The Cisco Discovery Protocol (CDP) sure looks simple enough, but there are quite a few details to know for success on the CCNA exam. In your CCNP studies, you'll be introduced to additional uses for CDP, but for now it's enough to know that CDP is designed to give you information regarding directly connected Cisco routers and switches.
CDP runs by default between all directly connected Cisco devices. CDP is also a Cisco-proprietary protocol - if the directly connected device is not a Cisco device, you won't see the information you wanted.
The basic CDP command to display information about the directly connected neighbor is "show cdp neighbor".
R2#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r – Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1 BRI0 167 R 2521 Dialer1
This command is particularly helpful when troubleshooting Cisco switches. There’s no need to trace wiring in a rack of Cisco devices to see what routers are connected to a Cisco switch when show cdp neighbor can be used. In the above output, you can see the remote device's hostname, what interface on the remote device is connected to the local device, the capability of the remote device, the remote device’s hardware platform, and the local interface that is connected to the remote device.
CDP can be disabled at both the global and interface level. To disable CDP at the interface level, run no cdp enable on the interface, and cdp enable to turn it back on.
cdp timer defines how often CDP packets are transmitted, and cdp holdtime defines how long a device will hold a received packet.
To turn CDP off for the entire router, run no cdp run. To view the current global status of CDP, run show cdp.
R2#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
CDP is running by default.
R2#conf t
R2(config)#cdp timer 45
R2(config)#cdp holdtime 100
The CDP timers are changed.
R2#show cdp
Global CDP information:
Sending CDP packets every 45 seconds
Sending a holdtime value of 100 seconds
The CDP values have been successfully changed. “show cdp interface” will give the timer information for each interface on the router.
R2#conf t
R2(config)#interface bri0
R2(config-if)#no cdp enable
CDP is disabled on the BRI interface. This does NOT have to be done to keep the line from dialing.
R2#conf t
R2(config)#no cdp run
CDP is disabled globally.
R2#show cdp
% CDP is not enabled
CDP has been successfully disabled.
Show cdp neighbor gives you a great deal of information, but what if you need the neighbor’s IP address? Just run show cdp neighbor detail. You will get even more information about that directly connected neighbor, including its IP address.
SW2#show cdp neighbor detail
-------------------------
Device ID: R4
Entry address(es):
IP address: 172.12.23.4
Platform: cisco 2520, Capabilities: Router
Interface: FastEthernet0/4, Port ID (outgoing port): Ethernet0
Holdtime : 158 sec
The details of CDP are important to you on the job and in the CCNA exam room. When you find yourself negotiating a badly documented network, you can use CDP to "walk" through the network and create a network map for your client as well. Sometimes the simplest protocols are the most helpful!
Wednesday, December 24, 2008
Cisco CCNA Exam Tutorial: CCNA Recertification Requirements
Passing the CCNA exam and earning this coveted Cisco certification is an important step in your career, but it's not the end of your responsibilities as a CCNA! When you work with computer networks, you've got to be continually learning and staying up on the latest technologies and changes in the field. Part of this responsibility is keeping your CCNA current by meeting Cisco's recertification requirements.
Cisco requires CCNAs to recertify once every three years. While most CCNAs will move on to the CCNP in that time, if you choose not to you must meet certain requirements in order to keep your CCNA valid. Cisco does this to ensure that CCNAs keep their networking knowledge current, which in turn helps the CCNA certification valuable. And that's exactly what you want, since you worked so hard to earn your certification in the first place!
As of March 2006, there are five different options for recertifying as a CCNA. You can take and pass any of the following exams to renew your CCNA - the CCNA exam itself, the ICND exam, any 642 series exam, any Cisco Qualiied Specialist exam (except the Sales Specialist exams - those don't count!), or any CCIE Written Qualification exam.
With all these options, there's an option that's just right for you. Whether you just want to renew your CCNA or pursue a Specialist, CCNP, or CCIE certification, you can easily renew your CCNA along the way. Just don't forget that keeping up with Cisco's latest recertification requirements is your responsibility, and that's easy to do - just visit Cisco's "Learning And Events" section on their website. Cisco will tell you what you need to do to keep your certification, but it's up to you to keep up with certification program changes! Once your certification expires, it’s gone, so get in the habit of visiting Cisco’s website to make sure you’re up to date on important recertification requirements.
Cisco requires CCNAs to recertify once every three years. While most CCNAs will move on to the CCNP in that time, if you choose not to you must meet certain requirements in order to keep your CCNA valid. Cisco does this to ensure that CCNAs keep their networking knowledge current, which in turn helps the CCNA certification valuable. And that's exactly what you want, since you worked so hard to earn your certification in the first place!
As of March 2006, there are five different options for recertifying as a CCNA. You can take and pass any of the following exams to renew your CCNA - the CCNA exam itself, the ICND exam, any 642 series exam, any Cisco Qualiied Specialist exam (except the Sales Specialist exams - those don't count!), or any CCIE Written Qualification exam.
With all these options, there's an option that's just right for you. Whether you just want to renew your CCNA or pursue a Specialist, CCNP, or CCIE certification, you can easily renew your CCNA along the way. Just don't forget that keeping up with Cisco's latest recertification requirements is your responsibility, and that's easy to do - just visit Cisco's "Learning And Events" section on their website. Cisco will tell you what you need to do to keep your certification, but it's up to you to keep up with certification program changes! Once your certification expires, it’s gone, so get in the habit of visiting Cisco’s website to make sure you’re up to date on important recertification requirements.
Cisco CCNA Exam Tutorial: A Guide To RAM, ROM, NVRAM, and Flash
CCNA exam success depends on knowing the details, and nowhere is this more true than knowing the various components of a Cisco router. This is also where you can quickly start drowning in acronyms! The terms "RAM" and "ROM" probably aren't new to you, but keeping up with "what goes where" with RAM, ROM, NVRAM, and Flash Memory can be quite a challenge! In this tutorial, we'll take a look at all four of these components and their contents.
ROM stands for Read-Only Memory. ROM stores the router’s bootstrap startup program, operating system software, and power-on diagnostic test programs (the POST).
Flash memory is generally referred to as “flash” The Cisco Internetwork Operating System (IOS) images are held here. Flash is erasable and reprogrammable ROM. Flash memory content is retained by the router on power-down or reload.
RAM is short for Random-Access Memory. RAM on a Cisco router stores operational information such as routing tables and the running configuration file. RAM contents are lost when the router is powered down or reloaded.
NVRAM is non-volatile RAM. By "non-volatile", we mean that the contents of NVRAM are not lost when the router is powered down or reloaded. Where RAM holds the running configuration file, NVRAM holds the startup configuration file. If NVRAM is empty when the router reloads, you will be prompted to enter setup mode.
Success on the CCNA exam depends on keeping these terms straight and knowing their contents. Know the contents of each, pay special attention to what is lost on a reload and what is not, and you're on your way to CCNA exam success!
ROM stands for Read-Only Memory. ROM stores the router’s bootstrap startup program, operating system software, and power-on diagnostic test programs (the POST).
Flash memory is generally referred to as “flash” The Cisco Internetwork Operating System (IOS) images are held here. Flash is erasable and reprogrammable ROM. Flash memory content is retained by the router on power-down or reload.
RAM is short for Random-Access Memory. RAM on a Cisco router stores operational information such as routing tables and the running configuration file. RAM contents are lost when the router is powered down or reloaded.
NVRAM is non-volatile RAM. By "non-volatile", we mean that the contents of NVRAM are not lost when the router is powered down or reloaded. Where RAM holds the running configuration file, NVRAM holds the startup configuration file. If NVRAM is empty when the router reloads, you will be prompted to enter setup mode.
Success on the CCNA exam depends on keeping these terms straight and knowing their contents. Know the contents of each, pay special attention to what is lost on a reload and what is not, and you're on your way to CCNA exam success!
Cisco CCNA Certification Tutorial: Segmenting Your Network
When you're getting started on your CCNA studies on your way to earning this certification, you're swamped with network device types that you're familiar with, but not quite sure how to use. Let's look at these networking devices and their main purposes.
Hubs and repeaters operate at Layer One of the OSI model, and they have one main purpose - regenerating the electrical signal that Layer One technologies carry. This regeneration helps to avoid attenuation, the gradual weakening of a signal. Much like a radio signal, the electric signals that travel at Layer One gradually weaken as they travel across the wire. Hubs and repeaters both generate a "clean" copy of the signal.
While hubs and repeaters can be helpful, they do nothing as far as network segmentation is concerned. The first such device we encounter as we move up the OSI model is the switch. Operating at Layer 2, a switch creates multiple collision domains by default each switch port is considered its own little collision domain. If 12 PCs are connected to a Cisco switch, you have 12 separate collision domains.
Switches can be used to segment the network into smaller broadcast domains, but this is not a default behavior. Virtual LAN (VLAN) configuration segments the network into smaller broadcast domains, since a broadcast sent by a host in one VLAN is heard only by other devices in the same VLAN.
Routers operate at Layer 3 of the OSI model and segment a network into multiple broadcast domains by default. Routers do not forward broadcasts as switches do, making the router the only device of the four we've discussed today that create multiple broadcast domains by default.
Knowing what each of these devices can and cannot do is essential to passing the CCNA and becoming a great network administrator. Good luck to you in both of these goals!
Hubs and repeaters operate at Layer One of the OSI model, and they have one main purpose - regenerating the electrical signal that Layer One technologies carry. This regeneration helps to avoid attenuation, the gradual weakening of a signal. Much like a radio signal, the electric signals that travel at Layer One gradually weaken as they travel across the wire. Hubs and repeaters both generate a "clean" copy of the signal.
While hubs and repeaters can be helpful, they do nothing as far as network segmentation is concerned. The first such device we encounter as we move up the OSI model is the switch. Operating at Layer 2, a switch creates multiple collision domains by default each switch port is considered its own little collision domain. If 12 PCs are connected to a Cisco switch, you have 12 separate collision domains.
Switches can be used to segment the network into smaller broadcast domains, but this is not a default behavior. Virtual LAN (VLAN) configuration segments the network into smaller broadcast domains, since a broadcast sent by a host in one VLAN is heard only by other devices in the same VLAN.
Routers operate at Layer 3 of the OSI model and segment a network into multiple broadcast domains by default. Routers do not forward broadcasts as switches do, making the router the only device of the four we've discussed today that create multiple broadcast domains by default.
Knowing what each of these devices can and cannot do is essential to passing the CCNA and becoming a great network administrator. Good luck to you in both of these goals!
Cisco CCNA Certification Exam Tutorial: The OSPF RID
OSPF is a major topic on your CCNA exam, as well it should be. OSPF is a widely-used WAN protocol, and you need to learn the fundamentals before moving on to more complicated configurations. One such detail is the OSPF Router ID, or RID.
The RID is the dotted decimal value by which other OSPF routers will identify a given OSPF router. There are some interesting defaults for this value, and a command you should know to hardcode the RID. You had also better know what has to happen for this command to take effect, so let's take a more detailed look at the OSPF RID.
In this example, R1 has an adjacency with R2 and R3 over the 172.12.123.0/24 frame network. R1 is the hub, with R2 and R3 as the spokes. No other interfaces are OSPF-enabled on any of the routers. Running show ip ospf neighbor on R1, we see some unusual values under "Neighbor ID", which is another name for the OSPF RID.
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/DROTHER 00:01:57 172.12.123.3 Serial0
2.2.2.2 0 FULL/DROTHER 00:01:57 172.12.123.2 Serial0
Notice the Neighbor ID of each remote address is the loopback address. How can that be if they’re not OSPF-enabled?
When determining the Router ID (RID) of an OSPF-enabled router, OSPF will always use the numerically highest IP address on the router’s loopback interfaces, regardless of whether that loopback is OSPF-enabled.
What if there is no loopback? OSPF will then use the numerically highest IP address of the physical interfaces, regardless of whether that interface is OSPF-enabled.
BOTTOM LINE: An interface does not have to be running OSPF to have its IP address used as the OSPF RID.
The OSPF RID can be changed, but it requires a restart or to reinitialize the OSPF routing process. Use the router-id command to change the default RID of each router as shown, and clear the OSPF process to do so.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#router-id 11.11.11.11
Reload or use "clear ip ospf process" command, for this to take effect
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
1d05h: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0 from 2WAY to
DOWN, Neighbor Down: Interface down or detached
1d05h: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0 from 2WAY to
DOWN, Neighbor Down: Interface down or detached
After entering the router-id command, the router console informed you that you have to reload the router or reset the OSPF processes for this to take effect. You enter the clear ip ospf process command to do this. Notice that when you’re asked if you really want to do this, the prompt is “no”? That’s because all the OSPF adjacencies on this router will be lost and will have to begin the process again. That’s OK on a practice rack, not good in a production network. Don’t use that one at work.
The OSPF RID is not a complicated concept, but the fact that an interface doesn't have to be OSPF-enabled in order to have its IP address act as the RID takes some getting used to. And remember - when the router or switch asks you a question and the prompted answer is "no", take one step back and make sure you really want to do what you're about to do!
The RID is the dotted decimal value by which other OSPF routers will identify a given OSPF router. There are some interesting defaults for this value, and a command you should know to hardcode the RID. You had also better know what has to happen for this command to take effect, so let's take a more detailed look at the OSPF RID.
In this example, R1 has an adjacency with R2 and R3 over the 172.12.123.0/24 frame network. R1 is the hub, with R2 and R3 as the spokes. No other interfaces are OSPF-enabled on any of the routers. Running show ip ospf neighbor on R1, we see some unusual values under "Neighbor ID", which is another name for the OSPF RID.
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/DROTHER 00:01:57 172.12.123.3 Serial0
2.2.2.2 0 FULL/DROTHER 00:01:57 172.12.123.2 Serial0
Notice the Neighbor ID of each remote address is the loopback address. How can that be if they’re not OSPF-enabled?
When determining the Router ID (RID) of an OSPF-enabled router, OSPF will always use the numerically highest IP address on the router’s loopback interfaces, regardless of whether that loopback is OSPF-enabled.
What if there is no loopback? OSPF will then use the numerically highest IP address of the physical interfaces, regardless of whether that interface is OSPF-enabled.
BOTTOM LINE: An interface does not have to be running OSPF to have its IP address used as the OSPF RID.
The OSPF RID can be changed, but it requires a restart or to reinitialize the OSPF routing process. Use the router-id command to change the default RID of each router as shown, and clear the OSPF process to do so.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#router-id 11.11.11.11
Reload or use "clear ip ospf process" command, for this to take effect
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
1d05h: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0 from 2WAY to
DOWN, Neighbor Down: Interface down or detached
1d05h: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0 from 2WAY to
DOWN, Neighbor Down: Interface down or detached
After entering the router-id command, the router console informed you that you have to reload the router or reset the OSPF processes for this to take effect. You enter the clear ip ospf process command to do this. Notice that when you’re asked if you really want to do this, the prompt is “no”? That’s because all the OSPF adjacencies on this router will be lost and will have to begin the process again. That’s OK on a practice rack, not good in a production network. Don’t use that one at work.
The OSPF RID is not a complicated concept, but the fact that an interface doesn't have to be OSPF-enabled in order to have its IP address act as the RID takes some getting used to. And remember - when the router or switch asks you a question and the prompted answer is "no", take one step back and make sure you really want to do what you're about to do!
Cisco CCNA Certification Exam Tutorial: The OSI Model’s Physical Layer
To pass your CCNA exam and earn this coveted certification, you've got to master the seven layers of the OSI model and what each layer does. For those of you taking the two-exam path, you can expect quite a few OSI model questions on the Intro exam. In this seven-part series, we'll spend some time taking a look at each of the OSI model layers, starting with the Physical layer.
Often, CCNA candidates ask if the OSI model has any practical uses for network administrators. I used to wonder the same thing, and I can now tell you that the answer is definitely yes!
The OSI model isn't something you want to memorize and then forget about, as using the OSI model gives you a structured approach for troubleshooting. Whenever a network device isn't working properly, I always say to "start at the physical layer". The Physical layer is Layer One of the OSI model, and this is where troubleshooting should always start. Is the device on? Is it properly connected? If everything is fine at Layer One, you just move up to Layer Two, and continue in this structured fashion until the problem is identified.
The Physical layer is the layer at which bits are transmitted over the physical media. There is no routing or switching going on at this layer. The data has been broken down into more manageable pieces until the data takes the form of ones and zeroes at the Physical layer.
Even though there's no routing or switching at the Physical layer, CCNA candidates should be familiar with a couple of network devices that work at Layer One. A repeater is a device that regenerates an electrical signal, allowing the signal to travel longer distances without fading. (The process of an electrical signal gradually fading in strength over distance is "attenuation".) A hub is basically a multiport repeater, and both of these devices are considered Physical layer devices. Ethernet and Token Ring both operate at the Physical layer as well.
Learning the OSI model's Physical layer isn't just important in your CCNA exam studies, it's the first step in any network troubleshooting. After all, your network's end users are going to have a tough time sending print jobs to a printer that's turned off!
Often, CCNA candidates ask if the OSI model has any practical uses for network administrators. I used to wonder the same thing, and I can now tell you that the answer is definitely yes!
The OSI model isn't something you want to memorize and then forget about, as using the OSI model gives you a structured approach for troubleshooting. Whenever a network device isn't working properly, I always say to "start at the physical layer". The Physical layer is Layer One of the OSI model, and this is where troubleshooting should always start. Is the device on? Is it properly connected? If everything is fine at Layer One, you just move up to Layer Two, and continue in this structured fashion until the problem is identified.
