CISCO IOS ADVANCED ( FILE MANAGEMENT,CDP AND GLOBAL COMMANDS)

1) LOCATION FOR IOS IMAGE :

1) FLASH ( default location)
2)TFTP server
3)ROM ( used when no other source is found )

Boot process of a router :

When you turn on the router ,POST ( Power-On Self Test) checks the router's hardware,if the system is OK,LED is on.The router checks the configuration register and finds out the location from where IOS image can be loaded.

0*2102 setting means it uses the information from start-up config file to locate the IOS image.If start-up config file is missing it checks 3 locations to locate IOS image.

1) FLASH ( Default Location)
2) TFTP server
3) ROM ( used when no other source is found )

NOTE : configuration file is loaded from

1) NVRAM ( start-up configuration file)
2)TFTP Server

The router loads configuration file into RAM which configures the router.
If configuration file is not found ,router starts setup mode.

In conclusion:
configuration file ( from NVRAM ,TFTP server) to RAM and if it is missing router starts set-up mode
start-up config file information gives IOS image location and if it is missing it checks

1) FLASH ( Default Location)
2) TFTP server
3) ROM ( if no other source is found )

2) WHY NETWORK ADMINISTRATOR WOULD USE CDP ?

CDP (CISCO DISCOVERY PROTOCOL) is used to find out
1) protocol of neighboring devices
2) platform used
3) interface used

CDP (CISCO DISCOVERY PROTOCOL) is
1) an intermediate media protocol
2) runs on all cisco devices like routers,bridges,switches etc.
3) works on layer 2

NOTE : multicast advertise is sent to 01-00-0 c-cc-cc-cc as destination address in every 60 seconds.
on every 180 seconds hold time,if neighboring devices advertise is not received,then the information of neighboring devices will be cleared.

So,network administrator would use CDP :
1) to verify layer 2 connectivity of two devices when layer 3 fails
2) to identify the ip address of connected devices ( to telnet)

commands used are :
show cdp neighbor
show cdp neighbor details

3)WHAT HAPPENS WHEN CHANGING CONFIGURATION REGISTER TO 0*2142 ?

0*2142 setting ignores  NVRAM configuration entries and router will prompt to enter the initial configuration mode.

4) Quality of Service (QoS) prioritize the traffic and more important traffic passes first. Debug command is used to show the effect on real time.

5) COMMAND USED TO DEBUG A PING COMMAND
debug ip icmp

6) COMMAND USED TO DISPLAY CPU UTILIZATION

show process ( or " show processes" in full )
The output of this command gives lots of information about each processes.        

7)  COMMAND USED TO REVEAL THE LAST COMMAND METHOD USED TO POWER-CYCLE A ROUTER

show version

8)TERMINAL MONITOR

By default CISCO IOS doesn't send log messages to a terminal session over IP like Telnet,SSH.To display the debug command output and error messages ,the command " terminal monitor " is used.

but console connection do have logging feature enabled.

In short,CISCO IOS have no logging feature and the command " terminal monitor " is used.to display
and console connection have logging feature enabled.

9)

In above figure, core and core2, are both catalyst 2950s and the addressing scheme is as 

Router Ethernet port - 1st usable address

core-second usable address 

core2 -third usable address

The commands used at core2 so that it can be managed remotely from any subnet on the network are  

core2 (config)# interface vlan 1

core2 (config-if)# ip address 192.168.1.11 255.255.255.248

core2(config)# line vty 0 4

core2(config-line)# password cisco

core2(config)# ip default-gateway 192.168.1.9

10) BACKING UP AN IOS IMAGE TO TFTP SERVER

In order to back up IOS image to TFTP server,the first step is to make sure it is reachable to router,second step is to check it has adequate space to load IOS image and third step is to verify file naming and path requirements.

11) TRACEROUTE COMMAND

traceroute command shows the path a packet will take to reach to the destination address.

12) 

In above figure,there are only 2 cisco devices and the serial network between 2 devices has the mask of 255.255.255.252.Given the output the following statements are true 

1) The London router is a cisco 2310

2) The Manchester serial address is 10.1.1.1

3)  The CDP information was received on port Serial0/0 of the Manchester Router.

13) ROMMON MODE

If the cisco router boots in rommon mode it means,

the configuration register  is set to xxx0(the boot field-4th bit -0)

The router is unable to locate IOS image ( use " dir flash " to find out IOS in flash and try to boot that flash with "boot flash:<IOS image>")

If the IOS image is corrupted,copy it from TFTP server ( use "tftpdnld" )

14) 

In above output it is seen that administrator erased the flash before copying by pressing enter.

