Mjlilley's Blog

Cisco Disco 2 Ch. 9 Saturday, Nov 21 2009

Uncategorized Chisholm, Cisco, Discovery 2, Kangan mjlilley 11:56 pm

CHAPTER-9-CS12Fr-Disc2v4.1-07/09-Tues/Fri-MK
9.1.1.1 OSI Model & Troubleshooting
 Good network trouble shooters are always in high demand.
 Knowledge of t features, functions, and devices of each OSI layer and how each relates to those around it help a network technician troubleshoot better.
 Upper layers (5-7): deal with specific app functionality and are implemented only in software.
 Problems here are caused by end-system software config errors on clients/servers.

 Lower layers (1-4): = data-transport issues.
 Network (3) and Transport Layer (4): = only software.
 Software config errors on routers and firewalls happen here.
 IP addressing and routing errors happen at Layer 3.

 Physical (1) and Data Link Layer (2): = hardware and software.
 Hardware problems and incompatibilities cause Layer 1/Layer 2 problems.
 There are three main troubleshooting approaches when using network models:

9.1.2.1 Troubleshooting Methodologies
 Top-down
 Bottom-up
 Divide-and-conquer

 Top-down : App Layer and works down. Views problem from user and application.

 Bottom-up : Physical Layer and works up. Hardware and wire connections.

 Divide-and-Conquer: Begin at middle layers and work up or down from there.

9.1.3.1 Troubleshooting Tools
 Difficult to troubleshoot network connectivity issue without a network diagram.
 Logical and physical topologies are extremely useful in troubleshooting.

Physical Network Topologies:
 Shows physical layout of devices connected to network.

Physical network topologies include:
 Device types
 Models and manufacturers of devices
 Locations
 Operating system versions
 Cable types and identifiers
 Cabling endpoints

Logical Network Topologies:
 Shows how data is transferred on network.
 Symbols used as network elements: routers, servers, hubs, hosts, and security devices.

Logical network topologies include:
 Device identifiers
 IP addresses and subnet masks
 Interface identifiers
 Routing protocols
 Static and default routes
 Data-link protocols
 WAN technologies

Network Documentation and Baseline Tools:
 Available for Windows, Linux, and UNIX OS’.
 CiscoWorks used to draw network diagrams, keep documentation up to date and measure baseline network bandwidth use.
 Tools provide monitoring and reporting functions for finding network baseline.

 Network Management System Tools:
 NMS tools monitor network performance.
 Graphically display physical view of network devices.
 Locate source of failure and determine what possible cause was.
 E.g.: CiscoView, HP Openview, SolarWinds and WhatsUp Gold.

Knowledge Bases:
 Have become good sources of info.
 Network admin has access to a vast pool of experience-based info.

Protocol Analysers:
 Decodes protocol layers in recorded frame and presents info in an easy-to-use format.
 Capture network traffic for analysis.
 Output is filtered to view specific traffic/types of traffic based on criteria. E.g.: to/from a certain device.

Hardware troubleshooting tools:
Cable Testers:
 Specialized, handheld devices designed for testing comms cabling.
 Used to detect opens, shorts and wire map errors.
 Time-domain reflectometer (TDR),can pinpoint distance to break in cable.
 Can determine length of a cable.

Digital Multimeters:
 Test instruments that measure voltage, current, and resistance.
 In network troubleshooting tests involve checking PSU voltage and verifying that network devices are receiving power.

Portable Network Analysers:
 Engineers use these to see average and peak utilization of a network segment.
 Used to identify devices producing most network traffic, analyse network traffic protocols and view interface details.
 Useful for problems caused by malware or DOS attacks.

9.2.1.1 Layer 1 & 2 Problems
 Network problems at Layer 1 can cause loss of network connectivity or network performance to degrade.
 Types of problems that occur at Layer 1 are related to type of technology used.
 Ethernet is multi-access technology. (Layer 2)
 Ethernet = Carrier Sense Multiple Access with Collision Detection (CSMA/CD).
 Excessive collisions cause network performance to degrade.
 Layer 2 specifies how data is formatted for transmission over network media.
 Layer 2 regulates how access to network is granted.
 Layer 2 links Network Layer software functions to Layer 1 hardware for LAN and WAN apps.
 Network analysers can locate source of a Layer 2 issue.

9.2.2.1 Troubleshooting Device Hardware & Boot Errors
The boot-up process:
 1. Performing POST and loading bootstrap program.
 2. Locating and loading Cisco IOS software.
 3. Locating and loading t startup config file or entering setup mode.

 When Cisco IOS software is loaded, technician verifies that hardware/software are fully operational.
 ‘Show version’ displays version of OS and if interface hardware is recognized.
 ‘Show flash‘ shows content of Flash memory (and Cisco IOS image file),flash memory used and memory available.
 ‘Show ip interfaces brief’ shows status of device interfaces and IP addresses assigned.
 ‘Show running-configuration’ and ‘show startup-configuration’ verify if config commands recognized during reload.
 If device fails to boot and creates network outage, replace device with known good.
 When service to users is restored, troubleshoot and repair failed device.
 If router boot ok then green LED indicators will display.

Device Fails POST:
 No output appears on console screen and system LEDs change color or blink.
 If POST fails, turn off power, unplug device, remove all i modules and reboot device.
 If POST still fails then device needs service or brick it!
 If POST ok without modules installed, then dodgy module.
 Reinstall each module individually, rebooting each time to find Mr. Dodgy!

Cisco IOS Image in Flash is Corrupt:
 If image file in flash is corrupt/missing, boot-loader can’t find Cisco IOS file to load.
 Boothelper is an image with limited functionality that runs if no image exists.
 If Boothelper cannot bring device back into operation then device enters ROMmon mode.
 Use ROMmon to reload Cisco IOS image from TFTP server.

Memory is not Recognized or Fails:
 If insufficient memory to decompress image, device scrolls error messages rapidly or constantly reboots.
 Boot device into ROMmon mode by using ‘Ctrl-Break’ command during startup.

 Determine the status of the memory in ROMmon mode.

Interface Modules are not Recognized:
 Interface modules not recognized during POST/IOS load.
 ‘show version’ does not match installed modules.
 If module is new, check if module is supported by Cisco IOS version installed and enough memory to support module.
 Power down device, disconnect t power, and reseat module to see if hardware problem.
 If module still dodgy, replace with known good.

Configuration File is Corrupt or Missing:
 If startup config file cannot be found, some devices execute autoinstall.
 Utility broadcasts TFTP request for config file.
 Some devices enter initial config dialog (setup utility/setup mode).
 Devices that use autoinstall enter setup mode if no TFTP server responds after five attempts.

9.2.3.1 Troubleshooting Cable & Device Port Errors
 Router interface errors show up Layer 1 and Layer 2 cabling/connectivity errors.
 Examine statistics recorded on suspected interface with ‘show interfaces’ and status of interfaces with ‘show ip interface brief ‘.

 Up/up status = normal operation and media/Layer 2 protocols are functional.
 Down/down status = connectivity/media problem exists.
 Up/down status = media is connected properly, but Layer 2 protocol is not ok.

Layer 1 Issues that cause down/down output:
 Loose cable or tight cable = circuit down.
 If pins cannot make good connection = circuit down.
 Incorrect termination or correct standard is not followed.
 Pins correctly terminated in connector.
 Pins on interface connection are bent/missing.
 Dodgy cable – interface cannot sense correct signals.

Layer 2 issues that cause an up/down output:
 Encapsulation not configured correctly.
 No keep-a-lives are received on interface.

 ‘Show interfaces’ shows extra info to help identify media errors.

 Output for show interfaces:
 Excessive Noise – Presence of plenty CRC errors but not many collisions indicates noise. CRC errors indicate media or cable error caused by emi, bad connections, incorrect cabling.
 Excessive collisions – Occur on half-duplex/shared-media Ethernet connections. Damaged cables cause excessive collisions.
 Excessive runt frames – Malfunctioning NICs cause runt frames, but can also be caused by same issues as excessive collisions.
 Late collisions – Caused by excessive cable lengths and duplex mismatches.

9.2.4.1 Troubleshooting LAN Connectivity Issues
 Each port on a switch has an LED indicator that provides info.
 Verify switch port connected to user is active and appropriate LED indicators are lit.
 Error condition = red or orange.
 Check to see that both sides of connection have link.
 If no link light is present, ensure physical connectivity and correct port is used.
 Ensure devices are powered up with no boot errors.
 Change suspected patch cables with known good and verify terminations are correct for desired connectivity.
 If still no link light, check port is not administratively shut down.
 Use ‘show running-config interface’ to show config of switch port.

 Switch# show run interface fastEthernet 1/1
 interface FastEthernet 1/1
 shutdown
 duplex full
 speed 100
 end

 Use ‘show interface port counters errors’ if link light is present, but cable is suspected damaged.
 Duplex mismatches are more common on switches than and may occur if one device configured to auto-negotiate and other manually configured which lead to collisions and dropped packets.
 Use ‘show interface port status’ to view speed, duplex and auto-neg settings on a port.
 If Cisco Discovery Protocol (CDP) enabled, CDP error messages show on console/logging buffer.
 CDP is useful to detect errors, port and system stats on nearby Cisco devices.

9.2.5.1 Troubleshooting WAN Connectivity Issues
 WAN connectivity relies on equipment owned/managed by telecommunications service provider (TSP).
 Correct serial interface and line problems using info from ‘show interfaces serial’.
 Packet errors, config errors, or mismatches in encapsulation and timing can plague serial connections.
 Consider CSU/DSU or modems when troubleshooting serial lines.
 Know type of modem or CSU/DSU installed and how to place device in loopback state for testing.
 ‘Show interfaces serial’ displays problem states:
 Serial x is down, line protocol is down (DTE mode) – When interface cannot detect signal on line, it reports line and Layer 2 protocol down.
 Serial x is up, line protocol is down (DTE mode) – When interface does not receive keep-a-lives or there is encapsulation error Layer 2 protocol is reported down.
 Serial x is up, line protocol is down (DCE mode) – When router is providing clock signal and DCE cable is attached with no clock rate configured, Layer 2 protocol is reported down.
 Serial x is up, line protocol is up (looped) – When serial interface receives own signals back on circuit, it reports line as looped. (Common practice to place circuit in loopback condition to test connectivity).
 Serial x is up, line protocol is down (disabled) – High error rates cause protocol disabled mode. ( hardware related).
 Serial x is administratively down, line protocol is down – Device configured with ‘shutdown’. Enter ‘no shutdown’ on interface to fix. If interface does not come up, check for duplicate IP address. If duplicate IP address exists use ‘no shutdown’ command again.
 Serial x is up, line protocol is up – interface is honky dory!

9.3.1.1 Layer 3 Functionality & IP Addressing
 Layer 1 networks created by interconnecting devices over physical media.
 Layer 2 network protocols are hardware dependent. (Ethernet/serial)
 Layer 3 protocols not bound to type of media or Layer 2 framing protocol.
 Same Layer 3 protocols can use Ethernet, wireless, serial, or others.
 Layer 3 networks can have hosts connected using different Layer 1 and 2 thingys!.
 Layer 3 networks = logical networks created in software.
 Most networks use TCP/IP protocols to exchange info between hosts.

9.3.2.1 IP Design & Config Issues
 Overlapping subnet occurs when address range of two separate subnets include some same host/ broadcast addresses.
 Overlapping caused by poor network docs or entering incorrect subnet mask/network prefix.
 Poorly configured subnet mask cause some hosts on a network to lose access to services.
 Subnet mask config errors can also display variety of symptoms not easily identified.

9.3.3.1 IP Address Planning
 When Windows host does not receive address from a DHCP server, it automatically assigns itself an address on 169.254.0.0 network.
 Use ‘show ip dhcp binding’ to check if DHCP server has available addresses.

9.3.3.1 DHCP & NAT Issues
 Verify that IP addressing is assigned using ‘ipconfig /all’.
 If host not receiving IP address, then troubleshoot DHCP config.
 First step in troubleshooting = check physical connectivity.
 Next check DHCP server is correctly configured and has IP addresses to lease.
 Check for any address conflicts. (static address contained in range of DHCP pool).
 Use ‘show ip dhcp conflict’ to show address conflicts in DHCP server.
 If problem still exists, configure static IP address info on host and if unable to reach network resources then problem is not DHCP.
 Router can forward broadcast packets (incl.DHCP) to server using ‘ip helper-address’.
 Router(config-if)# ip helper-address x.x.x.x

 First indication of NAT problem is users cannot reach internet sites.
Incorrect Designation of Inside and Outside Interface
 Inside interface connects to local network, which uses private IP address space.
 Outside interface connects to public network ( ISP).
 Use ‘show running-config interface’

Incorrect Assignment of Interface IP Address or Pool Addresses
 IP address pool and static NAT translations must use addresses on same local IP network as outside interface. (no route to the translated addresses are found).
 Check config to verify translated addresses are reachable.
 When address translation is config on outside interface address in PAT, ensure interface is on correct network and subnet mask.

 If dynamic NAT/PAT is enabled and external users cannot connect to static internal devices, then check static translations are configured.
 Verify NAT is operational by using ‘show ip nat translations’.
 After viewing, use ‘clear ip nat translation *’ (may disrupt user services).
 Use ‘show ip nat translations’ again and if new translations appear, problem is elsewhere.
 Use ‘traceroute’ to find path translated packets are taking.

9.5.1.1 Layer 4 Traffic Filtering Errors
 Some engineers are unsure which transport protocol used by apps and deny port number for TCP and UDP traffic.
 This practice denies traffic that should be allowed.
 Firewalls are often configured to deny everything except apps specified in permit statements, then firewall filtering problems occur.
 Layer 4 problem = users reporting video or audio web services are not reachable.

9.5.2.1 Upper Layer Problems
TCP/IP Application Layer protocols:
 Telnet – establishes terminal session connections with remote hosts.
 HTTP – exchanges text, graphic images, sound, video, and other multimedia files on the web.
 FTP – interactive file transfers between hosts, using TCP.
 TFTP – basic interactive file transfers between hosts and networking devices (UDP) .
 SMTP – basic email message delivery services.
 POP3 – connects to mail servers and downloads email to a client application.
 IMAP4 – lets email clients retrieve messages and store email on servers.
 SNMP – info from managed devices.
 NTP – updated time to hosts and network devices.
 DNS – maps IP addresses to names assigned to hosts.
 SSL – encryption and security for HTTP transactions.
 SSH – secure remote terminal access to servers and networking devices.

 Using “divide and conquer” and verify Layer 3 connectivity:
 Step 1. Ping host default gateway.
 Step 2. Verify end-to-end connectivity.
 Step 3. Verify routing configuration.
 Step 4. Ensure that NAT is working correctly.
 Step 5. Check for firewall filter rules.

 Check with ISP to ensure network connection is up and operational.
 If verified that the end-to-end connectivity is not issue, but end device is still not operating then problem has been isolated to upper layers.
 It is possible to have full network connectivity, but app cannot provide data.
 Misconfigured client applications account for the majority of upper layer network problems.
 Use ‘nslookup’ to verify DNS is working ok.
 If DNS server is ok and reachable, check for DNS zone config errors.
 Browser plug-in programs must be kept updated for web pages to display correctly.
 Use correct protocol to request data can cause a web page to be unreachable.
 Specify https:// or http:// for desired protocol.

9.5.3.1 Using Telnet to check upper layer connectivity
 Use of Telnet indicates lower layer connectivity exists between devices.
 Cisco IOS devices include an SSH client that can be used for SSH sessions with other devices.

Leave a Response »

Cisco Disco2 Ch. 8 Saturday, Nov 21 2009

Uncategorized Chisholm, Cisco, Discovery 2, Kangan mjlilley 2:16 pm

CHAPTER-8-CS12Fr-Disc2v4.1-07/09-Tues/Fri-MK
8.1.1.1 ISP Security Services
ISPs serve:
 Unsecured ISP customer PC’s may lead to large failures in ISP networks.
 ISP must maintain secure customer data.
 Managed desktop security services help prevent attacks.
 Technicians implement security best practices on client PCs.

Security services:
 Help clients create secure passwords.
 Install App patches & upgrades.
 Remove vulnerable apps/services.
 Making apps/services available to some users and blocking other users.
 Configuring desktop firewalls and anti-virus software.
 Determine vulnerabilities via security scans.

8.1.2.1 Security Practices
Features and procedures:
 Encrypting data on server hdds.
 Use permissions to secure files and folders.
 Assign levels of access based on user a/c or group m-ship.
 “Principle of least privilege” = give users access to only those resources needed to do their job.
 Authentication, Authorization and Accounting (AAA) is a 3 step process used by admins to make life harder for attackers.
 Authentication = prove identity using username and password. Databases are stored on servers that use RADIUS or TACACS protocols.
 Authorization = user rights to access specific resources and specific tasks.
 Accounting = tracking apps used and length of time used.
 AAA requires database to track user credentials, permissions and account stats.
 Local authentication is simplest form of AAA and keeps database on gateway router.
 If org has more than a few users authenticating with AAA, org must use a database on separate server.

8.1.2.1 Data Encryption
 By default, data sent over network is unsecured and transmitted in clear text.

Encryption:
 Process of encrypting all transmitted data between client and the server.
 Protocols use secure version to transmit sensitive data.
 Using secure protocol when not needed = more overhead and slower response time.
 Web servers – HTTP by default = non secure protocol.
 HTTPS uses secure socket layer (SSL) protocol.
 Email servers – SMTP, POP3, and IMAP4.By default, info is sent in clear text.
 POP3 can use SSL for security.
 SMTP and IMAP4 can use SSL or Transport Layer Security (TLS) for security.
 Telnet servers – Uses clear text.
 Secure Shell (SSH) protocol allows secure authentication and data on router or switch.
 FTP servers – sent in clear text.
 FTP can use SSL and SSH to securely exchange authentication and data..
 File servers – In most cases do not offer secure version.
 IP Security (IPSec) = Network Layer security protocol used to secure Application Layer protocol for communication.