The Physical layer is the layer at which bits are transmitted over the physical media. There is no routing or switching going on at this layer. The data has been broken down into more manageable pieces until the data takes the form of ones and zeroes at the Physical layer.
Even though there's no routing or switching at the Physical layer, CCNA candidates should be familiar with a couple of network devices that work at Layer One. A repeater is a device that regenerates an electrical signal, allowing the signal to travel longer distances without fading. (The process of an electrical signal gradually fading in strength over distance is "attenuation".) A hub is basically a multiport repeater, and both of these devices are considered Physical layer devices. Ethernet and Token Ring both operate at the Physical layer as well.
Learning the OSI model's Physical layer isn't just important in your CCNA exam studies, it's the first step in any network troubleshooting. After all, your network's end users are going to have a tough time sending print jobs to a printer that's turned off!
Cisco CCNA Certification Exam Tutorial: Variance And Unequal Cost Load Balancing
To pass the CCNA exam, you've got to know how to work with IGRP and EIGRP unequal-cost load balancing. You may not see much IGRP in production networks anymore, but you'll see a lot of EIGRP, and part of fine-tuning your EIGRP network is making sure that all paths are in use while allowing for varying bandwidth rates.
Using the variance command is the easy part - it's getting the metric that's the hard part with IGRP. With EIGRP, you just look in the topology table and that's it. With IGRP, you've got to run a debug to get the right metric.
The variance command is a multiplier when the value supplied with the variance command is multiplied by the lowest-cost metric, it must exceed the higher-cost metric in order for the higher-cost route to be added.
If that sounds complicated, it's not. It's one of those things that sounds difficult, but isn't. Trust me!
In this example, R1 has two paths to 172.23.0.0, but is currently using only one. By looking in the IP routing table, we've seen that the lowest-cost metric for network 172.23.0.0 on R1 is 8576. This path goes through the 172.12.123.0 network. There is another valid path that uses the 172.12.13.0 network, but is not currently in use.
I 172.23.0.0/16 [100/8576] via 172.12.123.2, 00:00:53, Serial0
IGRP does not have a “show" command that displays all valid routes to a destination, as does EIGRP. The command debug ip igrp transactions will show the current metric of the routes using the 512 KBPS route.
R1#debug ip igrp transactions
IGRP protocol debugging is on
19:17:51: IGRP: broadcasting request on Loopback0
19:17:51: IGRP: broadcasting request on Serial0
19:17:51: IGRP: broadcasting request on Serial1
19:17:51: IGRP: received update from 172.12.13.3 on Serial1
19:17:51: subnet 172.12.13.0, metric 23531 (neighbor 21531)
19:17:51: subnet 172.12.123.0, metric 23531 (neighbor 8476)
19:17:51: network 1.0.0.0, metric 24031 (neighbor 8976)
19:17:51: network 2.0.0.0, metric 22131 (neighbor 1600)
19:17:51: network 3.0.0.0, metric 22031 (neighbor 501)
19:17:51: network 172.23.0.0, metric 21631 (neighbor 1100)
R1(config)#router igrp 1
R1(config-router)#variance 3
R1#show ip route 172.23.0.0
Routing entry for 172.23.0.0/16
Known via "igrp 1", distance 100, metric 8576
Redistributing via igrp 1
Advertised by igrp 1 (self originated)
Last update from 172.12.123.2 on Serial0, 00:00:01 ago
Routing Descriptor Blocks:
* 172.12.13.3, from 172.12.13.3, 00:00:20 ago, via Serial1
Route metric is 21631, traffic share count is 1
Total delay is 21000 microseconds, minimum bandwidth is 512 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0
172.12.123.3, from 172.12.123.3, 00:00:20 ago, via Serial0
Route metric is 8576, traffic share count is 3
Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0
172.12.123.2, from 172.12.123.2, 00:00:01 ago, via Serial0
Route metric is 8576, traffic share count is 3
Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0
The metric for 172.23.0.0 through the direct connection is 21631. A variance of 3 means that any route with a metric less than the best metric multiplied by the variance (in this case, 8576 x 3 = 25728) will be entered into the routing table. R1 now has three unequal-cost paths to 172.23.0.0 in its routing table, and load balancing will take place.
IGRP unequal-cost load balancing takes some practice, but as you can see, once you get the metric it's easy to work with. Just make sure you know how to get that metric!
Using the variance command is the easy part - it's getting the metric that's the hard part with IGRP. With EIGRP, you just look in the topology table and that's it. With IGRP, you've got to run a debug to get the right metric.
The variance command is a multiplier when the value supplied with the variance command is multiplied by the lowest-cost metric, it must exceed the higher-cost metric in order for the higher-cost route to be added.
If that sounds complicated, it's not. It's one of those things that sounds difficult, but isn't. Trust me!
In this example, R1 has two paths to 172.23.0.0, but is currently using only one. By looking in the IP routing table, we've seen that the lowest-cost metric for network 172.23.0.0 on R1 is 8576. This path goes through the 172.12.123.0 network. There is another valid path that uses the 172.12.13.0 network, but is not currently in use.
I 172.23.0.0/16 [100/8576] via 172.12.123.2, 00:00:53, Serial0
IGRP does not have a “show" command that displays all valid routes to a destination, as does EIGRP. The command debug ip igrp transactions will show the current metric of the routes using the 512 KBPS route.
R1#debug ip igrp transactions
IGRP protocol debugging is on
19:17:51: IGRP: broadcasting request on Loopback0
19:17:51: IGRP: broadcasting request on Serial0
19:17:51: IGRP: broadcasting request on Serial1
19:17:51: IGRP: received update from 172.12.13.3 on Serial1
19:17:51: subnet 172.12.13.0, metric 23531 (neighbor 21531)
19:17:51: subnet 172.12.123.0, metric 23531 (neighbor 8476)
19:17:51: network 1.0.0.0, metric 24031 (neighbor 8976)
19:17:51: network 2.0.0.0, metric 22131 (neighbor 1600)
19:17:51: network 3.0.0.0, metric 22031 (neighbor 501)
19:17:51: network 172.23.0.0, metric 21631 (neighbor 1100)
R1(config)#router igrp 1
R1(config-router)#variance 3
R1#show ip route 172.23.0.0
Routing entry for 172.23.0.0/16
Known via "igrp 1", distance 100, metric 8576
Redistributing via igrp 1
Advertised by igrp 1 (self originated)
Last update from 172.12.123.2 on Serial0, 00:00:01 ago
Routing Descriptor Blocks:
* 172.12.13.3, from 172.12.13.3, 00:00:20 ago, via Serial1
Route metric is 21631, traffic share count is 1
Total delay is 21000 microseconds, minimum bandwidth is 512 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0
172.12.123.3, from 172.12.123.3, 00:00:20 ago, via Serial0
Route metric is 8576, traffic share count is 3
Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0
172.12.123.2, from 172.12.123.2, 00:00:01 ago, via Serial0
Route metric is 8576, traffic share count is 3
Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0
The metric for 172.23.0.0 through the direct connection is 21631. A variance of 3 means that any route with a metric less than the best metric multiplied by the variance (in this case, 8576 x 3 = 25728) will be entered into the routing table. R1 now has three unequal-cost paths to 172.23.0.0 in its routing table, and load balancing will take place.
IGRP unequal-cost load balancing takes some practice, but as you can see, once you get the metric it's easy to work with. Just make sure you know how to get that metric!
Cisco CCNA Certification Exam Tutorial: RIP Details You Must Know
RIP isn't exactly the most complex routing protocol on the CCNA exam, but that makes it easy to overlook some of the important details you must keep in mind in order to pass the exam! To help you review for the exam, here are just a few of those details!
RIP’s default behavior is to send version 1 updates, but to accept both version 1 and 2 routing updates.
R2(config)#router rip
R2(config-router)#net 172.16.0.0
R2(config-router)#^Z
R2#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 6 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Key-chain
Serial0 1 1 2
By default, RIP v2 autosummarizes routing updates sent across classful network boundaries. To disable this behavior, run no auto-summary under the RIP process.
R1#conf t
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
You do not specify a subnet mask or wildcard mask when configuring RIP – just the classful network, even if you’re running RIP v2.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 172.10.0.0 ?
Debug ip rip displays the routing updates and metrics as the advertisements are sent and requested. To see this in action without waiting for the next regularly scheduled update, run clear ip route *.
R1#debug ip rip
RIP protocol debugging is on
R1#clear ip route *
01:16:54: RIP: sending v1 update to 255.255.255.255 via Loopback1 (1.1.1.1)
01:16:54: network 2.0.0.0, metric 2
01:16:54: network 3.0.0.0, metric 2
01:16:54: network 172.16.0.0, metric 1
01:16:54: network 10.0.0.0, metric 2
01:16:54: RIP: sending v1 update to 255.255.255.255 via Serial0 (172.16.123.1)
01:16:54: subnet 172.16.123.0, metric 1
01:16:54: network 1.0.0.0, metric 1
01:16:54: network 2.0.0.0, metric 2
01:16:54: network 3.0.0.0, metric 2
01:16:54: network 10.0.0.0, metric 2
To see only the routes discovered by a routing protocol, run show ip route followed by the name of the protocol:
R1#show ip route rip
R 2.0.0.0/8 [120/1] via 172.16.123.2, 00:00:26, Serial0
R 3.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
[120/1] via 172.16.123.3, 00:00:09, Serial0
R 10.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
[120/1] via 172.16.123.3, 00:00:09, Serial0
[120/1] via 172.16.123.2, 00:00:26, Serial0
And don't forget - to turn off all currently running debugs, run undebug all.
R1#undebug all
All possible debugging has been turned off
Don't overlook RIP and IGRP when it comes to the CCNA exam. OSPF and EIGRP are more complex to configure, but you need to understand how distance vector protocols work in order to pass the CCNA!
RIP’s default behavior is to send version 1 updates, but to accept both version 1 and 2 routing updates.
R2(config)#router rip
R2(config-router)#net 172.16.0.0
R2(config-router)#^Z
R2#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 6 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Key-chain
Serial0 1 1 2
By default, RIP v2 autosummarizes routing updates sent across classful network boundaries. To disable this behavior, run no auto-summary under the RIP process.
R1#conf t
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
You do not specify a subnet mask or wildcard mask when configuring RIP – just the classful network, even if you’re running RIP v2.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 172.10.0.0 ?
Debug ip rip displays the routing updates and metrics as the advertisements are sent and requested. To see this in action without waiting for the next regularly scheduled update, run clear ip route *.
R1#debug ip rip
RIP protocol debugging is on
R1#clear ip route *
01:16:54: RIP: sending v1 update to 255.255.255.255 via Loopback1 (1.1.1.1)
01:16:54: network 2.0.0.0, metric 2
01:16:54: network 3.0.0.0, metric 2
01:16:54: network 172.16.0.0, metric 1
01:16:54: network 10.0.0.0, metric 2
01:16:54: RIP: sending v1 update to 255.255.255.255 via Serial0 (172.16.123.1)
01:16:54: subnet 172.16.123.0, metric 1
01:16:54: network 1.0.0.0, metric 1
01:16:54: network 2.0.0.0, metric 2
01:16:54: network 3.0.0.0, metric 2
01:16:54: network 10.0.0.0, metric 2
To see only the routes discovered by a routing protocol, run show ip route followed by the name of the protocol:
R1#show ip route rip
R 2.0.0.0/8 [120/1] via 172.16.123.2, 00:00:26, Serial0
R 3.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
[120/1] via 172.16.123.3, 00:00:09, Serial0
R 10.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
[120/1] via 172.16.123.3, 00:00:09, Serial0
[120/1] via 172.16.123.2, 00:00:26, Serial0
And don't forget - to turn off all currently running debugs, run undebug all.
R1#undebug all
All possible debugging has been turned off
Don't overlook RIP and IGRP when it comes to the CCNA exam. OSPF and EIGRP are more complex to configure, but you need to understand how distance vector protocols work in order to pass the CCNA!
Cisco CCNA Certification Exam Tutorial: Prefix Notation
When you're preparing to pass the CCNA exam and earn this coveted Cisco certification, you've got to be totally prepared for the many kinds of binary and subnetting questions Cisco may throw at you. You also have to be familiar with the different manners in which a subnet mask can be expressed, as in the following:
255.255.255.0
/24
Believe it or not, those two values are exactly the same. The first mask is written out in the more familiar dotted decimal format, and you know by looking at those first three octets that every bit is set to "1", since the maximum value of such an octet is 255.
The second value represents the exact same mask, only this value is expressed in prefix notation. This particular value would be pronounced "slash twenty-four", and the 24 represents the number of consecutive ones that are set in the subnet mask.
Those of us who hate to type numbers are particularly appreciative of this, since it means you'll have to type a lot less numbers to represent a subnet mask. In addition, it's a lot easier to discuss masks in prefix notation than dotted decimal. ("I thought about using a two-fifty-five two-fifty-five two-fifty-five zero mask ,but then decided to use a two-fifty-five two-fifty-five two-fifty-five one-twenty-eight mask...")
Be sure you're comfortable with prefix notation before taking your CCNA exam. As with Cisco documentation, you'll most likely see masks expressed in both dotted decimal and prefix notation, and you've got to be ready to use the both as well!
255.255.255.0
/24
Believe it or not, those two values are exactly the same. The first mask is written out in the more familiar dotted decimal format, and you know by looking at those first three octets that every bit is set to "1", since the maximum value of such an octet is 255.
The second value represents the exact same mask, only this value is expressed in prefix notation. This particular value would be pronounced "slash twenty-four", and the 24 represents the number of consecutive ones that are set in the subnet mask.
Those of us who hate to type numbers are particularly appreciative of this, since it means you'll have to type a lot less numbers to represent a subnet mask. In addition, it's a lot easier to discuss masks in prefix notation than dotted decimal. ("I thought about using a two-fifty-five two-fifty-five two-fifty-five zero mask ,but then decided to use a two-fifty-five two-fifty-five two-fifty-five one-twenty-eight mask...")
Be sure you're comfortable with prefix notation before taking your CCNA exam. As with Cisco documentation, you'll most likely see masks expressed in both dotted decimal and prefix notation, and you've got to be ready to use the both as well!
Cisco CCNA Certification Exam Tutorial: Port-Based Authentication
To pass your CCNA exam and earn this coveted certification, you must understand the details of port-based authentication. This knowledge has a great deal of value in production networks as well, since this authentication scheme is regularly implemented. Let's take a look at this particular CCNA skill.
Consider a situation where you have a server that will be connected to your switch, and you want the port to shut down if a device with a different MAC address that that of the switch attempts to connect to that port. You could also have a situation where you have someone who has a connection to a switch port in his office, and he wants to make sure that only his laptop can use that port.
Both of these examples are real-world situations, and there are two solutions for each. First, we could create a static MAC entry for that particular switch port. I don't recommend this, mainly because both you and I have better things to do than manage static MAC entries. The better solution is to configure port-based authentication on the switch.
The Cisco switch uses MAC addresses to enforce port security. With port security, only devices with certain MAC addresses can connect to the port successfully. This is another reason source MACs are looked at before the destination MAC is examined. If the source MAC is non-secure and port-based authentication is in effect, the destination does not matter, as the frame will not be forwarded. In essence, the source MAC address serves as the password.
MAC addresses that are allowed to successfully communicate with the switch port are secure MAC addresses. The default number of secure MAC addresses is 1, but a maximum of 132 secure MACs can be configured.
When a non-secure MAC address attempts to communicate with the switch port, one of three actions will occur, depending on the port security mode. In Protect mode, frames with non-secure MAC addresses are dropped. There is no notification that a violation has occurred. The port will continue to switch frames for the secure MAC address.
In Restrict mode, the same action is taken, but a syslog message is logged via SNMP, which is a messaging protocol used by Cisco routers.
In Shutdown mode, the interface goes into error-disabled state, the port LED will go out, and a syslog message is logged. The port has to be manually reopened. Shutdown mode is the default port-security mode.
Port-based authentication is just one of the many switching skills you'll have to demonstrate to earn your CCNA certification. Make sure you know the basics shown here, including the action of each particular mode, and you're on your way to CCNA exam success!
Consider a situation where you have a server that will be connected to your switch, and you want the port to shut down if a device with a different MAC address that that of the switch attempts to connect to that port. You could also have a situation where you have someone who has a connection to a switch port in his office, and he wants to make sure that only his laptop can use that port.
Both of these examples are real-world situations, and there are two solutions for each. First, we could create a static MAC entry for that particular switch port. I don't recommend this, mainly because both you and I have better things to do than manage static MAC entries. The better solution is to configure port-based authentication on the switch.
The Cisco switch uses MAC addresses to enforce port security. With port security, only devices with certain MAC addresses can connect to the port successfully. This is another reason source MACs are looked at before the destination MAC is examined. If the source MAC is non-secure and port-based authentication is in effect, the destination does not matter, as the frame will not be forwarded. In essence, the source MAC address serves as the password.
MAC addresses that are allowed to successfully communicate with the switch port are secure MAC addresses. The default number of secure MAC addresses is 1, but a maximum of 132 secure MACs can be configured.
When a non-secure MAC address attempts to communicate with the switch port, one of three actions will occur, depending on the port security mode. In Protect mode, frames with non-secure MAC addresses are dropped. There is no notification that a violation has occurred. The port will continue to switch frames for the secure MAC address.
In Restrict mode, the same action is taken, but a syslog message is logged via SNMP, which is a messaging protocol used by Cisco routers.
