Software Tools
Network Management Systems:
http://www.ipswitch.com/products/whatsup/index.asp?t=demo
http://www.solarwinds.com/products/network_tools.aspx
Baselining Tools:
http://www.networkuptime.com/tools/enterprise/
Knowledge Bases:
http://www.cisco.com
Protocol Analyzers:
http://www.flukenetworks.com/fnet/en-us/products/OptiView+Protocol+Expert/
Hardware Tools
Cisco Network Analyzer Module (NAM):
http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/3.5/user/guide/user.html
Cable Testers:
http://www.flukenetworks.com/fnet/en-us/products/CableIQ+Qualification+Tester/Demo.htm
Cable Analyzers:
http://www.flukenetworks.com/fnet/en-us/products/DTX+CableAnalyzer+Series/Demo.htm
Network Analyzers:
http://www.flukenetworks.com/fnet/en-us/products/OptiView+Series+III+Integrated+Network+Analyzer/Demos.htm
Wednesday, June 9, 2010
Monday, June 7, 2010
DHCP & NAT
DHCP message format:
To turn off DHCP server function:
(config)#no service dhcp
(config)#ip dhcp excluded-address a.b.c.d
(config)#ip dhcp excluded-address low_address [high address]
(config)#ip dhcp pool PoolNAME
(dhcp-config)#network a.b.c.d m.m.m.m
(dhcp-config)#default-router g.g.g.g
(dhcp-config)#dns-server a.b.c.d
(dhcp-config)#domain-name us.army.mil
(dhcp-config)#lease { days [hours] [minutes] | infinite }
(dhcp-config)#netbios-name-server b.b.b.b [c.c.c.c]
(config)#interface fa0/0
(config-if)#ip address dhcp
(config-if)#ip helper-address x.x.x.x
(config-if)#ip forward-protocol 58
(config-if)#no shut
#show ip dhcp server statistics
#show ip dhcp binding
#show ip dhcp pool
#show ip dhcp confict
#debug ip dhcp server events
#debug ip dhcp server packet
NAT
(config)#ip nat inside source static local_ip global_ip
(config)#interface f 0/0
(config-if)#ip nat inside
(config)#int s 0/0/0
(config-if)#ip nat outside
(config)#ip nat pool MYNAME 141.63.7.16 141.63.7.31 netmask m.m.m.m
(config)#ip nat inside source list access-list-num s0/1/0 overload
(config)#ip nat inside source list access-list-num pool MYNAME [overload]
(config)#no ip nat inside source
--> remove the dynamic source translation. "overload" enables PAT.
(config)#ip nat translation timeout seconds
#clear ip nat translation *
#show ip nat translations [verbose]
#show ip nat statistics
#debug ip nat [detailed]
OP Code (1B), Hardware type (1B), Hardware address length (1B), Hops (1B).
Transaction Identifier (4B)
Seconds (2B), Flags (2B)
Client IP Address (CIADDR: 4B)
Your IP Address (YIADDR: 4B)
Server IP Address (SIADDR: 4B)
Gateway IP Address (GIADDR: 4B)
Client Hardware Address (CHADDR: 16B)
Server Name (SNAME: 64B)
Boot Filename (128B)
DHCP Options (variable bytes)
To turn off DHCP server function:
(config)#no service dhcp
(config)#ip dhcp excluded-address a.b.c.d
(config)#ip dhcp excluded-address low_address [high address]
(config)#ip dhcp pool PoolNAME
(dhcp-config)#network a.b.c.d m.m.m.m
(dhcp-config)#default-router g.g.g.g
(dhcp-config)#dns-server a.b.c.d
(dhcp-config)#domain-name us.army.mil
(dhcp-config)#lease { days [hours] [minutes] | infinite }
(dhcp-config)#netbios-name-server b.b.b.b [c.c.c.c]
(config)#interface fa0/0
(config-if)#ip address dhcp
(config-if)#ip helper-address x.x.x.x
(config-if)#ip forward-protocol 58
(config-if)#no shut
#show ip dhcp server statistics
#show ip dhcp binding
#show ip dhcp pool
#show ip dhcp confict
#debug ip dhcp server events
#debug ip dhcp server packet
NAT
(config)#ip nat inside source static local_ip global_ip
(config)#interface f 0/0
(config-if)#ip nat inside
(config)#int s 0/0/0
(config-if)#ip nat outside
(config)#ip nat pool MYNAME 141.63.7.16 141.63.7.31 netmask m.m.m.m
(config)#ip nat inside source list access-list-num s0/1/0 overload
(config)#ip nat inside source list access-list-num pool MYNAME [overload]
(config)#no ip nat inside source
--> remove the dynamic source translation. "overload" enables PAT.
