For CCNA and CCNP candidates, it's hard not to laugh the first time you hear the phrase "router on a stick". Let's face it, that's a pretty silly term. But as those who have passed the CCNA and CCNP exams know, this is a vital exam topic that you must know how to configure and troubleshoot.
Basic Cisco theory states that for hosts in different VLANs to communicate, a Layer 3 device must be involved to handle the routing between the VLANs. That device is a router, and there are special considerations that must be taken into account for both the physical router itself and the configuration you'll be writing.
The router will be connected to a switch via a FastEthernet port (or higher). The router port cannot be a regular Ethernet port, since the router port will need the ability to send and receive data at the same time.
The configuration of the interface is where things get interesting. Let's say we have two VLANs that will be using router-on-a-stick to communicate.
Here is the VLAN information:
VLAN 20: 20.20.20.0 /24
VLAN 40: 40.40.40.0 /24
The port on the switch that will be connected to the router's FastEthernet port must be in trunking mode, and you must know the trunking protocol in use. We'll go with the Cisco-proprietary ISL here.
The physical FE port on the router will not have an IP address. The use of router-on-a-stick mandates the use of logical subinterfaces. While we don't have to use the VLAN numbers for the subinterface numbers, I've found this helps you keep the interfaces straight. One subinterface must be given an IP address in VLAN 20, and the other will have an IP address in VLAN 40.
After creating subinterfaces fast 0.20 and fast 0.40, the config looks like this:
interface fastethernet0
no ip address
interface FastEthernet 0.20
ip address 20.20.20.1 255.255.255.0
interface FastEthernet 0.40
ip address 40.40.40.1 255.255.255.0
Believe it or not, you're almost done! Now we need the encapsulation statement under each subinterface. The subinterface statement must reflect both the VLAN number and the encapsulation type being used. When we're finished, the config would look like this:
interface fastethernet0
no ip address
interface FastEthernet 0.20
ip address 20.20.20.1 255.255.255.0
encapsulation isl 20
interface FastEthernet 0.40
ip address 40.40.40.1 255.255.255.0
encapsulation isl 40
And that's it! Your hosts in VLAN 20 should now be able to communicate with hosts in VLAN 40, and vice versa.
A couple of final troubleshooting points - the most common error with router-on-a-stick is to put the wrong vlan number in the encapsulation statement. Also, make sure you have configured the router's IP address in VLAN 20 as the default gateway for hosts in VLAN 20, and do the same for VLAN 40.
I hope you've enjoyed this look at router-on-a-stick. While the name may get a chuckle out of you, it's still used in quite a few networks out there, and knowing how to configure and troubleshoot it will get you that much closer to earning your CCNA and CCNP.
Showing posts with label 640-801. Show all posts
Showing posts with label 640-801. Show all posts
Saturday, December 27, 2008
Friday, December 26, 2008
Passing Cisco’s CCNA and CCNP Exams: Traceroute
In preparation for your CCNA and CCNP exam success, you've got to learn to troubleshoot Cisco routers. And while ping is a great basic IP connectivity tool, it doesn't give you all the information you need to diagnose network connectivity issues.
Let's say you have six routers between CityA and CityB. You send a ping from A to B, and get this return:
R1#ping 172.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The five periods indicate that there is no IP connectivity to CityB. Problem is, that's about all ping tells you. You can have 5 or 50 routers between the two points, so how can you tell which downstream router has the problem?
That's where traceroute comes in. Traceroute sends three datagrams with a Time To Live (TTL) of 1. Those datagrams will timeout once they hit the first router in the path, and that router will respond with an ICMP Time Exceeded message.
In response, the sending router sends three more datagrams, but these have a TTL of 2. This means that the next router in line will send back ICMP Time Exceeded messages. This process continues until the final destination (CItyB) is reached the output of the command shows us the path the data took:
Router1#traceroute 271.1.1.1
Type escape sequence to abort.
Tracing the route to 271.1.1.1
1 20.1.1.1 4 msec 4 msec 4 msec
2 30.1.1.1 20 msec 16 msec 16 msec
3 271.1.1.1 16 msec * 16 msec
How does this help troubleshoot a problem? Let's say that the second router in this path, 30.1.1.1, doesn't know how to get to 271.1.1.1. The output would look like this:
Router1#traceroute 271.1.1.1
Type escape sequence to abort.
