Cisco Solution: January 2008

Wednesday, January 30, 2008

Cisco CCNP Certification/BSCI Exam Tutorial: ISIS Hellos And Adjacencies

In my last ISIS tutorial, I mentioned that while ISIS and OSPF are both link state protocols, their actual operation differs greatly. To pass the BSCI exam and earn your CCNP, you'll need to know these differences! Today, we'll take a look at ISIS Hello types and the adjacency types that form through the use of these Hellos.

Hello packets have been mentioned several times with ISIS, and with good reason. Hello packets are the heartbeat of OSPF and ISIS when heartbeats are no longer heard from a neighbor, that adjacency will be dropped. A major difference between OSPF and ISIS is that OSPF has one type of Hello packet, where ISIS actually has three!

An ES Hello (ESH) is send by all End Systems, and all IS devices listen for this Hello. This is how a router (IS) discovers a host (ES).

An IS Hello (ISH) announces the presence of an IS. An IS Hello is sent by all IS devices, and End Systems listen for these hellos.

An IS-to-IS Hello (IIH) is used by an IS to discover other ISes and to form adjacencies with them.

An interesting side note: A router will send an IIH to another router on the link to form or maintain an adjacency, but it will still send an ISH as well in case there are end systems located on that segment.

ISIS and OSPF both create and maintain adjacencies with the Hello packet. Let's take a look at the rules regarding ISIS adjacencies as well as the adjacency types.

L1 and L2 Hellos are different messages, so an L1 router must exchange Hellos with another L1 router to form an adjacency, just as L2 routers form adjacencies with L2 routers. L1 routers can only form an adjacency with an L2 router if one of the two routers involved is actually an L1/L2 router.

L1 routers must be in the same area in order to form an adjacency. The Hello timers, as well as the MTU, must match between the interfaces used to form the adjacency.

That's a lot of L1, L2, and L1/L2, isn't it? Let's review the adjacencies each router type can form:

L1: Can form adjacency with any L1 in the same area and any L1/L2 in the same area.

L2: Can form adjacency with any L2 in any area, and with an L1/L2 in any area.

L1/L2: Can form adjacency with any L1 in the same area, L1/L2 in any area, and L2 in any area.

Knowing the similarities and differences regarding ISIS and OSPF is vital for CCNP exam success. Take your time, master the fundamentals, and before long the magic letters ?CCNP? are behind your name and on your resume!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com). For a copy of his FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies! Daily exam questions now available through RSS feed!

Labels: 4_academy_ccna_cisco_companion_companion_guide_guide_networking_program_technologies_wan, book_cisco_cook, cisco_ip_telephony_troubleshooting, cisco_phone_system

Tuesday, January 29, 2008

Cisco CCNA Certification Exam Tutorial: The OSPF RID

OSPF is a major topic on your CCNA exam, as well it should be. OSPF is a widely-used WAN protocol, and you need to learn the fundamentals before moving on to more complicated configurations. One such detail is the OSPF Router ID, or RID.

The RID is the dotted decimal value by which other OSPF routers will identify a given OSPF router. There are some interesting defaults for this value, and a command you should know to hardcode the RID. You had also better know what has to happen for this command to take effect, so let's take a more detailed look at the OSPF RID.

In this example, R1 has an adjacency with R2 and R3 over the 172.12.123.0/24 frame network. R1 is the hub, with R2 and R3 as the spokes. No other interfaces are OSPF-enabled on any of the routers. Running show ip ospf neighbor on R1, we see some unusual values under "Neighbor ID", which is another name for the OSPF RID.

R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

3.3.3.3 0 FULL/DROTHER 00:01:57 172.12.123.3 Serial0

2.2.2.2 0 FULL/DROTHER 00:01:57 172.12.123.2 Serial0

When determining the Router ID (RID) of an OSPF-enabled router, OSPF will always use the numerically highest IP address on the router's loopback interfaces, regardless of whether that loopback is OSPF-enabled.

What if there is no loopback? OSPF will then use the numerically highest IP address of the physical interfaces, regardless of whether that interface is OSPF-enabled.

BOTTOM LINE: An interface does not have to be running OSPF to have its IP address used as the OSPF RID.

The OSPF RID can be changed, but it requires a restart or to reinitialize the OSPF routing process. Use the router-id command to change the default RID of each router as shown, and clear the OSPF process to do so.

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#router ospf 1

R1(config-router)#router-id 11.11.11.11

Reload or use "clear ip ospf process" command, for this to take effect

R1#clear ip ospf process

Reset ALL OSPF processes? [no]: yes

1d05h: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0 from 2WAY to DOWN, Neighbor Down: Interface down or detached

1d05h: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0 from 2WAY to DOWN, Neighbor Down: Interface down or detached

After entering the router-id command, the router console informed you that you have to reload the router or reset the OSPF processes for this to take effect. You enter the clear ip ospf process command to do this. Notice that when you're asked if you really want to do this, the prompt is "no"? That's because all the OSPF adjacencies on this router will be lost and will have to begin the process again. That's OK on a practice rack, not good in a production network. Don't use that one at work.

The OSPF RID is not a complicated concept, but the fact that an interface doesn't have to be OSPF-enabled in order to have its IP address act as the RID takes some getting used to. And remember - when the router or switch asks you a question and the prompted answer is "no", take one step back and make sure you really want to do what you're about to do!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNA and CCNP tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Get your CCNA study guide from The Bryant Advantage!

Labels: 4_academy_academy_ccna_cisco_cisco_guide_lab_networking_networking_program_program_study_technologies_wan, book_book_cisco_cook_cook_ios_oreilly, cisco_core, cisco_switch_used

Monday, January 28, 2008

Cisco CCNP / BCMSN Exam Tutorial: BPDU Skew Detection

You may look at that feature's name and think, "What is a BPDU Skew, and why do I want to detect it?" What we're actually attempting to detect are BPDUs that aren't being relayed as quickly as they should be.

After the root bridge election, the root bridge transmits BPDUs, and the non-root switches relay that BPDU down the STP tree. This should happen quickly all around, since the root bridge will be sending a BPDU every two seconds by default ("hello time"), and the switches should relay the BDPUs fast enough so every switch is seeing a BPDU every two seconds.

That's in a perfect world, though, and there are plenty of imperfect networks out there! You may have a busy switch that can't spare the CPU to relay the BDPU quickly, or a BPDU may just simply be lost in transmission. That two-second hello time value doesn't give the switches much leeway, but we don't want the STP topology recalculated unnecessarily either.

BDPU Skew Detection is strictly a notification feature. Skew Detection will not take action to prevent STP recalculation when BDPUs are not being relayed quickly enough by the switches, but it will send a syslog message informing the network administrator of the problem. The amount of time between when the BDPU should have arrived and when it did arrive is referred to as "skew time" or "BPDU latency".

A busy CPU could quickly find itself overwhelmed if it had to send a syslog message for every BPDU delivery that's skewed. The syslog messages will be limited to one every 60 seconds, unless the "skew time" is at a critical level. In that case, the syslog message will be sent immediately with no one-per-minute limit.

And what is "critical", according to BDPU Skew Detection? Any value greater than 1/2 of the MaxAge value, making the critical skew time level 10 seconds or greater.

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com), home of free CCNP and CCNA tutorials! For my FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies. Pass your CCNP exam with The Bryant Advantage

Labels: apple_cisco, certification_cisco, cisco_client_software_vpn, cisco_food, cisco_iphone, cisco_networking, cisco_router_used, cisco_stock

Cisco CCNP / BSCI Exam Tutorial: ISIS Router Types

To pass the BSCI exam and earn your CCNP, you've got to know ISIS inside and out. There are many similarities between ISIS and OSPF, but one major difference is that ISIS has three different types of routers - Level 1 (L1), Level 2 (L2), and L1/L2.

L1 routers are contained in a single area, and are connected to other areas by an L1/L2 router. The L1 uses the L1/L2 router as a default gateway to reach destinations contained in other areas, much like an OSPF stub router uses the ABR as a default gateway.

L1 routers have no specific routing table entries regarding any destination outside their own area; they will use an L1/L2 router as a default gateway to reach any external networks. ISIS L1 routers in the same area must synchronize their databases with each other.

Just as we have L1 routers, we also have L2 routers. Anytime we're routing between areas (inter-area routing), an L2 or L1/L2 router must be involved. All L2 routers will have synchronized databases as well.

Both L1 and L2 routers send out their own hellos. As with OSPF, hello packets allow ISIS routers to form adjacencies. The key difference here is that L1 routers send out L1 hellos, and L2 routers send out L2 hellos. If you have an L1 router and an L2 router on the same link, they will not form an adjacency.

An ISIS router can act as an L1 and an L2 router at the same time; these routers are L1/L2 routers. An L1/L2 router can have neighbors in separate ISIS areas. The L1/L2 router will have two separate databases, though - one for L1 routes and another for L2 routes. L1/L2 is the default setting for Cisco routers running ISIS. The L1/L2 router is the router that makes it possible for an L1 router to send data to another area.

In the next part of my ISIS tutorial, we'll take a more detailed look at those ISIS hellos!

Labels: cisco_complete_configuration_guide_networking_technology_vpn, cisco_ios, cisco_phone, cisco_system, cisco_voip, cisco_vpn, program_routing_switching

Sunday, January 27, 2008

Cisco CCNA Exam Tutorial: IGRP And Equal Cost Load Balancing

To pass the CCNA exam, you've got to know the role of the bandwidth command with IGRP and EIGRP and when to use it. In this tutorial, we'll configure IGRP over a frame relay hub-and-spoke network using the following networks:

R1 (the hub), R2, and R3 are running IGRP over the 172.12.123.0 /24 network. This is a T1 line.

R1 and R3 are also connected on a different subnet, 172.12.13.0 /24. The bandwidth of this connection is 512 KBPS.

R2 and R3 are also connected by an Ethernet segment, 172.12.23.0 /24.

We'll configure IGRP on R1, R2, and R3 with the router igrp 1 command. IGRP will run on all interfaces in the 172.12.0.0 and 172.23.0.0 network.

R1#conf t

R1(config)#router igrp 1

R1(config-router)#network 172.12.0.0

The "1" in the router igrp command refers to the Autonomous System (AS). IGRP is a classful routing protocol, so wildcard masks are not used in the network statements.