8. 2.1.1 Access Control Lists & Port Filtering
3 key types of DoS attacks:
DoS:
 When a server or service is attacked to prevent legitimate access to service.
 SYN floods, ping floods, LAND attacks, bandwidth consumption attacks and buffer overflow attacks.

DDoS:
 Distributed denial-of-service (DDoS) attack = multiple computers attack a specific target.
 Attacker has access to many compromised computer systems and remotely launch attack.
 Same kinds of attacks as DoS, except DDoS attacks run from many computer systems simultaneously.

DRDoS:
 Distributed reflected denial-of-service (DRDoS) attack = attacker sends a spoofed request to PC’s with source address modified to targeted computer system. The computer systems that receive request respond.
 When computer systems respond to request, all requests are directed at target computer system.
 Very difficult to determine the originator of the attack.
 ISPs must filter out network traffic that can be harmful to operation of network or servers.
 Port filtering and access control lists (ACL) are used to control traffic to servers and networking equipment.

Port Filtering:
 Controls flow of traffic based on specific TCP or UDP port.
 Many server operating systems restrict access using port filtering.
 Also used by network routers and switches to control traffic flow and secure access to device.

Access Control Lists:
 Defines traffic that is permitted/denied through network based on source and destination IP addresses and source and destination ports of protocol being used.
 ICMP and routing update traffic can also be controlled using ACLs.
 Admins create ACLs on network devices to control whether or not traffic is forwarded or blocked.
 ACLs are first line of defence and not enough to secure network.

8.2.2.1 Firewalls
 Hardware or software that defines which traffic can enter/leave sections of network and how traffic is handled.
 ACLs are one of the tools used by firewalls.
 ACLs control which type and direction of traffic is allowed to pass through firewall.
 Dynamic packet filter firewall (stateful) keeps track of actual communication process between source/destination devices, by using state table.
 Cisco IOS Firewall software is embedded in Cisco IOS software and allows user to turn a router into a network layer firewall with dynamic/stateful inspection.
 Constantly evolving as new capabilities are developed and new threats are discovered.
 More functionality embedded in firewall = more time for packets to be processed.
 Firewalls can provide perimeter security for the entire network and for internal local network segments, such as server farms.
 Firewalls implemented in multiple layers.
 Traffic from an untrusted network first encounters packet filter on the border router.
 Permitted traffic goes through border router to an internal firewall to route traffic to a demilitarized zone (DMZ).
 Only traffic that is permitted access to these servers is permitted into the DMZ.
 Firewalls also control what traffic is permitted into protected local network.

 Internal firewalls protect sensitive areas and are used to restrict access to areas of network that need more protection.
 Internal firewalls separate and protect resources on servers from inside users.
 Internal firewalls prevent external/internal hackers, unintentional internal attacks and malware.

8.2.3.1 IDS & IPS
Intrusion Detection System:
 Software- or hardware-based system that passively listens to network traffic.
 IDS device monitors traffic through network interface.
 When IDS detects malicious traffic it sends alert to preconfigured management station.

Intrusion Prevention System (IPS):
 Active physical device or software feature. Traffic goes in one interface and out other.
 IPS examines actual data packets that are in network traffic.
 Works in real time to permit/deny packets that want access into network

IDS and IPS technologies used as sensors can be:
 Router configured with Cisco IOS version IPS
 Hardware appliance designed for dedicated IDS/IPS services.
 Network module installed in an adaptive security appliance (ASA) switch/router.

 IDS and IPS sensors respond differently to incidences on network.
 IDS solutions are reactive when detecting intrusions.
 Detection is based on signature for network traffic/computer activity.
 IDS’ do not stop initial traffic from passing through to destination.

 IDS can block further malicious traffic by reconfiguring network devices in response to malicious traffic detection

 IDS used on untrusted perimeter of network, outside firewall.
 IDS can analyze type of traffic hitting firewall and see how attacks are executed.
 IDS can also be placed inside firewall to detect firewall misconfigurations.

IPS:
 IPS solutions are proactive and block all suspicious activity in real time.
 IPS examines data packet Layer 2 to Layer 7.
 When IPS detects malicious traffic it blocks it immediately.
 IPS then sends alert to management station.
 IPS blocks original and subsequent malicious traffic.

 IPS = intrusion detection appliance and is not software.
 IPS placed inside firewall because it examines most of data packet.
 IPS’s protect server apps if malicious traffic is being sent.
 Firewall drops most packets not allowed, but can allow some malicious packets through.
 IPS has fewer packets to examine, so it can examine the entire packet.
 IPS can stop new attacks that firewall was not configured to deny.
 IPS can stop attacks that firewall is unable to deny due to limitations.

8.2.4.1 Wireless Security
 Wireless networks can be secured by changing default settings, enabling authentication or MAC address filtering.

Changing Default Settings:
 Change default values for SSID, usernames and passwords on wireless access point.
 Disable broadcasting of SSID.

Enabling Authentication:
 Permits entry to network based on credentials.
 Verifies that device attempting to connect to network is trusted.

Open authentication:
 Any and all clients are able to access regardless of who they are. (used on public networks)

Pre-shared key (PSK):
 Needs matching preconfigured key on server and client.
 When connecting, access point sends random bytes to client.
 Client accepts data, encrypts it and sends it back to access point.
 Access point gets encrypted string and uses its key to decrypt it.
 If both match then authentication is successful.

Extensible Authentication Protocol (EAP):
 2 way authentication.
 When using EAP software, client communicates with backend authentication server. Eg-RADIUS.

Enabling MAC Address Filtering:
 Prevents unwanted computers connecting by restricting MAC addresses.
 MAC address cloning is possible.

WEP – Wired Equivalent Privacy:
 Encrypts data sent between wireless nodes.
 Uses a 64, 128, or 256 bit pre-shared hexadecimal key to encrypt data.
 WEPs weakness is static encryption keys.
 Use WEP only with older equipment that does not support newer wireless security protocols.

WPA – Wifi Protected Access:
 Newer encryption protocol uses improved encryption algorithm.(Temporal Key Integrity Protocol)
 TKIP generates a unique key for each client and rotates security keys at a configurable interval.
 WPA allows client and access point to have key, it is never transmitted.
WPA2:
 New, improved version of WPA.
 Uses more secure Advanced Encryption Standard (AES).

8.2.5.1 Host Security
 Regardless of network defence servers are open attack if not properly secured.
 ISP servers are vulnerable because they are accessible from Internet.

Host-based firewall:
 Software that runs on host OS and protects against malicious attacks..
 Host-based firewalls control inbound and outbound network traffic.

 Allows filtering based on a computer address and port and offers more protection than regular port filtering.
 Comes with predefined rules that block all incoming network traffic.
 Exceptions are added to rules set to permit correct mixture of inbound and outbound network traffic.
 Balance need to allow network resources required to complete job tasks and need to prevent apps from being left vulnerable to malicious attacks.
 Server OS’ are preconfigured with host-based firewall and limited options.
 ISPs use host-based firewalls to restrict access to specific services a server offers.
 ISP protects their servers and customer data by blocking access to extra ports which are not used.

Known Attacks:
 Firewalls recognize malicious activity based on updatable signatures or patterns.
 They detect a known attack and block traffic on the port used by attack.

Exploitable Services:
 Host-based firewalls protect exploitable services running on servers by preventing access to ports that service is using.
 Some firewalls inspect packet contents to find malicious code.
 Web and email servers are common targets for service exploits but are protected if host-based firewall performs packet inspection.

Worms and Viruses:
 Spread by exploiting vulnerabilities in services/weaknesses in OS’.
 Host-based firewalls prevent malware from gaining access to servers.
 Prevent spread of worms/viruses by controlling outbound traffic originating from server.

Back Doors and Trojans:
 Allow hackers to remotely gain access to servers on network.
 Software sends a message to let hacker know of a successful infection.
 Then provides service to hacker to gain access to system.
 Host-based firewalls prevent Trojans from sending messages by limiting outbound network access.

 Anti-X software installed as an overall security measure.
 Protects computer systems from viruses, worms, spyware, malware, phishing and spam.
 ISPs offer anti-X software as part of security services.
 Not all anti-X software protects against same threats.

 Anti-X software packages allow for remote management.
 Have an incident management process to help prevent infection from reoccurring.
 Incident management is required by ISPs that manage and maintain customer data for security reasons.

8.3.1.1 SLA’s
 Documents expectations and obligations of ISP and user.

SLA’s contain:
 Service description
 Costs
 Tracking and reporting
 Problem management
 Security
 Termination
 Penalties for service outages
 Availability, performance, and reliability

 Clearly outlines management, monitoring and maintenance of network.

8.3.2.1 Monitoring Network Link Performance
 ISP is responsible for monitoring and checking device connectivity which includes equipment that belongs to ISP and any customer equipment that ISP agreed to monitor in SLA.
 Monitoring and configuration can be performed either out-of-band or in-band.
 In-band tools can have more management functionality : e.g overall view of the network.
 In-band management protocols =Telnet, SSH, HTTP and SNMP.

8.3.3.1 In Band Tools
 Telnet = Virtual Terminal (VTY) session or connection.
 Telnet is a client/server protocol.
 On a MS Windows PC, Telnet can be run from command prompt.
 Other Telnet clients are HyperTerminal, Minicom and TeraTerm.
 Routers run Telnet client and Telnet daemon and can be client or server.
 Using Telnet, users can conduct any authorized function on server.
 Telnet session can be initiated using router CLI.
 Telnet client can connect to multiple servers simultaneously.
 Using a Cisco router, press Ctrl-Shift-6 X to toggle between Telnet sessions.
 Telnet server can support multiple client connections.
 If router is acting as server, use ‘show sessions’ command to show all client connections.
 Telnet protocol supports user authentication but does not support encrypted data.

 Secure Shell (SSH) protocol offers secure method for server access.
 SSH provides secure remote login and other network services.
 SSH has stronger authentication than Telnet and encrypts transport of session data.
 2 versions of SSH. Which supported depends on Cisco IOS image loaded on device.
 SSH client must support the SSH version configured on server.

8.3.4.1 SNMP & Syslog
 SNMP = UDP based – Simple network management protocol, which lets admin collect data about network and devices.
 SNMP eg: CiscoWorks.
 SNMP management agent software embedded in OS’ on servers, routers and switches.

4 main components of SNMP:
 Management station = PC with SNMP management app used by admin to monitor or configure network.
 Management agent = Software on device managed by SNMP.
 Management Information Base (MIB) = Database kept by device re: network performance parameters.
 Network management protocol = Comms protocol used between management station and agent.

 Management station holds SNMP management apps that admin uses to configure devices on network.
 Management station stores data about those devices by collecting poll info.
 Agent uses statistics in the MIB to send to Management Station.
 Agents can be configured with traps. (alarm-triggering event).
 If configured with thresholds, when threshold is exceeded agent sends alert management station.
 Traps leave management station free from continuously polling of network devices.
 Management stations/managed devices are identified by community ID.( community string)
 Community string on SMNP agent must match SMNP management station.

 Syslog = standard for logging system events.
 App Layer protocol that allows devices to send info to syslog daemon running on management station.
 Syslog system = syslog servers and syslog clients.
 Log messages have an ID, type of message, a time stamp, what device sent message and message text.
 Some equipment can send more items than above.

8.4.1.1 Back up Media
 Network management / monitoring software helps ISPs identify and correct causes of network failures. Caused by e.g.: malware, network functionality and failed devices.
 IT professional must reduce risks of data loss and find a way for quick recovery of any data lost.
 Cost of backup solution and effectiveness must be balanced.
Some factors affecting choice of back up media:
 Amount of data
 Cost of media
 Performance of media
 Reliability of media
 Ease of offsite storage

 Tape is most common type of backup media available.
 Tapes have large capacities an cheapest media on market.
 Tape media prone to failure and drives need regular cleaning to maintain functionality.
 High failure rate through wear.
Different types of tapes:
 Digital data storage (DDS)
 Digital audio tape (DAT)
 Digital linear tape (DLT)
 Linear tape-open (LTO)

Optical Media Discs:

 Common choice for smaller amounts of data.
 CDs = 700 MB, DVDs = up to 8.5 GB, HD-DVD and Blu-Ray discs = 25+ GB per disc.
 ISPs use optical media to transfer web content data to customers.
 Customers use to transfer website content to ISP web hosting site.

Hard Disks:
 More popular due to low cost of high-capacity drives, but makes offsite storage difficult.
 Large disk arrays: direct attached storage (DAS), network attached storage (NAS) and storage area networks (SANs) not transportable.
 Some hard disk-based backup systems work with tape backup systems for offsite storage.
 Using both provides quick restore time, data available locally on hard disks and long-term archives.

Solid State Storage Devices:
 Non-volatile storage media without moving parts.
 Postage-stamp-sized drives = 1 GB of data, router-sized packages = 1000 GB (1TB) of data.
 Ideal fast storage/retrieval of data.
 Apps for solid state data storage systems: database acceleration, high-definition video access/editing, data retrieval and SANS.

8.4.1.1 Methods of file back up
Normal/Full:
 Copies all selected files.
 Each file is marked as having been backed up.
 Most recent backup is needed to restore files.
 Speeds up/simplifies restore process.
 All data is backed up, which takes the most amount of time.

Differential:
 Copies only files that have changed since last normal/full backup.
 Full backup on first day of backup cycle is needed, then files created/changed since time of last full backup are saved.
 Reduces amount of time needed for backup.
 When restoring data, last normal backup is restored and latest differential backup restores all created/changed files since last full backup.

Incremental:
 Only saves files created/changed since last incremental backup.
 Quickest to backup but longest to restore.

 Backup systems need maintenance to keep them running properly.

 Swap media: Use a notification method: task scheduling to ensure humans don’t forget to swap tapes etc.
 Review backup logs: Logs report on success of backup or specify where it failed. Regular monitoring means quick identification of backup issues which need attention.
 Perform trial restores: Do a trial restore of data to verify backup is usable and restore procedure works.
 Perform drive maintenance: Routine cleaning of tape drive with cleaning tapes. Defrag HDD’s to improve overall performance of system.

8.4.3.1 Cisco IOS Software Back up & Recovery
 Cisco device software and config files can be saved to network server using TFTP and copy commands.
 The command to save the IOS file is very similar to the command to backup and save a running configuration file.

3 Steps to back up Cisco IOS software:
 Step 1: Ping TFTP server where file should be saved to verify connectivity.
 Step 2: Verify IOS image in flash on route using ‘show flash’ command see filename/ file size of IOS image. Confirm TFTP server has sufficient disk space for file.
 Step 3: Copy IOS image to TFTP server using ‘Router# copy flash tftp’

Steps to upgrade an IOS image file on router:
 Step 1: Use ‘show flash’ command to verify available memory in flash and confirm enough room for IOS file before starting upgrade or restore.
 Step 2: Use ‘copy tftp: flash:’ to upgrade Cisco IOS software.
 Router may prompt user to erase flash memory if insufficient memory available for old and new images.
 Series of ‘e’s appear to indicate erase process.
 After new image is loaded and verified, device is reloaded with new Cisco IOS image.
 If IOS image is lost and needs to be restored, ROMmon mode is required.
 Quickest way to restore Cisco IOS image on router: useTFTP in ROM monitor (ROMmon) mode.
 ROMmon -TFTP transfer uses specified LAN port (default is first available LAN interface).
 TFTP in ROMmon mode: set environmental variables then use ‘tftpdnld’ to restore image.
 To set ROMmon environment variable enter variable name, equals sign and value of variable.
 E.g.: to set IP address of 192.168.1.1, type IP_ADDRESS=192.168.1.1

Required environment variables:
 IP_ADDRESS – IP address on LAN interface
 IP_SUBNET_MASK – Subnet mask for LAN interface
 DEFAULT_GATEWAY – Default gateway for LAN interface
 TFTP_SERVER – IP address of TFTP server
 TFTP_FILE – Cisco IOS filename on server

 ‘set’ command displays ROMmon environment variables.
 Now use ‘ tftpdnld’
 Each datagram is displayed with an exclamation point (!) as Cisco IOS file is received.
 Existing flash and all other files in flash memory are erased.
 Back up these files to a TFTP server in case you may need to restore original IOS image.
 When ‘rommon 1>’ appears restart router using ‘reset’ or type ‘i ’ to boot from new Cisco IOS image in flash.

8.4.4.1 Disaster Recovery Plan
 Comprehensive document that describes how to restore operation quickly.
 Plan ensures that business can adapt to physical/social changes caused by disaster.
 Plan includes info: offsite locations where services may move, info on changing network devices/servers and backup connectivity options.
 When building plan, fully understand critical services for operation.

Services available during a disaster:
 Databases
 Application servers
 System management servers
 Web
 Data stores
 Directory

 When designing plan understand needs of org.

Vulnerability assessment:
 How vulnerable are critical business processes and associated apps to common disasters.

Risk assessment:
 Analyse risk of disaster occurring and associated effects/costs to business.
 Create a list of 10 potential disasters and effects.

Management awareness:
 Use info gathered on vulnerability/risks to get approval on disaster recovery project.
 Maintain equipment/locations for disaster recovery can be $$$.
 Senior management must understand effects of any disaster situation.

Planning group:
 Manage development/implementation of strategy and plan.
 When disaster occurs, individuals must understand their roles/responsibilities.

Prioritize:
 Assign priority for scenarios e.g.: mission critical, important and minor.

 Planning process should first use top managers and include all personnel that work with critical business processes.

