Monday, October 25, 2010

CCNA Prep - Key points

Main functions of switches
1. Perform switching in the hardware
2. Address learning
3. Loop avoidance
4. Forward/Filter/Flood
5. Store and Forward(get full packet into memory buffer and then forward), Cut-through(read only destination mac and forward), Fragment free (read first 64 bytes and then forward)
6. increase bandwidth
7. increase collision domains
8. reduce size of collision domain

Spanning Tree Protocol
- runs on a per VLAN basis - 802.1d
- to prevent switching loops
- it takes time to converge... is completely converged when the all ports are either in forwarding or blocking mode
- root bridge has all ports in forwarding mode - but don't get confused, when etherchannel is configured also, all ports will be shown as forwarding
- etherchannel configuration
int port-channel 1
int range fastethernet 1-10
switchport mode trunk
channel-group 1 mode desirable auto

- disabled, blocked, listening, learning, forwarding

forward-delay is 15 seconds - 15 seconds in listening and 15 seconds in learning
wait interval - 20 seconds.. wait for 20 seconds for hello packet before stp is recalculated.

BPDU - Bridge Protocol Data Unit - Bridge Priority:Mac Address
The root bridge is the one with the smallest Bridge ID.

On access ports turn on portfast to reduce STP overhead or we can run rapid Spanning Tree Protocol 802.1w - does away with listening and learning states
Costs
10MBPS - 100
100 MBPS - 19
1000 MBPS - 4
10000 MBPS - 2

Port Security
switchport port-security maximimum 2
switchport port-security mac-address sticky
switchport port-security violation shutdown/restrict/protected

UplinkFast - actively finds the next best path to be enabled in case the currently active path fails
switchport uplinkfast

BackboneFast - enabled on access switches. When a switch recieves an inferior BPDU from the designated switch, it knows that the link to the root bridge has failed.
switchport backbonefast

BPDU Guard - puts the port into err-disabled state if a BPDU is recieved on the port on which this is enabled
switchport bpduguard enable

BPDUFilter - removes the port from portfast mode once it receives a BPDU
switchport bpdufilter enable

OSPF
- process id is locally significant
- process id can be from 1 to 65535
- link state protocol
- sends hello packets every 2 seconds
- link state advertisements are sent out only when there is change in topology
- administrative distance is 110
- suitable for multi-vendor networks
- metric is cost
- for routers to become neighbours
* get hello packet
* same area
* same network mask
* same hello and dead timers
- types of routers
- backbone router - at least one interface in area 0
- area border router - between areas
( all backbone routers are area border routers but not the other way around)
- AS border router - during redistribution
- internal routers - all interfaces in same area
- auto-summarization
router ospf#area 1 ip range 172.16.20.1 172.16.20.4

Costs
56KBPS line - 1785
64KBPS line - 1586
T1 line - 1544 KBPS - 64
Ethernet - 10 MBPS - 10
FastEthernet - 100 MBPS - 1
100000000/speed in bps

RIP
version 1
-broadcast routing updates
- holdowns, split horizon, route poisoning used to prevent routing loops
- holddowns - wait for a particular duration before taking the next step
- route poisoning - advertising a route as unreachable
- split horizon - don't forward a packet out the same interface that it came in on
- uses hop count as metric
- classful
- no support for VLSM
- administrative distance is 120

version 2
- classless
- supports VLSM
- administrative distance is 120
- multicasts routing updates to 224.0.0.9
- suitable for small networks with fewer hops
- metric is hop count
- ip summary-address rip 172.16.20.1 172.16.20.4

EIGRP
- AD is 90
- classless
- supports VLSM
- suitable where mutliple routed protocols are to be supported
- not suitable for multi-vendor networks
- metric is bandwidth, delay, reliability, load, MTU

VTP
- modes - server - update own database and send advertisements - is the default mode
- client - can not update their local database on their own. process and update based on advertisements from server
- transparent - used to just forward VTP messages in between. Can update their local database but not advertised
- vtp domain and passwords need to match for switches to share VLAN information

Router on a switch - to communicate between VLANs
- router has sub-interfaces, one in each VLAN subnet and the ip of the sub-interface is set as the gateway in each vlan
- the encapsulation type has to match

Frame Relay
show frame-relay map - shows DLCI and IP address mapping
States : Active, Inactive(remote side problem), Deleted(incorrect mapping entry)

show frame-relay pvc - shows all DLCIs configured with statistics

show frame-relay lmi - sequence numbers should keep increasing depending on keepalive value set in "show interface serial1/0"

LMI acts as keepalive in Frame Relay.