In Shutdown mode, the interface goes into error-disabled state, the port LED will go out, and a syslog message is logged. The port has to be manually reopened. Shutdown mode is the default port-security mode.
Port-based authentication is just one of the many switching skills you'll have to demonstrate to earn your CCNA certification. Make sure you know the basics shown here, including the action of each particular mode, and you're on your way to CCNA exam success!
Cisco CCNA Certification Exam Tutorial: OSPF Hub-And-Spoke
CCNA certification demands that you master the basics of OSPF, and for many studying for the CCNA exam, their first exposure to OSPF is a hub-and-spoke configuration. That's a tough way to get started, because a hub-and-spoke configuration built over an NBMA technology such as Frame Relay requires quite a bit of attention to detail. Let's take a quick look at several common OSPF configuration errors and how to avoid them on your CCNA test.
Make sure the hub is the designated router and that there are no backup designated routers. This is done by setting the OSPF interface priority to zero on the spoke routers. This not only ensures that the hub wins the DR election with its default OSPF interface priority of 1, but it prevents the spokes from ever having a chance to become the DR or BDR.
Configure neighbor statements on the hub. Since we're dealing with an NBMA network, the hub cannot dynamically discover its neighbors. Neighbor statements are not needed on the spokes. (They don't hurt anything, but they don't do anything, either.)
Finally, if your OSPF adjacencies do not form as expected, make sure to use your OSI model knowledge to approach the problem. The issue may actually be at Layer Two, with your Frame Relay configuration. If you don't use the "broadcast" option on your frame relay statements, OSPF hellos will not be transmitted successfully between potential neighbors. OSPF hellos are multicast, but the "broadcast" option for Frame Relay includes multicasts.
By paying special attention to these details, you're that much close to CCNA exam day success and earning your certification. I recommend that you get some experience with configuring OSPF hub-and-spoke before taking the CCNA exam, because it’s by actually performing tasks such as this that makes you supremely confident on CCNA test day.
Make sure the hub is the designated router and that there are no backup designated routers. This is done by setting the OSPF interface priority to zero on the spoke routers. This not only ensures that the hub wins the DR election with its default OSPF interface priority of 1, but it prevents the spokes from ever having a chance to become the DR or BDR.
Configure neighbor statements on the hub. Since we're dealing with an NBMA network, the hub cannot dynamically discover its neighbors. Neighbor statements are not needed on the spokes. (They don't hurt anything, but they don't do anything, either.)
Finally, if your OSPF adjacencies do not form as expected, make sure to use your OSI model knowledge to approach the problem. The issue may actually be at Layer Two, with your Frame Relay configuration. If you don't use the "broadcast" option on your frame relay statements, OSPF hellos will not be transmitted successfully between potential neighbors. OSPF hellos are multicast, but the "broadcast" option for Frame Relay includes multicasts.
By paying special attention to these details, you're that much close to CCNA exam day success and earning your certification. I recommend that you get some experience with configuring OSPF hub-and-spoke before taking the CCNA exam, because it’s by actually performing tasks such as this that makes you supremely confident on CCNA test day.
Cisco CCNA Certification Exam Tutorial: Keep Your Most Important Appointment
Imagine this. You have an appointment with a client to work on a server or router install. A few minutes before you're scheduled to be there, you decide there's something really good on TV you'd like to watch. Or you decide to go to the gym, or play a game, or do anything else except go see the client.
Even if you weren't going to get fired for not showing up, it's certainly unfair to the client. You've got a professional obligation, and you should be there on time.
Now, what's this got to do with you becoming a CCNA or CCNP? Plenty. Because when it comes to your study time, you're the client. You owe it to yourself to show up. You would never blow off an appointment to meet a client to get some important work done.
First, though, you have to make that appointment with yourself! Schedule your CCNA / CCNP study time, and keep that appointment as you would with a client. Turn off the TV, your cell, your iPod, and everything else electronic that you carry around. Believe it or not, the world can survive with being in contact with you for an hour or so! You might even like it!
Getting certified isn't about how many hours, days, or weeks you spend studying. It's about how much quality time you put in. Be honest with yourself and realize that you're better off with 45 minutes of uninterrupted study as you would be with three hours of constantly interrupted study.
Don't blow off an appointment to yourself, either. Schedule the time, be there on time, get your study done, and you're one step closer to your CCNA and CCNP!
Even if you weren't going to get fired for not showing up, it's certainly unfair to the client. You've got a professional obligation, and you should be there on time.
Now, what's this got to do with you becoming a CCNA or CCNP? Plenty. Because when it comes to your study time, you're the client. You owe it to yourself to show up. You would never blow off an appointment to meet a client to get some important work done.
First, though, you have to make that appointment with yourself! Schedule your CCNA / CCNP study time, and keep that appointment as you would with a client. Turn off the TV, your cell, your iPod, and everything else electronic that you carry around. Believe it or not, the world can survive with being in contact with you for an hour or so! You might even like it!
Getting certified isn't about how many hours, days, or weeks you spend studying. It's about how much quality time you put in. Be honest with yourself and realize that you're better off with 45 minutes of uninterrupted study as you would be with three hours of constantly interrupted study.
Don't blow off an appointment to yourself, either. Schedule the time, be there on time, get your study done, and you're one step closer to your CCNA and CCNP!
Cisco CCNA Certification Exam Tutorial: ISDN Details You Must Know
CCNA exam success depends partially on knowing the details of ISDN, and there are plenty of them! To help you review for your CCNA exam, here are a few ISDN details that you must know on exam day. (They help in the real world, too – and there are still plenty of ISDN networks out there!
The Cisco-proprietary version of HDLC is the default encapsulation type for serial and ISDN interfaces.
R2#show interface serial0
Serial0 is up, line protocol is up
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
While there’s only one D-channel in BRI, PRI (US) and PRI (EU), the bandwidth of that D-channel does vary from BRI to PRI. It’s 16 kbps in BRI and 64 kbps in both PRI versions.
The global command isdn switch-type must be configured before you can even begin to have ISDN work. show isdn status will tell you whether or not you’ve done this correctly.
R2#show isdn status
**** No Global ISDN Switchtype currently defined ****
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = none
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
PAP allows passwords to be different; CHAP requires that they be the same.
PAP requires the “ppp pap sent-username” interface-level command. CHAP has no equivalent command.
Define interesting traffic with dialer-list and link that list to the interface with dialer-group.
R2#conf t
R2(config)#dialer-list 1 proto ip permit
R2(config)#int bri0
R2(config-if)#dialer-group 1
The dialer idle-timeout value is expressed in seconds, not minutes. (Even IOS Help isn’t totally clear on this.)
R2(config)#int bri0
R2(config-if)#dialer-group 1
R2(config-if)#dialer idle-timeout ?
<1-2147483> Idle timeout before disconnecting a call
R2(config-if)#dialer idle-timeout 120
Dialer map maps a remote IP address to a remote phone number. You never dial the local router’s phone number.
dialer load-threshold requires the ppp multilink command to be configured, and the value of dialer load-threshold is expressed as a ratio of 255, NOT 100. For example, if you want the second b-channel to come up when the first reaches 50% of capacity, the value to express with dialer load-threshold would be 50% of 255 – which equals 127.
R2(config)#int bri0
R2(config-if)#encap ppp
R2(config-if)#ppp multilink
R2(config-if)#dialer load-threshold ?
<1-255> Load threshold to place another call
Success on the CCNA exam depends on knowing the details. Keep studying, keep practicing on real Cisco routers and switches, keep a positive attitude, and you're on your way to CCNA exam success!
The Cisco-proprietary version of HDLC is the default encapsulation type for serial and ISDN interfaces.
R2#show interface serial0
Serial0 is up, line protocol is up
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
While there’s only one D-channel in BRI, PRI (US) and PRI (EU), the bandwidth of that D-channel does vary from BRI to PRI. It’s 16 kbps in BRI and 64 kbps in both PRI versions.
The global command isdn switch-type must be configured before you can even begin to have ISDN work. show isdn status will tell you whether or not you’ve done this correctly.
R2#show isdn status
**** No Global ISDN Switchtype currently defined ****
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = none
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
PAP allows passwords to be different; CHAP requires that they be the same.
PAP requires the “ppp pap sent-username” interface-level command. CHAP has no equivalent command.
Define interesting traffic with dialer-list and link that list to the interface with dialer-group.
R2#conf t
R2(config)#dialer-list 1 proto ip permit
R2(config)#int bri0
R2(config-if)#dialer-group 1
The dialer idle-timeout value is expressed in seconds, not minutes. (Even IOS Help isn’t totally clear on this.)
R2(config)#int bri0
R2(config-if)#dialer-group 1
R2(config-if)#dialer idle-timeout ?
<1-2147483> Idle timeout before disconnecting a call
R2(config-if)#dialer idle-timeout 120
Dialer map maps a remote IP address to a remote phone number. You never dial the local router’s phone number.
dialer load-threshold requires the ppp multilink command to be configured, and the value of dialer load-threshold is expressed as a ratio of 255, NOT 100. For example, if you want the second b-channel to come up when the first reaches 50% of capacity, the value to express with dialer load-threshold would be 50% of 255 – which equals 127.
R2(config)#int bri0
R2(config-if)#encap ppp
R2(config-if)#ppp multilink
R2(config-if)#dialer load-threshold ?
<1-255> Load threshold to place another call
Success on the CCNA exam depends on knowing the details. Keep studying, keep practicing on real Cisco routers and switches, keep a positive attitude, and you're on your way to CCNA exam success!
Cisco CCNA Certification Exam Tutorial: Frame Relay DLCIs And Mappings
Passing the CCNA is tough, and one of the toughest parts is keeping all the acronyms straight! Frame Relay has plenty of those, and today we're going to examine what DLCIs do and how they're mapped on a Cisco router.
Frame Relay VCs use Data-Link Connection Identifiers (DLCI - pronounced "del-see") as their addresses. Unlike other Cisco technologies, VCs have only a single DLCI in their header. They do not have a source and destination.
DLCIs have local significance only. DLCI numbers are not advertised to other routers, and other routers can use the same DLCI numbers without causing connectivity issues.
Cisco uses the term global addressing to describe a technique by which a router in a frame relay network is reached via the same DLCI number from each router in the network. For example, in a 25-router network, the same DLCI number would be used to reach “Router A” by each router.
Global Addressing is an organizational tool that does not affect the fact that DLCIs have local significance only.
The locally significant DLCI must be mapped to the destination router’s IP address. There are two options for this, Inverse ARP and static mapping.
In both of the following examples, the single physical Serial interface on Router 1 is configured with two logical connections through the frame relay cloud, one to Router 2 and one to Router 3.
Inverse ARP runs by default once Frame Relay is enabled, and starts working as soon as you open the interface. By running show frame-relay map after enabling Frame Relay, two dynamic mappings are shown on this router. If a dynamic mapping is shown, Inverse ARP performed it.
R1#show frame map
Serial0 (up): ip 200.1.1.2 dlci 122(0x7A,0x1CA0), dynamic,
broadcast,, status defined, active
Serial0 (up): ip 200.1.1.3 dlci 123(0x7B,0x1CB0), dynamic,
broadcast,, status defined, active
Static mappings require the use of a frame map statement. To use static mappings, turn Inverse ARP off with the no frame-relay inverse-arp statement, and configure a frame map statement for each remote destination that maps the local DLCI to the remote IP address. Frame Relay requires the broadcast keyword to send broadcasts to the remote device.
R1#conf t
R1(config)#interface serial0
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#frame map ip 200.1.1.2 122 broadcast
R1(config-if)#frame map ip 200.1.1.3 123 broadcast
The syntax of the frame map statement maps the remote IP address to the local DLCI.
Broadcasts will not be transmitted by default; the broadcast option must be configured.
R1#show frame map
Serial0 (up): ip 200.1.1.2 dlci 122(0x7A,0x1CA0), static,
broadcast,
CISCO, status defined, active
Serial0 (up): ip 200.1.1.3 dlci 123(0x7B,0x1CB0), static,
broadcast,
CISCO, status defined, active
Hands-on practice is the best way to prepare for CCNA exam success. Working with Frame Relay in a lab environment practically guarantees that you'll truly master the concepts shown here - and then you're on your way to the CCNA and becoming a master network engineer.
Frame Relay VCs use Data-Link Connection Identifiers (DLCI - pronounced "del-see") as their addresses. Unlike other Cisco technologies, VCs have only a single DLCI in their header. They do not have a source and destination.
DLCIs have local significance only. DLCI numbers are not advertised to other routers, and other routers can use the same DLCI numbers without causing connectivity issues.
Cisco uses the term global addressing to describe a technique by which a router in a frame relay network is reached via the same DLCI number from each router in the network. For example, in a 25-router network, the same DLCI number would be used to reach “Router A” by each router.
Global Addressing is an organizational tool that does not affect the fact that DLCIs have local significance only.
The locally significant DLCI must be mapped to the destination router’s IP address. There are two options for this, Inverse ARP and static mapping.
In both of the following examples, the single physical Serial interface on Router 1 is configured with two logical connections through the frame relay cloud, one to Router 2 and one to Router 3.
Inverse ARP runs by default once Frame Relay is enabled, and starts working as soon as you open the interface. By running show frame-relay map after enabling Frame Relay, two dynamic mappings are shown on this router. If a dynamic mapping is shown, Inverse ARP performed it.
R1#show frame map
Serial0 (up): ip 200.1.1.2 dlci 122(0x7A,0x1CA0), dynamic,
broadcast,, status defined, active
Serial0 (up): ip 200.1.1.3 dlci 123(0x7B,0x1CB0), dynamic,
broadcast,, status defined, active
Static mappings require the use of a frame map statement. To use static mappings, turn Inverse ARP off with the no frame-relay inverse-arp statement, and configure a frame map statement for each remote destination that maps the local DLCI to the remote IP address. Frame Relay requires the broadcast keyword to send broadcasts to the remote device.
R1#conf t
R1(config)#interface serial0
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#frame map ip 200.1.1.2 122 broadcast
R1(config-if)#frame map ip 200.1.1.3 123 broadcast
The syntax of the frame map statement maps the remote IP address to the local DLCI.
Broadcasts will not be transmitted by default; the broadcast option must be configured.
R1#show frame map
Serial0 (up): ip 200.1.1.2 dlci 122(0x7A,0x1CA0), static,
broadcast,
CISCO, status defined, active
Serial0 (up): ip 200.1.1.3 dlci 123(0x7B,0x1CB0), static,
broadcast,
CISCO, status defined, active
Hands-on practice is the best way to prepare for CCNA exam success. Working with Frame Relay in a lab environment practically guarantees that you'll truly master the concepts shown here - and then you're on your way to the CCNA and becoming a master network engineer.
Cisco CCNA Certification Exam Tutorial: DNS And The IP Name-Server Command
DNS behaviors of a Cisco router are important topics for both the CCNA exam and real-world production networks, and you probably didn't know there were so many DNS details before you began studying for the exam! In this tutorial, we'll look at the ip name-server command and its proper usage.
When a command is mistyped on a Cisco router, the default behavior of the router is to attempt to resolve it via DNS. First, the router looks for an IP Host table on the local router to perform this resolution – that’s what the “translating” word in the output is referring to. If there’s no IP Host table or the IP Host table doesn’t contain an entry for what you typed, the router will send a broadcast in an attempt to resolve this name through a remote DNS server. To prevent this broadcast, enter the global command no ip domain-lookup. Of course, to use DNS to resolve hostnames, ip domain-lookup would have to be reenabled if it’s been turned off.
R2#contin
Translating "contin"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
A command is mistyped as “contin”. The Cisco router’s default behavior is to resolve this entry locally via an IP Host table, which isn't present on the router. A broadcast is then sent out to find a DNS server to perform the name resolution. The DNS lookup attempt must time out before the configuration can continue.
R2#conf t
R2(config)#no ip domain-lookup
R2#contin
Translating "contin"
% Unknown command or computer name, or unable to find computer address
With “no ip domain-lookup” configured, the router doesn’t attempt to find a remote DNS server. It sees there is no local resolution configured and almost immediately sends a message to the console that the name can’t be resolved.
R2#conf t
R2(config)#ip domain-lookup
R2(config)#ip name-server 10.1.1.1
R2#contin
Translating "contin"...domain server (10.1.1.1)
A DNS server is installed on the network with the IP address 10.1.1.1. DNS lookup is reenabled with the command ip domain-lookup, and the IP address of the DNS server is specified with the ip name-server command.
It's just that easy to tell a Cisco router exactly where the DNS server is!
When a command is mistyped on a Cisco router, the default behavior of the router is to attempt to resolve it via DNS. First, the router looks for an IP Host table on the local router to perform this resolution – that’s what the “translating” word in the output is referring to. If there’s no IP Host table or the IP Host table doesn’t contain an entry for what you typed, the router will send a broadcast in an attempt to resolve this name through a remote DNS server. To prevent this broadcast, enter the global command no ip domain-lookup. Of course, to use DNS to resolve hostnames, ip domain-lookup would have to be reenabled if it’s been turned off.
R2#contin
Translating "contin"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
A command is mistyped as “contin”. The Cisco router’s default behavior is to resolve this entry locally via an IP Host table, which isn't present on the router. A broadcast is then sent out to find a DNS server to perform the name resolution. The DNS lookup attempt must time out before the configuration can continue.
