I've seen it happen time and again to programmers, network engineers and administrators, and other IT personnel. They get a solid IT position, a good-paying job, and they get comfortable. They stop keeping up with the latest technologies, they stop studying, they no longer keep their CCNA, MCSE, and other industry certifications up-to-date.... and then one day, their comfortable job is gone.
Maybe they get laid off, maybe the company moves and they don't want to move with it... but for one reason or another, they're in the worst position possible. They have no job, and they have allowed their IT skills to deteriorate to the point where they are no longer employable.
If you're in IT, you must be constantly learning. You must continually take the long view, and ask yourself three important questions. First, where do you want to be in three years? Second, what are you doing now in order to reach this goal? And finally, if you were laid off today, are your current skills sharp enough to quickly get another job?
That third question can be the hardest of all to answer honestly. I'm reminded of Microsoft announcing years ago that they would no longer be recognizing the MSCE 4.0 certification, since the network operating systems that certification was based upon would no longer be supported by MS. (Keep in mind that this change was announced months in advance, giving those holding the MCSE 4.0 plenty of time to earn the latest MS certification.)
Some MCSE 4.0s just went nuts. Microsoft's certification magazine printed letter after letter from angry MCSEs saying that their company would always run NT 4.0, and that there was no reason for them to ever upgrade their certification.
This wasn't just denial. This was career suicide. Let's say that their network never moved from NT 4.0. Let's also say that they got laid off yesterday. Would you want to go out into the current IT workplace and have your most recent network operating system experience be on NT 4.0 ? I sure wouldn't.
The fact is that you've got to continue studying, continue growing, and continue learning new things if you want to have a successful long-term IT career. If you plan on studying only one topic, getting into IT, and then never cracking a book again, you're entering the wrong field. And for those of us who have been in it for a while - again, ask yourself this question: "Am I prepared for what would happen if I were laid off today?" And if you're not, do something about it!
Showing posts with label advantage. Show all posts
Showing posts with label advantage. Show all posts
Wednesday, January 7, 2009
Friday, December 26, 2008
Passing Cisco CCNA And CCNP Exams: Ping And Extended Ping
I often tell CCNA and CCNP candidates that you do your best learning when you screw something up. I often get a funny look right after I say that, but the only way to develop your Cisco troubleshooting skills - the skills you'll need to pass your Intro, ICND, and CCNP exams - is by actually fixing configurations. Since your employer will take a dim view of you practicing these skills on his or her network, you better do so on your home lab!
Three essential tools for networking and CCNA/CCNP exam success are ping, extended ping, and traceroute. Today we're going to take a look at the ping that we're used to using for LAN issues, and the extended ping.
We're all familiar with "basic" ping, where you use the ping command followed by the IP address you want to confirm IP connectivity with. When you've got connectivity, you will see five exclamation points, as seen here:
R1#ping 172.12.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/72 ms
The default source IP address for ping is the IP address closest to the destination IP address. Other defaults - five ICMP packets will be sent (that's why you see five exclamation points), and they're sent two seconds apart.
That's fine for many basic situations, but as you progress through your networking career and most advanced scenarios in your CCNA / CCNP studies, you will want to change some of these defaults. What could you do if you wanted to send 10,000 pings? What if you needed your router's loopback address to be the source IP address for the pings? What if you wanted to send them five seconds apart, instead of two?
That's where extended ping comes in. To use extended ping, just type "ping" and hit enter. (Note that you cannot use extended ping in user exec mode - you must be in enable mode to do so.)
R1>ping
% Incomplete command.
"incomplete command" indicates that the router is waiting for an IP address; you can't use extended ping in user exec mode.
R1>enable
R1#ping
Protocol [ip]:
Target IP address: 172.16.123.1
Repeat count [5]: 1000
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: loopback0
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 172.16.123.1, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.......................................
In this example, I sent 1000 ICMP packets to an address that doesn't exist, so I am getting periods instead of exclamation points. This illustration shows you the many options you have with extended ping.
Now that I've sent those 1000 pings, let's say that I want to stop that process. At the beginning of the basic ping output, you see this phrase:
Type escape sequence to abort.
This escape sequence works for ping, extended ping, and traceroute. Funny thing, though - Cisco doesn't tell you what the escape sequence is! One day, this will really come in handy. The escape sequence is, TWICE in rapid succession.
After I used it in this example, the pings stopped and I got this message:
Success rate is 0 percent (0/192)
The ping stopped after 192 ICMP packets were sent.
This keystroke takes a little practice, so practice it in your home lab. Knowing how to use extended ping will really come in handy on your CCNA and CCNP exams as well as your real-life networking job, and knowing how to stop an extended ping will as well!
Three essential tools for networking and CCNA/CCNP exam success are ping, extended ping, and traceroute. Today we're going to take a look at the ping that we're used to using for LAN issues, and the extended ping.
We're all familiar with "basic" ping, where you use the ping command followed by the IP address you want to confirm IP connectivity with. When you've got connectivity, you will see five exclamation points, as seen here:
R1#ping 172.12.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/72 ms
The default source IP address for ping is the IP address closest to the destination IP address. Other defaults - five ICMP packets will be sent (that's why you see five exclamation points), and they're sent two seconds apart.
That's fine for many basic situations, but as you progress through your networking career and most advanced scenarios in your CCNA / CCNP studies, you will want to change some of these defaults. What could you do if you wanted to send 10,000 pings? What if you needed your router's loopback address to be the source IP address for the pings? What if you wanted to send them five seconds apart, instead of two?
That's where extended ping comes in. To use extended ping, just type "ping" and hit enter. (Note that you cannot use extended ping in user exec mode - you must be in enable mode to do so.)
R1>ping
% Incomplete command.
"incomplete command" indicates that the router is waiting for an IP address; you can't use extended ping in user exec mode.
R1>enable
R1#ping
Protocol [ip]:
Target IP address: 172.16.123.1
Repeat count [5]: 1000
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: loopback0
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 172.16.123.1, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.......................................
In this example, I sent 1000 ICMP packets to an address that doesn't exist, so I am getting periods instead of exclamation points. This illustration shows you the many options you have with extended ping.
Now that I've sent those 1000 pings, let's say that I want to stop that process. At the beginning of the basic ping output, you see this phrase:
Type escape sequence to abort.
This escape sequence works for ping, extended ping, and traceroute. Funny thing, though - Cisco doesn't tell you what the escape sequence is! One day, this will really come in handy. The escape sequence is
After I used it in this example, the pings stopped and I got this message:
Success rate is 0 percent (0/192)
The ping stopped after 192 ICMP packets were sent.
This keystroke takes a little practice, so practice it in your home lab. Knowing how to use extended ping will really come in handy on your CCNA and CCNP exams as well as your real-life networking job, and knowing how to stop an extended ping will as well!
How To Become A Cisco VPN Specialist
There's quite an emphasis on security in today's networks, and that's reflected in Cisco's certification tracks. Cisco offers a CCIE Security track and the Cisco Certified Security Professional (CCSP) intermediate-level certification, but there is no real equivalent to the CCNA on the security side. Instead, Cisco offers several different Security Associate certifications.
The good news is that you’ve got a lot of security specializations from which to choose; the bad news is that you’ve got a lot of choices! In choosing a specialization, take some time to choose a certification that will be of practical use to you in your current position or in your “dream job”.
One of the more popular Security Associate certifications is the Cisco VPN Specialist certification. This two-exam track consists of a Securing Cisco Network Devices (SND, 642-551) exam and a Cisco Secure Virtual Private Networks (CSVPN, 642-511) exam. To earn the Cisco VPN Specialist exam, you must hold a valid CCNA certification.
What should you expect on these exams? On the SND exam, expect to be grilled on basic security features on both switches and routers, as well as VPN 3000 concentrators, PIXes, and IDS/IPS Sensors. You'll need to be ready to configure and troubleshoot basic AAA configurations, access-lists, syslog, AutoSecure, and much more. You should also be solid with IPSec.
IPSec will also be part of your CSVPN exam. As you'd expect, you'll also be expected to be quite good with the VPN 3000 Concentrator series, including browser configuration, creating users and group, the Windows VPN Software Client, and more.
This is a demanding certification that is an excellent addition to your resume and your skill set. For the latest on this and other Cisco certifications, you should regularly visit the Learning & Events section of Cisco's website. As a Cisco certification candidate, it's your responsibility to stay current of any additions and changes to Cisco's certification paths - and it's good for your career!
The good news is that you’ve got a lot of security specializations from which to choose; the bad news is that you’ve got a lot of choices! In choosing a specialization, take some time to choose a certification that will be of practical use to you in your current position or in your “dream job”.