Frame Relay encapsulation types
encapsulation frame-relay ietf
encapsulation frame-relay - defaults to cisco
The encapsulation has to match between DTEs.

LMI types
frame-relay lmi-type ansi/q933a/cisco
LMI types have to match between DTE(Router) and the Frame Switch

DLCIs can be anything between 16 and 1019.

Status can be seen in show interface serial 1/0

On point to point links, frame-relay interface-dlci 111
Otherwise, frame-relay map ip 172.16.20.1 111 broadcast

Inverse ARP - used to find the dlci given the ip address
Proxy ARP - router returns the MAC address of its interface when the destination is on a remote network
Reverse ARP - to find the IP address of a known mac
ARP - find mac given ip address

PPP consists of HDLC(Encapsulation), LCP(Link Control Protocol - to establish,maintain connections), NCP (Network Control Protocol - to determine which Network Layer Protocol)
LCP provides multilink, callback, authentication, compression

OSI model - to let different vendors interwork
Application/Presentation/Session/Transport/Network/Data Link/Physical
Data link - Logical Link Control and MAC - Media Access Control

TCP/IP model
Process/Application(App/presentation/session) -> Host-to-Host(Transport) -> Internet(Network) -> Network Acess(data link and physical)

TCP - connection oriented, flow control, error detection and recovery, sequencing, windowning
FTP 20/21, SSH - 22, Telnet - 23, SMTP - 25, HTTP - 80, POP - 110, SSL - 443

UDP - connectionless, best effort delivery
DHCP - 67/68, SNMP - 161, TFTP - 69

DNS - 53 on both, 24 on both for mail

Wireless technologies
- 802.11, 802.11a, 802.11 b, 802.11 g, 802.11n
- 900MHZ, 2.4GHZ, 5GHZ - frequency
- 802.11a - enhancement to basic 802.11 - 6 to 54 MBPS speed on 5GHZ - uses ODFM - 12 channels
- 802.11 b - 1 to 11 MBPS on 2.4 GHZ - uses DSSS - 3 channels
- 802.11g - 6 to 54 MBPS on 5GHZ - uses OFDM but switches to DSSS if there is even one 802.11b AP - 3 channels
- 802.11n - 23 channels
- Basic Service Set - one AP
- Extended Service Set - multiple APs all using same SSID to enable seamless roaming but different channels

Memory components
EEPROM - flash - stores IOS
NVRAM - stores startup-config, configuration register
RAM - stores running config, ARP cache
ROM - stores ROM Monitor(piece of code to test, debug), POST, bootstrap, ROM IOS - very basic IOS - to enable an interface and other maintenance commands - loaded if IOS is not found in flash or TFTP server

Configuration register - 0x2102 - default value - load IOS from flash - follow boot sequence in NVRAM
0x2142 - escape startup configuration values to recover password
Ctrl+break while booting will take u into rom monitor mode.
0x2100 - rom monitor mode rommon>
0x2101 - rom boot mode router(boot)>
0x2102 to ff - boot sequence in NVRAM

Troubleshooting
1. Ping localhost 127.0.0.1 - to test TCP/IP stack implementation
2. Ping local ip - to test NIC card
3. Ping local gateway - to test local network
4. Ping remote address - to check if it is a remote problem

interface is administratively down - no shutdown has to be given
interface is down - ip address not set on remote interface or remote interface has to be issued no shutdown
line protocol is down - some logical issue - no keepalives(lmi) or encapsulation mismatch or clock rate not supplied