R2#conf t

R2(config-if)#router igrp 1

R2(config-router)#network 172.12.0.0

R2(config-router)#network 172.23.0.0

R3#conf t

R3(config-if)#router igrp 1

R3(config-router)#network 172.12.0.0

R3(config-router)#network 172.23.0.0

Run show ip route on R1. R1 will see three equal-cost paths to the Ethernet network. IGRP supports load-sharing over up to four equal-cost paths by default, so all three paths appear in the routing table. R1 will also see a route to the loopback address on R2 and two routes to the loopback address on R3. (You can also run show ip route igrp in order to see only the IGRP routes.)

R1#show ip route igrp

I 172.23.0.0/16 [100/8576] via 172.12.123.2, 00:00:02, Serial0

[100/8576] via 172.12.13.3, 00:00:02, Serial1

[100/8576] via 172.12.123.3, 00:00:01, Serial0

Remember that the numbers in the brackets following the network number in the routes are the Administrative Distance and the IGRP metric, in that order.

Note that classful masks are in use. IGRP does not support variable-length subnet masks (VLSM).

There are two serial connections between R1 and R3. IGRP is assuming that both lines are T1 lines, running at 1544 KBPS. The 172.12.13.0 network is participating in equal-cost load sharing because of IGRP's bandwidth assumption - that all serial interfaces are connected to T1 lines.

To give IGRP a more accurate picture of the network's bandwidth, configure bandwidth 512 on R1 and R3's Serial1 interface (the interfaces on the 172.12.13.0 network).

R1#conf t

R1(config)#interface serial1

R1(config-if)#bandwidth 512

R3#conf t

R3(config)#interface serial 1

R3(config-if)#bandwidth 512

IGRP's assumption that all serial lines run at 1544 KBPS is overridden by the bandwidth 512 command. IGRP now believes this line runs at 512 KBPS.

To see the effect of this command, clear your routing table on R1.

R1#clear ip route *

R1#show ip route igrp

I 172.23.0.0/16 [100/8576] via 172.12.123.3, 00:00:24, Serial0/0

[100/8576] via 172.12.123.2, 00:00:17, Serial0/0

The routing table is cleared with clear ip route *. To see only the routes received in IGRP updates instead of the entire table, run show ip route igrp.

One of the paths to 172.23.0.0 is now gone - the route that went through the 172.12.13.0 network. Now that IGRP sees that link as slower than the others, equal-cost load balancing will not occur over the 172.12.13.0 network.

It's important to understand that the bandwidth command does not actually change the bandwidth of the connection; it changes IGRP's assumption of what the bandwidth is.

In the next part of this IGRP load-balancing tutorial, we'll take a look at how to configure unequal-cost load balancing.

Labels: 3_academy_academy_basics_ccna_cisco_cisco_guide_intermediate_lab_networking_networking_program_program_routing_study_switching

Cisco CCNP / BCMSN Exam Tutorial: Configuring PortFast And BPDU Guard

In your CCNA studies, you learned about PortFast and the trouble it can cause if configured on the wrong port! Suitable only for switch ports connected directly to a single host, PortFast allows a port running STP to go directly from blocking to forwarding mode.

A Cisco router will give you a warning when you configure PortFast:

SW1(config)#int fast 0/5

SW1(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION

%Portfast has been configured on FastEthernet0/5 but will only

have effect when the interface is in a non-trunking mode.

SW1(config-if)#

Not only will the switch warn you about the proper usage of PortFast, but you must put the port into access mode before PortFast will take effect.

Now, you'd think that would be enough of a warning, right? But there is a chance - just a chance - that someone is going to manage to connect a switch to a port running Portfast. That could lead to two major problems, the first being the formation of a switching loop. Remember, the reason we have listening and learning modes is to help prevent switching loops. The next problem is that there could be a new root bridge elected - and it could be a switch that isn't even in your network!

BPDU Guard protects against this disastrous possibility. If any BPDU comes in on a port that's running BPDU Guard, the port will be shut down and placed into error disabled state, shown on the switch as err-disabled. A port placed in err-disabled state must be reopened manually.

BPDU Guard is off on all ports by default, and is enabled as shown here:

SW1(config)#int fast 0/5

SW1(config-if)#spanning-tree bpduguard enable

It's a good idea to enable BPDU Guard on any port you're running PortFast on. There's no cost in overhead, and it does prevent the possibility of a switch sending BPDUs into a port configured with PortFast - not to mention the possibility of a switch not under your control becoming a root switch to your network!

Labels: 3_4_academy_ccna_cisco_companion_edition_guide_networking_program_third, cisco_client_download_vpn, cisco_security

Thursday, January 24, 2008

Cisco CCNP / BSCI Exam Tutorial: Filtering BGP Updates With Prefix Lists

A major part of your BSCI and CCNP exam success is mastering BGP, and that includes filtering BGP routing updates. In this tutorial, we'll take a look at how to filter BGP updates with prefix lists.

R4 is advertising three networks via BGP. The downstream router R3 sees these routes and places them into its BGP table as shown below. R3 has two downstream BGP peers, R1 and R2, and is advertising itself as the next-hop IP address for all BGP routes sent to those two routers.

R4(config)#router bgp 4

R4(config-router)#network 21.0.0.0 mask 255.0.0.0

R4(config-router)#network 22.0.0.0 mask 255.0.0.0

R4(config-router)#network 23.0.0.0 mask 255.0.0.0

R3#show ip bgp

BGP table version is 4, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 21.0.0.0 10.2.2.4 0 0 4 I

*> 22.0.0.0 10.2.2.4 0 0 4 I

*> 23.0.0.0 10.2.2.4 0 0 4 I

R3(config)#router bgp 123

R3(config-router)#neighbor 172.12.123.1 next-hop-self

R3(config-router)#neighbor 172.12.123.2 next-hop-self

In turn, both R1 and R2 have these three routes in their respective BGP tables.

R2#show ip bgp

BGP table version is 4, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i21.0.0.0 172.12.123.3 0 100 0 4 I

*>i22.0.0.0 172.12.123.3 0 100 0 4 I

*>i23.0.0.0 172.12.123.3 0 100 0 4 I

R1#show ip bgp

BGP table version is 4, local router ID is 19.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i21.0.0.0 172.12.123.3 0 100 0 4 I

*>i22.0.0.0 172.12.123.3 0 100 0 4 I

*>i23.0.0.0 172.12.123.3 0 100 0 4 I

If we wanted R3 to receive all three of these routes from R4 but not advertise all of them to R2 and R1, we've got a couple of options on how to block these routes. Cisco's recommendation is the use of prefix-lists, and once you get used to the syntax (which you should do before taking and passing the BSCI), you'll see they are actually easier to use than access-lists.

In this case, we're going to configure R3 to send only the route to 21.0.0.0 to R1 and 23.0.0.0 to R2. However, we do want these two routers to get any future routes that R4 advertises into BGP.

Since R1 and R2 will learn about these routes from an iBGP neighbor, they will not advertise the routes to each other.

On R3, we'll write a prefix-list that denies 22.0.0.0/8 and 23.0.0.0/8, but permits all other routes. After applying the prefix list as shown, R1 sees only the 21.0.0.0 /8 route.

R3(config)#ip prefix-list FILTER_R1 deny 22.0.0.0/8

R3(config)#ip prefix-list FILTER_R1 deny 23.0.0.0/8

R3(config)#ip prefix-list FILTER_R1 permit 0.0.0.0/0 le 32

R3(config)#router bgp 123

R3(config-router)#neighbor 172.12.123.1 prefix-list FILTER_R1 out

R3#clear ip bgp * soft

R1#show ip bgp

BGP table version is 6, local router ID is 19.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i21.0.0.0 172.12.123.3 0 100 0 4 I

The paths to 22.0.0.0/8 and 23.0.0.0/8 have been successfully filtered.

We'll do the same for R2, except the route not being expressly blocked is 23.0.0.0/8. The line "ip prefix-list permit 0.0.0.0/0 le 32" is the prefix list equivalent of a "permit any" statement in an ACL.

R3(config)#ip prefix-list FILTER_R2 deny 21.0.0.0/8

R3(config)#ip prefix-list FILTER_R2 deny 22.0.0.0/8

R3(config)#ip prefix-list FILTER_R2 permit 0.0.0.0/0 le 32

R3(config)#router bgp 123

R3(config-router)#neighbor 172.12.123.2 prefix-list FILTER_R2 out

R3#clear ip bgp * soft

R2#show ip bgp

BGP table version is 6, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - Internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i23.0.0.0 172.12.123.3 0 100 0 4 I

The paths to 21.0.0.0/8 and 22.0.0.0/8 have been successfully filtered.

To see the prefix lists configured on a route as well as the order of the statements in each list, run show ip prefix-list.

R3#show ip prefix-list

ip prefix-list FILTER_R1: 3 entries

seq 5 deny 22.0.0.0/8

seq 10 deny 23.0.0.0/8

seq 15 permit 0.0.0.0/0 le 32

ip prefix-list FILTER_R2: 3 entries

seq 5 deny 21.0.0.0/8

seq 10 deny 22.0.0.0/8

seq 15 permit 0.0.0.0/0 le 32

Get some hands-on practice with prefix lists and you'll quickly master them. Prefix lists are an important part of working with BGP in the exam room and production networks, so it's vital that you are comfortable working with them.

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!

Labels: cisco_ip_telephony, cisco_iphone, cisco_memory, cisco_press, cisco_router, cisco_vpn, cisco_wireless, program_routing_switching

Cisco CCNA Exam Tutorial: Cisco Discovery Protocol (CDP)

The Cisco Discovery Protocol (CDP) sure looks simple enough, but there are quite a few details to know for success on the CCNA exam. In your CCNP studies, you'll be introduced to additional uses for CDP, but for now it's enough to know that CDP is designed to give you information regarding directly connected Cisco routers and switches.

CDP runs by default between all directly connected Cisco devices. CDP is also a Cisco-proprietary protocol - if the directly connected device is not a Cisco device, you won't see the information you wanted.

The basic CDP command to display information about the directly connected neighbor is "show cdp neighbor".

R2#show cdp neighbor

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

R1 BRI0 167 R 2521 Dialer1

This command is particularly helpful when troubleshooting Cisco switches. There's no need to trace wiring in a rack of Cisco devices to see what routers are connected to a Cisco switch when show cdp neighbor can be used. In the above output, you can see the remote device's hostname, what interface on the remote device is connected to the local device, the capability of the remote device, the remote device's hardware platform, and the local interface that is connected to the remote device.

