Archive for July, 2008

OSPF/EIGRP Authentication

Posted in OSPF/EIGRP Authentication on July 26, 2008 by itdaddy

————————————————

EIGRP md5 key-chain authentication

————————————————

Note: Do on both routers; both for OSPF and both for EIGRP. Make them match and then do the ping command and or show ip interface brief command to see if links are up and up!

——————————————————

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#key chain mykeychain1
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string ccie
R2(config-keychain-key)#^Z
R2#
*Mar  1 00:17:29.611: %SYS-5-CONFIG_I: Configured from console by consoleconf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int fa0
R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain eigrp 100 mykeychain1
R2(config-if)#
=========================================
———————————————————————-
OSPF authentication Text or MD5 message-digest
———————————————————————-
clear text authentication
—————————
R1(config)#int serial 0
ip ospf authentication-key ccna
ip ospf authentication
ctrl+Z
wr
note: both routers need the same on each interface.
————————————————————————
MD5 authentication
—————————
R1(config)#int s0
ip ospf authentication message-digest
ip ospf authentication message-digest-key 1 md5 ccie
ctrl+z
wr
note: both routers need the same on each interface.
————————————————————————
Gosh Darn it this what a lot to digets! Done OSPF!!!!!
————————————————————————

Is someone giving me a hint!??????

Posted in Misc on July 24, 2008 by itdaddy

I will take the Big Man’s Advice – from upstairs!

Found this is my fortune cookie today! —sound advice to me!

And the funny thing G is the lucky numbers add up to 931 weird huh?!! hahaaah

 

2 Weeks to go! 7 August 2008 at 10am! Exam CCNA 802

Posted in Misc on July 24, 2008 by itdaddy

Well, dudes. I am getting geared up to take my CCNA exam 802 7 August 2008. My strategies is to hammer main and hard topics and follow my method of study broken down like this:

1. cold memory stuff – must know it cold (example: OSI vs TCP, metric costs, distances etc.)

2. subnetting (hosts, subnets, vlsm)

3. Route summarization and OSPF cost metric forumulaes

4. Practice all of these

5. lab it up with (EIGRP, OSPF-md5/txt, VTP, STP, ACL, NAT, PAP-CHAP, VLAN, Frame-relay)

6. misc labs (wifi, wan hdlc-ppp, MOTD, passwords, telnet etc..(last week)

7. Bryant Q/A and other variaous but not much more…..

8. pass this bad boy! with a 931 haahaa so I can beat routemyworld genius! Aerogon!

9. a pass is a pass! ( I could cyber lie and say I got a 931–hee hee)

———————

 Day before exam go thru all my labs!

Day of exam in morning NAT/ACL repeat and then hit some practice and subnetting and COLD memory

and hit exam hard!

———————

Frame-relay the final frontier!

Posted in Frame-Relay Commands on July 21, 2008 by itdaddy

————————
Frame-relay
————————

facts:

CIR = committed information rate guaranteed bandwidth.
DTE = default of cisco routers
DCE = ISP side of the serial interface (clock rate)
PVC = permanent virtual circuit
SVC = switches virtual circuit
NBMA = non-broadcast multiaccess Topology
Broadcast = ethernet broadcast topology.
PVC full mesh
PVC partial mesh
Hub and spoke topology.
————————
———————————
lmi – heartbeat hello keepalive
———————————

lmi = local management interface message.
DCE(clock rate) –> DTE (default router)
PVC status – Active/Inactive.

3 lmi types
cisco
ansi
q933a

—————————
lmi autosense used:
—————————
The DTE device pumps 3 lmi types to the DCE and then the DCE
returns the correct lmi type and then both agree and keep correct lmi type.
config-if)#frame-relay lmi-type (cisco, ansi, q933a)

——————————————————-
About the DLCI
——————————————————-

DCLI layer 2
locally used  or locally significant
could use same DCLI on all routers
airplane theory example (gates to fly into)

Dynamic- inverse-ARP is used.
frame-relay interface-dlci 123
Static – Static
frame-relay map ip (remote ip)(local dlci) broadcast
split-horizon issues on frame-relay
pic of hub spoke and split-horizon
R2 R1 R3. Router 2 sends updates to R1 and then R1 has to then send update
out same interface to R3. split-horizon prevents this.