Tracing the route to 271.1.1.1
1 20.1.1.1 4 msec 4 msec 4 msec
2 30.1.1.1 20 msec 16 msec 16 msec
3 * * *
This indicates that the router at 30.1.1.1 doesn't know how to get to the final destination. Now you have a better idea of which router has an issue!
Now here's the bad part: you're going to get 30 lines of three asterisks, and until you abort this traceroute, you're going to just watch those asterisks go across the screen. There's an abort sequence that the router mentions in the first line of the console output, but the router doesn't tell you what it is! So I will - this top-secret sequence is TWICE, one right after the other.
That keystroke takes a little getting used to, but a CCNA or CCNP can do it! Add this command to your Cisco skill set, and it will serve you well both on the CCNA and CCNP exams and your real-world networks. And you'll impress your friends by knowing how to stop a traceroute!
Let's say you have six routers between CityA and CityB. You send a ping from A to B, and get this return:
R1#ping 172.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The five periods indicate that there is no IP connectivity to CityB. Problem is, that's about all ping tells you. You can have 5 or 50 routers between the two points, so how can you tell which downstream router has the problem?
That's where traceroute comes in. Traceroute sends three datagrams with a Time To Live (TTL) of 1. Those datagrams will timeout once they hit the first router in the path, and that router will respond with an ICMP Time Exceeded message.
In response, the sending router sends three more datagrams, but these have a TTL of 2. This means that the next router in line will send back ICMP Time Exceeded messages. This process continues until the final destination (CItyB) is reached the output of the command shows us the path the data took:
Router1#traceroute 271.1.1.1
Type escape sequence to abort.
Tracing the route to 271.1.1.1
1 20.1.1.1 4 msec 4 msec 4 msec
2 30.1.1.1 20 msec 16 msec 16 msec
3 271.1.1.1 16 msec * 16 msec
How does this help troubleshoot a problem? Let's say that the second router in this path, 30.1.1.1, doesn't know how to get to 271.1.1.1. The output would look like this:
Router1#traceroute 271.1.1.1
Type escape sequence to abort.
Tracing the route to 271.1.1.1
1 20.1.1.1 4 msec 4 msec 4 msec
2 30.1.1.1 20 msec 16 msec 16 msec
3 * * *
This indicates that the router at 30.1.1.1 doesn't know how to get to the final destination. Now you have a better idea of which router has an issue!
Now here's the bad part: you're going to get 30 lines of three asterisks, and until you abort this traceroute, you're going to just watch those asterisks go across the screen. There's an abort sequence that the router mentions in the first line of the console output, but the router doesn't tell you what it is! So I will - this top-secret sequence is TWICE, one right after the other.
That keystroke takes a little getting used to, but a CCNA or CCNP can do it! Add this command to your Cisco skill set, and it will serve you well both on the CCNA and CCNP exams and your real-world networks. And you'll impress your friends by knowing how to stop a traceroute!
Passing Cisco CCNA And CCNP Exams: Ping And Extended Ping
I often tell CCNA and CCNP candidates that you do your best learning when you screw something up. I often get a funny look right after I say that, but the only way to develop your Cisco troubleshooting skills - the skills you'll need to pass your Intro, ICND, and CCNP exams - is by actually fixing configurations. Since your employer will take a dim view of you practicing these skills on his or her network, you better do so on your home lab!
Three essential tools for networking and CCNA/CCNP exam success are ping, extended ping, and traceroute. Today we're going to take a look at the ping that we're used to using for LAN issues, and the extended ping.
We're all familiar with "basic" ping, where you use the ping command followed by the IP address you want to confirm IP connectivity with. When you've got connectivity, you will see five exclamation points, as seen here:
R1#ping 172.12.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/72 ms
The default source IP address for ping is the IP address closest to the destination IP address. Other defaults - five ICMP packets will be sent (that's why you see five exclamation points), and they're sent two seconds apart.
That's fine for many basic situations, but as you progress through your networking career and most advanced scenarios in your CCNA / CCNP studies, you will want to change some of these defaults. What could you do if you wanted to send 10,000 pings? What if you needed your router's loopback address to be the source IP address for the pings? What if you wanted to send them five seconds apart, instead of two?
