ICND1 break down

WAN trouble-shooting commands

Posted on November 12, 2009. Filed under: CCNA, ICND1 break down |

Let’s talk a little bit about IOS commands for WAN trouble-shooting.

To verify the physcial cable connection on the routers, “show controller serial 1”, where serial 1 is the serial port the cable attached to.

R1#show controller serial 1

For the sake of trouble-shooting, we may want to use command “show interface serial1” to gain more information about the interfaces. Sometimes we find that the physical interface is up and the line procol down, generally there could be two reasons

We forget to set the clock rate on DCE. The line protocal will be down after 30 seconds, because the DTE need to receive the clock rate to work correctly. To set the clock rate on the DCE, use command “clock rate 56000” to set the clock rate to, for instance, 56 kbps.

The encapsulation type mismatch on both ends of the connection.

For example, if we physically connected router R1 and R2, but set different encapsulation type on them.

R1#encapsulation ppp

R2#encapsulation hdlc

Then, we will see physical interface up and line prococal down by running command “show interface serial1” on both router R1 and R2. To resolve the problem, we issue command “encapsulation hdlc” on R1 or issue command “encapsulation ppp” on R2, so that the encapsulation type matches on both ends of the serial link.

Read Full Post | Make a Comment ( 3 so far )

public switched telephone network (PSTN)

Posted on November 12, 2009. Filed under: CCNA, ICND1 break down |

The public switched telephone network (PSTN) is the network of the world’s public circuit-switched telephone networks, in much the same way that the Internet is the network of the world’s public IP-based packet-switched networks. Originally a network of fixed-line analog telephone systems, the PSTN is now almost entirely digital, and now includes mobile as well as fixed telephones. There are many advantages for PSTN as a communications link:

  • Other than a modem, no additional equipment is required.
  • The cost associated with the implementation of a PSTN connection link for a WAN is relatively low.
  • The maintenance of a public telephone network is very high quality with few instances in which lines are not available.
Read Full Post | Make a Comment ( 3 so far )

What is WAN

Posted on November 12, 2009. Filed under: CCNA, ICND1 break down |

wan

Wide Area Network (WAN) is a computer network that covers a broad geographical area. On the contrary, Local Area Networks (LAN) are usually limited to a small physical area, like a home, office, building  or campus.  The largest and most well-known example of a WAN is the Internet.

WANs are used to connect LANs and other types of networks together. Many WANs are built for one particular organization and are private. Others, built by Internet Service Providers (ISP), provide connections from an organizations’s LAN to the internet. In order to provide connections over large geographical arears, WANs often use public networks, such as the telephone system, leased lines (ISDN), satellite, microwave, or other connection method.

Typical WANs use serial connections of various types to access bandwidth over large geographic areas.

So, who is managing the WANs today? The following organizations defined and managed the WAN access standards:

  • International Organization for Standardization (ISO)
  • Telecommunications Industry Association (TIA)
  • Electronics Industry Alliance (EIA)

WAN access standards are primarily resides in OSI reference model Layer 1 and Layer 2. WAN access standards decribe physical layer and data link layer requirements such as physical addressing, flow control, and encapsulation. The following picture shows the popular WAN solutions today.

fig15

As shown above, at OSI model layer 1, WAN protocols describe how to provide electrical, mechanical, operational, and functional connections to the services of a communications service provider.

At OSI model layer 2,WAN protocols define encapsulation of data for transmission toward a remote location and the mechanisms for transferring the resulting frames. The WAN data link layer protocols include:

  • HDLC
  • PPP
  • Frame Relay (Link Access Procedure for Frame Relay [LAPF])
  • ATM

Serial connections support WAN services such as dedicated leased line, above which the PPP or Frame Relay runs.

Other WAN services, such as ISDN or dial-up modem, offer low cost dial-on-demand connection. An ISDN BRI is composed of two 64-kbps bearer channels (B channels) for data, and one 16-kbps data channel(D channel) for link-management purposes.

DSL and cable modem connections dominates today’s residential broadband service market. A typical residential DSL service can offer up to 1.5 Mbps connection speed over the existing telephone line. Cable services can offer higher speed connection over the existing coaxial cable TV line.