Phase 1: Network Design Recovery Strategy
Analyse network design to include:
 Any backup connectivity options and is redundancy in network design?
 Availability of offsite servers that can support apps.
 Availability of backup routers, switches, and other network devices.
 Location of services and resources that the network needs.

Phase 2: Inventory and Documentation
 Create inventory of all locations, devices, vendors, used services and contact names.
 Verify cost estimates created in risk assessment step.

Phase 3: Verification
 Create verification process to prove that strategy works.
 Practice exercises to ensure plan is up to date/workable.

Phase 4: Approval and Implementation
 Get approval and develop budget to implement disaster recovery plan.

Phase 5: Review
 When disaster recovery plan has been used for 1 year, review plan.

Leave a Response »

Cisco Disco2 Ch. 7 Thursday, Nov 5 2009

Uncategorized Chisholm, Cisco, Discovery 2, Kangan mjlilley 1:06 am

CHAPTER-7-CS12Fr-Disc2v4.1-07/09-Tues/Fri-MK
7.1.1.1 Customer requirement
ISPs serve:
 Consumer market = individuals in homes.
 Enterprise market = large multinational companies.
 Smaller markets = small- to medium-sized businesses / larger non-profit orgs.

 ISPs provide Email, www, media streaming, IP telephony & file transfer services to all customers.
 Expensive to keep up with new technologies.
 Companies can have access to leading network technologies / applications without making large investments in equipment/support.

 Scenario 1 – Customer owns/manages own network equipment/services. Internet connectivity from ISP is all they need.

 Scenario 2 – ISP provides Internet connectivity. ISP owns/manages network connecting equipment at customer site. ISP set up, maintain, and administer equipment for customer. Customer monitors status of network and apps.

 Scenario 3 – Customer owns network equipment, but apps that business relies on are hosted by ISP. Servers that run apps are at ISP. (Owned by customer or ISP).

7.1.2.1 Reliability and Availability
Reliability:
 Measured in mean time between failure (MTBF) and mean time to repair MTTR.
 Equipment manufacturers specify MTBF based on fault tolerance tests they perform when manufacturing.
 When equipment fails / network service = poor SLA.
 ISP purchases redundant hardware to keep onsite to safe guard against this.

Availability:
 Telephone services are expected to be available 99.999% of the time. (five-9s)
 ISPs offer critical business services: IP telephony and high-volume retail sale transactions.
 ISPs double up on network devices/servers using technologies.

7.2.1.1 Review of IP Protocols
 Converged IP networks enable high performance services to be delivered over a common network.
 ISPs support multiple end-user apps that rely on TCP/IP for delivery.
 ISP support personnel must be familiar with TCP/IP protocols.
 ISP servers must support multiple apps for different customers.
 For this support, they must use transport protocols TCP and UDP.
 Common hosted applications (www and email) depend on TCP/IP protocols.
 IP services also rely on domain name servers.

Application Layer Protocols:
 Specify format and control info for common Internet communication functions.
 (DNS) Domain Name System – Resolves Internet names to IP addresses.
 (HTTP) Hyper Text Transfer Protocol -Transfers files that make up the web pages of the World Wide Web.
 (SMTP) Simple Mail Transfer Protocol – Transfers mail messages and attachments.
 Telnet – Terminal emulation protocol that provides remote access to servers and networking devices.
 (FTP) File Transfer Protocol – Transfers files between systems interactively.

Transport Layer Protocols:

 Transport Layer is responsible for delivery of data to appropriate application.
 The 2 main Transport Layer protocols are TCP and UDP.

7.2.2.1 Transport Layer Protocols
TCP:
 Reliable, guaranteed-delivery protocol.
 A pipeline or persistent connection between hosts (connection-oriented protocol).
 Requires overhead, which includes extra bandwidth and increased processing.

UDP:
 Connectionless protocol which has low overhead.
 “Best effort” due to no error checking, guaranteed data delivery, or flow control.

 The Transport Layer protocol is determined by type of app data being sent.
 Before a TCP starts, source and destination hosts exchange messages to set up connection.
 This SYN, SYN-ACK, ACK activity between TCP processes on 2 hosts is 3-way handshake.
 TCP uses time-outs to resend data and sequence numbers to tell how to reorder segments.

7.2.3.1 TCP and UDP
 UDP = unreliable delivery protocol
 Total amount of UDP traffic found on network is low.

UDP Apps
 Domain Name System (DNS)
 Simple Network Management Protocol (SNMP)
 Dynamic Host Configuration Protocol (DHCP)
 RIP routing protocol
 Trivial File Transfer Protocol (TFTP)
 Online games

 Each TCP segment has 20 bytes of overhead in header.
 UDP datagrams only require 8 bytes of overhead.

7.2.4.1 Support Multiple Services
 TCP and UDP have header fields that uniquely identify different apps for data communications purposes.
 A source port and destination port are located in header of each segment/datagram.
 TCP or UDP places incoming segments in appropriate queue.
 Segments are then passed up queued application as quickly as it can accept them.
 Transport Layer protocols enable servers at ISP to host different applications and services simultaneously.
 In TCP, Clients are active and request connections, but servers are passive and listen for / accept connections.
 Server processes are statically assigned well-known port numbers 0 – 1023.
 Clients dynamically assign source ports 1024 – 65535. (return address)
 Transport Layer protocols keep track of source port and app that initiated request.
 Socket = Transport Layer port number and Network Layer IP address of host.
 Socket pair = source and destination IP addresses and port numbers.

Client Socket:
 192.168.1.1:8229

Web server Socket:
 10.10.10.101:80

Socket Pair:
 192.168.1.1:8229, 10.10.10.101:80

 Sockets enable multiple processes running on both client and server to distinguish themselves from each other.

7.3.1.1 TCP/IP Host Name
 Early Internet managed host names and IP addresses through HOSTS file on centrally administered server.
 The central HOSTS file contained mapping of host name and IP address for every device on early Internet.
 DNS uses distributed set of servers to resolve names associated with numbered addresses.
 A local HOSTS file can be used for troubleshooting or to override records found in a DNS server.

7.3.2.1 DNS Hierarchy
 DNS is hierarchical with many DNS servers all over the world.
 Domain names form hierarchy.
 A DNS server maintains specific database file and is responsible for mappings for its small portion of DNS structure.
 If DNS server receives request for translation not its DNS zone, server forwards request to another DNS server in proper zone for translation.
Resource Records and Domain Namespace:
 Resource record exists in database file of DNS zone.
 Identifies type of host, host IP address / parameter.
 Domain namespace is hierarchical naming structure for organizing resource records.
 Domain namespace = domains/groups and their resource records.

Domain Name System Servers:
 Maintain databases that store resource records/info of domain namespace structure.
 DNS servers resolve client queries using domain namespace and records in zone database files.
 If no name found in zone database, server uses other name servers to resolve query.

Resolvers:
 Apps or OS functions that run on DNS clients/servers.
 Resolver loaded on DNS client and creates query that is sent to DNS server.
 Resolvers also loaded on DNS servers to forward requests to other DNS servers.

 Root servers exist at top of hierarchy and maintain records how to reach top-level domain servers, which have records that point to second-level domain servers etc, etc.

Top-level domains are type of org or country of origin:
 .au – Australia
 .co – Colombia
 .com – a business or industry
 .jp – Japan
 .org – a nonprofit organization
 Root DNS server may not know exactly where hosts are located, but does have a record for the .com top-level domain.
 Servers within .com domain may not have a record for a particular host either, but do have a record for the particular domain.
 DNS servers within domain do have record for hosts and can resolve address.
 The name mjlilley.seaford.net.au = fully qualified domain name (FQDN)

7.3.3.1 DNS Name Resolution
 Resolver knows IP address of DNS server because it is preconfigured as part of host IP config.
 DNS server receives request from client resolver, it checks local records cached in memory.
 If unable to resolve IP address locally, server uses resolver to forward request to another DNS server.
 Name resolution info is sent back to original DNS server, which uses info to respond to initial query.
 During process resolving DNS name, each server caches info it receives as replies to queries.
 Cached info lets DNS server reply more quickly to later resolver requests.
 Cache info is stored for limited time because host name records periodically change.
 In early DNS resource records for hosts were added and updated manually.
 DNS protocol was changed to allow PCs to update their own record in DNS zone via dynamic updates.
 Dynamic updates let DNS client PCs register/update records with DNS server when changes occur.
 Dynamic updates on DNS server are not enabled by default.
 DNS servers maintain the zone database for a given portion of the overall DNS hierarchy. Resource records are stored within that DNS zone.

Forward Lookup Zones:
 Standard DNS zone that resolves fully qualified domain names to IP addresses.
 Zone type most commonly found when surfing Internet.
 When typing website address recursive query is sent to local DNS server to resolve that name to an IP address to connect to remote web server.

Reverse Lookup Zones:
 Special zone type that resolves an IP address to a fully qualified domain name.
 Some app use reverse lookups to identify PCs that are communicating with them.
 Reverse lookups on IP addresses can be found using “ping –a” command.

Primary Zones:
 Zone that can be modified.
 If new resource record needs to be added/updated/deleted, change is made on primary DNS zone. (authoritative for that DNS zone)
 Primary forward and primary reverse lookup zones exist.

Secondary Zones:
 Zone that is read-only backup and maintained on separate DNS server than primary zone.
 Receives updates to t zone info from primary server.
 Secondary forward and reverse lookup zones exist.

7.3.4.1 Implementing DNS Solutions
 More than one single way to implement DNS solutions.

ISP DNS Servers:
 ISPs have caching-only DNS servers which forward requests to root servers on Internet.
 Results cached and used to reply to future requests.
 # of cached DNS lookups is high.
 Large cache reduces network bandwidth and frequency of DNS queries forwarded to root servers.
 Caching-only servers do not store any name-to-IP mappings directly within database.

Local DNS Servers:
 Business may run own DNS server.
 Client PCs on network point to local DNS server, not ISP DNS server.
 Local DNS server maintains some authoritative entries for zone. (name-to-IP mappings)
 DNS server forwards requests that it cannot resolve.
 Local DNS servers have a small cache compared to the ISP DNS server.
 Some admins configure local DNS servers to forward all requests to DNS server of ISP.
 Local DNS server benefits from large #of cached DNS entries of ISP, instead of going through lookup process starting from root server.
 Losing access to DNS servers = blind to public resources.
 When an org registers domain name on Internet, a min of 2 DNS servers must be given rego.
 Redundant DNS servers provide fault tolerance.
 Multiple DNS servers that host zone info are located on different physical networks.
 Primary DNS zone info stored on DNS server on local business premises.
 ISP hosts an additional secondary DNS server for fault tolerance.
 DNS servers must be protected using firewalls/security measures, because If DNS fails other web services are not accessible.

7.4.1.1 Services
ISPs services:
 email hosting
 website hosting
 e-commerce sites
 file storage and transfer
 message boards and blogs
 streaming video and audio services

 Most common TCP/IP Application Layer protocols are HTTP, FTP, SMTP, POP3, and IMAP4.

7.4.2.1 HTTP/S
 Originally developed to enable retrieval of HTML-formatted web pages.
 Now used for distributed, collaborative info sharing.
 Most ISPs use HTTP version 1.1 to provide web-hosting services.
 Version 1.1 enables single web server to host multiple websites.
 Permits persistent connections, reducing time taken to initiate new TCP sessions.
 HTTP specifies request/response protocol. (defines message types)
 HTTP is not a secure protocol. (request/response in plain text)
 HTTPS specifies more rules for data between Application Layer and Transport Layer.

URL identifies:
 Protocol being used
 Domain name of server being accessed
 Location of resource on server

 Web server apps allow short URLs because easier to write down, remember or share.

Proxy server:
 Lets clients make indirect network connections to other network services.
 Device in communications stream that acts as a server to client and a client to server.
 Caches pages or resources for a configurable amount of time.

 Speed – Caching lets resources requested by one user to be available to other users.
 Security – Intercept viruses/malicious content.
 Filtering – Filter unsuitable/offensive web content.

HTTPS:
 HTTPS is HTTP over secure socket layer (SSL).
 Uses same client request-server response process as HTTP.
 Data stream is encrypted with SSL before being transported across network.
 When HTTP data stream arrives at server, TCP layer passes it up to SSL in Application Layer of server where it is decrypted.
 Max # of simultaneous connections server can support for HTTPS is less than HTTP.

7.4.3.1 FTP
 Connection-oriented protocol uses TCP between a client/server FTP process.
 Includes protocol interpreter (PI) and a data transfer process (DTP).
 PI/DTP are 2 separate processes that work together to transfer files.
 FTP requires 2 connections between client/server, 1 for control info/commands, and another for actual file data transfer.

Protocol Interpreter (PI):
 Main control connection between FTP client & FTP server.
 Establishes TCP connection and passes control info to server. (commands)

1. User PI sends connection request to server PI on port 21.
2. Server PI replies and connection is established.
3. While TCP control connection open, server PI process begins login sequence.
4. User enters details through interface and completes authentication.
5. Data transfer process begins.

Data Transfer Process:
 Separate data transfer function on port 20.
 Enabled only when user wants to actually transfer files to/from FTP server.
 DTP connection closes automatically when file transfer is complete.

Active Data Connections:
 Client initiates request to server and opens port for expected data.
 Server connects to client on that port and file transfer begins.

Passive Data Connections:
 FTP server opens random source port (+ 1023) and forwards its IP address and random port number to FTP client over control stream.
 Server waits for connection from FTP client to begin data file transfer.

 ISPs support passive data connections to their FTP servers.
 Firewalls often do not permit active FTP connections to hosts located on inside network.

7.4.4.1 SMTP, POP3 & IMAP4
 Email clients communicate with mail servers to send/receive email.
 Mail servers communicate with other mail servers to transport messages across domains.
 Clients send messages to email server/s configured in app settings.
 Server receives message and checks if recipient domain is on its local database.
 If no, it sends DNS request to find mail server for destination domain.
 Email is sent to appropriate server.
 SMTP = Application Layer process that sends mail.
 POP3 or IMAP4 = Application Layer process that retrieves client mail.

 SMTP message formats require message header and message body.
 Message body can contain any amount of text.
 Header must have recipient email address and sender address.

 SMTP process uses port 25.
 If destination email server offline/ busy when email messages are sent, SMTP spools messages to be sent later.
 Later, server checks queue for messages and tries to send them again.
 If message is still not delivered after expiration time, returned to sender as undeliverable.

 @ symbol separates account and domain name of server.
 When DNS server receives query with an @ symbol, this indicates to DNS server that it is looking up IP address for mail server.
 Mail servers are identified in DNS by an MX record indicator.
 Mailbox location on destination mail server is determined by account specified.
 Message remains in mailbox until recipient connects to server to retrieve email.
 If mail server receives email message for an account that does not exist, email is returned to sender as undeliverable.

POP3:
 Post Office Protocol – Version 3 (POP3) allows a PC to retrieve mail from a mail server.
 Mail is downloaded from server to client and deleted on server.
 Server starts POP3 service listening on TCP port 110 for client connection requests.
 Client sends a request to establish a TCP connection with server.
 After connection is established POP3 server sends greeting.
 Client/POP3 server exchange commands/responses until connection closed/aborted.
 POP3 is undesirable for a small business that needs backup solution.
 POP3 is desirable for ISP, because it relieves large amounts of storage for email servers.

IMAP4:
 Internet Message Access Protocol (IMAP4) retrieves email messages.
 Copies of messages are downloaded to client app.
 Original messages are kept on server until manually deleted.
 Users can create folders on server to organize/store mail.
 File structure is duplicated on the email client.
 When user deletes message, server synchronizes action and deletes message from server.
 Provides long-term storage and allows employees to access email from multiple locations.
 For ISP, IMAP may be $$$ to purchase, maintain disk space and back ups.

Leave a Response »

Cisco Disco 2 Ch.6 Monday, Oct 26 2009

Uncategorized Chisholm, Cisco, Discovery 2, Kangan mjlilley 9:47 am

CHAPTER-6-CS12Fr-Disc2v4.1-07/09-Tues/Fri-MK

6.1.1.1 Routing Basics

Sub-netted networks needs router to pass traffic across subnets.
Routing table contains all locally connected networks and interfaces connected to each network.
Different interfaces belong to different IP network.
Router determines route/path by looking up info stored in routing table.
Routing table has info about routes that router uses to reach remote networks.

Routes can be:

Static – assigned to router by admin.
Dynamic – assigned to router by different router via routing protocol.

Route components:

Destination value.
Subnet mask.
Gateway/interface address.
Route cost/metric.

Router examines destination IP address in packet to find where to forward packet.
Then router looks in routing table for matching destination value.
Destination value = destination network address.
Router must determine which bits of IP address are network and which bits are host.
Router looks up subnet mask of each route in table and compares each subnet mask to destination IP address in packet.
This network address then compared to network address of route in table.
When match is found packet is forwarded out interface/gateway.
If network address matches more than 1 route in table, then router uses most specific/longest network address match.
Routing protocol rules determine where packet is sent if more than one route to destination network.
If no route entries match then router sends packet to gateway of default route.
If no default route is configured packet is dropped.
‘Show ip route’ displays routes in routing table.

Directly Connected Routes:

When interfaces are operational, router stores connected routes in routing table.
Directly attached, local-network addresses are identified in routing table with prefix C.
Routes are automatically updated when interface is reconfigured /shut down.

Static Routes:

Admin manually configures static route to specific network.
A static route does not change.
These routes are identified in routing table with prefix S.

Dynamically Updated Routes:

Automatically created/maintained by routing protocols.
Protocols exchange routing info with other routers in network.
Dynamically updated routes are identified in routing table with prefix of protocol.
Routing Information Protocol (RIP) uses prefix R.

