[CCNA/CCNP Certs] Etherchannels And Spanning Tree Protocol (STP)



Cisco CCNA certification looks great on your resume, and it also teaches you vital real-world networking skills. One exam topic that you'll definitely see in today's networks is the configuration of an Etherchannel on a Cisco router. You need to know how to build and verify one - so let's build one right now!

 In this Cisco training tutorial, we'll use two switches that are connected at ports 0/11 and 0/12 via crossover cables. SW1 is the root bridge, SW2 is the non-root bridge. Even though there are two separate physical connections, spanning tree protocol (STP) will only allow the use of one, as verified by the partial output of "show spanning vlan 1" on SW2.

 Fa0/11 Root FWD 19 128.11 P2p

 Fa0/12 Altn BLK 19 128.12 P2p

 It's a waste of network resources not to use that second physical path. Additionally, there's going to be a delay in cutting over from 0/11 to 0/12 if the forwarding path goes down for some reason. We can get around both of these issues by creating an Etherchannel. An Etherchannel is a logical bundling of physical paths into one logical path. By configuring an Etherchannel on both 0/11 and 0/12, we will be left with one logical connection that will actually use the full capacity of both physical connections!

 SW1(config)#int fast 0/11

 SW1(config-if)#channel-group 1 mode on

 Creating a port-channel interface Port-channel 1

 The channel-group command must be configured on each physical interface that we want to place into the Etherchannel, so we'll have to configure it on ports 0/11 and 0/12 on both SW1 and SW2. Naturally, the group number used must match among all ports placed into the Etherchannel

 Did you notice the router message "creating a port-channel interface port-channel 1"? You can verify the creation of that virtual interface just as you would a physical interface:

 SW1#show int port-channel 1

 Port-channel1 is up, line protocol is up (connected)

 Hardware is EtherChannel, address is 000f.90e1.c24b (bia 000f.90e1.c24b)

 Note the readout "Hardware is EtherChannel". Also, where we once saw two physical ports when we ran "show spanning vlan 1", we now see only one - the port-channel. Also note that where the individual ports had a port cost of 19, the Etherchannel has a cost of 12 due to its increased bandwidth capabilities.

 Po1 Desg FWD 12 128.65 P2p

 Etherchannels give us a performance benefit and a fault tolerance benefit as well. Performance is increased since all physical channels between the two switches can be used, rather than the one STP allows by default. (You can place up to eight separate physical links into a single Etherchannel.) Fault tolerance is also increased, since a physical channel bundled into the Etherchannel can go down without an STP recalculation -- STP sees the Etherchannel as one single connection!

 Etherchannels aren't just important to know about for the CCNA exam, they're commonly used in real-world networks as well - so make sure you know how to configure and troubleshoot them!

 Source: http://ezinearticles.com/?Cisco-CCNA-Certification-Training:--Etherchannels-And-Spanning-Tree-Protocol-(STP)&id=371780

CCNA/CCNP Certification: OSPF E2 vs. E1 Routes


OSPF is a major topic on both the CCNA and CCNP exams, and it's also the topic that requires the most attention to detail. Where dynamic routing protocols such as RIP and IGRP have only one router type, a look at a Cisco routing table shows several different OSPF route types.

 R1#show ip route

 Codes:

 C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

 In this tutorial, we'll take a look at the difference between two of these route types, E1 and E2.

 Route redistribution is the process of taking routes learned via one routing protocol and injecting those routes into another routing domain. (Static and connected routes can also be redistributed.) When a router running OSPF takes routes learned by another routing protocol and makes them available to the other OSPF-enabled routers it's communicating with, that router becomes an Autonomous System Border Router (ASBR). 
Let's work with an example where R1 is running both OSPF and RIP. R4 is in the same OSPF domain as R1, and we want R4 to learn the routes that R1 is learning via RIP. This means we have to perform route redistribution on the ASBR. The routes that are being redistributed from RIP into OSPF will appear as E2 routes on R4:

 R4#show ip route ospf

 O E2 5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0

 6.0.0.0/32 is subnetted, 1 subnets

 O E2 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0

 172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks

 O E2 172.12.21.0/30 [110/20] via 172.34.34.3, 00:33:32, 
Ethernet0

 O E2 7.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0

 15.0.0.0/24 is subnetted, 1 subnets

 O E2 15.1.1.0 [110/20] via 172.34.34.3, 00:33:32, Ethernet0

 E2 is the default route type for routes learned via redistribution. The key with E2 routes is that the cost of these routes reflects only the cost of the path from the ASBR to the final destination; the cost of the path from R4 to R1 is not reflected in this cost. (Remember that OSPF's metric for a path is referred to as "cost".) 
In this example, we want the cost of the routes to reflect the entire path, not just the path between the ASBR and the destination network. To do so, the routes must be redistributed into OSPF as E1 routes on the ASBR, as shown here.

 R1#conf t

 Enter configuration commands, one per line. End with CNTL/Z.

 R1(config)#router ospf 1

 R1(config-router)#redistribute rip subnets metric-type 1

 Now on R4, the routes appear as E1 routes and have a larger metric, since the entire path cost is now reflected in the routing table.

 O E1 5.1.1.1 [110/94] via 172.34.34.3, 00:33:21, Ethernet0

 6.0.0.0/32 is subnetted, 1 subnets

 O E1 6.1.1.1 [110/100] via 172.34.34.3, 00:33:21, Ethernet0

 172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks

 O E1 172.12.21.0/30 [110/94] via 172.34.34.3, 00:33:32, Ethernet0

 O E1 7.1.1.1 [110/94] via 172.34.34.3, 00:33:21, Ethernet0

 15.0.0.0/24 is subnetted, 1 subnets

 O E1 15.1.1.0 [110/94] via 172.34.34.3, 00:33:32, Ethernet0

 Knowing the difference between E1 and E2 routes is vital for CCNP exam success, as well as fully understanding a production router's routing table.

Source: http://www.articlesbase.com/computers-articles/cisco-ccna-ccnp-certification-ospf-e2-vs-e1-routes-4513237.html

IP Subnet Calculations


1. IP Addressing

 At this point you should know that IP, the Internet Protocol, is a network layer (OSI layer 3) protocol, used to route packets between hosts on different networks. To suit this purpose, IP must define an addressing scheme, so that a packet's intended destination can be indicated.

 An IP address is composed of 32 bits. These 32 bits are divided into 4 octets of 8 bits each. You may have seen an IP address represented like this: 172.68.15.24. We must remember, however, that the computer understands this number only in binary, so we must often deal with them in binary. Many people are intimidated by this initially, but soon find that it is not difficult. If you do not allow yourself to be flustered, you can master this topic.

 IP addresses are assigned to orginazations in blocks. Each block belongs to one of three classes: class A, class B, or class C. You can tell what class an IP address is by the value in its first octet.Class A 1-126
Class B 128-191
Class C 192 -->
An IP address consists of two fields. The first field identifies the network, and the second field identifies the node on the network. Which bits of the address are in the network field and which bits are in the host field is determined by the subnet mask.

 When a class A IP license is granted, you are assigned something like this: 99.0.0.0. Only the value of the bits in the first octet are assigned. This means you are free to assign any values you wish in the second, third and fourth octets.

 The defualt subnet mask for a class A network is 255.0.0.0. High bits, ones, indicate the bits that are part of the network field of the IP address. The default subnet mask does not create subnets. Therefor, a class A network with the default subnet mask is one network. The three octets that are unassigned and unmasked are part of the host field of the address. There is a total of 24 bits in those three octets. Each bit can be in one of two states. Therefor, 2^24 is the number of host addresses that can be assigned on that network, almost. Two addresses are reserved on every network, x.x.x.0 and x.x.x.255. So the total number of hosts possible on this network is 2^24. 2^24-2=16,777,214 hosts for a class A IP network.

 When a class B license is granted, the first two octets are assigned. For example, 172.198.x.x. The default subnet mask for a class B is 255.255.0.0. One network, two octets free, 16 bits for the host address field. 2^16-2=65,534 possible host addresses on a class B IP network.

