s routing table. RIP and IGRP do so automatically. Static routing consists of individual configuration commands that define a route to a router. A router can forward packets only to subnets in its routing table. The router always knows about directly connected routes-routes to subnets off interfaces that have an “up and up” status. By adding static routes, a router can be told how to forward packets to subnets that are not attached to it.

CCNA :: Part 4 - Valns Configuration

In real networks, VLANs are the most likely feature to be configured on a switch. Almost every network uses them, and there is no reasonable dynamic way to assign specific ports to specific VLANs. So you simply need to configure the switch to know which ports are in which VLANs.

CCNA :: Part 4 - VTP

VLAN Trunking Protocol - VTP

Cisco switches use the proprietary VTP to exchange VLAN configuration information between switches. VTP defines a Layer 2 messaging protocol that allows the switches to exchange VLAN configuration information so that the VLAN configuration stays consistent throughout a network. For instance, if you want to use VLAN 3 and name it “accounting,” you can configure that information in one switch,

CCNA :: Part 4 - VLANS Review

VLANS

VLANs are pretty simple in concept and in practice. The following list hits the high points:

A collision domain is a set of network interface cards (NICs) for which a frame sent by one NIC could result in a collision with a frame sent by any other NIC in the same collision domain.
A broadcast domain is a set of NICs for which a broadcast frame sent by one NIC is received by all other NICs in the same broadcast domain.

CCNA :: Part 3 - LAN Switching - Switch Types

Switch Types

LAN switch types decide how a frame is handled when it’s received on a switch port. Latency- the time it takes for a frame to be sent out an exit port once the switch receives the frame- depends on the chosen switching mode. There are three switching modes:

Cut-through (FastForward) - When in this mode,

How it works

STP’s main task is to stop network loops from occurring on your layer 2 network (bridges or switches). It vigilantly monitors the network to find all links, making sure that no loops occur by shutting down any redundant links. STP uses the spanning-tree algorithm (STA)

Spanning Tree Protocol

When LAN designs require multiple switches, most network engineers include redundant Ethernet segments between the switches. The goal is simple. The switches might fail, and cables might be cut or unplugged, but if redundant switches and cables are installed, the network service might still be available for most users.

CCNA :: Part 3 - LAN Switching - Switching Process

Switching Services

Switches reduce network overhead by forwarding traffic from one segment to another only when necessary. To decide whether to forward a frame, the switch uses a dynamically built table called a bridge table or MAC address table. The switch examines the address table to decide whether it should forward a frame. For example, consider the simple network shown in Fig. 19.

CCNA :: Part 3 - LAN Switching - Switching Services

Switching Services

Unlike bridges that use software to create and manage a filter table, switches use application specific integrated circuits (ASICs) to build and maintain their filter tables. But it’s still okay to think of a layer 2 switch as a multiport bridge because their basic reason for being is the same: to break up collision domains. Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the Network layer header information.

Configuration of Advanced VLAN Switching

Advanced VLAN Switching

Today network engineers are employing more and more multilayer switched networks. These networks have the advantage of high throughput level 2 switching while retaining the level 3 routing functionality. The secret to the high performance of these networks is the hierarchical design model employing 3 layers Core, Distribution, and Access.

Fundamentals of L2 Switching - Part:3

4. Virtual LAN (VLAN) and VLAN Trunking

Virtual LAN

4.1 A Virtual LAN (VLAN) is a broadcast domain created based on the functional, security, or other requirements, instead of the physical locations of the devices, on a switch or across switches. With VLANs, a switch can group different interfaces into different broadcast domains. Without VLANs, all interfaces of a switch are in the same broadcast domain; switches connected with each other are also in the same broadcast

domain, unless there is a router in between.

Fundamentals of L2 Switching - Part:2

3. Spanning Tree

3.1 In a switched network with redundant paths (i.e. with loops), the following problems will occur:

_ Broadcast Storm - A broadcast or multicast frame will be forwarded by a switch out all its active ports except the source port. The resulted frames will then beforwarded by the other switches in the network similarly. Some of the frames will be forwarded around the network loop and back to the original switch. The process then repeats.

Fundamentals of L2 Switching - Part:1

1. LAN Segmentation

1.1 In a collision domain, a frame sent by a device can cause collision with a frame sent by another device in the same collision domain. Moreover, a device can hear the frames destined for any device in the same collision domain.