Default Route:

Type of static route that specifies gateway when routing table does not have destination network. (Usually point to next router in path to ISP)

Routing tables only contain info about next hop along path which is typically a directly-connected network within routing table.
Eventually message gets passed to router that is directly connected to destination host.
Routing info between intermediate routers on a path is only network addresses.
Final router sees destination address in routing table and says “hey look – that’s here!”

Configuring Static Routes:

Connect to router using a console cable.
Open a HyperTerminal window to connect with first router that you want to configure.
Enter privileged mode
Enter global configuration mode.
Use ‘ip route’ command to configure static route.

R1>enable

R1#

R1#config terminal

R1(config)#ip route <destination_network> <subnet_mask> <gateway_address>

R1(config)#ip route <destination_network> <subnet_mask> <exit_interface>

To enable two-way communication with a host on another network, admin also configures a static route on that router also.
Larger networks generally use dynamic routing to save admin time.

6.1.2.1 Routing Protocols

Because routes can change very quickly, routers need to quickly update routes and not depend on admin to change manually.
Routing protocols dynamically manage info from own interfaces and other routers.
Protocols are also configured to manage routes entered manually.
Dynamic routing saves time in configuring static routes.
Dynamic routing lets routers react to changes in network and adjust routing tables.
Dynamic routing protocols learn all available routes, put best routes into table and delete routes that are no longer valid.
Routing protocol method to determine best route = routing algorithm.
Classes of routing algorithms: distance vector and link state.
When all routers in network have updated tables = routers converged.
For 2 routers to exchange routes, they must use same routing protocol/routing algorithm.

Distance vector routing algorithm passes copies of the routing table from router to router every so often, which communicate topology changes.

Distance – How far away is network from this router?
Vector – In which direction should packet be sent to reach this network?

Distance:

a) Number of hops

b) Administrative cost

c) Bandwidth

d) Transmission speed

e) Likelihood of delays

f) Reliability

Vector (direction):

Address of next hop along path to network named in route.

Distance vector routing = routers sending info to neighbours.
Interface that leads directly connected network has distance = 0..
Routes receive routing table from its neighbour routers and adds 1 to metric.
Best path is one with shortest distance/metric.
Routing table updates also occur when topology changes.

6.1.3.1 Common Interior Routing Protocols

Routing Information Protocol (RIP) (RFC 1058) = distance vector routing protocol.

RIP characteristics:

Uses hop count as metric for path selection.
Hop count greater than 15 as ‘unreachable’ route.
Sends routing table contents every 30 seconds.

Router uses local network address of directly connected router that sent update as next hop.
Triggered updates = after updating routing table, router transmits routing updates to other network routers. (sent independently of regular scheduled updates)
RIP is simple and easy to implement = widely used and popular.

RIP disadvantages:

Max = 15 hops, used for networks with no more than 16 routers in series.
Sends complete copies of entire routing table to neighbours. (high overhead)
Converges slowly on larger networks when network changes.

RIPv1 & RIPv2.
RIPv2 supports classless routing (subnet mask info in routing updates)
RIPv1 used if equipment cannot support RIPv2.

Enhanced Interior Gateway Routing Protocol (EIGRP):

Cisco-proprietary Routing Protocol that works on distance vector routing protocol.
Developed to address limitations of other distance vector routing protocols (RIP).
EIGRP uses # of metrics: configured bandwidth value & route delay encountered.

EIGRP characteristics:

Variety of metrics used to calculate cost of route.
Combines next hop/metric with database/update features.
Max hop count =224.

Does not rely on routing table to hold all the info it needs to operate.
Creates 2 database tables: neighbour table and topology table.
Neighbour table info = interface IP addresses, interface type and bandwidth.
Builds topology table from its neighbour’s advertisements. The topology table contains all the routes advertised by the neighbour routers.
Diffused Update Algorithm (DUAL) calculates shortest path to destination within network and puts this routing table.
Router running EIGRP uses topology table to find best alternate path quickly when network changes.
If no alternate route, then EIGRP asks neighbours to find a new path to destination.

Link-state Protocol:

Link-state routing algorithm maintains full database of distant routers and interconnects.

Link-state routing features:

Routing table – List of known paths/interfaces.
Link-state advertisement (LSA) – Small packet of routing info sent between routers. (Describes state of router interfaces/links and other info (IP addresses).
Topological database – Mass of info from all LSAs received by router.
Shortest Path First (SPF) algorithm – Calculation performed on database = SPF tree.
SPF tree is map of network that is used to build routing table.
When new LSA packet causes change to link-state topological database, SPF recalculates best paths and updates routing table.

Open Shortest Path First (OSPF):

Non-proprietary, link-state routing protocol (RFC 2328).

OSPF characteristics:

Uses SPF algorithm to calculate lowest cost to destination
Sends routing updates when topology changes
Fast convergence
Supports Variable Length Subnet Mask (VLSM) /discontiguous subnets
Route authentication

Routers send LSA’s in OSPF networks when network changes, for example.
Routers affected by topology change send updated LSAs to rest of network.
Routers in network update topology databases, regenerate SPF trees, find new shortest paths to networks and update routing tables with changed routes.
OSPF needs more router resources (RAM & CPU), is an advanced networking protocol that needs experienced support staff.

6.1.4.1 Routing within an Organisation

Routing protocols use different metrics.
RIP selects path with fewest hops.
EIGRP selects path with highest bandwidth and least delay.

Metrics used in IP routing protocols:

Hop count – # of routers packet must travel through.
Bandwidth – Bandwidth of specific link.
Load – Traffic on specific link.
Delay – Time a packet takes to travel path.
Reliability – Chance of link failure (interface error count or previous link failures).
Cost – Determined by Cisco IOS/network admin to indicate preference for route.

- Cost can be a metric, a combo of metrics or a policy.

More than one routing protocol may be enabled on router.
Router uses administrative distance (AD) or “trustworthiness” of route.
Lower AD = more trustworthy route.
Static route AD = 1: RIP-discovered route AD = 120.
If 2 separate routes lead to same destination, router chooses route with lowest AD.
Directly connected route AD = 0 takes precedence over static route AD = 1.
Multiple routing protocols must be used sometimes.
When designing network use only one routing protocol for entire network because its easier to support/troubleshoot.
Use static routes for small networks with 1 gateway to Internet.
If you have 15 or less routers use RIPv2 because it works well and is easy to configure.
EIGRP and OSPF are used for larger networks.

Consider:

Ease of management – What info does protocol keep about itself?
- Which show commands are available?
- Ease of configuration – How many commands does average configuration need?
  - Can you set-up several routers in network with same configuration?
  - Efficiency – Bandwidth used by routing protocol in steady state?
  - Bandwidth used when converging in response to major network event?

6.1.5.1 Configuring and Verifying RIP

Popular distance vector protocol.
Good choice for small networks with multiple routers.
Prior to configuring RIP, assign IP addresses and enable all physical interfaces that will participate in routing.

RIPv2 commands:

Router(config)#router rip
Router (config-router)#version 2
Router(config-router)#network <network address>

When config complete, compare t running configs with accurate topology diagram to verify the network numbers and interface IP addresses. (easy to make a simple data entry error).
Ping devices on remote networks to verify that routing is working properly.

‘Show ip protocols’ and ‘show ip route’ at CLI prompt to verify RIP working.

Show ip protocols = RIP routing is configured, correct interfaces are sending/receiving RIP updates and router is advertising correct networks.
Show ip route = routing table, verifies routes received by RIP neighbours are in routing table.
Debug ip rip = shows networks in routing updates as sent/received. (real time – router resources)

6.2.1.1 Autonomous Systems

Internet is too large for single organization to manage all routing info needed to reach every destination around world.
Internet is divided up into collections of networks called Autonomous Systems (AS).
AS’s are independently controlled by different organizations and companies.
AS is set of networks controlled by single administrative authority and uses same internal routing policy in system.
AS’s are identified by unique AS number (ASN).
ASN’s are controlled/registered on Internet.
An ISP is most common example of an AS.
All network devices within AS routing domain use same ASN.
If a company spans different ISPs, they are registered as their own AS and are assigned their own ASN.

6.2.2.1 Routing Across the Internet

Interior Gateway Protocols (IGPs):

Used to exchange routing info within AS/organization.
Finds best path through internal network.
Used on routers inside an org.
RIP, EIGRP & OSPF.

Exterior gateway protocols (EGPs):

Used to exchange routing info between different AS’s.
Serves as translator to ensure external routing info gets interpreted ok inside AS network.
EGPs run on exterior routers (border gateways/boundary routers).
Exterior routers exchange info on how to reach networks by using exterior protocols.
Exterior routing protocols find best path through the Internet by determining best sequence of AS’s.
95% of autonomous systems use Border Gateway Protocol (BGP).
Current version of BGP is version 4 (BGP-4) described in RFC 4271.
AS’s are responsible for telling other AS’s about which networks can be reach through them.
AS’s exchange ‘reach-ability’ info with each other via exterior routing protocols.

Journey of a packet routed across the Internet:

Source host sends packet destined for remote host in another AS.
Destination IP address of packet is not local so interior routers pass packet along default routes until it arrives at exterior router at edge of local AS.
Exterior router maintains database of all connected AS’s. (reach-ability database)
Exterior router directs packet to next hop on path – and arrives at neighbouring AS.
Packet arrives at neighbouring AS, where exterior router checks own reach-ability database and forwards packet to next AS on path.
Process repeated until exterior router at destination AS recognizes destination IP address of packet as internal network in that AS.
Final exterior router directs packet to next hop interior router listed in its routing table.
Packet is treated like local packet and directed through interior routing protocol next hops until arrival at destination host.

6.2.3.1 Exterior Routing Protocols & the ISP

Exterior Gateway Protocols let traffic to be routed across Internet to remote destinations.
ISPs can set/enforce policies and local preferences so traffic flow through ISP is efficient and that no internal routes are loaded with transit traffic.
In normal conditions ISP advertises regular route to other AS’s.
If regular route fails ISP sends an EGP update message to advertise backup route instead.

Local traffic – Traffic carried within AS that originated/intended to be delivered within same AS. AKA local street traffic.
Transit traffic – Traffic that was generated outside AS and travels through internal AS network to be delivered to destination outside AS. AKA passing through traffic.
Flow of traffic between AS’s is controlled. Ability to limit/prohibit certain types of messages from going to or from AS for security or prevent overloading.
Many AS network admins elect not to carry transit traffic which can cause routers to overload and fail should they not have capacity to handle large amounts of traffic.

6.2.3.1 Exterior Routing Protocols & the ISP

When ISP puts router at customer location it’s configured with default static route to ISP.
ISP may want router to be included in AS and participate in BGP.

Configure the AS number:

<CT>#router bgp <AS_number>

Identify ISP router that is BGP neighbour which (CPE) router exchanges info:

<CR>#neighbor <IP_address> remote-as <AS_number>

Use BGP to advertise an internal route:

<CR>#network <network_address>

IP addresses used for BGP are registered, routable addresses that identify unique organizations.
In very large organizations private addresses may be used in BGP process.
On Internet BGP should never be used to advertise private network address.

Leave a Response »

Cisco Disco2 Ch.5 Saturday, Oct 24 2009

Uncategorized Chisholm, Cisco, Discovery 2, Kangan mjlilley 9:45 am

CHAPTER-5-CS12Fr-Disc2v4.1-07/09-Tues/Fri-MK

5.1.1.1 ISR

ISR combines routing, LAN switching, security, voice, and WAN connectivity into single device.
Internetwork Operating System (IOS) enables device to send & receive network traffic.
IOS software is called an image.
Entry-level image = IP Base image.
Other images add services to IP Base image.
Advanced Security image = private networking and firewalls.
Different types/versions of IOS images are designed to operate on specific models of routers, switches & ISRs.
Know which image /version is loaded on device prior to config.

5.1.2.1 Physical Setup of the ISR

Cisco 1841 ISR shipping items:

RJ-45 to DB-9 console cable.
DB-9 to DB-25 modem adapter.
Power cord.
Product registration card (Cisco.com card).
Compliance and safety info for Cisco 1841 routers.
Router and Security Device Manager (SDM) Quick Start guide.
Cisco 1800 Series Integrated Services Router (Modular) Quick Start guide.

Tools and equipment needed to install routers and modules:

PC with a terminal emulation program, such as HyperTerminal.
Cable ties and a No. 2 Phillips screwdriver.
Cables for WAN interfaces, LAN interfaces, and USB interfaces.
Any other equipment/modules to connect to device.

Read Quick Start guide and other docs prior to installation.

Steps to power up 1841 ISR:

1. Securely mount and ground device chassis/case.
2. Seat external compact flash card.
3. Connect power cable.
4. Run terminal software and connect console port on PC.
5. Turn on the router.
6. Watch start-up messages on PC as router boots up.

5.1.3.1 Boot-up Process

1. Run POST and load bootstrap program.
2. Find & load Cisco IOS software: flash memory (default), TFTP server or other.
3. Find & run start-up config file (in NVRAM)or enter setup mode.

If no config file is found, router prompts user to enter setup mode and config manually.
Router hostname prompt indicates that router has loaded IOS config file.

Start-up Configuration File:

Saved config file that sets properties of device each time it is powered up.
When start-up config file is loaded into RAM, initial running configuration.

Running Configuration File:

Current config running in RAM on device.
Contains commands which controls how device operates on network.
Running config is lost when device is shut down.
Manually copy running config to start-up configuration file in order to save running config.

Show version command:

Cisco IOS software version being used.
Version of system bootstrap software (ROM).
Cisco IOS filename & location.
CPU &RAM stats.
# / type of physical interfaces.
Amount of NVRAM.
Amount of flash memory.
Current config value of software config register (HEX).

Boot failure = corrupt or missing Cisco IOS file, or insufficient memory to load IOS image.
Router boots up in ROM monitor (ROMmon) mode to troubleshoot boot errors and recover router when IOS is on holidays.
First step in troubleshooting boot failure is to look in flash memory for a valid image.
- rommon1>dir flash:

After finding image, attempt to boot.
- rommon1>boot flash:c2600-is-mz.121-5

If router boots properly check config register to see if set for default boot sequence.
If value ok, use show start-up config command to see if boot system command telling router to load Cisco IOS image from a different location.

5.1.4.1 Cisco IOS Programs

Out-of-band Management:

PC with terminal emulation software and directly connected to console port/auxiliary port (AUX) of device being configured.
Used to initially configure a network device.

In-band Management:

PC with Telnet, HTTP or SSH software and Ethernet connection to device with appropriate interface up.
Used to monitor/configure changes to device over network connection.

Nearly all Cisco networking devices use similar CLI.
When “Router> “prompt appears, CLI is active and waiting for Cisco IOS commands.
Once familiar with commands/operation, CLI is easy to monitor/configure different devices.
CLI has help system that aids users in setting up/monitoring devices.
Security Device Manager (SDM) is web-based device management tool (GUI) that can be used only for in-band management.
SDM Express uses a step-by-step approach to simplify initial router config.

Full SDM features:

Configure more LAN/WAN connections.
Create firewalls.
Configure VPN connections.
Perform security related tasks
SDM is free on most Cisco routers and supports different versions of IOS.
SDM is pre-installed in flash memory on Cisco 1800 Series ISR.
Router is configured using SDM via a preset network port on router.
Being familiar with CLI and SDM methods is critical because not all Cisco devices support SDM and not all CLI commands are available through SDM.

5.2.1.1 Cisco SDM Express

If adding a poorly configured device, entire network may fail.

Best practices:

Obtain & document all info prior to configuration.
Create network diagram with cable connections.
Make a tick sheet of config steps.
Verify config setup by using simulator.
Update network documentation and copy/store safely.

Cisco SDM Express comes with Cisco Router and makes it easy to create basic router config.
Connect Ethernet cable from PC NIC – Ethernet port specified in quick start guide of router.

SDM Express – 8 screens to create a basic router config:

Overview
Basic Config
LAN IP Address
DHCP
Internet (WAN)
Firewall
Security Settings
Summary

After initial step by step config, router is available on LAN.
Router can also be configured with a WAN connection, firewall and up to 30 security enhancements.

5.2.2.1 SDM Express Config Options

Required info:

Host name – name given to router being configured.
Domain name for org. – e.g.: cisco.com or .whateva
Username/password – used to access SDM Express and configure/monitor router. 6+ characters long.
Enable secret password – controls user access to router, used to make config changes with CLI, Telnet or console ports. 6+ characters long.
IP address – LAN interface address (dotted-decimal)
Subnet mask – Identifies network portion of IP address.
Subnet bits – # of bits used to define network portion of IP address.
Wireless parameters (Optional) – if router has wireless interface. Specifies SSID of network.
DHCP – select Enable DHCP Server on LAN Interface checkbox. IP addresses are leased to hosts for one day. Valid address range depends on IP address/subnet mask of LAN interface.
Domain name of org – given to hosts as part of DHCP config.
Primary domain name server – IP address of primary DNS server. URL and name resolution.
Secondary domain name server – IP address of a secondary DNS sever. Primary DNS back-up.

5.2.3.1 Configuring WAN Connections using SDM Express

WAN network connections require a telecommunications service provider (TSP).
Serial connections = low speed links with additional config.
Before setting up connection, find connection type/protocol encapsulation needed.
Protocol encapsulation = same at both ends of connection.
Some encapsulation types need authentication –username/password,

Encapsulation types:

Frame Relay – Packet-switched data link layer protocol that handles multiple virtual circuits.
High Level Data Link Control (HDLC) – Bit oriented data-link layer protocol developed by ISO.
Point-to-Point Protocol (PPP) = Direct connection between 2 devices. Serial, phone, radio & fibre-optic links.