One of the more popular Security Associate certifications is the Cisco VPN Specialist certification. This two-exam track consists of a Securing Cisco Network Devices (SND, 642-551) exam and a Cisco Secure Virtual Private Networks (CSVPN, 642-511) exam. To earn the Cisco VPN Specialist exam, you must hold a valid CCNA certification.
What should you expect on these exams? On the SND exam, expect to be grilled on basic security features on both switches and routers, as well as VPN 3000 concentrators, PIXes, and IDS/IPS Sensors. You'll need to be ready to configure and troubleshoot basic AAA configurations, access-lists, syslog, AutoSecure, and much more. You should also be solid with IPSec.
IPSec will also be part of your CSVPN exam. As you'd expect, you'll also be expected to be quite good with the VPN 3000 Concentrator series, including browser configuration, creating users and group, the Windows VPN Software Client, and more.
This is a demanding certification that is an excellent addition to your resume and your skill set. For the latest on this and other Cisco certifications, you should regularly visit the Learning & Events section of Cisco's website. As a Cisco certification candidate, it's your responsibility to stay current of any additions and changes to Cisco's certification paths - and it's good for your career!
Cisco Certification: The "Secret" Key To Getting Your CCNA And CCNP
Whether you're working on your CCNA or CCNP, Cisco certification exams are the most demanding computer certification exams in the IT field. Cisco exams are not a test of memorization, they're a test of your analytical skills. You'll need to look at configurations and console output and analyze them to identify problems and answer detailed questions. To pass these demanding exams, you've got to truly understand how Cisco routers and switches operate - and the key to doing so is right in front of you.
The debug command.
Of course, there is no single "debug" command. Using IOS Help, you can quickly see that there are hundreds of these debugs, and I want to mention immediately that you should never practice these commands on a production router. This is one major reason you need to get some hands-on experience with Cisco products in a home lab or rack rental. No software program or "simulator" is going to give you the debug practice you need.
Now, why am I so insistent that you use debugs? Because that's how you actually see what's going on. It's not enough to type a frame relay LMI command, you have to be able to see the LMIs being exchanged with "debug frame lmi". You don't want to just type a few network numbers in after enabling RIP, you want to see the routes being advertised along with their metrics with "debug ip rip". The list goes on and on.
By using debugs as part of your CCNA and CCNP studies, you're going beyond just memorizing commands and thinking you understand everything that's happening when you enter a command or two. You move to a higher level of understanding how routers, switches, and protocols work -- and that is the true goal of earning your CCNA and CCNP.
The debug command.
Of course, there is no single "debug" command. Using IOS Help, you can quickly see that there are hundreds of these debugs, and I want to mention immediately that you should never practice these commands on a production router. This is one major reason you need to get some hands-on experience with Cisco products in a home lab or rack rental. No software program or "simulator" is going to give you the debug practice you need.
Now, why am I so insistent that you use debugs? Because that's how you actually see what's going on. It's not enough to type a frame relay LMI command, you have to be able to see the LMIs being exchanged with "debug frame lmi". You don't want to just type a few network numbers in after enabling RIP, you want to see the routes being advertised along with their metrics with "debug ip rip". The list goes on and on.
By using debugs as part of your CCNA and CCNP studies, you're going beyond just memorizing commands and thinking you understand everything that's happening when you enter a command or two. You move to a higher level of understanding how routers, switches, and protocols work -- and that is the true goal of earning your CCNA and CCNP.
Cisco Certification: Recertifying Your CCNA and CCNP
Once you get your CCNA and CCNP, you can't just rest on your accomplishment. You've got to continue to study and add to your skill set - and then prove to Cisco you've been doing just that by recertifying.
Recertification sounds like a pain, but it's actually one of the best things to ever happen to computer certification, and it helps your career as well. One trap many LAN and WAN personnel fall into is that they fail to keep up with changes in technology, and if they happen to be laid off or want to change jobs, they're unable to because they didn't keep their skill set up.
Cisco's recertification policies ensure that if you want to keep your CCNA, CCNP, or one of the other valuable Cisco certifications, you've got to take a recertification exam.
As of November 2005, to recertify as a CCNA, you need to pass either the current CCNA exam, ICND exam, or any 642 professional level or Cisco Qualified Specialist exam. (This does not include Sales Specialist exams.) Passing a CCIE written qualification exam also recertifies you as a CCNA. CCNAs are valid for three years.
For the CCNP, you need to pass the 642-891 Composite exam, a CCIE written qualification exam, or BOTH the BSCI and BCMSN exams (642-801 and 642-811, respectively.) CCNP certifications are valid for three years.
As you can see, you've got quite a few options either way. The one classic mistake you must not make is waiting too long to begin preparing for the exams, and give yourself a little leeway just in case you don't recertify the first time around. Once the deadline passes, your certification is gone, and in the case of the CCNP that means taking all the exams again.
As a professional, it's your responsibility to keep up with changes in the Cisco certification world, and this includes changes in the recertification program. Make a point of visiting the "Learning And Events" section of Cisco's website regularly to look for changes in the certification program. And while you're there, you just might see another cert that catches your eye!
Recertification sounds like a pain, but it's actually one of the best things to ever happen to computer certification, and it helps your career as well. One trap many LAN and WAN personnel fall into is that they fail to keep up with changes in technology, and if they happen to be laid off or want to change jobs, they're unable to because they didn't keep their skill set up.
Cisco's recertification policies ensure that if you want to keep your CCNA, CCNP, or one of the other valuable Cisco certifications, you've got to take a recertification exam.
As of November 2005, to recertify as a CCNA, you need to pass either the current CCNA exam, ICND exam, or any 642 professional level or Cisco Qualified Specialist exam. (This does not include Sales Specialist exams.) Passing a CCIE written qualification exam also recertifies you as a CCNA. CCNAs are valid for three years.
For the CCNP, you need to pass the 642-891 Composite exam, a CCIE written qualification exam, or BOTH the BSCI and BCMSN exams (642-801 and 642-811, respectively.) CCNP certifications are valid for three years.
As you can see, you've got quite a few options either way. The one classic mistake you must not make is waiting too long to begin preparing for the exams, and give yourself a little leeway just in case you don't recertify the first time around. Once the deadline passes, your certification is gone, and in the case of the CCNP that means taking all the exams again.
As a professional, it's your responsibility to keep up with changes in the Cisco certification world, and this includes changes in the recertification program. Make a point of visiting the "Learning And Events" section of Cisco's website regularly to look for changes in the certification program. And while you're there, you just might see another cert that catches your eye!
Thursday, December 25, 2008
Cisco CCNP Certification: Using The BGP Command “Update-Source”
When you start preparing for your CCNP exam, particularly the BSCI exam, you're introduced to Border Gateway Protocol (BGP) configurations. BGP is unlike any protocol you learned during your CCNA studies, and even the similarities are a little bit different!
BGP forms neighbor relationships, much like EIGRP and OSPF do. The interesting thing with BGP is that potential neighbors, or "peers", do not need to be directly connected and can use their loopback interfaces to form the peer relationships.
It may well be to your advantage to use loopbacks to form peer relationships rather than the actual interface facing the potential neighbor. This can be done because BGP uses static neighbor statements rather than any kind of dynamic neighbor discovery process.
Consider a router that has two paths to a BGP speaker. The interfaces are numbered like this:
Router1: Serial0, 172.1.1.1 /24, Serial2, 179.1.1.1 /24, loopback0, 1.1.1.1 /32.
Router2: Serial0, 172.1.1.2/24, Serial2 179.1.1.2/24, loopback0, 2.2.2.2 /32.
We could configure Router1 like this:
router bgp 200
neighbor 172.1.1.2 remote-as 200
In this case, BGP would automatically use 172.1.1.1 as the source for the TCP connection that has to be set up with the neighbor before updates can be exchanged; this address is known as the best local address. However, if the remote peer's serial0 interface is shut down or goes down for another reason, the peer relationship would be lost even though Router2 is still available.
Instead of using one of the physical interfaces, we can use the loopbacks on each router to establish the TCP-based peer connection. The configurations would look like this:
Router1:
router bgp 200
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source loopback0
Router2:
router bgp 200
neighbor 1.1.1.1 remote-as 200
neighbor 1.1.1.1 update-source loopback0
In this case, losing one of the physical connections does not necessarily mean the BGP peering is lost; as long as the routers have a valid path to each other's loopback addresses, the BGP peer relationship will stay in place. And better yet, we avoid the dreaded “single point of failure
BGP forms neighbor relationships, much like EIGRP and OSPF do. The interesting thing with BGP is that potential neighbors, or "peers", do not need to be directly connected and can use their loopback interfaces to form the peer relationships.
It may well be to your advantage to use loopbacks to form peer relationships rather than the actual interface facing the potential neighbor. This can be done because BGP uses static neighbor statements rather than any kind of dynamic neighbor discovery process.