For not enough space availabe system delivers error message like 

%Error copying tftp://192.168.2.167/c1600-k8sy-mz.123-16a.bin (Not enough space on device)

15) 

In above it is seen that configuration register is 0*2102 ,this means it try to load IOS image from flash first,but line System image file is "tftp://172.16.1.129/hampton/nitro/c7200-j-mz" tells us that IOS image is loaded from tftp server because it couldn't load IOS image from flash.

16) COMMANDS USED TO DETERMINE A CISCO ROUTER CHASSIS SERIAL NUMBER 

1) show inventory

2) show diag

17) COMMAND USED TO MANAGE MEMORY BY DISPLAYING FLASH MEMORY AND NVRAM UTILIZATION

1) show file systems

18) 

This means SSH protocol is used via the virtual terminal ports.

19) COMMAND TO PERMIT SSH AND TELNET ACCESS TO A CATALYST

1) transport input all

20) 

The network administrator run show cdp neighbors at R2 then entries from R1 and SW-B are displayed.

21) 

User exec mode is limited to basic monitoring command

privileged exec mode provides access to all other router commands

commands in global configuration mode affect the entire system

commands in specific configuration mode affect the interfaces/processes only

set up mode is for interactive configuration dialog

ROUTING

Routing - Initial Routing Configurartion

CISCO -800 SERIES ( CIS 851/857 )

good for lab purpose
small office use
home use
wireless
supports VPN connection
routing
has built in switch

CISCO 2800 SERIES ( examples : CIS 3800 ,CIS 7000)

Good for medium to large business network
all run on same IOS
faster and efficient

Main Interfaces

Usb port - to put encryption key or to plug in the usb key for flash and IOS images purposes etc.
Fast Ethernet - to connect Lan ,Internet like different networks

T1 Interfaces - for bigger network,to connect private Wan,Internet or other private networks etc.
WIC card - eg WIC 1T- has serial ports for networking to connect different networks,serial interface
Switch Interfaces - switch ports to connect PC's

Router Boot and Initial Configuration :

commands :

enable
disable
configure terminal
ctrl z
interface
setup
ip routing
no ip routing
?
co?
configure ?
show

Configuration Files

configure terminal
show running-config
show start-up config
copy start-up config running config
copy running-config start-up config
erase starup-config
copy tftp running-config
copy running-config tftp

Ip address configuation

enable Password
configure terminal
interface ethernet 0/1
ip address 192.168.10.1 255.255.255.0
ctrl z

Routing protocol configuration

enable
configure terminal
router rip
network 192.168.10.1
no router rip

Other useful command

specify a RIP version

ip rip send version 1
ip rip send version 2
ip rip send version 1 2

ip rip receive version 1
ip rip receive version 2
ip rip receive version 1 2

Enable or disable split horizon

ip split horizon
no ip split horizon

Open Shortest Path First (OSPF)

enable
configure terminal
router ospf process-id
show process
network 192.168.1.0 255.255.255.0 area 0.0.0.0
no router ospf

Other Useful commands

ip ospf cost cost
ip ospf retransmit-interval seconds
ip ospf transmit-delay seconds
ip ospf priority number
ip ospf hello-interval seconds
ip ospf dead-interval seconds
ip ospf authentication-key password

Interior Gateway Routing Protocol

router igrp autonomus system
network network_number

Disable holddown
no metric holddown

Enforce a Maximum Network Diameter
metric maximum-hops hops

To turn off IGRP

no router igrp

Broadway Gateway Protocol (BGP)

Enable BGP routing

router bgp autonomous system
network network number mask mask number route-map route-map-name

Configure BGP neighbours
neighbour (ip address/peer-group-name) remote-as (number)

Reset BGP connections
clear ip bgp
clear ip bgp*

To Turn Off BGP
no router bgp

SDM and DHCP Server Configuration

What is SDM?

Security Device Manager
GUI to configure and manage your router,monitor your router ,see the traffic etc
Web based -java application
works on all mainline CISCO routers
It is designed to allow IOS configuration without extensive knowledge

Configuring your router to support SDM

software download : www.cisco.com/go/sdm
get the username and password by registering with CISCO and you can install SDM on your PC or router or in both.The disadvantage of installing software on router or both pc and router is that you waste the flash memory of a router and make your router slow.

