Author Archives: admin

CCNA Exam Cost

Cisco Certified Network Associate (CCNA)

Certification summary:
CCNA validates the ability to install, configure, operate, and troubleshoot medium-size route and switched networks, including implementation and verification of connections to remote sites in a WAN. CCNA curriculum includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills. This new curriculum also includes (but is not limited to) the use of these protocols: IP, Enhanced Interior Gateway Routing Protocol (EIGRP), Serial Line Interface Protocol Frame Relay, Routing Information Protocol Version 2 (RIPv2),VLANs, Ethernet, access control lists (ACLs).

Initial requirements:
You must pass the CCNA exam ($250) or pass both the Interconnecting Cisco Networking Devices Part 1 exam ($125) and the Interconnecting Cisco Networking Devices Part 2 exam ($125). Training is available but not required.

CCNA Exam Cost
We get a lot of emails asking how much it costs to sit the CCNA exam. To find out how much the Cisco CCNA exam will cost in your country you can look at the Cisco price list on the Pearson VUE website. Find your country in the list and look for the correct CCNA exam code, currently 640-802.

How To Reset Your Router’s Password

You would want to connect a PC to the console port.   Power cycle the router, break the boot sequence, and modify the configuration register.

Here is a video tutorial to walk you through it:

 How To Reset Your Routers Password

Here is the link for the password recovery process from Cisco:

http://www.ciscosystems.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml

Select the model you are doing password recovery for, and it will give the exact steps.

Password recovery is an important skill for the real world.

GNS3 Configuration Guide

by Chris Bloomfield

What is GNS3 I hear you cry? Well, imho, it is the best tool on the market to practice router configuration without having an actual router in front of you. What sets it apart is that it is a Cisco IOS emulator, not one of those nasty simulators that constrain the commands that can be used. The caveat is that you will need a Cisco IOS, for example I use the 3660 Crypto IOS. I have a support contract with Cisco so I can access an IOS however if you look around enough you will be able to find a Cisco IOS for yourself.
GNS3 is actually the graphical front-end of Dynamips/Dynagen and allows you to drag-and-drop routers onto a stage, connect them up, run IOS on them, and save their configs, just as if you had your own network. It can be a little confusing to set up first of all so I will present a step-by-step guide below of how to install and configure GNS3 including a couple of advanced options which will allow you to run Cisco Security Device Manager (SDM) on your PC

Installation and Configuration
This process needs to be done only the once.
1. Download GNS3 from here and choose the installer which includes Dynamips, WinPCap and the binary version of GNS3 and install, accepting the various licence agreements etc.
2. You now need a Cisco IOS. Get one from Cisco if you have a CCO account with Support or find an IOS on Google.
3. Now open up GNS3.
Users of GNS3 version 0.5 will see the following:

 GNS3 Configuration Guide

4. Now click on Step 1.
You will see something similar to the following:

 GNS3 Configuration Guide

5. The executable path should point to the dynamips-wxp.exe in the Program Files directory. Change the Working Directory to a desired folder then click on the Test button. You should see that Dynamips has successfully started, if so click Apply then OK. If not you should double-check the Executable Path and the Working Directory:

 GNS3 Configuration Guide

6. Go back to the Setup Wizard and choose Step 2 and you should get a screen similar to below:

 GNS3 Configuration Guide

7. In the Settings section you need to point to the IOS image you copied in Step 2 and select the platform and model, then click on Save. The value of the IDLE PC section will be blank and leave blank for now. Now click on Close. Click on OK to close the Setup Wizard.
8. On the main screen drag a router onto the main screen then right-click on it, select Start and wait for the IOS to start and then right-click and select Console. You should now get a DOS screen open up with a telnet session for the router. NOTE: The length of time you have to wait for this to start depends on the speed and memory of your PC.

 GNS3 Configuration Guide

9. Say “No” to initial configuration dialog until you get to the Router> prompt. Now type enable to go into Enable mode.
10. Go back to the GNS3 session KEEPING THE CONSOLE SESSION OPEN.
11. Type idlepc get your-router-name for example idlepc get R0 and wait for some idlepc values to be displayed. Make a note of these values and click Cancel.