Consider a router that has two paths to a BGP speaker. The interfaces are numbered like this:
Router1: Serial0, 172.1.1.1 /24, Serial2, 179.1.1.1 /24, loopback0, 1.1.1.1 /32.
Router2: Serial0, 172.1.1.2/24, Serial2 179.1.1.2/24, loopback0, 2.2.2.2 /32.
We could configure Router1 like this:
router bgp 200
neighbor 172.1.1.2 remote-as 200
In this case, BGP would automatically use 172.1.1.1 as the source for the TCP connection that has to be set up with the neighbor before updates can be exchanged; this address is known as the best local address. However, if the remote peer's serial0 interface is shut down or goes down for another reason, the peer relationship would be lost even though Router2 is still available.
Instead of using one of the physical interfaces, we can use the loopbacks on each router to establish the TCP-based peer connection. The configurations would look like this:
Router1:
router bgp 200
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source loopback0
Router2:
router bgp 200
neighbor 1.1.1.1 remote-as 200
neighbor 1.1.1.1 update-source loopback0
In this case, losing one of the physical connections does not necessarily mean the BGP peering is lost; as long as the routers have a valid path to each other's loopback addresses, the BGP peer relationship will stay in place. And better yet, we avoid the dreaded “single point of failure
Cisco CCNP Certification: The BGP Weight Attribute
When you're studying for the CCNP certification, especially the BSCI exam, you must gain a solid understanding of BGP. BGP isn't just one of the biggest topics on the BSCI exam, it's one of the largest. BGP has a great many details that must be mastered for BSCI success, and those of you with one eye on the CCIE must learn the fundamentals of BGP now in order to build on those fundamentals at a later time.
Path attributes are a unique feature of BGP. With interior gateway protocols such as OSPF and EIGRP, administrative distance is used as a tiebreaker when two routes to the same destination had different next-hop IP addresses but the same prefix length. BGP uses path attributes to make this choice.
The first attribute considered by BGP is weight. Weight is a Cisco-proprietary BGP attribute, so if you're working in a multivendor environment you should work with another attribute to influence path selection.
The weight attribute is significant only to the router on which it is changed. If you set a higher weight for a particular route in order to give it preference (a higher weight is preferred over a lower one), that weight is not advertised to other routers.
BGP uses categories such as "transitive", "non-transitive", "mandatory", and "optional" to classify attributes. Since weight is a locally significant Cisco-proprietary attribute, it does not all into any of these categories.
The weight can be changed on a single route via a route-map, or it can be set for a different weight for all routes received from a given neighbor. To change the weight for all incoming routes, use the "weight" option with the neighbor command after forming the BGP peer relationships.
R2(config)#router bgp 100
R2(config-router)#neighbor 100.1.1.1 remote-as 10
R2(config-router)#neighbor 100.1.1.1 weight 200
Learning all of the BGP attributes, as well as when to use them, can seem an overwhelming task when you first start studying for your BSCI and CCNP exams. Break this task down into small parts, learn one attribute at a time, and soon you'll have the BGP attributes mastered.
Path attributes are a unique feature of BGP. With interior gateway protocols such as OSPF and EIGRP, administrative distance is used as a tiebreaker when two routes to the same destination had different next-hop IP addresses but the same prefix length. BGP uses path attributes to make this choice.
The first attribute considered by BGP is weight. Weight is a Cisco-proprietary BGP attribute, so if you're working in a multivendor environment you should work with another attribute to influence path selection.
The weight attribute is significant only to the router on which it is changed. If you set a higher weight for a particular route in order to give it preference (a higher weight is preferred over a lower one), that weight is not advertised to other routers.
BGP uses categories such as "transitive", "non-transitive", "mandatory", and "optional" to classify attributes. Since weight is a locally significant Cisco-proprietary attribute, it does not all into any of these categories.
The weight can be changed on a single route via a route-map, or it can be set for a different weight for all routes received from a given neighbor. To change the weight for all incoming routes, use the "weight" option with the neighbor command after forming the BGP peer relationships.
R2(config)#router bgp 100
R2(config-router)#neighbor 100.1.1.1 remote-as 10
R2(config-router)#neighbor 100.1.1.1 weight 200
Learning all of the BGP attributes, as well as when to use them, can seem an overwhelming task when you first start studying for your BSCI and CCNP exams. Break this task down into small parts, learn one attribute at a time, and soon you'll have the BGP attributes mastered.
Cisco CCNP Certification / BSCI Exam Tutorial: Floating Static Routes
Passing the BSCI exam and earning your CCNP certification demands that you add greatly to the networking skills foundation you created when you studied for your CCNA certification. You learned quite a bit about static routing and default static routing when you passed the CCNA test, and it does seem like that should be all you need to know about static routing, right?
One thing you'll learn as you continue to earn Cisco certifications is that there's always something else to learn! You may have heard the term "floating static route", which does suggest some interesting mental pictures. "Floating"? Floating on what?
In a way, a floating static route is "floating" in your routing table. A floating static route is a route that will be used only if routes for the same destination but with a lower administrative distance are removed from the table. For example, you could be using an OSPF-discovered route as your primary route to a given destination, and the floating static route would serve as a backup route that would be used only if the OSPF route leaves the routing table.
Now, how can that happen? After all, OSPF has an administrative distance of 110 and static routes have ADs of one or zero, depending on whether it's configured with a next-hop IP address or a local exit interface. One way or the other, 1 and 0 are still less than 110!
When you want to configure a floating static route, you must assign the route an AD higher than that of the primary route. In this case, we've got to create a static route with an AD higher than 110. We do this by using the "distance" option at the end of the "ip route" command.
R1(config)#ip route 110.1.1.0 255.255.255.0 172.12.123.1 ?
<1-255> Distance metric for this route
name Specify name of the next hop
permanent permanent route
tag Set tag for this route
R1(config)#ip route 110.1.1.0 255.255.255.0 172.12.123.1 111
The number entered at the very end of the "ip route" command is the AD of that route. If there is an OSPF route for 110.1.1.0 /24, that will be the primary route, and the floating static route will not be used unless the OSPF route is taken out of the routing table.
Floating static routes aren't just a good thing to know for the BSCI exam and your CCNP certification pursuit - they're very practical in the real world as well.
One thing you'll learn as you continue to earn Cisco certifications is that there's always something else to learn! You may have heard the term "floating static route", which does suggest some interesting mental pictures. "Floating"? Floating on what?
In a way, a floating static route is "floating" in your routing table. A floating static route is a route that will be used only if routes for the same destination but with a lower administrative distance are removed from the table. For example, you could be using an OSPF-discovered route as your primary route to a given destination, and the floating static route would serve as a backup route that would be used only if the OSPF route leaves the routing table.
Now, how can that happen? After all, OSPF has an administrative distance of 110 and static routes have ADs of one or zero, depending on whether it's configured with a next-hop IP address or a local exit interface. One way or the other, 1 and 0 are still less than 110!
When you want to configure a floating static route, you must assign the route an AD higher than that of the primary route. In this case, we've got to create a static route with an AD higher than 110. We do this by using the "distance" option at the end of the "ip route" command.
R1(config)#ip route 110.1.1.0 255.255.255.0 172.12.123.1 ?
<1-255> Distance metric for this route
name Specify name of the next hop
permanent permanent route
tag Set tag for this route
R1(config)#ip route 110.1.1.0 255.255.255.0 172.12.123.1 111
The number entered at the very end of the "ip route" command is the AD of that route. If there is an OSPF route for 110.1.1.0 /24, that will be the primary route, and the floating static route will not be used unless the OSPF route is taken out of the routing table.
Floating static routes aren't just a good thing to know for the BSCI exam and your CCNP certification pursuit - they're very practical in the real world as well.
Cisco CCNP Certification / BCMSN Exam Tutorial: Writing QoS Policy
QoS - Quality of Service - is a huge topic on both the BCMSN exam and real-world networks. QoS is so big today that Cisco's created separate specialist certifications that cover nothing but QoS! It can be an overwhelming topic at first, but master the fundamentals and you're on your way to exam and job success.
If you work with QoS at any level - and sooner or later, you will - you've got to know how to write and apply QoS policies.
Creating and applying such a policy is a three-step process.
1. Create a QoS class to identify the traffic that will be affected by the policy.
2. Create a QoS policy containing the actions to be taken by traffic identified by the class.
3. Apply the policy to the appropriate interfaces.
If the phrase "identify the traffic" sounds like it's time to write an access-list, you're right! Writing an ACL is one of two ways to classify traffic, and is the more common of the two. Before we get to the less-common method, let's take a look at how to use an ACL to classify traffic.
You can use either a standard or extended ACL with QoS policies. The ACL will be written separately, and then called from the class map.