R2#conf t
R2(config)#no ip domain-lookup
R2#contin
Translating "contin"
% Unknown command or computer name, or unable to find computer address
With “no ip domain-lookup” configured, the router doesn’t attempt to find a remote DNS server. It sees there is no local resolution configured and almost immediately sends a message to the console that the name can’t be resolved.
R2#conf t
R2(config)#ip domain-lookup
R2(config)#ip name-server 10.1.1.1
R2#contin
Translating "contin"...domain server (10.1.1.1)
A DNS server is installed on the network with the IP address 10.1.1.1. DNS lookup is reenabled with the command ip domain-lookup, and the IP address of the DNS server is specified with the ip name-server command.
It's just that easy to tell a Cisco router exactly where the DNS server is!
Cisco CCNA Certification Exam Tutorial: Distance Vector Command Review
Part of studying for CCNA exam success is keeping all these new commands straight in your head! And let's face it, there are a lot of commands you need to know in order to pass the CCNA exam and earn that certification. Here's a review of some very important distance vector and static routing commands you need to know, along with their proper usage and console output.
Bandwidth
IGRP makes a default assumption that any Serial interface running IGRP is connected to a T1 line, which runs at 1544 KBPS. With equal-cost load-balancing enabled by default, this may be an undesirable assumption.
To alter IGRP’s assumption, use the bandwidth command on the serial interface in question. Note that this command does NOT actually affect the bandwidth available to the interface; it merely changes IGRP’s assumption of the bandwidth.
R2#conf t
R2(config)#int s0
R2(config-if)#bandwidth 512
Clear ip route *
This command clears your routing table of all non-static and non-connected routes. In a lab environment, it’s very handy because it forces your routers running routing protocols to send and request updates, rather than waiting for the regularly scheduled updates.
R2#clear ip route *
Debug ip igrp events
Debug ip igrp events allows you to see IGRP updates being sent and requested. Here, the debug is run and then the routing table is cleared. The router immediately broadcasts update requests via the IGRP-enabled interfaces.
R2#debug ip igrp event
IGRP event debugging is on
R2#clear ip route *
06:02:51: IGRP: broadcasting request on BRI0
06:02:51: IGRP: broadcasting request on Serial0.123
Debug ip igrp transactions
To configure IGRP unequal-cost load-sharing with the variance command, you’ve got to know the metric of the less-desirable routes. EIGRP keeps these in its topology table; IGRP has no such table.
To get the metrics of routes not in the routing table, run debug ip igrp transactions. To force IGRP updates, the routing table below was cleared with clear ip route *.
R2#debug ip igrp transactions
IGRP protocol debugging is on
R2#clear ip route *
06:05:33: IGRP: received update from 172.12.123.1 on Serial0.123
06:05:33: subnet 172.12.123.0, metric 10476 (neighbor 8476)
06:05:33: network 1.0.0.0, metric 8976 (neighbor 501)
06:05:33: IGRP: edition is now 3
06:05:33: IGRP: sending update to 255.255.255.255 via BRI0 (172.12.12.2)
06:05:33: network 1.0.0.0, metric=8976
06:05:33: IGRP: sending update to 255.255.255.255 via Serial0.123 (172.12.123.2) - suppressing null update
06:05:34: IGRP: received update from 172.12.12.1 on BRI0
06:05:34: subnet 172.12.13.0, metric 160250 (neighbor 8476)
06:05:34: network 1.0.0.0, metric 158750 (neighbor 501)
Debug ip rip
R2#debug ip rip
IP protocol debugging is on
R2#clear ip route *
6:14:53: RIP: received v2 update from 172.23.23.3 on Ethernet0
6:14:53: 1.0.0.0/8 via 0.0.0.0 in 16 hops (inaccessible)
6:14:53: 1.1.1.1/32 via 0.0.0.0 in 2 hops
6:14:53: 172.12.0.0/16 via 0.0.0.0 in 16 hops (inaccessible)
6:14:53: 172.12.12.2/32 via 0.0.0.0 in 2 hops
6:14:53: 172.12.13.0/30 via 0.0.0.0 in 1 hops
6:14:53: 172.12.123.0/24 via 0.0.0.0 in 1 hops
6:14:53: 172.23.0.0/16 via 0.0.0.0 in 16 hops (inaccessible)
Run debug ip rip to troubleshoot routing update problems, RIP authentication problems, and to view the routing update contents. Clear ip route * was run to clear the routing table and to force a RIP update.
Ip route
R2#conf t
R2(config)#ip route 1.1.1.1 255.255.255.255 172.12.123.1
OR
R2(config)#ip route 1.1.1.1 255.255.255.255 serial0
To configure a static route to a given destination IP address, use the ip route command. The destination is followed by a subnet mask, and that can be followed by either the next-hop IP address or the exit interface on the local router.
Ip route 0.0.0.0 0.0.0.0
R2#conf t
R2(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.1
OR
R2(config)#ip route 0.0.0.0 0.0.0.0 ethernet0
To configure a default static route, use either of these two commands.
You could have any number for the first “0.0.0.0", since the second set of zeroes is the subnet mask. This means that any destination will match this route statement.
That's a good review to get started with! I'll be back tomorrow with Part II of this CCNA exam command review!
Bandwidth
IGRP makes a default assumption that any Serial interface running IGRP is connected to a T1 line, which runs at 1544 KBPS. With equal-cost load-balancing enabled by default, this may be an undesirable assumption.
To alter IGRP’s assumption, use the bandwidth command on the serial interface in question. Note that this command does NOT actually affect the bandwidth available to the interface; it merely changes IGRP’s assumption of the bandwidth.
R2#conf t
R2(config)#int s0
R2(config-if)#bandwidth 512
Clear ip route *
This command clears your routing table of all non-static and non-connected routes. In a lab environment, it’s very handy because it forces your routers running routing protocols to send and request updates, rather than waiting for the regularly scheduled updates.
R2#clear ip route *
Debug ip igrp events
Debug ip igrp events allows you to see IGRP updates being sent and requested. Here, the debug is run and then the routing table is cleared. The router immediately broadcasts update requests via the IGRP-enabled interfaces.
R2#debug ip igrp event
IGRP event debugging is on
R2#clear ip route *
06:02:51: IGRP: broadcasting request on BRI0
06:02:51: IGRP: broadcasting request on Serial0.123
Debug ip igrp transactions
To configure IGRP unequal-cost load-sharing with the variance command, you’ve got to know the metric of the less-desirable routes. EIGRP keeps these in its topology table; IGRP has no such table.
To get the metrics of routes not in the routing table, run debug ip igrp transactions. To force IGRP updates, the routing table below was cleared with clear ip route *.
R2#debug ip igrp transactions
IGRP protocol debugging is on
R2#clear ip route *
06:05:33: IGRP: received update from 172.12.123.1 on Serial0.123
06:05:33: subnet 172.12.123.0, metric 10476 (neighbor 8476)
06:05:33: network 1.0.0.0, metric 8976 (neighbor 501)
06:05:33: IGRP: edition is now 3
06:05:33: IGRP: sending update to 255.255.255.255 via BRI0 (172.12.12.2)
06:05:33: network 1.0.0.0, metric=8976
06:05:33: IGRP: sending update to 255.255.255.255 via Serial0.123 (172.12.123.2) - suppressing null update
06:05:34: IGRP: received update from 172.12.12.1 on BRI0
06:05:34: subnet 172.12.13.0, metric 160250 (neighbor 8476)
06:05:34: network 1.0.0.0, metric 158750 (neighbor 501)
Debug ip rip
R2#debug ip rip
IP protocol debugging is on
R2#clear ip route *
6:14:53: RIP: received v2 update from 172.23.23.3 on Ethernet0
6:14:53: 1.0.0.0/8 via 0.0.0.0 in 16 hops (inaccessible)
6:14:53: 1.1.1.1/32 via 0.0.0.0 in 2 hops
6:14:53: 172.12.0.0/16 via 0.0.0.0 in 16 hops (inaccessible)
6:14:53: 172.12.12.2/32 via 0.0.0.0 in 2 hops
6:14:53: 172.12.13.0/30 via 0.0.0.0 in 1 hops
6:14:53: 172.12.123.0/24 via 0.0.0.0 in 1 hops
6:14:53: 172.23.0.0/16 via 0.0.0.0 in 16 hops (inaccessible)
Run debug ip rip to troubleshoot routing update problems, RIP authentication problems, and to view the routing update contents. Clear ip route * was run to clear the routing table and to force a RIP update.
Ip route
R2#conf t
R2(config)#ip route 1.1.1.1 255.255.255.255 172.12.123.1
OR
R2(config)#ip route 1.1.1.1 255.255.255.255 serial0
To configure a static route to a given destination IP address, use the ip route command. The destination is followed by a subnet mask, and that can be followed by either the next-hop IP address or the exit interface on the local router.
Ip route 0.0.0.0 0.0.0.0
R2#conf t
R2(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.1
OR
R2(config)#ip route 0.0.0.0 0.0.0.0 ethernet0
To configure a default static route, use either of these two commands.
You could have any number for the first “0.0.0.0", since the second set of zeroes is the subnet mask. This means that any destination will match this route statement.
That's a good review to get started with! I'll be back tomorrow with Part II of this CCNA exam command review!
Cisco CCNA Certification Exam Tutorial: Configuring Dialer Profiles
The most common method of configuring ISDN is with dialer maps, but dial information can also be configured on a logical interface. To pass the CCNA exam, you must know how to configure and troubleshoot both dialer maps and dialer profiles.
Dialer Profiles allow different dialing information to be configured onto logical interfaces. The logical interfaces may have different dialing destinations, different remote router names, etc., but they’ll be using the same physical interface.
Dialer strings are used on dialer profiles. Note that each logical interface has a different IP address, a different remote router to dial, and a different dialer string, but they will be using the same physical interface to dial out. The commands dialer pool and dialer pool-member are used to link the logical and physical interfaces. The number following each command must match for the logical interface to correctly bind to the physical interface.
R1(config)#interface dialer0
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config-if)#encapsulation ppp
<. The encapsulation type is placed on both the logical and physical interfaces. >
R1(config-if)#dialer remote-name Remote0
R1(config-if)#dialer pool 1
< places logical interface into dialer pool >
R1(config-if)#dialer string 5551212
< number dialed to contact router Remote0 >
R1(config-if)#dialer-group 1
< links logical interface to dialer-list 1 >
R1(config)#interface dialer1
R1(config-if)#ip address 172.16.1.2 255.255.255.0
R1(config-if)#encapsulation ppp
R1(config-if)#dialer remote-name Remote1
R1(config-if)#dialer pool 1
R1(config-if)#dialer string 5551234
R1(config-if)#dialer-group 1
R1(config)#interface bri0
R1(config-if)#no ip address
< With dialer profiles, IP addresses are assigned to logical interfaces. >
R1(config-if)#encapsulation ppp
< The encapsulation type is place on both the logical and physical interfaces.>
R1(config-if)#dialer pool-member 1
< The number associated with this command should match the number configured with the dialer pool number on the logical dialer interfaces. >
R1(config-if)#isdn spid1 0835866101
R1(config-if)#isdn spid2 0835866301
When configuring dialer profiles, the encapsulation type should be placed on both the physical BRI interface and the logical dialer interfaces. The SPIDs are configured on the physical interface as well.
Configuring dialer profiles can be a little tricky at first, and the best way to master this skill is to get real hands-on practice in your own CCNA / CCNP home lab or a rack rental service. Either way, hands-on is the best practice. Best of luck in your CCNA studies!
Dialer Profiles allow different dialing information to be configured onto logical interfaces. The logical interfaces may have different dialing destinations, different remote router names, etc., but they’ll be using the same physical interface.
Dialer strings are used on dialer profiles. Note that each logical interface has a different IP address, a different remote router to dial, and a different dialer string, but they will be using the same physical interface to dial out. The commands dialer pool and dialer pool-member are used to link the logical and physical interfaces. The number following each command must match for the logical interface to correctly bind to the physical interface.
R1(config)#interface dialer0
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config-if)#encapsulation ppp
<. The encapsulation type is placed on both the logical and physical interfaces. >
R1(config-if)#dialer remote-name Remote0
R1(config-if)#dialer pool 1
< places logical interface into dialer pool >
R1(config-if)#dialer string 5551212
< number dialed to contact router Remote0 >
R1(config-if)#dialer-group 1
< links logical interface to dialer-list 1 >
R1(config)#interface dialer1
R1(config-if)#ip address 172.16.1.2 255.255.255.0
R1(config-if)#encapsulation ppp
R1(config-if)#dialer remote-name Remote1
R1(config-if)#dialer pool 1
R1(config-if)#dialer string 5551234
R1(config-if)#dialer-group 1
R1(config)#interface bri0
R1(config-if)#no ip address
< With dialer profiles, IP addresses are assigned to logical interfaces. >
R1(config-if)#encapsulation ppp
< The encapsulation type is place on both the logical and physical interfaces.>
R1(config-if)#dialer pool-member 1
< The number associated with this command should match the number configured with the dialer pool number on the logical dialer interfaces. >
R1(config-if)#isdn spid1 0835866101
R1(config-if)#isdn spid2 0835866301
When configuring dialer profiles, the encapsulation type should be placed on both the physical BRI interface and the logical dialer interfaces. The SPIDs are configured on the physical interface as well.
Configuring dialer profiles can be a little tricky at first, and the best way to master this skill is to get real hands-on practice in your own CCNA / CCNP home lab or a rack rental service. Either way, hands-on is the best practice. Best of luck in your CCNA studies!
Cisco CCNA Certification Exam Tutorial: Configuring And Troubleshooting VTP
Not only is your CCNA exam going to have questions on VLAN trunking protocol, almost any network that has more than one VLAN is going to have VTP running. Whether you're planning on passing the CCNA exam or just brushing up on your networking skills, this VTP tutorial will help you learn the basics of this important protocol.
VTP allows switches to advertise VLAN information between other members of the same VTP domain. VTP allows a consistent view of the switched network across all switches. When a VLAN is created on one switch in a VTP server, all other VTP devices in the domain are notified of that VLAN’s existence. VTP servers will know about every VLAN, even VLANs that have no members on that switch.
Switches run VTP in one of three modes. In server mode, VLANs can be created, modified, and deleted on a VTP server. When these actions are taken, the changes are advertised to all switches in the VTP domain. VTP Servers keep VLAN configuration information upon reboot.
In client mode, the switch cannot modify, create, or delete VLANs. VTP clients cannot retain VLAN configuration information upon reboot; they have to obtain this information from a VTP server.
In real-world networks, this is generally done to centralize the creation and deletion of VLANs. An interesting side effect of the server/client methodology is that if a VLAN is only to have ports on the VTP client switch, the VLAN must still first be created on the VTP server. The VTP client will learn about the VLAN from the VTP server, and ports can then be placed into that VLAN.
The third VTP mode is transparent mode. VTP switches in this mode ignore VTP messages. They do forward the VTP advertisements received from other switches. VLANs can be created, deleted, and modified on a transparent server, but those changes are not advertised to the other switches in the VTP domain.
For switches running VTP to successfully exchange VLAN information, three things have to happen. I've listed them for you in the order that you'll see them in the real world.
The VTP domain name must match. This is case-sensitive. "CISCO" and "cisco" are two different domains.
To distribute information about a newly-created VLAN, the switch upon which that VLAN is created must be in Server mode.
Learning VTP isn't just a good idea for passing your CCNA exams, it's a skill you must have to be effective in configuring and troubleshooting VLANs. I wish you the best in both of these pursuits!
VTP allows switches to advertise VLAN information between other members of the same VTP domain. VTP allows a consistent view of the switched network across all switches. When a VLAN is created on one switch in a VTP server, all other VTP devices in the domain are notified of that VLAN’s existence. VTP servers will know about every VLAN, even VLANs that have no members on that switch.
Switches run VTP in one of three modes. In server mode, VLANs can be created, modified, and deleted on a VTP server. When these actions are taken, the changes are advertised to all switches in the VTP domain. VTP Servers keep VLAN configuration information upon reboot.
In client mode, the switch cannot modify, create, or delete VLANs. VTP clients cannot retain VLAN configuration information upon reboot; they have to obtain this information from a VTP server.
In real-world networks, this is generally done to centralize the creation and deletion of VLANs. An interesting side effect of the server/client methodology is that if a VLAN is only to have ports on the VTP client switch, the VLAN must still first be created on the VTP server. The VTP client will learn about the VLAN from the VTP server, and ports can then be placed into that VLAN.
The third VTP mode is transparent mode. VTP switches in this mode ignore VTP messages. They do forward the VTP advertisements received from other switches. VLANs can be created, deleted, and modified on a transparent server, but those changes are not advertised to the other switches in the VTP domain.
For switches running VTP to successfully exchange VLAN information, three things have to happen. I've listed them for you in the order that you'll see them in the real world.
The VTP domain name must match. This is case-sensitive. "CISCO" and "cisco" are two different domains.
To distribute information about a newly-created VLAN, the switch upon which that VLAN is created must be in Server mode.
Learning VTP isn't just a good idea for passing your CCNA exams, it's a skill you must have to be effective in configuring and troubleshooting VLANs. I wish you the best in both of these pursuits!
Cisco CCNA Certification Exam Tutorial: Access List Details You Must Know!
To pass the CCNA exam, you have to be able to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you'll see more and more uses for ACLs. Therefore, you had better know the basics!
The use of "host" and "any" confuses some newcomers to ACLs, so let's take a look at that first.