WAN parameters:

Static IP address – Use with Frame Relay, PPP and HDLC encapsulation types.
IP unnumbered – Serial interface address matches IP address of other up interface/s of router. Use with Frame Relay, PPP and HDLC encapsulation types.
IP negotiated – Router obtains IP address automatically via PPP.
Easy IP (IP Negotiated) – Router obtains IP address automatically via PPP.

5.2.4.1 Configuring NAT using Cisco SDM

NAT requires the use of SDM, not SDM Express!
By default, Basic NAT Wizard configures Dynamic NAT with PAT.
Verify that all address ranges that need access to the Internet are included.

Steps to configure NAT:

Step 1. Enable NAT config using SDM.
Step 2. Work through Basic NAT Wizard.
Step 3. Select interface & set IP ranges.
Step 4. Review config.

5.3.1.1 Command Line Interface Modes

CLI Command Modes:

User EXEC mode = router is powered up – access level defaults to this mode.

Router>

Commands limited to obtaining info about how device is operating, troubleshooting using show commands and ping/trace-route utilities.

Privileged EXEC mode changes device operation.
Type ‘enable’ at command prompt and press ‘enter’.

Router#

Type ‘disable’ to turn off privileged mode and return to user mode.
Modes can be protected with password or username/password combo.
From privileged EXEC mode a user can access other config modes.
Commands are issued to ‘running config’ file using terminal connection and being in global config mode (type ‘conf t’).

Router# configure terminal

Router(config)#

Commands entered here have immediate effect and can alter operation of router.
From global configuration mode a user can enter other sub-modes.
Configure LAN and WAN interfaces by entering ‘Interface configuration’ mode .
Router(config)# interface <interface type & number/s>

Router(config-if)#

Router mode is used to configure routing parameters.

Router(config)# router rip
Router(config-router)#

5.3.2.1 Using the Cisco IOS CLI

Context sensitive help feature = Entering ‘help’ or ‘ ? ‘ prompt to show description of help system.

Router# help

Enter as much of command as possible, followed by ‘?’ to provide options for command completion (no space).
To receive options for specific command enter part of the command followed by a space and then ‘?’. This shows a list of possible variations.
If nothing matches, this indicates command string is not supported.
The ‘%’ symbol marks beginning of an error message.

% Incomplete command

If this happens use ‘?’ to get a list of available options.
If an incorrect command is entered an error message displays:

% Invalid input detected

Caret symbol (^) appears at place in command string where incorrect/unrecognized character is. If this happens then return to place where error was made and use help or ‘?’ to find correct command to use.
Command history is enabled by default. System records 10 command lines in history buffer.
‘Terminal history size’/’history size’ command changes # of command lines. Max = 256.
Router# terminal history size <number>

This command displays command history
Router# show history

Ctrl-P / Up Arrow key or Ctrl-N / Down Arrow key recalls recent commands.
CLI recognizes partially typed commands based on first unique character, then press ‘TAB’ for auto-complete.
On most PC’s, select and copy functions are available using function keys.

5.3.3.1 Using Show commands

Use show commands for viewing config files, checking device interfaces/processes and verifying device status.

Some show commands:

show running-config
show interfaces
show arp
show version
show ip route
show protocols

5.3.4.1 Basic Configuration

Initial config of Cisco IOS device is configuring device name and passwords used to control access.

Router(config)# hostname <name>

Router(config)# enable password <password>

Router(config)# enable secret <password>

Enable password is not encrypted by default.
If enable password is set then enable secret password, enable secret command overrides enable password command.

Banners:

Never configure a banner that welcomes an unauthorized user.
2 types of banners: message-of-the-day (MOTD) and login info.
Users are able to change one without affecting entire banner message.
To configure banners use commands ‘banner motd’ and ‘banner login’.
‘#’ is used at start/end of the message and allows for a multiline banner.

Router# banner motd #unauthorised access granted!!#
Router# banner login #Do as you please?#

Synchronous Logging:

When messages occur in the middle of typing a command use ‘logging synchronous’ to stop it from annoying you!

Disabling Domain Lookup:

‘No ip domain-lookup’ command turns off default feature of router resolving unknown names entered in enable mode.

Setting password for console connection access prevents unauthorized users from accessing user mode from console port (from global config mode).

Route(config)# line console 0

Router(config)# password <password>

Router(config)# login

When router is accessed over network connection it is called ‘vty connection’.
Configure password for vty port.

Route(config)# line vty 0 4

Router(config)# password <password>

Router(config)# login

Different passwords can be set for each connection by specifying ‘line vty <#>’.

Use ‘show running-config’ command to verify passwords.
If running config is changed copy to startup config file or lose changes when device is powered down.

Router(config)# copy run start

5.3.5.1 Configuring an Interface

Router interface connecting to network has an IP address/subnet mask that is within host range for that network.
Serial and Ethernet interfaces are the most common interfaces on router
WAN needs serial connection through an ISP.
Serial interfaces need a clock signal to control the timing of the comms.
Data communications equipment (DCE) devices provide clock rate.
CSU/DSU is needed if WAN is digital. Modem is required if the WAN is analog.
If 2 routers are connected together using a serial connection, one router must be DCE device with clock rate and other router must be DTE device.
To config an interface on the router enter global config mode.

Configure an interface:

Specify type of interface and port number.
Specify a description of interface
Configure interface IP address/subnet mask.

Set clock rate (DCE only).
Enable interface.

To turn off interface for maintenance/troubleshooting use ‘shutdown’ command.
Serial interface is designated by 3 digits – C/S/P. C=Controller#, S=Slot# and P=Port#.
FastEthernet ports designation is 2 digits – C/P. C=Controller#, and P=Port#.

5.3.6.1 Configuring a Default Route

Routers examine routing tables to determine where to forward packets on route to destination network based on destination IP address specified in packet.
If router does not have a route to specific network in routing table, then default route is configured to tell router where to forward packet.
Default route usually points to next hop router on path to Internet.
Default route is IP address of the next hop router or interface router uses to forward traffic with unknown destination network.
Router(config)# ip route 0.0.0.0 0.0.0.0 <next-hop-IP-address>

Router(config)# ip route 0.0.0.0 0.0.0.0 <interface type/number>

5.3.7.1 Configuring DHCP Services

DHCP Router simplifies IP address management.

Create DHCP address pool.
Specify network/subnet.
Exclude specific IP addresses.
Specify domain name.
Specify t IP address of DNS server.
Set default gateway.
Set lease duration.
Verify config.

5.3.8.1 Configuring Static NAT Using Cisco IOS CLI

Enables hosts internal private addresses to participate on Internet.
Devices on internal network that communicate through external interface, addresses are translated to registered IP addresses.
To provide external users address to an internal server is configure static translation.

Specify inside interface.
Set primary IP address of inside interface.

Identify inside interface using ‘ip nat inside’ command.
Specify outside interface.
Set primary IP address of outside interface.
Identify outside interface using ‘ ip nat outside’ command.
Define static address translation.
Verify config.

‘Show ip nat translations’ command displays static/dynamic translations that have been created by traffic.
Translations are identified by protocol & inside/outside – local/global addresses.
‘Show ip nat statistics’ command displays info about # of active translations, NAT config info, ? # addresses in pool and ? # allocated.
‘Show run’ command also displays NAT config.
Dynamic NAT translation entries time out after 24 hours (default) or use ‘clear ip nat translation’ command in enable mode.
Only dynamic translations are cleared from table, static translations are not cleared from translation table.

5.3.8.1 Backing Up a Cisco Router Configuration

When router is configured save running config to start-up config file.
Also save config file in another location – ie: network server (If NVRAM fails/corrupt)
TFTP server must be accessed by router via network connection.

Option A

Copying config file:

Enter ‘copy startup-config tftp’ command.
Enter IP address of host where config file will be sent/stored.
Enter name of configfile or accept default.
Confirm each choice = yes.

Running config can be sent/stored on TFTP server – ‘copy running-config tftp’ command.

Restoring config file:

Router must have 1 interface config and TFTP server access to restore back-up config file.
Enter ‘copy tftp running-config’ command.
Enter IP address of where TFTP server is located.
Enter name of config file or accept default.
Confirm config filename and TFTP server address.
Use ‘copy run start’ command to ensure that restored config is saved.

Router reboot is necessary after copying tftp file to start-up config then load into running configuration.

Option B

Copying config file:

Capture output of ‘show running-config’ command from terminal session and, paste it into a text file – save text file.

Select Transfer.
Select Capture Text.
Choose name for text file.
Select Start to start capturing text.
Use ‘show running-config’ command to display config info.
Press spacebar whenever ‘More’ appears.

After whole config has been displayed:

Select Transfer.
Select Capture Text.
Select Stop.

Save the config. And open in Notepad.
Edit file to remove/add extra text. Ie:”building configuration” message and ‘no shutdown’ command at end of all interface sections.

Restoring config file

Remove any other configs from the router ‘erase startup-config’ command in enable mode. Restart router using ‘reload’ command.

Enter router global config mode.
Select Transfer > Send Text File in HyperTerminal.
Select name of file.
Restore startup configuration with ‘copy run start’ command.

5.4.1.1 Installing the CPE

Customer premises equipment (CPE) include devices like routers, modems and switches.
Planning enables options to be explored on paper = easy and cheap to correct errors.
ISP technical staff meet with business customers for planning.
In planning sessions technician determines config of router to meet customer needs/network software which can affected by new installation/upgrade.
Technician works with customer‘s IT personnel to decide which router config to use & develop procedures to verify router config.
After this info is compiled a config checklist is completed.
Config checklist lists most commonly configured components and an explanation of each. As well as its config setting.
The checklist tool ensures correct configs on new router installations and is helpful for troubleshooting previously configured routers.
Devices are configured/tested at ISP site before installation at customer site.
Network technician is responsible for router configuration/verification.
All network, power & management cables, manufacturer documentation & software, config docs and special tools needed for installation are gathered.
An inventory checklist verifies all equipment needed is accounted for.
Network technician signs & dates checklist, then packages it with router for shipping to customer site.
Find time that provides minimum amount of disruption for installation.
If network will be down for installation, network technician, ISP sales person, and the company rep collate router installation plan.
Plan shows who customer contact is and what site access arrangements are after business hours.
Installation checklist is used to ensure that equipment is installed appropriately.

Complete job in professional manner:

Ensure all network cables are labelled, fastened together & managed properly.
Secure excess lengths of cable are coiled out of way.
Update network diagrams/documentation to include current config of router, and location of installed equipment/cables.
After completing checklist, verify with customer rep.
Verification = demonstrating router is correctly configured and services work as expected
When customer rep is satisfied he/she signs and dates checklist (sign-off phase).
Entire process of configuration/installation on customer premises should be documented.
Includes all equipment configs, equipment diagrams and checklists for validation.
New configs are compared with previous configs to see how config has changed.
Activity logs track mods and access to equipment.
Installation/verification checklist is used when installing equipment.
Checklist shows tasks to be completed,helps avoid errors and ensures installation is done efficiently and correctly.
Customer receives a copy of the final documentation.

5.4.2.1 Customer Connection over a WAN

After customer equipment is upgraded, also upgrade type of ISP connectivity.

Wide Area Networks:

Use telecommunications service provider (TSP) to connect LANs at different geographical locations.
Networks that connect LANs in separated locations = wide area networks (WANs).
TSPs operate large regional networks over long distances.
Orgs lease connections through a TSP network, maintain policies/admin of LANs at ends of connection, but policies inside comms service provider network are controlled by ISP.
WAN connections can differ in connector type used, bandwidth and cost.
ISP/medium-sized business must assess type of WAN connection needed.

Point-to-Point:

Point-to-Point WAN connection = T1 or E1 link.
Comms path from customer premises through TSP network.
Dedicated circuit, fixed bandwidth and available all the time.
Point-to-point lines are leased from the TSP (leased lines).
Most expensive of WAN connections.
$$ based on bandwidth required and distance between two connected points.

Circuit-Switched:

Circuit-switched WAN connection = ISDN/dialup.
Works similar to way a phone call is made over phone network.
Connection opens the circuit to start transmission and closes t circuit to end it.

Packet-Switched:

Packet-switched WAN connection = Frame Relay
Networks have connections into the TSP switched network.
Customers share TSP network with each customer having its own virtual circuit Instead of circuit being physically reserved from source to destination.
Virtual circuit = logical path between sender / receiver (not a physical path)..

5.4.3.1 Choosing a WAN Connection

WAN choice largely dependent on bandwidth/cost of WAN connection.
+$ = SONET or ATM WAN connections.
-$ = DSL, cable and T1 connections.
Higher bandwidth WAN connections not available in isolated locations.
If close to urban centre = more WAN choices.
Consider use of connection. i.e: Internet services to provide, upstream bandwidth.
Service level agreement (SLA) with WAN connection affects choice.
Cheaper WAN connections have no SLA, but more expensive ones do.

Dialup 56Kbps $
Frame Relay 128Kbps – 512Kbps $ – $$
DSL 128Kbps – 6+Mbps $
Cable 128Kbps – 10+Mbps $
T1/E1 1.544/2.048 Mbps $$
T3/E3 44.736/34.368 Mbps $$$
SONET 51.84 – 9953.28 Mbps $$$ – $$$$
ATM 622Mbps $$$$

The ISP initiates upgrade process by finding customer needs and reviewing options.
Proposal is delivered addressing existing infrastructure, customer requirements and WAN options.

Existing Infrastructure:

Explanation of current infrastructure used by the business.
Aids customer understanding of how existing WAN connection provides services to home/business.

Customer Requirements:

Informs customer why WAN upgrade is necessary.
Shows where current WAN connection does not meet customers’ needs.
Has list of requirements new WAN connection must meet to satisfy customer requirements.

WAN Options:

Lists available WAN choices which includes bandwidth, cost and other features.
Recommended choice is shown and any other options.

5.4.4.1 Configuring WAN Connections

WAN connections support serial / Ethernet interfaces..
Leased-line = serial connection and needs channel service unit /data service unit (CSU/DSU) to connect to ISP network.
For a serial connection, preconfigured clock rate is set by DCE device (CSU/DSU).
DTE device (router)accepts clock rate set by DCE.
Cisco default serial encapsulation is HDLC.
PPP provides more flexible encapsulation and supports remote authentication.

5.5.1.1 Standalone Switches

Device that directs stream of messages from 1 port to another via destination MAC address within frame.
Cisco Catalyst 2960 Series Ethernet switch is fixed-configuration and designed for medium-sized networks.
Supports 10/100 Fast Ethernet and 10/100/1000 Gigabit Ethernet connectivity
Switches use Cisco IOS software and are configured using CLI or GUI-based Cisco Network Assistant.
Switches support half-duplex & full-duplex mode.
Half-duplex mode = port can either send or receive data but not both.
Full-duplex mode = port can simultaneously send and receive data (doubling throughput).
Port and device must be set to same duplex mode.
Switch port can use auto-negotiation, which allows switch to detect speed/duplex of device that is connected (enabled by default).
If the switch is in auto-negotiation mode and device does not support it, switch uses speed of device (10, 100, or 1000) and goes half-duplex mode.
Configure switch settings using Cisco IOS CLI.
IP-base software image comes with Cisco Catalyst 2960 switch (provides basic switching & IP services).

5.5.2.1 Power up the Cisco 2960 Switch

Check components.
Connect cables to switch.
Power up switch.

Power-on self-test (POST) begins.
LEDs blink while tests determine that switch is ok.
When SYST LED rapidly blinks green POST is finished
SYST LED turns amber if switch fails POST (repair switch).

5.5.3.1 Initial Switch Configuration

Configure/ manage switch options:

Cisco Network Assistant – PC based, GUI, configure/manage groups of switches.
Cisco Device Manager – Web based, stored in switch, quick config/monitor.
Cisco IOS CLI – Console port/Telnet.
Cisco-View Management Software – Shows switch image, part of SNMP platform.
SNMP Network Management Products – Used at large companies.

If using an IP-based/Telnet session to manage switch, configure a management IP address.
Use terminal emulation program to perform configuration tasks if switch has no IP address.
Switch is preconfigured and only needs basic security info assigned before being connected to network.
To use IP-based management tool / Telnet configure management IP address.
Address must be assigned to virtual local area network (VLAN) interface.
VLAN lets many physical ports be grouped logically together.

Switch>enable

Switch# configure terminal

Switch(config)# interface vlan 1

Switch(config-if)# ip address 192.168.1.2 255.255.255.0

Switch(config-if)# exit

Switch(config) #ip default-gateway 192.168.1.1

Switch(config)# end

Switch)# copy run start

5.5.4.1 Connecting the LAN Switch to the Router

LEDs on switch / router indicate connection is successful.
Use ‘show running-configuration’ command to verify IP address of switch (VLAN 1) and router interface are on t same local network.
Test connection from switch to router interface and from router to switch using the ping command.

Port security:

Limits number of valid MAC addresses allowed per port.
Port drops packets that contain source MAC addresses outside group of defined addresses.

Static:

MAC addresses manually assigned by using ‘switchport port-security mac-address <mac-address>’ command.
Addresses are stored in address table & added to running configuration.

Dynamic:

MAC addresses dynamically learned and stored in address table (default =1 per port).
Learned addresses are cleared from table if port is shutdown or if switch is restarted.

Sticky:

Same as dynamic, but addresses are saved to running config.

Before port security can be activated, set port on access mode: ‘ switchport mode access’
When port security is enabled, any violations will shutdown port.

Security violations:

Max # of secure MAC addresses has been added to address table, device with MAC address not in table tries to access port.
Address learned/config on a secure interface is seen on another secure interface in same VLAN.

To check port security settings use ‘show port-security interface’< interface-id> command.