CDP can be disabled at both the global and interface level. To disable CDP at the interface level, run no cdp enable on the interface, and cdp enable to turn it back on.

cdp timer defines how often CDP packets are transmitted, and cdp holdtime defines how long a device will hold a received packet.

To turn CDP off for the entire router, run no cdp run. To view the current global status of CDP, run show cdp.

R2#show cdp

Global CDP information:

Sending CDP packets every 60 seconds

Sending a holdtime value of 180 seconds

CDP is running by default.

R2#conf t

R2(config)#cdp timer 45

R2(config)#cdp holdtime 100

The CDP timers are changed.

R2#show cdp

Global CDP information:

Sending CDP packets every 45 seconds

Sending a holdtime value of 100 seconds

The CDP values have been successfully changed. "show cdp interface" will give the timer information for each interface on the router.

R2#conf t

R2(config)#interface bri0

R2(config-if)#no cdp enable

CDP is disabled on the BRI interface. This does NOT have to be done to keep the line from dialing.

R2#conf t

R2(config)#no cdp run

CDP is disabled globally.

R2#show cdp

% CDP is not enabled

CDP has been successfully disabled.

Show cdp neighbor gives you a great deal of information, but what if you need the neighbor's IP address? Just run show cdp neighbor detail. You will get even more information about that directly connected neighbor, including its IP address.

SW2#show cdp neighbor detail

Device ID: R4

Entry address(es):

IP address: 172.12.23.4

Platform: cisco 2520, Capabilities: Router

Interface: FastEthernet0/4, Port ID (outgoing port): Ethernet0

Holdtime : 158 sec

The details of CDP are important to you on the job and in the CCNA exam room. When you find yourself negotiating a badly documented network, you can use CDP to "walk" through the network and create a network map for your client as well. Sometimes the simplest protocols are the most helpful!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!

Labels: career_certification_cisco_general, cisco_gatekeepers_gateway_networking_technology_voice, cisco_refurbished, cisco_voip, cisco_vpn, cisco_wireless

Wednesday, January 23, 2008

A Night In San Francisco

When traveling to most cities of the world, finding discount accommodations when arriving to your destination is always a possibility. Not so in the diverse and complex city of San Francisco. From the hills of Daly City to the plains of Berkeley, the environments and people are so diverse that your vacation could with one dial of the phone be a paradise made in heaven or an inferno designed in, well you know, that other place.

Families making their hotel reservations at the smaller hotels that dot the periphery of San Francisco might be able to land a bargain, but find they may find themselves sharing accommodations with other crawling critters that would make even the toughest among us parents squirm.

I did this once. I came to San Francisco on a budget and thinking to wing my accommodations; I found a phonebook and booked a motel for $59 a night. Well, the minute I saw the hotel along a poorly lit side street I knew we were in trouble. This hotel was something I would expect to see in medieval Europe, not in actuality. But it was late and we succumbed to our basal instincts for sleep and it was ?just one night.? But the bed was so grimy we actually slept on the floor, and the occasional voices we heard in the alleys were so hair razing I don?t think sleep was an option for any of us - and we were in their ?best room!?

The next day I called numerous hotels in San Francisco city proper. You know, where the Trolley Cars roam and the street performers perform. I found a number of places, ranging from the low 100?s and going up to the high 600?s. We got in our car to make our investigation and inspected one hotel after the other, some dark and dank and some bright and classic. We settled on the Grant Plaza Hotel at $180 a night. We had a rollaway brought for my two children and spent the rest of the day recuperating for our previous nightmare.

That evening, we ventured out to walk around the Streets of San Francisco and I must tell you it was scary. There were destitute people lurking at every doorway, down every alley, sleeping above the street vents for warmth. This was a haven for the homeless and I am not sure where the tourist fits in. It was both sad and a frightening, especially since coming from an isolated small town in Minnesota. I passed out quarters to those asking as if I were passing out flyers for a corner store.

We eventually found a Starbuck near Union Square and quickly ducked in. After a family meeting to discuss our situation, we decided to catch a trolley car and make a dash to the famous Fisherman?s Wharf and Ghirardelli?s Square. We scampered out of Starbucks and caught the next trolley. It was a wild ride straight up and straight down a city built on a mountain. We all screamed with joy. We spent an enchanting evening among all the tourist shops, street performers and family attractions that populate Fisherman?s Wharf. We bought a big pound of fudge at a fudge shop and drank coke and champagne until late in the evening.

Our lesson from all this, at least regarding San Francisco hotel reservations, make your hotel reservations in advance. Don?t waste time looking for a hotel room when you get there, the city is just too big. Since writing this, we went to San Diego. I booked all our accommodations off the Internet which featured discount hotel reservations with pictures and prices clearly explained. Welcome to the 21st century.

Douglas Anchel travels the USA in search of discount hotel reservations and accommodations and writes for All Reservations, Travelviva and World Accommodations

Labels: 31_academy_before_by_ccna_cisco_day_day_day_exam_guide_networking_program_quick_reference_study, cisco_kid, cisco_voip

Tuesday, January 22, 2008

Cisco CCNP / BSCI Exam Tutorial: Configuring And Troubleshooting OSPF Virtual Links

Knowing when and how to create an OSPF virtual link is an essential skill for BSCI and CCNP exam success, not to mention how important it can be on your job! As a CCNA and CCNP candidate, you know the theory of virtual links, so let's take a look at how to configure a virtual link, as well as some real-world tips that many CCNA and CCNP study guides leave out!

In this configuration, no router with an interface in Area 4 has a physical interface in Area 0. This means a logical connection to Area 0, a virtual link, must be built.

In the following example, R1 and R3 are adjacent and both have interfaces in Area 0. R4 has an adjacency with R3 via Area 34, but R4 has no physical interface in Area 0 and is advertising its loopback 4.4.4.4 into OSPF. R1 doesn't have the route to that loopback.

R1#show ip route ospf

6.0.0.0/32 is subnetted, 1 subnets

O 6.6.6.6 [110/11] via 10.1.1.5, 01:05:45, Ethernet0

172.23.0.0/27 is subnetted, 1 subnets

O IA 172.23.23.0 [110/74] via 172.12.123.3, 00:04:14, Serial0

7.0.0.0/32 is subnetted, 1 subnets

O 7.7.7.7 [110/11] via 10.1.1.5, 01:05:45, Ethernet0

To resolve this, a virtual link will be built between R3 and R4 through Area 34. The area through which the virtual link is built, the transit area, cannot be a stub area of any kind.

R4(config)#router ospf 1

R4(config-router)#area 34 virtual-link 3.3.3.3

R3(config)#router ospf 1

2d07h: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 172.23.23.4, Ethernet0

R3(config)#router ospf 1

R3(config-router)#area 34 virtual-link 4.4.4.4

R3(config-router)#^Z

2d07h: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on OSPF_VL0 from LOADING to FULL, Loading Done

A few details worth noting... the virtual link command uses the remote device's RID, not necessarily the IP address on the interface that's in the transit area. Also, don't worry about that error message you see in the output from R3 that is normal and you'll see it until you finish building the virtual link.

Always confirm the virtual link with show ip ospf virtual-link. If you've configured it correctly, the VL should come up in a matter of seconds.

R3#show ip ospf virtual-link

Virtual Link OSPF_VL0 to router 4.4.4.4 is up

Run as demand circuit

DoNotAge LSA allowed.

Transit area 34, via interface Ethernet0, Cost of using 10

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:00

Adjacency State FULL (Hello suppressed)

Index 2/4, retransmission queue length 1, number of retransmission 1

First 0x2C8F8E(15)/0x0(0) Next 0x2C8F8E(15)/0x0(0)

Last retransmission scan length is 1, maximum is 1

Last retransmission scan time is 0 msec, maximum is 0 msec

Link State retransmission due in 3044 msec

Virtual links are actually simple to configure, but for some reason they seem to intimidate people. It's my experience that the error message highlighted in R3's output above causes a lot of panic, but the only thing that message means is that you're not finished configuring the virtual link yet.

There are three main misconfigurations that cause 99% of virtual link configuration issues:

Using the wrong OSPF RID value

Trying to use a stub area as the transit area

Failure to configure link authentication on the virtual link when Area 0 is running authentication

That last one is the one that gets forgotten! A virtual link is really an extension of Area 0, and if Area 0 is running link authentication, the virtual link must be configured for it as well. Pay attention to the details. don't panic when you see the error message on the second router you configure with the virtual link, and you'll be ready for any virtual link situation on the job or in the CCNA / CCNP exam room!

Labels: 31_academy_before_by_ccna_cisco_day_day_day_exam_guide_networking_program_quick_reference_study, apple_cisco_iphone, ccnp_cisco, cisco_client_software_vpn, cisco_ip_telephony, cisco_stock

Cisco CCNA Exam Tutorial: Mapping The OSI Model To The TCPIP Model

The OSI model is the model that most networking personnel are familiar with, but to earn your CCNA, you need to know the OSI model, the TCP/IP model, and how the two map to each other.

The four layers of the TCP/IP architecture can be compared to certain levels of the OSI model. It's important to know what each level of the TCP/IP protocol architecture does, and how these layers map to the OSI model.

The Application Layer of the TCP/IP model performs much the same tasks as the Application, Presentation, and Session layers of the OSI model.

The Transport layer in the TCP/IP architecture is similar to the Transport layer in the OSI model. This layer can use TCP or UDP as well.

The Internetwork layer in the TCP/IP architecture uses IP addresses to determine how packets should be routed. Remember that the OSI model uses IP addresses, or "Layer 3 Addresses", at the Network layer. The two layers do much the same thing. This layer is also referred to in the TCP/IP model as the Internet layer.

The Network Interface layer in the TCP/IP architecture serves to define the protocols and the hardware needed to actually deliver the data across the network. The Network Interface model does the work of both the Data Link and Physical Layers in the OSI model.

Keeping all this straight can be very confusing when you first start your CCNA studies. Concentrate on the OSI model in your studies, but make sure you know how the TCP/IP model maps to that model and you'll be ready for CCNA exam success!