It is acceptable to configure a wildcard mask of all ones or all zeroes. A wildcard mask of 0.0.0.0 means the address specified in the ACL line must be matched exactly a wildcard mask of 255.255.255.255 means that all addresses will match the line.
Wildcard masks have the option of using the word host to represent a wildcard mask of 0.0.0.0. Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all other packets denied. The following ACLs both do that.
R3#conf t
R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0
R3(config)#conf t
R3(config)#access-list 7 permit host 10.1.1.1
The keyword any can be used to represent a wildcard mask of 255.255.255.255.
R3(config)#access-list 15 permit any
Another often overlooked detail is the order of the lines in an ACL. Even in a two- or three-line ACL, the order of the lines in an ACL is vital.
Consider a situation where packets sourced from 172.18.18.0 /24 will be denied, but all others will be permitted. The following ACL would do that.
R3#conf t
R3(config)#access-list 15 deny 172.18.18.0 0.0.0.255
R3(config)#access-list 15 permit any
The previous example also illustrates the importance of configuring the ACL with the lines in the correct order to get the desired results. What would be the result if the lines were reversed?
R3#conf t
R3(config)#access-list 15 permit any
R3(config)#access-list 15 deny 172.18.18.0 0.0.0.255
If the lines were reversed, traffic from 172.18.18.0 /24 would be matched against the first line of the ACL. The first line is “permit any", meaning all traffic is permitted. The traffic from 172.18.18.0/24 matches that line, the traffic is permitted, and the ACL stops running. The statement denying the traffic from 172.18.18.0 is never run.
The key to writing and troubleshoot access lists is to take just an extra moment to read it over and make sure it's going to do what you intend it to do. It's better to realize your mistake on paper instead of once the ACL's been applied to an interface!
The use of "host" and "any" confuses some newcomers to ACLs, so let's take a look at that first.
It is acceptable to configure a wildcard mask of all ones or all zeroes. A wildcard mask of 0.0.0.0 means the address specified in the ACL line must be matched exactly a wildcard mask of 255.255.255.255 means that all addresses will match the line.
Wildcard masks have the option of using the word host to represent a wildcard mask of 0.0.0.0. Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all other packets denied. The following ACLs both do that.
R3#conf t
R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0
R3(config)#conf t
R3(config)#access-list 7 permit host 10.1.1.1
The keyword any can be used to represent a wildcard mask of 255.255.255.255.
R3(config)#access-list 15 permit any
Another often overlooked detail is the order of the lines in an ACL. Even in a two- or three-line ACL, the order of the lines in an ACL is vital.
Consider a situation where packets sourced from 172.18.18.0 /24 will be denied, but all others will be permitted. The following ACL would do that.
R3#conf t
R3(config)#access-list 15 deny 172.18.18.0 0.0.0.255
R3(config)#access-list 15 permit any
The previous example also illustrates the importance of configuring the ACL with the lines in the correct order to get the desired results. What would be the result if the lines were reversed?
R3#conf t
R3(config)#access-list 15 permit any
R3(config)#access-list 15 deny 172.18.18.0 0.0.0.255
If the lines were reversed, traffic from 172.18.18.0 /24 would be matched against the first line of the ACL. The first line is “permit any", meaning all traffic is permitted. The traffic from 172.18.18.0/24 matches that line, the traffic is permitted, and the ACL stops running. The statement denying the traffic from 172.18.18.0 is never run.
The key to writing and troubleshoot access lists is to take just an extra moment to read it over and make sure it's going to do what you intend it to do. It's better to realize your mistake on paper instead of once the ACL's been applied to an interface!
Cisco CCNA Certification Exam: Five Frame Relay Details You Must Know
When you're studying for your CCNA exam on the way to earning this coveted Cisco certification, the details can seem overwhelming! In this article, I'll point out five Frame Relay details that you must keep in mind when you're on your way to the CCNA exam!
Inverse ARP starts working as soon as you open the serial interface. This protocol performs dynamic Frame Relay mapping, but you don't have to enable it - it's already enabled as soon as you enter the command "encapsulation frame-relay".
When you're configuring Frame Relay map statements manually, remember that you're mapping the local DLCI to the remote IP address.
When you run "show frame map", the word "dynamic" indicates mappings created by Inverse ARP, and "static" indicates it was manually created.
To spot possible LMI type mismatches, run "show frame lmi". A large number of Status Timeouts indicates that there may be an LMI problem between your router and the frame relay switch.
This last one is for the many of you building CCNA home labs. A frame relay switch is a great addition to your lab! While you're busy putting the configuration together, don't forget the global command "frame-relay switching" - it's this command that allows a Cisco router to act as a frame relay switch!
Inverse ARP starts working as soon as you open the serial interface. This protocol performs dynamic Frame Relay mapping, but you don't have to enable it - it's already enabled as soon as you enter the command "encapsulation frame-relay".
When you're configuring Frame Relay map statements manually, remember that you're mapping the local DLCI to the remote IP address.
When you run "show frame map", the word "dynamic" indicates mappings created by Inverse ARP, and "static" indicates it was manually created.
To spot possible LMI type mismatches, run "show frame lmi". A large number of Status Timeouts indicates that there may be an LMI problem between your router and the frame relay switch.
This last one is for the many of you building CCNA home labs. A frame relay switch is a great addition to your lab! While you're busy putting the configuration together, don't forget the global command "frame-relay switching" - it's this command that allows a Cisco router to act as a frame relay switch!
Cisco CCNA Certification: The Value Of The CCNA And CCNP
One question I see often on the 'Net is "Is it worth my time to earn a CCNA / CCNP / CCIE certification?" My personal answer to that is a resounding yes. The power of Cisco certifications has allowed me to create a tremendous career, and they can do the same for you.
There has never been a better time to accelerate your IT career, and earning a technical certification is a great way to do just that. I don't care if you're looking at earning an MCSE, a Cisco certification, Red Hat, or any other vendor - you are always better off having a technical certification than not having one. Technical certifications are an excellent way to market yourself and stand out from the crowd. Earning certifications shows a potential employer (and your current one) that you are willing to go the extra mile.
Sadly, when you ask this question on most Internet message boards, you're going to get some very negative people giving you their "unbiased" opinion. Ask yourself this question: Do you want to entrust the direction of your career to someone you don't know, has no accountability for what they say, and has some kind of ax to grind? Do you want someone like that to decide whether you should earn a CCNA or CCNP?
I can speak from experience on this point. When I told a few people that I was going to earn my CCIE, almost 100% of the responses I got were negative. "It's too hard", "no one can pass that", "the CCIE isn't worth the work", etc. Every single one of these statements is false, and again I speak from firsthand experience. The same is true for the CCNA, CCNP, and MCSE. All of these certifications can add value to your career and put more money in your pocket. But you have to make the decision to earn them and to "keep your goals away from the trolls".
Don't ask anonymous strangers whether it's "worth the time" to get a CCNA, MCSE, or other computer certification. The only person you should ask that question of is yourself. Whether you want to start an IT career or jumpstart your current one, make the decision to move forward in your career - and then follow through on that decision.
There has never been a better time to accelerate your IT career, and earning a technical certification is a great way to do just that. I don't care if you're looking at earning an MCSE, a Cisco certification, Red Hat, or any other vendor - you are always better off having a technical certification than not having one. Technical certifications are an excellent way to market yourself and stand out from the crowd. Earning certifications shows a potential employer (and your current one) that you are willing to go the extra mile.
Sadly, when you ask this question on most Internet message boards, you're going to get some very negative people giving you their "unbiased" opinion. Ask yourself this question: Do you want to entrust the direction of your career to someone you don't know, has no accountability for what they say, and has some kind of ax to grind? Do you want someone like that to decide whether you should earn a CCNA or CCNP?
I can speak from experience on this point. When I told a few people that I was going to earn my CCIE, almost 100% of the responses I got were negative. "It's too hard", "no one can pass that", "the CCIE isn't worth the work", etc. Every single one of these statements is false, and again I speak from firsthand experience. The same is true for the CCNA, CCNP, and MCSE. All of these certifications can add value to your career and put more money in your pocket. But you have to make the decision to earn them and to "keep your goals away from the trolls".
Don't ask anonymous strangers whether it's "worth the time" to get a CCNA, MCSE, or other computer certification. The only person you should ask that question of is yourself. Whether you want to start an IT career or jumpstart your current one, make the decision to move forward in your career - and then follow through on that decision.
Cisco CCNA Certification: The Path To Take After Earning The CCNA
Once you earn your CCNA certification, you've got quite a few exciting choices ahead of you! The majority of CCNAs go on to pursue another Cisco certification, and this is a wise decision. The more you know, the more valuable you are in today's IT market.
A question I'm often asked by new CCNAs is "Which certification should I go after next?" Often, these new CCNAs have their eye on the Cisco Certified Security Professional (CCSP) certification. While adding a security certification to your resume is an excellent idea, I strongly recommend that new CCNAs acquire their Cisco Certified Network Professional (CCNP) certification before pursuing their security certifications. The CCNP requires you to pass three or four exams (depending on the path you choose) that will demand a further mastery of some subjects you studies to earn your CCNA as well as several important topics that you haven’t seen yet.
The CCNP builds on the foundation of networking knowledge you built when you earned your CCNA, and your CCNP study will add greatly to your skills and resume. There are some common technologies that you'll see in many networks - BGP and route redistribution among them - that you don't learn about in your CCNA studies. By pursuing your CCNP, you'll also learn much more about OSPF, switching, and refine your troubleshooting skills. These are skills that will pay off in your current job as well as any future job hunting you do.
A question I'm often asked by new CCNAs is "Which certification should I go after next?" Often, these new CCNAs have their eye on the Cisco Certified Security Professional (CCSP) certification. While adding a security certification to your resume is an excellent idea, I strongly recommend that new CCNAs acquire their Cisco Certified Network Professional (CCNP) certification before pursuing their security certifications. The CCNP requires you to pass three or four exams (depending on the path you choose) that will demand a further mastery of some subjects you studies to earn your CCNA as well as several important topics that you haven’t seen yet.
The CCNP builds on the foundation of networking knowledge you built when you earned your CCNA, and your CCNP study will add greatly to your skills and resume. There are some common technologies that you'll see in many networks - BGP and route redistribution among them - that you don't learn about in your CCNA studies. By pursuing your CCNP, you'll also learn much more about OSPF, switching, and refine your troubleshooting skills. These are skills that will pay off in your current job as well as any future job hunting you do.
Cisco CCNA Certification: The Importance Of The OSI Model
There's nothing I enjoy more than teaching Cisco technologies, especially CCNA candidates. Whether it's in-person or online, everyone's excited to be there. There's a sense of anticipation in the air, and everyone is ready to work hard, get their hands on the racks of Cisco routers and switches I
have available...
... and then I break out the OSI model chart. Chins slump. People sigh, or at least wish they hadn't ordered decaf that morning.
Okay, it's not that bad. But it does temper the excitement a little. I always get a sense of "why can't we just hurry up and get on the routers and switches? Why do we have to learn this dry stuff?"
One reason is that Cisco demands you know the OSI model inside and out for both the Intro and ICND exams. You have to admit that's a pretty good reason, but still, students find the OSI model information to be very dry.
I understand that, because I've been there. My first exposure to the OSI model was actually in a Novell "Networking Technologies" class, and man, was that chart ever dry. They crammed every known protocol (and some unknown ones, I think) into the OSI model. It looked like a giant jigsaw puzzle, and the real problem is that I didn't know what the heck most of that stuff was.
So I dutifully attempted to memorize this massive chart. I managed to pass the exam, but I wondered what all that effort had really been for. It's not like you sit around in a server room or wiring closet and discuss the OSI model.
As a CCNA candidate, you don't have to worry about all the protocols I memorized way back when, but you do have to know what happens at each layer. Which leads to this question:
"If I work with routers and switches, why do I have to know about all the other layers? Don't routers and switches just work at layer 2 and 3?"
Yes, switches work at Layer 2 and routers at Layer 3. But to truly understand networking, you've got to understand what happens at the other layers. Why?
Most network administrators and engineers are going to spend a lot more time troubleshooting than installing. That's just the way it is. And to troubleshoot effectively, you've got to know what's going on at all layers of the OSI model, not just layers 2 and 3.
As someone who's done a lot of hiring and conducted a great many job interviews, I can tell you that the ability to troubleshoot is the number one quality I look for. That's why I tell CCNA and CCNP candidates that they've got to get all the hands-on practice they can while I understand the importance of theory, the only way to develop troubleshooting ability is to work on the real deal. No simulator program
is going to teach you how to troubleshoot.
Additionally, the only way to truly develop your troubleshooting abilities is to know what's going on over the entire network, not just the routers and switches. Troubleshooting always starts at Layer 1 if you don't find a problem at the Physical layer, and everything's fine with your routers and switches, how are you going to continue troubleshooting if you don't know what the next steps are as data moves closer to the end user?
So when it comes to the OSI model, don't just give it a quick once-over and move on to the fun stuff in your CCNA studies. The tangible benefit of passing your exams is great, but it's the hidden benefit of developing your own troubleshooting methodology that makes mastering the OSI model worthwhile.
have available...
... and then I break out the OSI model chart. Chins slump. People sigh, or at least wish they hadn't ordered decaf that morning.
Okay, it's not that bad. But it does temper the excitement a little. I always get a sense of "why can't we just hurry up and get on the routers and switches? Why do we have to learn this dry stuff?"
One reason is that Cisco demands you know the OSI model inside and out for both the Intro and ICND exams. You have to admit that's a pretty good reason, but still, students find the OSI model information to be very dry.
I understand that, because I've been there. My first exposure to the OSI model was actually in a Novell "Networking Technologies" class, and man, was that chart ever dry. They crammed every known protocol (and some unknown ones, I think) into the OSI model. It looked like a giant jigsaw puzzle, and the real problem is that I didn't know what the heck most of that stuff was.
So I dutifully attempted to memorize this massive chart. I managed to pass the exam, but I wondered what all that effort had really been for. It's not like you sit around in a server room or wiring closet and discuss the OSI model.
As a CCNA candidate, you don't have to worry about all the protocols I memorized way back when, but you do have to know what happens at each layer. Which leads to this question:
"If I work with routers and switches, why do I have to know about all the other layers? Don't routers and switches just work at layer 2 and 3?"
Yes, switches work at Layer 2 and routers at Layer 3. But to truly understand networking, you've got to understand what happens at the other layers. Why?
Most network administrators and engineers are going to spend a lot more time troubleshooting than installing. That's just the way it is. And to troubleshoot effectively, you've got to know what's going on at all layers of the OSI model, not just layers 2 and 3.
As someone who's done a lot of hiring and conducted a great many job interviews, I can tell you that the ability to troubleshoot is the number one quality I look for. That's why I tell CCNA and CCNP candidates that they've got to get all the hands-on practice they can while I understand the importance of theory, the only way to develop troubleshooting ability is to work on the real deal. No simulator program
is going to teach you how to troubleshoot.
Additionally, the only way to truly develop your troubleshooting abilities is to know what's going on over the entire network, not just the routers and switches. Troubleshooting always starts at Layer 1 if you don't find a problem at the Physical layer, and everything's fine with your routers and switches, how are you going to continue troubleshooting if you don't know what the next steps are as data moves closer to the end user?
So when it comes to the OSI model, don't just give it a quick once-over and move on to the fun stuff in your CCNA studies. The tangible benefit of passing your exams is great, but it's the hidden benefit of developing your own troubleshooting methodology that makes mastering the OSI model worthwhile.
Cisco CCNA Certification: The Importance Of Hands-On Practice
CCNA and CCNP candidates hear it all the time: “you have to get some hands-on experience to pass the exams”.
Candidates tend to think that’s just so they can solve the simulator problems, but that’s only the more obvious reason.
First, I want to make it clear that I’m not bashing learning from books you have to learn theory before you can really know what’s going on in the first place. The key is that to truly understand routing and switching processes, you’ve got to have that hands-on experience.
So if the simulator questions are the more obvious reason to get hands-on experience, what are the less obvious reasons?
Glad you asked!
You see what happens when things don’t go according to the script. One of the biggest problems with learning your skills on software programs such as “router simulators” is that with simulators, things go pretty much as planned.
I have news for you: that doesn’t always happen in the real world. While Cisco routers and switches are highly reliable devices, every once in a while you’re going to get an unexpected result from a command. Maybe it didn’t work after you typed it in maybe it has an effect on your prior configuration that you didn’t expect. Maybe you don’t know what happened – you just typed in that command and the router went nuts!
Sooner or later, that’s going to happen to you in the real world. And as I tell my students, it’s actually a good thing to have happen to you in a lab.
You don’t learn to troubleshoot or fine-tune a configuration when everything works perfectly. You don’t learn much at all when things go perfectly. And you’re practicing to learn!
I often say that great chefs don’t learn to cook on cooking simulators they learn in the kitchen, and they burn a lot of meals on the way to greatness. You need to screw up some configs on the way to greatness, and you can’t do that on a computer program. You have to be on the real thing.
You build confidence by working with real Cisco routers and switches. Would you want the Super Bowl to be the first football game you ever really played in? Of course not. Then why would you take router configuration exams and be nervous about having to create a VLAN, or troubleshoot an OSPF configuration?
You cannot walk into the testing room a nervous wreck. You must have the attitude that you are already a CCNA or CCNP, and you’re just there to make it official. I can tell you from firsthand experience with many students that the way you develop than confidence is to work with the real deal.
You can’t buy that confidence, and you can’t simulate your way to it. You’ve got to work with real Cisco routers and switches. By working with the real equipment, you develop the real skills and real confidence you need to pass the CCNA and CCNP exams.