(config)#ip nat translation timeout seconds
#clear ip nat translation *
#show ip nat translations [verbose]
#show ip nat statistics
#debug ip nat [detailed]
Wednesday, May 19, 2010
WAN data link protocols (HDLC, Frame Relay)
R1(config-if)#>encapsulation [ppp | hdlc]
R1(config)#username remote_hostname password xxx
R1(config-if)#ppp authentication [ppp | chap]
R1(config-if)#ppp pap sent-username this_hostname password xxx
R1(config)#frame-relay switching
R1(config)#interface s0/0/0
R1(config-if)#clock rate 64000
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay intf-type dce
R1(config-if)#frame-relay route 102 interface s0/0/1 201
R1(config-if)#no shutdown
R1(config)#interface s0/0/1
R1(config-if)#clock rate 64000
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay intf-type dce
R1(config-if)#frame-relay route 201 interface s0/0/0 102
R1#clear frame-relay inarp
R1#show frame-relay map
R1#debug frame-relay lmi
R1#show frame-relay pvc [102] [dlci]
R1#show frame-relay lmi
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#frame-relay map ip 10.1.1.2 101 [broadcast cisco]
-> frame-relay map protocol protocol-address dlci [broadcast] [ietf] [cisco]
-> broadcast enable dynamic routing protocol over virtual circuit
R1(config-if)#interface s0/0/0.102 [multipoint | point-to-point]
-> if all routes belong to the same subnet, use multipoint.
R1(config-subif)#ip address a.a.a.a m.m.m.m
R1(config-subif)#bandwidth 64
R1(config-subif)#frame-replay interface-dlci 102
| Leased Line | Charge by distance, capacity | up to 45 Mb/s (E3/T3) | permanent fixed capacity |
| Basic telephone | distance, time | 33-56 kb/s | dialed, slow connection | ISDN | distance, time | 64 or 128 kbps up to 2 Mbps, PRI | dialed, slow connection |
| X.25 | volume | up to 48 kbps | switched fixed capacity |
| ATM | capacity | up to 155 Mbps | permanent variable capacity |
| Frame Relay | capacity | tup to 45 Mbps | permanent variable capacity |
| DSL | monthly subscription | up to 3 Mbps | always on shared Internet |
| Metro Ethernet | monthly subscription | up to 500 Mbps | limited geographic scope |
WAN Cable Connectors
The DTE/DCE interface uses following Physical layer protocols:EIA/TIA-232: up to 64 kb/s on a 25-pin D-connector over short distances.
EIA/TIA-449/530: faster (up to 2 Mb/s) version of EIA/TIA-232. A 36-pin D-connector and is capable of longer cable runs. Also known as RS422 and RS-423.
EIA/TIA-612/613: High-Speed Serial Interface (HSSI) protocol. Up to 52 Mb/s on a 60-pin D-connector.
V.35: the ITU-T standard for synchronous communications between a network access device and a packet network. Up to 2.048 Mb/s on a 34-pin rectangular connector.
X.21: an ITU-T standard for synchronous digital communications. A 15-pin D-connector.