————-
subif

– multipoint
– point-to-point
Split-horizon turn off/on at interface level:

int serial0
config-if)#ip split-horizon
config-if)#no ip split-horizon
—————————
Show frame-relay pvc satus
—————————-

#show frame-relay pvc status

Active – all working
Inactive – remote device not config correctly.
Deleted – Local issue on router.

—————————————————
Pic of frame hub and spoke Lab
—————————————————


———
R1 Config
———
interface Serial1
 description Points to R1 and R2
 no ip address
 encapsulation frame-relay
 ip split-horizon
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
!
interface Serial1.12 point-to-point
 ip address 172.12.123.1 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 ccie
 ip ospf network non-broadcast
 frame-relay interface-dlci 112  
!
interface Serial1.13 point-to-point
 ip address 172.12.123.5 255.255.255.252
 ip ospf network non-broadcast
 frame-relay interface-dlci 113  

———
R2 Config
———
interface Serial1
 description Points to R1
 ip address 172.12.123.2 255.255.255.252
 encapsulation frame-relay
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 ccie
 ip ospf priority 0
 frame-relay map ip 172.12.123.1 211 broadcast
 no frame-relay inverse-arp
 frame-relay lmi-type cisco

———-
R3 Config
———-
interface Serial1
 ip address 172.12.123.6 255.255.255.252
 encapsulation frame-relay
 ip ospf priority 0
 frame-relay map ip 172.12.123.5 311 broadcast
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
——————
Multipoint example – similar to physical serial interface.
——————
interface Serial1
 description Points to R1 and R2
 no ip address
 encapsulation frame-relay
 ip split-horizon
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
interface Serial1.14 multipoint
 ip address 172.12.123.18 255.255.255.252
 frame-relay map ip 172.12.123.6 112 broadcast

Cold Memory Items To Have down COLD!!!!!!!!!!

Posted in COLD Memory Items on July 20, 2008 by itdaddy

this is what I have seen.

Subnets = 2^n – 2
Hosts = 2^n – 2

ip subnet-zero /applied global config mode

———————————————————–”
Subnets = 2^n /changes it to this so all 0s and all 1s can be used as ip addresses
Hosts = 2^n – 2

———————————————————-

 

—————-
Cold Memory
—————-
wireless
802.11 IEEE

802.11a – 25 MBps – 54 MBps, indoor range 100 feet 5 Ghz

802.11b – 6.5 MBps – 11 MBps, 100 feet indoor range, 2.4 Ghz

802.11g – 25 MBps – 54 MBps, indoor 100 feet, 2.4 Ghz comapt with  802.11b

802.11n – 200 MBps – 540 MBps indoor 160 feet, 2.4 Ghz or 5 Ghz

———————————————–

OSPF costs:

56 kbps             = 1788
T1 1.544 MBps = 64
Ethernet             = 10

cost OSPF link = 107/bandwidth (bps) bandwidth 128 (128kbps = 128000)

781 = 10^7/128000

 64 = 10^7/1544000

 

———————————————–
IEEE

802.1w  RSTP
802.1d  STP
802.1q  trunking(tagging)
————————————————
Troubleshooting commdands (cisco, windows)

windows:

ipconfig /all
ipconfig /release
ipconfig /renew

pathping
ping
tracert

cisco:

traceroute

ping <cr> extended ping
————————————————-

show cdp
send cdp 60 seconds
holdtime cdp 180 seconds
send cdpv2 enable
—————————-
subnetting memory
—————————-

Private IP addresses:

10.0.0.0      – 10.255.255.255 /8
172.16.0.0    – 172.31.255.255 /12
192.168.0.0   – 192.168.255.255 /16
168.254.0.0   – 168.254.255.255 /16
Classful Ip addresses:

A 1 – 126   /8    127 loopback PCs
B 128 – 191 /16
C 192-223   /24
D 224       /32 mulicast
——————
Base 2 memory
——————

note: what I try to do is memorize some and the pattern.
So I can regenerate the pattern without having to memory everything.
2^5 = 32
2^6 = 64  (double)
2^7 = 128 (double….)
2^8 = 256
2^9 = 512
2^10= 1024
you get the idea
——————————————-
——————-
Hex Table converter
——————–
hext is base 16^n
A-F = 10 – 15 numerically
0-9 = 0 – 9 numerically
example: link-local address prefix: FE08

conert FE to hex and 08 to hex.