Candidates tend to think that’s just so they can solve the simulator problems, but that’s only the more obvious reason.
First, I want to make it clear that I’m not bashing learning from books you have to learn theory before you can really know what’s going on in the first place. The key is that to truly understand routing and switching processes, you’ve got to have that hands-on experience.
So if the simulator questions are the more obvious reason to get hands-on experience, what are the less obvious reasons?
Glad you asked!
You see what happens when things don’t go according to the script. One of the biggest problems with learning your skills on software programs such as “router simulators” is that with simulators, things go pretty much as planned.
I have news for you: that doesn’t always happen in the real world. While Cisco routers and switches are highly reliable devices, every once in a while you’re going to get an unexpected result from a command. Maybe it didn’t work after you typed it in maybe it has an effect on your prior configuration that you didn’t expect. Maybe you don’t know what happened – you just typed in that command and the router went nuts!
Sooner or later, that’s going to happen to you in the real world. And as I tell my students, it’s actually a good thing to have happen to you in a lab.
You don’t learn to troubleshoot or fine-tune a configuration when everything works perfectly. You don’t learn much at all when things go perfectly. And you’re practicing to learn!
I often say that great chefs don’t learn to cook on cooking simulators they learn in the kitchen, and they burn a lot of meals on the way to greatness. You need to screw up some configs on the way to greatness, and you can’t do that on a computer program. You have to be on the real thing.
You build confidence by working with real Cisco routers and switches. Would you want the Super Bowl to be the first football game you ever really played in? Of course not. Then why would you take router configuration exams and be nervous about having to create a VLAN, or troubleshoot an OSPF configuration?
You cannot walk into the testing room a nervous wreck. You must have the attitude that you are already a CCNA or CCNP, and you’re just there to make it official. I can tell you from firsthand experience with many students that the way you develop than confidence is to work with the real deal.
You can’t buy that confidence, and you can’t simulate your way to it. You’ve got to work with real Cisco routers and switches. By working with the real equipment, you develop the real skills and real confidence you need to pass the CCNA and CCNP exams.
Cisco CCNA Certification: The (Many) Different Kinds Of Switching
When you're studying for your CCNA exam, whether you're taking the Intro-ICND path or the single-exam path, you're quickly introduced to the fact that switching occurs at Layer 2 of the OSI model. No problem there, but then other terms involving switching are thrown in, and some of them can be more than a little confusing. What is "cell switching"? What is "circuit switching"? Most confusing of all, how can you have "packet switching"? Packets are found at Layer 3, but switching occurs at Layer 2. How can packets be switched?
Relax! As you'll see in this article, the terms aren't that hard to keep straight. Packet switching, for example, describes a protocol that divides a message into packets before they're sent. The packets are then sent individually, and may take different paths to the same destination. Once the packets arrive at the final destination, they are reassembled.
Frame switching follows the same process, but at a different layer of the OSI model. When the protocol runs at Layer 2 rather than Layer 3, the process is referred to as frame switching.
Cell switching also does much the same thing, but as the name implies, the device in use is a cell switch. Cell-switched packets are fixed in length. ATM is a popular cell-switching technology.
The process of circuit switching is just a bit different, in that the process of setting up the circuit itself is part of the process. The channel is set up between two parties, data is transmitted, and the channel is then torn down. The circuit-switching technology most familiar to CCNA candidates is ISDN.
Don't let these terms confuse you. The four different terms are describing much the same process. The main difference is that they are occurring at different levels of the OSI model, and using a different transport method to get the data where it needs to go.
Relax! As you'll see in this article, the terms aren't that hard to keep straight. Packet switching, for example, describes a protocol that divides a message into packets before they're sent. The packets are then sent individually, and may take different paths to the same destination. Once the packets arrive at the final destination, they are reassembled.
Frame switching follows the same process, but at a different layer of the OSI model. When the protocol runs at Layer 2 rather than Layer 3, the process is referred to as frame switching.
Cell switching also does much the same thing, but as the name implies, the device in use is a cell switch. Cell-switched packets are fixed in length. ATM is a popular cell-switching technology.
The process of circuit switching is just a bit different, in that the process of setting up the circuit itself is part of the process. The channel is set up between two parties, data is transmitted, and the channel is then torn down. The circuit-switching technology most familiar to CCNA candidates is ISDN.
Don't let these terms confuse you. The four different terms are describing much the same process. The main difference is that they are occurring at different levels of the OSI model, and using a different transport method to get the data where it needs to go.
Cisco CCNA Certification: Static Routing Tutorial
In studying for your CCNA exam and preparing to earn this valuable certification, you may be tempted to spend little time studying static routing and head right for the more exciting dynamic routing protocols like RIP, EIGRP, and OSPF. This is an understandable mistake, but still a mistake. Static routing is not complicated, but it's an important topic on the CCNA exam and a valuable skill for real-world networking.
To create static routes on a Cisco router, you use the ip route command followed by the destination network, network mask, and either the next-hop IP address or the local exit interface. It's vital to keep that last part in mind - you're either configuring the IP address of the downstream router, or the interface on the local router that will serve as the exit interface.
Let's say your local router has a serial0 interface with an IP address of 200.1.1.1/30, and the downstream router that will be the next hop will receive packets on its serial1 interface with an IP address of 200.1.1.2/30. The static route will be for packets destined for the 172.10.1.0 network. Either of the following ip route statements would be correct.
R1(config)#ip route 172.10.1.0 255.255.255.0 200.1.1.2 (next-hop IP address)
OR
R1(config)#ip route 172.10.1.0 255.255.255.0 serial0 ( local exit interface)
You can also write a static route that matches only one destination. This is a host route, and has 255.255.255.255 for a mask. If the above static routes should only be used to send packets to 172.10.1.1., the following commands would do the job.
R1(config)#ip route 172.10.1.1 255.255.255.255 200.1.1.2 (next-hop IP address)
OR
R1(config)#ip route 172.10.1.1 255.255.255.255 serial0 ( local exit interface)
Finally, a default static route serves as a gateway of last resort. If there are no matches for a destination in the routing table, the default route will be used. Default routes use all zeroes for both the destination and mask, and again a next-hop IP address or local exit interface can be used.
R1(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2 (next-hop IP address)
OR
R1(config)#ip route 0.0.0.0 0.0.0.0 serial0 ( local exit interface)
IP route statements seem simple enough, but the details regarding the next-hop IP address, the local exit interface, default static routes, and the syntax of the command are vital for success on CCNA exam day and in the real world.
To create static routes on a Cisco router, you use the ip route command followed by the destination network, network mask, and either the next-hop IP address or the local exit interface. It's vital to keep that last part in mind - you're either configuring the IP address of the downstream router, or the interface on the local router that will serve as the exit interface.
Let's say your local router has a serial0 interface with an IP address of 200.1.1.1/30, and the downstream router that will be the next hop will receive packets on its serial1 interface with an IP address of 200.1.1.2/30. The static route will be for packets destined for the 172.10.1.0 network. Either of the following ip route statements would be correct.
R1(config)#ip route 172.10.1.0 255.255.255.0 200.1.1.2 (next-hop IP address)
OR
R1(config)#ip route 172.10.1.0 255.255.255.0 serial0 ( local exit interface)
You can also write a static route that matches only one destination. This is a host route, and has 255.255.255.255 for a mask. If the above static routes should only be used to send packets to 172.10.1.1., the following commands would do the job.
R1(config)#ip route 172.10.1.1 255.255.255.255 200.1.1.2 (next-hop IP address)
OR
R1(config)#ip route 172.10.1.1 255.255.255.255 serial0 ( local exit interface)
Finally, a default static route serves as a gateway of last resort. If there are no matches for a destination in the routing table, the default route will be used. Default routes use all zeroes for both the destination and mask, and again a next-hop IP address or local exit interface can be used.
R1(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2 (next-hop IP address)
OR
R1(config)#ip route 0.0.0.0 0.0.0.0 serial0 ( local exit interface)
IP route statements seem simple enough, but the details regarding the next-hop IP address, the local exit interface, default static routes, and the syntax of the command are vital for success on CCNA exam day and in the real world.
Cisco CCNA Certification: How And Why Switches Trunk
Your CCNA studies are going to include quite a bit of information about switches, and for good reason. if you don't understand basic switching theory, you can't configure and troubleshoot Cisco switches, either on the CCNA exam or in the real world. That goes double for trunking!
Trunking is simply enabling two or more switches to communicate and send frames to each other for transmission to remote hosts. There are two major trunking protocols that we need to know the details of for exam success and real-world success, but before we get to the protocols, let's discuss the cables we need.
Connecting two Cisco switches requires a crossover cable. As you know, there are eight wires inside an ethernet cable. In a crossover cable, four of the cables "cross over" from one pin to another. For many newer Cisco switches, all you need to do to create a trunk is connect the switches with a crossover cable. For instance, 2950 switches dynamically trunk once you connect them with the right cable. If you use the wrong cable, you'll be there a while!
There are two different trunking protocols in use on today's Cisco switches, ISL and IEEE 802.1Q, generally referred to as "dot1q". There are three main differences between the two. First, ISL is a Cisco-proprietary trunking protocol, where dot1q is the industry standard. (Those of you new to Cisco testing should get used to the phrases "Cisco-proprietary" and "industry standard".) If you're working in a multivendor environment, ISL may not be a good choice. And even though ISL is Cisco's own trunking protocol, some Cisco switches run only dot1q.
ISL also encapsulates the entire frame, increasing the network overhead. Dot1q only places a header on the frame, and in some circumstances, doesn't even do that. There is much less overhead with dot1q as compared to ISL. That leads to the third major difference, the way the protocols work with the native vlan.
The native vlan is simply the default vlan that switch ports are placed into if they are not expressly placed into another vlan. On Cisco switches, the native vlan is vlan 1. (This can be changed.) If dot1q is running, frames that are going to be sent across the trunk line don't even have a header placed on them; the remote switch will assume that any frame that has no header is destined for the native vlan.
The problem with ISL is that is doesn't understand what a native vlan is. Every single frame will be encapsulated, regardless of the vlan it's destined for.
Switching theory is a big part of your CCNA studies, and it can seem overwhelming at first. Just break your studies down into smaller, more manageable parts, and soon you'll see the magic letters "CCNA" behind your name!
Trunking is simply enabling two or more switches to communicate and send frames to each other for transmission to remote hosts. There are two major trunking protocols that we need to know the details of for exam success and real-world success, but before we get to the protocols, let's discuss the cables we need.
Connecting two Cisco switches requires a crossover cable. As you know, there are eight wires inside an ethernet cable. In a crossover cable, four of the cables "cross over" from one pin to another. For many newer Cisco switches, all you need to do to create a trunk is connect the switches with a crossover cable. For instance, 2950 switches dynamically trunk once you connect them with the right cable. If you use the wrong cable, you'll be there a while!
There are two different trunking protocols in use on today's Cisco switches, ISL and IEEE 802.1Q, generally referred to as "dot1q". There are three main differences between the two. First, ISL is a Cisco-proprietary trunking protocol, where dot1q is the industry standard. (Those of you new to Cisco testing should get used to the phrases "Cisco-proprietary" and "industry standard".) If you're working in a multivendor environment, ISL may not be a good choice. And even though ISL is Cisco's own trunking protocol, some Cisco switches run only dot1q.
ISL also encapsulates the entire frame, increasing the network overhead. Dot1q only places a header on the frame, and in some circumstances, doesn't even do that. There is much less overhead with dot1q as compared to ISL. That leads to the third major difference, the way the protocols work with the native vlan.
The native vlan is simply the default vlan that switch ports are placed into if they are not expressly placed into another vlan. On Cisco switches, the native vlan is vlan 1. (This can be changed.) If dot1q is running, frames that are going to be sent across the trunk line don't even have a header placed on them; the remote switch will assume that any frame that has no header is destined for the native vlan.
The problem with ISL is that is doesn't understand what a native vlan is. Every single frame will be encapsulated, regardless of the vlan it's destined for.
Switching theory is a big part of your CCNA studies, and it can seem overwhelming at first. Just break your studies down into smaller, more manageable parts, and soon you'll see the magic letters "CCNA" behind your name!
Cisco CCNA Certification: Five Key Combinations You Should Know
When you start studying for your CCNA and CCNP exams, many books will present you with a huge list of keystroke shortcuts for use on Cisco routers. While the 640-801, 811, and 821 exams may ask you about one or two of these, you really have to get hands-on experience with these commands to master them. Even better, there are some key combinations that Cisco routers mention, but then don't tell you what they are! Let's take a look at a few of the more helpful key combinations, and conclude with the "secret" way to stop a ping or traceroute.
The up arrow on your keyboard is great for repeating the last command you typed. Let's say you mis-enter an access-list. Instead of typing it from the beginning, just hit your up arrow to repeat it, then fix the problem.
CTRL-A takes the cursor to the beginning of a typed line. If you've written an extended ACL, you know that can be a very long command, and one you probably don't want to retype. If you get a carat indicating there is a problem with the line, use your up arrow to repeat the command. If you see the error is near the beginning, use CTRL-A to move the cursor immediately to the beginning of the line. CTRL-E takes the cursor to the end of a typed line.
To move the cursor through a typed line without erasing characters, you've got a couple of options. I personally like to use the left and right arrows, but you can also use CTRL-B to move back and CTRL-F to move forward.
Finally, there's the combination that Cisco mentions to you when you run ping or traceroute, but they don't tell you what it is! If you send an extended ping or a traceroute, you could be looking at asterisks for a long time if you don't know this one. In the following example, a traceroute is obviously failing:
R2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 * * *
2 *
The problem is that you're going to get 30 rows of those asterisks, which is frustrating and time-consuming at the same time. Note the router console message "Type escape sequence to abort". That's helpful - but what is it?
Here it is: Just type CTRL-SHIFT-6 twice, once right after the other. You won't see anything on the router console, but the traceroute will terminate.
R2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 * * *
2 * * *
3
R2#
The traceroute was successfully terminated. This combination works for pings as well, both extended and regular. Of all the keystrokes you can learn, this one is the most valuable!
The up arrow on your keyboard is great for repeating the last command you typed. Let's say you mis-enter an access-list. Instead of typing it from the beginning, just hit your up arrow to repeat it, then fix the problem.
CTRL-A takes the cursor to the beginning of a typed line. If you've written an extended ACL, you know that can be a very long command, and one you probably don't want to retype. If you get a carat indicating there is a problem with the line, use your up arrow to repeat the command. If you see the error is near the beginning, use CTRL-A to move the cursor immediately to the beginning of the line. CTRL-E takes the cursor to the end of a typed line.
To move the cursor through a typed line without erasing characters, you've got a couple of options. I personally like to use the left and right arrows, but you can also use CTRL-B to move back and CTRL-F to move forward.
Finally, there's the combination that Cisco mentions to you when you run ping or traceroute, but they don't tell you what it is! If you send an extended ping or a traceroute, you could be looking at asterisks for a long time if you don't know this one. In the following example, a traceroute is obviously failing:
R2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 * * *
2 *
The problem is that you're going to get 30 rows of those asterisks, which is frustrating and time-consuming at the same time. Note the router console message "Type escape sequence to abort". That's helpful - but what is it?
Here it is: Just type CTRL-SHIFT-6 twice, once right after the other. You won't see anything on the router console, but the traceroute will terminate.
R2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 * * *
2 * * *
3
R2#
The traceroute was successfully terminated. This combination works for pings as well, both extended and regular. Of all the keystrokes you can learn, this one is the most valuable!
Cisco CCNA Certification: Error Detection vs. Error Recovery
Passing the CCNA, Intro, and ICND exam is all about knowing and noticing the details. (Which makes perfect sense, since becoming a master networking administrator or engineer is also about noticing the details!) One such detail knows the difference between error detection and error recovery. While the terms are sometimes used interchangeably, they are not the same thing.
Error detection is just that - error detection only. Two common error detection methods are found at the Data Link layer of the OSI model, the FCS (Frame Check Sequence) and CRC (Cyclical Redundancy Check). A mathematical equation is run against the data in the frame, and the result is sent along with the data. The receiver runs the equation again, but this time. If the result is the same, the frame is considered valid; if the result is different, the frame is considered corrupt and is discarded.
Note that the FCS and CRC do nothing in regards to retransmission. They are strictly error detection schemes.
For an example of error recovery, we look to the Transport layer, where TCP runs. TCP performs reliable delivery, and the reason we call it "reliable" is that TCP uses sequence numbers to detect missing segments. If the sender determines from the sequence numbers that the remote host did not receive transmitted segments, the sender will retransmit the missing segments.
The key to keeping the terms straight in your head is to remember that while both error detection and error recovery both detect problems, only error recovery does anything about it. It's also worth reading an exam question twice when you see either term!
Error detection is just that - error detection only. Two common error detection methods are found at the Data Link layer of the OSI model, the FCS (Frame Check Sequence) and CRC (Cyclical Redundancy Check). A mathematical equation is run against the data in the frame, and the result is sent along with the data. The receiver runs the equation again, but this time. If the result is the same, the frame is considered valid; if the result is different, the frame is considered corrupt and is discarded.
Note that the FCS and CRC do nothing in regards to retransmission. They are strictly error detection schemes.
For an example of error recovery, we look to the Transport layer, where TCP runs. TCP performs reliable delivery, and the reason we call it "reliable" is that TCP uses sequence numbers to detect missing segments. If the sender determines from the sequence numbers that the remote host did not receive transmitted segments, the sender will retransmit the missing segments.