Saturday, May 15, 2010
security related CLI, ACL
(config)#auto secure
Configure IP Access-List
port security
(config-if)#switchport port-security
-> enable switchport security, and applied all the default values.
(config-if)#switchport port-security maximum 1
-> allow only 1 mac address
(config-if)#switchport port-security mac-address sticky
-> only use the first learned MAC address
(config-if)#switchport port-security violation [protect | restrict | shutdown]
-> default: shutdown
-> protect: only allow traffic from the secure port and drop packets from other MAC
-> restrict: alert admin
#debug ip packet detail access-list-num
(config)#access-list 102 permit udp any any eq rip
-> permit Routing Information Protocol (RIP):
(config)#access-list 102 permit igrp any any
-> permit Interior Gateway Routing Protocol (IGRP):
(config)#access-list 102 permit eigrp any any
-> permit Enhanced IGRP (EIGRP):
(config)#access-list 102 permit ospf any any
->allow Open Shortest Path First (OSPF):
(config)#access-list 102 permit tcp any any eq 179
->permit Border Gateway Protocol (BGP):
Configure SSH:
(config)#ip domain-name mydomain.com
(config)#crypto key generate rsa
(config)#ip ssh version 2
(config)#ip ssh time-out 120
(config)#ip ssh authentication-retries 3
(config)#line vty 0 15
(config-ine)#transport input SSH
-> ssh only, disable telnet
DHCP snooping:
(config)#ip dhcp snooping [vlan number 99]
(config-if)#ip dhcp snooping trust
(config)#ip dhcp snooping limit rate 10
(config)#no ip http server
(config)#access-list my_list_num permit my_ip_address
(config)#access-list my_list_num deny any
(config)#line vty 0 4
(config-line)#access-list my_access_list_num in
(config-line)#exec-timeout 5 0
-> line times out 5 minutes + 0 seconds
(config-line)#privilege level 12
-> level 15 (1111) is highest.
(config)#ip http access-class my_access_list_num
>> allows only my_ip_address to access vty lines.
(config)#access-list 123 ip permit host my_manager_ip host current_router_hostname
(config)#access-list 123 deny ip any any
>> encrypt traffic to the manage station, not encrypt (deny) traffic to all other IPs.
(config)#crypto ipsec transform-set my_transform_name ah-md5-hmac esp-des
(config)#crypto map my_map policy_id ipsec-isakmp
(config-crypto-map)#set peer manage_ip
(config-crypto-map)#set transform-set my_transform_name
(config-crypto-map)#match address 123
(config)#int s0/1
(config-if)#crypto map my_map
(config)#ip http authentication [enable | local | tacacs | aaa]
(config)#crypto isakmp policy policy_num
>> create a security policy #
(config-isakmp)#authentication pre-share
(config)#username jdoe privilege 5 [password joes_passwd]
(config)#privilege exec level 2 clear line
(config)#privilege exec level 10 telnet
(config)#privilege exec level 10 debug
(config)#privilege exec level 15 show access-lists
(config)#privilege exec level 15 show logging
--> only level 15 can see logging
==> enable moves up level to 15
#disable 2
--> move down to level 2
AAA - authentication, authorization, accounting
(config)#aaa new-model
(config)#aaa authentication login default local
(config)#line vty 0 4
(config-line)#login authentication default
(config)#tacacs-server host x.x.x.x
(config)#tacacs-server key my_tkey
--> apply default aaa authentication to each telnet line
(config)#aaa authentication login default group tacacs+ local
--> use tacacs+ server first, if unreachable, use local login password
(config)#aaa authentication enable default group tacacs+ enable
(config)#ip http authentication aaa
(config)#aaa authorization exec default group tacacs+ if-authenticated
(config)#aaa authorization commands 15 default group tacacs+ if-authenticated
--> allow authenticated users to run any command at their current level
(config)#radius-server host y.y.y.y