 When a class C license is granted, the first three octets are assigned, for example: 193.52.16.0. The default subnet mask for a class C is 255.255.255.0. Once octet makes up the host address field. 2^8-2=254 host addresses possible on a class C network.

 2. Reason for Subnetting

 We said that the default subnet mask for a class A IP network is 255.0.0.0. Once octet only of a class A network address identifies the network, with this subnet mask. This leaves three octets of 8 bits each, or 24 bits, to identify the host on that one network. 2^24=16,777,216 addresses. Two addresses are reserved, x.x.x.0 and x.x.x.255. 16,777,214 nodes can be assigned an IP address on this network.

 It is highly unlikely that any organization would want one network of 16,777,214 nodes. They might want that many devices connected in a wide area network (WAN), thus capablee of communicating when neccessary, but they will want to subdivide this huge network into mostly self-contained subnetworks of nodes that communicate with each other often. This is called subnetting.

 To understand why, consider what would happen in either a broadcast or a token passing network that consisted of over 16,000,000 nodes. Nothing would happen. It simply would not work. Though the problem is not as drastic, class B and class C IP networks are often subnetted, also.

 The subnet mask is used to subdivide an IP network into subnets. This is a division that takes place in OSI layer 3, so it is a logical division that is created by the addressing scheme. This logical division is usually combined with a physical division. Many subnets are physically isolated from the rest of the network by a device such as a router or a switch. This aspect of subnetting is discussed in Unit 3--Data Link Layer.

 3. How Subnetting Works

 The bits of an address that are masked by the subnet mask are the bits that make up the network field of the address. To subnet, the default subnet mask for a network is extended to cover bits of the address that would otherwise be part of the host field. Once these bits are masked, they become part of the network field, and are used to identify subnets of the larger network.

 Here is where we begin dealing with both addresses and subnetmasks in binary. Get yourself a cold beverage, stretch, take a deep breath and don't worry. Once you get your brain around the concepts, it is not difficult. You just have to keep trying until the light goes on.

 3.1 Translating Binary to Decimal

 Both IP addresses and subnet masks are composed of 32 bits divided into 4 octets of 8 bits each. Here is how a single octet translates from binary to decimal. Consider an octet of all ones: 11111111.
128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     1    1    1   1   1   1   1 
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

 Here's another: 10111001
128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     0    1    1   1   0   0   1
128 +  0 + 32  +16 + 8 + 0 + 0 + 1 = 185

 and 00000000
128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 0     0    0    0   0   0   0   0
 0  +  0 +  0 +  0 + 0 + 0 + 0 + 0 = 0

 3.2 Converting Decimal to Binary

 Converting decimal to binary is similar. Consider 175:
128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     0    1    0   1   1   1   1
128 +  0 + 32 +  0 + 8 + 4 + 2 + 1 = 175

 175=10101111

 3.3 Simple Subnetting

 The simpliest way to subnet is to take the octet in the subnet mask that covers the first unassigned octet in the IP address block, and make all its bits high. Remember, a high bit, a 1, in the subnet mask indicates that that corresponding bit in the IP address is part of the network field. So, if you have a class B network 172.160.0.0, with the subnet mask 255.255.0.0, you have one network with 65, 534 possible addresses. If you take that subnet mask and make all the bits in the third octet high
128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     1    1    1   1   1   1   1
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

 you get the subnet mask 255.255.255.0.
172.60.  0. 0
255.255.255.0

 Now the third octet of all the addresses on this network are part of the network field instead of the host field. That is one octet, or eight bits, that can be manipulated to create subnets. 2^8=256 possible subnets now on this class B network.

 One octet is left for the host field. 2^8-2=254 possible host addressed on each subnet.

 3.4 Advanced Subnetting

 That is the simplist way to subnet, but it may not be the most desirable. You might not want 256 subnets on your class B network. Instead, you might use a subnet mask like 255.255.224.0. How many subnets would this give you? The first step is to see how many bits are allocated to the network by this mask. 
128   64   32   16   8   4   2   1
---   --   --   --   -   -   -   -
 1     1    1    0   0   0   0   0
128 + 64 + 32 +  0 + 0 + 0 + 0 + 0 = 224

 3 bits are allocated. 2^3=8 subnets.