SW1(config)#access-list 105 permit tcp any any eq 80
SW1(config)#class-map WEBTRAFFIC
SW1(config-cmap)#match access-group 105
Now that we've identified the traffic to be affected by the policy, we better get around to writing the policy! QoS policies are configured with the policy-map command, and each clause of the policy will contain an action to be taken to traffic matching that clause.
SW1(config)#policy-map LIMIT_WEBTRAFFIC_BANDWIDTH
SW1(config-pmap)#class WEBTRAFFIC
SW1(config-pmap-c)#police 5000000 exceed-action drop
SW1(config-pmap-c)#exit
This is a simple policy, but it illustrates the logic of QoS policies. The policy map LIMIT_WEBTRAFFIC_BANDWIDTH calls the map-class WEBTRAFFIC. We already know that all WWW traffic will match that map class, so any WWW traffic that exceeds the stated bandwidth limitation will be dropped.
Finally, apply the policy to the appropriate interface.
SW1(config-if)#service-policy LIMIT_WEBTRAFFIC_BANDWIDTH in
Getting your CCNP is a great way to boost your career, and learning QoS is a tremendous addition to your skill set. Like I said, learn the fundamentals, don't get overwhelmed by looking at QoS as a whole, and you're on your way to success!
If you work with QoS at any level - and sooner or later, you will - you've got to know how to write and apply QoS policies.
Creating and applying such a policy is a three-step process.
1. Create a QoS class to identify the traffic that will be affected by the policy.
2. Create a QoS policy containing the actions to be taken by traffic identified by the class.
3. Apply the policy to the appropriate interfaces.
If the phrase "identify the traffic" sounds like it's time to write an access-list, you're right! Writing an ACL is one of two ways to classify traffic, and is the more common of the two. Before we get to the less-common method, let's take a look at how to use an ACL to classify traffic.
You can use either a standard or extended ACL with QoS policies. The ACL will be written separately, and then called from the class map.
SW1(config)#access-list 105 permit tcp any any eq 80
SW1(config)#class-map WEBTRAFFIC
SW1(config-cmap)#match access-group 105
Now that we've identified the traffic to be affected by the policy, we better get around to writing the policy! QoS policies are configured with the policy-map command, and each clause of the policy will contain an action to be taken to traffic matching that clause.
SW1(config)#policy-map LIMIT_WEBTRAFFIC_BANDWIDTH
SW1(config-pmap)#class WEBTRAFFIC
SW1(config-pmap-c)#police 5000000 exceed-action drop
SW1(config-pmap-c)#exit
This is a simple policy, but it illustrates the logic of QoS policies. The policy map LIMIT_WEBTRAFFIC_BANDWIDTH calls the map-class WEBTRAFFIC. We already know that all WWW traffic will match that map class, so any WWW traffic that exceeds the stated bandwidth limitation will be dropped.
Finally, apply the policy to the appropriate interface.
SW1(config-if)#service-policy LIMIT_WEBTRAFFIC_BANDWIDTH in
Getting your CCNP is a great way to boost your career, and learning QoS is a tremendous addition to your skill set. Like I said, learn the fundamentals, don't get overwhelmed by looking at QoS as a whole, and you're on your way to success!
Cisco CCNP / BSCI Tutorial: The Role Of The OSPF ASBR
To pass the BSCI exam and earn your CCNP certification, you've got to master the (many) details of OSPF. You might have thought there were quite a few OSPF details in your CCNA studies, but you'll now build on that foundation on the way to earning your CCNP.
One such detail is the role of the Autonomous System Border Router (ASBR) in OSPF. The name itself raises some eyebrows, since you learned in your CCNA studies that OSPF doesn't use autonomous systems! Just as an OSPF Area Border Router borders multiple OSPF areas, the ASBR borders the entire OSPF domain and another source of routes. This can be another dynamic routing protocol, or directly connected networks that are not being advertised into OSPF by the network command.
Let's say we have a router running both OSPF and RIP version 2. By default, the RIP process will not contain any OSPF-discovered routes, and vice versa. The two separate routing processes are just that - separate. If we want the other OSPF routers to know about the RIP routes, route redistribution must be configured. When the RIP routes are redistributed into OSPF, that router is then an ASBR.
In the below example, RIP subnets have been redistributed into OSPF. A seed metric is not necessary when redistributing routes into OSPF. The command "show ip ospf" confirms that this router is now an ASBR.
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets
R1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an autonomous system boundary router
The ASBR can also perform route summarization on the routes being injected into OSPF with the summary-address command. (To configure OSPF inter-area summarization, use the area range command.) By mastering route summarization and route redistribution, you're well on your way to passing the BSCI exam and earning your CCNP certification!
One such detail is the role of the Autonomous System Border Router (ASBR) in OSPF. The name itself raises some eyebrows, since you learned in your CCNA studies that OSPF doesn't use autonomous systems! Just as an OSPF Area Border Router borders multiple OSPF areas, the ASBR borders the entire OSPF domain and another source of routes. This can be another dynamic routing protocol, or directly connected networks that are not being advertised into OSPF by the network command.
Let's say we have a router running both OSPF and RIP version 2. By default, the RIP process will not contain any OSPF-discovered routes, and vice versa. The two separate routing processes are just that - separate. If we want the other OSPF routers to know about the RIP routes, route redistribution must be configured. When the RIP routes are redistributed into OSPF, that router is then an ASBR.
In the below example, RIP subnets have been redistributed into OSPF. A seed metric is not necessary when redistributing routes into OSPF. The command "show ip ospf" confirms that this router is now an ASBR.
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets
R1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an autonomous system boundary router
The ASBR can also perform route summarization on the routes being injected into OSPF with the summary-address command. (To configure OSPF inter-area summarization, use the area range command.) By mastering route summarization and route redistribution, you're well on your way to passing the BSCI exam and earning your CCNP certification!
Cisco CCNP / BSCI Exam Tutorial: Using The OSPF Command “Area Range”
Your BSCI and CCNP exam success depends on knowing the details, and one such detail is knowing the proper way to summarize routes in OSPF. Route summarization is not just a test of your binary conversion abilities, but knowing where and when to summarize routes. It will not surprise any CCNA or CCNP certification candidate that OSPF gives us the most options for route summarization, and therefore more details to know!
OSPF offers us two options for route summarization configurations. In a previous tutorial, we looked at the "summary-address" command, and today we'll look at the proper use of the "area range" command.
The "area range" command should be used on an Area Border Router (ABR) to summarize routes being advertised from one OSPF area to another. In this tutorial, R1 is acting as an ABR, with interfaces in both Area 0 and Area 1. Four loopbacks have been placed into R1's Area 1.
R1(config)#router ospf 1
R1(config-router)#network 12.0.0.0 0.255.255.255 a 1
R1(config-router)#network 13.0.0.0 0.255.255.255 a 1
R1(config-router)#network 14.0.0.0 0.255.255.255 a 1
R1(config-router)#network 15.0.0.0 0.255.255.255 a 1
The routing table of an OSPF neighbor, R2, shows all four routes.
R2#show ip route ospf
12.0.0.0/32 is subnetted, 1 subnets
O IA 12.12.12.12 [110/65] via 172.12.123.1, 00:18:52, Serial0
13.0.0.0/32 is subnetted, 1 subnets
O IA 13.13.13.13 [110/65] via 172.12.123.1, 00:18:42, Serial0
14.0.0.0/32 is subnetted, 1 subnets
O IA 14.14.14.14 [110/65] via 172.12.123.1, 00:18:32, Serial0
15.0.0.0/32 is subnetted, 1 subnets
O IA 15.15.15.15 [110/65] via 172.12.123.1, 00:18:32, Serial0
To keep the routing tables of downstream routers smaller but still have the desired IP connectivity, we can use the area range command on R1 to summarize these four routes. The key to keep in mind with the area range command is that the area number given in the command is the area containing the destinations, NOT the area that will receive the summary route.
R1(config)#router ospf 1
R1(config-router)#area 1 range 12.0.0.0 252.0.0.0
R2 now shows a single summary route that can be used to reach all four remote networks.
R2#show ip route ospf
O IA 12.0.0.0/6 [110/65] via 172.12.123.1, 00:00:21, Serial0
Interestingly enough, there's now an additional route in R1's routing table.
R1#show ip route ospf
O 12.0.0.0/6 is a summary, 00:07:53, Null0
When you configure summary routes in OSPF, a route to null0 will be installed into the OSPF routing table of the router performing the summarization. This helps to prevent routing loops. Any packets destined for the routes that have been summarized will have a longer match in the routing table, and packets that do not match one of the summarized routes but do match the summary route will be dropped.
OSPF offers us two options for route summarization configurations. In a previous tutorial, we looked at the "summary-address" command, and today we'll look at the proper use of the "area range" command.
The "area range" command should be used on an Area Border Router (ABR) to summarize routes being advertised from one OSPF area to another. In this tutorial, R1 is acting as an ABR, with interfaces in both Area 0 and Area 1. Four loopbacks have been placed into R1's Area 1.