 GNS3 Configuration Guide

12. By default Dynamips will take up 100% of your CPU usage and you need to specify an idlepc value to get that changed. Close down the console session and open up Task Manager on your PC (usually CTRL-ALT-DELETE) then go to the Performance tab.

 GNS3 Configuration Guide

13. Go to Edit–>IOS Images and Hypervisors and select the IOS you identified in Step 4 then click on Edit. Enter the first idlepc value you wrote down from Step 12 then click on Save then Close.
14. Start the IOS again as you did in Step 8 then console to the router. View the CPU utilisation in Task Manager and see if it falls below 5%. If it stays at 100% then go back to step 14 and change the idlepc value to the next one in the list. Repeat this until you get an idlepc value that has the CPU utilisation at around 5% or less.
You have now successfully installed and configured GNS3.

Configuring a Serial Interface on a Router
By default the 3660 image that I use comes with 2 FastEthernet interfaces. In order to simulate WAN links you need to add serial interfaces to the router as outlined below.
1. Right-click on your router, choose Configure, then click on your router name.
2. Click on the slots tab and change slot 1 (or any other slot other than slot 0) to NM-4T. This will provide you with 4 serial interfaces. NOTE THAT THE SLOT NAME MAY BE DIFFERENT DEPENDING ON WHICH IOS YOU USE.

 GNS3 Configuration Guide

3. Click on Apply then OK.
Adding a switch module to your router
Follow the same steps as you did for configuring a serial interface but choose the NM-16ESW module from the drop-down list.
Connecting two or more routers
You will come to the point where configuring just one router is not sufficient such as when you want to run a routing protocol. The following guidelines show you how to connect routers together.
1. Drag two or more routers onto the stage and configure their slots if required. Display their hostnames by pressing the ABC button on the toolbar if they are not already displayed.

 GNS3 Configuration Guide

This is a personal preference and allows you to track which router is which.
2. Now click on the interface button on the toolbar and select Manual.

 GNS3 Configuration Guide

The interface button changes to a red cross.

 GNS3 Configuration Guide

Now left-click on a router and select an interface which you want a cable connected to. Now click the router to which you want to connect to and select the interface on that router for the other end of the link. You should now see the link has been drawn. Once you have finished configuring the interfaces click the interface button (red cross) to get out of interface configuration mode (the icon will revert to the telephone jack symbol). The picture below shows three routers with a FastEthernet connection and the other with a Serial link (zig-zag line).

 GNS3 Configuration Guide

3. Notice that each link has got a red dot on it. When you start the IOS each dot should turn to green which denotes that each router has successfully started the IOS.
Saving your configuration
After all your hard work on the command line you will probably want to save your configuration and reuse it on another day. Follow the steps below to save your work:
1. Go to File–>Save As and save your topology where you want as a .net file. When it comes to reusing this topology just double-click on the .net file to open it up in GNS3.
2. On each router save your config using copy run start
3. Back in GNS3 type save /all in the bottom half of the screen to save all of the configs into the .net file. If you want to save the config of only one router you can replace the keyword all with the name of the router you wish to save the config of. You can also extract the configs by clicking on the "Extract all start-up configs" button on the toolbar.

 GNS3 Configuration Guide

Configuring a host in the network (Advanced)
There may be an occasion when you want to connect a host in your topology such as running Cisco’s Security Device Manager (use of this may figure in future CCNA exams). To do this you must first configure a Loopback Adapter on your PC.
1. Go to Control Panel–>Add Hardware then click Next
2. Yes I have already connected the hardware
3. Scroll to the bottom and click on Add a new hardware device then Next
4. Install the hardware that I manually select from a list (Advanced)
5. Click on Network Adapters then Next
6. Select Microsoft as the Manufacturer then on Microsoft Loopback Adapter under Network Adapter then click Next then Next again.
7. Open up Control Panel–>Network Connections to see the adapter in place.
Now that you have created a loopback adapter you will want to connect it to a router. To do this, follow these steps:
1. In the GNS3 installation directory run the Network Device List.bat file which will give you the Ethernet address of your Loopback Adapter.