(config)#radius-server key my_rkey
(config)#aaa authentication loging default group radius local
(config)#aaa authentication enable default group radius enable
(config)#line con 0
(config-line)#login authentication default
(config)#kerberos local-realm my_kserver.com
(config)#kerberos server my_kserver.com my_k_ip
(config)#kerberos srvtab remote my_k_ip srvtab-filename
(config)#kerberos credentials forward
(config)#aaa authentication login default krb5 local
(config)#line vty 0 4
(config-line)#login authentication default
(config)#key chain myKeyName
(config-keychain)#key 1
(config-keychain)#key-string xxx
(config)#interface s0/0/0
(config-if)#ip authentication mode eigrp 1 md5
(config-if)#ip authentication key-chain eigrp 1 myKeyName
(config)#interface s0/0/1
(config-if)#ip ospf message-digest-key 1 md5 mykey
(config-if)#ip ospf authentication message-digest
(config)#router ospf autonomous_num
(config-router)#area 0 authentication message-digest
(config)#access-list 16 permit x.y.0.0 0.0.255.255
(config)#access-list 16 deny any
(config)#interface s0/0
(config-if)#ip access-group 16 out
(config-if)#no ip redirects
(config-if)#no ip directed-broadcast
(config-if)#no ip mask-reply
(config-if)#no ip unreachables
(config-if)#no ip proxy-arp
(config-if)#no cdp enable
(config-if)#ip verify unicast reverse-path
(config-if)#ntp disable
(config-if)#ip access-group 101 in
(config-if)#ip access-group 102 out
(config)#ntp authenticate
(config)#ntp authentication-key 12 md5 mykey
(config)#ntp trusted-key 12
(config)#ntp server x.x.y.y key 12
(config)#logging console
(config)#logging on
(config)#logging buffered 32000
--> 32000 byte logging buffer
(config)#logging trap debugging
(config)#logging x.y.z.b
--> output syslog to a network device.
Configure IP Access-List
port security
(config-if)#switchport port-security
-> enable switchport security, and applied all the default values.
(config-if)#switchport port-security maximum 1
-> allow only 1 mac address
(config-if)#switchport port-security mac-address sticky
-> only use the first learned MAC address
(config-if)#switchport port-security violation [protect | restrict | shutdown]
-> default: shutdown
-> protect: only allow traffic from the secure port and drop packets from other MAC
-> restrict: alert admin
#debug ip packet detail access-list-num
(config)#access-list 102 permit udp any any eq rip
-> permit Routing Information Protocol (RIP):
(config)#access-list 102 permit igrp any any
-> permit Interior Gateway Routing Protocol (IGRP):
(config)#access-list 102 permit eigrp any any
-> permit Enhanced IGRP (EIGRP):
(config)#access-list 102 permit ospf any any
->allow Open Shortest Path First (OSPF):
(config)#access-list 102 permit tcp any any eq 179
->permit Border Gateway Protocol (BGP):
Configure SSH:
(config)#ip domain-name mydomain.com
(config)#crypto key generate rsa
(config)#ip ssh version 2
(config)#ip ssh time-out 120
(config)#ip ssh authentication-retries 3
(config)#line vty 0 15
(config-ine)#transport input SSH
-> ssh only, disable telnet
DHCP snooping:
(config)#ip dhcp snooping [vlan number 99]
(config-if)#ip dhcp snooping trust
(config)#ip dhcp snooping limit rate 10
(config)#no ip http server
(config)#access-list my_list_num permit my_ip_address
(config)#access-list my_list_num deny any
(config)#line vty 0 4
(config-line)#access-list my_access_list_num in
(config-line)#exec-timeout 5 0
-> line times out 5 minutes + 0 seconds
(config-line)#privilege level 12
-> level 15 (1111) is highest.
(config)#ip http access-class my_access_list_num
>> allows only my_ip_address to access vty lines.
(config)#access-list 123 ip permit host my_manager_ip host current_router_hostname
(config)#access-list 123 deny ip any any
>> encrypt traffic to the manage station, not encrypt (deny) traffic to all other IPs.