R1(config)#router ospf 1
R1(config-router)#network 12.0.0.0 0.255.255.255 a 1
R1(config-router)#network 13.0.0.0 0.255.255.255 a 1
R1(config-router)#network 14.0.0.0 0.255.255.255 a 1
R1(config-router)#network 15.0.0.0 0.255.255.255 a 1
The routing table of an OSPF neighbor, R2, shows all four routes.
R2#show ip route ospf
12.0.0.0/32 is subnetted, 1 subnets
O IA 12.12.12.12 [110/65] via 172.12.123.1, 00:18:52, Serial0
13.0.0.0/32 is subnetted, 1 subnets
O IA 13.13.13.13 [110/65] via 172.12.123.1, 00:18:42, Serial0
14.0.0.0/32 is subnetted, 1 subnets
O IA 14.14.14.14 [110/65] via 172.12.123.1, 00:18:32, Serial0
15.0.0.0/32 is subnetted, 1 subnets
O IA 15.15.15.15 [110/65] via 172.12.123.1, 00:18:32, Serial0
To keep the routing tables of downstream routers smaller but still have the desired IP connectivity, we can use the area range command on R1 to summarize these four routes. The key to keep in mind with the area range command is that the area number given in the command is the area containing the destinations, NOT the area that will receive the summary route.
R1(config)#router ospf 1
R1(config-router)#area 1 range 12.0.0.0 252.0.0.0
R2 now shows a single summary route that can be used to reach all four remote networks.
R2#show ip route ospf
O IA 12.0.0.0/6 [110/65] via 172.12.123.1, 00:00:21, Serial0
Interestingly enough, there's now an additional route in R1's routing table.
R1#show ip route ospf
O 12.0.0.0/6 is a summary, 00:07:53, Null0
When you configure summary routes in OSPF, a route to null0 will be installed into the OSPF routing table of the router performing the summarization. This helps to prevent routing loops. Any packets destined for the routes that have been summarized will have a longer match in the routing table, and packets that do not match one of the summarized routes but do match the summary route will be dropped.
Cisco CCNP / BSCI Exam Tutorial: Leading Zero Compression
The BSCI exam and CCNP certification requires that you be well versed in the basics of IP Version 6, or IPv6. If you're new to IPv6, you'll quickly learn that it's not exactly just two more octets slapped onto an IPv4 address! IPv6 addresses are quite long, but there are two ways to acceptably shorten IPv6 address expression. To pass the BSCI exam, become a CCNP, and get that all-important understanding of IPv6, you've got to understand these different methods of expressing an IPv6 address. My last IPv6 tutorial discussed zero compression; today we'll take a look at leading zero compression.
Leading zero compression allows us to drop the leading zeroes from every field in the address. Where we could only use zero compression once in an IPv6 address expression, leading zero compression can be used as often as is appropriate. The key with leading zero compression is that there must be at least one number left in each field, even if that remaining number is a zero.
You sometimes see books or websites refer to leading zero compression as "dropping zeroes and replacing them with a colon", but that explanation can be a little confusing, since the blocks are separated with a colon to begin with. You're not really replacing the leading zeroes, you're dropping them.
Let's look at an example of leading zero compression. Taking the address 1234:0000:1234:0000:1234:0000:1234:0123, we have four different fields that have leading zeroes. The address could be written out as it is, or drop the leading zeroes.
Original format: 1234:0000:1234:0000:1234:0000:0123:1234
With leading zero compression: 1234:0:1234:0:1234:0:123:1234
There's no problem with using zero compression and leading zero compression in the same address, as shown here:
Original format: 1111:0000:0000:1234:0011:0022:0033:0044
With zero and leading zero compression: 1111::1234:11:22:33:44
Zero compression uses the double-colon to replace the second and third block of numbers, which were all zeroes; leading zero compression replaced the "00" at the beginning of each of the last four blocks. Just be careful and take your time with both zero compression and leading zero compression and you'll do well on the exam and in the real world. The keys to success here are remembering that you can only use zero compression once in a single address, and that while leading zero compression can be used as often as needed, at least one number must remain in each field, even if that number is a zero.
Leading zero compression allows us to drop the leading zeroes from every field in the address. Where we could only use zero compression once in an IPv6 address expression, leading zero compression can be used as often as is appropriate. The key with leading zero compression is that there must be at least one number left in each field, even if that remaining number is a zero.
You sometimes see books or websites refer to leading zero compression as "dropping zeroes and replacing them with a colon", but that explanation can be a little confusing, since the blocks are separated with a colon to begin with. You're not really replacing the leading zeroes, you're dropping them.
Let's look at an example of leading zero compression. Taking the address 1234:0000:1234:0000:1234:0000:1234:0123, we have four different fields that have leading zeroes. The address could be written out as it is, or drop the leading zeroes.
Original format: 1234:0000:1234:0000:1234:0000:0123:1234
With leading zero compression: 1234:0:1234:0:1234:0:123:1234
There's no problem with using zero compression and leading zero compression in the same address, as shown here:
Original format: 1111:0000:0000:1234:0011:0022:0033:0044
With zero and leading zero compression: 1111::1234:11:22:33:44
Zero compression uses the double-colon to replace the second and third block of numbers, which were all zeroes; leading zero compression replaced the "00" at the beginning of each of the last four blocks. Just be careful and take your time with both zero compression and leading zero compression and you'll do well on the exam and in the real world. The keys to success here are remembering that you can only use zero compression once in a single address, and that while leading zero compression can be used as often as needed, at least one number must remain in each field, even if that number is a zero.
Cisco CCNP / BSCI Exam Tutorial: ISIS Router Types
To pass the BSCI exam and earn your CCNP, you've got to know ISIS inside and out. There are many similarities between ISIS and OSPF, but one major difference is that ISIS has three different types of routers - Level 1 (L1), Level 2 (L2), and L1/L2.
L1 routers are contained in a single area, and are connected to other areas by an L1/L2 router. The L1 uses the L1/L2 router as a default gateway to reach destinations contained in other areas, much like an OSPF stub router uses the ABR as a default gateway.
L1 routers have no specific routing table entries regarding any destination outside their own area; they will use an L1/L2 router as a default gateway to reach any external networks. ISIS L1 routers in the same area must synchronize their databases with each other.
Just as we have L1 routers, we also have L2 routers. Anytime we're routing between areas (inter-area routing), an L2 or L1/L2 router must be involved. All L2 routers will have synchronized databases as well.
Both L1 and L2 routers send out their own hellos. As with OSPF, hello packets allow ISIS routers to form adjacencies. The key difference here is that L1 routers send out L1 hellos, and L2 routers send out L2 hellos. If you have an L1 router and an L2 router on the same link, they will not form an adjacency.
An ISIS router can act as an L1 and an L2 router at the same time; these routers are L1/L2 routers. An L1/L2 router can have neighbors in separate ISIS areas. The L1/L2 router will have two separate databases, though - one for L1 routes and another for L2 routes. L1/L2 is the default setting for Cisco routers running ISIS. The L1/L2 router is the router that makes it possible for an L1 router to send data to another area.
In the next part of my ISIS tutorial, we'll take a more detailed look at those ISIS hellos!
L1 routers are contained in a single area, and are connected to other areas by an L1/L2 router. The L1 uses the L1/L2 router as a default gateway to reach destinations contained in other areas, much like an OSPF stub router uses the ABR as a default gateway.
L1 routers have no specific routing table entries regarding any destination outside their own area; they will use an L1/L2 router as a default gateway to reach any external networks. ISIS L1 routers in the same area must synchronize their databases with each other.
Just as we have L1 routers, we also have L2 routers. Anytime we're routing between areas (inter-area routing), an L2 or L1/L2 router must be involved. All L2 routers will have synchronized databases as well.
Both L1 and L2 routers send out their own hellos. As with OSPF, hello packets allow ISIS routers to form adjacencies. The key difference here is that L1 routers send out L1 hellos, and L2 routers send out L2 hellos. If you have an L1 router and an L2 router on the same link, they will not form an adjacency.
An ISIS router can act as an L1 and an L2 router at the same time; these routers are L1/L2 routers. An L1/L2 router can have neighbors in separate ISIS areas. The L1/L2 router will have two separate databases, though - one for L1 routes and another for L2 routes. L1/L2 is the default setting for Cisco routers running ISIS. The L1/L2 router is the router that makes it possible for an L1 router to send data to another area.
In the next part of my ISIS tutorial, we'll take a more detailed look at those ISIS hellos!