256   16    1
————–
       F    E  = F=15+ E=14 = 15+14=29
       0    8  = 0=0 + 8 =8   0 + 8 = 8

———————————————-
IPv6 facts:
———————————————-

 

Global Unicast – scope global public
site-local  – private site lan
link-local  FE80::  same subnect node MAC
loopback    ::1
——————
types of casts:
——————

unicast    – packet to one interface
multicast  – packet to many interfaces
anycast    – packet nearest multiple interfaces

**no more broadcasts**
———————————————–
switch spee cost
———————————————–
10  MBps   = 100
100 MBps   = 19
1   GBps   = 4
10  GBps   = 2

 

———————————————–
OSI Model memory:
———————————————–
Click on picture below to enlarge into IE7 Explorer. 

 

—————–
Subnetting steps:
—————–
host=
subnets=

1.binary–>Bits
2.bits–>mask–>increment
3.increment–>ranges

 

————————
EIGRP – OSPFv2 – RIPv2
————————
RIPv2:
————————–

Distance Vector
updates every 30 seconds full route table.
VLSM = yes
AD = 120
MD5/txt authentication
Equal Cost LB = yes
Split-horizon = yes
multicast address – 224.0.0.9
hop count = metric
default LB paths = 4
Hold down time = 180 seconds
Default has auto-summarization.
—————————–
EIGRP – hybrid – cisco
—————————–

metric is cost = 256x(band+delay)
hybrid = DV + LS
loads route table full 1st time neighbors are established.later only
VLSM support yes
updates are multicasted with:
224.0.0.10 multicast address.
split-horizon yes
AD = 90
hello packets send????
DUAL algorithm or SPF shortest path first.
neighbor adjacencies
Unequal cost load balancing = yes
Variance command used.
Use variance command any metric cost lower than FD in topology table will be put

into routing table if under the value of the FD (feasible Distance)

——————————
OSPFv2
——————————
Link state only
224.0.0.5 multicast
LSA updates
no need for split-horizon too fast to cause loops
VLSM support yes
AD = 110
Deadtime = (4 x hello)
Dijkstra and or SPF algorithm
Metric = bandwidth
neighbor adjacencies
OSPF cost = 10^8/band(bps)
———————————
sProtocol = AD   multicast:

RIP      = 120  .0.9
EIGRP    = 90   .0.10
OSPF     = 110  .0.5

————————————–

TCP vs UDP and OSI model vs TCP Model full 360 view

————————————–

——————

OSI vs TCP brief

—————–

————————

TCP Explained in Detail

———————–

What does UDP have in common?   5 fields;

source port, destination port, length, checksum, data variable

 

————–

TCP model vs OSI model

————–

 

 

 

 

ACL or Access Control Lists – fun fun fun!

Posted in Access Control Lists on July 18, 2008 by itdaddy

Practice Your Placement of ACLs (Standard and Extended)

ACLs are used to control traffic by filtering packets and eliminating unwanted traffic on a network. Another important consideration of when ACLs are implemented is the placement of the access list. The ACL should be placed where it has the greatest impact on increased efficiency. The general rule is to put the extended ACLs as close as possible to the source of the traffic that is denied. Standard ACLs do not specify destination addresses, so they should be placed as close to the destination as possible. For example, a standard ACL should be placed on Fa0/0 of Router D to prevent traffic from Router A.

Administrators can only place access lists on devices that they control.

A standard ACL should be placed close to the destination. First, have the students decide which router is closest to the destination and then pick which interface is the closest to the destination. An ACL can be applied to any of the interfaces, but if an ACL is applied to the wrong interface a negative result is possible. The extended ACL should be placed closest to the source. Have the students decide which router is closest and then choose the correct interface. The in or out commands also need to be correct or the ACL will not work. Students commonly forget to apply the ACL or filter in the wrong direction.
 where to place extended and standard ACLs

 
 
 
This page will explain where an ACL should be placed. The placement of ACLs is an important consideration.

Proper ACL placement will filter traffic and make the network more efficient. The ACL should be placed where it has the greatest impact on efficiency.

In Figure  the administrator wants to deny Telnet or FTP traffic from the Router A Ethernet LAN segment to the switched Ethernet LAN Fa0/1 on Router D. At the same time, other traffic must be permitted. There are several ways to do this. The recommended solution is an extended ACL that specifies both source and destination addresses. Place this extended ACL in Router A. Then, packets do not cross the Router A Ethernet segment or the serial interfaces of Routers B and C, and do not enter Router D. Traffic with different source and destination addresses will still be permitted.