5 Steps

Generate encryption keys that are used for SSH and HTTPS
Turn on HTTP/HTTPS servers on your router
Create a privilege level 15 user account
Configure your VTY ports for user privilege level and to use the local area database
Install Java on your PC and access the router using a web browser

Commands

crypto key generate rsa general-keys
ip http server
ip http secure-server
ip http authentication local
username <username >privilege 15 password <password>
line vty 0 4
privilege level 15
login local
transpot input telnet
transport input telnet ssh
exit
logging buffered 51200 warning

open SDM launcher
enter ip address or hostname
check https enable option

DHCP server configuration

Dynamic host configuration protocol
automated way of giving ip addresses to your devices on a local area network

To assign ip addres manually :
network - properties- manage network connections-choose device- properties-ipv4-properties-choose ip address.
Thats easy for 1 pc but imagine doing manually for 100 pcs ,so we need DHCP

Automatic way : DHCP
handled out from server,router or anywhere where DHCP server is installed
DHCP ip addresses are given for a period of time for 4 days ,8 days,5 hours etc.
So DHCP let the devices burrow the ip address as long as they are active and then devices return them back.

You can go to the DHCP server (say router ) and manually allocate ip address for your server that means you don't want your server's ip address to be changed so you can go to DHCP server and ask it to set ip address (say 192.168.1.100) when you see the device with mac address 00AA.1122.3384.That way your server ip address remains the same.

DHCP server could be router based and windows based with GUI.
Router based DHCP is more stable and windows based DHCP is beneficial as it has GUI feature.

DHCP process that the client go through to get an ip address

DHCP broadcast (hello anybody,i need an ip address)
DHCP offer ( here is an ip 192.168.1.50 for you)
DHCP request ( ok ,great )
DHCP ACK (UNICAST) ( ok good i assign you ip 192.168.1.50)

SDM (GUI)
Configure - additional tasks -DHCP - DHCP Pool -
assign DHCP pool name,pool network,subnet mask-
user defined
starting ip - 192.168.1.20 - ending ip 192.168.1.100 ,days 3
DNS server - 4.2.2.2 ( or whatever internet service provider has given you)
Domain name - home.local
Default gateway - 192.168.1.1
note : cmd - ping win2003-it will automatically add on domain name (home.local)

check - import all DHCP options into the DHCP Server database.
what it does ?

It automatically import ip address,DNS Server,Win Server,Domain name etc ( that has been given from your internet service provider) and assign all of these to clients.

Command
To see the command generated by GUI you can go to edit-preferences-(check) preview commands before generating to router.

commands generated in this case are

ip dhcp pool LAN-addresses
network 192.168.1.0 255.255.255.0
domain-name home.local
dns-server 4.2.2.2
default router 192.168.1.1
import all
lease 3
exit
ip dhcp excluded-address 192.168.1.1 192.168.1.19
ip dhcp excluded-address 192.168.1.101 192.168.1.254

Finally save in SDM i.e. copy running-config start-up config

further command for learning
ipconfig /renew - get a new ip address for any interfaces that are set up for DHCP
show clock - show you the time
show ip dhcp binding

Thats how you configure the DHCP

Next Topic : Implementing Static Routing

Till now routers are configured,telnet,ip address SDM set up now we need to real routing.
The purpose of routers is to stop broadcast and help sending the packets from one network to another.Till now they only know the network they are connected to.
Routing table is list of networks that the router knows how to reach.

Before this lets understand how we do we setup connection and assign ip address in lab

Continue with configuration dialog? [yes/no]: no

Press RETURN to get started!

Router>enable

Router#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#hostname Router0

Router0(config)#enable secret cisco

Router0(config)#line console 0

Router0(config-line)#password cisco

Router0(config-line)#line vty 0 4

Router0(config-line)#password cisco

Router0(config-line)#login

Router0(config-line)#exit

Router0(config)#interface fastethernet0/0

Router0(config-if)#ip address 192.168.1.1 255.255.255.0

Router0(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router0(config-if)#

Router0(config-if)#exit

Router0(config)#interface fastethernet0/1

Router0(config-if)#ip address 192.168.2.1 255.255.255.0

Router0(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Router0(config-if)#exit

Router0(config)#exit 

Router0#

%SYS-5-CONFIG_I: Configured from console by console

Router0#show running-config

Building configuration...

Current configuration : 582 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router0

!

!

!

enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

!

!

!

!

spanning-tree mode pvst

!

!

!

!

interface FastEthernet0/0

 ip address 192.168.1.1 255.255.255.0

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 192.168.2.1 255.255.255.0

 duplex auto

 speed auto

!

interface Vlan1

 no ip address

 shutdown

!

ip classless

!

