CCENT 360

Friday, 25 December 2015

A complete CCENT LAB

Design your own Campus Network or Intranet.

1.Lab should have Multiple Routers and Switches.
2. Technologies :
                          VLAN, Switchport Security,redundant links
                          ACL (UDP and TCP Ports),
                          OSPF (cost,priority,passive interface),
                           NAT,
                          Cabling serial and ethernet.
                          SSH,NTP,DHCP.
L3 Switching
IPv6
Router passwords,telnet,console access.

3.Show commands and debug commands.

4.One Lab on PT should consist of a real life major scenario.
    Multiple floors of configurations involving all technologies.
Or Multiple building on a Campus.

Thursday, 24 December 2015

Zero Subnet and Broadcast Subnet.

Subnet Zero

If a network address is subnetted, the first subnet obtained after subnetting
the network address is called subnet zero.

Example:

172.16.0.0

255.255.224.0

172.16.31.255

172.16.0.1 to 172.16.31.254

The first subnet (subnet 172.16.0.0/19) is called subnet zero.

The All-Ones Subnet or Broadcast Subnet

When a network address is subnetted, the last subnet obtained is called
the all-ones subnet.

With reference to the example above, the last subnet obtained when
subnetting network 172.16.0.0 (subnet 172.16.224.0/19) is called the
all-ones subnet.

172.16.224.0

255.255.224.0

172.16.255.255

172.16.224.1 to 172.16.255.254

Source:http://www.cisco.com

Sunday, 13 December 2015

OSPF Metric Cost

Note Path with the least cost is chosen.
Cost is the OSPF Metric.

Note change cost on outgoing interface not incoming interface.
AS per the Forum I use and the Books , both ends of the
Router's connecting together are to be changed.Like
Router1 g0/1 Interface and Router2 g0/0 interface.

Cost = 10^8/ BW Note : 10^8 can be changed using
auto-cost reference-bandwidth.

Router 1 before :

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/24 is directly connected, GigabitEthernet0/0

L 192.168.1.2/32 is directly connected, GigabitEthernet0/0

O 192.168.2.0/24 [110/2] via 192.168.1.1, 01:04:30, GigabitEthernet0/0

192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.3.0/24 is directly connected, GigabitEthernet0/1

L 192.168.3.1/32 is directly connected, GigabitEthernet0/1

O 192.168.4.0/24 [110/2] via 192.168.3.2, 00:04:49, GigabitEthernet0/1

O 192.168.5.0/24 [110/3] via 192.168.3.2, 00:04:49, GigabitEthernet0/1

[110/3] via 192.168.1.1, 00:04:49, GigabitEthernet0/0

O 192.168.6.0/24 [110/2] via 192.168.3.2, 00:04:31, GigabitEthernet0/1

Changes on Router 1 :

Router(config)#int g0/1

Router(config-if)#ip ospf cost 20000

Router(config-if)#end

Router 1 after:

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/24 is directly connected, GigabitEthernet0/0

L 192.168.1.2/32 is directly connected, GigabitEthernet0/0

O 192.168.2.0/24 [110/2] via 192.168.1.1, 01:04:32, GigabitEthernet0/0

192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.3.0/24 is directly connected, GigabitEthernet0/1

L 192.168.3.1/32 is directly connected, GigabitEthernet0/1

O 192.168.4.0/24 [110/3] via 192.168.1.1, 00:00:00, GigabitEthernet0/0

O 192.168.5.0/24 [110/3] via 192.168.1.1, 00:00:00, GigabitEthernet0/0

O 192.168.6.0/24 [110/4] via 192.168.1.1, 00:00:00, GigabitEthernet0/0

On Router 1 :

Router#show ip ospf int g0/1

GigabitEthernet0/1 is up, line protocol is up

Internet address is 192.168.3.1/24, Area 0

Process ID 11, Router ID 192.168.3.1, Network Type BROADCAST, Cost: 20000

Router#show int g0/1

GigabitEthernet0/1 is up, line protocol is up (connected)

Hardware is CN Gigabit Ethernet, address is 0002.4a25.c102 (bia 0002.4a25.c102)

Internet address is 192.168.3.1/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

OSPF Cost

The cost (also called metric) of an interface in OSPF is an indication of the overhead required to send packets across a certain interface. The cost of an interface is inversely proportional to the bandwidth of that interface. A higher bandwidth indicates a lower cost. There is more overhead (higher cost) and time delays involved in crossing a 56k serial line than crossing a 10M ethernet line. The formula used to calculate the cost is:

cost= 10000 0000/bandwidth in bps

For example, it will cost 10 EXP8/10 EXP7 = 10 to cross a 10M Ethernet line and will cost 10 EXP8/1544000 = 64 to cross a T1 line.