The general rule is to put the extended ACLs as close as possible to the source of the traffic denied. Standard ACLs do not specify destination addresses, so they should be placed as close to the destination as possible. For example, a standard ACL should be placed on Fa0/0 of Router D to prevent traffic from Router A.

Administrators can only place access lists on devices that they control. Therefore access list placement must be determined in the context of where the network administrator’s control extends.

The Interactive Media Activity will teach students where to place ACLs.

The next page will discuss firewalls.
 

 

 

 

 

 

 

 

 

Click on this link to practice your ACL placements; cool

——————————————
ACLs or Access Control Lists
——————————————

Topics covered:

-ACL logic and implicit deny
-Standard ACL and Remarks
-Extended ACL
-Named ACL
-Host and Any
-Order in the ACL lines
-Telent Access (access-class) ACL
-Common port numbers Review
-Route Summarization (RIP, EIGRP)

————————
Types of ACLs are:
————————
– Standard  (1-99; 1300 – 1999)

– Extended (100-199; 2000 – 2699)

– named (same as above)

————————–
————————–

wild card example:

196.17.100.0 /24 = 196.17.100.0 0.0.0.255
access-list 5 permit 172.12.12.0 0.0.0.255
(config-if)#ip access-group 5 (in/out)
 

show access-list

access-list 5 remark block 172.12.12.0
Wild Cards in:

EIGRP
OSPF
Access-list

Subnet Mask in:
ip route
ip address
Examples of access-list with masks and wild card masks:
access-list 6 permit 10.1.1.1 0.0.0.0    host wild mask
access-list 6 permit host 10.1.1.1       same thing
access-list 15 permit any
access-list 15 permit 0.0.0.0 255.255.255.255 same thing as any
broadcast:    255.255.255.255
wild card:     0.  0.   0.  0
subnets mask: 255.255.255.255
How to get wild card mask?:
Given:

broadcast:   255.255.255.255
subnet mask: 255.255.255.248

wild card:   0.0.0.7

———————–
standard access-list
———————–

access-list 15 deny 172.18.18.0 0.0.0.255
access-list 15 permit any

any    =  0.0.0.0    255.255.255.255

—————————————-
Extended Access-list
—————————————-

100-199
2000-2699
                        (source)                 (destination)
access-list 150 deny ip 172.50.50.0 0.0.0.255 172.50.100.0 0.0.0.255

—————————————-
Note: both source and destination ip address must match for it to filter packet.
access-list 150 deny 172.50.50.0 0.0.0.255 172.50.100.0 0.0.0.255
access-list 150 permit any any
————–
2 rule list
————–

– 1 for in
– 1 for out

only!

example:

if
ip access-group 150 in
ip access-group 150 out

———————————-
show commands
———————————-
show ip interface serial 0 L2
show access-llist
show ip interface
———————————-

access-list 160 permit ip any any
show ip interface
———————————–

 

————————————–
Named access-list
————————————–
100-199
2000-2699

————————
Types of ACLs are:
————————
– Standard  (1-99; 1300 – 1999)

– Extended (100-199; 2000 – 2699)

– named (same as above)

————————–
commands
————————–

wild card example:

196.17.100.0 /24 = 196.17.100.0 0.0.0.255
access-list 5 permit 172.12.12.0 0.0.0.255
(config-if)#ip access-group 5 (in/out)
 

show access-list

access-list 5 remark block 172.12.12.0
Wild Cards in:

EIGRP
OSPF
Access-list

Subnet Mask in:
ip route
ip address
Examples of access-list with masks and wild card masks:
access-list 6 permit 10.1.1.1 0.0.0.0    host wild mask
access-list 6 permit host 10.1.1.1       same thing
access-list 15 permit any
access-list 15 permit 0.0.0.0 255.255.255.255 same thing as any
broadcast:    255.255.255.255
wild card:     0.  0.   0.  0
subnets mask: 255.255.255.255
How to get wild card mask?:
Given:

broadcast:   255.255.255.255
subnet mask: 255.255.255.248

wild card:   0.0.0.7

———————–
standard access-list
———————–

access-list 15 deny 172.18.18.0 0.0.0.255
access-list 15 permit any

any    =  0.0.0.0    255.255.255.255

—————————————-
Extended Access-list
—————————————-

100-199
2000-2699
                        (source)                 (destination)
access-list 150 deny ip 172.50.50.0 0.0.0.255 172.50.100.0 0.0.0.255