(config)#crypto ipsec transform-set my_transform_name ah-md5-hmac esp-des
(config)#crypto map my_map policy_id ipsec-isakmp
(config-crypto-map)#set peer manage_ip
(config-crypto-map)#set transform-set my_transform_name
(config-crypto-map)#match address 123
(config)#int s0/1
(config-if)#crypto map my_map
(config)#ip http authentication [enable | local | tacacs | aaa]
(config)#crypto isakmp policy policy_num
>> create a security policy #
(config-isakmp)#authentication pre-share
(config)#username jdoe privilege 5 [password joes_passwd]
(config)#privilege exec level 2 clear line
(config)#privilege exec level 10 telnet
(config)#privilege exec level 10 debug
(config)#privilege exec level 15 show access-lists
(config)#privilege exec level 15 show logging
--> only level 15 can see logging
==> enable moves up level to 15
#disable 2
--> move down to level 2
AAA - authentication, authorization, accounting
(config)#aaa new-model
(config)#aaa authentication login default local
(config)#line vty 0 4
(config-line)#login authentication default
(config)#tacacs-server host x.x.x.x
(config)#tacacs-server key my_tkey
--> apply default aaa authentication to each telnet line
(config)#aaa authentication login default group tacacs+ local
--> use tacacs+ server first, if unreachable, use local login password
(config)#aaa authentication enable default group tacacs+ enable
(config)#ip http authentication aaa
(config)#aaa authorization exec default group tacacs+ if-authenticated
(config)#aaa authorization commands 15 default group tacacs+ if-authenticated
--> allow authenticated users to run any command at their current level
(config)#radius-server host y.y.y.y
(config)#radius-server key my_rkey
(config)#aaa authentication loging default group radius local
(config)#aaa authentication enable default group radius enable
(config)#line con 0
(config-line)#login authentication default
(config)#kerberos local-realm my_kserver.com
(config)#kerberos server my_kserver.com my_k_ip
(config)#kerberos srvtab remote my_k_ip srvtab-filename
(config)#kerberos credentials forward
(config)#aaa authentication login default krb5 local
(config)#line vty 0 4
(config-line)#login authentication default
(config)#key chain myKeyName
(config-keychain)#key 1
(config-keychain)#key-string xxx
(config)#interface s0/0/0
(config-if)#ip authentication mode eigrp 1 md5
(config-if)#ip authentication key-chain eigrp 1 myKeyName
(config)#interface s0/0/1
(config-if)#ip ospf message-digest-key 1 md5 mykey
(config-if)#ip ospf authentication message-digest
(config)#router ospf autonomous_num
(config-router)#area 0 authentication message-digest
(config)#access-list 16 permit x.y.0.0 0.0.255.255
(config)#access-list 16 deny any
(config)#interface s0/0
(config-if)#ip access-group 16 out
(config-if)#no ip redirects
(config-if)#no ip directed-broadcast
(config-if)#no ip mask-reply
(config-if)#no ip unreachables
(config-if)#no ip proxy-arp
(config-if)#no cdp enable
(config-if)#ip verify unicast reverse-path
(config-if)#ntp disable
(config-if)#ip access-group 101 in
(config-if)#ip access-group 102 out
(config)#ntp authenticate
(config)#ntp authentication-key 12 md5 mykey
(config)#ntp trusted-key 12
(config)#ntp server x.x.y.y key 12
(config)#logging console
(config)#logging on
(config)#logging buffered 32000
--> 32000 byte logging buffer
(config)#logging trap debugging
(config)#logging x.y.z.b
--> output syslog to a network device.