Read Full Post | Make a Comment ( 3 so far )

Switch/Router Interfaces and Physical Ports

Posted on October 27, 2009. Filed under: CCNA, ICND1 break down |

ICND1 and ICND2 break down

In this section, we will talk about the various interfaces and their corresponding physical ports on the cisco switches and routers.

Let’s take a close look at the output of command “show running-config” running on a Cisco 3560-24PS multilayer switch:

Switch#show running-config
Building configuration…

Current configuration : 984 bytes
!
version 12.2
no service password-encryption
!
hostname Switch
!
!
!
!
!
ip ssh version 1
!
port-channel load-balance src-mac
!
interface FastEthernet0/1
!
interface FastEthernet0/2
…omitted for clarity…
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
!
!
!
!
line con 0
line vty 0 4
 login
!
!
end

—————–

As shown above, the cisco switch have 24 FastEthernet interfaces, 2 GigabitEthernet interfaces, 1 VLAN interface, 1 console line and 5 vty lines.

For some types of interfaces, including FastEthernet interface, GigabitEthernet interface, Serial interface, and console line there is an one-to-one mapping between a specific interface and its corresponding physical port on the cisco device. The naming rule is type slot/port. For example, FastEthernet 0/1 interface can be mapped to the FastEthernet port (type) located in slot number 0 and port number 1, as circled in the following picture.

switch_ports

Other types of interfaces, however, are virtue, which means a interface don’t always have a single port as its physical conterpart. For example, vlan 1 on a switch includes all the switch ports.  For another example, vty lines from number 0 through number 4 might all be assigned to one single FastEthernet port on a cisco device.

Let’s run command “show running-config” on a 2621XM router.

Router#show running-config
Building configuration…

Current configuration : 502 bytes
!
version 12.2
no service password-encryption
!
hostname Router
!
!
!
!
!
ip ssh version 1
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0
 no ip address
 shutdown
!
interface Serial0/1
 no ip address
 shutdown
!
interface Serial0/2
 no ip address
 shutdown
!
interface Serial0/3
 no ip address
 shutdown
!
ip classless
!
!
!
!
!
line con 0
line vty 0 4
 login
!
!
end

—————

Note that the router’s interfaces are very similar to the switch’s. We can map the FasterEthernet interfaces, Serial interfaces to the router’s physical ports. As the following pictures show, this router have 2 slots. The left-side slot, slot number 1 is empty. The right-side slot, slot number 0 have two WIC-2T modules installed. These modules are changable, that is, they can be replaced by other modules such as module WIC-1T.

router1_ports

The following picure is the detail view of slot 0. Don’t forget the interface naming rule: “type slot/port”.

router1_ports_detail

The output of command “show running-config” looks slightly different on the cisco 2811 router:

Router#show running-config
Building configuration…

Current configuration : 455 bytes
!
version 12.4
no service password-encryption
!
hostname Router
!
!
!
!
!
ip ssh version 1
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0/0
 no ip address
 shutdown
!
interface Serial0/0/1
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
!
!
!
!
line con 0
line vty 0 4
 login
!
!
end

—————————————–

As the following pictures show, the 2811 router have 2 slots. The slot number 1 is empty. In slot number 2, we add one WIC-2T module.

router2_ports

Note that the naming rule for Serial port is “type router/slot/port“, which explained what the extra 0/ mean.

router2_ports_detail

Understanding the naming rule for ports on cisco devices is important, because this rule is also used in other commands such as “interface FastEthernet 0/1“.

Read Full Post | Make a Comment ( 2 so far )

Basic Router Management Commands

Posted on October 27, 2009. Filed under: CCNA, ICND1 break down |

ICND1 and ICND2 break down

In this section, we will talk about the basic management commands for the router. Most commands we learned in Lesson 4 are still applied to router. These commands are so basic that we repeated them again and again during the course.