Labels: 4th_authorized_bcmsn_building_cisco_edition_guide_multilayer_network_self_study_switched, career_certification_cisco_general, cisco_texas

Sunday, January 20, 2008

Cisco CCNA Exam Tutorial: Configuring Standard Access Lists

Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL does not take effect until it is expressly applied to an interface with the ip access-group command. Packets can be filtered as they enter or exit an interface.

If a packet enters or exits an interface with an ACL applied, the packet is compared against the criteria of the ACL. If the packet matches the first line of the ACL, the appropriate "permit" or "deny" action is taken. If there is no match, the second line's criterion is examined. Again, if there is a match, the appropriate action is taken; if there is no match, the third line of the ACL is compared to the packet.

This process continues until a match is found, at which time the ACL stops running. If no match is found, a default "deny" takes place, and the packet will not be processed. When an ACL is configured, if a packet is not expressly permitted, it will be subject to the implicit deny at the end of every ACL. This is the default behavior of an ACL and cannot be changed.

A standard ACL is concerned with only one factor, the source IP address of the packet. The destination is not considered. Extended ACLs consider both the source and destination of the packet, and can consider the port number as well. The numerical range used for each is different: standard ACLs use the ranges 1-99 and 1300-1399; extended lists use 100-199 and 2000 to 2699.

There are several points worth repeating before beginning to configure standard ACLs.

Standard ACLs consider only the source IP address for matches.

The ACL lines are run from top to bottom. If there is no match on the first line, the second is run; if no match on the second, the third is run, and so on until there is a match, or the end of the ACL is reached. This top-to-bottom process places special importance on the order of the lines.

There is an implicit deny at the end of every ACL. If packets are not expressly permitted, they are implicitly denied.

If Router 3's Ethernet interface should only accept packets with a source network of 172.12.12.0, the ACL will be configured like this:

R3#conf t

R3(config)#access-list 5 permit 172.12.12.0 0.0.0.255

The ACL consists of only one explicit line, one that permits packets from source IP address 172.12.12.0 /24. The implicit deny, which is not configured or seen in the running configuration, will deny all packets not matching the first line.

The ACL is then applied to the Ethernet0 interface:

R3#conf t

R3(config)#interface e0

R3(config-if)#ip access-group 5 in

But before you write any ACLs, it's a really good idea to see what other ACLs are already running on the router! To see the ACLs running on the router, use the command show access-list.

R1#show access-list

Standard IP access list 1

permit 0.0.0.0

Standard IP access list 5

permit 172.1.1.1

Standard IP access list 7

permit 23.3.3.3

Extended IP access list 100

permit tcp any any lt www (26 matches)

permit tcp any any neq telnet (12 matches)

deny ip any any

Extended IP access list 105

deny tcp any any eq www

deny tcp any any eq telnet

You're going to use ACLs all the way up the Cisco certification ladder, and throughout your career. The importance of knowing how to write and apply ACLs is paramount, and it all starts with mastering the fundamentals!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!

Labels: cisco_gatekeepers_gateway_networking_technology_voice, cisco_ios, cisco_netacad, cisco_phone, cisco_press, program_routing_switching

Cisco CCNA Exam Tutorial And Case Study: VLANs and IP Connectivity

In this CCNA case study, we'll take some basic switching and trunking theory and put it into action. We have two routers (R2 and R3) along with two switches (SW1 and SW2). R2 is connected to SW1 at fast 0/2, and R3 is connected to SW2 at fast 0/3. Both routers have IP addresses on the 172.12.23.0 /24 network.

For these routers to be able to ping each other, the switches must be able to communicate. These are two 2950 switches, and they're connected via two crossover cables. Before we worry about the router connectivity, let's make sure the trunk link is up between the switches with the "show interface trunk" command.

SW2#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/11 desirable 802.1q trunking 1

Fa0/12 desirable 802.1q trunking 1

< output truncated for clarity >

The default mode of these switches is for the ports to run in dynamic desirable trunking mode, so we didn't even need to write a configuration to have the trunk form - it's already there!

Show vlan brief reinforces the theory that by default, all switch ports are placed into VLAN 1 (except the trunk ports).

R2 and R3's Ethernet addresses have already been configured, the trunk line is operational, and both ports are in VLAN 1. We'll ping R2's Ethernet interface from R3, and then R3's Ethernet interface from R2 to verify IP connectivity.

R2#ping 172.23.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

R3#ping 172.23.23.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

With pings, exclamation points indicate IP connectivity, and periods indicate no connectivity.

So we've got connectivity! Now let's see if we still have that connectivity when the ports are placed into different VLANs. Cisco CCNA theory states that devices in different VLANs can't communicate without the intervention of a Layer 3 device, but let's see if that's true by placing R2 into VLAN 23. (VTP is already running on these switches.)

SW1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#int fast 0/2

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 23

SW1(config-if)#^Z

Now that R2 and R3 are in separate VLANs, can they still send pings back and forth?

R2#ping 172.23.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds: .....

Labels: am_router_routing, catalyst_cisco, cisco_college_jr, cisco_in_in_ios_nutshell_nutshell_oreilly

Friday, January 18, 2008

Cisco CCNA / CCNP Home Lab Tutorial: Using 2520 Routers

I know from experience that part of the excitement and anxiety of putting together your own CCNA / CCNP home lab is deciding what to buy! While you can make a workable home lab out of almost any combination of Cisco routers and switches, some routers are better suited for home lab work than others because they can fill multiple roles.

My personal favorite is the Cisco 2520. This router has four serial interfaces, making it an ideal frame relay switch. Don't forget that just because you're using a router as a frame switch, you can still use its routing capabilities. One setup I use is to use three of the four serial interfaces for frame switching and the fourth interface as a point-to-point network with another router. All you need is some DTE/DCE cables and you're all set.

The 2520 also comes with one ethernet interface and an ISDN interface, so that gives you even more options. Even if you're not planning to run ISDN in your home lab right now, you may choose to do so in the future - and with a 2520, you've already got the right router to do so. Keep in mind that if you are going to run ISDN in your home lab, you'll need an ISDN device such as an ISDN simulator in your lab. (ISDN simulators are physical devices and are plentiful on ebay - they're no relation to "router simulators".)

Again, I want to reiterate that you can work any Cisco router into a CCNA / CCNP home lab - there's no "right" or "wrong" combination of equipment. But as with anything else, some combinations are better than others, so consider adding some 2520s to your home lab! This router gives you a great combination of interfaces and capabilities, plus the most important factor of all - real hands-on experience during your CCNA and CCNP exam preparation!

Labels: 1_academy_academy_basics_ccna_cisco_cisco_guide_lab_networking_networking_networking_program_program_study, cisco_food

Cisco CCNA Exam Tutorial And Case Study: VLANs and IP Connectivity

SW2#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/11 desirable 802.1q trunking 1

Fa0/12 desirable 802.1q trunking 1

< output truncated for clarity >

The default mode of these switches is for the ports to run in dynamic desirable trunking mode, so we didn't even need to write a configuration to have the trunk form - it's already there!

Show vlan brief reinforces the theory that by default, all switch ports are placed into VLAN 1 (except the trunk ports).

R2#ping 172.23.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

R3#ping 172.23.23.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

With pings, exclamation points indicate IP connectivity, and periods indicate no connectivity.

SW1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#int fast 0/2

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 23

SW1(config-if)#^Z

Now that R2 and R3 are in separate VLANs, can they still send pings back and forth?

R2#ping 172.23.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds: .....

Success rate is 0 percent (0/5)

R3#ping 172.23.23.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds: .....

No, they can't. The difference is that they're now in separate VLANs, and devices in different VLANs can't communicate unless routing is taking place somewhere. Here, no routing is taking place, so the pings don't go through.

Put R3's switch port into VLAN 23, and try the ping again.

SW2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW2(config)#interface fast0/3

SW2(config-if)#switchport mode access

SW2(config-if)#switchport access vlan 23

R3#ping 172.23.23.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

R2#ping 172.23.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds: !!!!!

Now that R2 and R3 are in the same VLAN, pings can go through. This just proves the theory - that inter-VLAN communicate requires a Layer 3 device. Layer 3 switches are becoming more and more popular, but router-on-a-stick is still around - and we'll see how to configure that in our next tutorial!

Labels: 2_academy_basics_ccna_cisco_companion_companion_guide_guide_networking_progr, beginner_beginner_cisco_edition_fourth_guide_guide_hill_mcgraw_osborne

Thursday, January 17, 2008

Cisco CCNP / BCMSN Exam Tutorial: The Four (Or Five) STP Port States

As a CCNP candidate and a CCNA, you may be tempted to skip or just browse the many details of Spanning Tree Protocol. After all, you learned all of that in your CCNA studies, right? That's right, but it never hurts to review STP for a switching exam! Besides, many of us think of the four STP port states - but officially, there's a fifth one!

Disabled isn't generally thought of as an STP port state, but Cisco does officially consider this to be an STP state. A disabled port is one that is administratively shut down.

Once the port is opened, the port will go into blocking state. As the name implies, the port can't do much in this state - no frame forwarding, no frame receiving, and therefore no learning of MAC addresses. About the only thing this port can do is accept BPDUs from neighboring switches.

A port will then go from blocking mode into listening mode. The obvious question is "listening for what?" Listening for BPDUs - and this port can now send BPDUs as well. The port still can't forward or receive data frames.

When the port goes from listening mode to learning mode, it's getting ready to send and receive frames. In learning mode, the port begins to learn MAC addresses in preparation for adding them to its MAC address table.

Finally, a port can go into forwarding mode. This allows a port to forward and receive data frames, send and receive BPDUs, and place MAC addresses in its MAC table.

To see the STP mode of a given interface, use the show spanning-tree interface command.

SW1#show spanning-tree interface fast 0/11

Vlan Role Sts Cost Prio.Nbr Type

VLAN0001 Desg FWD 19 128.11 P2p

To see these states in action, shut a port down in your CCNA / CCNP home lab and continually run the show spanning interface command. Once you see this in action on real Cisco equipment, you'll have no problem with BCMSN exam questions. Just don't practice this or any other Cisco command on a production network!

Labels: 640_821_ccna_cisco_exam_guide_intro_introduction_networking_study_technologies, cisco_complete_configuration_guide_networking_technology_vpn, cisco_inc_system, cisco_refurbished

Cisco CCNP / BSCI Exam Tutorial: Not All Static Routes Are Created Equal

As a CCNP candidate, as a CCNA, and in getting ready to pass the BSCI exam, you may be tempted to breeze through your static route studies, or even skip them! That's because static routes are easy enough to configure, and as long as you remember the syntax of the ip route command, you're in good shape.