Note :
10 Mbps = 10*10^6 ---------10BaseT
100 Mbps = 100*10^6 --------100BaseT
1000 Mbps = 1000*10^6 ---- 1000BaseT
1000BASE-T is Gigabit Ethernet (1 gigabit is 1000 megabits per second)

T1(DS-1) line Bandwidth = 1.544 Mbps or 1.5Mbps
T3(DS-3) line Bandwidth = 44.736 Mbps

Source.

Tuesday, 8 December 2015

IPv6

1.IPv6 enable command and IPv6 address autoconfig
   automatically assigns an IP to an interface.

2.Cannot Ping even local Link local Address of local router
   after manually assigning the IP or using above commands.

3.Ping only works after an unique local or global IP is assigned
   to the interfaces.

4.Do not forget ipv6 unicast-routing , even with static routes.

5. ICMPv6 , NDP = ARP ,Stateless vs Stateful(DHCP)

6.Static Routes , Default routes.

7.OSPFv3

Monday, 23 November 2015

Extended ACL UDP DNS Client

IP NAMED EXTENDED ACL with Wild Card Masking using

TCP IP and ICMP Protocol

NOTE DNS Configuration should be done on Server, namely an
A or Host resource record must be created.

In PC , DNS server IP must be added and in the URL, A Record
name should be used rather than numerical IP as we are
resolving... wonder how PTR records behave...

1.Only UDP works and UDP Port only on DNS Server.
2.Either Client side or Server side but port should be
UDP not TCP.
3.Only Server DNS UDP Port.

Router(config)#ip access-list extended 110

Router(config-ext-nacl)#1 deny tcp 192.168.1.0 0.0.0.7 host 192.168.2.2 eq 80

Router(config-ext-nacl)#2 deny ip 192.168.1.11 0.0.0.7 host 192.168.2.2

Router(config-ext-nacl)#3 deny icmp 192.168.1.20 0.0.0.7 host 192.168.2.2

Router(config-ext-nacl)#4 deny udp 192.168.1.24 0.0.0.7 host 192.168.2.2 eq domain

Router(config-ext-nacl)#5 permit ip any any

NOTE UDP IS BLOCKED AS IT IS ON CLIENT SIDE

Note UDP can be blocked on other side also incoming on
Router2 port g0/1

Router(config)#access-list 110 deny udp any eq 53 any

Router(config)#access-list 110 permit ip any any

Router(config)#int g0/1

Router(config-if)#ip access-group 110 in

Others to note: NOte UDP OSPF etc

Router(config-ext-nacl)#1 permit ?

ahp Authentication Header Protocol

eigrp Cisco's EIGRP routing protocol

esp Encapsulation Security Payload

gre Cisco's GRE tunneling

icmp Internet Control Message Protocol

ip Any Internet Protocol

ospf OSPF routing protocol

tcp Transmission Control Protocol

udp User Datagram

Note also DNS used ,configuration is on PC's
and Server

53 -DNS SERVER(TCP), DNS Clinet (UDP)

NOTE TO BLOCK the site opening on the PC's UDP must be
blocked in the ACL not TCP as UDP is DNS Client