That's where extended ping comes in. To use extended ping, just type "ping" and hit enter. (Note that you cannot use extended ping in user exec mode - you must be in enable mode to do so.)
R1>ping
% Incomplete command.
"incomplete command" indicates that the router is waiting for an IP address; you can't use extended ping in user exec mode.
R1>enable
R1#ping
Protocol [ip]:
Target IP address: 172.16.123.1
Repeat count [5]: 1000
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: loopback0
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 172.16.123.1, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.......................................
In this example, I sent 1000 ICMP packets to an address that doesn't exist, so I am getting periods instead of exclamation points. This illustration shows you the many options you have with extended ping.
Now that I've sent those 1000 pings, let's say that I want to stop that process. At the beginning of the basic ping output, you see this phrase:
Type escape sequence to abort.
This escape sequence works for ping, extended ping, and traceroute. Funny thing, though - Cisco doesn't tell you what the escape sequence is! One day, this will really come in handy. The escape sequence is, TWICE in rapid succession.
After I used it in this example, the pings stopped and I got this message:
Success rate is 0 percent (0/192)
The ping stopped after 192 ICMP packets were sent.
This keystroke takes a little practice, so practice it in your home lab. Knowing how to use extended ping will really come in handy on your CCNA and CCNP exams as well as your real-life networking job, and knowing how to stop an extended ping will as well!
Three essential tools for networking and CCNA/CCNP exam success are ping, extended ping, and traceroute. Today we're going to take a look at the ping that we're used to using for LAN issues, and the extended ping.
We're all familiar with "basic" ping, where you use the ping command followed by the IP address you want to confirm IP connectivity with. When you've got connectivity, you will see five exclamation points, as seen here:
R1#ping 172.12.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/72 ms
The default source IP address for ping is the IP address closest to the destination IP address. Other defaults - five ICMP packets will be sent (that's why you see five exclamation points), and they're sent two seconds apart.
That's fine for many basic situations, but as you progress through your networking career and most advanced scenarios in your CCNA / CCNP studies, you will want to change some of these defaults. What could you do if you wanted to send 10,000 pings? What if you needed your router's loopback address to be the source IP address for the pings? What if you wanted to send them five seconds apart, instead of two?
That's where extended ping comes in. To use extended ping, just type "ping" and hit enter. (Note that you cannot use extended ping in user exec mode - you must be in enable mode to do so.)
R1>ping
% Incomplete command.
"incomplete command" indicates that the router is waiting for an IP address; you can't use extended ping in user exec mode.
R1>enable
R1#ping
Protocol [ip]:
Target IP address: 172.16.123.1
Repeat count [5]: 1000
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: loopback0
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 172.16.123.1, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.......................................
In this example, I sent 1000 ICMP packets to an address that doesn't exist, so I am getting periods instead of exclamation points. This illustration shows you the many options you have with extended ping.
Now that I've sent those 1000 pings, let's say that I want to stop that process. At the beginning of the basic ping output, you see this phrase:
Type escape sequence to abort.
This escape sequence works for ping, extended ping, and traceroute. Funny thing, though - Cisco doesn't tell you what the escape sequence is! One day, this will really come in handy. The escape sequence is
After I used it in this example, the pings stopped and I got this message:
Success rate is 0 percent (0/192)
The ping stopped after 192 ICMP packets were sent.
This keystroke takes a little practice, so practice it in your home lab. Knowing how to use extended ping will really come in handy on your CCNA and CCNP exams as well as your real-life networking job, and knowing how to stop an extended ping will as well!
Keeping Calm On CCNA / CCNP Exam Day
When you wake up on exam day, one of two things is going to happen. Well, yes, you're going to pass or fail. But what I'm thinking of comes before that, and has a lot to do with how you perform on exam day.
You're either going to have a tremendous feeling of anticipation or the dreaded feeling of being nervous about it.
Anticipation is a great thing to feel on exam day. You're driving to the exam center, excited about the exam. You're much like a football player, slapping another player on the helmet or the shoulder pads before the game starts. (Warning: Don't try this on the exam proctor.) You know there's a challenge ahead, but you're looking forward to it. In your mind, you're already victorious you're at the testing center only to make it official.