1.2 In a broadcast domain, a broadcast frame sent by a

CCNA -A Short Notes - 9 - WAN Protocols

Part IX – WAN Protocols

Protocol	Meaning	Type	Layer	Characteristics
X25		Packet Switched	Data-link and Physical	ITU-T standard (International Telephone Union – Telecommunications Standardization Sector) Addresses expressed in decimal numbers in the following format:
Frame Relay		Packet Switched	Data-link and Physical	Connection-oriented and similar to X.25 with less overhead but does not provide error correction. More cost-effective than PPP. Uses Permanent Virtual Circuits (PVC) mostly but also Switched Virtual Circuits (SVC)

CCNA -A Short Notes - 8 - Access Lists

Part VIII – Access Lists

Packets are compared to the access lists sequentially until a match is found. If no match is found, the packet is discarded. Access lists filter content going through the router, not the traffic originated by the router. You should place standard IP access lists as close to the destination as possible, whereas extended IP access lists should be as close from the source as possible. You can only assign two access lists per interface, one in each direction.

Access Lists	IP	IPX
Standard	Use source IP address	Use source and destination IPX address
Extended	Use source, destination IP address, protocol and port number	Use source, destination IPX address, Network layer protocol and socket number

CCNA -A Short Notes- 7 - Network Management

Part VII – Network Management

Router Boot Sequence:

Router performs POST and verify that all components of the device are operational and present.

The bootstrap looks for and loads the Cisco IOS file. By default, the IOS is loaded from flash memory.

The IOS software looks for a valid configuration file stored in NVRAM (startup-config).

CCNA -A Short Notes - 6 - VLANs (Virtual LANs)

Part VI – VLANs (Virtual LANs)

VLANs: logical grouping of network users and resources connected to administratively defined ports on a switch. The segmentation into VLAN creates smaller collision and broadcast domains and enhances security. Layer 3 switches or routers are needed to route packets between VLANs.

Switch Fabric: group of interconnected switches.

CCNA -A Short Notes - 5 - IP Routing

Part V – IP Routing

Routing: process involving the selection of the best path and the transmission of the data in the chosen direction.

Static Routing: process by which the administrator manually inputs all routing table information.
[no] ip route destnet netmask nexthop [admindist] [permanent]: nexthop is the pingable IP address of the next router or the exit interface for a WAN link.

CCNA -A Short Notes - 4 - Basic IOS Commands

Part IV – Basic IOS Commands

A Cisco router without a startup-config file will enter in the setup mode, which you can exit to access the Command Line Interface (CLI). The setup mode offers the Basic Management and Extended Setup. You can enter the setup mode again with the command setup at the CLI.

General commands entered in the “#” mode:

CCNA -A Short Notes - 3 - IP

Part III – IP

DOD TCP/IP Model:

Layers	OSI Model		Protocols (Port or protocol numbers)	Definition
Process	Application Presentation Session		Telnet (23) FTP (21) TFTP (69) SMTP (25) SNMP (161) DNS (53) BootP NFS DHCP HTTP (80)	Telephone Network - terminal emulation File Transfer Protocol – file transfer that also allows authentication, directory browsing Trivial File Transfer Protocol – stripped down FTP used to backup and restore routers’ config Simple Mail Transfer Protocol – used to send email. POP3 (110) and IMAP (143) retrieve mail Simple Network Management Protocol – collects valuable network info by polling devices (UDP) Domain Name Service – resolves domain names into IP addresses

CCNA -A Short Notes - 2 - Switching Technologies

Part II – Switching Technologies

Switch Functions:

Address Learning: when a host transmits a frame, it’s hardware address is recorded in the MAC Address Table, along with the port the frame has been received on.

Forward/Filter Decisions: If the address is unknown,

CCNA -A Short Notes - 1 - Internetworking

Part I – Internetworking

ISO’s(International Organization for Standardization) OSI (Open Systems Interconnection) Model:

Layer	PDUs	Remarks, Examples
7	Application	WWW, E-mail gateways, user interface. Also responsible for understanding the resources needed to communicate between two devices and establish their availability. SMTP, FTP.
6	Presentation	Translates and converts data into a known format such as ASCII, JPEG, MIDI, MPEG, encryption, compression. The only layer that can actually change data.

CCNA :: Part 2 - IP Addressing and Subnetting - VLSM

Variable length subnet mask (VLSM)

VLSM occurs when more than one mask is used in a single Class A, B, or C network. Although route summarization causes more than one mask to be used, requiring support for VLSM, you can also simply design a network to use multiple subnet masks. By using VLSM,

CCNA :: Part 2 - IP Addressing and Subnetting - Hosts and Subnets

Hosts and Subnets

The details of the algorithm used to answer subnetting questions about the number of hosts and subnets are summarized in the following list:

Identify the structure of the IP address.
Identify the size of the network part of the address based on Class A, B and C rules.
Identify the size of the host part of the address based on the number of binary 0s in the mask. If the mask is tricky,

Labels