Command display:

Maximum allowed number of secure MAC addresses for each interface.
Number of secure MAC addresses on interface.
Number of security violations that have occurred.
Violation mode

‘Show port-security address’ displays secure MAC addresses for all ports.
‘Show port-security’ displays port security settings for switch.

Clear learned MAC Address:

i. ‘Clear port-security sticky interface <port-number> access to clear learned addresses. Then, ‘shutdown’ , then re-enable port ‘no shutdown’ .
ii. Disable and re-enable port security using ‘no switchport port-security interface’ then ‘switchport port-security interface’ .
iii. Reboot switch(only if running config isn’t saved to start-up config).

If using the clear port-security command re-save the running configuration to startup configuration.
Disable any unused ports on a switch. (‘shutdown’ command).
Other security configs on switch = setting passwords on vty ports, enabling login banners, and encrypting passwords.

5.5.4.1 Cisco Discovery Protocol

CDP is an info gathering tool used on a switch, ISR or router to share info with Cisco devices.
CDP sends periodic messages (advertisements) onto its directly connected networks.
CDP uses Layer 2 only and can determine status of directly connected link with an ill-configured/incorrect IP address.
Two Cisco devices directly connected = neighbours.

CDP info:

Device identifiers – Configured host name
Address list – Layer 3 address, if configured
Port identifier – Directly connected port e.g: serial 0/0/0
Capabilities list – Function/s provided by device
Platform – Hardware platform of device e.g: Cisco 1841

‘Show cdp neighbors’ and ‘show cdp neighbors detail’ display info about Cisco directly connected neighbours.

<CT>#‘no cdp run’ – disable cdp globally.
<CIF>#‘no cdp enable’ – disable cdp on interface.

<CT>#‘ cdp run’ – enable cdp on globally.
<CIF>#‘cdp enable’ – enable cdp on interface.

CDP Disadvantages:
Disabled production networks for security purposes.
Consumes bandwidth and impacts network performance.

Leave a Response »

Cisco Disco2 Ch. 4 Monday, Oct 19 2009

Uncategorized Chisholm, Cisco, Discovery 2, Kangan mjlilley 8:44 am

CHAPTER-4-CS12Fr-Disc2v4.1-07/09-Tues/Fri-MK

4.1.1.1 Review of IP Addresses

Dotted-decimal notation = four octets each converted to a decimal number and separated by a dot or a decimal point.
Binary = 11000000.10101000.00000001.01101011
Dotted decimal = 192.168.1.107
IP addresses = hierarchy = family tree with parents at the top and children below them.
Part of 32-bit number identifies the network (parent).
Rest of the bits identify the host (child).
Early networks had an 8 bit network designation.
Later, 32-bit address space was put into five classes.
A, B, and C had addresses that were assigned to individual hosts or networks.
D and E are reserved for multicast and experimental use.
After this change routers needed to be programmed to search past first 8 bits to identify class B and C networks.
Class of a network is indicated by high-order bits.
If first bit is 0, the network is a Class A.
If first two bits are 10, the network is a Class B.
If first three bits are 110, the network is a Class C.
Early networks = 256 (8 bit)
Later networks = +2 million (32 bit)

Private Addresses

Class A

IP range = 10.0.0.0/8 – 10.255.255.255/8
Networks = 1
Hosts per network = 16,777,214
Total Hosts = 16,777,214

Class B

IP range = 172.16.0.0/16 – 172.31.255.255/16
Networks = 16
Hosts per network = 65,534
Total Hosts = 1,048,544

Class C

IP range = 192.168.0.0/24 – 192.168.255.255/24
Networks = 256
Hosts per network = 254
Total Hosts = 65, 024

4.1.2.1 Sub-netting a Network

RFC 917 Internet Subnets defines subnet mask as method routers use to isolate network part from an IP address.
Router uses destination IP address in packet and subnet masks associated in its routing table to find appropriate path to forward packet.
3 levels = a network, a sub-network, and a host.
Network address space is divided into multiple sub-networks by using bits from the host portion of address space to provide a new sub-net mask.
Fewer bits are now available for individual hosts.
Classful sub-netting = fixed-length sub-netting. (fixed # of sub nets & hosts)

Considerations when planning subnets:

# of hosts on each network needed.
# of individual local networks needed.

4.1.3.1 Custom Sub-net Masks

To create a custom subnet mask determine how many bits to take from host portion and add to the subnet mask.
For subnets use the equation: 2^n, where n = number of bits borrowed.
For hosts use the equation: 2^n-2, where n = number of bits borrowed.
More subnets = less hosts.
Less subnets = more hosts.
With classed sub-netting, the number of bits required for the subnet ID depends on two factors: the number of subnets created and the number of hosts per subnet.
In classful /fixed-length sub-netting all subnets must be the same size and all subnets have the same # of hosts.
Sub-netting also helps minimize traffic loads and adds security measures between networks.
An example of a situation that might require subn-etting is an ISP customer that has outgrown its initial network installation. In this network, the original small, integrated wireless router is overloaded with traffic from both wired and wireless users. Because of its relatively small size, a Class C address space is used to address the network.
To solve the problem of an overloaded network add 2nd networking device.
Good security practice to place wired and wireless users on separate local sub-networks.

4.1.4.1 VLSM & Classless INTER-Domain Routing (CIDR)

Older routers programmed with one subnet address/mask on an interface applied same mask to other network subnets in routing table.
Fixed-length subnet masks can waste a lot of IP addresses. \
By sub-netting subnets, variable length subnet masking (VLSM) allows an address space to be divided into networks of various sizes.
Newer routers receive routing info which includes IP address of network and the subnet mask info which shows how many bits make up the network portion of IP address.
Classless Inter-Domain Routing (CIDR) was proposed in RFC 1519 and accepted.
CIDR identifies networks based on # of bits in network prefix, which corresponds to # of 1s in subnet mask.
CIDR protocols freed routers from using high-order bits and eliminated need to allocate registered IP addresses by address class.
Before CIDR = waste thousands of registered addresses, difficult network design , and routing tables were large and difficult to manage.
CIDR enables ISP to use a block of addresses based on # of host addresses it requires.
Super-nets = group of Class C addresses into one large block, e.g: 192.168.0.0/19. Using the first 19 bits of the IP address for the network prefix enables this supernet to contain 8,190 possible host addresses. An ISP can use a supernet as one large network or divide it into as many smaller networks as needed to meet its requirements.

4.1.5.1 Communicating between Sub-nets

A router connects networks and allows a device in one subnet to communicate with a device in another subnet.
Each router interface must have an IP in same subnet as host network attached to it.

4.2.1.1 Basic Network Address Translation (NAT)

Network Address Translation (NAT) must be enabled on device connecting private network to ISP network.
NAT allows a large group of private users to access Internet by sharing public IP addresses.
NAT is similar to how a telephone system uses private extension numbers.
NAT provides security to PCs, servers and networking devices by withholding their actual IP host addresses from direct Internet access.

NAT advantages:

IP addresses can be re-used and many hosts can share globally unique IP addresses.
Operates transparently.
Shields users of a private network against access from the public domain.
NAT hides private IP addresses from public networks which prevents outside users from accessing internal devices.

NAT disadvantages:

Additional configurations are required to allow access from legitimate external users.
Impacts some apps that have IP addresses in their messages, which increases load on the router and hinders network performance.

4.2.2.1 IP NAT Terms

Inside local network:

Any network connected to a router interface part of privately addressed LAN.
Hosts IP addresses are translated before they are transmitted to outside destinations.

Outside global network:

Any network attached to router external to LAN and does not recognize private addresses.

Inside local address:

Private IP address on an inside network.
Address is translated before it travels outside local network addressing structure.

Inside global address:

IP address of an inside host as it appears to outside network.
Translated IP address.

Outside local address:

Destination address of packet while on local network.
Usually same as outside global address.

Outside global address:

Public IP address of an external host.
Allocated from a globally routable address or network space.

4.2.3.1 Static & Dynamic NAT

Dynamic NAT is when a router assigns an outside global address from a pre-defined pool of addresses, to inside private host.
When session is open, router watches for inside global address and sends acknowledgments to inside device.
When session ends router returns inside global address to pool.
Static translations allows an individual host’s private IP address to be translated to same registered global IP address.
Static NAT allows hosts on the public network to access selected hosts on a private network.
Static and dynamic NAT can be configured at same time.

4.2.3.1 Port-based Network Address Translation (PAT)

NAT overload = Port Address Translation (PAT).
PAT translates multiple local addresses to a single global IP address.
With PAT, gateway translates local source address/port combination in packet to a single global IP address with unique port number + 1024.
Table in router contains list of internal IP address/port combinations which are translated to an external address.
Traffic is sent to appropriate internal address/port number.
Each connection generates a new source port and requires a separate translation.
Translation expires after duration of connection ends.
Outside network users cannot initiate a connection to a host on PAT network because host on inside network must initiate communication.

4.2.5.1 IP NAT Issues

Additional workload is necessary to support IP address and port translations.
Some apps increase workload of router because of an embedded IP address is part of encapsulated data
NAT implementation requires good network design, careful selection of equipment and accurate configuration.
IPv6 was proposed in 1998 with RFC 2460.

Improvements that IPv6 have are:

More address space & better management.
Easier TCP/IP admin.
Modernized routing capabilities.
Improved support for multicasting, security, and mobility.

With IPv6, IP addresses are 128 bits with a potential address space of 2^128.
IPv6 address uses 128 bits as 32 hexadecimal digits which is divided into 8 groups of 4 hex digits & uses colons as delimiters.
IPv6 address has a 3 part hierarchy.
The global prefix = first 3 blocks of address and is assigned by an Internet names registry.
Subnet and interface ID are controlled by network administrator.

Leave a Response »

Cisco Disco 2 Ch.3 Monday, Oct 12 2009

Uncategorized Chisholm, Cisco, Discovery 2, Kangan mjlilley 4:38 am

CHAPTER-3-CS12Fr-Disc2v4.1-07/09-Tues/Fri-MK

3.1.1.1 Site Survey

When networks start to fail, network redesign is needed to meet new demands.
ISP/MSP may provide advice and install/maintain network upgrade.
Before redesigning, an on-site technician will conduct a site survey to document existing network.
Investigate/documentation of physical layout will determine where new equipment can be installed.
Site survey creates proper starting point for the project, shows what is already on site and indicates what is needed.

Info gathered during a site survey:

# of users and types of equipment
Projected growth
Current Internet connectivity
Application requirements
Existing network infrastructure and physical layout
New services required
Security and privacy considerations
Reliability and uptime expectations
Budget constraints

Obtain a floor plan and an inventory of existing network hardware/software to provide a baseline of requirements for upgrade.
When site survey is complete, review the results with the customer to ensure there are no errors.

3.1.2.1 Physical & Logical Topologies

Physical and logical topology of network must be documented.
Physical topology = actual physical location of cables, computers, and other peripherals.
Logical topology = path that data takes through network and where functions occur.

In wired network physical topology map has a wiring closet and wiring to end-users.
In wireless network physical topology has a wiring closet and an access point. No wires means physical topology is wireless signal coverage area.
Logical topology is same for wired/wireless networks.
Logical topology names and addresses Layer3 end users, routers and network devices.

3.1.3.1 Network Requirements Documentation

Obtain additional information about hosts and networking devices currently installed.
Record info on a brief inventory sheet.
Document any anticipated growth that company expects in near future.

This info helps determine what new equipment is required, and how to structure network to support anticipated growth.

The inventory sheet of installed devices may contain:

Device name
Date of purchase
Warranty info
Location
Brand/model
O.S.
Logical addressing info
Gateway
Method of connectivity
Virus Checker
Security info

3.2.1.1 Network Upgrade Planning Phases

A good project plan identifies any strengths, weaknesses, opportunities, or threats (SWOT).

Phase 1: Requirements Gathering

After all info has been gathered from customer/site, it is analysed to find network requirements.
Analysis conducted by design team at ISP who create an Analysis Report.

Phase 2: Selection and Design

Devices and cabling are chosen based on Analysis Report.
Design options are created and shared with other project members.
Allows team members to evaluate trade-offs in performance/cost.
Identify and address any weaknesses of design.
Prototypes are created /tested.
Design is approved by the customer.

Phase 3: Implementation

If tasks have been overlooked in earlier phases, they must be fixed during implementation.
Create implementation schedule to allow time for unexpected events.
Communicate constantly with the customer during the installation.

Phase 4: Operation

The network is fired up and begins operation (production environment).

Phase 5: Review and Evaluation

Design and implementation is reviewed and evaluated by:

Step 1: Compare user experience with goals in documentation to see if design is ok.

Step 2: Compare projected designs/costs with actual deployment & learn from this.

Step 3: Monitor operation and record changes.

3.2.2.1 Physical Environment

A telecommunications room (wiring closet) in a small, single-floor network is known as Main Distribution Facility (MDF).
MDF contains network devices and network cable concentration point.
MDF contains Point of Presence (POP) of the ISP, where network connects to Internet.
If more wiring closets are needed, they are called Intermediate Distribution Facilities (IDFs).
IDFs are smaller than the MDF and connect to MDF.
Some businesses do not have a telecommunications room or closet.
Network equipment may be on a desk and wires may be lying on floor.

3.2.3.1 Cabling Considerations

Condition of existing cabling is found by physical inspection of network during site visit.

When planning installation of network cabling, consider:

User work areas
Telecommunications room
Backbone area
Distribution area

Types of cable found in the networking environment:

Shielded twisted pair (STP) – Category 5, 5e, or 6 cable that has foil shielding to protect from outside (EMI).
Unshielded twisted pair (UTP) – Usually Category 5, 5e, or 6 cable that does not provide extra shielding from EMI, but is inexpensive. Avoid electrically noisy areas.
Fibre-optic cable – Not susceptible to EMI, and can transmit data faster and farther than copper. Can be used for backbone cabling and high-speed connections.
Coaxial -not typically used in LANs, but widely used in cable modem networks. Has a solid copper core with several protective layers including polyvinyl chloride (PVC), braided wire shielding, and a plastic covering. Limitations depend on purpose of connection.

Telecommunications Industry Association (TIA) and Electronic Industries Alliance (EIA) provide TIA/EIA cable specifications for LANs.
Most common TIA/EIA cable specifications are 568-A and 568-B standards.

3 types of twisted pair cables that are used in networks:

Straight-through – Connects unlike devices.
Crossover - Connects like devices.
Console (or Rollover) – Connects a computer to the console port of a router or switch.
Serial cable – Used to connect router to an Internet connection.

3.2.4.1 Structured Cable

When designing structured cable project, first obtain an accurate floor plan.
Floor plan helps identify possible wiring closet locations, cable runs and which electrical areas to avoid.
After confirming location of network devices, draw network on floor plan.

Include:

Patch cable – Short cable from PC to wall plate in user work area
Horizontal cable – Cable from wall plate to the IDF in distribution area
Vertical cable – Cable from IDF to MDF in backbone area
Backbone cable – Network part that handles major traffic
Location of wiring closet – Area to concentrate end-user cables to hub or switch
Cable management system – Trays and straps used to guide and protect cable runs
Cable labelling system – Labelling system/scheme to identify cables
Electrical considerations – Outlets/other items to support electrical requirements of network equipment.

3.3.1.1 Purchasing Equipment

Managed service – equipment is obtained from ISP through a lease/other agreement and the ISP is responsible for updating/maintaining equipment.
In-house – Customer purchases equipment, and customer is responsible for updates, warranties and maintenance of equipment.

3.3.2.1 Selecting Network Devices

The higher the device is in OSI model, the more intelligent it is.
Higher level device can better analyse data traffic and forward it based on info not available at lower layers.

3.3.3.1 Selecting LAN Devices

Switches cost more than hubs, but + performance makes switches more cost-effective.
Hub is chosen as a networking device only within a very small LAN, requires little throughput or when $ is low.

When selecting a switch for a particular LAN, consider:

Speed and types of ports/interfaces involved
Expandability
Manageability
Cost

Speed and Types of Ports/Interfaces

Layer 2 devices that can handle high speeds lets network evolve without replacing central devices.

Choose appropriate number/type of ports.
Consider carefully how many twisted pair and fibre-optic ports are needed.
Estimate how many more ports will be needed to support network expansion.

Expandability

Modular devices have expansion slots that provide the flexibility for future requirements.
Modular devices come with a minimum number of fixed ports and expansion slots.
Modular switches can be a cost-effective when scaling LANs.

Manageability

Basic, cheap switches are not configurable.
A managed switch allows control over individual ports or over switch as a whole.
It is possible to change settings for a device, add port security and monitor performance.

Cost

Determined by its capacity and features.
Switch capacity includes number/types of ports available and overall throughput.
Network management capabilities, embedded security technologies and advanced switching technologies also affect cost.
Using “cost-per-port calculation”.
Apparent cost savings of 1 central switch location may be offset by expense of longer cable runs required.
Using a number of smaller devices also reduces size of failure domain.

3.3.4.1 Selecting Internetworking Devices

Routers have the ability to break up broadcast domains and collision domains.
Match characteristics of router to requirements of network.

When choosing a router, consider:

Type of connectivity required
Features available
Cost

Connectivity

Routers interconnect networks which use different technologies.
Routers can have LAN and WAN interfaces.
LAN media is usually UTP cabling, but fibre optics modules can be added.

Features

Security
Quality of Service (QoS)
Voice over IP (VoIP)
Network Address Translation (NAT)
Dynamic Host Configuration Protocol (DHCP)
Virtual Private Network (VPN)

Cost

Routers can be expensive and additional modules can increase cost.

ISR

ISR combines multiple services into one device.
ISR cost less than individual devices purchased separately.

3.3.5.1 Network Equipment Upgrades

Cisco 1841 ISR and Cisco 2960 Switch = more robust devices.

