February 22, 2009 at 4:58 pm · Filed under Uncategorized

Cisco Firewall Specifications
ASA 5505 ASA 5510 ASA 5520 ASA 5540 ASA 5550 Catalyst 6500 FWSM
Operating System ASA 7.x, 8.x ASA 7.x, 8.x ASA 7.x, 8.x ASA 7.x, 8.x ASA 7.x, 8.x FWSM 2.x, 3.x
Memory 256 MB 256 MB 512 MB 1 GB 4 GB 1 GB
Flash (minimum) 64 MB 64 MB 64 MB 64 MB 64 GB 128 MB
Throughput 150 Mbps 300 Mbps 450 Mbps 650 Mbps 1.2 Gbps 5 Gbps
Concurrent Connections 10,000/25,000[1] 50,000/130,000[1] 280,000 400,000 600,000 1 million
Physical Interfaces Eight 10/100 switch; two Power over Ethernet (PoE) Five 10/100 Four 10/100/1000, one 10/100 Four 10/100/1000, one 10/100 Eight 10/100 plus 12 10/100 or nine GigabitEthernet 0
Logical Interfaces Three (no trunking)/20 (trunking) 50/100[1] 150 200 250 100
Failover No / Stateless Active/Standby (A/S)[1] No / Active/Active (A/A) and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S[2]
AAA and Cut-Through Proxy Yes Yes Yes Yes Yes Yes
Command-Line Interface Console, Telnet, Secure Shell (SSH) Console, Telnet, SSH Console, Telnet, SSH Console, Telnet, SSH Console, Telnet, SSH Telnet, SSH
GUI ASDM ASDM ASDM ASDM ASDM ASDM
Routing Static, RIP, EIGRP, OSPF Static, RIP, EIGRP, OSPF Static, RIP, EIGRP, OSPF Static, RIP, EIGRP, OSPF Static, RIP, EIGRP, OSPF Static, RIP, OSPF
Security Contexts 0 0 / 2, 5[1] 2, 20 2, 50 2, 50 100
VPN-Capable Yes Yes Yes Yes Yes No[3]

[1] Base license/Security Plus license

[2] The FWSM supports only LAN-based failover, because it has no physical failover cable connector.

[3] The FWSM does not support any IPSec VPN features except for a 3DES tunnel that is used for management purposes.

Leave a Comment

Find information

February 12, 2009 at 12:02 pm · Filed under Uncategorized

  1. My bookmark/tag
  2. Google search for general
  3. Wikipedia for specific
  4. Safari online for more specific/detailed (need to pay?!?) content

Leave a Comment

Wide Area Networks

February 4, 2009 at 10:26 am · Filed under Uncategorized 

 test
PPP LCP Features
Function LCP Feature Description
Looped link detection Magic number Detects if the link is looped, and disables the interface, allowing rerouting over a working route.
Error detection Link Quality Monitoring (LQM) Disables an interface that exceeds an error percentage threshold, allowing rerouting over better routes.
Multilink support Multilink PPP Load-balances traffic over multiple parallel links.
Authentication PAP and CHAP Exchanges names and passwords so that each device can verify the identity of the device on the other end of the link.
Likely Reasons for Data-Link Problems on Serial Links
Line Status Protocol Status Likely Reason
Up Down (stable) on both endsor

Down (stable) on one end, flapping between up and down on the other

 Mismatched encapsulation commands
Up Down on one end, up on the other Keepalive is disabled on the end in an up state
Up Down (stable) on both ends PAP/CHAP authentication failure
Summary of Symptoms for Mismatched Subnets on Serial Links
Symptoms When IP Addresses on a Serial Link Are in Different Subnets HDLC PPP
Does a ping of the other router’s serial IP address work? No Yes
Can routing protocols exchange routes over the link? No No 
 test

Frame Relay configuration steps.