NAT
- ip nat inside
- ip nat outside
- ip nat pool Pool1 201.1.1.1 201.1.1.5 prefix-length 29
- access-list 1 permit 192.168.1.1 0.0.0.255
- ip nat inside source list 1 pool Pool1 overload
- static translation - ip nat inside source static 10.1.1.1 15.1.1.1
or
ip nat inside source static 10.1.1.1 interface serial0
- each nat translation entry takes 160 bytes
- nat helps conserve ip addresses, reuse ip addresses, reduces overhead when changing ISPs, connecting networks with overlapping address space
- nat can cause routing delays, end to end ip traceability, some applications don't work with NAT
- show ip nat translations
- show ip nat statistics
- clear ip nat translations *
- ip nat translations max-entries
- ip nat translations timeout

access lists
1. standard
1 to 99, 1300 to 1999
filter only on source address
access-list 1 permit host 1.1.1.1
access-list 1 permit 1.1.1.1 0.0.0.0
access-list 1 permit 172.12.12.0 0.0.0.255

(config-if)#ip access-group 1 in
(config-line)#ip access-class 1 in

2. extended
access-list 100 permit tcp host 1.1.1.1 host 5.5.5.5 eq www

3. named
ip access-list standard 1
permit host 1.1.1.1
deny host 5.5.5.5

Don't forget IMPLICIT deny at the end

3. lock and key ACLs - require the user to telnet and login to get authenticated
4. dynamic ACLs - specify time during which ACL will apply
time-range NO_TELNET periodic weekends 10:00 5:00
ip access-list 100
deny tcp any host 5.5.5.5 eq telnet time-range NO_TELNET
permit tcp any host 6.6.6.6 eq telnet time-range AlWAYS


floating routes
- when the default administrative distance of a static route is changed

configuring use of SSH instead of Telnet on vty lines
REQUIRED
hostname aaa
ip domain-name aaa.com

line vty 0 4
transport input ssh telnet

crypto key generate rsa general-keys modulus 1024
ip ssh authentication-retries
ip ssh timeout

configuring DNS on IP
ip domain-lookup
ip name-server
ip domain-name todd.com

configuring dhcp on ipv6
ipv6 unicast-routing - global
ipv6 enable on an interface
ipv6 dhcp pool pool1
domain-name
dns-server
prefix-delegation pool pool1 lifetime 3600 3600

config-if)#ipv6 dhcp server pool1
ipv6
----
global - 2000::/3
six to four tunnelling - 2002::/16
unique local/site local - FC00::/7
link local - FE80::/10
multicast - FF00::/8

Modified EUI - insert FF:FE into the MAC address to get IP v6 address and change second bit based on whether it is a local or global address
First and second bits of mac-address
I/G and G/L in MAC Address
I = individual when 0
G = multicast/broadcase when 1

G = 0 globally administered by IEEE
L = 1 local administration like DEC

Creating a IPv4 dhcp pool
dhcp pool pool1
network 172.16.10.0 255.255.255.0
default-router 172.16.0.254

ip dhcp excluded-address 172.16.0.254

Cabling standards
10Base2 - 185
10Base5 - 500
10BaseT - 100

100BaseT - 100
100BaseF - 412

1000BaseC - 25 metres
1000BaseT - 100 metres
1000BaseS - MMF - 550metres
1000BaseL - Single mode - 3to 10km


802.11
a - 6-54mbps - 5GHz - 12 channels - 190-75
b - 1 to 11mbps - 2.4Ghz - 3 channels - 350 - 160
g - 6 to 54mbps - 2.4Ghz - 3 channels - 300 - 90
h - 6-54mbps - 5GHZ - 23 channels
n - MIMO - 23 channels - upto 250mbps

