Archive for March, 2008

Router-on-A-Stick (Inter VLAN Routing)

Posted in Router-on-A-Stick on March 18, 2008 by itdaddy

roscomplex.jpg 

 www.palaestratraining.com

This CBT company seems good. I watch one video off of YouTube. Attached here is a video that describes ROS. Watch and learn. And then check out this site and let me know what you think? I have used CBT Nuggets and Bryant Advantage but I am always looking for better CBT courses. Most better explained.

Double Click video and go to YouTube website so you can enlarge the screen to FULL. It is much easier to watch video in Full Screen mode.

 

1.      PC Configuration (TCP/IP Settings)

 

HOST A

 

IP: 192.168.3.5

SM: 255.255.255.0

DG: 192.168.3.1

Vlan: 3

 

HOST B

 

IP: 192.168.2.5

SM: 255.255.255.0

DG: 192.168.2.1

Vlan: 2

 

HOST C

 

IP: 192.168.3.10

SM: 255.255.255.0

DG: 192.168.3.1

Vlan: 3

 

HOST D

 

IP: 192.168.4.5

SM: 255.255.255.0

DG: 192.168.4.1

Vlan: 4

 

HOST E

 

IP: 192.168.2.10

SM: 255.255.255.0

DG: 192.168.2.1

Vlan: 2

 

 

2.      Router Configuration

 

On a FastEthernet interface create 3 subifs (sub-interfaces)

that match up with each vlan #

 

interface fastethernet0
no ip address

interface FastEthernet 0.20
ip address 192.168.2.1 255.255.255.0
encapsulation Dot1q 2

interface FastEthernet 0.30
ip address 192.168.3.1 255.255.255.0
encapsulation Dot1q 3

interface FastEthernet 0.40
ip address 192.168.4.1 255.255.255.0
encapsulation Dot1q 4

 

3.      Switch Configuration

 

The port on the switch that will be connected to the router’s FastEthernet port must be in trunking mode, and you must know the trunking protocol in use that will be Dot1q. The Cat 2950 doesn’t support ISL trunking it only supports Dot1q. Set “encap Dot1q”on the switch fa0/0 interface.

 

SW2>en

SW2#conf t

Enter configuration commands, one per line.  End with CNTL/Z

SW2(config)#int fa0/12

SW2(config-if)#switchport mode trunk

 

Vlan config:

 

Assign each PC into its own VLAN

 

  1. create vlans on each Switch like this.

       SW3#vlan database

       SW3(vlan)#vlan 2

                           vlan 3

                           vlan 4

Note: Assign vlan # to the proper vlan like this. For example, if you hav 192.168.2.5 on a PC and the FastEthernet port is connected, that fa0/x port belongs to Vlan 2 because of the 2 in the 3rd octet. The same goes for all the rest.

  1. Assign Fa0/x to a vlan

 

SW3>

SW3>en

SW3#conf t

SW3(config)#int fa0/7

SW3(config-if)#switchport mode access

SW3(config-if)#switchport access vlan 4

SW3(config-if)#

 

Note: You could setup VTP server/client and do  it that way. But I left them all VTP Server mode for simplification to focus on inter vlan router setup.

 

 

  1. Test ROS

 

Ping from one PC all the IP addresses on the network. If you can do this, the ROS config setup is done correctly. Again, if you can ping each subnet from one PC and its subnet respectively, then what you did is correct.

 

So from host A 192.168.3.5 if you can ping all the ip addresses on the network, you have setup ROS correctly. Good Job! This is inter vlan ROS configuring!

 

 

Done!

 

The Bryant Advantage Example of ROS really nice too! Great Cisco Instructor Classess!

Advertisements

frame-relay map ip x.x.x.x dlci broadcast OR frame-relay interface-dlci

Posted in Frame-Relay Commands on March 17, 2008 by itdaddy

 =============================
frame-relay show commands
=============================
R2#sh frame lmi
LMI Statistics for interface Serial1 (Frame Relay DTE) LMI TYPE = CISCO
  Invalid Unnumbered info 0             Invalid Prot Disc 0
  Invalid dummy Call Ref 0              Invalid Msg Type 0
  Invalid Status Message 0              Invalid Lock Shift 0
  Invalid Information ID 0              Invalid Report IE Len 0
  Invalid Report Request 0              Invalid Keep IE Len 0
  Num Status Enq. Sent 14               Num Status msgs Rcvd 14
  Num Update Status Rcvd 0              Num Status Timeouts 0
  Last Full Status Req 00:00:47         Last Full Status Rcvd 00:00:47
R2#sh frame pvc
PVC Statistics for interface Serial1 (Frame Relay DTE)
              Active     Inactive      Deleted       Static
  Local          1            0            0            0
  Switched       0            0            0            0
  Unused         0            0            0            0
DLCI = 221, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial1.123
  input pkts 0             output pkts 0            in bytes 0        
  out bytes 0              dropped pkts 0           in pkts dropped 0        
  out pkts dropped 0                out bytes dropped 0        
  in FECN pkts 0           in BECN pkts 0           out FECN pkts 0        
  out BECN pkts 0          in DE pkts 0             out DE pkts 0        
  out bcast pkts 0         out bcast bytes 0        
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
  pvc create time 05:30:57, last time pvc status changed 00:21:00
R2#sh frame map
Serial1.123 (up): ip 172.12.123.1 dlci 221(0xDD,0x34D0), static,
              broadcast,
              CISCO, status defined, active
Serial1.123 (up): ip 172.12.123.3 dlci 221(0xDD,0x34D0), static,
              broadcast,
              CISCO, status defined, active
R2#
==============================
============================== 
 