Conversely, there's nothing worse than being nervous or feeling unprepared before the exam. I've driven up to an exam center and seen exam candidates doing some last-minute cramming in their car. Sadly for them, if there's something you were unprepared for at 8 AM on exam day, you're still going to be unprepared when you go into the test center, no matter what you read in the car at the last minute. You don't see football players studying their playbook on the sideline before the game starts.
It's all about preparation. I regularly tell my students and customers that you don't pass a Cisco exam (or any other vendor exam) the day you take it. You pass when you turn the TV off for weeks before the exam to study you pass when you spend time and money to attend a class or buy a book or training video you pass when you give up a weekend to get some hands-on experience. That's when you pass. The exam score you get is simply feedback on your exam preparation.
There's a great saying "Prior Preparation Prevents Poor Performance". That describes to a "T" what your strategy to pass the exam must include. Put the time in well before exam day and you'll reap the rewards on the big day. If you're just planting the seeds of knowledge in your car the morning of the exam, don't expect much of a harvest.
Chris Bryant
CCIE #12933
You're either going to have a tremendous feeling of anticipation or the dreaded feeling of being nervous about it.
Anticipation is a great thing to feel on exam day. You're driving to the exam center, excited about the exam. You're much like a football player, slapping another player on the helmet or the shoulder pads before the game starts. (Warning: Don't try this on the exam proctor.) You know there's a challenge ahead, but you're looking forward to it. In your mind, you're already victorious you're at the testing center only to make it official.
Conversely, there's nothing worse than being nervous or feeling unprepared before the exam. I've driven up to an exam center and seen exam candidates doing some last-minute cramming in their car. Sadly for them, if there's something you were unprepared for at 8 AM on exam day, you're still going to be unprepared when you go into the test center, no matter what you read in the car at the last minute. You don't see football players studying their playbook on the sideline before the game starts.
It's all about preparation. I regularly tell my students and customers that you don't pass a Cisco exam (or any other vendor exam) the day you take it. You pass when you turn the TV off for weeks before the exam to study you pass when you spend time and money to attend a class or buy a book or training video you pass when you give up a weekend to get some hands-on experience. That's when you pass. The exam score you get is simply feedback on your exam preparation.
There's a great saying "Prior Preparation Prevents Poor Performance". That describes to a "T" what your strategy to pass the exam must include. Put the time in well before exam day and you'll reap the rewards on the big day. If you're just planting the seeds of knowledge in your car the morning of the exam, don't expect much of a harvest.
Chris Bryant
CCIE #12933
Wednesday, December 24, 2008
Cisco CCNA Certification: The (Many) Different Kinds Of Switching
When you're studying for your CCNA exam, whether you're taking the Intro-ICND path or the single-exam path, you're quickly introduced to the fact that switching occurs at Layer 2 of the OSI model. No problem there, but then other terms involving switching are thrown in, and some of them can be more than a little confusing. What is "cell switching"? What is "circuit switching"? Most confusing of all, how can you have "packet switching"? Packets are found at Layer 3, but switching occurs at Layer 2. How can packets be switched?
Relax! As you'll see in this article, the terms aren't that hard to keep straight. Packet switching, for example, describes a protocol that divides a message into packets before they're sent. The packets are then sent individually, and may take different paths to the same destination. Once the packets arrive at the final destination, they are reassembled.
Frame switching follows the same process, but at a different layer of the OSI model. When the protocol runs at Layer 2 rather than Layer 3, the process is referred to as frame switching.
Cell switching also does much the same thing, but as the name implies, the device in use is a cell switch. Cell-switched packets are fixed in length. ATM is a popular cell-switching technology.
The process of circuit switching is just a bit different, in that the process of setting up the circuit itself is part of the process. The channel is set up between two parties, data is transmitted, and the channel is then torn down. The circuit-switching technology most familiar to CCNA candidates is ISDN.
Don't let these terms confuse you. The four different terms are describing much the same process. The main difference is that they are occurring at different levels of the OSI model, and using a different transport method to get the data where it needs to go.
Relax! As you'll see in this article, the terms aren't that hard to keep straight. Packet switching, for example, describes a protocol that divides a message into packets before they're sent. The packets are then sent individually, and may take different paths to the same destination. Once the packets arrive at the final destination, they are reassembled.