The key to keeping the terms straight in your head is to remember that while both error detection and error recovery both detect problems, only error recovery does anything about it. It's also worth reading an exam question twice when you see either term!
Cisco CCNA Certification: Defining Broadcast Domains
When you're studying to pass the CCNA exam and earn your certification, you're introduced to a great many terms that are either totally new to you or seem familiar, but you're not quite sure what they are. The term "broadcast domain" falls into the latter category for many CCNA candidates.
A broadcast domain is simply the group of end hosts that will receive a broadcast sent out by a given host. For example, if there are ten host devices connected to a switch and one of them sends a broadcast, the other nine devices will receive the broadcast. All of those devices are in the same broadcast domain.
Of course, we probably don't want every device in a network receiving every single broadcast sent out by any other device in the network! This is why we need to know what devices can create multiple, smaller broadcast domains. Doing so allows us to limit the broadcasts traveling around our network - and you might be surprised how much traffic on some networks consists of unnecessary broadcasts.
Using the OSI model, we find devices such as hubs and repeaters at Layer One. This is the Physical layer, and devices at this layer have no effect on broadcast domains.
At Layer Two, we've got switches and bridges. By default, a switch has no effect on broadcast domains; CCNA candidates know that a switch will forward a broadcast out every single port on that switch except the one upon which it was received. However, Cisco switches allow the creation of Virtual Local Area Networks, or VLANs, that are logical segments of the network. A broadcast sent by one host in a VLAN will not be forwarded out every other port on the switch. That broadcast will be forwarded only out ports that are members of the same VLAN as the host device that sent it.
The good news is that broadcast traffic will not be forwarded between VLANs. The bad news is that no inter-VLAN traffic at all is allowed by default! You may actually want this in some cases, but generally you're going to want inter-VLAN traffic. This requires the use of a router or other Layer 3 device such as a Layer 3 Switch. (Layer 3 Switches are becoming more popular every day. Basically, it's a switch that can also run routing protocols. These switches are not tested on the CCNA exam.)
That router we just talked about also defines broadcast domains. Routers do not forward broadcasts, so broadcast domains are defined by routers with no additional configuration.
Knowing how broadcasts travel across your network, and how they can be controlled, is an important part of being a CCNA and of being a superior network administrator. Best of luck to you in both of these pursuits!
A broadcast domain is simply the group of end hosts that will receive a broadcast sent out by a given host. For example, if there are ten host devices connected to a switch and one of them sends a broadcast, the other nine devices will receive the broadcast. All of those devices are in the same broadcast domain.
Of course, we probably don't want every device in a network receiving every single broadcast sent out by any other device in the network! This is why we need to know what devices can create multiple, smaller broadcast domains. Doing so allows us to limit the broadcasts traveling around our network - and you might be surprised how much traffic on some networks consists of unnecessary broadcasts.
Using the OSI model, we find devices such as hubs and repeaters at Layer One. This is the Physical layer, and devices at this layer have no effect on broadcast domains.
At Layer Two, we've got switches and bridges. By default, a switch has no effect on broadcast domains; CCNA candidates know that a switch will forward a broadcast out every single port on that switch except the one upon which it was received. However, Cisco switches allow the creation of Virtual Local Area Networks, or VLANs, that are logical segments of the network. A broadcast sent by one host in a VLAN will not be forwarded out every other port on the switch. That broadcast will be forwarded only out ports that are members of the same VLAN as the host device that sent it.
The good news is that broadcast traffic will not be forwarded between VLANs. The bad news is that no inter-VLAN traffic at all is allowed by default! You may actually want this in some cases, but generally you're going to want inter-VLAN traffic. This requires the use of a router or other Layer 3 device such as a Layer 3 Switch. (Layer 3 Switches are becoming more popular every day. Basically, it's a switch that can also run routing protocols. These switches are not tested on the CCNA exam.)
That router we just talked about also defines broadcast domains. Routers do not forward broadcasts, so broadcast domains are defined by routers with no additional configuration.
Knowing how broadcasts travel across your network, and how they can be controlled, is an important part of being a CCNA and of being a superior network administrator. Best of luck to you in both of these pursuits!
Cisco CCNA Certification: Defining And Creating Collision Domains
When you're studying to pass the CCNA exam and earn your certification, you're introduced to a great many terms that are either totally new to you or seem familiar, but you're not quite sure what they are. The term "collision domain" falls into the latter category for many CCNA candidates.
What exactly is "colliding" in the first place, and why do we care? It's the data that is being sent out onto an Ethernet segment that we're concerned with here. Ethernet uses Carrier Sense Multiple Access / Collision Detection (CSMA/CD) to avoid collisions in the first place. CSMA/CD is a set of rules dictating when hosts on an Ethernet segment can and cannot transmit data. Basically, a host that wants to transmit data will "listen" to the ethernet segment to see if another host is currently transmitting. If no one else is transmitting, the host will go forward with its own transmission.
This is an effective way of avoiding a collision, but it is not foolproof. If two hosts follow this procedure at the exact same time, their transmissions will collide on the Ethernet segment and both transmissions will become unusable. The hosts that sent those two transmissions will then send a jam signal out onto the segment, indicating to all other hosts that they should not send data. The two hosts will each start a random timer, and at the end of that time each host will begin the listening process again.
Now that we know what a collision is, and what CSMA/CD is, we need to be able to define a collision domain. A collision domain is any area where a collision can theoretically take place, so only one device can transmit at a time in a collision domain.
In another free CCNA certification tutorial, we saw that broadcast domains were defined by routers (default) and switches if VLANs have been defined. Hubs and repeaters did nothing to define broadcast domains. Well, they don't do anything here, either. Hubs and repeaters do not define collision domains.
Switches do, however. A Cisco switchport is actually its own unshared collision domain! Therefore, if we have 20 host devices connected to separate switchports, we have 20 collision domains. All 20 devices can transmit simultaneously with no danger of collisions. Compare this to hubs and repeaters - if you have five devices connected to a single hub, you still have one large collision domain, and only one device at a time can transmit.
Mastering the definition and creation of collision domains and broadcast domains is an important step toward earning your CCNA and becoming an effective network administrator. Best of luck to you in both these worthwhile pursuits!
What exactly is "colliding" in the first place, and why do we care? It's the data that is being sent out onto an Ethernet segment that we're concerned with here. Ethernet uses Carrier Sense Multiple Access / Collision Detection (CSMA/CD) to avoid collisions in the first place. CSMA/CD is a set of rules dictating when hosts on an Ethernet segment can and cannot transmit data. Basically, a host that wants to transmit data will "listen" to the ethernet segment to see if another host is currently transmitting. If no one else is transmitting, the host will go forward with its own transmission.
This is an effective way of avoiding a collision, but it is not foolproof. If two hosts follow this procedure at the exact same time, their transmissions will collide on the Ethernet segment and both transmissions will become unusable. The hosts that sent those two transmissions will then send a jam signal out onto the segment, indicating to all other hosts that they should not send data. The two hosts will each start a random timer, and at the end of that time each host will begin the listening process again.
Now that we know what a collision is, and what CSMA/CD is, we need to be able to define a collision domain. A collision domain is any area where a collision can theoretically take place, so only one device can transmit at a time in a collision domain.
In another free CCNA certification tutorial, we saw that broadcast domains were defined by routers (default) and switches if VLANs have been defined. Hubs and repeaters did nothing to define broadcast domains. Well, they don't do anything here, either. Hubs and repeaters do not define collision domains.
Switches do, however. A Cisco switchport is actually its own unshared collision domain! Therefore, if we have 20 host devices connected to separate switchports, we have 20 collision domains. All 20 devices can transmit simultaneously with no danger of collisions. Compare this to hubs and repeaters - if you have five devices connected to a single hub, you still have one large collision domain, and only one device at a time can transmit.
Mastering the definition and creation of collision domains and broadcast domains is an important step toward earning your CCNA and becoming an effective network administrator. Best of luck to you in both these worthwhile pursuits!
Cisco CCNA Certification: Cisco Switching Modes Tutorial
To pass the CCNA exam and earn that coveted certification, you've got to know Cisco switches inside and out. Among the many important details you've got to know are the three methods that Cisco switches use to forward frames, and the differences between the three.
The first switching method is Store-and-Forward. The name is the recipe, because that's just what the switch does - it stores the entire frame before beginning to forward it. This method allows for the greatest amount of error checking, since the Frame Check Sequence (FCS) can be run before the frame is forwarded. As always, there is a tradeoff, since this error checking process makes this the slowest of the three frame forwarding methods.
The quickest method is Cut-Through, where only the destination MAC address of the frame is examined before the forwarding process begins. This means that the part of the frame is actually being forwarded as it is still being received! The tradeoff here is that the FCS does not run, so there is absolutely no error checking with Cut-Through switching.
The middle ground between these two extremes is Fragment-Free, so named since fragmented frames will not be forwarded. The switch examines only the first 64 bytes of the frame for errors, since that is the part of the frame that will be damaged in case of a collision. There is error checking, but it is not as thorough as Store-and-Forward.
Keeping these three switching schemes straight is vital to your CCNA exam efforts, and it will help you in working with Cisco switches in the real world as well. Keep studying!
The first switching method is Store-and-Forward. The name is the recipe, because that's just what the switch does - it stores the entire frame before beginning to forward it. This method allows for the greatest amount of error checking, since the Frame Check Sequence (FCS) can be run before the frame is forwarded. As always, there is a tradeoff, since this error checking process makes this the slowest of the three frame forwarding methods.
The quickest method is Cut-Through, where only the destination MAC address of the frame is examined before the forwarding process begins. This means that the part of the frame is actually being forwarded as it is still being received! The tradeoff here is that the FCS does not run, so there is absolutely no error checking with Cut-Through switching.
The middle ground between these two extremes is Fragment-Free, so named since fragmented frames will not be forwarded. The switch examines only the first 64 bytes of the frame for errors, since that is the part of the frame that will be damaged in case of a collision. There is error checking, but it is not as thorough as Store-and-Forward.
Keeping these three switching schemes straight is vital to your CCNA exam efforts, and it will help you in working with Cisco switches in the real world as well. Keep studying!
Cisco CCNA Certification: Broadcasts, Unicasts, And Multicasts
When you begin your CCNA studies, you get hit with a lot of different networking terms right away that you might not be familiar with. What makes it a little more confusing is that a lot of these terms sound a lot alike. Here, we're going to discuss the differences between broadcasts, multicasts, and unicasts at both the Data Link (Layer 2) and Network (Layer 3) layers of the OSI model.
A broadcast is simply a unit of information that every other device on the segment will receive. A broadcast is indicated by having every bit of the address set to its highest possible value. Since a hexadecimal bit's highest value is "f", a hexadecimal broadcast is ff-ff-ff-ff-ff-ff (or FF-FF-FF-FF-FF-FF, as the upper case does not affect hex value). The CCNA exam will demand you be very familiar with hex conversions, so if you're not comfortable with these conversions, get comfortable with them before taking the exam!
At layer 3, a broadcast is indicated by setting every bit in the 32-bit binary string to "1", making the dotted decimal value 255.255.255.255. Every host on a segment will receive such a broadcast. (Keep in mind that switches will forward a broadcast, but routers do not.) In contrast to a broadcast, a unicast is a packet or frame with only one destination.
There is a middle ground between broadcasts and unicasts, and that is a multicast. Where a broadcast will be received by all, and a unicast is received by only one host, a multicast will be received by multiple hosts, all belonging to a "multicast group". As you climb the Cisco certification pyramid, you'll be introduced to creating multicast groups and controlling multicast traffic, but for your CCNA studies you need only keep certain multicast groups in mind.
Class D addresses are reserved for multicasting this range is 224.0.0.0 - 239.255.255.255. The addresses 224.0.0.0 - 224.255.255.255 are reserved for use by network protocols on a local network segment, and like broadcasts, routers will not forward these multicast packets. (Packets with these addresses are sent with a Time To Live of 1.)
As a CCNA candidate, you should know that OSPF routers use the address 224.0.0.5 to send hellos, EIGRP routers use 224.0.0.10 to send updates, and RIP version 2 uses 224.0.0.9 to send routing updates. RIP version 1 and IGRP both broadcast their updates.
Multicasting gets a bit more complicated as you go from your CCNA to the CCNP and CCIE, but by simply understanding what multicasting is, you go a long way toward securing the CCNA.
A broadcast is simply a unit of information that every other device on the segment will receive. A broadcast is indicated by having every bit of the address set to its highest possible value. Since a hexadecimal bit's highest value is "f", a hexadecimal broadcast is ff-ff-ff-ff-ff-ff (or FF-FF-FF-FF-FF-FF, as the upper case does not affect hex value). The CCNA exam will demand you be very familiar with hex conversions, so if you're not comfortable with these conversions, get comfortable with them before taking the exam!
At layer 3, a broadcast is indicated by setting every bit in the 32-bit binary string to "1", making the dotted decimal value 255.255.255.255. Every host on a segment will receive such a broadcast. (Keep in mind that switches will forward a broadcast, but routers do not.) In contrast to a broadcast, a unicast is a packet or frame with only one destination.
There is a middle ground between broadcasts and unicasts, and that is a multicast. Where a broadcast will be received by all, and a unicast is received by only one host, a multicast will be received by multiple hosts, all belonging to a "multicast group". As you climb the Cisco certification pyramid, you'll be introduced to creating multicast groups and controlling multicast traffic, but for your CCNA studies you need only keep certain multicast groups in mind.
Class D addresses are reserved for multicasting this range is 224.0.0.0 - 239.255.255.255. The addresses 224.0.0.0 - 224.255.255.255 are reserved for use by network protocols on a local network segment, and like broadcasts, routers will not forward these multicast packets. (Packets with these addresses are sent with a Time To Live of 1.)
As a CCNA candidate, you should know that OSPF routers use the address 224.0.0.5 to send hellos, EIGRP routers use 224.0.0.10 to send updates, and RIP version 2 uses 224.0.0.9 to send routing updates. RIP version 1 and IGRP both broadcast their updates.
Multicasting gets a bit more complicated as you go from your CCNA to the CCNP and CCIE, but by simply understanding what multicasting is, you go a long way toward securing the CCNA.
Cisco CCNA / CCNP Tutorial: Home Lab Assembly Case Study
Part of your CCNA / CCNP education is deciding what network topology to use when you're putting together your home lab. Some of you are starting with one or two routers or switches, while others are starting with more. A customer recently sent me a list of his Cisco routers and switches that he has available for a home lab and asked for my help in coming up with the best way to use them.
There is no "right" or "wrong" answer to this question; again, part of the learning process is configuring and reconfiguring the physical topology of your lab. Let's look at the routers and switches he has available, including the interfaces on each, and come up with one possible CCNA / CCNP home lab setup.
The equipment list:
Two 3620 routers. Each has 1 serial port and 2 ethernet ports.
One 3640 router. This has two ethernet cards, each with two ports, and two AUI ports.
Three 2503s, my personal favorite for home labs! These have 1 AUI port, 2 serial interfaces, and one BRI interface apiece.
One 2524 router. This has one serial port, 1 ethernet port, and one BRI interface.
One 4500 router. This has eight BRI ports, 2 ethernet ports, and more importantly, four serial ports.
He also has a 5200 access server, an ISDN simulator, one 2924 switch, and one 1924 switch.
Now, if you don't have this much equipment to work with, don't panic! Most CCNA / CCNP candidates don't; this is more of an exercise in looking at what you do have and using it to the utmost.
As I've mentioned in many of my CCNA / CCNP home lab articles, an access server is a great thing to have. All he needs is an octal cable to connect his AS to the other devices we choose to use, and he's all set. (If you need an access server sample configuration, there is one on my website in the Home Lab section.)
A frame relay switch is also great to have, and the 4500 will make a great FR switch. Having a frame relay cloud in your CCNA / CCNP home lab is a great way to get experience configuring and troubleshooting frame relay, an essential skill for CCNA success.
I would put both of the 3620s on the frame relay cloud via the Serial interface, as well as two of the 2503s. That gives you four routers that will be using frame relay to communicate, and that's the most we can have since the 4500 has four serial ports. The 4500 will need to be configured as a frame relay switch and connected to the other routers via a DTE/DCE cable. (Again, if you need a frame relay switch configuration, the one I use in my pods is on the website in the same place as the access server configuration.)
The two 2503s that are on the frame relay cloud should also be connected via their BRI interfaces. The home lab also includes an ISDN simulator, which is necessary to allow routers to communicate via their BRI interfaces. Just get a couple of straight-through cables to connect those two routers to the ISDN simulator and that segment is ready to go. (Remember that you can't connect Cisco routers directly via their BRI interfaces.)
All of the routers in this lab have at least one ethernet or AUI port, so we can connect them all to either one of the switches. The switches should be connected via at least two crossover cables to allow practice with trunking, root bridge election, and VLANs. Having two switches really does add quite a bit to a CCNA / CCNP home lab's capabilities. You can experiment with different subnets and vlans with as well. Don't be afraid to dive in - that's what a home lab is all about!
So now we've got four routers connected via frame relay, two via ISDN, and the others via ethernet segments. Two of the routers that are not using their serial interfaces should be connected directly via their serial ports. For this, you'll just need another DTE/DCE cable. Knowing how to bring up the line between two directly connected serial ports is an important CCNA skill, and so is troubleshooting it. You should be able to bring such a connection up with your eyes closed, and once you work with your own CCNA / CCNP home lab, you'll be able to!