Cisco CCNP / BSCI Exam Tutorial: IP Version 6 Zero Compression
BSCI exam success is all part of becoming a CCNP, and part of that success is now learning the basics of IP Version 6, or IPv6. One of the most difficult parts of learning IPv6 concepts is the radically different addressing scheme that IPv6 uses as compared to IPv4. Just look at these sample addresses:
Typical IPv4 address: 129.14.12.200
Typical IPv6 address: 1029:9183:81AE:0000:0000:0AC1:2143:019B
As you can see, IPv6 isn't exactly just tacking two more octets onto an IPv4 address!
I haven't met too many networkers who really like typing, particularly numbers. You'll be happy to know there are some rules that will shorten those addresses a bit, and it's a very good idea to be fluent with these rules for your exam.
You remember from your CCNA studies that there's no difference between an upper-case letter and lower-case letter in hexadecimal. That's one of three basic rules you need to know when working with IPv6 addressing. The other factors deal with all the zeroes you'll run into in IPv6 addresses! One of these rules is the rule of zero compression.
The rule of zero compression states that if an address contains consecutive fields of zeroes, they can be expressed with two colons. It doesn't matter if you have two fields or eight, you can simply type two colons and that will represent all of them. The key here is that you can only do this once in an IPv6 address. This is referred to as zero compression. Here's an example:
Original format: 1234:1234:0000:0000:0000:0000:3456:3434
Using zero compression: 1234:1234::3456:3434
Again, you must remember that you can only do this once in an IPv6 address expression.
What if there are zeroes in the address that don't quite fit this rule? The next part of our IPv6 tutorial will deal with leading zero compression, another tool you can use to shorten these long, long addresses!
Typical IPv4 address: 129.14.12.200
Typical IPv6 address: 1029:9183:81AE:0000:0000:0AC1:2143:019B
As you can see, IPv6 isn't exactly just tacking two more octets onto an IPv4 address!
I haven't met too many networkers who really like typing, particularly numbers. You'll be happy to know there are some rules that will shorten those addresses a bit, and it's a very good idea to be fluent with these rules for your exam.
You remember from your CCNA studies that there's no difference between an upper-case letter and lower-case letter in hexadecimal. That's one of three basic rules you need to know when working with IPv6 addressing. The other factors deal with all the zeroes you'll run into in IPv6 addresses! One of these rules is the rule of zero compression.
The rule of zero compression states that if an address contains consecutive fields of zeroes, they can be expressed with two colons. It doesn't matter if you have two fields or eight, you can simply type two colons and that will represent all of them. The key here is that you can only do this once in an IPv6 address. This is referred to as zero compression. Here's an example:
Original format: 1234:1234:0000:0000:0000:0000:3456:3434
Using zero compression: 1234:1234::3456:3434
Again, you must remember that you can only do this once in an IPv6 address expression.
What if there are zeroes in the address that don't quite fit this rule? The next part of our IPv6 tutorial will deal with leading zero compression, another tool you can use to shorten these long, long addresses!
Cisco CCNP / BSCI Exam Tutorial: A Guide To Ipv6 Addressing
Learning IPv6 is paramount in your efforts to pass the BSCI exam and go on to earn your CCNP, and it's going to help in your real-world networking career as well. IPv6 can be confusing at first, but it's like anything else in Cisco or networking as a whole - learn one part at a time, master the fundamentals, and you're on your way to success. In today's article we're going to take a look at IPv6 address types.
In IPv4, a unicast address is simply an address used to represent a single host, where multicast addresses represent a group of hosts and broadcasts represent all hosts.
In IPv6, it's not quite that simple. There are actually different types of unicast addresses, each with its own separate function. This allows IPv6 to get data where it's supposed to go quicker than IPv4 while conserving router resources.
IPv6 offers two kinds of local addresses, link-local and site-local. Site-local addresses allow devices in the same organization, or site, to exchange data. Site-local addresses are IPv6's equivalent to IPv4's private address classes, since hosts using them are able to communicate with each other throughout the organization, but these addresses cannot be used to reach Internet hosts.
Site-local and link-local addresses are actually derived from a host's MAC address. Therefore, if HostA has HostB's IPv6 address, HostA can determine HostB's MAC address from that, making ARP unnecessary.
Link-local addresses have a smaller scope than site-local. Link-local addresses are just that, local to a physical link. These particular addresses are not used at all in forwarding data. One use for these addresses is Neighbor Discovery, which is IPv6's answer to ARP.
You can identify these and other IPv6 addresses by their initial bits:
001 - Global address
(first 96 bits set to zero) - IPv4-compatible address
1111 1111 – Multicast
1111 1110 11 - Site local
1111 1110 10 - Link Local
As a future CCNP, you're more than familiar with the reserved IPv4 address classes. You also know that they're not exactly contiguous. The developers of IPv6 took a structured approach to IPv6 reserved addresses - any address that begins with "0000 0000" is an IPv6 reserved address. One of these is the IPv6 loopback address, and this will give you some practice with your zero compression!
IP v6 Loopback: 0000:0000:0000:0000:0000:0000:0000:0001
Using Leading Zero Compression Only: 0:0:0:0:0:0:0:1
Combining Leading Zero and Zero Compression: ::1
Zero compression looks pretty good now, doesn't it? You just have to get used to it and keep the rules in mind. You can use all the leading zero compression you want, but zero compression ("double-colon") can only be used once in a single address.
IPv6 is here to stay, not only on your BSCI and CCNP exams, but in the real world as well. Learning it now will not only aid you in passing your Cisco exams, but in supporting IPv6 in the future.
In IPv4, a unicast address is simply an address used to represent a single host, where multicast addresses represent a group of hosts and broadcasts represent all hosts.
In IPv6, it's not quite that simple. There are actually different types of unicast addresses, each with its own separate function. This allows IPv6 to get data where it's supposed to go quicker than IPv4 while conserving router resources.
IPv6 offers two kinds of local addresses, link-local and site-local. Site-local addresses allow devices in the same organization, or site, to exchange data. Site-local addresses are IPv6's equivalent to IPv4's private address classes, since hosts using them are able to communicate with each other throughout the organization, but these addresses cannot be used to reach Internet hosts.
Site-local and link-local addresses are actually derived from a host's MAC address. Therefore, if HostA has HostB's IPv6 address, HostA can determine HostB's MAC address from that, making ARP unnecessary.
Link-local addresses have a smaller scope than site-local. Link-local addresses are just that, local to a physical link. These particular addresses are not used at all in forwarding data. One use for these addresses is Neighbor Discovery, which is IPv6's answer to ARP.
You can identify these and other IPv6 addresses by their initial bits:
001 - Global address
(first 96 bits set to zero) - IPv4-compatible address
1111 1111 – Multicast
1111 1110 11 - Site local
1111 1110 10 - Link Local
As a future CCNP, you're more than familiar with the reserved IPv4 address classes. You also know that they're not exactly contiguous. The developers of IPv6 took a structured approach to IPv6 reserved addresses - any address that begins with "0000 0000" is an IPv6 reserved address. One of these is the IPv6 loopback address, and this will give you some practice with your zero compression!
IP v6 Loopback: 0000:0000:0000:0000:0000:0000:0000:0001
Using Leading Zero Compression Only: 0:0:0:0:0:0:0:1
Combining Leading Zero and Zero Compression: ::1
Zero compression looks pretty good now, doesn't it? You just have to get used to it and keep the rules in mind. You can use all the leading zero compression you want, but zero compression ("double-colon") can only be used once in a single address.
IPv6 is here to stay, not only on your BSCI and CCNP exams, but in the real world as well. Learning it now will not only aid you in passing your Cisco exams, but in supporting IPv6 in the future.
Cisco CCNP / BSCI Certification: The Local Preference BGP Attribute
When studying for your BSCI exam for the CCNP, you get your first taste of BGP. One of the major differences between BGP and the other protocols you've studied to date is that BGP uses attributes to describe paths, and to influence the selection of one path over the other.
In this free tutorial, we're going to take a look at the Local Preference attribute and compare it to the Cisco-proprietary BGP attribute "weight".
The Local Preference (LOCAL_PREF) attribute is used to influence how traffic will flow from one Autonomous System (AS) to another when multiple paths exist. For example, if AS 100 has two different paths to a destination network in AS 200, the LOCAL_PREF attribute can be used to influence the path selection.
The major difference between the Weight and LOCAL_PREF attributes is that when the LOCAL_PREF attribute is changed, that change is reflected throughout the AS. The new LOCAL_PREF value will be advertised to all other routers in the AS, as compared to the Weight attribute, which is locally significant only. If you change the Weight for a path on one router in an AS, the other routers in the AS will not learn of the change.
A route-map can be used to change a local preference value. For example, if you want to change the local preference value to 200 for the path advertisement 10.2.2.0/24 coming in from neighbor 10.1.1.1, there are three steps involved. First, write an ACL matching the remote network you want to change the local preference for.