In this section, our goals are:

  • Connect to a router through console port.
  • configure the console settings with commands “exec-timeout 20 10” and “logging synchronous
  • Set various passwords on the Router.
  • Change the router’s name with command “hostname routername“.
  • Set banner with command “banner motd # message #”.
  • Manage terminal history with commands “show history“, “terminal history“, and “terminal history size 5“.
  • Configure router’s IP address and subnet mask with command “interface FastEthernet 0/1” and its subcommands “ip address 192.168.1.100 255.255.255.0“.
  • Configure a description for a specific router interface with command “description blablabla“.
  • Configure Telnet and SSH connection on the router.
  • Verify the router’s status with various “show” commands.
  • Save configuration file with command “copy running-config startup-config“.

The router used in the following demo is a cisco 2811 router.

In step one, we physically connect the router’s console port to the Pc0’s RS232 port with a console cable.

console-connect

Then, we configure the hyper terminal program on the PC with the following configurations.

terminal

If the hyper terminal program successfully logged into the router via console line, the following CLI will show up.

System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory

Self decompressing the image :
########################################################################## [OK]
              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
Image text-base: 0x400A925C, data-base: 0x4372CE20

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
239K bytes of non-volatile configuration memory.
62720K bytes of  ATA CompactFlash (Read/Write)
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
         — System Configuration Dialog —

Continue with configuration dialog? [yes/no]: n
Press RETURN to get started!

So we press RETURN to get started. Our next step is to configure password, exec-timeout, and logging synchronous on the console port. 

Router>enable
Router#config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#line console 0
Router(config-line)#password console
Router(config-line)#login
Router(config-line)#exec-timeout 20 10
Router(config-line)#logging synchronous
Router(config-line)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Router#write memory
Building configuration…
[OK]
Router#logout

Next, we logout of the router then login the router in order to make sure the password works. As you have already guessed, it works. The password is “console” as we configured on line console 0.

Router con0 is now available
Press RETURN to get started.

User Access Verification

Password:

Our next goal is to configure passwords for privileged mode and vty lines. We also encryt our passwords with command “service password-encrytion”

Router>enable
Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
 
Router(config)#enable password ccent
Router(config)#enable secret cisco
Router(config)#service password-encryption
Router(config)#line vty 0 4
Router(config-line)#password vty
Router(config-line)#login
Router(config-line)#^Z
%SYS-5-CONFIG_I: Configured from console by console

Router#wr
Building configuration…
[OK]

Now, it’s time to configure the message of tody (motd).
Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#banner motd # authorized user only! #

In the next step, we configured the FasterEthernet 0/0 interface. We add a brief descrition for the interface, then configured the ip address and network mask, finally we bring the interface up with command “no shutdown”.
Router(config)#interface FastEthernet 0/0
Router(config-if)#description this port is configured for telnet and ssh connection.
 
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
Router(config-if)#
Router(config-if)#exit
Router(config)#exit
%SYS-5-CONFIG_I: Configured from console by console

We have entered many commands, let’s see what they are.
Router#show history
  enable
  config t
  banner motd # authorized user only! #
  wr
  config t
  show history
Router#terminal history size 50
Router#wr
Building configuration…
[OK]
Router#

Next step is to configure telnet and ssh on the router. Note that we have already configured the Ethernet 0/0 interface and vty line 0 4 for telnet connection, so the work left is to configure the remote PC correctly.

The router’s FastEthernet0/0 port is connected to the PC1’s FastEthernet port via a cross-over cable. Note that for switch, straight-through cable should be used instead.

telnet

Since Telnet need Layer 3 address, the Pc1’s FasterEthernet port must be configured with IP address, in our case, it is 192.168.1.100.

Now we bring up a microsoft command promt window, type in “telnet 192.168.1.1”. The telnet program is executed, and started a telnet session on the router for us. Of couse a password is needed, we know the password is “vty”, because we set it previously when configuring vty line 0 4. Note that the message of today is shown up before login.

During this telnet session, our task is to configure ssh on the router. Note that the password to enter the privileged mode is “cisco” instead of “ccent”, because command “enable secrete cisco” takes priority over command “enable password ccent”.

PC>ipconfig /all

IP Address………………….: 192.168.1.100
Subnet Mask…………………: 255.255.255.0
Default Gateway……………..: 0.0.0.0
DNS Servers…………………: 0.0.0.0

PC>telnet 192.168.1.1
Trying 192.168.1.1 …
 authorized user only!