Wednesday, April 28, 2010
STP - Spanning Tree Protocol
switch(config)#spanning-tree mode pvst
switch(config)#spanning-tree mode rapid-pvst
switch(config)#spanning-tree vlan 10 root primary
switch(config)#spanning-tree vlan 20 root secondary
switch(config)#spanning-tree vlan 10 priority 4096
switch(config)#spanning-tree vlan 99 root primary diameter 5
switch(config)#interface fastethernet 0/18
switch(config-if)#spanning-tree cost 25
switch(config-if)#spanning-tree portfast
-> for access port. Also designates RSTP edge port.
switch(config-if)#spanning-tree port-priority 112 (default 128)
switch(config-if)#spanning-tree link-type point-to-point
switch#clear spanning-tree detected-protocols
-> clear all detected STP
switch#show spanning-tree vlan 10
Friday, April 16, 2010
VLAN & VTP
VLAN tag control: 3 bit of priority (used by 802.1p standard), 1 bit of Canonical Format Identifier (enables Token Ring frames), 12 bit of VLAN ID. 
S1#delete flash:vlan.dat
S1(config)#vlan 10
S1(config-vlan)#name student
S1#vlan database (for old switches)
S1(vlan)#vlan 10 name xxx (for old switches)
S1(vlan)#vtp client (for old switches)
S1(config)#no vlan 10
S1(config)#vlan 100,105-110
S1#show vlan brief
S1#show vlan id 10
S1#show vlan name student
S1#show interface vlan 10 switchport
S1#show vlan summary
S1(config)#interface range gi0/1-2
S1(config-if-range)#shutdown
S1(config)#interface range fa0/1-24
S1(config-if-range)#shutdown
S1(config)#interface range fa0/6, fa0/11
S1(config-if-range)#switchport mode access
S1(config-if-range)#no shutdown
S1(config)#interface range fa0/6-10
S1(config-if-range)#switchport access vlan 10
S1(config-if)#mls qos trust cos
S1(config)#interface fa0/18
S1(config-if)#switchport voice vlan 150
S1(config-if)#switchport mode access
S1(config-if)#no switchport access vlan
S1(config-if)#switchport access vlan 105
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#duplex auto // can be full, or half
S1(config-if)#speed auto
S1(config)#[no] mac-address-table static vlan {1-4096, ALL} interface interface-id 
S1(config)#interface F0/1
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#switchport mode trunk ... or
S1(config-if)#switchport mode dynamic auto ... or
S1(config-if)#switchport mode dynamic desirable ... or
S1(config-if)#switchport nonegotiate
S1(config-if)#switchport trunk native vlan 99
S1#show interface trunk
switch(config)#ip default-gateway 172.17.99.1
switch(config)#interface vlan 99
switch(config-if)#ip address 172.17.99.11 255.255.255.0
switch(config-if)#no shutdown
Router(config)#interface fa0/0.10
-> for vlan 10
Router(config-subif)#encapsulate dot1q 10
Router(config-subif)#ip address 172.16.10.11 255.255.255.0
Router(config)#interface fa0/0.99
Router(config-subif)#encapulate dot1q native 99
Router(config-subif)#ip address 172.16.99.1 255.255.255.0
Router(config-subif)#interface fa0/0
Router(config-if)#no shutdown
S1#show vtp status
S1(config)#vtp domain mydomain
S1(config)#vtp version 1
S1(config)#vtp password mypassword
S1(config)#vtp mode [server | client]
S1#delete flash:vlan.dat
S1(config)#vlan 10
S1(config-vlan)#name student
S1#vlan database (for old switches)
S1(vlan)#vlan 10 name xxx (for old switches)
S1(vlan)#vtp client (for old switches)
S1(config)#no vlan 10
S1(config)#vlan 100,105-110
S1#show vlan brief
S1#show vlan id 10
S1#show vlan name student
S1#show interface vlan 10 switchport
S1#show vlan summary
-> display count of all configured VLANs
S1(config)#interface range gi0/1-2
S1(config-if-range)#shutdown
S1(config)#interface range fa0/1-24
S1(config-if-range)#shutdown
S1(config)#interface range fa0/6, fa0/11
S1(config-if-range)#switchport mode access
S1(config-if-range)#no shutdown
S1(config)#interface range fa0/6-10
S1(config-if-range)#switchport access vlan 10
S1(config-if)#mls qos trust cos
-> ensure that voice traffic as priority traffic (if the network is setup to prioritize voice traffic)
S1(config)#interface fa0/18
S1(config-if)#switchport voice vlan 150
S1(config-if)#switchport mode access
S1(config-if)#no switchport access vlan
S1(config-if)#switchport access vlan 105
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#duplex auto // can be full, or half
S1(config-if)#speed auto
S1(config)#[no] mac-address-table static
-> create a static mapping in the MAC address table
S1(config)#interface F0/1
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#switchport mode trunk ... or
S1(config-if)#switchport mode dynamic auto ... or
S1(config-if)#switchport mode dynamic desirable ... or
S1(config-if)#switchport nonegotiate
-> turn off DTP
S1(config-if)#switchport trunk native vlan 99
S1#show interface trunk
switch(config)#ip default-gateway 172.17.99.1
switch(config)#interface vlan 99
switch(config-if)#ip address 172.17.99.11 255.255.255.0
switch(config-if)#no shutdown
Router(config)#interface fa0/0.10
-> for vlan 10
Router(config-subif)#encapsulate dot1q 10
Router(config-subif)#ip address 172.16.10.11 255.255.255.0
Router(config)#interface fa0/0.99
Router(config-subif)#encapulate dot1q native 99
Router(config-subif)#ip address 172.16.99.1 255.255.255.0
Router(config-subif)#interface fa0/0
Router(config-if)#no shutdown
S1#show vtp status
S1(config)#vtp domain mydomain
S1(config)#vtp version 1
S1(config)#vtp password mypassword
S1(config)#vtp mode [server | client]
Wednesday, March 3, 2010
OSPF
| Encapsulation | Message Format |
 |  |
OSPF Types: Hello = 1; DD = 2; LS Request = 3; LS Update = 4; LS Ack = 5.
OSPF is inheritly classless, no summarization at classful boundary.
Loopback interfaces are not advertised in OSPF.
Loopback interface is preferred to use for router-id.
router-id must be distinct.
Router(config)#router ospf 1
Router(config-router)#network 192.168.1.9 0.0.0.3 area 0
Router(config-router)#router-id ip_address
--> otherwise, the highest active IP interface will be picked. Or the first OSPF network command.
Router(config-router)#auto-cost reference-bandwidth 100 (in Mbps)
Router#clear ip ospf process
Router#show ip ospf [interface]
Router#show ip ospf neighbor
Router(config-if)#bandwidth 64 (in Kbps) is equivelant to:
Router(config-if)#ip ospf cost 1562
Router(config-if)#ip ospf priority {0 - 255}
Router(config-if)#ip ospf hello-interval 5 (default is 10, in seconds)
Router(config-if)#ip ospf dead-interval 20 (default is 40, in seconds)
--> intervals must be identical between neighbors.
Saturday, February 27, 2010
default Administrative Distances
connected 0
static 1
EIGRP summary route 5
external BGP 20
internal EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
external EIGRP 170
internal BGP 200
Friday, February 26, 2010
EIGRP
EIGRP data link frame. 