Step 1.
Configure the physical interface to use Frame Relay encapsulation (encapsulation frame-relay interface subcommand).
Step 2.
Configure an IP address on the interface or subinterface (ip address subcommand).
Step 3.
(Optional) Manually set the LMI type on each physical serial interface (frame-relay lmi-type interface subcommand).
Step 4.
(Optional) Change from the default encapsulation of cisco to ietf by doing the following:

a. For all VCs on the interface, add the ietf keyword to the encapsulation frame-relay interface subcommand.

b. For a single VC, add the ietf keyword to the frame-relay interface-dlci interface subcommand (point-to-point subinterfaces only) or to the frame-relay map command.
Step 5.
(Optional) If you aren’t using the (default) Inverse ARP to map the DLCI to the next-hop router’s IP address, define static mapping using the frame-relay map ip dlci ip-address broadcast subinterface subcommand.
Step 6.
On subinterfaces, associate one (point-to-point) or more (multipoint) DLCIs with the subinterface in one of two ways:

a. Using the frame-relay interface-dlci dlci subinterface subcommand

b. As a side effect of static mapping using the frame-relay map ip dlci ip-address broadcast subinterface subcommand 


 test

													


				

				
				Leave a Comment				


			


		
			


				
TCP/IP internetworking facts


				

				February 3, 2009 at 8:21 pm				· Filed under Uncategorized												


				

									
Fundamentals





Today’s Most Common Types of Ethernet










Common Name
Speed
Alternative Name
Name of IEEE Standard
Cable Type, Maximum Length






Ethernet
10 Mbps
10BASE-T
IEEE 802.3
Copper, 100 m




Fast Ethernet
100 Mbps
100BASE-TX
IEEE 802.3u
Copper, 100 m




Gigabit Ethernet
1000 Mbps
1000BASE-LX, 1000BASE-SX
IEEE 802.3z
Fiber, 550 m (SX) 5 km (LX)




Gigabit Ethernet
1000 Mbps
1000BASE-T
IEEE 802.3ab
100 m









LAN MAC Address Terminology and Features







LAN Addressing Term or Feature
Description






MAC
Media Access Control. 802.3 (Ethernet) defines the MAC sublayer of IEEE Ethernet.




Ethernet address, NIC address, LAN address
Other names often used instead of MAC address. These terms describe the 6-byte address of the LAN interface card.




Burned-in address
The 6-byte address assigned by the vendor making the card.




Unicast address
A term for a MAC that represents a single LAN interface.




Broadcast address
An address that means “all devices that reside on this LAN right now.” – FFFF.FFFF.FFFF




Multicast address
On Ethernet, a multicast address implies some subset of all devices currently on the Ethernet LAN. – 0100.5exx.xxxx









WAN Speed Summary







Name(s) of Line
Bit Rate






DS0
64 Kbps




DS1 (T1)
1.544 Mbps (24 DS0s, plus 8 kb/s overhead)




DS3 (T3)
44.736 Mbps (28 DS1s, plus management overhead)




E1
2.048 Mbps (32 DS0s)




E3
34.064 Mbps (16 E1s, plus management overhead)




J1 (Y1)
2.048 Mbps (32 DS0s; Japanese standard)









All Possible Valid Network Numbers (Classful, ie. no subnet zero)*










Class
First Octet Range
Valid Network Numbers*
Total Number for This Class of Network
Number of Hosts Per Network






A
1 to 126
1.0.0.0 to 126.0.0.0
27–2 (126)
224–2 (16,777,214)




B
128 to 191
128.1.0.0 to 191.254.0.0
214 (16,384)
216–2 (65,534)




C
192 to 223
192.0.1.0 to 223.255.254.0
221 (2,097,152)
28–2 (254)









All Possible Valid Network Numbers (Classless)










Class A
Class B
Class C






First Octet Range
1 to 126
128 to 191
192 to 223




Valid Network Numbers
1.0.0.0 to 126.0.0.0
128.0.0.0 to 191.255.0.0
192.0.0.0 to 223.255.255.0




Number of Networks in This Class
27 – 2
214
221




Number of Hosts Per Network
224 – 2
216 – 2
28 – 2




Size of Network Part of Address (Bytes)
1
2
3




Size of Host Part of Address (Bytes)
3
2
1









TCP/IP Transport Layer Features







Function
Description






Multiplexing using ports
Function that allows receiving hosts to choose the correct application for which the data is destined, based on the port number.




Error recovery (reliability)
Process of numbering and acknowledging data with Sequence and Acknowledgment header fields.




Flow control using windowing
Process that uses window sizes to protect buffer space and routing devices.




Connection establishment and termination
Process used to initialize port numbers and Sequence and Acknowledgment fields.




Ordered data transfer and data segmentation
Continuous stream of bytes from an upper-layer process that is “segmented” for transmission and delivered to upper-layer processes at the receiving device, with the bytes in the same order.









Popular Applications and Their Well-Known Port Numbers








Port Number
Protocol
Application






20
TCP
FTP data




21
TCP
FTP control




22
TCP
SSH




23
TCP
Telnet




25
TCP
SMTP




53
UDP, TCP
DNS




67, 68
UDP
DHCP




69
UDP
TFTP




80
TCP
HTTP (WWW)




110
TCP
POP3




161
UDP
SNMP




443
TCP
SSL




16,384–32,767
UDP
RTP-based Voice (VoIP) and Video






LAN Switching





Switch Internal Processing







Switching Method
Description






Store-and-forward
The switch fully receives all bits in the frame (store) before forwarding the frame (forward). This allows the switch to check the FCS before forwarding the frame.




Cut-through
The switch forwards the frame as soon as it can. This reduces latency but does not allow the switch to discard frames that fail the FCS check.




Fragment-free
The switch forwards the frame after receiving the first 64 bytes of the frame, thereby avoiding forwarding frames that were errored due to a collision.









Benefits of Segmenting Ethernet Devices Using Hubs, Switches, and Routers









Feature
Hub
Switch
Router






Greater cabling distances are allowed
Yes
Yes
Yes




Creates multiple collision domains
No
Yes
Yes




Increases bandwidth
No
Yes
Yes




Creates multiple broadcast domains
No
No
Yes









Common Switch Configuration Modes








Prompt
Name of Mode
Context-setting Command(s) to Reach This Mode






hostname(config)#
Global
None—first mode after configure terminal




hostname(config-line)#
Line
line console 0line vty 0 15




hostname(config-if)#
Interface
interface type number









Names and Purposes of the Two Main IOS Configuration Files








Configuration Filename
Purpose
Where It Is Stored






Startup-config
Stores the initial configuration used any time the switch reloads IOS.
NVRAM




Running-config
Stores the currently used configuration commands. This file changes dynamically when someone enters commands in configuration mode.
RAM






SSH configuration steps on a Cisco IOS-based switch:










Step 1. 




Change the vty lines to use usernames, with either locally configured usernames or an AAA server. In this case, the login local subcommand defines the use of local usernames, replacing the login subcommand in vty configuration mode.








Step 2. 




Tell the switch to accept both Telnet and SSH with the transport input telnet ssh vty subcommand. (The default is transport input telnet, omitting the ssh parameter.)








Step 3. 




Add one or more username name password pass-value global configuration commands to configure username/password pairs.








Step 4. 




Configure a DNS domain name with the ip domain-name name global configuration command.








Step 5. 




Configure the switch to generate a matched public and private key pair, as well as a shared encryption key, using the crypto key generate rsa global configuration command.








Step 6. 




Although no switch commands are required, each SSH client needs a copy of the switch’s public key before the client can connect.











Banners and Their Use







Banner
Typical Use






Message of the Day (MOTD)
Shown before the login prompt. For temporary messages that may change from time to time, such as “Router1 down for maintenance at midnight.”




Login
Shown before the login prompt but after the MOTD banner. For permanent messages such as “Unauthorized Access Prohibited.”




Exec
Shown after the login prompt. Used to supply information that should be hidden from unauthorized users.






Cisco IOS switch configuration steps for IP connectivity:










Step 1. 




Enter VLAN 1 configuration mode using the interface vlan 1 global configuration command (from any config mode).








Step 2. 




Assign an IP address and mask using the ip address ip-address mask interface subcommand.








Step 3. 




Enable the VLAN 1 interface using the no shutdown interface subcommand.








Step 4. 




Add the ip default-gateway ip-address global command to configure the default gateway.











Actions When Port Security Violation Occurs









Option on the switchport port-security violation Command
Protect
Restrict
Shut Down*






Discards offending traffic
Yes
Yes
Yes




Sends log and SNMP messages
No
Yes
Yes




Disables the interface, discarding all traffic
No
No
Yes









LAN Switch Interface Status Codes









Line Status
Protocol Status
Interface Status
Typical Root Cause






Administratively Down
Down
disabled
The interface is configured with the shutdown command.




Down
Down
notconnect
No cable; bad cable; wrong cable pinouts; the speeds are mismatched on the two connected devices; the device on the other end of the cable is powered off or the other interface is shutdown.




Up
Down
notconnect
An interface up/down state is not expected on LAN switch interfaces.




Down
down (err-disabled)
err-disabled
Port security has disabled the interface.




Up
Up
connect
The interface is working.









Interface Status Codes and Their Meanings








Name
First or Second Status Code
General Meaning






Line status
First status code
Refers to the Layer 1 status—for example, is the cable installed, is it the right/wrong cable, is the device on the other end powered on?




Protocol status
Second status code
Refers generally to the Layer 2 status. It is always down if the line status is down. If the line status is up, a protocol status of down usually is caused by mismatched data link layer configuration.









Organizations That Set or Influence WLAN Standards







Organization
Standardization Role






ITU-R
Worldwide standardization of communications that use radiated energy, particularly managing the assignment of frequencies




IEEE
Standardization of wireless LANs (802.11)




Wi-Fi Alliance
An industry consortium that encourages interoperability of products that implement WLAN standards through their Wi-Fi certified program




Federal Communications Commission (FCC)
The U.S. government agency with that regulates the usage of various communications frequencies in the U.S.









WLAN Standards









Feature
802.11a
802.11b
802.11g






Year ratified
1999
1999
2003




Maximum speed using DSSS

11 Mbps
11 Mbps




Maximum speed using OFDM
54 Mbps

54 Mbps




Frequency band
5 GHz
2.4 GHz
2.4 GHz




Channels (nonoverlapped)*
23 (12)
11 (3)
11 (3)




Speeds required by standard (Mbps)
6, 12, 24
1, 2, 5.5, 11
6, 12, 24









Different WLAN Modes and Names








Mode
Service Set Name
Description






Ad hoc
Independent Basic Service Set (IBSS)
Allows two devices to communicate directly. No AP is needed.




Infrastructure (one AP)
Basic Service Set (BSS)
A single wireless LAN created with an AP and all devices that associate with that AP.




Infrastructure (more than one AP)
Extended Service Set (ESS)
Multiple APs create one wireless LAN, allowing roaming and a larger coverage area.









FCC Unlicensed Frequency Bands of Interest








Frequency Range
Name
Sample Devices






900 KHz
Industrial, Scientific, Mechanical (ISM)
Older cordless telephones




2.4 GHz
ISM
Newer cordless phones and 802.11, 802.11b, 802.11g WLANs




5 GHz
Unlicensed National Information Infrastructure (U-NII)
Newer cordless phones and 802.11a, 802.11n WLANs









Encoding Classes and IEEE Standard WLANs







Name of Encoding Class
What It Is Used By






Frequency Hopping Spread Spectrum (FHSS)
802.11




Direct Sequence Spread Spectrum (DSSS)
802.11b




Orthogonal Frequency Division Multiplexing (OFDM)
802.11a, 802.11g









WLAN Speed and Frequency Reference










IEEE Standard
Maximum Speed (Mbps)
Other Speeds* (Mbps)
Frequency
Nonoverlapping Channels






802.11b
11 Mbps
1, 2, 5.5
2.4 GHz
3




802.11a
54 Mbps
6, 9, 12, 18, 24, 36, 48
5 GHz
12




802.11g
54 Mbps
Same as 802.11a
2.4 GHz
3









WLAN Vulnerabilities and Solutions







Vulnerability
Solution






War drivers
Strong authentication




Hackers stealing information in a WLAN
Strong encryption




Hackers gaining access to the rest of the network
Strong authentication




Employee AP installation
Intrusion Detection Systems (IDS), including Cisco SWAN




Rogue AP
Strong authentication, IDS/SWAN









WLAN Security Standards








Name
Year
Who Defined It






Wired Equivalent Privacy (WEP)
1997
IEEE




The interim Cisco solution while awaiting 802.11i
2001
Cisco, IEEE 802.1x Extensible Authentication Protocol (EAP)




Wi-Fi Protected Access (WPA)
2003
Wi-Fi Alliance




802.11i (WPA2)
2005+
IEEE









Comparisons of WLAN Security Features










Standard
Key Distribution
Device Authentication
User Authentication
Encryption






WEP
Static
Yes (weak)
None
Yes (weak)




Cisco
Dynamic
Yes
Yes (802.1x)
Yes (TKIP)




WPA
Both
Yes
Yes (802.1x)
Yes (TKIP)




802.11i (WPA2)
Both
Yes
Yes (802.1x)
Yes (AES)







 



IP Routing





IPv4 Versus IPv6








Feature
IPv4
IPv6






Size of address (bits or bytes per octet)
32 bits, 4 octets
128 bits, 16 octets




Example address
10.1.1.1
0000:0000:0000:0000:FFFF:FFFF: 0A01:0101




Same address, abbreviated

::FFFF:FFFF:0A01:0101




Number of possible addresses, ignoring reserved values
232, (roughly 4 billion)
2128, or roughly 3.4 x 1038









Routing Protocol Classes/Algorithms and Protocols that Use Them







Class/Algorithm
IGPs






Distance vector
RIP-1, RIP-2, IGRP




Link-state
OSPF, Integrated IS-IS




Balanced hybrid (also called advanced distance vector)
EIGRP









Comparing Classless and Classful Routing Protocols








Feature
Classless
Classful






Supports VLSM
Yes
No




Sends subnet mask in routing updates
Yes
No




Supports manual route summarization
Yes
No









Interior IP Routing Protocols Compared











Feature
RIP-1
RIP-2
EIGRP
OSPF
IS-IS






Classless
No
Yes
Yes
Yes
Yes




Supports VLSM
No
Yes
Yes
Yes
Yes




Sends mask in update
No
Yes
Yes
Yes
Yes




Distance vector
Yes
Yes
No1
No
No




Link-state
No
No
No1
Yes
Yes




Supports autosummarization
No
Yes
Yes
No
No




Supports manual summarization
No
Yes
Yes
Yes
Yes




Proprietary
No
No
Yes
No
No




Routing updates sent to a multicast IP address
No
Yes
Yes
Yes
N/A




Supports authentication
No
Yes
Yes
Yes
Yes




Convergence
Slow
Slow
Very fast
Fast
Fast









IOS Defaults for Administrative Distance







Route Source
Administrative Distance






Connected routes
0




Static routes
1




EIGRP
90




IGRP
100




OSPF
110




IS-IS
115




RIP (V1 and V2)
120




Unknown or unbelievable
255









Determining Whether a Question Allows the Use of the Zero and Broadcast Subnets







Clues in the Question
Subnets Reserved?






Says nothing about it (default for the exam)
No




Lists the ip subnet-zero configuration command
No




Uses a classless routing protocol (RIP-2, EIGRP, OSPF)
No




Lists the no ip subnet-zero configuration command
Yes




Uses a classful routing protocol (RIP-1)
Yes







 



WAN





Comparing Circuits and Packet Switching








Feature
Circuits
Packet Switching






Service implemented as OSI layer . . .
1
2




Point-to-point (two devices) or more
Point-to-point
Multipoint (more than two)









Interface Status Codes and Typical Meanings When a Ping Does Not Work








Line Status
Protocol Status
Likely Reason/Layer






Administratively down
Down
Interface is shut down




Down
Down
Layer 1




Up
Down
Layer 2




Up
Up
Layer 3






Steps to configure HDLC:










Step 1. 




Configure the interface IP address using the ip address interface subcommand.








Step 2. 




The following tasks are required only when the specifically listed conditions are true:




    

  1. 

    

    If an encapsulation protocol interface subcommand that lists a protocol besides HDLC already exists on the interface, use the encapsulation hdlc interface subcommand to enable HDLC.
    

    

    2. 

  2. 

    

    If the interface line status is administratively down, enable the interface using the no shutdown interface subcommand.
    

    

    3. 

  3. 

    

    If the serial link is a back-to-back serial link in a lab (or a simulator), configure the clocking rate using the clock rate speed interface subcommand, but only on the one router with the DCE cable (per the show controllers serial number command).
    

    

    4. 













Step 3. 




The following steps are always optional, and have no impact on whether the link works and passes IP traffic:




    

  1. 

    

    Configure the link’s speed using the bandwidth speed-in-kbps interface subcommand.
    

    

    2. 

  2. 

    

    For documentation purposes, configure a description of the purpose of the interface using the description text interface subcommand.
    

    

    3. 












													


				

				
				Leave a Comment				


			


		
			


				
Routing protocols


				

				February 3, 2009 at 11:29 am				· Filed under Uncategorized												


				

									
Summary of Interior Routing Protocols





Table 1. Interior IP Routing Protocols Compared











Feature
RIP-1
RIP-2
EIGRP
OSPF
IS-IS






Classless
No
Yes
Yes
Yes
Yes




Supports VLSM
No
Yes
Yes
Yes
Yes




Sends mask in update
No
Yes
Yes
Yes
Yes




Distance vector
Yes
Yes
No
No
No




Link-state
No
No
No
Yes
Yes




Supports autosummarization
Yes
Yes
Yes
No
No




Supports manual summarization
No
Yes
Yes
Yes
Yes




Proprietary
No
No
Yes
No
No




Routing updates sent to a multicast IP address
No
Yes
Yes
Yes
N/A




Supports authentication
No
Yes
Yes
Yes
Yes




Convergence
Slow
Slow
Very fast
Fast
Fast





													


				

				
				Leave a Comment				


			


		
			


				
Basic router configurations


				

				February 2, 2009 at 8:47 pm				· Filed under Uncategorized												


				

									
RIP-2 Configuration


The RIP-2 configuration process takes only the following three required steps, with the possibility that the third step might need to be repeated:








Step 1. 




Use the router rip configuration command to move into RIP configuration mode.








Step 2. 




Use the version 2 RIP subcommand to tell the router to use RIP Version 2 exclusively.














Step 3. 




Use one or more network net-number RIP subcommands to enable RIP on the correct interfaces.








Step 4. 




(Optional) As needed, disable RIP on an interface using the passive-interface type number RIP subcommand.








OSPF Configuration


OSPF configuration includes only a few required steps, but it has many optional steps. After an OSPF design has been chosen—a task that may be complex in larger IP internetworks—the configuration may be as simple as enabling OSPF on each router interface and placing that interface in the correct OSPF area.








Step 1. 




Enter OSPF configuration mode for a particular OSPF process using the router ospf process-id global command.








Step 2. 




(Optional) Configure the OSPF router ID by:



a. Configuring the router-id id-value router subcommand. 


b. Configuring an IP address on a loopback interface. 












Step 3. 




Configure one or more network ip-address wildcard-mask area area-id router subcommands, with any matched interfaces being added to the listed area.








Step 4. 




(Optional) Change the interface Hello and Dead intervals using the ip ospf hello-interval time and ip ospf dead-interval time interface subcommands.














Step 5. 




(Optional) Impact routing choices by tuning interface costs as follows:



a. Configure costs directly using the ip ospf cost value interface subcommand. 


b. Change interface bandwidths using the bandwidth value interface subcommand. 


c. Change the numerator in the formula to calculate the cost based on the interface bandwidth, using the auto-cost reference-bandwidth value router subcommand. 












Step 6. 




(Optional) Configure OSPF authentication:



a. On a per-interface basis using the ip ospf authentication interface subcommand. 


b. For all interfaces in an area using the area authentication router subcommand. 












Step 7. 




(Optional) Configure support for multiple equal-cost routes using the maximum-paths number router subcommand.








EIGRP Configuration and Verification


Basic EIGRP configuration closely resembles RIP and OSPF configuration. The router eigrp command enables EIGRP and puts the user in EIGRP configuration mode, in which one or more network commands are configured. For each interface matched by a network command, EIGRP tries to discover neighbors on that interface, and EIGRP advertises the subnet connected to the interface.








Step 1. 




Enter EIGRP configuration mode, and define the EIGRP ASN by using the router eigrp as-number global command.








Step 2. 




Configure one or more network ip-address [wildcard-mask] router subcommands. This enables EIGRP on any matched interface and causes EIGRP to advertise the connected subnet.








Step 3. 




(Optional) Change the interface Hello and hold timers using the ip hello-interval eigrp asn time and ip hold-time eigrp asn time interface subcommands.








Step 4. 




(Optional) Impact metric calculations by tuning bandwidth and delay using the bandwidth value and delay value interface subcommands.








Step 5. 




(Optional) Configure EIGRP authentication.














Step 6. 




(Optional) Configure support for multiple equal-cost routes using the maximum-paths number and variance multiplier router subcommands.







													


				

				
				Leave a Comment				


			


		
			


				
How to copy/clone a GN3 net project, including the start.configs


				

				February 2, 2009 at 4:37 pm				· Filed under Uncategorized												


				

									
    

  1. New project,
    2. 

  2. Enter in the new project file name,
    3. 

  3. Make sure the both the “Save nvram and other disk files” and “Export router configuration files” are checked,
    4. 

  4. Click on “OK”
    5. 

  5. A dialog box will pop-up to ask if you want to propagate the change to the current topology, choose “NO“, if choose “Yes”, the new net file will save to startup config file in the existing net/topology, which is not what we want.
    6. 

  6. Observe in the Dynagen console that the config files are saved to the desired folder/filenames, ie, in a new project folder.
    7. 


													


				

				
				Leave a Comment				


			


		
			


				
IP Addressing


				

				February 2, 2009 at 9:46 am				· Filed under Uncategorized												


				

									



Table 1. All Possible Valid Network Numbers[*]










Class
First Octet Range
Valid Network Numbers[*]
Total Number for This Class of Network
Number of Hosts Per Network






A
1 to 126 (0000,0001 – 0111,1110)
1.0.0.0 to 126.0.0.0
27 – 2 (126)
224 – 2 (16,777,214)




B
128 to 191 (1000,0000 – 1011,1111)
128.0.0.0 to 191.255.0.0
214 (16,384)
216 – 2 (65,534)




C
192 to 223 (1100,0000 – 1101,1111)
192.0.0.0 to 223.255.255.0
221 (2,097,152)
28 – 2 (254)








[*] The Valid Network Numbers column shows actual network numbers. Networks 0.0.0.0 (originally defined for use as a broadcast address) and 127.0.0.0 (still available for use as the loopback address) are reserved.









Table 2. RFC 1918 Private Address Space








Private IP Networks
Class of Networks
Number of Networks






10.0.0.0
A
1




172.16.0.0 through 172.31.0.0
B
16




192.168.0.0 through 192.168.255.0
C
256








Any organization can use these network numbers. However, no organization is allowed to advertise these networks using a routing protocol on the Internet.






Magic numbers …..




2(7), 128, 128                                                               1000.0000


2(6), 64, 192                                                                 1100.0000


2(5), 32, 224                                                                 1110.0000


2(4), 16, 240                                                                 1111.0000


—–


2(3), 8, 248                                                                   1111.1000


2(2), 4, 252                                                                   1111.1100


2(1), 2, 254                                                                   1111.1110


2(0), 1, 255                                                                   1111.1111







Table 3. When to Use Which Formula for the Number of Subnets







Use the 2s – 2 formula, and avoid the zero and broadcast subnet, if…
Use the 2s formula, and use the zero and broadcast subnet, if…






Classful routing protocol
Classless routing protocol




RIP Version 1 or IGRP as the routing protocol
RIP Version 2, EIGRP, or OSPF as the routing protocol




The no ip subnet zero command is configured
The ip subnet zero command is configured or omitted (default)





VLSM is used





No other clues provided








If a question simply does not give any clues as to whether to allow these two special subnets or not, assume you can use these subnets, and use the 2s formula.




To find the subnet number (and broadcast) ‘s value for the interesting octet:




a. Calculate the magic number by subtracting the subnet mask’s interesting octet value from 256. 


b. Calculate the multiples of the magic number, starting at 0, up through 256. 


c. Write down the interesting octet’s value, calculated as follows: find the multiple of the magic number that is closest to, but not greater than, the IP address‘s interesting octet value. 




d. Find the broadcast value for the interesting octet by adding the subnet number’s value in the interesting octet to the magic number, and subtract 1.










													


				

				
				Leave a Comment				


			


		
			


				
OSI 7 layers


				

				January 29, 2009 at 10:23 am				· Filed under Uncategorized												


				

									
All People Seem To Need Data Processing


Application, Presentation, Session, Transport, Network, Data link, Physical


or in reverse order: Please Do Not Tell Sales Person Anything

													


				

				
				Leave a Comment				


			


		
			


				
Linux From Scratch, LFS


				

				January 27, 2009 at 11:17 pm				· Filed under Uncategorized												


				

									
Just went through the whole process of  LFS 6.3 book using its LiveCD on VMware workstation 6.5. This is an educational and useful exercise with many advantages for doing so, including:


    

  • deep understanding of the linux kernel, how it is built, the related core files, processes and utils
    • 

  • having the source around and be ready to modify and recompile to whatever change I desire to for debugging and understanding (again) helps a lot in understanding the theory of operation of linux
    • 

  • the packages, comprised of C and h include files, are perfect way to brush up on C, linux (unix) is written in C
    • 

  • likewise, the configure, Makefile files are good way to brush up on make, automake and autoconf processes
    • 

  • deep understanding of glibc, binutils, gcc, sysvinit, grub and linux boot processes …
    • 



A few useful reminder links, starting wit the LFS main site (from which the various extensions spawn):



One not obvious point (at least for me at first), for each package, it is assumed that the package is untar/uncompressed and that you have cd’ed into the package directory.


What next?


Choose some vital packages like ssh from BLFS to install to make it a usable/friendly linux system. Another direction is to go up the LAMP stack, with Linux from scratch, why not, Apache from scratch, MySQL from scratch and, Python, PHP from scratch. Perl is already built during the LFS. That shows how critical Perl is to the core Linux system.

													


				

				
				Leave a Comment				


			


		
		Older Posts »
	

















	

	

			
	

		Follow
		

			
					

		
			

			
Get every new post delivered to your Inbox.