User Access Verification

Password:
Router>enable
Password:
Router#show ip ssh
SSH Disabled – version 1.5
%Please create RSA keys (of atleast 768 bits size) to enable SSH v2.
Authentication timeout: 120 secs; Authentication retries: 3
 
Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname RouterA
RouterA(config)#ip domain-name domain.net
RouterA(config)#crypto key generate rsa
The name for the keys will be: RouterA.domain.net
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

RouterA(config)#line vty 0 4
RouterA(config-line)#transport input ssh
RouterA(config-line)#login local
RouterA(config-line)#exit
RouterA(config)#username ccent password ccent
RouterA(config)#^Z
%SYS-5-CONFIG_I: Configured from console by console
RouterA#write memory
Building configuration…
[OK]
RouterA#logout

[Connection to 192.168.1.1 closed by foreign host]

Now, it’s time to login with ssh program. Before we do that, we should verify that the telnet login is really disabled on the FastEthernet port by the command “transport input ssh”. The password for ssh login is “ccent” as we configured in command “username ccent password ccent”.
PC>ipconfig /all

Physical Address…………….: 0010.1194.8786
IP Address………………….: 192.168.1.100
Subnet Mask…………………: 255.255.255.0
Default Gateway……………..: 0.0.0.0
DNS Servers…………………: 0.0.0.0

PC>telnet 192.168.1.1
Trying 192.168.1.1 …
[Connection to 192.168.1.1 closed by foreign host]
PC>ssh -l ccent 192.168.1.1

Password:

 authorized user only!

RouterA>enable
Password:

After successfully log in with ssh, we issued many “show” commands to check the router’s current status.
RouterA#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team

ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.

System returned to ROM by power-on
System image file is “c2800nm-advipservicesk9-mz.124-15.T1.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
239K bytes of NVRAM.
62720K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

RouterA#show interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up (connected)
  Hardware is Lance, address is 0060.2f94.a501 (bia 0060.2f94.a501)
  Description: this port is configured for telnet and ssh connection.
  Internet address is 192.168.1.1/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00,
  Last input 00:00:08, output 00:00:05, output hang never
  Last clearing of “show interface” counters never
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 207 bits/sec, 0 packets/sec
  5 minute output rate 203 bits/sec, 0 packets/sec
     409 packets input, 26440 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     374 packets output, 25037 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
RouterA#show ssh
Connection      Version Encryption      State                   Username
67              1.99    3DES            Session Started         ccent
%No SSHv1 server connections running.
%No SSHv2 server connections running.
RouterA#show running-config
Building configuration…

Current configuration : 763 bytes
!
version 12.4
service password-encryption
!
hostname RouterA
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
enable password 7 08224F4B070D
!
!
!
!
username ccent password 7 08224F4B070D
!
ip ssh version 1
ip domain-name domain.net
!
!
interface FastEthernet0/0
 description this port is configured for telnet and ssh connection.
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
!
!
!
!
banner motd ^C authorized user only! ^C
line con 0
 history size 50
 exec-timeout 20 10
 password 7 082243401A160912
 logging synchronous
 login
line vty 0 4
 password 7 08375857
 login local
 transport input ssh
!
!
end

Finally, we save all the above configuration in the startup-config file, so that they will not lost after the router is powered off.
RouterA#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
RouterA#

Read Full Post | Make a Comment ( 14 so far )

enable password vs enable secret

Posted on October 14, 2009. Filed under: CCNA, ICND1 break down |

The following is a citation from a cisco document.
Conclusion: don’t use enable password, use enable secret instead.

Password Management
Passwords control access to resources or devices. This is accomplished through the definition a password or secret that is used in order to authenticate requests. When a request is received for access to a resource or device, the request is challenged for verification of the password and identity, and access can be granted, denied, or limited based on the result. As a security best practice, passwords must be managed with a TACACS+ or RADIUS authentication server. However, note that a locally configured password for privileged access is still be needed in the event of failure of the TACACS+ or RADIUS services. A device can also have other password information present within its configuration, such as an NTP key, SNMP community string, or Routing Protocol key.

The enable secret command is used in order to set the password that grants privileged administrative access to the Cisco IOS system. The enable secret command must be used, rather than the older enable password command. The enable password command uses a weak encryption algorithm.

If no enable secret is set and a password is configured for the console tty line, the console password can be used in order to receive privileged access, even from a remote virtual tty (vty) session. This action is almost certainly unwanted and is another reason to ensure configuration of an enable secret.

The service password-encryption global configuration command directs the Cisco IOS software to encrypt the passwords, Challenge Handshake Authentication Protocol (CHAP) secrets, and similar data that are saved in its configuration file. Such encryption is useful in order to prevent casual observers from reading passwords, such as when they look at the screen over the muster of an administrator. However, the algorithm used by the service password-encryption command is a simple Vigenère cipher. The algorithm is not designed to protect configuration files against serious analysis by even slightly sophisticated attackers and must not be used for this purpose. Any Cisco IOS configuration file that contains encrypted passwords must be treated with the same care that is used for a cleartext list of those same passwords.

While this weak encryption algorithm is not used by the enable secret command, it is used by the enable password global configuration command, as well as the password line configuration command. Passwords of this type must be eliminated and the enable secret command or the Enhanced Password Security feature needs to be used.

The enable secret command and the Enhanced Password Security feature use Message Digest 5 (MD5) for password hashing. This algorithm has had considerable public review and is not known to be reversible. However, the algorithm is subject to dictionary attacks. In a dictionary attack, an attacker tries every word in a dictionary or other list of candidate passwords in order to find a match. Therefore, configuration files must be securely stored and only shared with trusted individuals.

Read Full Post | Make a Comment ( 3 so far )

Cisco IOS software overview

Posted on October 13, 2009. Filed under: CCNA, ICND1 break down |

ICND1 and ICND2 break down

Cisco IOS software is the embedded software architecture in all Cisco devices and is also the operating system of Cisco Catalyst switches.

The Cisco IOS Software command-line interface (CLI) is used by network administrators to monitor and configure Cisco devices. You access the CLI by establishing a console connection or a Telnet connect connection to the Cisco devices. Log in to the Cisco device brings up a CLI window, where you are put into user EXEC mode by default and the prompt sign is “>”. The command exit close the session from the user EXEC mode. 

The Cisco IOS software CLI have very handy help features.

  • command avialability help: enter the ? (question mark) command at the user EXEC mode or privileged EXEC mode will reveal commands that available at that EXEC level.
  • word help: Enter an incomplete command followed by a ? (without any space between) will display a list of available commands that start with the characters that you entered.  
  • word auto-complete: Enter an incomplete command, then press TAB key will automatically complete the command for you, provide that only one command exists which start with the characters that you entered.
  • command syntax help: Enter a command followed by a space then ? will display a list of the available command options supported by the command that you entered.

The following is the CLI help features demonstration on a Cisco 2960-24TT switch:

 —————————————————-Demo Start——————————————————–

Press RETURN to get started!

 

User Access Verification

Password:

Switch>?
Exec commands:
  <1-99>      Session number to resume
  connect     Open a terminal connection
  disconnect  Disconnect an existing network connection
  enable      Turn on privileged commands
  exit        Exit from the EXEC
  logout      Exit from the EXEC
  ping        Send echo messages
  resume      Resume an active network connection
  show        Show running system information
  telnet      Open a telnet connection
  terminal    Set terminal line parameters
  traceroute  Trace route to destination
Switch>sh?
show 
Switch>show ?
  cdp                CDP information
  clock              Display the system clock
  dtp                DTP information
  etherchannel       EtherChannel information
  flash:             display information about flash: file system
  history            Display the session command history
  interfaces         Interface status and configuration
  ip                 IP information
  mac-address-table  MAC forwarding table
  sessions           Information about Telnet connections
  tcp                Status of TCP connections
  terminal           Display terminal configuration parameters
  users              Display information about terminal lines
  version            System hardware and software status
  vlan               VTP VLAN status
  vtp                VTP information
Switch>show ip ?
  arp        IP ARP table
  interface  IP interface status and configuration
Switch>show ip interface ?
  Vlan   Catalyst Vlans
  brief  Brief summary of IP status and configuration
  <cr>
Switch>show ip interface
Vlan1 is administratively down, line protocol is down
  Internet protocol processing disabled
Switch>enable
Switch#?
Exec commands:
  <1-99>      Session number to resume
  clear       Reset functions
  clock       Manage the system clock
  configure   Enter configuration mode
  connect     Open a terminal connection
  copy        Copy from one file to another
  debug       Debugging functions (see also ‘undebug’)
  delete      Delete a file
  dir         List files on a filesystem
  disable     Turn off privileged commands
  disconnect  Disconnect an existing network connection
  enable      Turn on privileged commands
  erase       Erase a filesystem
  exit        Exit from the EXEC
  logout      Exit from the EXEC
  more        Display the contents of a file
  no          Disable debugging informations
  ping        Send echo messages
  reload      Halt and perform a cold restart
  resume      Resume an active network connection
  setup       Run the SETUP command facility
 –More–

—————————————————-Demo end——————————————————–

 

Note two points. 

Firstly, in the following lines:

Switch>show ip interface ?
  Vlan   Catalyst Vlans
  brief  Brief summary of IP status and configuration
  <cr>
where <cr> means press ENTER key.

Secondly,

–More– means there are more lines to be displayed, press ENTER key to show one line, press SPACE key to show all lines.

Read Full Post | Make a Comment ( 73 so far )

Host-to-Host communication

Posted on October 11, 2009. Filed under: CCNA, ICND1 break down |

So far, we have learned how the Transport layer protocols UDP and TCP work, we also learned that both Network Layer addresses (the IP address) and data link layer addresses (MAC address) are needed for two hosts to communicate. In this section, we will put these knowledge into use by examing a Host-to-Host communication example.

In the example setup, Host A has Layer 3 address of 192.168.1.100 and Layer 2 address of 0000:0000:AAAA; Host B has Layer 3 address of 192.168.1.200 and Layer 2 address of 0000:0000:BBBB.

host

Let’s assume that Host B have a web server running on it, and its port 80 is ready to accept http connections. A HTML file named test.htm is located in Host A’s internet folder.

Now, we open a web brower in Host A and type the URL http://192.168.1.200/test.htm in the address bar, then press the ENTER key. This is what happened afterwards.

(Note that I will not emphasis events happened on the three upper layers of the OSI model. If you really want a complete picture, please install a firebug on the firefox brower and exam the upper layer protocols by yourself.)

Step 1, The web brower program reads your input from the address bar.

Step 2, The browser broke the URL into three parts: the protocol (http), the server address (192.168.1.200), and the file name (test.htm).

 Step 3, From the protocol part “http”, the browser knows two things: a reliable connection is needed, and the port number 80 should be used. Therefore the browser requests the reliable connection service from the transport layer, it also tells the transport layer that the IP address is 192.168.1.200 and port number is 80.

Step 4, Upon receiving the request from the browser, the transport layer selects TCP to set up the session. TCP initiates the session by creating a TCP segment with SYN bit set. The source port is a randomly assigned dynamic port number and the destination port is 80. The TCP segment was passed down to the Network layer, with the destination IP address 192.168.1.200.

Step 5,  IP then creates a packet with IP source address 192.168.1.100 and destination address 192.168.1.200 received from TCP. The Protocol field of the packet has value 0×06, which means TCP. After the packet creation, IP then passes the packet to Layer 2.

Step 6, Because hosts only communicate via hardware addresses on the local LAN, for this packet to be sent to the destination Host B, Layer 2 needs to map the destination IP addrss 192.168.1.200 to its MAC address. Layer 2 does this by requesting a mapping from the ARP program.

Step 7, ARP checks its ARP table to see if the IP address of the destination IP has already been resolved to hardware address. If it is, the frame is then created with the hardware destinatio address. Otherwise, Layer 2 holds the packet until ARP can provide a mapping. Since this is the first time we connect to the web server, the ARP table is empty.

Step 8, The ARP program builds an ARP request and passes it to Layer 2, telling Layer 2 to send the request t a broadcast address.

Step 9, Layer 2 encapsulates the ARP requestin a Layer 2 frame using the broadcast address (FFFF:FFFF:FFFF) provided by ARP as the destination MAC address and the local MAC address (0000:0000:AAAA) as the source MAC address.

Step 10, Layer 2 at Host B receives the frame, it notes the broadcast address and strips the Layer 2 header and send it to ARP program.

Step 11, ARP sees the ARP request is from a host with IP address 192.168.1.100 and MAC address 0000:0000:AAAA, so it adds this IP and MAC pair to its ARP table.

Step 12, ARP builds a ARP response with its own IP address 192.168.1.200, then passes it to Layer 2, telling Layer 2 to send the response to MAC address 0000:0000:AAAA.

Step 13, Layer 2 encapsulates the ARP in a Layer 2 frame using the destination MAC address 0000:0000:AAAA provided by ARP and the local source MAC address 0000:0000:BBBB.

Step 14, When Host A receives the frame, it notes that the destination MAC address is the same as its own. It strips the Layer 2 encapsulation and passes the remaining ARP reply to the ARP program.

Step 15, ARP notice the ARP reply is from a host with IP 192.168.1.200 and MAC 0000:0000:BBBB, so it adds this IP and MAC pair to its ARP table.

Step 16, Layer 2 now mapped the destination IP addrss 192.168.1.200 to the corresponding MAC address 0000:0000:BBBB with the help of ARP program. Therefore, it can encapsulats the pending packet into a frame with Source MAC 0000:0000:AAAA and destination Address 0000:0000:BBBB, then the frame out.

Step 17, At Host B, the frame is passed up the stack where encapsulation is removed. The remaining protocol data unit (PDU) is passed to TCP.

Step 18, In response to the SYN, TCP at Host B passes a SYN ACK down the stack to be encapsulated.

Step 19, Upon receives the SYN ACK from Host B, Host A sends back the ACK to complete the Three-Way Handshake.

Step 20, With the three-way handshake completed, TCP can inform the web browser that a connection to the server at IP address 192.168.1.200 have been formed on port 80.

Step 21, Following the HTTP protocol, the browser sent a GET request to the server, asking for the file test.htm.

Step 22, The server running on Host B then sent the HTML text for the Web page to the browser running on Host A.

Step 23, The browser read the HTML tags and formatted the page onto your screen.

ICND1 and ICND2 break down

Read Full Post | Make a Comment ( 4 so far )

Host-to-Host communication through a Switch

Posted on October 11, 2009. Filed under: CCNA, ICND1 break down |

In this section, we will put together what we have learned so far by looking into the host-to-host IP communications through a switch.

    Host A                                                                                    Host B

switch

Read Full Post | Make a Comment ( 3 so far )

Ethernet LAN Segments

Posted on October 11, 2009. Filed under: CCNA, ICND1 break down |

A Ethernet LAN segment is a network connection made by a single unbroken network cable. The network cable have a length limit, because the signal will tenuate as they travel down the cable and finally be corrupted by the line noise.

The following table compares many Ethernet cable specifications for the speed and the maximum segment length.

Ethernet specification speed cable Maximum length
10BASE-T 10 Mbps Twisted-pair 100m
10BASE-FL 10 Mbps Fiber-optic 2000m
100BASE-TX 100 Mbps Twisted-pair 100m
100BASE-FX 100 Mbps Fiber-optic 400m
1000BASE-T 1000 Mbps Twisted-pair 100m
1000BASE-LX 1000 Mbps Fiber-optic 550m for multimode fiber or  10km for single-mode fiber
1000BASE-CX 1000 Mbps copper 25m

 

When we need an Ethernet LAN longer than a single cable’s maximum length, devices such as repeater, hub, switch and routers are needed to extend LAN segments. Notice that all computers attached to a given Ethernet segment compete for the same amout of bandwidth provided by the network media.

ICND1 and ICND2 break down

Read Full Post | Make a Comment ( 4 so far )

« Previous Entries

Liked it here?
Why not try sites on the blogroll...