Cisco 1841 ISR Router:

Cisco 1841 ISR designed for branch office or medium-sized business routing.
Cisco 1841 is an entry-level multiservice router with different connectivity options. I
Modular design can deliver multiple security services.

Catalyst 2960 Switch:

Entry-level, enterprise-class, fixed-config. switching, optimized for Access Layer.
Fast Ethernet/Gigabit Ethernet to desktop configs.
Compact size for use outside wiring closet
Provides high speeds/high-density switching capabilities that smaller ISRs with integrated switching will not.

3.3.6.1 Design Considerations

Add redundant components to network to make more reliable
Increased reliability leads to improved availability. Ie- five-9s
Fault tolerance systems improve network reliability. Ie – UPS, 2+ AC power supplies, hot-swappable devices, multiple interface cards and backup systems.

IP Addressing Plan

Change the Layer 3 IP addressing scheme when upgrading a network If the structure of the network is going to be altered.

Include every device that needs an IP address and allow for future growth:

User computers
Administrator computers
Servers
Other end devices: printers, IP phones and IP cameras
Router LAN interfaces
Router WAN (serial) interfaces

Other devices that need an IP address to access/manage them:

Standalone switches
Wireless Access Points

Leave a Response »

CiscoDisco2 Ch. 2 Monday, Oct 5 2009

Uncategorized Chisholm, Cisco, Discovery 2, Kangan mjlilley 8:21 am

CHAPTER-2-CS12Fr-Disc2v4.1-07/09-Tues/Fri-MK

2.1.1.1 ISP Helpdesk Organization

Solving network problems is a top priority for businesses because they depend on connection to local network/Internet
ISP support usually includes assistance with customer equipment problems which is typically provided via ISP help desk.
ISP help desk is usually the first place a user or business turns to for help.
ISP help desk technicians have knowledge/experience to fix problems and reconnect users.
Technicians solve customer problems in order to optimize networks and retain customers.
A good team solves customer problems quickly.
Providing Internet services = highly competitive.
Poor service = loss of customers to competing ISPs.

ISP customer support levels:

Level 1 immediate support by junior-level help desk technicians.
Level 2 calls which are escalated to more experienced telephone support.
Level 3 calls that cannot be fixed by phone support and need an on-site technician.
Medium to large businesses also employ help desk/customer support teams.
Managed Service Providers (MSP) often need technicians to visit customer sites for installation and support.
Level 3 support is usually stipulated in a Service Level Agreement (SLA), which is like an insurance policy that provides coverage or service if there are computer/network issues.

2.1.2.1 Roles of ISP Technicians

Level 1 Role and Responsibilities:

Diagnose basic network connectivity issues.
Diagnose/document symptoms of hardware/software/system problems.
Resolve and document any basic user issues.
Help customers complete online order forms.
Escalate unresolved issues to Level 2 support.

Level 2 Role and Responsibilities:

Diagnose and resolve more difficult network issues.
Use diagnostic tools/remote desktop sharing tools to identify/fix problems.
Identify when an onsite technician must be sent to make repairs.

Level 3 Role and Responsibilities:

Diagnose and resolve issues that have been escalated by Level 1 & 2 technicians.
Survey network conditions for analysis by a senior network technician.
Install & configure new equipment when necessary.

2.1.3.1 Interacting with Customers

Help desk technicians are required to provide support for phone, email, www, online chat, and on-site support.
Help desk technicians may continue to get calls asking for status updates until a problem is solved.
Help desk technician must handle customer issues with speed, efficiency, and professionalism via the company’s customer service philosophy.
Basic Incident management procedures must be followed any time a technician receives a call and troubleshoots issues.
Incident management =opening a trouble ticket/following a problem-solving strategy. i.e- troubleshooting flowcharts, answering questions in proper format, and maintaining proper ticket escalation procedures.
A help desk script is used by technician to get info and cover important facts about customer incident.
Good info on an open trouble ticket helps communicate an accurate status to the customer and other ISP personnel.
A professional knows how to make the customer feel at ease/confident in technician’s skills.
On first visit, it is important for technician to make a good impression.
The language/attitude used also reflect on the org that technician represents.
The technician should write down any customer inquiries and follow up on it as soon as possible.

2.2.1.1 Using the OSI model

A layered approach is one common method used to troubleshoot network problems.
This requires that the technician knows the functions that occur as messages are created, delivered, and interpreted by network devices/hosts on the network.
The OSI model can be used to focus on a layer when troubleshooting to identify and resolve network problems.
the OSI model is divided into 2 parts

Upper layers:

Any layer above the Transport layer of the OSI model or Layers 5,6 & 7
They handle application functionality and are implemented only in software.

Lower layers:

Any layer below the Session layer of the OSI model or Layers 1, 2, 3 & 4
The combination of the lower layers handles data transport.
The Physical layer and Data Link layer are used in hardware/software.

Clients/servers work with all 7 layers.
Networking devices only use the lower layers.
Hubs work on Layer 1
Switches on Layers 1 and 2
Routers on Layers 1, 2 and 3
Firewalls on Layers 1, 2, 3, and 4

Step 1: Upper layers create the data.

When user sends an email, the characters within message are converted to data that travels across network.
Encoding: Layers 7, 6, and 5 ensure that the message is placed in correct format for app running on destination host.
The upper layers then send encoded message to lower layers for transport across network.
To transport email to correct server, user info must be configured correctly.
Application layer problems are often errors in configuration of user software programs.

Step 2: Layer 4 packages data for end-to-end transport.

Data within email is packaged for network transport at Layer 4 by breaking the message into smaller segments.
A header is attached to each segment indicating the TCP/UDP port # that relates to correct application layer app.
Functions in transport layer indicate type of delivery service.
Email uses TCP segments, hence packets are acknowledged by the destination.
Layer 4 functions are used in software that runs on source/destination hosts, but because firewalls use port numbers to filter traffic, problems that occur here are caused by poorly configured firewall filter lists.

Step 3: Layer 3 adds the network IP address information.

Email data received from transport layer is put into packet which contains header (source and dest. network IP addresses).
Routers use destination address to send packets through network along correct path.
Poorly configured IP address info on source/dest. systems may cause problems here .
Router config. errors can cause problems here also.

Step 4: Layer 2 adds the data link layer header and trailer.

All network devices from source to dest. encapsulate the packets into frames.
Frame contains physical (mac) address of the next network device on the link.
Switches and NICs use info in frame to deliver message to correct dest.
Incorrect NIC drivers, interface cards/hardware problems with switches cause problems here.

Step 5: Layer 1 converts the data to bits for transmission.

Frames are converted into 1s & 0s (bits) for medium transmission.
Clocking function helps devices to distinguish bits as they travel down medium.
Problems are caused here by loose/incorrect cables, dodgy interface cards, or electrical interference.

Layer 7 – Application Layer:

Application initiates communication process.

Layer 6 – Presentation Layer:

Format & Encode data for transmission.
Encrypt & compress data.

Layer 5 – Session Layer:

Establishes & monitors session with destination.

Layer 4 – Transport Layer:

Package data for transport across network
Add TCP/UDP port #s

Layer 3 – Network Layer:

Route packets between networks
Assign IP addresses
Encapsulate data ion packets for transmission

Layer 2 – Data link Layer:

Transmits data to the next connected device in the path
Adds the hardware (mac) address
Encapsulates data in a frame

Layer 1 – Physical Layer:

Converts data to bits for transmission
Generates signals & timing

2.2.3.1 Troubleshooting the OSI Model

In troubleshooting, the basic procedure includes:

1. Define the problem.

2. Isolate the cause of the problem.

3. Solve the problem.

Identify/prioritize alternative solutions.
Choose an alternative as solution.
Implement solution.
Evaluate solution.

If this does not fix problem, undo changes and choose next solution.
Go through steps until solution works.

Using layered model, 3 types o troubleshooting approaches exist to isolate problem:

Bottom-Up – Starts with physical components of network and works up layers of OSI model.
Effective and efficient for suspected physical problems.
Top-Down - Starts with user application and works down the layers of the OSI model.
Assuming that problem is with app and not network infrastructure.
Divide-and-Conquer – Generally used by more experienced network technicians.
An educated guess targets problem layer and based on results, moves up/down OSI layers.

Layer 5-7: Can browser open website?
Layer 4: Is a firewall configured on PC?
Layer 3: Is it possible to ping default gateway?
Layer 2: Is link light lit on NIC?
Layer 1: Is network cable plugged in and secure?

By using OSI model, help desk technician can query the user to help define problem and isolate cause.

Help desk technician follows standard checklist/script when troubleshooting problems.
Scripts use bottom-up approach because physical problems are easy to diagnose/repair.

Layer 1 Troubleshooting:

Problems often involve cabling and electricity:

Device power turned off
Device power unplugged
Loose network cable connection
Incorrect cable type
Faulty network cable
Faulty wireless access point
Incorrect wireless settings, such as the SSID

First check that all devices have electrical supply and are turned on.
Check with user that they are indicating correctly.
When on-site, visually check all cabling/reconnect cables to ensure proper connection.
Verify that wireless access point is ok and wireless settings are config. correctly.

Whilst remotely troubleshooting, technician should advise user through each step, what they should look for, and what they should do if an error is found.
If all Layer 1 issues have been addressed, then go up OSI model to Layer 2.

Layer 2 Troubleshooting:

Problems are caused by faulty equipment, incorrect device drivers, or poorly config. switch.
It may be difficult to isolate a Layer 2 problem when remotely troubleshooting.
An on-site technician can check the NIC or network switch to isolate problem.

Layer 3 Troubleshooting:

Technician verifies that device has proper settings:

IP address within assigned network
Correct subnet mask
Correct default gateway
Settings if required: DHCP/DNS

3 common command line tools are:

ipconfig – Shows IP settings on PC
ping – Tests basic network connectivity
tracert – Shows routing path between source and destination

Most network problems can be fixed using Layer 1, 2 & 3 troubleshooting techniques.

Layer 4 Troubleshooting:

If Layers 1 – 3 are ok and technician can ping IP address of remote server, then check higher layers
If network firewall is used over path, check if app TCP/UDP port is open and no filter lists are blocking traffic to port.

Layers 5 through 7 Troubleshooting:

Technician should check app configuration. E.g. ensure app is config. with the correct info
Also ensure that domain name resolution is ok.

Higher layer issues can be checked by remote technicians using other network utility tools, (packet sniffer) to view traffic crossing network.
Network apps (Telnet) can be used to see configs.

2.3.1.1 Help Desk Troubleshooting Scenarios

Calls received by help desk can vary a lot.
Most common problems are with email, host config. and connectivity.

Email Issues:

Can send but not receive
Can receive but not send
Cannot send or receive
Nobody can reply to messages
Common cause of email problems is using incorrect POP, IMAP or SMTP server names.
Check with email admin. to confirm name of POP, IMAP or SMTP server.
Sometimes POP, IMAP and SMTP use same server name.
Confirm username/password is correct.
Step customer through config. settings carefully when troubleshooting issues over phone.
Try to connect to customer device using remote management software to allow you to perform steps for customer.

Host Configuration Issues:

Improperly configured host addressing info is a common issue that prevents Internet connectivity. E.g. incorrect IP address, subnet mask or default gateway.
If IP address info is manually configured = entered incorrectly by user.
When DHCP is used = server failure or network issues.
If host is config. to use DHCP and server is unavailable/unreachable, a link-local address will be assigned to host by OS.
IPv4 addresses from 169.254.0.1 to 169.254.255.254 are link-local addresses.
Microsoft refers to link-local addresses as Automatic Private IP Addressing (APIPA).
If hosts on same network have a link-local address, client/server and peer-to-peer apps between hosts will work ok, but comms outside local network is not possible, because link-local addresses are in private Class B address range.
Use the host command ipconfig /all to verify that host is using correct IP config.

Customer Connectivity Issues:

Reasons why a customer has no connectivity:

Late payments for services
Hardware/Physical layer failures
Wrong app settings
Missing app plug-ins
Missing apps

Check cable connection or replace cable.
Software issues are more difficult to detect.
An incorrectly loaded TCP/IP stack prevents IP from operating correctly.
The reserved IPv4 address 127.0.0.1 can be used to test and verify the TCP/IP stack.
127.0.0.0 to 127.255.255.255 addresses are reserved for testing purposes.

2.3.2.1 Creating and Using Help Desk Records

Extremely important to gather info correctly in case call is escalated to Layer 2 or requires an on-site visit.
Process starts when technician answers phone.
Database app is used to verify & manage customer info.
Info is transferred to trouble ticket/incident report. Ie – paper in filing cabinet or an electronic tracking system that follows troubleshooting process from start to finish.
Everybody who works on problem records what was done on trouble ticket.
When on-site visit is needed, info is converted to work order that technician takes to customer site.
When a problem is fixed solution is put into work order/trouble ticket, and a knowledge-base document for later referral.\
Level 1 and Level 2 technicians try to fix customer issues using telephone, web tools, and remote desktop sharing apps.
If unable to fix problem remotely, a Level 3 on-site technician may visit customer.
An appointment with customer is made for on-site technician to perform repairs.
On-site technician reviews trouble ticket to see what was previously done. Ie -background info & logical starting point. I
Helps technician decide which tools/supplies to bring.

2.3.3.1 Customer Site Procedures

Before beginning any troubleshooting or repair at customer site, on-site technician must:

Step 1. Show proper ID to customer.
Step 2. Review trouble ticket/ work order with customer to verify info is correct.
Step 3. Tell customer status of problem/s and actions technician expects to take at site.
Step 4. Obtain permission from the customer to begin the work.

Technician must verify all items on ticket. When familiar with all issues, start work.
Technician is responsible for checking all device/network settings and running any utilities as well as swapping out suspected faulty hardware for known good hardware to see if hardware problem exists.

Minimize risk of injury by following good safety practices.

Ladders

Used to reach high locations to install cable and install/troubleshoot wireless access points. Reduce the risk of falling or dropping equipment by working with a partner.

High or Dangerous Locations

When working on side of a building, on roof tops, or an elevator shaft which is not accessible with ladder use safety harness to reduce risk of falling.

Electrical Equipment

Coming in contact with electrical equipment may result in serious personal injury so consult with customer electrician about ways to reduce risk of electrical shock.

Awkward Spaces

Ensure work area is properly lit and well ventilated.
Determine best way to lift, install, & remove equipment to reduce risks.

Heavy Equipment

Have correct equipment and trained personnel when installing or moving heavy equipment.
Observe the results of proper operation after any configuration changes or installing new equipment.
Inform customer nature of identified problem and what solution was applied as well as any follow-up procedures.
Before problem is fully resolved, technician must get customer acceptance, only then can technician close trouble ticket and document solution.
Leave copy of documentation with the customer which includes original help desk call problem and actions taken to solve problem.
Technician records solution and customer acceptance is shown on trouble ticket.
Technician also records problem/solution in help desk documentation and FAQs for future reference.
Sometimes on-site technicians can reveal network problems which need upgrades and/or reconfiguration of network devices.
If this situation falls outside of the scope of original trouble ticket then issues are communicated to customer and ISP network team for further action.

Leave a Response »

CiscoDisco2 CH. 1 Sunday, Oct 4 2009

Uncategorized Chisholm, Cisco, Discovery 2, Kangan mjlilley 3:46 am

CHAPTER-1-CS12Fr-Disc2v4.1-07/09-Tues/Fri-MK

1.1.1.1 The Internet and standards

The Internet was first used for scientific, educational, and military research.
Regulations changed in 1991 to allow businesses and consumers to connect as well. The
To keep up with this continuous evolution, the way people interact, share info and do business must change.
Internet access has become critical for business comms and day-to-day operation.

Business use of the Internet includes:

E-Commerce – any business conducted over the web
Communications – any electronic method of communication
Collaboration and training – any created environment to allow sharing of files

Internet standards make it possible to manage changes and reliably deliver services like email.
A standard = set of rules that determines how something is done.
Networking/Internet standards ensure that all devices use same rules.
When using standards, different types of devices can send info to each other over the Internet.
If an email is sent via a PC, a mobile phone can receive and read the email as long as it uses the same standards as the PC.
Internet standard = end result of a discussion, problem solving, and testing.
Each stage of development and approval process is recorded in a Request for Comments (RFC) document so the standard is tracked.
Thousands of Internet standards that are developed, published, and maintained by a variety of different organizations.

1.1.2.1 ISP & ISP Services

To connect to Internet, a device must connect through an Internet service provider (ISP).
An ISP offers other services like:
Equipment co-location – A subscriber may have some internal network equipment physically located on at the ISP.
Web hosting – ISP provides server and app. software for storing web pages and web content for a subscriber website.
FTP - ISP provides server and app. software for FTP site of a subscriber.
Applications and media hosting – ISP provides server and software to let subscriber provide streaming music/video, or other apps.
Voice over IP – A subscriber can save on long distance telephone calls, by using VoIP.
Technical support – Some businesses lack technical expertise to manage large internal networks, so some ISPs provide technical support and consulting services.
Point of Presence (POP) – A subscriber can connect to the ISP through POP, using various access technologies.

1.2.1.1 Delivering Internet Services to end – users

Main connection methods used by home and small business users:

Dialup access:

Inexpensive and slowest connection option, used by mobile workers and in areas where higher speed connection options are not available.
56kbps

DSL:

Digital subscriber line is more expensive than dialup, but has a faster connection.
Uses telephone lines, but provides continuous connection to Internet.
Uses a special high-speed modem that separates DSL signal from telephone signal and provides Ethernet connection to host PC or LAN.
512kbps+

Cable modem:

Connection option offered by cable television service providers.
Internet signal is carried on same coaxial cable that delivers cable television.
A special cable modem separates the Internet signal from other signals carried on the cable and provides Ethernet connection to PC or LAN.
512kbps+

Satellite:

Option offered by satellite service providers.
PC connects through Ethernet to satellite modem that transmits radio signals to nearest Point of Presence (POP) within satellite network.
128kbps – 512kbps

Bandwidth = bits per second (bps), kilobits per second (kbps), megabits per second (Mbps), or gigabits per second (Gbps).