 GNS3 Configuration Guide

Notice the second adapter shown where description is MS Loopback Driver. I have renamed the adapter as Loopback Adapter for SDM. We are interested in the NIO_gen_eth string.
2. Go into GNS3 and drag a cloud onto the stage.
3. Right-click the cloud and select configure.
4. Choose your cloud from the list.
5. In the Generic Ethernet NIO section select your Loopback Adapter from the drop-down list (the one that matches what is shown in Step 1) and click on Add, Apply, the OK.

 GNS3 Configuration Guide

6. Now connect a FastEthernet port on your router to the cloud as you would connect two routers.
7. Configure an IP address and subnet mask on the router interface connected to the cloud and bring the interface up.
8. Go to Control Panel–>Network Connections and right-click your adapter. Choose Properties then Internet Protocol (TCP/IP) and give it an IP address in the same subnet as the router’s FastEthernet interface with the same subnet mask and with a default gateway matching the IP address of the router’s interface.
Example:
Router’s FastEthernet 0/0 interface connected to the cloud:
On the router I would have something like:
Router(config)#int fa0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shut
On the PC I would have something like:
IP address = 192.168.1.2
Subnet Mask = 255.255.255.0
Default Gateway = 192.168.1.1
You should now be able to ping between your PC and the router

Running SDM (Advanced)
There may be a need to practice using the Cisco Security Device Manager (SDM) for your exam and the following steps show you how to configure it.
1. Download and install SDM from the www.cisco.com or from a share on the web.
2. Choose to only install SDM to your PC, NOT to the router.
3. Now configure your router with a hostname and a domain name in order for SSH to work:
Router#conf t
Router(config)#hostname SDMRouter
SDMRouter(config)#ip domain-name SDMDomain
4. Now configure your router with the following commands:
SDMRouter(config)#username your_username privilege 15 secret 5
SDMRouter(config)#ip http server
SDMRouter(config)#ip http secure-server
SDMRouter(config)#ip http authentication local
SDMRouter(config)#line vty 0 4
SDMRouter(config-line)#login local
SDMRouter(config-line)#transport input telnet ssh
SDMRouter(config-line)#privilege level 15
SDMRouter(config-line)#line cons 0
SDMRouter(config-line)#login local
SDMRouter(config-line)#transport input telnet ssh
SDMRouter(config-line)#privilege level 15
SDMRouter(config-line)#exit
SDMRouter(config)#crypto key generate rsa gen mod 1024
5. Now double-click the SDM icon and enter the IP address of the router and tick the box asking about HTTPS then click on Launch.

 GNS3 Configuration Guide

6. Ensure you allow popups on your browser.
7. Enter username and password as defined after step 3.
8. Say yes to allow SDM to install.
You should now have a screen similar to the one below although this may be because I used a username and password of “cisco” which are the default.

 GNS3 Configuration Guide

9. Select a new username and password for the router then click OK. You should see the screen below then click OK.

 GNS3 Configuration Guide

10. You should now be in SDM and able to configure the router.

 GNS3 Configuration Guide

Additional IPv6 Features

Streamlined IPv6 Header
The IPv6 header has a new format that is designed to keep header overhead to a minimum. This format is achieved by moving both nonessential fields and option fields to extension headers that are placed after the IPv6 header. The streamlined IPv6 header provides more efficient processing at intermediate routers.

Stateless and Stateful Configuration
IPv6 supports both stateful and stateless address configurations. IPv6 will work with or without a DHCP server. With stateless address configuration, hosts on a link automatically configure themselves with IPv6 addresses for the link (called link-local addresses) and with addresses derived from prefixes advertised by local routers. Even in the absence of a router, hosts on the same link can automatically configure themselves with link-local addresses and communicate without manual configuration.

Built-in Security
Support for IPSec is an IPv6 protocol suite requirement. This requirement provides a standards-based solution for network security and promotes interoperability between different IPv6 implementations.

Better Support for QoS
New fields in the IPv6 header define how traffic is handled and identified. Traffic identification using a flow label field in the IPv6 header allows routers to identify and provide special handling for packets belonging to a flow, which is a series of packets between a source and destination. Because the traffic is identified in the IPv6 header, support for QoS can be achieved even when the packet payload is encrypted through IPSec.

Real-Time Performance
IPv6 offers a packet prioritization feature that provides the real-time and near real-time applications an improved response time. Consequently, IPv6 will become the protocol of choice for those applications.