Router#show ip eigrp neighbors
Router#show ip eigrp topology [network_IP / all-links]
Router(config-if)#ip summary-address eogrp a# network mask
Router(config-if)#bandwidth kilobits
Router(config-if)#ip bandwidth-percent eigrp as-process-id percent (default 50%)
Router(config-if)#ip hello-interval eigrp as-process-id seconds
Router(config-if)#ip hold-time eigrp as-process-id seconds
Router(config-if)#ip summary-address eigrp as-process-id ip-add ip-mask
Router(config)#router eigrp as-process-id
Router(config-router)#redistribute static
Router(config-router)#ip default-network
Router(config-router)#network 192.168.30.128 0.0.0.3
router(config-router)#metric weights tos k1 k2 k3 k4 k5 (tos=0)
[k1*bandwidth + (k2*bandwidth)/256-load) + k3*delay] * [k5/(reliability + k4)]
debug eigrp fsm
 |  |  |
Router#show ip eigrp neighbors
Router#show ip eigrp topology [network_IP / all-links]
Router(config-if)#ip summary-address eogrp a# network mask
Router(config-if)#bandwidth kilobits
Router(config-if)#ip bandwidth-percent eigrp as-process-id percent (default 50%)
Router(config-if)#ip hello-interval eigrp as-process-id seconds
Router(config-if)#ip hold-time eigrp as-process-id seconds
Router(config-if)#ip summary-address eigrp as-process-id ip-add ip-mask
Router(config)#router eigrp as-process-id
Router(config-router)#redistribute static
Router(config-router)#ip default-network
Router(config-router)#network 192.168.30.128 0.0.0.3
router(config-router)#metric weights tos k1 k2 k3 k4 k5 (tos=0)
[k1*bandwidth + (k2*bandwidth)/256-load) + k3*delay] * [k5/(reliability + k4)]
debug eigrp fsm
Wednesday, February 3, 2010
Load IOS from an FTP server
rommon1 >IP_ADDRESS=10.1.1.2 // this unit's IP
rommon2 >IP_SUBNET_MASK=255.0.0.0
rommon3 >DEFAULT_GATEWAY=10.1.1.2 // this unit's gateway
rommon4 >TFTP_SERVER=10.1.1.1 // server's NIC IP address
rommon5 >FTFP_FILE=888xxxxyyyy. // the file name
rommon6 >tftpdnld
------------ wait for 10 minutes -------------
> boot system flash
=======================
#copy tftp: flash:
address or name of remote host?
source filename?
(config)#boot system flash image_file_name
#reload
rommon2 >IP_SUBNET_MASK=255.0.0.0
rommon3 >DEFAULT_GATEWAY=10.1.1.2 // this unit's gateway
rommon4 >TFTP_SERVER=10.1.1.1 // server's NIC IP address
rommon5 >FTFP_FILE=888xxxxyyyy. // the file name
rommon6 >tftpdnld
------------ wait for 10 minutes -------------
> boot system flash
=======================
#copy tftp: flash:
address or name of remote host?
source filename?
(config)#boot system flash image_file_name
#reload
Monday, January 11, 2010
bootup process
 |  |
The switch loads the boot loading software from NVRAM.
The boot loader:
- Performs low-level CPU initialization.
- Performs POST (power-on self test) for the CPU subsystem.
- Initializes the flash file system on the system board.
- Loads a default OS image into memory and boots the switch.
The boot loader can help recover from an OS crash:
provides access into the switch if OS has problems.
provides access to the files stored on flash before the OS is loaded.
use the boot loader command line to perform recovery operations.
To modify where to load IOS: startup configuration or configuration register.
Cisco router configuration register
Cisco router configuration register:
http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a008022493f.shtml
http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a008022493f.shtml
| Bit Number | Hex | Meaning |
| 00-03 | 0x0000-0x000F | Boots Field Parameters 0x0000 Stays at the system bootstrap prompt 0x0001 Boots system image on EPROM 0x0002-0x000F Specifies a default netboot filename |
| 06 | 0x0040 | Ignore NVRAM contents |
| 07 | 0x0080 | Disable boot messages |
| 08 | 0x0100 | Break disabled |
| 10 | 0x0400 | IP broadcast with all zeros |
| 5,11,12 | 0x0020, 0x0800, 0x1000 | Console line speed |
| 13 | 0x2000 | Boots default ROM software if network boot fails |
| 14 | 0x4000 | IP broadcasts do not have net numbers |
| 15 | 0x8000 | Enables diagnostic messages Ignores NVRAM contents |
Subscribe to:
Posts (Atom)