Also, don't forget to add a loopback interface to each one of your routers. I like to use 1.1.1.1 for R1, 2.2.2.2 for R2, and so on. Advertising loopbacks is another great way to get practice with RIP, OSPF, EIGRP, IGRP, and static routing.
We've taken a pile of routers and switches and turned them into a fantastic CCNA / CCNP home lab. Whether you're working with two Cisco devices or ten, coming up with your own home lab topology is a great learning experience and the beginning of developing your analytical and troubleshooting skills.
There is no "right" or "wrong" answer to this question; again, part of the learning process is configuring and reconfiguring the physical topology of your lab. Let's look at the routers and switches he has available, including the interfaces on each, and come up with one possible CCNA / CCNP home lab setup.
The equipment list:
Two 3620 routers. Each has 1 serial port and 2 ethernet ports.
One 3640 router. This has two ethernet cards, each with two ports, and two AUI ports.
Three 2503s, my personal favorite for home labs! These have 1 AUI port, 2 serial interfaces, and one BRI interface apiece.
One 2524 router. This has one serial port, 1 ethernet port, and one BRI interface.
One 4500 router. This has eight BRI ports, 2 ethernet ports, and more importantly, four serial ports.
He also has a 5200 access server, an ISDN simulator, one 2924 switch, and one 1924 switch.
Now, if you don't have this much equipment to work with, don't panic! Most CCNA / CCNP candidates don't; this is more of an exercise in looking at what you do have and using it to the utmost.
As I've mentioned in many of my CCNA / CCNP home lab articles, an access server is a great thing to have. All he needs is an octal cable to connect his AS to the other devices we choose to use, and he's all set. (If you need an access server sample configuration, there is one on my website in the Home Lab section.)
A frame relay switch is also great to have, and the 4500 will make a great FR switch. Having a frame relay cloud in your CCNA / CCNP home lab is a great way to get experience configuring and troubleshooting frame relay, an essential skill for CCNA success.
I would put both of the 3620s on the frame relay cloud via the Serial interface, as well as two of the 2503s. That gives you four routers that will be using frame relay to communicate, and that's the most we can have since the 4500 has four serial ports. The 4500 will need to be configured as a frame relay switch and connected to the other routers via a DTE/DCE cable. (Again, if you need a frame relay switch configuration, the one I use in my pods is on the website in the same place as the access server configuration.)
The two 2503s that are on the frame relay cloud should also be connected via their BRI interfaces. The home lab also includes an ISDN simulator, which is necessary to allow routers to communicate via their BRI interfaces. Just get a couple of straight-through cables to connect those two routers to the ISDN simulator and that segment is ready to go. (Remember that you can't connect Cisco routers directly via their BRI interfaces.)
All of the routers in this lab have at least one ethernet or AUI port, so we can connect them all to either one of the switches. The switches should be connected via at least two crossover cables to allow practice with trunking, root bridge election, and VLANs. Having two switches really does add quite a bit to a CCNA / CCNP home lab's capabilities. You can experiment with different subnets and vlans with as well. Don't be afraid to dive in - that's what a home lab is all about!
So now we've got four routers connected via frame relay, two via ISDN, and the others via ethernet segments. Two of the routers that are not using their serial interfaces should be connected directly via their serial ports. For this, you'll just need another DTE/DCE cable. Knowing how to bring up the line between two directly connected serial ports is an important CCNA skill, and so is troubleshooting it. You should be able to bring such a connection up with your eyes closed, and once you work with your own CCNA / CCNP home lab, you'll be able to!
Also, don't forget to add a loopback interface to each one of your routers. I like to use 1.1.1.1 for R1, 2.2.2.2 for R2, and so on. Advertising loopbacks is another great way to get practice with RIP, OSPF, EIGRP, IGRP, and static routing.
We've taken a pile of routers and switches and turned them into a fantastic CCNA / CCNP home lab. Whether you're working with two Cisco devices or ten, coming up with your own home lab topology is a great learning experience and the beginning of developing your analytical and troubleshooting skills.
Cisco CCNA / CCNP Home Labs: Developing Troubleshooting Skills
CCNA / CCNP candidates are going to be drilled by Cisco when it comes to troubleshooting questions. You're going to have to be able to analyze configurations to see what the problem is (and if there is a problem in the first place), determine the meaning of different debug outputs, and show the ability not just to configure a router or switch, but troubleshoot one.
That's just as it should be, because CCNAs and CCNPs will find themselves doing a lot of troubleshooting in their careers. Troubleshooting isn't something that can just be learned from a book; you've got to have some experience working with routers and switches. The only real way to learn how to troubleshoot is to develop that ability while working on live equipment.
Of course, your company or client is going to take a very dim view of you developing this skill on their live network. So what can you do?
Assemble a Cisco home lab. When you start working with real Cisco equipment, you're doing yourself a lot of favors. First, you're going to be amazed at how well you retain information that will become second nature to you before exam day. But more importantly, both for the exam room and your career, you're developing invaluable troubleshooting skills.
Don't get me wrong, I'm not saying knowing the theory of how routers and switches work is unimportant. Quite the opposite - if you don't know networking theory, you're not going to become a CCNA or CCNP. But the ability to apply that knowledge is vital - and the only way you can get that is to work on real Cisco routers and switches. As for these "router simulators" on the market today, ask yourself this simple question: "When I walk into a server room, how many router simulators do I see?"
I often tell students that they'll do their best learning when they screw something up. I've had many a student tell me later that I was right - when they misconfigured frame relay, ISDN, or another CCNA / CCNP technology and then had to fix it themselves, it not only gave them the opportunity to apply their knowledge, but it gave them the confidence to know they could do it.
And you can't put a price on confidence - in the exam room or in the network center!
That's just as it should be, because CCNAs and CCNPs will find themselves doing a lot of troubleshooting in their careers. Troubleshooting isn't something that can just be learned from a book; you've got to have some experience working with routers and switches. The only real way to learn how to troubleshoot is to develop that ability while working on live equipment.
Of course, your company or client is going to take a very dim view of you developing this skill on their live network. So what can you do?
Assemble a Cisco home lab. When you start working with real Cisco equipment, you're doing yourself a lot of favors. First, you're going to be amazed at how well you retain information that will become second nature to you before exam day. But more importantly, both for the exam room and your career, you're developing invaluable troubleshooting skills.
Don't get me wrong, I'm not saying knowing the theory of how routers and switches work is unimportant. Quite the opposite - if you don't know networking theory, you're not going to become a CCNA or CCNP. But the ability to apply that knowledge is vital - and the only way you can get that is to work on real Cisco routers and switches. As for these "router simulators" on the market today, ask yourself this simple question: "When I walk into a server room, how many router simulators do I see?"
I often tell students that they'll do their best learning when they screw something up. I've had many a student tell me later that I was right - when they misconfigured frame relay, ISDN, or another CCNA / CCNP technology and then had to fix it themselves, it not only gave them the opportunity to apply their knowledge, but it gave them the confidence to know they could do it.
And you can't put a price on confidence - in the exam room or in the network center!
Cisco CCNA / CCNP Home Lab Tutorial: The 2501 Router
To be truly prepared for your CCNA and CCNP exams, you need real hands-on experience with real Cisco routers and switches. However, a production network is a really bad place to practice your configurations, but an excellent way to get fired and/or sued. The key to becoming a true CCNA and CCNP is assembling your own Cisco home lab.
You don't have to spend a lot of money to do so; used Cisco equipment is cheaper than ever. It's robust as well - I've bought literally hundreds of used routers and switches over the years and have had very few problems. I owe much of my skill to practicing configurations and troubleshooting in my own home lab.
2501 routers are fantastic for CCNA and CCNP home labs. They come with two serial interfaces, allowing you to connect one interface directly to another router (you'll need a DTE/DCE cable for that, too) while connecting another to a frame relay switch if you like. If you don't have a frame relay switch, you can connect a 2501 directly to two other routers via the serial interfaces.
You also have an AUI port, which requires a transceiver to operate as your Ethernet interface. Transceivers are pretty cheap and readily available from Cisco resellers and ebay vendors, so pick one up for each 2503 you decide to buy.
2501 routers don't come with BRI interfaces, but not every router in your lab has to be ISDN-ready. If you choose not to have ISDN in your lab at all, 2501s are the way to go. If you do want to run ISDN and have an ISDN simulator device, you can get two 2503s and the rest of your routers can be 2501.
All in all, 2501 routers are great for your CCNA / CCNP home lab. They cost less than $100 each on ebay, so they're also very affordable. There's no better training than training on your own CCNA or CCNP home lab, and you can always sell the equipment later if you like. Basically, you're renting the routers and switches, and the experience you get by working with the real deal is invaluable.
You don't have to spend a lot of money to do so; used Cisco equipment is cheaper than ever. It's robust as well - I've bought literally hundreds of used routers and switches over the years and have had very few problems. I owe much of my skill to practicing configurations and troubleshooting in my own home lab.
2501 routers are fantastic for CCNA and CCNP home labs. They come with two serial interfaces, allowing you to connect one interface directly to another router (you'll need a DTE/DCE cable for that, too) while connecting another to a frame relay switch if you like. If you don't have a frame relay switch, you can connect a 2501 directly to two other routers via the serial interfaces.
You also have an AUI port, which requires a transceiver to operate as your Ethernet interface. Transceivers are pretty cheap and readily available from Cisco resellers and ebay vendors, so pick one up for each 2503 you decide to buy.
2501 routers don't come with BRI interfaces, but not every router in your lab has to be ISDN-ready. If you choose not to have ISDN in your lab at all, 2501s are the way to go. If you do want to run ISDN and have an ISDN simulator device, you can get two 2503s and the rest of your routers can be 2501.
All in all, 2501 routers are great for your CCNA / CCNP home lab. They cost less than $100 each on ebay, so they're also very affordable. There's no better training than training on your own CCNA or CCNP home lab, and you can always sell the equipment later if you like. Basically, you're renting the routers and switches, and the experience you get by working with the real deal is invaluable.
Cisco CCNA / CCNP Home Lab Tutorial: Using 2520 Routers
I know from experience that part of the excitement and anxiety of putting together your own CCNA / CCNP home lab is deciding what to buy! While you can make a workable home lab out of almost any combination of Cisco routers and switches, some routers are better suited for home lab work than others because they can fill multiple roles.
My personal favorite is the Cisco 2520. This router has four serial interfaces, making it an ideal frame relay switch. Don't forget that just because you're using a router as a frame switch, you can still use its routing capabilities. One setup I use is to use three of the four serial interfaces for frame switching and the fourth interface as a point-to-point network with another router. All you need is some DTE/DCE cables and you're all set.
The 2520 also comes with one ethernet interface and an ISDN interface, so that gives you even more options. Even if you're not planning to run ISDN in your home lab right now, you may choose to do so in the future - and with a 2520, you've already got the right router to do so. Keep in mind that if you are going to run ISDN in your home lab, you’ll need an ISDN device such as an ISDN simulator in your lab. (ISDN simulators are physical devices and are plentiful on ebay – they’re no relation to “router simulators”.)
Again, I want to reiterate that you can work any Cisco router into a CCNA / CCNP home lab - there's no "right" or "wrong" combination of equipment. But as with anything else, some combinations are better than others, so consider adding some 2520s to your home lab! This router gives you a great combination of interfaces and capabilities, plus the most important factor of all - real hands-on experience during your CCNA and CCNP exam preparation!
My personal favorite is the Cisco 2520. This router has four serial interfaces, making it an ideal frame relay switch. Don't forget that just because you're using a router as a frame switch, you can still use its routing capabilities. One setup I use is to use three of the four serial interfaces for frame switching and the fourth interface as a point-to-point network with another router. All you need is some DTE/DCE cables and you're all set.
The 2520 also comes with one ethernet interface and an ISDN interface, so that gives you even more options. Even if you're not planning to run ISDN in your home lab right now, you may choose to do so in the future - and with a 2520, you've already got the right router to do so. Keep in mind that if you are going to run ISDN in your home lab, you’ll need an ISDN device such as an ISDN simulator in your lab. (ISDN simulators are physical devices and are plentiful on ebay – they’re no relation to “router simulators”.)
Again, I want to reiterate that you can work any Cisco router into a CCNA / CCNP home lab - there's no "right" or "wrong" combination of equipment. But as with anything else, some combinations are better than others, so consider adding some 2520s to your home lab! This router gives you a great combination of interfaces and capabilities, plus the most important factor of all - real hands-on experience during your CCNA and CCNP exam preparation!
Cisco CCNA / CCNP Home Lab Tutorial: The (Many) Cable Types And Their Purposes
One of the most common questions I get from CCNA and CCNP candidates who are setting up their own home labs is "What cables will I need?" The answer is "It depends." As you know from your exam studies, the physical layout of your lab is what determines the cables you'll need. Let's take a look at the most common home lab cable types and when you will need them.
Straight-through cables have quite a few uses in a CCNA / CCNP home lab. You'll need them to connect a switch port to an AUI port on a router (and you'll need a transceiver for that as well). If you have an ISDN simulator, straight-through cables can be used to connect a router's BRI port to the simulator.
Crossover cables are used to connect switches and allow them to trunk. If at all possible, get two switches in your home lab. This will allow you to gain valuable experience in manipulating root bridge election, working with STP, and creating EtherChannels.
DTE/DCE cables are used to connect two routers via their serial cables. If you are planning on using a frame relay switch in your lab, you'll need several of these. You can also get some great practice in by directly connecting two routers and bringing the connection up (and making sure it stays up!). This is valuable practice for your CCNA exam.
Octal cables are used to connect an access server to each of the other routers and switches in your lab.
Finally, there's that precious blue cable, the rollover cable. Rollover cables (sometimes called "rolled cables") allow you to connect a host device directly to a router or switch's console port. These cables have a way of disappearing around an IT shop, so make sure to take one home - and leave it there!
Straight-through cables have quite a few uses in a CCNA / CCNP home lab. You'll need them to connect a switch port to an AUI port on a router (and you'll need a transceiver for that as well). If you have an ISDN simulator, straight-through cables can be used to connect a router's BRI port to the simulator.
Crossover cables are used to connect switches and allow them to trunk. If at all possible, get two switches in your home lab. This will allow you to gain valuable experience in manipulating root bridge election, working with STP, and creating EtherChannels.
DTE/DCE cables are used to connect two routers via their serial cables. If you are planning on using a frame relay switch in your lab, you'll need several of these. You can also get some great practice in by directly connecting two routers and bringing the connection up (and making sure it stays up!). This is valuable practice for your CCNA exam.
Octal cables are used to connect an access server to each of the other routers and switches in your lab.
Finally, there's that precious blue cable, the rollover cable. Rollover cables (sometimes called "rolled cables") allow you to connect a host device directly to a router or switch's console port. These cables have a way of disappearing around an IT shop, so make sure to take one home - and leave it there!
Cisco CCNA / CCNP Home Lab Tutorial: The 2503 Router
I know from experience that part of the excitement and anxiety of putting together your own CCNA / CCNP home lab is deciding what to buy! While you can make a workable home lab out of almost any combination of Cisco routers and switches, some routers are better suited for home lab work than others because they can fill multiple roles.
When you buy CCNA or CCNP "lab kits" - bundles of routers and switches - you can get a little confused about whether you're getting a good deal. One router I get asked about quite a bit is the 2503.
2503 routers are fantastic for CCNA and CCNP home labs. They come with two serial interfaces, allowing you to connect one interface directly to another router (you'll need a DTE/DCE cable for that, too) while connecting another to a frame relay switch if you like. If you don't have a frame relay switch, you can connect a 2503 directly to two other routers via the serial interfaces.
You also have an AUI port, which requires a transceiver to operate as your Ethernet interface. Transceivers are pretty cheap and readily available from Cisco resellers and ebay vendors, so pick one up for each 2503 you decide to buy.
2503 routers also come with a BRI interface. Even though you may not have an ISDN simulator right now, you may choose to add one later. That makes a 2503 a great bet for future lab expansion.
All in all, 2503 routers are great for your CCNA / CCNP home lab. They run about $125 each on ebay, or less, so they're also very affordable. There's no better training than training on your own CCNA or CCNP home lab, and you can always sell the equipment later if you like. Basically, you're renting the routers and switches, and the experience you get by working with the real deal is invaluable.
When you buy CCNA or CCNP "lab kits" - bundles of routers and switches - you can get a little confused about whether you're getting a good deal. One router I get asked about quite a bit is the 2503.
2503 routers are fantastic for CCNA and CCNP home labs. They come with two serial interfaces, allowing you to connect one interface directly to another router (you'll need a DTE/DCE cable for that, too) while connecting another to a frame relay switch if you like. If you don't have a frame relay switch, you can connect a 2503 directly to two other routers via the serial interfaces.
You also have an AUI port, which requires a transceiver to operate as your Ethernet interface. Transceivers are pretty cheap and readily available from Cisco resellers and ebay vendors, so pick one up for each 2503 you decide to buy.
2503 routers also come with a BRI interface. Even though you may not have an ISDN simulator right now, you may choose to add one later. That makes a 2503 a great bet for future lab expansion.
All in all, 2503 routers are great for your CCNA / CCNP home lab. They run about $125 each on ebay, or less, so they're also very affordable. There's no better training than training on your own CCNA or CCNP home lab, and you can always sell the equipment later if you like. Basically, you're renting the routers and switches, and the experience you get by working with the real deal is invaluable.
Subscribe to:
Posts (Atom)