Difference Between VLSM and CIDR

VLSM – Variable Length Subnet Masking. Several new methods of addressing were created so that usage of IP space was more efficient. The first of these methods is called Variable-Length Subnet Masking (VLSM). Subnetting had long been a way to better utilize address space. Subnets divide a single network into smaller pieces. This is done by taking bits from the host portion of the address to use in the creation of a “sub” network. For example, take the class B network 147.208.0.0. The default network mask is 255.255.0.0, and the last two octets contain the host portion of the address. To use this address space more efficiently, we could take all eight bits of the third octet for the subnet.

One drawback of subnetting is that once the subnet mask has been chosen, the number of hosts on each subnet is fixed. This makes it hard for network administrators to assign IP space based on the actual number of hosts needed. For example, assume that a company has been assigned 147.208.0.0 and has decided to subnet this by using eight bits from the host portion of the address. Assume that the address allocation policy is to assign one subnet per department in an organization. This means that 254 addresses are assigned to each department. Now, if one department only has 20 servers, then 234 addresses are wasted.

Using variable-length subnet masks (VLSM) improves on subnet masking. VLSM is similar to traditional fixed-length subnet masking in that it also allows a network to be subdivided into smaller pieces. The major difference between the two is that VLSM allows different subnets to have subnet masks of different lengths. For the example above, a department with 20 servers can be allocated a subnet mask of 27 bits. This allows the subnet to have up to 30 usable hosts on it.

CIDR – Classless Inter-Domain Routing. CIDR is also called supernetting. It’s an IP addressing scheme that replaces the older system based on classes A, B, and C. With CIDR, a single IP address can be used to designate many unique IP addresses. A CIDR IP address looks like a normal IP address except that it ends with a slash followed by a number, called the IP prefix. For example: 172.200.0.0/16

The IP prefix specifies how many addresses are covered by the CIDR address, with lower numbers covering more addresses. An IP prefix of /12, for example, can be used to address 1,048,576 former Class C addresses.

CIDR addresses reduce the size of routing tables and make more IP addresses available within organizations.

Comparing CIDR to VLSM
CIDR and VLSM both allow a portion of the IP address space to be recursively divided into subsequently smaller pieces. The difference is that with VLSM, the recursion is performed on the address space previously assigned to an organization and is invisible to the global Internet. CIDR, on the other hand, permits the recursive allocation of an address block by an Internet Registry to a high-level ISP, a mid-level ISP, a low-level ISP, and a private organization’s network.

Difference between Classful and Classless Routing

Classful

* Classful routing protocols strictly follow the subnet masks i-e. for Class A (8-bit prefix or /8), B (16-bit prefix or /16), and C (24-bit prefix or /24).
* Do not carry subnet mask information on their routing updates. This makes them unsuitable for hierarchical addressing that require Variable Length Subnet Mask (VLSM) and discontiguous network.
* All devices in the network must use the same subnet mask therefore when running a classful routing protocol on a network, make sure you use the same subnet mask everywhere. Otherwise, routing black holes can occur.
* RIP v1 and IGRP are classful routing protocols.

Classless

* Classless routing protocols do carry subnet mask information on their routing updates.
* Allow summarization of routes into smaller, more manageable groups.
* Classless routing is also known as supernetting or Classless Inter-Domain Routing (CIDR).
* Classless routing protocols extend the standard Class A, B, or C IP addressing scheme by using a subnet mask or mask length to indicate how routers must interpret an IP network ID.
* Classless routing protocols include the subnet mask along with the IP address when advertising routing information. Subnet masks representing the network ID are not restricted to those defined by the address classes, but can contain a variable number of high-order bits. Such subnet mask flexibility enables you to group several networks as a single entry in a routing table, significantly reducing routing overhead.
* Classless routing protocols includes RIP v2 and OSPF, Border Gateway Protocol version 4 (BGP4) and Intermediate System to Intermediate System (IS-IS).

Subnet Cheat Sheet

 

 Subnet Cheat Sheet

How bridge group is differentiated from vlan

Bridge groups provide a method to group two or more ports into a single broadcast domain, where as VLAN provide a method to group many ports into a single broadcast domain or establish a number of broadcast domains (or secure groups) on a single switch.