Wireless authentication methods
open
shared key
ssid
mac based
wep

wpa - TKIP and AES

Tuesday, October 19, 2010

Drive to Palakkad and back to Bangalore

There was a long weekend coming up and hubby and I decided to hit the road. Since it had been some time since we'd visited his parents, we decided that Palakkad should be the way to go. We took down every possible route that we could take from Bangalore to Palakkad. We had finalized on going via NH-7 and then onto NH-47 all the way. We both took the previous day also off. Hubby dear was the first to wake up out of excitement on that one Thursday. We were off by 5:15 am. Hubby took the wheel and we had some initial hiccups on ORR getting onto Sarjapur Road and unfortunately we took the Harluru Road to E-city which was a nightmare. There are so many speed breakers. It is almost like each and every house now has to have a speed breaker right before the gate. Once we crossed that, it was all smooth. It was a nice cool day and Pras was enjoying the drive, looking very comfortable at the wheel. NH-7 is awesome. However, as per our plan, we were to go all the way to Salem on NH-7. Unfortunately, we diverted onto State Highway 20 following a sign board. This road is not that bad but the initial part has a lot of pot holes and passes through all the villages. One really good thing about this route, was Mettur Dam. It is so beautiful. We stopped to take pictures but read in tamil that photography was prohibited. There are no proper restaurants on this route until you reach Bhavani. We reached Bhavani around 10:00 am and had breakfast. A cute grasshopper, whose tail resembled a leaf, was happily resting on our windshield. I took the wheel and Pras found a pet for a while. He was so cute, happily hopping around Pras. We finally got onto NH-47. Once we got onto NH-47, to confirm the route, we asked a lorry driver the way to Coimbatore and his response was "Go straight. The speedometer should not come below 100" :) NH-47 has a lot of ongoing work to widen the roads. Well, the wide roads and 4 lane highways are awesome to drive on, but it's pathetic and disheartening to see that they've cut down all the trees, never to plant another one to replace the cut tree. Since we were off on a weekday, the traffic was negligible. We touched 120+ on this route where the stretch was very good. Pras was getting a stiff shoulder and hence, we kept taking turns to drive. The stretch post Avinashi towards Palakkad is horrible. There are many pot holes and huge lorries parked on either side. Fortunately, we did not have to spend any time at Walayar check post. We reached Palakkad at 2pm.

We started back on Sunday. We started at 6am and got to Bangalore by 1:30pm. The road from Palakad till Walayar was depressing with so many dogs/cats lying pools of blood. There was quite a bit of traffic, it being the end of the long weekend. Most of the cars on the road were Karnataka registrations vehicles, all raring to go, without a single thought. The funny thing about the National Highway is that there is these "Kurk Chalai"/cross roads for villagers with zebra crossings.Each of these had many sign boards one of which was a "Don't Sound Horn" sign meaning that the pedestrians have right of way. Further, the villagers cross the road with cows/goats without looking to neither left nor right. And the drivers knowing that the pedestrians have right of way, don't stop for them. Accidents are eminent. There was a swift and a wagon R behind me. I used to brake or take my leg off the accelerator when we neared these crossings. These guys waited for a chance, when I was behind a bus and overtook me. At the next immediate crossing, the swift driver rammed into a bike. The whole village surrounded his car. Fortunately, no one was hurt. There was a blockade on the Dharmapuri road due to a truck that had run off the road and was being pulled up. This took upto 45 minutes of our time. Another irritating thing were these TOLL PLAZAS. Oh god, we spend almost 200 rupees or so on toll charges, each way. At one toll plaza, the road was bad just before the plaza. Hence, I asked the man sitting at the counter "You are collecting such hefty tolls and the road is not good in front of the toll plaza itself". He shouted something.. not sure what. At one toll plaza, I went to the toilet and guess what I found when I opened the Ladies toilet door? Another man doing I-don't-know-what in the toilet. I was dead scared as to how he would respond as Pras had stayed back in the car. Anyways, I acted very innocent and shouted "Sorry" :P
We took the elevated highway from E-city to give it a try and it is not really a highway.. it made me feel sorta claustrophobic - the walls are high giving you a closed feeling. We had lunch at 'The Dhaba" and ate the scrumptuous food that Pras's mom had packed for dinner.
Overall, it was a great experience. I am sure Pras is now very confident about driving which is a worry as well as a relief for me. Worry - he may not let me drive at all. Relief - I don't always have to drive through traffic.