Businesses use three main types of high-bandwidth connections:

T1 transmits up to 1.544 Mbps.
T1 connections are symmetrical = upload bandwidth/download bandwidth is the same.
A medium-sized business only needs one T1 connection.
T3 transmit up to 45 Mbps.
T3 is considerably more $$$ than a T1 connection, larger business that accommodates larger number of employees.
Multiple locations can use a combination of T1 and T3.
E1 = European standard that transmits up to 2.048 Mbps.
E3 = European standard that transmits u to 34.368 Mbps.
Metro Ethernet = wide range of high-bandwidth options, e.g: Gbps links.
Banks with many branches in the same city may use Metro Ethernet.
Connects main office and all branches using switched technology.
Transfers large amounts of data faster and cheaper than other high-bandwidth connections.

PC’s and networks connect to the ISP at the POP.
POPs are situated at edge of ISP network and serve a particular geographical region.
Provides local point of connection/authentication for end users.
ISP can have many POPs, depending on size of POP and area it services.
Within ISP network, high-speed routers and switches move data between POPs.
Links interconnect POPs to provide alternate routes should one link becomes overwhelmed with traffic/fail.

1.2.2.1 Internet Hierarchy

Top level hierarchy = ISP organizations.
ISP POPs connect to Internet Exchange Point (IXP) or Network Access Point (NAP).
This is where ISPs join together to access each other’s networks and exchange info.
Over 100 major exchanges worldwide.

Internet backbone consists of ISP networks connected through IXPs and private peering connections.
Internet backbone = information super highway which provides high-speed data links that interconnect POPs and IXPs in metro areas around the world.
Internet backbone = fiber-optic cable.
Installed underground to connect cities within continents.
Also runs under the sea to connect continents, countries, and cities.

ISPs are classified into different tiers according to how they access the Internet backbone:

Tier 1 ISPs = top of the hierarchy.
Huge organizations that connect directly via private peering.
Join their network backbones together to form global Internet backbone.
Tier 1 ISPs have routers, high-speed data links, and other equipment that connects to other Tier 1 ISP networks. E.g: undersea cables that connects continents.

Tier 2 ISPs = next tier backbone access.
Can also be very large or extend across several countries.
Some Tier 2 ISPs pay Tier 1 ISPs to carry their traffic to other parts of the world.
Some Tier 2 ISPs swap global traffic with other ISPs cheaply through public peering at IXPs.
A large IXP can bring together 100s of ISPs in a central location to access multiple networks over a shared connection.
Tier 3 ISPs = farthest away from Internet backbone.
Generally found in major cities and provide customers local access to Internet.
Pay Tier 1/2 ISPs for access to global Internet/Internet services.

1.2.3.1 Using tools to map the Internet

To visualize how ISP networks interconnect, use network utilities to create a map.
Utilities also show speed that each connecting point can be reached.

1.3.1.1 ISP Requirements

Uses variety of devices to accept input from end users/provide services.
To be in a transport network, ISP must connect to other ISPs.
ISP must handle large volumes of traffic.

Some of the devices needed to provide services are:

Access devices: enables end users to connect to the ISP: DSL Access Multiplexer (DSLAM), a Cable Modem Termination System (CMTS), modems for dialup connections and wireless bridging equipment.
Border gateway routers: allows ISP to connect to other ISPs, IXPs, or large business customers.
Servers: email, network address assignment, web space, FTP and multimedia hosting.
Power conditioning equipment: maintains continuity if main power grid fails.
High capacity air conditioning: units to maintain controlled temperatures.

As number of subscribers/services to an ISP grows, traffic on ISP network also grows.
Increased traffic can overload network = router errors, lost packets, and long delays.
Loss of performance = loss of customers = loss of income.
ISP must provide a reliable and scalable network.
Scalability = capacity of network to allow for future change/growth.
Scalable networks can expand quickly to allow for new users and apps without affecting performance of service given to users.
The most scalable = modular devices that provide expansion slots for adding modules.
Different modules can have different numbers of ports/ interface options.

1.3.2.1 Roles and Responsibility within an ISP

ISP orgs have many teams/departments which ensure that network operates smoothly and services are available.
Network support services manage planning/provisioning of new equipment and circuits, new subscribers, network repair and maintenance and customer service for network connectivity issues.
When a new subscriber orders ISP services, network support service teams work together to process order correctly and ensure network is ready to deliver said services as quickly as possible.

Network support service roles and responsibilities:

Customer Service: receives order from customer and ensures requirements of customer are accurately entered into order tracking database.
Planning and provisioning: determines if new customer has existing network hardware/circuits or wether new circuits need to be installed.
On-site Installation: is advised of circuits and equipment to use and installs them at customer site.
Network Operations Centre (NOC): monitors and tests new connection and ensures it is working /performing properly.
Help Desk: is notified by NOC when circuit is ready for operation. Help Desk then contacts customer to guide them through process of setting up passwords and other misc. account info.

Leave a Response »

Cisco Notes (Disc 1 FLEX – 2009) Ch. 9 Friday, Aug 28 2009

Uncategorized Chisholm, Cisco, Discovery 1, Kangan mjlilley 10:49 am

Cisco Notes (Disc 1 FLEX – 2009)

9.1.1.1 Troubleshooting

Is identifying, locating and correcting problems that occur.
Structured techniques are used to determine most likely cause and solution.

Maintain proper documentation, which includes:

Problem encountered.
Steps taken to determine cause of problem.
Steps to correct problem and ensure that it will not happen again.

Document all steps taken including the ones that did not solve the issue.
Use this documentation as a reference should same or similar problem reoccur.

9.1.2.1 Gathering Info.

Verification report = checking reported problem – verify and determine extent.
Once confirmed – first step is to gather info.

End user report = questioning individual/affected users who reported the problem. E.g.: end user experiences, observed symptoms, error messages/info about recent config changes to devices/apps.
Config & Topology – copy of log files and listing of recent changes made to equipment config.
Network info – physical/logical topologies – using monitoring tools.

Then collect info about affected equipment:
OS version and any service packs/updates/patches applied.
Manufacturer, make and model of affected devices, ownership/warranty info.
Firmware version/software on device re – compatibility problems with some hardware platforms.
Start troubleshooting once all necessary info has been gathered.

9.1.3.1 Troubleshooting Approaches.

Top-down, Bottom-up, Divide-and-conquer
All use layered concept of networking. i.e: OSI model verify functionality at each layer until problem is located and isolated.

Top-down: starts at application layer and works down to physical layer.
Views problem from point of view of user and the application.
One app or all apps fail in functioning? E.g.: can access web pages, but not email? Do other PCs have similar issues?

Bottom-up: starts with physical layer and works up to app layer.
Views problems concerned with hardware and wire connections.
Are cables in their sockets? Are indicator lights on or off?
Divide-and-Conquer: begins at one of the middle layers and works up or down from there.
E.g.: begin at network layer, by verifying IP config info.
Structured approaches = suited for novice trouble-shooter.
Experienced techys bypass structured approaches and rely on instinct and experience.
They also use techniques like trial and error or substitution.
Trial and error: individual knowledge determines most probable cause of a problem.
Uses an educated guess via past experience/ knowledge.
After attempting solution, if no work, then he/she uses this info to help find the next most likely cause. Repeated process until problem is isolated and solved.
Trial and error has potential to be extremely fast, it can result in incorrect assumptions and overlooking simple solutions.
Substitution:
Assumption that cause is specific hardware component or config file.
Defective part/code is replaced by known good device or file, which can save time and quickly restore network functionality. This needs substitute parts, components, and backup configuration files which cost $$$ to maintain.
E.g.: ISP replaces possible broken device rather than locating specific issue. Good technique for inexpensive parts – network interface cards/patch cables.

9.2.1.1 Detecting Physical problems.

Majority of networking problems are related to physical components/physical layer.
Physical problems – PC hardware, networking devices & cables which connect them.
Physical problems do not consider the logical (software) configuration of devices.
Use your senses – vision, smell, touch and hearing.
Sight: cables not connected/wrong port.
Smell: burning insulation or components means very bad news.
Touch: Feel for overheated/vibrating components/fans.
Hearing: Detect uncharacteristic electrical noise from fans/HDDs.

9.2.2.1 Software utilities for troubleshooting connectivity.

Utility programs help identify network problems.

DOS CLI commands:

ipconfig – shows IP configuration info.
ping – Tests connections to other IP hosts.
tracert – shows route taken to destination in hops and delay.
netstat – shows network connections/ports.
nslookup – queries name server for info on a destination domain.

Ipconfig:

Will display host’s current IP configuration info: IP address, subnet mask and default gateway.

Ipconfig /all:

Will display additional info: MAC address, IP addresses of the default gateway and the DNS servers. Also shows if DHCP is enabled, DHCP server address and lease/expiry info.

Ipconfig /release & ipconfig /renew (Dynamic addressing using DHCP server)

ipconfig /release – releases the current DHCP bindings.
Ipconfig /renew – requests fresh configuration information.

If still unsuccessful, verify that NIC has an illuminated link light. If issue remains, then, it may be problem with the DHCP server/network connections@ DHCP server.

9.2.4.1 Troubleshooting using Ping

Assuming IP config is correct on local host, then test network connectivity by using ping.
Tests if a destination host is reachable.
ping 192.168.6.9 or ping www.justgoogleit.com.au
If sent to an IP address, ping sends packet (echo request) across network to the IP address specified. If destination host receives echo request, it replies with a packet (echo reply). If source host receives echo reply, connectivity is verified.
If ping is sent to named address – www.justgoogleit.com.au, packet is first sent to a DNS server to obtain name of IP address. Then echo request is passed on to destination host IP address etc etc.
If ping to IP address succeeds, but a ping to name does not, then problem with DNS.

9.2.5.1 Troubleshooting using Tracert.

Ping utility does not show where connection is dropped. Tracert does.
Tracert shows path a packet takes to reach destination and info about every router (hop).
Also shows round trip time and help identify where packet may have been lost/delayed.
Basic tracert only allows up to 30 hops device before it assumes that destination is unreachable. Use -h switch to adjust amount of max hops.

9.2.6.1 Troubleshooting using Netstat

Used to verify which active TCP connections are open and running on a networked host.
Lists protocols used, local address & port number, the non-local address & port number and state of connection.
Unexplained TCP connections = major security threat. performance.
Used to examine open connections on host when performance is slow.

9.2.7.1 Troubleshooting using Nslookup.

Allows end-user to look up info about a DNS name in the DNS server.
Info = IP address of DNS server being used and IP address associated with the specified DNS name.
Used for finding out if DNS server is performing name resolution as expected.

9.3.1.1 Connectivity Issues.

Use a divide-and -conquer technique to isolate problem to either wired or wireless network.

To determine this:

1. Ping from wireless client to default gateway to verify wireless client is connecting.

2. Ping from wired client to default gateway to verify wired client is connecting.

3. Ping from wireless client to wired client to verifies if IR is functioning as expected.

First isolate the problem and then correct it!

9.3.2.1 LED Indicators.

First step of troubleshooting should be to examine LEDs, regardless of the type of network.
Three types of LEDs – power, status and activity.

Power: Usually solid green. No light = no power.

Security: Solid green= security enabled.

Wireless/Internet/Ethernet Activity: Solid green = connection, no traffic.

Flashing green = connection & traffic.

Amber = device is making port adjustments.

No Light = no device connected/issue with port.

Inactive LEDs may mean: device failure, port failure, cabling issues, non-functional device.
Verify that device and ports are up and running before troubleshooting other issues.

9.3.3.1 Connectivity Problems.

Wired host cannot connect to the integrated router.

Check physical connectivity and cabling, which is one of the most common issues when experiencing inactivity.
1. Use correct type of cable. Straight-through cables/Cross-over cables. Wrong cable selection may prevent connectivity.
2. Use correct termination standards. 568A/568B. One of the main problems found in faulty networks. Do not untwist too much cable and crimp connectors on the cable jacket for strain relief.
3. Ensure maximum cable run lengths are not exceeded. E.g.: TP = 100m. Can have a negative impact on network performance if exceeded.
4. If connectivity problem, check correct ports are being used between networking devices.
5. Protect cables/connectors from physical damage. Use support on cables and prevent strain on connectors. Run cables through areas that will not be in the way.

9.3.4.1 Troubleshooting Radio Problems in a WLAN.

Wireless host cannot connect to the AP:

1. Some wireless standards are incompatible. 802.11a (5 GHz band) is incompatible with the 802.11b/g/n standards (2.4 GHz band).
2. Ensure wireless conversations are on a separate, non-overlapping channel. Configured AP to select least congested/highest throughput channel.
3. Check the NIC client utility to display signal strength and connection quality.
4. Use a Site survey to detect for other devices functioning on the same frequency due to RF signals being susceptible to interference.
5. Reduce amount of wireless clients using each channel as APs share available bandwidth between devices.

9.3.4.1 Troubleshooting Association and Authentication on a WLAN

Wireless configuration problems:

1. The SSID is a case-sensitive, alpha-numeric string – 32 characters, matching on AP and client. If the SSID is not broadcast, it must be manually configured on client. If another AP is near which is broadcasting SSID, the client can automatically associate to it.
2. If a secure form of authentication is configured (key), client and AP must be configured with same key. If not, authentication will fail and the devices will not associate.

If the client associates with AP but can’t send/receive data, then the issue may be encryption key.

9.3.6.1 DHCP Issues.

Determining if your computer is obtaining correct IP address:

IP configuration can affect the ability of a host to connect to a network.
DHCP server binds IP address to client’s MAC address and holds that info in a client table.
The client table info should match local host info in the ipconfig /all command.
Client config info does not agree with client table, then release (ipconfig /release) and renew (ipconfig /renew) to form new binding.
If wired and wireless clients can obtain correct IP config and can connect to wireless device, but cannot ping each other, then problem is most likely occurring on the wireless device.
Check all configs on device to ensure no security restrictions could be causing the issue.

Wired and wireless hosts can connect to each other, but not to the Internet

9.3.7.1 Troubleshooting the ISR to ISP connection.

If hosts on local network can connect to ISR and with other hosts on local network, but not to the Internet, then problem is connection between the ISR and ISP.
Check connectivity by viewing the ISR status page. It should show IP address assigned by ISP and indicate if connection is established.
If page shows no connection, then ISR may not be connected.
Check all physical connections and LED indicators. If modem is a separate device, check these connections/indicators too.
If ISP requires a login/password, check they are config to match the ISP.
Try re-establish connectivity by clicking Connect/IP address renew button on status page.
If ISR will still not connect, contact ISP to see if issue is occurring from their end.

If status page shows connection is up, but ping to Internet site fails, maybe is down -try another. If still unsuccessful, check if security measures are enabled which may be creating issue. E.g. :port filtering.

9.4.1.1 Documentation.

Should include a normal/baseline measurement of network performance.

Baseline:

Types of traffic normally expected and volume of traffic to and from servers/network devices. Should be documented just after the network is installed and running optimally.
Should be re-established after any major changes to network are implemented.

Topology maps, network diagrams and addressing schemes can help provide info for trouble-shooter.
Maintain documentation during troubleshooting process.

Include in documentation:

Initial problem
Steps taken to isolate problem
Results of all steps taken, successful/unsuccessful
Final determined cause of the problem
Final problem resolution
Preventative measures

9.4.2.1 Outside help sources.

If unable to determine the problem and resolution, obtain assistance from outside sources.

Help sources include:

Previously kept documentation – saves time – directs you to likely cause.
Colleagues and other network professionals – wealth of info.
Online FAQs (Frequently Asked Questions) – good source of current info.
Internet forums – assistance from around the world in real time.

9.4.3.1 Helpdesk.

Provides assistance for end-user to find if a problem exists, nature of problem, and solution.
Large IT companies run helpdesks for their products or technologies.
Helpdesk offers assistance for problems of integrating equipment into network, or problems that happen after installation.
Contact helpdesk via email, live chat, and phone.
Helpdesk can control local host through remote access, which allows them to run diagnostic programs/interact with host and network without being at a job site.
End user should give help desk as much info as possible.

The helpdesk will require info including:

Symptoms encountered.
Who encountered problem.
When problem manifests.
Steps taken to identify problem.
Results of steps taken.

A helpdesk is organized in levels of experience and knowledge.
You may go up alevel if the staff at first level cannot help you.

Record all info with helpdesk:

Time/date of call
Name/ID of technician
Problem reported
Course of action taken
Resolution/escalation
Next steps (follow-up)

Once problem is resolved, update all documentation for future reference.

Leave a Response »

Mjlilley's Blog

Cisco Disco 2 Ch. 9 Saturday, Nov 21 2009

Cisco Disco2 Ch. 8 Saturday, Nov 21 2009

Cisco Disco2 Ch. 7 Thursday, Nov 5 2009

Cisco Disco 2 Ch.6 Monday, Oct 26 2009

Cisco Disco2 Ch.5 Saturday, Oct 24 2009

Cisco Disco2 Ch. 4 Monday, Oct 19 2009

Cisco Disco 2 Ch.3 Monday, Oct 12 2009

CiscoDisco2 Ch. 2 Monday, Oct 5 2009

CiscoDisco2 CH. 1 Sunday, Oct 4 2009

Cisco Notes (Disc 1 FLEX – 2009) Ch. 9 Friday, Aug 28 2009

Pages

Categories:

Search:

Monthly:

RSS Feeds: