Few people will really care about the path that your packet takes when sending a message, but if you're one of those high tech egg heads then this article may be of great interest to you. It can become very addictive so proceed with caution.
If you're using a Microsoft Windows based operation system, then it's very easy to trace the route that your message has taken. Not only that, you can see exactly how many routers it took to get your message from point A to point B. You can do this by using a program that is on your computer called Traceroute. That is exactly what the program does. It traces the route a message takes to get to its final destination.
To run the program you have to go to a DOS prompt. After doing this, go to the C:\windows directory and type tracert followed by the URL of the Internet site you're connected to at the time. It will give you a rather technical spec sheet of every IP address it stopped at along the way until it got to its final destination.
The first number on the spec sheet tells you how many routers it went through to get to its final destination. Then each individual router listed on the page is numbered from 1 down to the last one which is actually the final destination. The next 3 numbers on each line for each router shows how long the packet took to get to that router. The next piece of information on each line is the actual name of the router the information went through. Yes, routers have names. This may be important to the users but is totally irrelevant to the router itself. Finally, the last piece of info on each line is the actual IP address of the router itself.
The amount of time it takes information to get from one router to another varies depending on how much traffic there is on that route at the time. Normally, it is no more than a couple of seconds. But occasionally, it can be longer. That is why sometimes you will be trying to access a web site and it seems to take forever. This can be for a number of reasons, but usually it is because along the way one of the routers is not working correctly and has to be bypassed. Sometimes the actual final location itself is down or having problems and the delay is the last router in the chain trying to connect to the network.
Traceroute is not limited to just checking the number of routers between you and an Internet site. You can use it to check the number of routers between you and any other computer on a network. As long as you know the IP address of the other computer you can trace the route of the packets between you and the other computer.
In our next instalment we're going to look at how routers handle denial of service attacks and other problems.
Showing posts with label access. Show all posts
Showing posts with label access. Show all posts
Sunday, December 28, 2008
Friday, December 26, 2008
Computer Certification: Become A Utility Player
In baseball, a "utility player" is one who plays more than one position. These players are usually backups, but they have a job in the major leagues because of their value to the team; since they can play more than one position, they have that much more value to their employer.
Too often in IT, workers become either LAN or WAN engineers, knowing little if anything about the other side. Many LAN administrators I worked with knew little about routing and switching, while many WAN engineers I knew not only didn't know much about the LAN side of their network, but they didn't want to know anything about the servers!
In today's IT world, it's a bad idea to specialize in only one thing and not know how to do anything else. Not only does it limit your future career prospects, but it limits your current prospects as well. Employers don't want to hire someone and have them get up to speed on the job - they want someone who can walk right in and do the job. The more you know, the better your chance of getting a better job - or quickly being able to get another job if you were laid off tomorrow.
A term often heard on Wall Street is "diversification", meaning that investors should not invest heavily or totally in only one stock; if that stock plummets, they're in big trouble. Your career is the most important stock you will ever own, and you're 100% in charge of it. Diversify. If you're working primarily with servers, learn some routing and switching. If you know the routing protocols your company uses on its WAN, learn something about that protocol. (If you don't know the protocol, ask!)
While you’re adding these skills, get certified while you’re at it! Adding a CCNA, MCSE, or other computer certification looks great on your resume while signaling to employers that you’re constantly adding to your skills.
Adding more skills and knowledge to your IT skill set is always a good idea. Don't limit yourself to the technologies you work with every day. Make an investment in yourself and become a well-rounded network engineer. This will help you keep the job you have - and open doors in the future that might otherwise have remained closed.
Too often in IT, workers become either LAN or WAN engineers, knowing little if anything about the other side. Many LAN administrators I worked with knew little about routing and switching, while many WAN engineers I knew not only didn't know much about the LAN side of their network, but they didn't want to know anything about the servers!
In today's IT world, it's a bad idea to specialize in only one thing and not know how to do anything else. Not only does it limit your future career prospects, but it limits your current prospects as well. Employers don't want to hire someone and have them get up to speed on the job - they want someone who can walk right in and do the job. The more you know, the better your chance of getting a better job - or quickly being able to get another job if you were laid off tomorrow.
A term often heard on Wall Street is "diversification", meaning that investors should not invest heavily or totally in only one stock; if that stock plummets, they're in big trouble. Your career is the most important stock you will ever own, and you're 100% in charge of it. Diversify. If you're working primarily with servers, learn some routing and switching. If you know the routing protocols your company uses on its WAN, learn something about that protocol. (If you don't know the protocol, ask!)
While you’re adding these skills, get certified while you’re at it! Adding a CCNA, MCSE, or other computer certification looks great on your resume while signaling to employers that you’re constantly adding to your skills.
Adding more skills and knowledge to your IT skill set is always a good idea. Don't limit yourself to the technologies you work with every day. Make an investment in yourself and become a well-rounded network engineer. This will help you keep the job you have - and open doors in the future that might otherwise have remained closed.
Thursday, December 25, 2008
Cisco CCNP Certification / BCMSN Exam Tutorial: Writing QoS Policy
QoS - Quality of Service - is a huge topic on both the BCMSN exam and real-world networks. QoS is so big today that Cisco's created separate specialist certifications that cover nothing but QoS! It can be an overwhelming topic at first, but master the fundamentals and you're on your way to exam and job success.
If you work with QoS at any level - and sooner or later, you will - you've got to know how to write and apply QoS policies.
Creating and applying such a policy is a three-step process.
1. Create a QoS class to identify the traffic that will be affected by the policy.
2. Create a QoS policy containing the actions to be taken by traffic identified by the class.
3. Apply the policy to the appropriate interfaces.
If the phrase "identify the traffic" sounds like it's time to write an access-list, you're right! Writing an ACL is one of two ways to classify traffic, and is the more common of the two. Before we get to the less-common method, let's take a look at how to use an ACL to classify traffic.
You can use either a standard or extended ACL with QoS policies. The ACL will be written separately, and then called from the class map.
SW1(config)#access-list 105 permit tcp any any eq 80
SW1(config)#class-map WEBTRAFFIC
SW1(config-cmap)#match access-group 105
Now that we've identified the traffic to be affected by the policy, we better get around to writing the policy! QoS policies are configured with the policy-map command, and each clause of the policy will contain an action to be taken to traffic matching that clause.
SW1(config)#policy-map LIMIT_WEBTRAFFIC_BANDWIDTH
SW1(config-pmap)#class WEBTRAFFIC
SW1(config-pmap-c)#police 5000000 exceed-action drop
SW1(config-pmap-c)#exit
This is a simple policy, but it illustrates the logic of QoS policies. The policy map LIMIT_WEBTRAFFIC_BANDWIDTH calls the map-class WEBTRAFFIC. We already know that all WWW traffic will match that map class, so any WWW traffic that exceeds the stated bandwidth limitation will be dropped.
Finally, apply the policy to the appropriate interface.
SW1(config-if)#service-policy LIMIT_WEBTRAFFIC_BANDWIDTH in
Getting your CCNP is a great way to boost your career, and learning QoS is a tremendous addition to your skill set. Like I said, learn the fundamentals, don't get overwhelmed by looking at QoS as a whole, and you're on your way to success!
If you work with QoS at any level - and sooner or later, you will - you've got to know how to write and apply QoS policies.
Creating and applying such a policy is a three-step process.
1. Create a QoS class to identify the traffic that will be affected by the policy.
2. Create a QoS policy containing the actions to be taken by traffic identified by the class.
3. Apply the policy to the appropriate interfaces.
If the phrase "identify the traffic" sounds like it's time to write an access-list, you're right! Writing an ACL is one of two ways to classify traffic, and is the more common of the two. Before we get to the less-common method, let's take a look at how to use an ACL to classify traffic.
You can use either a standard or extended ACL with QoS policies. The ACL will be written separately, and then called from the class map.
SW1(config)#access-list 105 permit tcp any any eq 80
SW1(config)#class-map WEBTRAFFIC
SW1(config-cmap)#match access-group 105
Now that we've identified the traffic to be affected by the policy, we better get around to writing the policy! QoS policies are configured with the policy-map command, and each clause of the policy will contain an action to be taken to traffic matching that clause.
SW1(config)#policy-map LIMIT_WEBTRAFFIC_BANDWIDTH
SW1(config-pmap)#class WEBTRAFFIC
SW1(config-pmap-c)#police 5000000 exceed-action drop
SW1(config-pmap-c)#exit
This is a simple policy, but it illustrates the logic of QoS policies. The policy map LIMIT_WEBTRAFFIC_BANDWIDTH calls the map-class WEBTRAFFIC. We already know that all WWW traffic will match that map class, so any WWW traffic that exceeds the stated bandwidth limitation will be dropped.
Finally, apply the policy to the appropriate interface.
SW1(config-if)#service-policy LIMIT_WEBTRAFFIC_BANDWIDTH in
Getting your CCNP is a great way to boost your career, and learning QoS is a tremendous addition to your skill set. Like I said, learn the fundamentals, don't get overwhelmed by looking at QoS as a whole, and you're on your way to success!
Cisco CCNP / BCMSN Exam Tutorial: Static VLANs
BCMSN exam success and earning your CCNP certification requires you to add to your knowledge of VLAN configuration. When you studied for your CCNA exam, you learned how to place ports into a VLAN and what the purpose of VLANs was, but you may not be aware that there are two types of VLAN membership. To pass the BCMSN exam, you must know the details of both types.
In this tutorial, we'll take a look at the VLAN type you are most familiar with, the "static VLAN". As you know, VLANs are a great way to create smaller broadcast domains in your network. Host devices connected to a port belonging to one VLAN will receive broadcasts and multicasts only if they were originated by another host in that same VLAN. The drawback is that without the help of a Layer 3 switch or a router, inter-VLAN communication cannot occur.
The actual configuration of a static VLAN is simple enough. In this example, by placing switch ports 0/1 and 0/2 into VLAN 12, the only broadcasts and multicasts hosts connected to those ports will receive are the ones transmitted by ports in VLAN 12.
SW1(config)#int fast 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
% Access VLAN does not exist. Creating vlan 12
SW1(config-if)#int fast 0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
One of the many things I love about Cisco switches and routers is that if you have forgotten to do something, the Cisco device is generally going to remind you or in this case actually do it for you. I placed port 0/1 into a VLAN that did not yet exist, so the switch created it for me!
There are two commands needed to place a port into a VLAN. By default, these ports are running in dynamic desirable trunking mode, meaning that the port is actively attempting to form a trunk with a remote switch in order to send traffic between the two switches. The problem is that a trunk port belongs to all VLANs by default, and we want to put this port into a single VLAN only. To do so, we run the switchport mode access command to make the port an access port, and access ports belong to one and only one VLAN. After doing that, we placed the port into VLAN 12 with the switchport access vlan 12 command. Running the switchport mode access command effectively turns trunking off on that port.
The hosts are unaware of VLANs; they simply assume the VLAN membership of the port they're connected to. But that's not quite the case with dynamic VLANs, which we'll examine in the next part of this BCMSN tutorial.
In this tutorial, we'll take a look at the VLAN type you are most familiar with, the "static VLAN". As you know, VLANs are a great way to create smaller broadcast domains in your network. Host devices connected to a port belonging to one VLAN will receive broadcasts and multicasts only if they were originated by another host in that same VLAN. The drawback is that without the help of a Layer 3 switch or a router, inter-VLAN communication cannot occur.
The actual configuration of a static VLAN is simple enough. In this example, by placing switch ports 0/1 and 0/2 into VLAN 12, the only broadcasts and multicasts hosts connected to those ports will receive are the ones transmitted by ports in VLAN 12.
SW1(config)#int fast 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
% Access VLAN does not exist. Creating vlan 12
SW1(config-if)#int fast 0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
One of the many things I love about Cisco switches and routers is that if you have forgotten to do something, the Cisco device is generally going to remind you or in this case actually do it for you. I placed port 0/1 into a VLAN that did not yet exist, so the switch created it for me!
There are two commands needed to place a port into a VLAN. By default, these ports are running in dynamic desirable trunking mode, meaning that the port is actively attempting to form a trunk with a remote switch in order to send traffic between the two switches. The problem is that a trunk port belongs to all VLANs by default, and we want to put this port into a single VLAN only. To do so, we run the switchport mode access command to make the port an access port, and access ports belong to one and only one VLAN. After doing that, we placed the port into VLAN 12 with the switchport access vlan 12 command. Running the switchport mode access command effectively turns trunking off on that port.
The hosts are unaware of VLANs; they simply assume the VLAN membership of the port they're connected to. But that's not quite the case with dynamic VLANs, which we'll examine in the next part of this BCMSN tutorial.
Cisco CCNP / BCMSN Exam Tutorial: Switches, QoS, And Cisco's Networking Model
QoS is a big topic on your BCMSN and CCNP exams, and for good reason. As more and more traffic flows through today's networks, accurately applying QoS to both your routers and switches becomes more important.
Note the phrase "accurately applying". You must have a plan in place before you start configuring QoS on your switches, and to create such a plan you should use Cisco's Three-layer Hierarchical Model.
This model breaks switches down into three main groups - Access, Distribution, and Core. You're familiar with these groups from your CCNA studies, and now you've got to apply this knowledge.
The QoS workload should be borne by the Access and Distribution layers, because the Core layer switches need to be left alone as much as possible to their primary purpose - switching!
Traffic should generally be classified and marked at the Access layer. This allows traffic to be assigned the desired QoS values and carry that value throughout the network.
If you choose to change CoS-DSCP mappings, this will generally be done at the Distribution layer. Since distribution layer switches will be receiving frames and packets with QoS values from the access layer switches, the appropriate "trust" and "no trust" statements should be configured on the appropriate distribution layer switches.
Any traffic received by core switches should already be classified and marked as needed. The key with core switches is to use a simple queuing setup to keep the switching process fast. Fast, fast, fast!
Real-world note - Low Latency Queuing (LLQ) is an excellent choice for core switches. The name says it all - low latency! The configuration of LLQ is not a BCMSN topic, but a quick search on the term low latency queuing will quickly bring up several Cisco LLQ configuration documents.
Knowing the three layers of Cisco's networking model and the basic QoS operation and commands is vital to passing the CCNP exams, but even more importantly, you've got to apply this knowledge carefully and accurately to make QoS work for you in today's production networks.
Note the phrase "accurately applying". You must have a plan in place before you start configuring QoS on your switches, and to create such a plan you should use Cisco's Three-layer Hierarchical Model.
This model breaks switches down into three main groups - Access, Distribution, and Core. You're familiar with these groups from your CCNA studies, and now you've got to apply this knowledge.
The QoS workload should be borne by the Access and Distribution layers, because the Core layer switches need to be left alone as much as possible to their primary purpose - switching!
Traffic should generally be classified and marked at the Access layer. This allows traffic to be assigned the desired QoS values and carry that value throughout the network.
If you choose to change CoS-DSCP mappings, this will generally be done at the Distribution layer. Since distribution layer switches will be receiving frames and packets with QoS values from the access layer switches, the appropriate "trust" and "no trust" statements should be configured on the appropriate distribution layer switches.
Any traffic received by core switches should already be classified and marked as needed. The key with core switches is to use a simple queuing setup to keep the switching process fast. Fast, fast, fast!
Real-world note - Low Latency Queuing (LLQ) is an excellent choice for core switches. The name says it all - low latency! The configuration of LLQ is not a BCMSN topic, but a quick search on the term low latency queuing will quickly bring up several Cisco LLQ configuration documents.
Knowing the three layers of Cisco's networking model and the basic QoS operation and commands is vital to passing the CCNP exams, but even more importantly, you've got to apply this knowledge carefully and accurately to make QoS work for you in today's production networks.
Cisco CCNA Exam Tutorial: Configuring Standard Access Lists
Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL does not take effect until it is expressly applied to an interface with the ip access-group command. Packets can be filtered as they enter or exit an interface.
If a packet enters or exits an interface with an ACL applied, the packet is compared against the criteria of the ACL. If the packet matches the first line of the ACL, the appropriate “permit” or “deny” action is taken. If there is no match, the second line’s criterion is examined. Again, if there is a match, the appropriate action is taken; if there is no match, the third line of the ACL is compared to the packet.
This process continues until a match is found, at which time the ACL stops running. If no match is found, a default “deny” takes place, and the packet will not be processed. When an ACL is configured, if a packet is not expressly permitted, it will be subject to the implicit deny at the end of every ACL. This is the default behavior of an ACL and cannot be changed.
A standard ACL is concerned with only one factor, the source IP address of the packet. The destination is not considered. Extended ACLs consider both the source and destination of the packet, and can consider the port number as well. The numerical range used for each is different: standard ACLs use the ranges 1-99 and 1300-1399; extended lists use 100-199 and 2000 to 2699.
There are several points worth repeating before beginning to configure standard ACLs.
Standard ACLs consider only the source IP address for matches.
The ACL lines are run from top to bottom. If there is no match on the first line, the second is run; if no match on the second, the third is run, and so on until there is a match, or the end of the ACL is reached. This top-to-bottom process places special importance on the order of the lines.
There is an implicit deny at the end of every ACL. If packets are not expressly permitted, they are implicitly denied.
If Router 3’s Ethernet interface should only accept packets with a source network of 172.12.12.0, the ACL will be configured like this:
R3#conf t
R3(config)#access-list 5 permit 172.12.12.0 0.0.0.255
The ACL consists of only one explicit line, one that permits packets from source IP address 172.12.12.0 /24. The implicit deny, which is not configured or seen in the running configuration, will deny all packets not matching the first line.
The ACL is then applied to the Ethernet0 interface:
R3#conf t
R3(config)#interface e0
R3(config-if)#ip access-group 5 in
But before you write any ACLs, it's a really good idea to see what other ACLs are already running on the router! To see the ACLs running on the router, use the command show access-list.
R1#show access-list
Standard IP access list 1
permit 0.0.0.0
Standard IP access list 5
permit 172.1.1.1
Standard IP access list 7
permit 23.3.3.3
Extended IP access list 100
permit tcp any any lt www (26 matches)
permit tcp any any neq telnet (12 matches)
deny ip any any
Extended IP access list 105
deny tcp any any eq www
deny tcp any any eq telnet
You're going to use ACLs all the way up the Cisco certification ladder, and throughout your career. The importance of knowing how to write and apply ACLs is paramount, and it all starts with mastering the fundamentals!
If a packet enters or exits an interface with an ACL applied, the packet is compared against the criteria of the ACL. If the packet matches the first line of the ACL, the appropriate “permit” or “deny” action is taken. If there is no match, the second line’s criterion is examined. Again, if there is a match, the appropriate action is taken; if there is no match, the third line of the ACL is compared to the packet.
This process continues until a match is found, at which time the ACL stops running. If no match is found, a default “deny” takes place, and the packet will not be processed. When an ACL is configured, if a packet is not expressly permitted, it will be subject to the implicit deny at the end of every ACL. This is the default behavior of an ACL and cannot be changed.
A standard ACL is concerned with only one factor, the source IP address of the packet. The destination is not considered. Extended ACLs consider both the source and destination of the packet, and can consider the port number as well. The numerical range used for each is different: standard ACLs use the ranges 1-99 and 1300-1399; extended lists use 100-199 and 2000 to 2699.
There are several points worth repeating before beginning to configure standard ACLs.
Standard ACLs consider only the source IP address for matches.
The ACL lines are run from top to bottom. If there is no match on the first line, the second is run; if no match on the second, the third is run, and so on until there is a match, or the end of the ACL is reached. This top-to-bottom process places special importance on the order of the lines.
There is an implicit deny at the end of every ACL. If packets are not expressly permitted, they are implicitly denied.
If Router 3’s Ethernet interface should only accept packets with a source network of 172.12.12.0, the ACL will be configured like this:
R3#conf t
R3(config)#access-list 5 permit 172.12.12.0 0.0.0.255
The ACL consists of only one explicit line, one that permits packets from source IP address 172.12.12.0 /24. The implicit deny, which is not configured or seen in the running configuration, will deny all packets not matching the first line.
The ACL is then applied to the Ethernet0 interface:
R3#conf t
R3(config)#interface e0
R3(config-if)#ip access-group 5 in
But before you write any ACLs, it's a really good idea to see what other ACLs are already running on the router! To see the ACLs running on the router, use the command show access-list.
R1#show access-list
Standard IP access list 1
permit 0.0.0.0
Standard IP access list 5
permit 172.1.1.1
Standard IP access list 7
permit 23.3.3.3
Extended IP access list 100
permit tcp any any lt www (26 matches)
permit tcp any any neq telnet (12 matches)
deny ip any any
Extended IP access list 105
deny tcp any any eq www
deny tcp any any eq telnet
You're going to use ACLs all the way up the Cisco certification ladder, and throughout your career. The importance of knowing how to write and apply ACLs is paramount, and it all starts with mastering the fundamentals!
Wednesday, December 24, 2008
Cisco CCNA Exam Tutorial: A Guide To RAM, ROM, NVRAM, and Flash
CCNA exam success depends on knowing the details, and nowhere is this more true than knowing the various components of a Cisco router. This is also where you can quickly start drowning in acronyms! The terms "RAM" and "ROM" probably aren't new to you, but keeping up with "what goes where" with RAM, ROM, NVRAM, and Flash Memory can be quite a challenge! In this tutorial, we'll take a look at all four of these components and their contents.
ROM stands for Read-Only Memory. ROM stores the router’s bootstrap startup program, operating system software, and power-on diagnostic test programs (the POST).
Flash memory is generally referred to as “flash” The Cisco Internetwork Operating System (IOS) images are held here. Flash is erasable and reprogrammable ROM. Flash memory content is retained by the router on power-down or reload.
RAM is short for Random-Access Memory. RAM on a Cisco router stores operational information such as routing tables and the running configuration file. RAM contents are lost when the router is powered down or reloaded.
NVRAM is non-volatile RAM. By "non-volatile", we mean that the contents of NVRAM are not lost when the router is powered down or reloaded. Where RAM holds the running configuration file, NVRAM holds the startup configuration file. If NVRAM is empty when the router reloads, you will be prompted to enter setup mode.
Success on the CCNA exam depends on keeping these terms straight and knowing their contents. Know the contents of each, pay special attention to what is lost on a reload and what is not, and you're on your way to CCNA exam success!
ROM stands for Read-Only Memory. ROM stores the router’s bootstrap startup program, operating system software, and power-on diagnostic test programs (the POST).
Flash memory is generally referred to as “flash” The Cisco Internetwork Operating System (IOS) images are held here. Flash is erasable and reprogrammable ROM. Flash memory content is retained by the router on power-down or reload.
RAM is short for Random-Access Memory. RAM on a Cisco router stores operational information such as routing tables and the running configuration file. RAM contents are lost when the router is powered down or reloaded.
NVRAM is non-volatile RAM. By "non-volatile", we mean that the contents of NVRAM are not lost when the router is powered down or reloaded. Where RAM holds the running configuration file, NVRAM holds the startup configuration file. If NVRAM is empty when the router reloads, you will be prompted to enter setup mode.
Success on the CCNA exam depends on keeping these terms straight and knowing their contents. Know the contents of each, pay special attention to what is lost on a reload and what is not, and you're on your way to CCNA exam success!
Cisco CCNA Certification Exam Tutorial: ISDN Details You Must Know
CCNA exam success depends partially on knowing the details of ISDN, and there are plenty of them! To help you review for your CCNA exam, here are a few ISDN details that you must know on exam day. (They help in the real world, too – and there are still plenty of ISDN networks out there!
The Cisco-proprietary version of HDLC is the default encapsulation type for serial and ISDN interfaces.
R2#show interface serial0
Serial0 is up, line protocol is up
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
While there’s only one D-channel in BRI, PRI (US) and PRI (EU), the bandwidth of that D-channel does vary from BRI to PRI. It’s 16 kbps in BRI and 64 kbps in both PRI versions.
The global command isdn switch-type must be configured before you can even begin to have ISDN work. show isdn status will tell you whether or not you’ve done this correctly.
R2#show isdn status
**** No Global ISDN Switchtype currently defined ****
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = none
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
PAP allows passwords to be different; CHAP requires that they be the same.
PAP requires the “ppp pap sent-username” interface-level command. CHAP has no equivalent command.
Define interesting traffic with dialer-list and link that list to the interface with dialer-group.
R2#conf t
R2(config)#dialer-list 1 proto ip permit
R2(config)#int bri0
R2(config-if)#dialer-group 1
The dialer idle-timeout value is expressed in seconds, not minutes. (Even IOS Help isn’t totally clear on this.)
R2(config)#int bri0
R2(config-if)#dialer-group 1
R2(config-if)#dialer idle-timeout ?
<1-2147483> Idle timeout before disconnecting a call
R2(config-if)#dialer idle-timeout 120
Dialer map maps a remote IP address to a remote phone number. You never dial the local router’s phone number.
dialer load-threshold requires the ppp multilink command to be configured, and the value of dialer load-threshold is expressed as a ratio of 255, NOT 100. For example, if you want the second b-channel to come up when the first reaches 50% of capacity, the value to express with dialer load-threshold would be 50% of 255 – which equals 127.
R2(config)#int bri0
R2(config-if)#encap ppp
R2(config-if)#ppp multilink
R2(config-if)#dialer load-threshold ?
<1-255> Load threshold to place another call
Success on the CCNA exam depends on knowing the details. Keep studying, keep practicing on real Cisco routers and switches, keep a positive attitude, and you're on your way to CCNA exam success!
The Cisco-proprietary version of HDLC is the default encapsulation type for serial and ISDN interfaces.
R2#show interface serial0
Serial0 is up, line protocol is up
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
While there’s only one D-channel in BRI, PRI (US) and PRI (EU), the bandwidth of that D-channel does vary from BRI to PRI. It’s 16 kbps in BRI and 64 kbps in both PRI versions.
The global command isdn switch-type must be configured before you can even begin to have ISDN work. show isdn status will tell you whether or not you’ve done this correctly.
R2#show isdn status
**** No Global ISDN Switchtype currently defined ****
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = none
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
PAP allows passwords to be different; CHAP requires that they be the same.
PAP requires the “ppp pap sent-username” interface-level command. CHAP has no equivalent command.
Define interesting traffic with dialer-list and link that list to the interface with dialer-group.
R2#conf t
R2(config)#dialer-list 1 proto ip permit
R2(config)#int bri0
R2(config-if)#dialer-group 1
The dialer idle-timeout value is expressed in seconds, not minutes. (Even IOS Help isn’t totally clear on this.)
R2(config)#int bri0
R2(config-if)#dialer-group 1
R2(config-if)#dialer idle-timeout ?
<1-2147483> Idle timeout before disconnecting a call
R2(config-if)#dialer idle-timeout 120
Dialer map maps a remote IP address to a remote phone number. You never dial the local router’s phone number.
dialer load-threshold requires the ppp multilink command to be configured, and the value of dialer load-threshold is expressed as a ratio of 255, NOT 100. For example, if you want the second b-channel to come up when the first reaches 50% of capacity, the value to express with dialer load-threshold would be 50% of 255 – which equals 127.
R2(config)#int bri0
R2(config-if)#encap ppp
R2(config-if)#ppp multilink
R2(config-if)#dialer load-threshold ?
<1-255> Load threshold to place another call
Success on the CCNA exam depends on knowing the details. Keep studying, keep practicing on real Cisco routers and switches, keep a positive attitude, and you're on your way to CCNA exam success!
Cisco CCNA Certification Exam Tutorial: Access List Details You Must Know!
To pass the CCNA exam, you have to be able to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you'll see more and more uses for ACLs. Therefore, you had better know the basics!
The use of "host" and "any" confuses some newcomers to ACLs, so let's take a look at that first.
It is acceptable to configure a wildcard mask of all ones or all zeroes. A wildcard mask of 0.0.0.0 means the address specified in the ACL line must be matched exactly a wildcard mask of 255.255.255.255 means that all addresses will match the line.
Wildcard masks have the option of using the word host to represent a wildcard mask of 0.0.0.0. Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all other packets denied. The following ACLs both do that.
R3#conf t
R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0
R3(config)#conf t
R3(config)#access-list 7 permit host 10.1.1.1
The keyword any can be used to represent a wildcard mask of 255.255.255.255.
R3(config)#access-list 15 permit any
Another often overlooked detail is the order of the lines in an ACL. Even in a two- or three-line ACL, the order of the lines in an ACL is vital.
Consider a situation where packets sourced from 172.18.18.0 /24 will be denied, but all others will be permitted. The following ACL would do that.
R3#conf t
R3(config)#access-list 15 deny 172.18.18.0 0.0.0.255
R3(config)#access-list 15 permit any
The previous example also illustrates the importance of configuring the ACL with the lines in the correct order to get the desired results. What would be the result if the lines were reversed?
R3#conf t
R3(config)#access-list 15 permit any
R3(config)#access-list 15 deny 172.18.18.0 0.0.0.255
If the lines were reversed, traffic from 172.18.18.0 /24 would be matched against the first line of the ACL. The first line is “permit any", meaning all traffic is permitted. The traffic from 172.18.18.0/24 matches that line, the traffic is permitted, and the ACL stops running. The statement denying the traffic from 172.18.18.0 is never run.
The key to writing and troubleshoot access lists is to take just an extra moment to read it over and make sure it's going to do what you intend it to do. It's better to realize your mistake on paper instead of once the ACL's been applied to an interface!
The use of "host" and "any" confuses some newcomers to ACLs, so let's take a look at that first.
It is acceptable to configure a wildcard mask of all ones or all zeroes. A wildcard mask of 0.0.0.0 means the address specified in the ACL line must be matched exactly a wildcard mask of 255.255.255.255 means that all addresses will match the line.
Wildcard masks have the option of using the word host to represent a wildcard mask of 0.0.0.0. Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all other packets denied. The following ACLs both do that.
R3#conf t
R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0
R3(config)#conf t
R3(config)#access-list 7 permit host 10.1.1.1
The keyword any can be used to represent a wildcard mask of 255.255.255.255.
R3(config)#access-list 15 permit any
Another often overlooked detail is the order of the lines in an ACL. Even in a two- or three-line ACL, the order of the lines in an ACL is vital.
Consider a situation where packets sourced from 172.18.18.0 /24 will be denied, but all others will be permitted. The following ACL would do that.
R3#conf t
R3(config)#access-list 15 deny 172.18.18.0 0.0.0.255
R3(config)#access-list 15 permit any
The previous example also illustrates the importance of configuring the ACL with the lines in the correct order to get the desired results. What would be the result if the lines were reversed?
R3#conf t
R3(config)#access-list 15 permit any
R3(config)#access-list 15 deny 172.18.18.0 0.0.0.255
If the lines were reversed, traffic from 172.18.18.0 /24 would be matched against the first line of the ACL. The first line is “permit any", meaning all traffic is permitted. The traffic from 172.18.18.0/24 matches that line, the traffic is permitted, and the ACL stops running. The statement denying the traffic from 172.18.18.0 is never run.
The key to writing and troubleshoot access lists is to take just an extra moment to read it over and make sure it's going to do what you intend it to do. It's better to realize your mistake on paper instead of once the ACL's been applied to an interface!
Cisco CCNA / CCNP Tutorial: Home Lab Assembly Case Study
Part of your CCNA / CCNP education is deciding what network topology to use when you're putting together your home lab. Some of you are starting with one or two routers or switches, while others are starting with more. A customer recently sent me a list of his Cisco routers and switches that he has available for a home lab and asked for my help in coming up with the best way to use them.
There is no "right" or "wrong" answer to this question; again, part of the learning process is configuring and reconfiguring the physical topology of your lab. Let's look at the routers and switches he has available, including the interfaces on each, and come up with one possible CCNA / CCNP home lab setup.
The equipment list:
Two 3620 routers. Each has 1 serial port and 2 ethernet ports.
One 3640 router. This has two ethernet cards, each with two ports, and two AUI ports.
Three 2503s, my personal favorite for home labs! These have 1 AUI port, 2 serial interfaces, and one BRI interface apiece.
One 2524 router. This has one serial port, 1 ethernet port, and one BRI interface.
One 4500 router. This has eight BRI ports, 2 ethernet ports, and more importantly, four serial ports.
He also has a 5200 access server, an ISDN simulator, one 2924 switch, and one 1924 switch.
Now, if you don't have this much equipment to work with, don't panic! Most CCNA / CCNP candidates don't; this is more of an exercise in looking at what you do have and using it to the utmost.
As I've mentioned in many of my CCNA / CCNP home lab articles, an access server is a great thing to have. All he needs is an octal cable to connect his AS to the other devices we choose to use, and he's all set. (If you need an access server sample configuration, there is one on my website in the Home Lab section.)
A frame relay switch is also great to have, and the 4500 will make a great FR switch. Having a frame relay cloud in your CCNA / CCNP home lab is a great way to get experience configuring and troubleshooting frame relay, an essential skill for CCNA success.
I would put both of the 3620s on the frame relay cloud via the Serial interface, as well as two of the 2503s. That gives you four routers that will be using frame relay to communicate, and that's the most we can have since the 4500 has four serial ports. The 4500 will need to be configured as a frame relay switch and connected to the other routers via a DTE/DCE cable. (Again, if you need a frame relay switch configuration, the one I use in my pods is on the website in the same place as the access server configuration.)
The two 2503s that are on the frame relay cloud should also be connected via their BRI interfaces. The home lab also includes an ISDN simulator, which is necessary to allow routers to communicate via their BRI interfaces. Just get a couple of straight-through cables to connect those two routers to the ISDN simulator and that segment is ready to go. (Remember that you can't connect Cisco routers directly via their BRI interfaces.)
All of the routers in this lab have at least one ethernet or AUI port, so we can connect them all to either one of the switches. The switches should be connected via at least two crossover cables to allow practice with trunking, root bridge election, and VLANs. Having two switches really does add quite a bit to a CCNA / CCNP home lab's capabilities. You can experiment with different subnets and vlans with as well. Don't be afraid to dive in - that's what a home lab is all about!
So now we've got four routers connected via frame relay, two via ISDN, and the others via ethernet segments. Two of the routers that are not using their serial interfaces should be connected directly via their serial ports. For this, you'll just need another DTE/DCE cable. Knowing how to bring up the line between two directly connected serial ports is an important CCNA skill, and so is troubleshooting it. You should be able to bring such a connection up with your eyes closed, and once you work with your own CCNA / CCNP home lab, you'll be able to!
Also, don't forget to add a loopback interface to each one of your routers. I like to use 1.1.1.1 for R1, 2.2.2.2 for R2, and so on. Advertising loopbacks is another great way to get practice with RIP, OSPF, EIGRP, IGRP, and static routing.
We've taken a pile of routers and switches and turned them into a fantastic CCNA / CCNP home lab. Whether you're working with two Cisco devices or ten, coming up with your own home lab topology is a great learning experience and the beginning of developing your analytical and troubleshooting skills.
There is no "right" or "wrong" answer to this question; again, part of the learning process is configuring and reconfiguring the physical topology of your lab. Let's look at the routers and switches he has available, including the interfaces on each, and come up with one possible CCNA / CCNP home lab setup.
The equipment list:
Two 3620 routers. Each has 1 serial port and 2 ethernet ports.
One 3640 router. This has two ethernet cards, each with two ports, and two AUI ports.
Three 2503s, my personal favorite for home labs! These have 1 AUI port, 2 serial interfaces, and one BRI interface apiece.
One 2524 router. This has one serial port, 1 ethernet port, and one BRI interface.
One 4500 router. This has eight BRI ports, 2 ethernet ports, and more importantly, four serial ports.
He also has a 5200 access server, an ISDN simulator, one 2924 switch, and one 1924 switch.
Now, if you don't have this much equipment to work with, don't panic! Most CCNA / CCNP candidates don't; this is more of an exercise in looking at what you do have and using it to the utmost.
As I've mentioned in many of my CCNA / CCNP home lab articles, an access server is a great thing to have. All he needs is an octal cable to connect his AS to the other devices we choose to use, and he's all set. (If you need an access server sample configuration, there is one on my website in the Home Lab section.)
A frame relay switch is also great to have, and the 4500 will make a great FR switch. Having a frame relay cloud in your CCNA / CCNP home lab is a great way to get experience configuring and troubleshooting frame relay, an essential skill for CCNA success.
I would put both of the 3620s on the frame relay cloud via the Serial interface, as well as two of the 2503s. That gives you four routers that will be using frame relay to communicate, and that's the most we can have since the 4500 has four serial ports. The 4500 will need to be configured as a frame relay switch and connected to the other routers via a DTE/DCE cable. (Again, if you need a frame relay switch configuration, the one I use in my pods is on the website in the same place as the access server configuration.)
The two 2503s that are on the frame relay cloud should also be connected via their BRI interfaces. The home lab also includes an ISDN simulator, which is necessary to allow routers to communicate via their BRI interfaces. Just get a couple of straight-through cables to connect those two routers to the ISDN simulator and that segment is ready to go. (Remember that you can't connect Cisco routers directly via their BRI interfaces.)
All of the routers in this lab have at least one ethernet or AUI port, so we can connect them all to either one of the switches. The switches should be connected via at least two crossover cables to allow practice with trunking, root bridge election, and VLANs. Having two switches really does add quite a bit to a CCNA / CCNP home lab's capabilities. You can experiment with different subnets and vlans with as well. Don't be afraid to dive in - that's what a home lab is all about!
So now we've got four routers connected via frame relay, two via ISDN, and the others via ethernet segments. Two of the routers that are not using their serial interfaces should be connected directly via their serial ports. For this, you'll just need another DTE/DCE cable. Knowing how to bring up the line between two directly connected serial ports is an important CCNA skill, and so is troubleshooting it. You should be able to bring such a connection up with your eyes closed, and once you work with your own CCNA / CCNP home lab, you'll be able to!
Also, don't forget to add a loopback interface to each one of your routers. I like to use 1.1.1.1 for R1, 2.2.2.2 for R2, and so on. Advertising loopbacks is another great way to get practice with RIP, OSPF, EIGRP, IGRP, and static routing.
We've taken a pile of routers and switches and turned them into a fantastic CCNA / CCNP home lab. Whether you're working with two Cisco devices or ten, coming up with your own home lab topology is a great learning experience and the beginning of developing your analytical and troubleshooting skills.
Cisco CCNA / CCNP Home Labs: Developing Troubleshooting Skills
CCNA / CCNP candidates are going to be drilled by Cisco when it comes to troubleshooting questions. You're going to have to be able to analyze configurations to see what the problem is (and if there is a problem in the first place), determine the meaning of different debug outputs, and show the ability not just to configure a router or switch, but troubleshoot one.
That's just as it should be, because CCNAs and CCNPs will find themselves doing a lot of troubleshooting in their careers. Troubleshooting isn't something that can just be learned from a book; you've got to have some experience working with routers and switches. The only real way to learn how to troubleshoot is to develop that ability while working on live equipment.
Of course, your company or client is going to take a very dim view of you developing this skill on their live network. So what can you do?
Assemble a Cisco home lab. When you start working with real Cisco equipment, you're doing yourself a lot of favors. First, you're going to be amazed at how well you retain information that will become second nature to you before exam day. But more importantly, both for the exam room and your career, you're developing invaluable troubleshooting skills.
Don't get me wrong, I'm not saying knowing the theory of how routers and switches work is unimportant. Quite the opposite - if you don't know networking theory, you're not going to become a CCNA or CCNP. But the ability to apply that knowledge is vital - and the only way you can get that is to work on real Cisco routers and switches. As for these "router simulators" on the market today, ask yourself this simple question: "When I walk into a server room, how many router simulators do I see?"
I often tell students that they'll do their best learning when they screw something up. I've had many a student tell me later that I was right - when they misconfigured frame relay, ISDN, or another CCNA / CCNP technology and then had to fix it themselves, it not only gave them the opportunity to apply their knowledge, but it gave them the confidence to know they could do it.
And you can't put a price on confidence - in the exam room or in the network center!
That's just as it should be, because CCNAs and CCNPs will find themselves doing a lot of troubleshooting in their careers. Troubleshooting isn't something that can just be learned from a book; you've got to have some experience working with routers and switches. The only real way to learn how to troubleshoot is to develop that ability while working on live equipment.
Of course, your company or client is going to take a very dim view of you developing this skill on their live network. So what can you do?
Assemble a Cisco home lab. When you start working with real Cisco equipment, you're doing yourself a lot of favors. First, you're going to be amazed at how well you retain information that will become second nature to you before exam day. But more importantly, both for the exam room and your career, you're developing invaluable troubleshooting skills.
Don't get me wrong, I'm not saying knowing the theory of how routers and switches work is unimportant. Quite the opposite - if you don't know networking theory, you're not going to become a CCNA or CCNP. But the ability to apply that knowledge is vital - and the only way you can get that is to work on real Cisco routers and switches. As for these "router simulators" on the market today, ask yourself this simple question: "When I walk into a server room, how many router simulators do I see?"
I often tell students that they'll do their best learning when they screw something up. I've had many a student tell me later that I was right - when they misconfigured frame relay, ISDN, or another CCNA / CCNP technology and then had to fix it themselves, it not only gave them the opportunity to apply their knowledge, but it gave them the confidence to know they could do it.
And you can't put a price on confidence - in the exam room or in the network center!
Cisco CCNA / CCNP Home Lab Tutorial: Configuring An Access Server
As your CCNA / CCNP home lab expands, an access server such as the Cisco 2509 or 2511 is one of the best investments you can make. In this article, we'll look at the basic configuration for an access server and discuss how to connect to the other routers and switches in your pod through the AS.
Here's part of a configuration from one of my access servers:
ip host FRS 2006 100.1.1.1
ip host SW2 2005 100.1.1.1
ip host SW1 2004 100.1.1.1
ip host R2 2002 100.1.1.1
ip host R1 2001 100.1.1.1
ip host R3 2003 100.1.1.1
interface Loopback0
ip address 100.1.1.1 255.255.255.255
no ip directed-broadcast
This is an IP Host table, and this is what makes the entire AS setup work. Your PC will connect to the access server, and the access server is in turn physically connected to your other routers and switches via an octal cable. One end of the octal cable splices off into eight separate cables, each terminated with an Rj-45 connector. That connector will be placed into the console port of one of your home lab devices. In this configuration, I have connector 1 connected to the console port of R1, connector 2 to R2, connector 3 to R3, connector 4 to Sw1, and so forth. (The connectors are physically numbered as well.)
The IP Host table entries here are linked to the loopback address shown. The loopback can be any address, but it must match the address in the IP Host table. This allows you to create reverse telnet sessions to the routers and switches.
To open the reverse telnet sessions upon opening a connection to the AS, type the entire name of the device and press the enter key twice. A connection to that device will now be visible, as shown here:
Access_Server#r1
Trying R1 (100.1.1.1, 2001)... Open
R1#
To get back to the access server, use the key combination followed by pressing the "x" key. Keep doing this until you've opened a connection to every router and switch in your pod.
Once you've opened the lines, you will not use the full device name to connect to the home lab devices. You should press only the number corresponding to the reverse telnet session you opened. For instance, in this configuration I opened telnet session 1 to R1, session 2 to R2, and session 3 to R3. Once I opened those sessions, I just use those numbers to reconnect to the devices, as shown here:
Access_server#1
[Resuming connection 1 to r1 ... ]
R1#
Access_server#2
[Resuming connection 2 to r2 ... ]
R2#
Access_server#3
[Resuming connection 3 to r3 ... ]
R3#
If you type the full hostname again after initially opening the connection, you will see this message:
Access_server#r1
Trying R1 (100.1.1.1, 2001)...
% Connection refused by remote host
The connection is refused because you already have an open connection to that router.
There's one more important part of an access server config your CCNA / CCNP home lab will need:
line 1 8
no exec
transport input all
The line numbers may differ according to your access server, but "no exec" is very important here. This will stop rogue EXEC sessions from refusing connections that it shouldn't be refusing. Without this command, you'll commonly see "connection refused by remote host" when you shouldn't be. That message is the most common error you'll see on an access server, and it's there because you already have an open connection or you left "no exec" out of your configuration. "No exec" isn't mandatory, but it will help you keep your sanity!
Here's part of a configuration from one of my access servers:
ip host FRS 2006 100.1.1.1
ip host SW2 2005 100.1.1.1
ip host SW1 2004 100.1.1.1
ip host R2 2002 100.1.1.1
ip host R1 2001 100.1.1.1
ip host R3 2003 100.1.1.1
interface Loopback0
ip address 100.1.1.1 255.255.255.255
no ip directed-broadcast
This is an IP Host table, and this is what makes the entire AS setup work. Your PC will connect to the access server, and the access server is in turn physically connected to your other routers and switches via an octal cable. One end of the octal cable splices off into eight separate cables, each terminated with an Rj-45 connector. That connector will be placed into the console port of one of your home lab devices. In this configuration, I have connector 1 connected to the console port of R1, connector 2 to R2, connector 3 to R3, connector 4 to Sw1, and so forth. (The connectors are physically numbered as well.)
The IP Host table entries here are linked to the loopback address shown. The loopback can be any address, but it must match the address in the IP Host table. This allows you to create reverse telnet sessions to the routers and switches.
To open the reverse telnet sessions upon opening a connection to the AS, type the entire name of the device and press the enter key twice. A connection to that device will now be visible, as shown here:
Access_Server#r1
Trying R1 (100.1.1.1, 2001)... Open
R1#
To get back to the access server, use the key combination
Once you've opened the lines, you will not use the full device name to connect to the home lab devices. You should press only the number corresponding to the reverse telnet session you opened. For instance, in this configuration I opened telnet session 1 to R1, session 2 to R2, and session 3 to R3. Once I opened those sessions, I just use those numbers to reconnect to the devices, as shown here:
Access_server#1
[Resuming connection 1 to r1 ... ]
R1#
Access_server#2
[Resuming connection 2 to r2 ... ]
R2#
Access_server#3
[Resuming connection 3 to r3 ... ]
R3#
If you type the full hostname again after initially opening the connection, you will see this message:
Access_server#r1
Trying R1 (100.1.1.1, 2001)...
% Connection refused by remote host
The connection is refused because you already have an open connection to that router.
There's one more important part of an access server config your CCNA / CCNP home lab will need:
line 1 8
no exec
transport input all
The line numbers may differ according to your access server, but "no exec" is very important here. This will stop rogue EXEC sessions from refusing connections that it shouldn't be refusing. Without this command, you'll commonly see "connection refused by remote host" when you shouldn't be. That message is the most common error you'll see on an access server, and it's there because you already have an open connection or you left "no exec" out of your configuration. "No exec" isn't mandatory, but it will help you keep your sanity!
Cisco CCNA / CCNP Home Lab Tutorial: Cabling Your Access Server
A Cisco home lab is an invaluable study tool when you're preparing for CCNA and CCNP exam success. Once you've gotten a couple of routers and switches, you'll quickly get tired of moving that blue console cable every time you want to configure a different device. The solution to this problem is purchasing and configuring an access server (AS).
For those of you new to access servers, note that these are not white boxes running Microsoft operating systems. These are Cisco routers that allow you to connect to all the routers and switches in your home lab without moving a cable. You can physically or logically connect to the access server and work with all your devices from there.
When you're pricing access servers, please remember that you do NOT need an expensive AS. Right now on ebay there are access servers costing up to $5000 - this is NOT what you want to buy. What you're looking for is something like a 2509 or 2511, which is going to run you anywhere from $100 - $200. It's money well spent, because once you get an AS, you'll really wonder how you ever did without it.
The only additional hardware you need is the cable that will physically connect your AS to the other routers and switches in your home lab. The cable you need is called an octal cable, so named because one end of this cable is actually eight ends, all terminated with a numbered RJ-45 connector.
The large end of the cable is going to be connected to the AS itself. The cable will connect to a port on the AS that will have "async 1-8" directly above the physical port. It is this port that makes an AS different from other Cisco routers.
Once you've got your AS and this cable, you're ready to configure your AS. Connect the cable to the AS as described above, and then you will connect one of the RJ-45 connectors to the console port of each one of your routers and switches. Make sure to note the number that's on the cable itself right below the connector, because that's very important. In the next part of this home lab tutorial, I'll tell you exactly how to configure your access server for best results, along with a few troubleshooting tips.
For those of you new to access servers, note that these are not white boxes running Microsoft operating systems. These are Cisco routers that allow you to connect to all the routers and switches in your home lab without moving a cable. You can physically or logically connect to the access server and work with all your devices from there.
When you're pricing access servers, please remember that you do NOT need an expensive AS. Right now on ebay there are access servers costing up to $5000 - this is NOT what you want to buy. What you're looking for is something like a 2509 or 2511, which is going to run you anywhere from $100 - $200. It's money well spent, because once you get an AS, you'll really wonder how you ever did without it.
The only additional hardware you need is the cable that will physically connect your AS to the other routers and switches in your home lab. The cable you need is called an octal cable, so named because one end of this cable is actually eight ends, all terminated with a numbered RJ-45 connector.
The large end of the cable is going to be connected to the AS itself. The cable will connect to a port on the AS that will have "async 1-8" directly above the physical port. It is this port that makes an AS different from other Cisco routers.
Once you've got your AS and this cable, you're ready to configure your AS. Connect the cable to the AS as described above, and then you will connect one of the RJ-45 connectors to the console port of each one of your routers and switches. Make sure to note the number that's on the cable itself right below the connector, because that's very important. In the next part of this home lab tutorial, I'll tell you exactly how to configure your access server for best results, along with a few troubleshooting tips.
Cisco CCNA / CCNP Home Lab Setup: How To Configure Reverse Telnet
Occasionally, during your CCNA and CCNP studies, you'll run into a term that just doesn't quite make sense to you. (Okay, more than occasionally!) One such term is "reverse telnet". As a Cisco certification candidate, you know that telnet is simply a protocol that allows you to remotely connect to a networking device such as a router or switch. But what is "reverse telnet", and why is it so important to a Cisco CCNA / CCNP home lab setup?
Where a telnet session is started by a remote user who wants to remotely control a router or switch, a reverse telnet session is started when the host device itself imitates the telnet session.
In a CCNA / CCNP home lab, reverse telnet is configured and used on the access server. The access server isn't a white box server like most of us are used to; an access server is a Cisco router that allows you to connect to multiple routers and switches with one session without having to move a rollover cable from device to device.
Your access server will use an octal cable to connect to the other routers and switches in your home lab. The octal cable has one large serial connector that will connect to the access server, and eight rj-45 connectors that will connect to your other home lab devices. Your access server then needs an IP Host table in order to perform reverse telnet.
An IP Host table is easy to put together (and you better know how to write one to pass the CCNA!). The IP Host table is used for local name resolution, taking the place of a DNS server. A typical access server IP Host table looks like this:
ip host FRS 2007 100.1.1.1
ip host R3 2003 100.1.1.1
ip host R1 2001 100.1.1.1
ip host R2 2002 100.1.1.1
ip host R4 2004 100.1.1.1
ip host R5 2005 100.1.1.1
ip host SW1 2006 100.1.1.1
interface Loopback0
ip address 100.1.1.1 255.255.255.255
no ip directed-broadcast
This configuration will allow you to use your access server to connect to five routers, a frame relay switch, and a switch without ever moving a cable. When you type "R1" at the console line, for example, you'll be connected to R1 via reverse telnet. If you have a smaller lab, an access server is still a real timesaver and an excellent investment. And by getting a static IP address to put on your access server, you can even connect to your home lab from remote locations!
Where a telnet session is started by a remote user who wants to remotely control a router or switch, a reverse telnet session is started when the host device itself imitates the telnet session.
In a CCNA / CCNP home lab, reverse telnet is configured and used on the access server. The access server isn't a white box server like most of us are used to; an access server is a Cisco router that allows you to connect to multiple routers and switches with one session without having to move a rollover cable from device to device.
Your access server will use an octal cable to connect to the other routers and switches in your home lab. The octal cable has one large serial connector that will connect to the access server, and eight rj-45 connectors that will connect to your other home lab devices. Your access server then needs an IP Host table in order to perform reverse telnet.
An IP Host table is easy to put together (and you better know how to write one to pass the CCNA!). The IP Host table is used for local name resolution, taking the place of a DNS server. A typical access server IP Host table looks like this:
ip host FRS 2007 100.1.1.1
ip host R3 2003 100.1.1.1
ip host R1 2001 100.1.1.1
ip host R2 2002 100.1.1.1
ip host R4 2004 100.1.1.1
ip host R5 2005 100.1.1.1
ip host SW1 2006 100.1.1.1
interface Loopback0
ip address 100.1.1.1 255.255.255.255
no ip directed-broadcast
This configuration will allow you to use your access server to connect to five routers, a frame relay switch, and a switch without ever moving a cable. When you type "R1" at the console line, for example, you'll be connected to R1 via reverse telnet. If you have a smaller lab, an access server is still a real timesaver and an excellent investment. And by getting a static IP address to put on your access server, you can even connect to your home lab from remote locations!
Cisco CCNA / CCNP Home Lab Setup: How To Configure Reverse Telnet
Occasionally, during your CCNA and CCNP studies, you'll run into a term that just doesn't quite make sense to you. (Okay, more than occasionally!) One such term is "reverse telnet". As a Cisco certification candidate, you know that telnet is simply a protocol that allows you to remotely connect to a networking device such as a router or switch. But what is "reverse telnet", and why is it so important to a Cisco CCNA / CCNP home lab setup?
Where a telnet session is started by a remote user who wants to remotely control a router or switch, a reverse telnet session is started when the host device itself imitates the telnet session.
In a CCNA / CCNP home lab, reverse telnet is configured and used on the access server. The access server isn't a white box server like most of us are used to; an access server is a Cisco router that allows you to connect to multiple routers and switches with one session without having to move a rollover cable from device to device.
Your access server will use an octal cable to connect to the other routers and switches in your home lab. The octal cable has one large serial connector that will connect to the access server, and eight rj-45 connectors that will connect to your other home lab devices. Your access server then needs an IP Host table in order to perform reverse telnet.
An IP Host table is easy to put together (and you better know how to write one to pass the CCNA!). The IP Host table is used for local name resolution, taking the place of a DNS server. A typical access server IP Host table looks like this:
ip host FRS 2007 100.1.1.1
ip host R3 2003 100.1.1.1
ip host R1 2001 100.1.1.1
ip host R2 2002 100.1.1.1
ip host R4 2004 100.1.1.1
ip host R5 2005 100.1.1.1
ip host SW1 2006 100.1.1.1
interface Loopback0
ip address 100.1.1.1 255.255.255.255
no ip directed-broadcast
This configuration will allow you to use your access server to connect to five routers, a frame relay switch, and a switch without ever moving a cable. When you type "R1" at the console line, for example, you'll be connected to R1 via reverse telnet. If you have a smaller lab, an access server is still a real timesaver and an excellent investment. And by getting a static IP address to put on your access server, you can even connect to your home lab from remote locations!
Where a telnet session is started by a remote user who wants to remotely control a router or switch, a reverse telnet session is started when the host device itself imitates the telnet session.
In a CCNA / CCNP home lab, reverse telnet is configured and used on the access server. The access server isn't a white box server like most of us are used to; an access server is a Cisco router that allows you to connect to multiple routers and switches with one session without having to move a rollover cable from device to device.
Your access server will use an octal cable to connect to the other routers and switches in your home lab. The octal cable has one large serial connector that will connect to the access server, and eight rj-45 connectors that will connect to your other home lab devices. Your access server then needs an IP Host table in order to perform reverse telnet.
An IP Host table is easy to put together (and you better know how to write one to pass the CCNA!). The IP Host table is used for local name resolution, taking the place of a DNS server. A typical access server IP Host table looks like this:
ip host FRS 2007 100.1.1.1
ip host R3 2003 100.1.1.1
ip host R1 2001 100.1.1.1
ip host R2 2002 100.1.1.1
ip host R4 2004 100.1.1.1
ip host R5 2005 100.1.1.1
ip host SW1 2006 100.1.1.1
interface Loopback0
ip address 100.1.1.1 255.255.255.255
no ip directed-broadcast
This configuration will allow you to use your access server to connect to five routers, a frame relay switch, and a switch without ever moving a cable. When you type "R1" at the console line, for example, you'll be connected to R1 via reverse telnet. If you have a smaller lab, an access server is still a real timesaver and an excellent investment. And by getting a static IP address to put on your access server, you can even connect to your home lab from remote locations!
Monday, December 22, 2008
CCNA / CCNP Home Lab Tutorial: Assembling Your Cisco Home Lab
A CCNA or CCNP candidate who wants to be totally prepared for their exams is going to put together a home lab to practice on. With used Cisco routers and switches more affordable and plentiful then ever before, there's really no excuse to not have one!
With the many different models available, there is some understandable confusion among future CCNAs and CCNPs about which routers to buy and which ones to avoid. You can take almost any set of Cisco routers and put together a home lab; part of the learning process is taking what equipment you have available and putting together your own lab! For those of you preparing to start your home lab or add to your existing one, this article will list the routers I use in my Cisco pods. You certainly don't have to have all this equipment, but this will give you some good ideas on how to get started.
The most versatile router you can get for your CCNA / CCNP home lab is a 2520. These routers come with four serial ports, one ethernet port, and one BRI interface for ISDN practice. This mix of interfaces means you can actually use it as a frame relay switch while using the ethernet and BRI ports for routing. (There is no problem with using a lab router as both your frame relay switch and a practice router; for a frame relay switch sample configuration, visit my website!)
My pods consist of five routers and two switches, and three of the five routers are 2520s, due to their versatility. A recent ebay search showed these routers selling for $99 - $125, an outstanding value for the practice you're going to get.
I also use 2501s in my home labs. These have fewer interfaces, but the combination of two serial interfaces and one ethernet interface allows you to get plenty of practice.
A combination that works very well is using three 2520s; one as my dedicated frame relay switch, one as R1, and another as R2. Add a 2501 as R3, and you can have a frame cloud connecting R1, R2, and R3, a direct serial connection between R1 and R3, an Ethernet segment that includes all three routers, and an ISDN connection between R1 and R2 if you have an ISDN simulator. That combination will allow you to get a tremendous amount of practice for the exams, and you can always sell it when you're done!
2501s are very affordable, with many in the $50 range on ebay. It's quite possible to get three 2520s and one 2501 for less than $500 total, and you can get most of that money back if you choose to sell it when you're done.
With four routers to work with, you're probably going to get tired of moving that console cable around. An access server (actually a Cisco router, not the white boxes we tend to think of when we hear "server") will help you out with that. An access server allows you to set up a connection with each of your other routers via an octal cable, which prevents you from moving that console cable around continually. For an example of an access server configuration, just visit my website and look in the "Free Training" section.
Access server prices vary quite a bit; don't panic if you do an ebay search and see them costing thousands of dollars. You do NOT need an expensive access server for your CCNA / CCNP home lab. 2511s are great routers to get for your access server.
One question I get often from CCNA / CCNP candidates is "What routers should I buy that I can still use when I'm ready to study for the CCNP?" The CCIE lab changes regularly and sometimes drastically when it comes to the equipment you'll need. During my CCIE lab studies, I found that renting time from online rack rental providers was actually the best way to go. Don't hesitate when putting your CCNA / CCNP home lab together, wondering what will be acceptable for the CCIE lab a year or so from now. None of us know what's going to be on that equipment list, so get the CCNA and CCNP first - by building your own Cisco home lab!
With the many different models available, there is some understandable confusion among future CCNAs and CCNPs about which routers to buy and which ones to avoid. You can take almost any set of Cisco routers and put together a home lab; part of the learning process is taking what equipment you have available and putting together your own lab! For those of you preparing to start your home lab or add to your existing one, this article will list the routers I use in my Cisco pods. You certainly don't have to have all this equipment, but this will give you some good ideas on how to get started.
The most versatile router you can get for your CCNA / CCNP home lab is a 2520. These routers come with four serial ports, one ethernet port, and one BRI interface for ISDN practice. This mix of interfaces means you can actually use it as a frame relay switch while using the ethernet and BRI ports for routing. (There is no problem with using a lab router as both your frame relay switch and a practice router; for a frame relay switch sample configuration, visit my website!)
My pods consist of five routers and two switches, and three of the five routers are 2520s, due to their versatility. A recent ebay search showed these routers selling for $99 - $125, an outstanding value for the practice you're going to get.
I also use 2501s in my home labs. These have fewer interfaces, but the combination of two serial interfaces and one ethernet interface allows you to get plenty of practice.
A combination that works very well is using three 2520s; one as my dedicated frame relay switch, one as R1, and another as R2. Add a 2501 as R3, and you can have a frame cloud connecting R1, R2, and R3, a direct serial connection between R1 and R3, an Ethernet segment that includes all three routers, and an ISDN connection between R1 and R2 if you have an ISDN simulator. That combination will allow you to get a tremendous amount of practice for the exams, and you can always sell it when you're done!
2501s are very affordable, with many in the $50 range on ebay. It's quite possible to get three 2520s and one 2501 for less than $500 total, and you can get most of that money back if you choose to sell it when you're done.
With four routers to work with, you're probably going to get tired of moving that console cable around. An access server (actually a Cisco router, not the white boxes we tend to think of when we hear "server") will help you out with that. An access server allows you to set up a connection with each of your other routers via an octal cable, which prevents you from moving that console cable around continually. For an example of an access server configuration, just visit my website and look in the "Free Training" section.
Access server prices vary quite a bit; don't panic if you do an ebay search and see them costing thousands of dollars. You do NOT need an expensive access server for your CCNA / CCNP home lab. 2511s are great routers to get for your access server.
One question I get often from CCNA / CCNP candidates is "What routers should I buy that I can still use when I'm ready to study for the CCNP?" The CCIE lab changes regularly and sometimes drastically when it comes to the equipment you'll need. During my CCIE lab studies, I found that renting time from online rack rental providers was actually the best way to go. Don't hesitate when putting your CCNA / CCNP home lab together, wondering what will be acceptable for the CCIE lab a year or so from now. None of us know what's going to be on that equipment list, so get the CCNA and CCNP first - by building your own Cisco home lab!
Subscribe to:
Posts (Atom)