 

frc3-4fin.png

 

 

 

 

My View on Frame-Relay:

Frame-relay can be very weird.  The hard thing about frame-relay is “which frame-relay command do I use?” is the question.

The answer to the question is simple: You can use which one you want as long as all the PVC mappings are complete and connect to the correct router interface.  You can mix and match frame-relay commands. Just run a ping command to each PVC (ip address) and run your debug commands:

show frame map – Should see word “Active”  if working well.
show frame pvc   –
show frame lmi    –  Sent/Received should be equal amount if working

Static Mappings Command:

frame-relay map ip (remote ip address) (local dlci) broadcast

frame-relay map ip 172.12.123.1 201 broadcast

NOTE: Broadcast is used with this command to allow RIP updates to work. But, if “frame-relay inverse-arp” is used and inverse-arp is turned on, then the command “broadcast” is not needed.

Dynamic Mappings Command:

frame-relay interface-dlci (local dlci) 

frame-relay interface-dlci 201

frame-relay inverse-arp (enabled)

NOTE: frame-relay inverse-arp used to allow for dynamic mappings. 

If you look at the drawing I have given you, it explains the difference between the “actual” and the “virtual/logical” layout of the frame-relay setup. What you see is not what you actually get. When I first saw the “Full-Mesh” I thought there were three actual physical ports on each router. This is not true. You have instead 3 virtual or 3 sub-interfaces on each router that set up a PVCs to each router. I think this is essential when teaching or learning frame-relay. Remember that they are virtual/logical mappings not separate physical ports.

NOTE: You need ‘broadcast’ command with “frame-relay map ip” command when using RIPv1 since it uses broadcasts to send out routing table information.

NOTE: The hard thing now is to know when to use the right frame-relay command mentioned above and which type of port setup:

Port setup types:                                              Example:

Serial Port only                                                  Serial0
Serial Port with Multipoint option                       Serial0.1 multipoint
Serial Port with Point-to-Point option                Serial0.1 point-to-point

Other important Commands:

no frame-relay inverse-arp

You need “broadcast” command to allow RIP updates to  take place.

frame-relay inverse-arp

No need for “broadcast” command here. 

frame-relay lmi-type (ansi, cisco, q933a)

 Keep lmi types the same on both ends. 

encapsulation frame-relay (can use – “ietf”)

Keep encap “frame-relay” for frame-relay connections

 

Example of R1 (Full-mesh) Frame-relay topology:

frc-1f.png

 

 

 

 

Subinterfaces on R1:

R1(config)#interface serial 0

R1(config-if)#encapsulation frame-relay

R1(config-if)#no shutdown

R1(config-if)#interface serial0.200 point-to-point

R1(config-subif)#frame-relay interface-dlci 102

R1(config-subif)#ip address 172.16.1.1 255.255.255.0

R1(config-subif)#no shutdown

———————————-

R1(config-if)#interface serial0.300 point-to-point

R1(config-subif)#frame-relay interface-dlci 103

R1(config-subif)#ip address 172.16.3.1 255.255.255.0

R1(config-subif)#no shutdown

———————————

R1(config-if)#interface serial0.400 point-to-point

R1(config-subif)#frame-relay interface-dlci 104

R1(config-subif)#ip address 172.16.4.1 255.255.255.0

R1(config-subif)#no shutdown

 ————————————————————–

Frame Relay YouTube nice! Below (Double Click to expand video Full Screen

————————————————————–

 www.palaestratraining.com

 

H2o Fuel…Answer to get rid USA dependency on OPEC oil–OPEC Sucks!!!

Telnet over SSH port 22 for Remote Access

Posted in Telent SSH Access Remotely on March 14, 2008 by itdaddy

telnetossh.png

 

(Click on picture to make bigger)

Steps to Telnet over SSH (tunneling port 23 through port 22)

Step1:

Remote PC needs putty.exe on it. Configure it with Document attached here TunnelWithPutty (3.3 MB size). or (Try This Putty Config) Like I said. Configure it to work on your LAN first. Establish a tunnel to your SSH server. Download CopSSH here.  What you do is create tunnel with putty.exe and then open up cmd prompt and telnet into with your new DNS name you made on DynDns website account. This is cool! DNS provider so you can reference your public IP with and updated DNS name. DynDNS.com.
Step2:

Setup an account at DynDns.com and you can have free DNS name. For example, my remote access name on the public sector is say itdaddy.bluecow.com. They give out free public name spaces that reference your dynamic public IP address. After establishing an acccount there, you can pick from many parent names such as bluecow.com (made that one up myself) but they have many parent names. You are allowed to name your child domain for example like mine “itdaddy.bluecow.com”. They give you a list of programs to install on your SSH server or computer that has internet access and that is on all the time. This IP updater, updates DynDns DNS servers with your Dynamic public ip from the inside of your LAN. This is nice to use to access your SSH server via name that will always have the most current public IP address.

Step3:

Setup port forwading of port 22 only to your SSH server. No need to setup Telnet 23 port forwarding since you are tunneling through port 22. Kind of weird but it works.

Step4:

SSH server with CopSSH running on this. You can also have your IP updater from DynDNS run on this server to keep your DNS name on the public DNS servers updated daily – I love this.

Step5:

I have a Cisco 2511 access router setup with reverse DNS. DO a google on setting up you access server. Easy to setup. If you need any help you just ask me on this site. And I can help you figure your reverse telnet setup on your access router. Please first play with yourself. You can do it!

What I do also is setup an an ACL on this ethernet port to my Access Router to only allow telnet traffic on port 23 to come from my SSH server IP address only. Since once I have my SSH tunnel from public WAN to my Private LAN on my SSH server. I then like I said telnet again from the SSH server to my 2511. This is again because I have no image that has SSH server on it to my Access Server direct. If I had a SSH server on my 2511 router, I would have my firwall port forward to that. But maybe I am more secure have myself telnet again from my SSH server to the access router and having and ACL setup to allow port 23 traffic from my SSH server only. This might be more secure. It works well.

Step6:

Finally, I looked up on the internet how to setup a Access router using reverse telnet and Loopback address. Do a google on setup of a Cisco Access router. Very cool to setup. Not hard at all. With my Access Router, I nolonger have to switch my console cable back and forth to all my Cisco devices. I just bring up one console and remote in to each device via one console session. Cool huh? I will eventuallly show you my setup for my access router on this blog soon. Enjoy!

Tips: Setup Tunnelling within your LAN first. Then try it from WAN to your LAN. 

Freaking Awesome Whale Talking. Thought this was cool to add to my blog! 

Router Summarization Manually!

Posted in Route Summarization on March 14, 2008 by itdaddy

Summarization of Routes

Can be called 3 different things:

1. Route Aggregation
2. Route Summarization
3. Supernetting
 

How to manually calculated a summarized route:

172.1.4.0        /25
172.1..4.128   /25
172.1.5.0        /25
72.1.6.0          /24
172.1.7.0        /24

Binary Chart:

1 6 3 1 8 4 2 1  
2 4 2 6
8
——————-
-|-|-|-|-|-|-|-|
——————–
0 0 0 0 0 1 0 0

172.1.(last in common octets)

                        22 23 24 placeholders

4.0          00000  1   0    0.00000000
4.128       00000  1   0    0.10000000
5.0          00000  1   0    1.00000000
6.0          00000  1   1    0.00000000
7.0          00000  1   1    1.00000000

*Notice the 22nd place holder is the last  in common. Choose this place.

To find the IP subnet and subnet mask to summarize this route, you use the 22nd placeholder for the subnet mask (/22). And you keep the number 4 value in the 3rd octet because it is the value for the 22nd placeholder.

Answer: 172.1.4.0 /22

It is that simple. Do not try to make it harder than this…

Example from http://www.routemyworld.com **** Great site!

Route Summarization Strategies

The following example illustrates a method of summarize a group of subnets.

10.3.4.0/24
10.3.5.0/24
10.3.6.0/24
10.3.7.0/24

1. Convert the addresses to binary
2. Find the all the common bits from left to right
3. Convert all the bits that are in common back to decimal, and leave all the rest of the bits to zero.
4. The number of bits that are in common will be their subnet mask

10.3.4.0: 00001010 00000011 00000100 00000000
10.3.5.0: 00001010 00000011 00000101 00000000
10.3.6.0: 00001010 00000011 00000110 00000000
10.3.7.0: 00001010 00000011 00000111 00000000

The bits in red are the common bits. When the bits in red are converted back to decimal, the end

result is 10.3.4.0. This is the summary subnet.

To calculate the mask, count all the bits in red. There are 22 bits. Therefore the summary route is

10.3.4.0/22 or subnet mask 255.255.252.0

Manual Route Summarization
Reduces the size of the routing table by aggregating a group of routes into a single route that is advertised to the other routers. As a result, there is speedier process in routing packets as well as less amount of processing power is consumed. Needs to be configured in order for it to occur to manually configure summary route with EIGRP (or RIP v2), use the interface subcommand ip

summary-address
R1(config-if)#ip summary-address eigrp 1 10.2.0.0 255.255.0.0

R2(config-if)#ip summary-address eigrp 1 10.3.0.0 255.255.0.0