Frame switching follows the same process, but at a different layer of the OSI model. When the protocol runs at Layer 2 rather than Layer 3, the process is referred to as frame switching.
Cell switching also does much the same thing, but as the name implies, the device in use is a cell switch. Cell-switched packets are fixed in length. ATM is a popular cell-switching technology.
The process of circuit switching is just a bit different, in that the process of setting up the circuit itself is part of the process. The channel is set up between two parties, data is transmitted, and the channel is then torn down. The circuit-switching technology most familiar to CCNA candidates is ISDN.
Don't let these terms confuse you. The four different terms are describing much the same process. The main difference is that they are occurring at different levels of the OSI model, and using a different transport method to get the data where it needs to go.
Cisco CCNA Certification: Five Key Combinations You Should Know
When you start studying for your CCNA and CCNP exams, many books will present you with a huge list of keystroke shortcuts for use on Cisco routers. While the 640-801, 811, and 821 exams may ask you about one or two of these, you really have to get hands-on experience with these commands to master them. Even better, there are some key combinations that Cisco routers mention, but then don't tell you what they are! Let's take a look at a few of the more helpful key combinations, and conclude with the "secret" way to stop a ping or traceroute.
The up arrow on your keyboard is great for repeating the last command you typed. Let's say you mis-enter an access-list. Instead of typing it from the beginning, just hit your up arrow to repeat it, then fix the problem.
CTRL-A takes the cursor to the beginning of a typed line. If you've written an extended ACL, you know that can be a very long command, and one you probably don't want to retype. If you get a carat indicating there is a problem with the line, use your up arrow to repeat the command. If you see the error is near the beginning, use CTRL-A to move the cursor immediately to the beginning of the line. CTRL-E takes the cursor to the end of a typed line.
To move the cursor through a typed line without erasing characters, you've got a couple of options. I personally like to use the left and right arrows, but you can also use CTRL-B to move back and CTRL-F to move forward.
Finally, there's the combination that Cisco mentions to you when you run ping or traceroute, but they don't tell you what it is! If you send an extended ping or a traceroute, you could be looking at asterisks for a long time if you don't know this one. In the following example, a traceroute is obviously failing:
R2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 * * *
2 *
The problem is that you're going to get 30 rows of those asterisks, which is frustrating and time-consuming at the same time. Note the router console message "Type escape sequence to abort". That's helpful - but what is it?
Here it is: Just type CTRL-SHIFT-6 twice, once right after the other. You won't see anything on the router console, but the traceroute will terminate.
R2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 * * *
2 * * *
3
R2#
The traceroute was successfully terminated. This combination works for pings as well, both extended and regular. Of all the keystrokes you can learn, this one is the most valuable!
The up arrow on your keyboard is great for repeating the last command you typed. Let's say you mis-enter an access-list. Instead of typing it from the beginning, just hit your up arrow to repeat it, then fix the problem.
CTRL-A takes the cursor to the beginning of a typed line. If you've written an extended ACL, you know that can be a very long command, and one you probably don't want to retype. If you get a carat indicating there is a problem with the line, use your up arrow to repeat the command. If you see the error is near the beginning, use CTRL-A to move the cursor immediately to the beginning of the line. CTRL-E takes the cursor to the end of a typed line.
To move the cursor through a typed line without erasing characters, you've got a couple of options. I personally like to use the left and right arrows, but you can also use CTRL-B to move back and CTRL-F to move forward.
Finally, there's the combination that Cisco mentions to you when you run ping or traceroute, but they don't tell you what it is! If you send an extended ping or a traceroute, you could be looking at asterisks for a long time if you don't know this one. In the following example, a traceroute is obviously failing:
R2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 * * *
2 *
The problem is that you're going to get 30 rows of those asterisks, which is frustrating and time-consuming at the same time. Note the router console message "Type escape sequence to abort". That's helpful - but what is it?
Here it is: Just type CTRL-SHIFT-6 twice, once right after the other. You won't see anything on the router console, but the traceroute will terminate.
R2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 * * *
2 * * *
3
R2#
The traceroute was successfully terminated. This combination works for pings as well, both extended and regular. Of all the keystrokes you can learn, this one is the most valuable!
Subscribe to:
Posts (Atom)