 How many hosts on each subnet? Well, 5 bits from this octet are left for the host field, and 8 bits in the fourth octet, for a total of 13 bits in the host field. 2^13-2=8190 possible hosts on each subnet.

 The subnet mask is always extended by masking off the next bit in the address, from left to right. Thus, the last octet in the subnet mask will always be one of these: 128, 192, 224, 240, 248, 252, 254 or 255.

 Given the IP address of a host and the subnet address for the network, you need to be able to calculate which subnet that host is on. To do this we compare the binary representation of the pertinent octet of the subnet mask witht he binary representation of the corresponding octet in the IP address. Example:
IP address=172.60.50.2
subnet mask=255.255.224.0

 50= 00110010
224=11100000

 We perform a logical AND on these two numbers. We will be left with only the bits where there is a one in both octets.
00110010
11100000
--------
00100000=32

 This host is on subnet 172.60.32.0.

 We also need to be able to find the range of assignable IP addresses on this subnet. To do this, we take the binary that tells us the subnet address, in this case 00100000, and compare it with the subnet mask.
00100000
11100000

 The bits convered by the mask we will leave as they are. The rest of the bits we make high. So 
00100000
11100000
--------
0011111=63

 The range of assignable IP addresses on the subnet 172.60.32.0 is 172.60.32.1-172.60.63.254.

 On every network and subnet, two addresses are reserved. At the low end of the range of addresses for the network or subnet, in this case 172.60.32.0, is the address for the network or subnet itself. The address at the high end of the range of addresses, in this case 172.60.63.255, is the broadcast address. Any message sent to the broadcast address will be received by every host on the network.

Learn to reset or recover Cisco Router password


The Recovery process is simple and it hardly takes five minutes,   but time depends on how fast is your router boots. 

  1. First of all connect to the console port, start  terminal application, and power on the router. When you see the boot process beginning, hit the Break sequence. (Break sequence is usually Ctrl+Page Break, but it might differ according to terminal applications.) Doing this interrupts the boot process and drops the router into ROMMON.
  2. At the ROMMON prompt, enter the command confreg 0x2142 to set the configuration register to 0x2142.
  3. Restart the router by power cycling it or by issuing the command reset.
  4. When the router reloads, the configuration register setting of 0x2142 instructs the router to ignore the startup-config file in NVRAM. You will be asked if you want to go through Setup mode because the router thinks it has no startup-configuration file. Exit from Setup mode.
  5. Press Return and enable command enable to go into privileged EXEC command mode. No password is required because the startup config file was not loaded.
  6. Load the configuration manually by entering copy startup-config running-config.
  7. Go into the Global Configuration mode using the command configure terminal and change the password with the command enable password password or enable secret password.
  8. Save the new password by entering copy running-config startup-config.
  9. Go to the global config prompt, and change the configuration register back to the default setting with the command config-register 0x2102. Exit back to the privileged exec prompt.
  10. Reboot the router using the reload command. You will be asked to save your changes; you can do so if you have made additional configuration changes.

How To Configure ASA 8 Firewall on GNS3

Cisco ASA 5500 Series Adaptive Security Appliances, or simply Cisco ASA, is Cisco's line of network security devices introduced in 2005. Cisco ASA has generally been intended for the small-to-medium business market as a higher-end product with more features than entry-level products. Expansions are available for anti-virus/malware (dubbed Anti-X), and intrusion detection.

This video will explain you how to configure an ASA 8 firewall in GNS3.

 

Site to Site IPSEC VPN lab in GNS3


This popular site-to-site VPN solution for connecting remote locations to headquarters provides advanced encryption to secure information in transit and is the premier solution for permanent VPN connections. This video explains you how to create IPSEC Site to Site VPN connection.

 

How to recover lost enable passwords on a Cisco 2800 series router

This video describes how to recover the enable password and the enable secret passwords. These passwords protect access to privileged EXEC and configuration modes. The enable password password can be recovered, but the enable secret password is encrypted and must be replaced with a new password.

 
Inscription à : Articles (Atom)