Bridge groups operate at layer 2. So they are not very effective at connecting layer 3 switches and routers. If you want to connect 2 ports of a layer 2 switch with 2 Ethernet interfaces of a router you can do that but the Ethernet interfaces on the router no longer operate as routed interfaces.

Refer to Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature for more information

The bridge-group command is used to configure a Cisco device to bridge traffic between two interfaces. For example, you wanted to join two LANs – connected via a router and a serial link between them – together, you would configure the LAN and WAN interface on each router to be part of the same bridge-group. This will create a bridge between the two LANs and Ethernet packets from one LAN will be visible on the other. If you put bridge-group on both interfaces then they become part of a single broadcast domain.

LAN 1—-> [Router 1] —-> [Router 2] –>LAN 2

On Router1:

int fa0
bridge-group 1

int s0
bridge-group 1

bridge 1 protocol ieee

On Router 2:

int s0
bridge-group 1

int fa0
bridge-group 1

bridge 1 protocol ieee

Refer to Configuring Transparent Bridging for more information.

Executing "show" Commands in Global Configuration Mode – EXEC Commands in Configuration Mode

In Cisco IOS, EXEC mode commands cannot be run from the Global Configuration mode or in any other configuration mode. This means, everytime an admin makes a change from the configuration mode (Global Config) then you have to “end” or “Ctrl+Z” back to the EXEC mode and run the EXEC commands like “show”, “clear” and “debug” commands.With the “do” command thats a thing of the past. The “do” command can be used to run any EXEC commands from within Global Configuration mode or any other Configuration mode without having to end the config mode.

For example:
Router(config)#do show running-config

20 Subnetting Questions and Answers from subnettingquestions.com

Question 1: What is the first valid host on the subnetwork that the node 172.20.182.215 255.255.255.128 belongs to?

Answer: 172.20.182.129

Question 2: Which subnet does host 172.21.112.211/23 belong to?

172.21.112.0

Question 3: What is the first valid host on the subnetwork that the node 10.245.110.177/20 belongs to?

Answer: 10.245.96.1


Question 4: What is the broadcast address of the network 172.16.144.0 255.255.248.0?

Answer: 172.16.151.255

Question 5: Which subnet does host 192.168.210.125/30 belong to?

Answer: 192.168.210.124

Question 6: Which subnet does host 172.27.239.230 255.255.240.0 belong to?

Answer: 172.27.224.0

Question 7: Which subnet does host 172.27.161.115 255.255.255.240 belong to?

Answer: 172.27.161.112

Question 8: What valid host range is the IP address 172.25.155.112 255.255.255.0 a part of?

Answer: 172.25.155.1 through to 172.25.155.254

Question 9: Which subnet does host 172.23.210.182/21 belong to?

Answer: 172.23.208.0

Question 10: What is the last valid host on the subnetwork 10.5.208.0/20?

Answer: 10.5.223.254

Question 11: What is the first valid host on the subnetwork that the node 192.168.253.130/28 belongs to?

Answer: 192.168.253.129

Question 12: You are designing a subnet mask for the 172.24.0.0 network. You want 70 subnets with up to 300 hosts on each subnet. What subnet mask should you use?

Answer: 255.255.254.0

Question 13: What is the first valid host on the subnetwork that the node 172.25.118.106 255.255.255.0 belongs to?

Answer: 172.25.118.1

Question 14: Which subnet does host 172.26.32.39/25 belong to?

Answer: 172.26.32.0

Question 15: What is the broadcast address of the network 192.168.202.112 255.255.255.248?

Answer: 192.168.202.119

Question 16: What is the broadcast address of the network 172.25.100.0 255.255.255.0?

Answer: 172.25.100.255

Question 17: What is the last valid host on the subnetwork 172.19.222.112 255.255.255.240?

Answer: 172.19.222.126

Question 18: How many subnets and hosts per subnet can you get from the network 172.26.0.0 255.255.255.128?

Answer: 512 subnets and 126 hosts

Question 19: What is the first valid host on the subnetwork that the node 192.168.51.193/26 belongs to?

Answer: 192.168.51.193

Question 20: What is the first valid host on the subnetwork that the node 172.30.181.215/23 belongs to?

Answer: 172.30.180.1

Page 1 of 512345