R1(config)#access-list 5 permit 10.2.2.0 0.0.0.255
Second, write a route-map setting the local preference to 200. This will double the default value of 100, and the path with the highest local preference will be the preferred path.
R1(config)#route-map PREFER_PATH permit 10
R1(config-route-map)#match ip address 5
R1(config-route-map)#set local-pref 200
Finally, apply the route-map to routes that are being received from 10.1.1.1.
R1(config)#router bgp 100
R1(config-router)#network 10.1.1.1 route-map PREFER_PATH in
R1 will then advertise this new local preference value to all other routers in AS 100 - all of its iBGP neighbors.
In this free tutorial, we're going to take a look at the Local Preference attribute and compare it to the Cisco-proprietary BGP attribute "weight".
The Local Preference (LOCAL_PREF) attribute is used to influence how traffic will flow from one Autonomous System (AS) to another when multiple paths exist. For example, if AS 100 has two different paths to a destination network in AS 200, the LOCAL_PREF attribute can be used to influence the path selection.
The major difference between the Weight and LOCAL_PREF attributes is that when the LOCAL_PREF attribute is changed, that change is reflected throughout the AS. The new LOCAL_PREF value will be advertised to all other routers in the AS, as compared to the Weight attribute, which is locally significant only. If you change the Weight for a path on one router in an AS, the other routers in the AS will not learn of the change.
A route-map can be used to change a local preference value. For example, if you want to change the local preference value to 200 for the path advertisement 10.2.2.0/24 coming in from neighbor 10.1.1.1, there are three steps involved. First, write an ACL matching the remote network you want to change the local preference for.
R1(config)#access-list 5 permit 10.2.2.0 0.0.0.255
Second, write a route-map setting the local preference to 200. This will double the default value of 100, and the path with the highest local preference will be the preferred path.
R1(config)#route-map PREFER_PATH permit 10
R1(config-route-map)#match ip address 5
R1(config-route-map)#set local-pref 200
Finally, apply the route-map to routes that are being received from 10.1.1.1.
R1(config)#router bgp 100
R1(config-router)#network 10.1.1.1 route-map PREFER_PATH in
R1 will then advertise this new local preference value to all other routers in AS 100 - all of its iBGP neighbors.
Cisco CCNP / BCSI Exam Tutorial: Configuring EIGRP Packet
Configuring RIPv2 and EIGRP authentication with key chains can be tricky at first, and the syntax isn't exactly easy to remember. But for BSCI and CCNP exam success, we've got to be able to perform this task.
In a previous tutorial, we saw how to configure RIPv2 packet authentication, with both clear-text and MD5 authentication schemes. EIGRP authentication is much the same, and has the text and MD5 authentication options as well. But EIGRP being EIGRP, the command just has to be a little more detailed!
As with RIPv2, the authentication mode must be agreed upon by the EIGRP neighbors. If one router's interface is configured for MD5 authentication and the remote router's interface is configured for text authentication, the adjacency will fail even if the two interfaces in question are configured to use the same password.
We'll now configure link authentication on the adjacency over an Ethernet segment. Below, you'll see how to configure a key chain called EIGRP on both routers, use key number 1, and use the key-string BSCI. Run show key chain on a router to see all key chains.
R2(config)#key chain EIGRP
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string BSCI
R2#show key chain
Key-chain EIGRP:
key 1 -- text "BSCI"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
R3(config)#key chain EIGRP
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string BSCI
R3#show key chain
Key-chain EIGRP:
key 1 -- text "BSCI"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
The EIGRP command to apply the key chain is a bit of a pain to remember, because the protocol and AS number is identified in the middle of the command, not the beginning. Also note that two commands are needed - one to name the key chain, another to define the authentication mode in use.
R2(config)#interface ethernet0
R2(config-if)#ip authentication key-chain eigrp 100 EIGRP
R2(config-if)#ip authentication mode eigrp 100 md5
5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.3 (Ethernet0) is down: keychain changed
R3(config)#interface ethernet0
R3(config-if)#ip authentication key-chain eigrp 100 EIGRP
R3(config-if)#ip authentication mode eigrp 100 md5
5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.2 (Ethernet0) is up:
As with RIPv2, the existing adjacency was torn down when one side was configured with authentication. If the key chain is correctly defined and applied on both sides, the adjacency will come back up. Always run show ip eigrp neighbor to make sure the adjacency is present. Learn the details of EIGRP key chains by configuring them on your home lab equipment, and you'll be more than ready for BSCI exam success!
In a previous tutorial, we saw how to configure RIPv2 packet authentication, with both clear-text and MD5 authentication schemes. EIGRP authentication is much the same, and has the text and MD5 authentication options as well. But EIGRP being EIGRP, the command just has to be a little more detailed!
As with RIPv2, the authentication mode must be agreed upon by the EIGRP neighbors. If one router's interface is configured for MD5 authentication and the remote router's interface is configured for text authentication, the adjacency will fail even if the two interfaces in question are configured to use the same password.
We'll now configure link authentication on the adjacency over an Ethernet segment. Below, you'll see how to configure a key chain called EIGRP on both routers, use key number 1, and use the key-string BSCI. Run show key chain on a router to see all key chains.
R2(config)#key chain EIGRP
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string BSCI
R2#show key chain
Key-chain EIGRP:
key 1 -- text "BSCI"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
R3(config)#key chain EIGRP
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string BSCI
R3#show key chain
Key-chain EIGRP:
key 1 -- text "BSCI"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
The EIGRP command to apply the key chain is a bit of a pain to remember, because the protocol and AS number is identified in the middle of the command, not the beginning. Also note that two commands are needed - one to name the key chain, another to define the authentication mode in use.
R2(config)#interface ethernet0
R2(config-if)#ip authentication key-chain eigrp 100 EIGRP
R2(config-if)#ip authentication mode eigrp 100 md5
5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.3 (Ethernet0) is down: keychain changed
R3(config)#interface ethernet0
R3(config-if)#ip authentication key-chain eigrp 100 EIGRP
R3(config-if)#ip authentication mode eigrp 100 md5
5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.2 (Ethernet0) is up:
As with RIPv2, the existing adjacency was torn down when one side was configured with authentication. If the key chain is correctly defined and applied on both sides, the adjacency will come back up. Always run show ip eigrp neighbor to make sure the adjacency is present. Learn the details of EIGRP key chains by configuring them on your home lab equipment, and you'll be more than ready for BSCI exam success!
Cisco CCNP / BCMSN Exam Tutorial: Static VLANs
BCMSN exam success and earning your CCNP certification requires you to add to your knowledge of VLAN configuration. When you studied for your CCNA exam, you learned how to place ports into a VLAN and what the purpose of VLANs was, but you may not be aware that there are two types of VLAN membership. To pass the BCMSN exam, you must know the details of both types.
In this tutorial, we'll take a look at the VLAN type you are most familiar with, the "static VLAN". As you know, VLANs are a great way to create smaller broadcast domains in your network. Host devices connected to a port belonging to one VLAN will receive broadcasts and multicasts only if they were originated by another host in that same VLAN. The drawback is that without the help of a Layer 3 switch or a router, inter-VLAN communication cannot occur.
The actual configuration of a static VLAN is simple enough. In this example, by placing switch ports 0/1 and 0/2 into VLAN 12, the only broadcasts and multicasts hosts connected to those ports will receive are the ones transmitted by ports in VLAN 12.
SW1(config)#int fast 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
% Access VLAN does not exist. Creating vlan 12
SW1(config-if)#int fast 0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
One of the many things I love about Cisco switches and routers is that if you have forgotten to do something, the Cisco device is generally going to remind you or in this case actually do it for you. I placed port 0/1 into a VLAN that did not yet exist, so the switch created it for me!
There are two commands needed to place a port into a VLAN. By default, these ports are running in dynamic desirable trunking mode, meaning that the port is actively attempting to form a trunk with a remote switch in order to send traffic between the two switches. The problem is that a trunk port belongs to all VLANs by default, and we want to put this port into a single VLAN only. To do so, we run the switchport mode access command to make the port an access port, and access ports belong to one and only one VLAN. After doing that, we placed the port into VLAN 12 with the switchport access vlan 12 command. Running the switchport mode access command effectively turns trunking off on that port.
The hosts are unaware of VLANs; they simply assume the VLAN membership of the port they're connected to. But that's not quite the case with dynamic VLANs, which we'll examine in the next part of this BCMSN tutorial.
In this tutorial, we'll take a look at the VLAN type you are most familiar with, the "static VLAN". As you know, VLANs are a great way to create smaller broadcast domains in your network. Host devices connected to a port belonging to one VLAN will receive broadcasts and multicasts only if they were originated by another host in that same VLAN. The drawback is that without the help of a Layer 3 switch or a router, inter-VLAN communication cannot occur.