But there's one vital detail regarding static routes that many exam candidates miss. That's because many CCNA and CCNP books say "the administrative distance of a static route is 1", but that is not quite accurate.

You know from your CCNA studies that the ip route command is used to create a static route, and that you have the option of configuring a local exit interface or a next-hop IP address at the end of the command. However, the administrative distances are not the same. The AD of a static route that uses a local exit interface is zero! (That's because the router considers a static route with a local exit interface to actually be a directly connected network.) The AD of a static route with a next-hop IP address is 1.

Therefore, if the router has the following two ip route statements to consider...

Router(config)#ip route 172.1.1.1 255.255.255.255 fast0

Router(config)#ip route 172.1.1.1 255.255.255.255 210.1.1.1

... the prefix lengths are the same, so the static route using the local exit interface fastethernet0 will be preferred due to its lower AD, and will be installed into the routing table.

Keep the details in mind on the job and in the exam room, and you're on your way to CCNP exam success!

Labels: academy_academy_ccna_cisco_cisco_command_networking_networking_program_program_quick_reference, apple_cisco_sues, book_cisco_cook_ios, cisco_vpn

Sunday, January 13, 2008

Luxurious Lifestyle At The San Francisco Bay Area

The San Francisco Bay Area, popularly known as the 'Bay Area' to local residents, is a diverse and thriving metropolitan region that encompasses San Francisco Bay in the northern part of California. San Francisco, North Bay, East Bay, South Bay, Peninsula and Santa Cruz make up the Bay Area regions. They are divided into nine counties: San Francisco, San Benito, San Mateo, Santa Clara, Santa Cruz, Alameda, Napa, Solano and Sonoma.

Although San Francisco City is identified as the cultural and traditional center of the Bay Area, it is not the largest or most populated city within the area. Historically, the Bay Area traces its roots from Spanish explorers who first set foot in the region and founded a Catholic church in 1776.

Bay Area is distributed over a population of nearly seven million residents (as of the latest count in 2006). People are scattered over a number of suburban and urban centers, hence, the general area name. Its generic name is derived from the various regional natures of the area, with no specific reference to a city.

Studies place the population of San Francisco Bay Area among the best in the country for overall education placement, competing with Washington D.C. and Boston. East Bay is known for being the home of famous seminaries and universities, namely Berkeley or the University of California and Stanford University.

Weather is generally agreeable but unpredictable, as bodies of water fence in the land area. Spring casts mild and cloudless days, summer is cool and overcast, and fall weather is warm, hot and sunny, with mild and clear nights, while winter brings in the most humid rainy days, alternating with clear and sunny skies.

The diverse geography is broken up into prime residential and industrial spaces, covering villages, towns and cities, parks in the national, state and regional levels, as well as airports and military bases. All these are connected by a modern and efficient transport system composed mostly of trains (commuter rail and railroads), highways and roads.

Considered as one of the most affluent regions in America, the San Francisco Bay Area boasts having the most median income per household, across the nation. Six out of the 10 best Californian areas that have the most income per capita (Belvedere, Diablo, Atherton, Woodside and Portal Valley) are all in the Bay Area. The popular Alameda, Contra Costa, Marin, San Francisco, San Mateo and Santa Clara counties in Bay Area are also part of the top 100 income per capita counties in the States. As a result, the Bay Area real estate appreciated to the level of the 'most expensive zip code' league. In 2005, Forbes Magazine listed Atherton, Diablo, Ross, Nicasio, Los Altos, Tiburon, Los Gatos, Portal Valley and San Francisco as one of the top 50 most expensive places to live in.
Visit http://www.johnhomesonline.com for more information about California travel.

Labels: academy_cisco, academy_cisco_networking, cisco_client_vpn, cisco_estate_real_tx, cisco_firewall, cisco_ip_phone, cisco_wireless

Friday, January 11, 2008

Cisco CCNP/BSCI Exam Tutorial: BGP Adjacency States

To pass the BSCI exam, earn your CCNP certification, and become an outstanding networker, you've got to master the many details of BGP - and trust me, there are a lot of details to master! Before you get into the more advanced features of BGP, you should have the fundamentals down cold, and one of those fundamentals is knowing the BGP adjacency states. This will allow you to successfully analyze and troubleshoot BGP peer relationships.

In the following example, a BGP peering is being created between R1 and R3. R1(config-router)#neighbor 172.12.123.3 remote-as 200

BGP speakers do not have to be in the same AS to become peers. To verify that the remote BGP speaker has become a peer, run show ip bgp neighbor.

R1#show ip bgp neighbor

BGP neighbor is 172.12.123.3, remote AS 200, external link

BGP version 4, remote router ID 0.0.0.0

BGP state = Active

Last read 00:01:39, hold time is 180, keepalive interval is 60 seconds

Received 0 messages, 0 notifications, 0 in queue

Sent 0 messages, 0 notifications, 0 in queue

Route refresh request: received 0, sent 0

Default minimum time between advertisement runs is 30 seconds

The output here can be a little misleading the first time you read it. The first highlighted line shows 172.12.123.3 is a BGP neighbor, is located in AS 200, and is an external link, indicating that the neighbor is in another AS entirely. The second highlighted line shows the BGP state as Active. This sounds great, but it actually means that a BGP peer connection does not yet exist with the prospective neighbor. Before we continue with this example, let?s look at the different BGP states:

Idle is the initial state of a BGP connection. The BGP speaker is waiting for a start event, generally either the establishment of a TCP connection or the re-establishment of a previous connection. Once the connection is established, BGP moves to the next state.

Connect is the next state. If the TCP connection completes, BGP will move to the OpenSent stage if the connection does not complete, BGP goes to Active.

Active indicates that the BGP speaker is continuing to create a peer relationship with the remote router. If this is successful, the BGP state goes to OpenSent. You?ll occasionally see a BGP connection flap between Active and Connect. This indicates an issue with the physical cable itself, or with the configuration.

OpenSent indicates that the BGP speaker has received an Open message from the peer. BGP will determine whether the peer is in the same AS (iBGP) or a different AS (eBGP) in this state.

In OpenConfirm state, the BGP speaker is waiting for a keepalive message. If one is received, the state moves to Established, and the neighbor relationship is complete. It is in the Established state that update packets are actually exchanged.

So even though the show ip bgp neighbor output indicated that this is an Active neighbor relationship, that?s not as good as it sounds. Of course, the reason the peer relationship hasn?t been established is that we haven?t configured R3 yet!

R3(config)#router bgp 200

R3(config-router)#neighbor 172.12.123.1 remote-as 100

Verify the peer establishment with show ip bgp neighbor:

R3#show ip bgp neighbor

BGP neighbor is 172.12.123.1, remote AS 100, external link

BGP version 4, remote router ID 172.12.123.1

BGP state = Established, up for 00:01:18

Last read 00:00:17, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

Route refresh: advertised and received(old & new)

Address family IPv4 Unicast: advertised and received

Received 5 messages, 0 notifications, 0 in queue

Sent 5 messages, 0 notifications, 0 in queue

Route refresh request: received 0, sent 0

Default minimum time between advertisement runs is 30 seconds

Local host: 172.12.123.3, Local port: 179 (BGP uses TCP Port 179)

Foreign host: 172.12.123.1, Foreign port: 11007

The peer relationship between R1 and R3 has been established!

Labels: 2nd_authorized_cisco_cvoice_edition_guide_guide_ip_over_self_self_study_study_voice, 4th_ccnp_ccnp_certification_cisco_edition_library_self_study_system, adler_cisco

Cisco CCNA Exam Tutorial: Using Trivial File Transfer Protocol (TFTP)

One of the first things you do when you start studying for the CCNA exam is memorizing a list of port numbers and the protocols that run on those ports. If you're an experienced networker, you know most of the protocols that are mentioned - DNS, DHCP, FTP, SMTP, and so on. But there's one protocol that you might not have experience with, but is actually vital for CCNA exam success and success in working with Cisco routers and switches, and that's TFTP - Trivial File Transfer Protocol.

TFTP is basically FTP's non-secure relative. There are no passwords, no authentication scheme, no nothing! As someone once told me, "If I'm transferring my files, there's nothing 'trivial' about it."

Great. So you?re thinking, ?What the heck do we use TFTP for, anyway??

TFTP is used in the Cisco world to perform IOS upgrades and to save configs to a TFTP Server. Cisco routers can themselves serve as TFTP servers, or you can use a workstation to fill that role.

If you needed to copy an IOS image to a router, for example, you could do so easily by connecting your PC to the router?s console port (via a rollover cable, right?). Your PC would need to run TFTP server software. There are quite a few free TFTP server software programs that work quite well ? just enter ?free tftp server? into Google or your favorite search engine and you?ll see what I mean.

Using TFTP in this fashion is a great way to have backup copies of IOS images or router configs right on your laptop. And take it from me, when the day comes that you need those backups, you?ll be glad you did!

Remember that when using the copy command, you first indicate where you?re copying from, then where you?re copying to:

R1#copy flash tftp

Source filename []? Example

Address or name of remote host []?

When performing such a copy, you?ll need to name the file you?re copying, as well as the IP address of the device you?re copying to.

Using TFTP to perform IOS upgrades takes a little getting used to, especially the syntax of the copy command. But knowing that syntax and how to use TFTP will indeed get you one step closer to the CCNA!

Labels: 2nd_authorized_cipt_cisco_edition_guide_ip_self_self_study_study_telephony, adaptive_appliance_asa_cisco_firewall_in_ips_networking_one_security_technology_vpn, cisco_training, cisco_voip

Thursday, January 10, 2008

Cisco CCNP/BSCI Exam Tutorial: Configuring Eigrp Packet Authentication

Configuring RIPv2 and EIGRP authentication with key chains can be tricky at first, and the syntax isn't exactly easy to remember. But for BSCI and CCNP exam success, we've got to be able to perform this task.

In a previous tutorial, we saw how to configure RIPv2 packet authentication, with both clear-text and MD5 authentication schemes. EIGRP authentication is much the same, and has the text and MD5 authentication options as well. But EIGRP being EIGRP, the command just has to be a little more detailed!

As with RIPv2, the authentication mode must be agreed upon by the EIGRP neighbors. If one router's interface is configured for MD5 authentication and the remote router's interface is configured for text authentication, the adjacency will fail even if the two interfaces in question are configured to use the same password.

We'll now configure link authentication on the adjacency over an Ethernet segment. Below, you'll see how to configure a key chain called EIGRP on both routers, use key number 1, and use the key-string BSCI. Run show key chain on a router to see all key chains.

R2(config)#key chain EIGRP

R2(config-keychain)#key 1

R2(config-keychain-key)#key-string BSCI

R2#show key chain

Key-chain EIGRP:

key 1 -- text "BSCI"

accept lifetime (always valid) - (always valid) [valid now]

send lifetime (always valid) - (always valid) [valid now]

R3(config)#key chain EIGRP

R3(config-keychain)#key 1

R3(config-keychain-key)#key-string BSCI

R3#show key chain

Key-chain EIGRP:

key 1 -- text "BSCI"

accept lifetime (always valid) - (always valid) [valid now]

send lifetime (always valid) - (always valid) [valid now]

The EIGRP command to apply the key chain is a bit of a pain to remember, because the protocol and AS number is identified in the middle of the command, not the beginning. Also note that two commands are needed - one to name the key chain, another to define the authentication mode in use.

R2(config)#interface ethernet0

R2(config-if)#ip authentication key-chain eigrp 100 EIGRP

R2(config-if)#ip authentication mode eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.3 (Ethernet0) is down: keychain changed

R3(config)#interface ethernet0

R3(config-if)#ip authentication key-chain eigrp 100 EIGRP

R3(config-if)#ip authentication mode eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.2 (Ethernet0) is up:

As with RIPv2, the existing adjacency was torn down when one side was configured with authentication. If the key chain is correctly defined and applied on both sides, the adjacency will come back up. Always run show ip eigrp neighbor to make sure the adjacency is present. Learn the details of EIGRP key chains by configuring them on your home lab equipment, and you'll be more than ready for BSCI exam success!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com ), home of free CCNA and CCNP tutorials, and The Ultimate CCNA and CCNP Study Packages. For a copy of his FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies!

Labels: 1_academy_basics_ccna_cisco_companion_companion_guide_guide_networking_networking_program, cisco_kid

Cisco CCNP/BSCI Exam Tutorial: Rip Update Packet Authentication

When you earned your CCNA, you thought you learned everything there is to know about RIP. Close, but not quite! There are some additional details you need to know to pass the BSCI exam and get one step closer to the CCNP exam, and one of those involves RIP update packet authentication.

You're familiar with some advantages of using RIPv2 over RIPv1, support for VLSM chief among them. But one advantage that you're not introduced to in your CCNA studies is the ability to configure routing update packet authentication.

You have two options, clear text and MD5. Clear text is just that - a clear text password that is visible by anyone who can pick a packet off the wire. If you're going to go to the trouble of configuring update authentication, you should use MD5. The MD stands for "Message Digest", and this is the algorithm that produces the hash value for the password that will be contained in the update packets.

Not only must the routers agree on the password, they must agree on the authentication method. If one router sends an MD5-hashed password to another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a great command for troubleshooting authenticated updates.

R1, R2, and R3 are running RIP over a frame relay cloud. Here is how RIP authentication would be configured on these three routers.

R1#conf t

R1(config)#key chain RIP

< The key chain can have any name. >

R1(config-keychain)#key 1

< Key chains can have multiple keys. Number them carefully when using multiples. >

R1(config-keychain-key)#key-string CISCO

< This is the text string the key will use for authentication. >

R1(config)#int s0

R1(config-if)#ip rip authentication mode text

< The interface will use clear-text mode. >

R1(config-if)#ip rip authentication key-chain RIP

< The interface is using key chain RIP, configured earlier. >

R2#conf t

R2(config)#key chain RIP

R2(config-keychain)#key 1

R2(config-keychain-key)#key-string CISCO

R2(config)#int s0.123

R2(config-subif)#ip rip authentication mode text

R2(config-subif)#ip rip authentication key-chain RIP

R3#conf t

R3(config)#key chain RIP

R3(config-keychain)#key 1

R3(config-keychain-key)#key-string CISCO

R3(config)#int s0.31

R3(config-subif)#ip rip authentication mode text

R3(config-subif)#ip rip authentication key-chain RIP

To use MD5 authentication rather than clear-text, simply replace the word "text" in the ip rip authentication mode command with md5.

Here's what a successfully authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in effect and the password is "cisco".

3d04h: RIP: received packet with text authentication cisco

3d04h: RIP: received v2 update from 150.1.1.3 on Ethernet0

3d04h: 100.0.0.0/8 via 0.0.0.0 in 1 hops

3d04h: 150.1.2.0/24 via 0.0.0.0 in 1 hops

Here's what it looks like when the remote device is set for MD5 authentication and the local router is set for clear-text. You'll also see this message if the password itself is incorrect.

3d04h: RIP: ignored v2 packet from 150.1.1.3 (invalid authentication)

"Debug ip rip" may be a simple command as compared to the debugs for other protocols. but it's also a very powerful debug. Start using debugs as early as possible in your Cisco studies to learn how router commands really work!

Labels: apple_cisco, ccna_cisco_mentor_practical_press_study_video, cisco_firewall_pix, cisco_switch

Cisco CCNA Exam Tutorial: Five OSPF Hub-and-Spoke Details You Must Know!

CCNA exam success depends greatly on knowing the details, and if there's one protocol that has a lot of details, it's OSPF! This is true particularly of hub-and-spoke networks, so in this CCNA OSPF tutorial we'll take a look at some of the more important hub-and-spoke OSPF details. This will help you in working with real-world networks as well, since this OSPF network type is one of the more typical network topologies.

In OSPF, the hub must become the designated router (DR). The DR election's deciding value is the OSPF interface priority, and the default value is 1. It's not enough to set the hub's OSPF interface to 2, however, since the spoke routers must not become the DR or BDR. You must set the spoke interfaces to an OSPF priority of zero.

R2(config)#int s0

R2(config-if)#ip ospf priority 0

This ensures that the spokes will not become the DR or BDR if the hub goes down.

The hub does require a bit more configuration, though. The neighbor command must be used on the hub to indicate the IP address of the potential neighbors.

R1(config)#router ospf 1

R1(config-router)#neighbor 172.12.123.2

R1(config-router)#neighbor 172.12.123.3

It's common to have an ISDN link as a backup in an OSPF network, and when that ISDN link comes up the hello packets must be able to cross the link. What you don't want is to have the hellos keep the link up! By configuring the ISDN link as an OSPF demand circuit, the link will drop in the absence of interesting traffic, but the OSPF adjacency that formed across the ISDN link will be assumed by the router to still be up. (You usually see this command configured on both sides of the ISDN link, but it's only needed on one side. It doesn't hurt anything to put it on both sides, though.)

R2(config)#int bri0

R2(config-if)#ip ospf demand-circuit

A final detail of OSPF hub-and-spoke and demand circuits actually takes place at Layer 2. For the OSPF hello packets to successfully be transmitted across an ISDN link or a frame relay network, the broadcast option must be enabled in the appropriate frame and dialer map statements. Failure to enable this option can lead to a situation where pings will be successful, but OSPF adjacencies will not form.

R2(config-if)#dialer map ip 172.12.21.1 name R1 broadcast 5551111

R2(config-if)#frame map ip 172.12.123.1 221 broadcast

When you're troubleshooting OSPF in a production network or your CCNA / CCNP home lab, don't just look at Layer 3 - because everything's got to be right at the physical and data link layers in order for the network layer to function correctly!

Labels: 3_academy_basics_ccna_cisco_companion_companion_guide_guide_intermediate_networking_program_routing_switching

Tuesday, January 8, 2008

Cisco CCNP/BSCI Exam Tutorial: EIGRP Route Summarization

Summarizing routes is a vital skill to learn to pass the BSCI exam and get one step closer to earning your CCNP. The actual binary conversions are only part of the test, though! You've got to know how to correctly apply the summary routes, and that differs from one protocol to the next. In the last few CCNP / BSCI tutorials, we've looked at using the "area range" and "summary-address" commands to perform OSPF route summarization. Today, we'll take a look at summarizing routes in EIGRP.

We'll use the following four loopback addresses in this example:

Loopback 16, 16.16.16.16 /32

Loopback 17, 17.17.17.17 /32

Loopback 18, 18.18.18.18 /32

Loopback 19. 19.19.19.19 /32

On R1, we'll place these four addresses into EIGRP AS 100.

R1(config-if)#router eigrp 100

R1(config-router)#network 16.16.16.16 0.0.0.0

R1(config-router)#network 17.17.17.17 0.0.0.0

R1(config-router)#network 18.18.18.18 0.0.0.0

R1(config-router)#network 19.19.19.19 0.0.0.0

R3 is an EIGRP neighbor of R1, and that router's EIGRP routing table now looks like this:

R3#show ip route eigrp

17.0.0.0/32 is subnetted, 1 subnets

D 17.17.17.17 [90/2297856] via 172.12.123.1, 00:00:29, Serial0

16.0.0.0/32 is subnetted, 1 subnets

D 16.16.16.16 [90/2297856] via 172.12.123.1, 00:00:36, Serial0

19.0.0.0/32 is subnetted, 1 subnets

D 19.19.19.19 [90/2297856] via 172.12.123.1, 00:00:08, Serial0

18.0.0.0/32 is subnetted, 1 subnets

D 18.18.18.18 [90/2297856] via 172.12.123.1, 00:00:22, Serial0

To perform manual route summarization, write out the network addresses in binary and then determine the point at which the addresses no longer have a bit in common. For these four addresses, it will be enough to write out the first octet in binary:

16 00010000

17 00010001

18 00010010

19 00010011

Working from left to right, the common bits are the first six bits - 000100xx. In decimal, this value is 16. The summary mask must be determined as well, and that value is derived from putting a "1" in the mask for each common bit. With the first six bits all set to one - 11111100 - the resulting mask is 252.0.0.0. The full summary address is 16.0.0.0 252.0.0.0.

In EIGRP, the summary address is actually configured on an interface, not under the routing process.

R1(config)#interface serial0

R1(config-if)#ip summary-address eigrp 100 16.0.0.0 252.0.0.0

02:39:50: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor
172.12.123.3 (Serial0) is down: summary configured

02:39:50: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor
172.12.123.2 (Serial0) is down: summary configured

02:40:16: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor
172.12.123.2 (Serial0) is up : new adjacency

02:40:17: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor
172.12.123.3 (Serial0) is up: new adjacency

There's an immediate side effect here that most books leave out. Your EIGRP adjacencies are going to come down after you configure this summary, but they should come back up quickly. The key word there is "should". If you configure EIGRP summary addresses on a production network, you may want to do this during non-peak hours. The timestamps on the above commands indicate that the adjacencies were down for about 27 seconds over the NBMA network. That's about 30 minutes in end-user time. ;)

Check R3's EIGRP routing table.

R3#show ip route eigrp

D 16.0.0.0/6 [90/2297856] via 172.12.123.1, 00:01:46, Serial0

The four summarized routes are no longer in the routing table, and they have been replaced by the summary route shown at the bottom of the routing table. Notice the mask is /6, which is prefix notation for 248.0.0.0.

Knowing how and why to summarize routes is a valuable skill, regardless of the protocol in use. But before you take the BSCI exam on your way to the CCNP, make sure you know how to perform summarization with all of the core protocols!

Labels: 2nd_authorized_cipt_cisco_edition_guide_ip_self_self_study_study_telephony

Monday, January 7, 2008

Cisco CCNA Exam Tutorial: Five ISDN Details To Remember

CCNA exam success depends on mastering many technologies that are new to you, and few exam topics have more details than ISDN. ISDN isn't just for your CCNA exam studies, though. While ISDN is dismissed by many, the fact is that there are many small and mid-size networks out there that use ISDN as their backup to frame relay. Some of these companies have spoke networks that use ISDN to connect to their hub as well, so it's a great idea to know ISDN configuration and troubleshooting for your real-world career as well as passing the CCNA. With that in mind, let's take a look at five common ISDN errors and how to avoid them.

With dialer map statements, remember that the phone number you put in the dialer map is the phone number of the remote router, not the local one. Look at it this way - if you want to call a friend on your cell, you don't pick up your cell and dial your own number!

Speaking of dialer map statements, don't forget the all-important broadcast option at the end of the command:

R1(config-if)#dialer map ip 172.12.21.1 name R2 broadcast 5555555

The router will accept that command without the "broadcast" option, but routing protocol updates and hellos would not be able to travel across the line. (This command is also needed in frame relay map statements to allow broadcasts and multicasts to be transmitted.)

PAP is PPP's clear-text authentication scheme, and clear text is a really bad idea. But if you do have to configure it, don't forget that PAP requires additional configuration -the ppp pap sent-username command.

R1(config-if)#ppp pap sent-username R1 password CISCO

Must set encapsulation to PPP before using PPP subcommands

R1(config-if)#

The error message we got while configuring the sent-username command is another important reminder - by default, a BRI line is running HDLC, not PPP. Since HDLC doesn't allow us to use either PAP or CHAP, we'll need to set the link to PPP with the encapsulation ppp command.

R1(config-if)#encapsulation ppp

R1(config-if)#ppp authentication pap

R1(config-if)#ppp pap sent-username R1 password CISCO

But before we configure any of this information, we should configure the ISDN switch-type. Why? Because without the switch-type configuration, it doesn't matter that we avoid the other four errors - the line will not come up. Configure the switch-type with the "isdn switch-type" command, and then verify it with "show isdn status".

R1(config)#isdn switch-type basic-ni

R1#show isdn status

Global ISDN Switchtype = basic-ni (output of this command cut here for clarity)

If you forget this part of the configuration, the output of show isdn status wastes no time in reminding you!

R1#show isdn status

**** No Global ISDN Switchtype currently defined ****

ISDN is an important part of your CCNA studies, and this knowledge still comes in handy in production networks as well. Keep studying, notice the details, run those debugs, and you'll be a CCNA before you know it!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com ), home of free CCNA and CCNP tutorials, and The Ultimate CCNA and CCNP Study Packages. For a copy of his FREE "How To Pass The CCNA" or "CCNP" ebook, visit the website and download your copies!

Labels: cisco_college_jr, cisco_inc_system, cisco_memory, cisco_press, cisco_refurbished, cisco_switch

Junior's Cheesecakes, From Brooklyn to San Francisco Through Cyberspace

When I interviewed Kevin Rosen of Junior's Cheesecake here in NYC it was to ask him what he and his family want the Internet to do for them and their business.

I met Kevin when he appeared on a panel of business owners taking their companies online, sponsored by Crains Publishing Company at its annual Expo.

In fact I interviewed over 50 successful long established Main Street companies, asking many of the same questions that I asked Kevin. I was looking for the common denominator, the two or three reasons that all mentioned for taking their otherwise successful traditional company online.

And I got them!

Each of them told me that in one way or another in order to increase their market share. Junior's, located since 1950 in Brooklyn had just opened a Manhattan outlet in Grand Central Terminal. While he was already reaching out into their existing geographical market Kevin had much bigger plans to extend their market reach nationally if not international.

Kevin, President of Junior's, and grandson of Harry Rosen, is the third generation of the family to be involved in the business. When ex-Brooklynites, some living as far away as California, started calling Kevin and asking him to mail them cheescakes, he knew Junior's was ready for national exposure.

And they want to use technology to help them grow their bottom line by enhancing the customer Service, increasing productivity, reducing costs, and having at least a part of their business operating 24 hours a day seven days a week. He began by computerizing back office operations, and continues to champion state-of-the-art solutions for the family business, ultimately putting Junior's in cyberspace.

Kevin believes that the two most important functions of the web site are to generate sales growth and to increase brand awareness. In that spirit, the new site focuses primarily on e-commerce.

Twelve different specialty cheescakes are offered, as well as gift certificates and collectibles. Users have the capability of creating their own personal address book on the site, so repeat orders and gift-giving can be handled in a mouse-click, and orders can be easily tracked from the site.

Placing an order on their web site is as easy and perhaps more convenient than walking into the store or using the 800-number. This ease of entry is crucial to bringing customers back to the site again and again.

With approximately 5000 cheescakes selling every week, it is clear that Junior's Cheescakes has the recipe for success.

We published their profile just over two years, they were early adopters in their industry. Now there are many people who have jumped on this bandwagon - yet Junior's maintains its advantage by continuing to evolve its strategy.

In addition to having their story published on our web site, where it receives consistent daily traffic from Internet searchers, they were used as an example of "Best Practices" in the book, "Doing It Right, Realizing Your Company's Potential" that we published in 2003 and have recently made available on our web site at no charge.

Now, we're looking for another batch of business owners whose story to tell.

Were going to be asking some of the same questions, two years later, in order to complete our research on the adaptation of the Internet by traditional mainstream businesses. And there will be other questions designed to help us tell the stories of Main Street companies developing strategies for continued success in the 21st Century.

The new profiles will also be posted on our web site and some of them will be selected as part of the content in one of the two books we have in process.

Based on our experience doing these interviews we've dramatically streamlined the process for this next round. The process is straightforward and will require very little of the person being interviewed, beyond the time were on the phone together.

There is a page entitled Submit a Profile linked to every pay each of our web site (top right). If you or someone you know is interested in exploring the idea of telling their story, I believe you will find the information you need there.

Wayne Messick wants to interview business owners positioning themselves for success in the 21st Century. Click here for cutting edge leadership strategies for your business.

Labels: 3_academy_basics_ccna_cisco_companion_companion_guide_guide_intermediate_networking_program_routing_switching

Sunday, January 6, 2008

Cisco CCNA Exam Tutorial: Password Recovery Procedures

It might happen on your CCNA exam, it might happen on your production network - but sooner or later, you're going to have to perform password recovery on a Cisco router or switch. This involves manipulating the router's configuration register, and that is enough to make some CCNA candidates and network administrators really nervous!

It's true that setting the configuration register to the wrong value can damage the router, but if you do the proper research before starting the password recovery process, you'll be fine.

Despite what some books say, there is no "one size fits all" approach to Cisco password recovery. What works on a 2500 router may not work on other routers and switches. There is a great master Cisco document out on the Web that you should bookmark today. Just put "cisco password recovery" in your favorite search engine and you should find it quickly.

The following procedure describes the process in recovering from a lost password on a Cisco 2500 router. As always, don't practice this at home. It is a good idea to get some practice with this technique in your CCNA / CCNP home lab, though!

The password recovery method examined here is for 2500 routers.

An engineer who finds themselves locked out of a router can view and change the password by changing the configuration register.

The router must first be rebooted and a "break" performed within the first 60 seconds of the boot process. This break sequence can also vary depending on what program is used to access the router, but is the usual key combination.

The router will now be in ROM Monitor mode. From the rom monitor prompt, change the default configuration register of 0x2102 to 0x2142 with the o/r 0x2142 command. Reload the router with the letter i. (As you can see, ROM Monitor mode is a lot different than working with the IOS!)

This particular config register setting will cause the router to ignore the contents of NVRAM. Your startup configuration is still there, but it will be ignored on reload.

When the router reloads, you'll be prompted to enter Setup mode. Answer "N", and type enable at the router> prompt.

Be careful here. Type configure memory or copy start run. Do NOT type write memory or copy run start!

Enter the command show running-config. You'll see the passwords in either their encrypted or unencrypted format.

Type config t, then use the appropriate command to set a new enable secret or enable password.

Don't forget to change the configuration register setting back to the original value! The command config-register 0x2102 will do the job. Save this change with write memory or copy run start, and then run reload one more time to restart the router.

This process sounds hard, but it's really not. You just have to be careful, particularly when you're copying the startup config over the running config. You don't want to get that backwards! So take your time, check the online Cisco documentation before starting, get some practice with this procedure with lab equipment, and you'll be ready for success on the CCNA exam and in your production network!

Labels: apple_cisco, cisco_client_vpn, cisco_in_in_ios_nutshell_nutshell_oreilly, cisco_router_used, cisco_switch, cisco_used, cisco_voip, cisco_vpn, cisco_wireless

San Francisco Giants Tickets

San Francisco Giants are one of the main and most popular League Baseball team based in San Francisco, California. Giants play in the West Division of the National League. Giants were in early days originally known as Gothams, they started as a second baseball club by John B. Day and Jim Mutrie. Giants were Day and Mutrie's real entry to the National League, although their other clubs, the Metropolitans (known as original Mets) were playing in the American Association. Initially Metropolitans were more successful club but then Day and Mutrie moved top players to the Gothams, which lead the team to win its first National League pennant in 1888. After this splendid fulfilling victory, Mutrie (who was also the team's manager) came in the dressing room and out of his pleasure and excitement shouted, "My big fellows! My giants!" And from there onwards, the club was called as the Giants. They saw high time as a team in the beginning and also bring out some remarkable top class players but on the whole they didn't come off with flying colors, they struggled a lot, but couldn't prove their best.

San Francisco Giants history.

In Contrary to the times in New York, Giants in San Francisco have diverse fortune. However lately Giants has enjoyed comparatively persistent triumph, there have been stretched times of unevenness, especially they were threatened when the club's ownership periled to move the club out of San Francisco. The most unfortunate part of the story is that Giants managed to have a huge fan base since they arrive in the city, but Giants couldn't so far thrive for a World Series title for San Francisco.

When there was a break in Seals Stadium, Giants shifted to Candlestick Park, which was also known as "The Stick" but unfortunately that very stadium proved to be one of the most hostile stadiums in the sports history. It was sealed in 1961. Giants stopped playing in that stadium which was later on named as 3Com Park and then Monster Park. Giants never won a World Series after moving to San Francisco, but they were always close, playing in three of them.

Giants couldn't make any other World Series until 1989, but still Giants of the '60s sustained to be pennant contenders and the gratitude goes to several future hall-of-famers, like Gaylord Perry, who pitched in 1968 a no-hitter for the Giants; Juan Marichal, another pitcher with a unforgettable high-kicking delivery; McCovey, the National League MVP award winner in 1969, and Mays, who have the all-time franchise record for most home runs, he also hit his 600th career home run in 1969.

The post-season appearance of the Giants was in 1971. Giants were effortlessly defeated in the League Championship Series by the Pittsburgh Pirates and Roberto Clemente after winning their division. 1970s also proved to be a despairing decade for Giants. Bob Lurie bought the team, to save it from being moved to Toronto in 1976.

The decade of 1980's also couldn't bring any success for the giants. Giants hired a black manager Frank Robinson 1981, though Robinson's tenure only lasted for 4 years. 1985 was the worst year in the history of San Francisco Giants. They lost 100 games (the most number of failures since moving to San Francisco). The owner then hired Al Rosen as general manager. In his management Giants gifted rookies like Will Clark, Robby Thompson, and gained players as Kevin Mitchell, Dave Dravecky, Candy Maldonado, and Rick Reuschel.

Roger Craig remained Giants' new manager from 1985 to 1992. Giants never faced a losing record in Craig's first five full seasons. That was a splendid change for team's future. Having an exceptional motto, "Humm Baby" during Roger Craig's leadership, Giants stood victorious in 83 games in 1986 and also win the National League Western Division title in 1987. Giants also won the National League pennant in 1989. 1989 proved even a better year for the Giants. After a long awaited period of 27 years, the San Francisco Giants finally were the champions of the National League. After defeating the Cubs, they confronted the Oakland Athletics in "Bay Bridge Series". That series was perhaps the best cherished due to the Loma Prieta earthquake on October 17, 1989 interrupted the intended Game 3 of the series at Candlestick Park. Oakland completed up its sweep of San Francisco, after a ten-day delay in the series.

Later on the Barry Bonds started a new dawn with a blast. Bonds created numbers for the third MVP of his career: 46 homers, 129 runs, 123 RBI, .336/. 458/. 677/1.135. Giants get a smashing record of 103-59 in Dusty Baker's first year as manager. Which also benefited Baker as he got the "Manager of the Year award". Once again the period form 1994 to 1996 was not a rewarding time.

Due to these dreadful times, Giants were led to name Brian Sabean as new general manager, replacing Bob Quinn. Prior to being named GM, Brian Sabean was already whispered to have masterminded the agreement to dig up Kirk Rueter from the Montreal Expos. His first trade as GM, stunned Giants fans throughout the world when he traded Matt Williams for apparently a handful of spare parts, and the criticism was grand enough for him to have to openly explain: "I didn't get to this point by being an idiot... I'm sitting here telling you there is a plan."

And for sure Sabean's plan worked out, because the players he got in the Williams trade - Jeff Kent, Jose Vizcaino, Julian Tavarez, and Joe Roa (also the 1 million dollar cash enabled them to sign Darryl Hamilton) - in addition his trade for J.T. Snow made the Giants to win their first NL West division title of the 1990s in 1997. Unluckily, the Florida Marlins ended the Giants' season by defeating them by a 3-0. And Marlins moved on their way to first World Series championship.

40 years later in 2000 at Candlestick, Giants opened their own privately financed ballpark, naming Pacific Bell Park. The team shocked everyone by having the best record in the National League. It was actually 2002 when the Giants again became the center of attention. Giants beaten Atlanta Braves in the NLDS three games to two and later on defeated the St. Louis Cardinals four games to one. Giant's performance was out class in the World Series and they were about to win when The Angels made a come back and win the championship, which really dishearten the Giant's fans. After this agonizing failure they once more recorded 100 victories for the seventh time in franchise history and for the third time in San Francisco. Year 2004 as well dramatically changed the whole scene, when the Dodgers rise above the Giants in a late season game, winning on a Steve Finley. Next year, 2005 was the most depressing season of 2000s for the Giants.

Giants celebrated in honor of Baseball Hall of Famer Juan Marichal On May 25, 2005. On July 14, 2005, Giants won their 10,000th contest beating their competitors, the Los Angeles Dodgers, 4-3, becoming the first professional sports franchise to have five digits in their winning total. Unfortunately Giants were formally eliminated from the NL West race when they lose to the 2005 champion San Diego Padres. San Francisco Giants finished the season in third place, with a record of 75-87, which was their worst season - and first losing record - since 1996.

In 2006 Slugger Barry Bonds' return alone should mean a better offense. Fans anticipate the Giants to do better then their 75-87 records in 2005. Finley is an appealing surprise. Finley hit 36 home runs, which were a career high in 2004. The Giants have great expectations from Finley, it is expected that he can have a bounce back year and possibly can hit 30 or more home runs hitting along side Bonds and Alou. Sweeney is allowed to hit regularly so that he may astonish the fans. Niekro also should bloom with better hitters around him. There is a much-polished lineup with a vigorous Bonds returning.

If Schmidt and Matt Morris could also manage a similar performance as he did last year (14 wins) then the starting rotation will be solid as well. Lowry and Hennessey also have to groom themselves in 2006 with more innings under their belts. The Giants are also looking forward to a full season from closer Armando Benitez, which should also help the bullpen. Giants should perform much better in 2006 and will chase the Padres for the NL West title. Giants always have their unique style of having a smashing come back. And their fans don't expect anything less then this from their all time favorite Giants. For more details visit http://www.ticketnest.com/sports-tickets/San-Francisco-Giants/index.php

Ron Arthur is a Search Engine Marketer working for Carlsbad, CA based web-metrics company Sofizar. He is a member of the team developing a click fraud detection software, ZarTective. While not writing expose's on the darker side of the web, he plays with his cat "Mano" and watches "Rocky Horror Picture Show" for the 17th time. Or maybe 117th.

Labels: 4th_ccnp_ccnp_certification_cisco_edition_library_self_study_system, apple_cisco_sues, cisco_gatekeepers_gateway_networking_technology_voice

Cisco Solution

Wednesday, January 30, 2008

Cisco CCNP Certification/BSCI Exam Tutorial: ISIS Hellos And Adjacencies

Tuesday, January 29, 2008

Cisco CCNA Certification Exam Tutorial: The OSPF RID

Monday, January 28, 2008

Cisco CCNP / BCMSN Exam Tutorial: BPDU Skew Detection

Cisco CCNP / BSCI Exam Tutorial: ISIS Router Types

Sunday, January 27, 2008

Cisco CCNA Exam Tutorial: IGRP And Equal Cost Load Balancing

Cisco CCNP / BCMSN Exam Tutorial: Configuring PortFast And BPDU Guard

Thursday, January 24, 2008

Cisco CCNP / BSCI Exam Tutorial: Filtering BGP Updates With Prefix Lists

Cisco CCNA Exam Tutorial: Cisco Discovery Protocol (CDP)

Wednesday, January 23, 2008

A Night In San Francisco

Tuesday, January 22, 2008

Cisco CCNP / BSCI Exam Tutorial: Configuring And Troubleshooting OSPF Virtual Links

Cisco CCNA Exam Tutorial: Mapping The OSI Model To The TCPIP Model

Sunday, January 20, 2008

Cisco CCNA Exam Tutorial: Configuring Standard Access Lists

Cisco CCNA Exam Tutorial And Case Study: VLANs and IP Connectivity

Friday, January 18, 2008

Cisco CCNA / CCNP Home Lab Tutorial: Using 2520 Routers

Cisco CCNA Exam Tutorial And Case Study: VLANs and IP Connectivity

Thursday, January 17, 2008

Cisco CCNP / BCMSN Exam Tutorial: The Four (Or Five) STP Port States

Cisco CCNP / BSCI Exam Tutorial: Not All Static Routes Are Created Equal

Sunday, January 13, 2008

Luxurious Lifestyle At The San Francisco Bay Area

Friday, January 11, 2008

Cisco CCNP/BSCI Exam Tutorial: BGP Adjacency States

Cisco CCNA Exam Tutorial: Using Trivial File Transfer Protocol (TFTP)

Thursday, January 10, 2008

Cisco CCNP/BSCI Exam Tutorial: Configuring Eigrp Packet Authentication

Cisco CCNP/BSCI Exam Tutorial: Rip Update Packet Authentication

Cisco CCNA Exam Tutorial: Five OSPF Hub-and-Spoke Details You Must Know!

Tuesday, January 8, 2008

Cisco CCNP/BSCI Exam Tutorial: EIGRP Route Summarization

Monday, January 7, 2008

Cisco CCNA Exam Tutorial: Five ISDN Details To Remember

Junior's Cheesecakes, From Brooklyn to San Francisco Through Cyberspace

Sunday, January 6, 2008

Cisco CCNA Exam Tutorial: Password Recovery Procedures

San Francisco Giants Tickets

Marketing Talks

Other Tested Products

Previous Posts

Archives