!

!

!

line con 0

 password cisco

line vty 0 4

 password cisco

 login

!

!

!

end

Router0#

Router0#

Router0#

Router0#

Router0#

Router0#copy running-config startup-config

Destination filename [startup-config]? 

Building configuration...

[OK]

Router0#

Now after we set up the router,lets set the ip address,subnet mask and default gateway for pc0 and pc1 

Double click pc0 and go to desktop and then ip configuration and set the configuration as follows :

For pc0 

ip address : 192.168.1.2

subnet mask : 255.255.255.0

default gateway : 192.168.1.1

For pc 1

ip address : 192.168.2.2

subnet mask : 255.255.255.0

default gateway :192.168.2.1

Now you should be able to ping from pc0 to pc1 to check this open command prompt of pc0 and 

ping  192.168.2.2 this should work.

To see this in GUI mode: click the simulation tab on your left hand side of packet tracer.Then click edit filter and uncheck show all and check only ICMP.

put the yellow envelop on pc0 and pc1 and click autocapture/play.This will show you the packet routing in GUI.

Ok ,now lets go back to the previous topic :  Implementing Static Routing

PC3 192.168.1.0 network

router2-router3 192.168.2.0 network

PC4-192.168.3.0 network

Now draw this network in packet tracer

Now in this network,the router only know the network that it is directly connected to and don't know how to reach to the network that is connected via another router.To facilitate communication between both PC's here, both routers should know the network that it is not directly connected to.

that means we should tell 192.168.1.0/24 router to go to the network 192.168.3.0/24 via default gateway network 192.168.2.0.

commands:

ip route 192.168.3.0 255.255.255.0 192.168.2.2

(this means to get to the network 192.168.3.0 255.255.255.0 the router1 should use default gateway 192.168.2.2)

similarly on router2

ip route 192.168.1.0 255.255.255.0 192.168.2.1

(this means to get to the network 192.168.1.0 255.255.255.0 the router2 should use default gateway 192.168.2.1) 

This way both way communication is enabled.

show ip route (in previledge mode) shows all the networks that the router knows.

In figure below

Default route: Routers have default route to reach the internet network.Though router is directly connected to ISP ( lets say : 68.110.117.97) it only knows the network but it can't reach network.To make it work, you need to type a command 

ip route 0.0.0.0 0.0.0.0 68.110.117.97 

The command says reach any ip with any subnet mask via network 68.110.117.97

and you need to do this extra step to make it work.

Now you will be able to ping to the 4.2.2.2 or 72.14.207.99 (www.google.com)

To ping www.yahoo.com, www.apple.com directly. you should use type a command 

ip name-server 4.2.2.2 ( this command use DNS server 4.2.2.2 to resolve names) Now you can ping any websites. 

ping www.google.com

ping www.hotmail.com

ping www.apple.com    etc

Lets try another example :

In this case to do the ip route if the first router wants to reach the server network than in this case the network and subnet mask of ip route would be the same but the next hop address would be the first router that this router is connected to.

The End ,in next lesson we will learn about Dynamic routing implementation with RIP.

Thanks and enjoy your learning..good luck

BASIC TCP/IP AND UNDERSTANDING OF PORT NUMBERS

HOW PORT NUMBERS WORK?

When application communicates - it first choose TCP or UDP.

Then application generates source and destination port numbers.

When source communicates with server,it must establish a session.

lets say a web browser is open,source sends a message via HTTP using TCP port 80.

source  -------------------session------------host 

ip : 10.1.1.10                                              ip : 10.5.1.100

tcp port 80                                                  tcp port 80

note : 80 is port number assigned for HTTP.

- to see the list of well known port numbers ..go to the website http://www.iana.org

When you open a browser in your computer.

-Type cmd and open a cmd prompt.

-type netstat -f

this command shows the list of all

port numbers used ,ip address etc

for example :TCP  172.25.2.54:51895

here , 51895 is the source port number.

-type netstat -n

TCP/UDP both has  ( 0 to 655357) port numbers.

some well known port numbers are from 0- 1023 

TCP :

21- FTP 

22- SSH -sending email

23- TELNET 

25 - SMTP

53 - DNS SERVER

80- HTTP 

110- POP3 - post office protocol - to receive emails

443- HTTPS - secure protocol

UDP:

53- DNS CLIENT

69-TFTP

Purpose

Dear Friends,
Lets study CCNA together.
Thanks