The actual configuration of a static VLAN is simple enough. In this example, by placing switch ports 0/1 and 0/2 into VLAN 12, the only broadcasts and multicasts hosts connected to those ports will receive are the ones transmitted by ports in VLAN 12.
SW1(config)#int fast 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
% Access VLAN does not exist. Creating vlan 12
SW1(config-if)#int fast 0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
One of the many things I love about Cisco switches and routers is that if you have forgotten to do something, the Cisco device is generally going to remind you or in this case actually do it for you. I placed port 0/1 into a VLAN that did not yet exist, so the switch created it for me!
There are two commands needed to place a port into a VLAN. By default, these ports are running in dynamic desirable trunking mode, meaning that the port is actively attempting to form a trunk with a remote switch in order to send traffic between the two switches. The problem is that a trunk port belongs to all VLANs by default, and we want to put this port into a single VLAN only. To do so, we run the switchport mode access command to make the port an access port, and access ports belong to one and only one VLAN. After doing that, we placed the port into VLAN 12 with the switchport access vlan 12 command. Running the switchport mode access command effectively turns trunking off on that port.
The hosts are unaware of VLANs; they simply assume the VLAN membership of the port they're connected to. But that's not quite the case with dynamic VLANs, which we'll examine in the next part of this BCMSN tutorial.
Cisco CCNA Exam Tutorial And Case Study: VLANs and IP Connectivity
In this CCNA case study, we'll take some basic switching and trunking theory and put it into action. We have two routers (R2 and R3) along with two switches (SW1 and SW2). R2 is connected to SW1 at fast 0/2, and R3 is connected to SW2 at fast 0/3. Both routers have IP addresses on the 172.12.23.0 /24 network.
For these routers to be able to ping each other, the switches must be able to communicate. These are two 2950 switches, and they're connected via two crossover cables. Before we worry about the router connectivity, let's make sure the trunk link is up between the switches with the "show interface trunk" command.
SW2#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/11 desirable 802.1q trunking 1
Fa0/12 desirable 802.1q trunking 1
< output truncated for clarity >
The default mode of these switches is for the ports to run in dynamic desirable trunking mode, so we didn't even need to write a configuration to have the trunk form - it's already there!
Show vlan brief reinforces the theory that by default, all switch ports are placed into VLAN 1 (except the trunk ports).
R2 and R3’s Ethernet addresses have already been configured, the trunk line is operational, and both ports are in VLAN 1. We'll ping R2’s Ethernet interface from R3, and then R3’s Ethernet interface from R2 to verify IP connectivity.
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
R3#ping 172.23.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
With pings, exclamation points indicate IP connectivity, and periods indicate no connectivity.
So we've got connectivity! Now let's see if we still have that connectivity when the ports are placed into different VLANs. Cisco CCNA theory states that devices in different VLANs can't communicate without the intervention of a Layer 3 device, but let's see if that's true by placing R2 into VLAN 23. (VTP is already running on these switches.)
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fast 0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 23
SW1(config-if)#^Z
Now that R2 and R3 are in separate VLANs, can they still send pings back and forth?
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R3#ping 172.23.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
.....
No, they can’t. The difference is that they’re now in separate VLANs, and devices in different VLANs can’t communicate unless routing is taking place somewhere. Here, no routing is taking place, so the pings don’t go through.
Put R3’s switch port into VLAN 23, and try the ping again.
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface fast0/3
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 23
R3#ping 172.23.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:
!!!!!
Now that R2 and R3 are in the same VLAN, pings can go through. This just proves the theory - that inter-VLAN communicate requires a Layer 3 device. Layer 3 switches are becoming more and more popular, but router-on-a-stick is still around - and we'll see how to configure that in our next tutorial!
For these routers to be able to ping each other, the switches must be able to communicate. These are two 2950 switches, and they're connected via two crossover cables. Before we worry about the router connectivity, let's make sure the trunk link is up between the switches with the "show interface trunk" command.
SW2#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/11 desirable 802.1q trunking 1
Fa0/12 desirable 802.1q trunking 1
< output truncated for clarity >
The default mode of these switches is for the ports to run in dynamic desirable trunking mode, so we didn't even need to write a configuration to have the trunk form - it's already there!
Show vlan brief reinforces the theory that by default, all switch ports are placed into VLAN 1 (except the trunk ports).
R2 and R3’s Ethernet addresses have already been configured, the trunk line is operational, and both ports are in VLAN 1. We'll ping R2’s Ethernet interface from R3, and then R3’s Ethernet interface from R2 to verify IP connectivity.
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
R3#ping 172.23.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
With pings, exclamation points indicate IP connectivity, and periods indicate no connectivity.
So we've got connectivity! Now let's see if we still have that connectivity when the ports are placed into different VLANs. Cisco CCNA theory states that devices in different VLANs can't communicate without the intervention of a Layer 3 device, but let's see if that's true by placing R2 into VLAN 23. (VTP is already running on these switches.)
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fast 0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 23
SW1(config-if)#^Z
Now that R2 and R3 are in separate VLANs, can they still send pings back and forth?
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R3#ping 172.23.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
.....
No, they can’t. The difference is that they’re now in separate VLANs, and devices in different VLANs can’t communicate unless routing is taking place somewhere. Here, no routing is taking place, so the pings don’t go through.
Put R3’s switch port into VLAN 23, and try the ping again.
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface fast0/3
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 23
R3#ping 172.23.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:
!!!!!
Now that R2 and R3 are in the same VLAN, pings can go through. This just proves the theory - that inter-VLAN communicate requires a Layer 3 device. Layer 3 switches are becoming more and more popular, but router-on-a-stick is still around - and we'll see how to configure that in our next tutorial!
Cisco CCNA Exam Tutorial: Using Trivial File Transfer Protocol (TFTP)
One of the first things you do when you start studying for the CCNA exam is memorizing a list of port numbers and the protocols that run on those ports. If you're an experienced networker, you know most of the protocols that are mentioned - DNS, DHCP, FTP, SMTP, and so on. But there's one protocol that you might not have experience with, but is actually vital for CCNA exam success and success in working with Cisco routers and switches, and that's TFTP - Trivial File Transfer Protocol.
TFTP is basically FTP's non-secure relative. There are no passwords, no authentication scheme, no nothing! As someone once told me, "If I'm transferring my files, there's nothing 'trivial' about it."
Great. So you’re thinking, “What the heck do we use TFTP for, anyway?”
TFTP is used in the Cisco world to perform IOS upgrades and to save configs to a TFTP Server. Cisco routers can themselves serve as TFTP servers, or you can use a workstation to fill that role.
If you needed to copy an IOS image to a router, for example, you could do so easily by connecting your PC to the router’s console port (via a rollover cable, right?). Your PC would need to run TFTP server software. There are quite a few free TFTP server software programs that work quite well – just enter “free tftp server” into Google or your favorite search engine and you’ll see what I mean.
Using TFTP in this fashion is a great way to have backup copies of IOS images or router configs right on your laptop. And take it from me, when the day comes that you need those backups, you’ll be glad you did!
Remember that when using the copy command, you first indicate where you’re copying from, then where you’re copying to:
R1#copy flash tftp
Source filename []? Example
Address or name of remote host []?
When performing such a copy, you’ll need to name the file you’re copying, as well as the IP address of the device you’re copying to.
Using TFTP to perform IOS upgrades takes a little getting used to, especially the syntax of the copy command. But knowing that syntax and how to use TFTP will indeed get you one step closer to the CCNA!
TFTP is basically FTP's non-secure relative. There are no passwords, no authentication scheme, no nothing! As someone once told me, "If I'm transferring my files, there's nothing 'trivial' about it."
Great. So you’re thinking, “What the heck do we use TFTP for, anyway?”
TFTP is used in the Cisco world to perform IOS upgrades and to save configs to a TFTP Server. Cisco routers can themselves serve as TFTP servers, or you can use a workstation to fill that role.
If you needed to copy an IOS image to a router, for example, you could do so easily by connecting your PC to the router’s console port (via a rollover cable, right?). Your PC would need to run TFTP server software. There are quite a few free TFTP server software programs that work quite well – just enter “free tftp server” into Google or your favorite search engine and you’ll see what I mean.
Using TFTP in this fashion is a great way to have backup copies of IOS images or router configs right on your laptop. And take it from me, when the day comes that you need those backups, you’ll be glad you did!
Remember that when using the copy command, you first indicate where you’re copying from, then where you’re copying to:
R1#copy flash tftp
Source filename []? Example
Address or name of remote host []?
When performing such a copy, you’ll need to name the file you’re copying, as well as the IP address of the device you’re copying to.
Using TFTP to perform IOS upgrades takes a little getting used to, especially the syntax of the copy command. But knowing that syntax and how to use TFTP will indeed get you one step closer to the CCNA!
Subscribe to:
Posts (Atom)