—————————————-
Note: both source and destination ip address must match for it to filter packet.
access-list 150 deny 172.50.50.0 0.0.0.255 172.50.100.0 0.0.0.255
access-list 150 permit any any
————–
2 rule list
————–

– 1 for in
– 1 for out

only!

example:

if
ip access-group 150 in
ip access-group 150 out

———————————-
show commands
———————————-
show ip interface serial 0 L2
show access-llist
show ip interface
———————————-

access-list 160 permit ip any any
show ip interface
———————————–

 

————————————–
Named access-list
————————————–
100-199
2000-2699

R1(config)#ip acces-list extended (name)

R1(config-ext-nacl)#ip access-list extended No_traffic_56
R1(config-ext-nacl)#deny ip 175.56.56.0 0.0.0.0255 any
R1(config-ext-nacl)#permit ip any any
——————————————-
 Reason to place Extended and Standard ACL
——————————————-
Standard:
Place ACL closest to the destination device
why?:

Extended:
Place ACL closest to the source device as possible
why?:

———————-
outbound – applied after packet sent through router.

inbound  – applied before packet enter router engine.

 

Wifi 802.11x WLAN Basics

Posted in wifi 802.11x on July 17, 2008 by itdaddy

————————-
WLAN – 802.11x
————————-

topics covered:


-wifi types
-standards and ranges
-spread spectrum
-antenna types
-CA vs CD
-SSID and MAC authentication
-WEP, WPA, WPA2
-WLAN facts:

lilly pad network – free example: hotels have free wifi
hot spots – credentials neeeds example truck stops.
Ad hock – PC to PC wlan connection
AP to pc is infractructure connection
ESS is multiple access point (AP)
BSS is basic 1 Access point only
cells is what is called the coverage area
Example below:

 

 

3 Services WLAN:

1. Independent Basic Service Set (IBSS)

– no AP
– AD hoc only

2. Basic Service Set (BSS)

-1 AP only

3. Extended Service Set (ESS)

– multiple AP
– large area coverage
—————————————
Wireless 802.11x standards
—————————————
802.11 IEEE

802.11a – 25 MBps – 54 MBps, indoor range 100 feet 5 Ghz 

802.11b – 6.5 MBps – 11 MBps, 100 feet indoor range, 2.4 Ghz

802.11g – 25 MBps – 54 MBps, indoor 100 feet, 2.4 Ghz comapt with  802.11b

802.11n – 200 MBps – 540 MBps indoor 160 feet, 2.4 Ghz or 5 Ghz

wifi issues of inerferrence:

– microave ovens or microaves

– Wirless phones on 2.4 Ghz channel

– Solid objects walls etc…

Talking about Spread Spectrum Types:

FHSS-Frequent Happening Spread Spectrum – sender/reveiver agree on frequency range.

DSSS-Direct Sequence Spread Spectrum-Spread signal over entire range at once (11b, 11g, 11n)

OFDM-Orthogonal Frequency Division Multiplexing- Splits signal and sends the signal fragments over different frequencies at the same time at once.

———————————————————
Why all the talk about Spread Spectrum?
———————————————————

– Increases resistance to noise
– allows sharing of frequency band
– more difficult to intercept
————————————————————-
Types of Antennas
————————————————————

Type 1 : Yagi antenna :

– signal in single direction
– must be aligned correctly
– called directional antenna
– p2p direction
Type 2: Omni –
– sends signal all directions hence name OMNI
– omni directional
– Point to multipoint

——————————————————————
CSMA/CA  wifi
——————————————————————-

Carrier Sense Multiple Access with Collission Avoidance!
– Listens first
– if channel idle (random timer)hosts listen again.
– if channel is busy host cannot transmit

Wifi facts:

– no jam signal used
– half-duplex only  – no full-duplex used in wifi
——————————————————————-
SSID
——————————————————————

– 32 character max
– case sensitive
– if disable broadcast, must be statically configured
– wifi allow mac addresses only can be set

—————————————————————
WEP–WPA–WPA2
————————————————————–

– WEP 1st came
– WPA evolved from WEP
– WPA2 evolved from WPA

WEP:
-Wired Equivalent Privacy
– clear text key
– static keys
-one way auth -client doesnt authenticate
-Authentication (open-shared key)
WPA
– no friendly to older devices.
-Wifi protection authentication
– 2 way authentication
– TKIP with preshared key
WPA2 – not on exam
-802.11i
-wpa2 complex