Wednesday, 18 November 2015

Ten commands for troubleshooting OSPF

1. show ip protocols: It displays OSPF status, process-id and neighbors/gateways. It also shows area types configured (normal, stub, NSSA etc.). Lastly, it lists protocols that are being redistributed and networks that are being advertised.
Helpful in troubleshooting: Neighbor relationships, missing routes, and problems with summarization and filtering.
2. show ip route ospf: Displays OSPF routes that are being received from neighbors and their administrative distances. It also shows the cumulative cost metric to reach a particular subnet and what the route source and interface is.
Helpful in troubleshooting: General issues, missing routes, and problems with summarization and filtering.
3. show ip ospf interfaces: Displays OSPF interfaces. It also shows type(s) of network, neighbor count, type of authentication and timer values.
Helpful in troubleshooting: Neighbor relationships, local configuration issues, and routing problems.
4. show ip ospf neighbors: Displays active fully adjacent neighbors, router ID of neighbors, neighbor state/DR state, IP addresses/interfaces and dead time of neighbors.
Helpful in troubleshooting: Neighbor relationships and local configuration issues.
5. show ip ospf database: Displays LSA types per area, advertising router, Link ID (subnet) and age.
Helpful in troubleshooting: Missing routes, filtering problems and general issues.
6. show ip ospf border-routers: Displays router ID, advertising router, area, ABR or ASBR, and cost details.
Helpful in troubleshooting: Missing routes, filtering problems and general issues.
7. show ip ospf: Displays OSPF process ID, configured areas, number or types of areas, It also shows the number of times the SPF algorithm is executed. If you see a very high number of SPF calculations, it could be a flapping router or an interface with an issue.
Helpful in troubleshooting: Missing routes, filtering problems, and general issues.
Following debug commands can also help in troubleshooting many issues:
1. debug ip ospf adjacency: It is used to debug neighbor adjacencies.
Helpful in troubleshooting: Neighbor relationships, routing update issues and stub router problems.
2. debug ip ospf events: It is used to debug network events.
Helpful in troubleshooting: Routing update issues, convergence issues and interface flapping.
3. debug ip spf hello: It is used to debug neighbor adjacencies.
Helpful in troubleshooting: Neighbor relationships, configuration issues and DR/BDR election problems.

SOURCE.

What can get Tricky in the CCENT exam ?

1.Subnetting , like can there be a host with all 1's
   Example : 123.14.255.48
   subnetting .net and lammle.com great sites for subnetting.

2.ACL .
            Like there is a long ACL and no permit ip any any
            at the end , which can be easily over looked.
            And the difference if ACL is applied incoming
            or outgoing.
            UDP or TCP Ports , UDP ports not to forget
            as some protocols use only UDP like SNMP
            DNS client uses UDP , if a host should not be
            allowed to resolve URL.
            DHCP server client .
            ICMP options
            port range ,gt,lt etc
            INterVLAN ACL

3.show commands ,should be perfect.
   show ip route
   show ip ospf etc etc

4.Administrative distance and Metric in show commands.

5.Advertising a loopback interface.

6.Ping and interface from same router works only when keepalives
   flow or a host is connected there.

7.TCP UDP IP Header , OSI and TCP/IP Model , Cabling.
   Difference between TCP and UDP , UDP does not use sequence numbers.

8.enable secret and enable password options.Privilege levels.

9.OSPF cost,passive interface,router id.

cost = 10^8/ BW

BW : 1.T1 or DS1 = 1.544 Mbs
   2.T3 or DS3 = 45 Mbps
   3. 10BaseT = 10Mbps
   4. 100BaseT = 100Mbps
   5. 1000BaseT = 1000Mbps

10.Switch broadcast behaviour.
   Switch redundant links and multiple switches interconnected
   and a single switch port showing multiple interfaces.

11.Allowed VLAN's , Switching modes access,trunk,dynamic desirable,
    dynamic auto,no-negotiate.

12.switchport security ,err disabled,difference : protect, restrict and shutdown

13. runts ,giants ,crc etc

14.Ports can shut down if miss match in Bandwidth or Duplex
      at either ends.

15.Even Up/Down Interfaces are used in OSPF router-id election processes.

16. IPv6 stateless autoconfiguration and insertion of FFFE in the interface
      MAC and inversion of 7th bit.OSPFv3.

17.To check local TCP/IP stack ping 127.0.0.0 or 127.255.255.255
will not work.

   127.0.0.1 to 127.255.255.254 will work.
   127.0.0.0 is Network number.
     127.255.255.254 is last host.
     This is a Network.

18.Private IP Addresses are not Routable on the Internet.
Can be a trick question.

19.Remember we can Ping only what is listed in the Routing tables.
   show ip route on the router should light up the path to the network.