Sunday, February 21, 2016

Stack switches

Image result for cisco stack switch


  • Stack-wise and stack-wise plus
  • source and destination stripping 
  • stack member numbers
  • priority values
  • stack master election process
  • configuration manager
why, need stacked switch?
high end platform switches, modular switches (chasis, supervisor and line cards) which can function as data plane and supervisor takes care of control plane 

Cisco wanted to implement the same technology to lower end switches by using stacking cables.
stack? connect more than 9 switches not all switches can form a stack 
there are very specific setup can form a stack 3750x and 3750e 

by connecting switches with stacking propitiatory cable one switch will act as  single entity one of the switches will be considered as MASTER and the other switch will as a member

and any control plane traffic will be taken care by the MASTER and the data plane will be take care by both switches 

any configuration you do in an existing stack will get sync with the members.

stack cables has greater capacity such as 6500 will give greater back plane speed

stack protocol 







show switch
show  platform stack ports
show platform stack manager





















Posted by at No comments:

Wednesday, December 16, 2015

NAT

IP NAT configuration

  1. IP NAT inside interface 
  2. IP NAT outside  interface
  3. ip nat statements
  4. access list


ip nat pool mypool 198.181.18.15 198.181.18.10 netmask 255.255.255.248

access-list 1 permit 192.16.10.32 0.0.0.15

ip nat inside source list 1 pool mypool overload


Posted by at No comments:

Tuesday, December 15, 2015

SPAN

Switch port monitor analyzer SPAN
monitor traffic on specific port, or port mirroring

R1(config)#monitor session 1 source interface fastEthernet 0
R1(config)#monitor session 1 source interface fastEthernet 1
Posted by at No comments:

Monday, December 14, 2015

IPv4 & IPv6 Addressing

Great comparing between IPv4 and IPv6



IPv4 address
32-bit
4 Octets
8 bit an octet (8bits.8bits.8bits.8bits) = 32
8bits  = 1 byte
1 byte.1 byte.1 byte.1 byte = 4 bytes

 IP Classes
Class A 1 - 126       /8
Class B 128 - 191   /16
Class C 192 - 223   /24
Class D 224 - 239 unicast and multicast
Class E 240 - 256

8 bit representation

128   64   32   16   8    4    2    1 

IPv6 shortcuts

 0004:0000:0000:0000:0000:00FD:000C:0082

 Every 4 Zeros can be 1 Zero

 0004:0:0:0:0:00FD:000C:0082

 Leading Zeros can be removed

 4:0:0:0:0:FD:C:82

 Double colon can be used to eliminate similar spaces 

 4::FD:C82

 Max 1 time Double Colon

 ::

 BB::1

 LLA   FE80 
Link Local Address (which is similar APIPA for ipv4 )

 Stateless (autoconfigure)

 11:22:33:44::/64
IPv6 subnet mask
the first 64 bits is Network prefix the remaining is Client or user Prefix or ID

 how to determine your subnet mask
1- figure out how many users IDs need 
example : 14 users 
how many bits give 14 ?
2^4=16 

 4 - 128 bits = 124 is the mask needed for 12 client IDs

11:22:33:44::/124


 Auto Configure works?
it a new feature for ipv6 which creates a unique IPv6 address by utilizing the existing 48bit MAC address for physical NIC with insertion of FFFE in the middle of the MAC address



 Statefull (DHCPv6)




























Posted by at No comments:

SSH

Secure Shell or Secure Socket Shell, is a UNIX based command interface and protocol for securely getting access to a remote computer.
SSH is a suite of three utilities (slogin, ssh and scp)  are encrypted and secured, both ends of client/server connection are authenticated using a digital certificate.
SSH uses RSA public key cryptography for both connection and authentication. Encryption algorithms include Blowfish, DES, and IDEA
IDEA is default algorithm
SSH2 is the latest version, proposed by IETF

SSH uses port 22

Basic SSH configuration for cisco router
create user name and password

1- R2(config)#username cisco password cisco

2- Create domain-name
R2(config)#ip domain-name SSH-lAB

3- Generate Certificate
R2(config)#crypto key generate rsa
The name for the keys will be: R2.SSH-lAB
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 512
% Generating 512 bit RSA keys ...[OK]

R2(config)#
*Mar  1 00:33:04.371: %SSH-5-ENABLED: SSH 1.5 has been enabled

 4- Apply SSH to interface or VTY
R2(config-line)# login local
R2(config-line)#transport input ssh


R1#ssh -l cisco 192.168.10.2
Password: 
R2>ena
Password: 
R2#

R1#show crypto key mypubkey rsa
% Key pair was generated at: 00:14:35 UTC Mar 1 1993
Key name: R1.SSH-LAB
 Usage: General Purpose Key
 Key is not exportable.
 Key Data:
  305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00A845F2 99A0B9D0
  B663F008 435F3C6A AF7F53D7 9CDEB6B9 3389F2D2 EB5852D7 DB21FAA7 8D9BA489
  CA71E6C5 BD00087D BBE2C833 C8172E57 58E1A6F3 BC58A5F2 91020301 0001
% Key pair was generated at: 00:14:37 UTC Mar 1 1993
Key name: R1.SSH-LAB.server
 Usage: Encryption Key
 Key is not exportable.
 Key Data:
  307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B0CA71 FC7EF3BC
  702FBE93 5CCAA2E9 866F5642 3FD3E12B 566BF63A 72967FF7 BE73EBA5 1DC109A8
  F544DA83 87B938DD 61D0FECE 55ACBD86 2FEAF66A 9E5526C8 2E53B9D5 63814B6B
  5D3F8F72 ECAA8FA8 952DC75F 2F21C857 FB4358C4 9287F907 B1020301 0001








Posted by at No comments:

Thursday, December 10, 2015

WAN Technologies

WAN connection types

  • DSL modem 
  • Cable modem
  • Satellite
  • Wireless 4G LTE/ Wimax
  • T1 Lines
  • Fiber
More bandwidth gain

Metro Ethernet (MAN) based on ethernet used fiber optics to connect buildings together 
Easily connects with LAN
less expensive 
Synchronous Optical network (SONET): a fiber optic multiplexing standard that allows multiple channels of  communication to share a fiber optic cable

Metro Ethernet typical speeds 10 Gbps, 40 Gbps, 100Gbps

Metro ethernet is a way we coule interconnect sites within single metropolitan area network

-VSAT: very Small Aperture Terminal (VSAT)
A WAN Technology that uses small satellite dishes instead at network locations for two-communications via a satellite.

VSAT Characteristics:
  • Two way satellite communication
  • Satellite dish is less than 3 meters
  • Useful for locations that can't have a wired connection 
  • Data rates typically in the range of 56Kbps - 4 Mbps
  • Data experiences more delay
  • Sensitive to weather condition 
Cellular 3G/4G
G: stands for Generation
standards defined by the international  telecommunications union  radiocommunication sector
LTE Long Time Evolution is commonly offered as 4G technology

MPLS:
Multi-protocol label switching 
Makes forwarding decision based on a 20-bit label in a 32-bit header
The idea behind MPLS ( instead of having routers forward traffic based on destination IP address found in layer 3 header of a packet, we can assign labels to packets and routers within MPLS could can make forwarding decision based on label instead of ip address.

Routing based on a label rather than an ip address was originally viewed to be much more efficient way of forwarding traffic within a cloud
other advantages for MPLS 
  • services provider can isolate customers traffic based on different labels 
  • advance traffic engineering  that gives us a fine level of control as of how traffic is going flow through our the network
  • quality of service (QoS) we can treat different types of traffic differently
  •  MPLS ability to be compatible with multiple protocols
How MPLS labeling works
MPLS is going to injects its 32-bit header in between L2 and L3 headers and inside that 32-bit header we have 20-bit label (that is the label the routers look at to make its forwarding decision)
different devices on the MPLS network are going to play different rules
CPE (Customer Premise Equiment) a device at customers site that connects to an MPLS provider, ELSR (Edge label Switch Router) a device at the edge of an MPLS cloud that adds lables to traffic coming into the cloud and removes labels from the traffic leaving the cloud (note: an ELSR also know as a PE (provider edge router), LSR (Label Switch Router) a device inside an MPLS cloud that relables traffic and makes forwarding decisions based on those labels (note: an LSR is also know as P Provider Router)
its important to understand that, a packet does not keep its label thoughout the MPLS cloud every LSR hop is going to change the label  

Leased Line T1, E1 T3 and E3 Circuits
Typically, a point-to-point connection that interconnects two sites and provides dedicated bandwidth to the subscribers 




















Posted by at No comments:

Frame Relay

Frame Relay: 
A layer 2 WAN technology that sends frames over virtual circuits (VCs) that are identified by (DLCI) Data Link Connection Identifier number.

 Virtual Circuit (VC): a logical connection between two ends.

Switched Virtual Circuits (SVC) 
A virtual circuit that is brought up on an as-needed basis

Permanent Virtual Circuit (PVC)
A virtual circuit that is always active

Data-Link Connection Identifier (DLCI)
A locally siginificant number that identifies a virtual circuit (VC)

 Point-to-Point Circuit
A single VC interconnecting two endpoints, where both endpoints belong to the same IP subnet

Point-to-Multipoint Circuit
A connection from one end to one or more other endpoints, where all end points belong to the same IP subnet

Service Level Agreement
An agreement between a service provider and their customer, describing the level of  service the service provider guarantees  for a specific connection, which guarantee a minimum level of service

Committed Information Rate (CIR)
A bandwidth amount a service provider guarantees to be available, a certain percentage of the time, on a customer's virtual circuit.

Discard Eligibility (DE) bit
A bit in frame relay frame's header that indicates the frame was sent in excess of the CIR and can be discarded by the service provider if congestion is occurring

Backward Explicit Congestion Notification (BECN)
A bit in a frame relay frame's header used to tell a sender to slow down its transmission rate

Forward Explicit Congestion Notification (FECON)
A bit in a Frame relay frame's header used to tell a receiver to send a frame to the sender, which the service provider will mark with a BECN bit





























Frame_relay will be sending data over DLCI (Data Link connection Identifier) known as layer 2 addresses

Frame - LMI type
R3(config-if)#frame-relay lmi-type ?
cisco
ansi  
q933a





Configuring and verifying  Frame_Relay with GNS3

  1. Frame_Switch(config)#frame-relay switching
  2. Frame_Switch(config-if)#encapsulation frame-relay
  3. Frame_Switch(config-if)#frame-relay intf-type dce 
  4. Frame_Switch(config-if)#frame-relay route 102 interface serial 1/1 201
  5. Frame_Switch(config-if)#frame-relay route 103 interface serial 1/2 301



  1. R1(config-if)#encapsulation frame-relay
  2. R1(config-if)#ip address 10.1.1.1 255.255.255.0
  3. R1(config-if)#no shut
the same config goes for R2 and R3 


Frame_Switch(config-if)#frame-relay route 102 interface serial 1/1 201
frame-relay                  Set frame relay parameter
route                            frame relay route for pvc switching
<16-1007>                  input dlci to be switched
interface                      outgoing interface for pvc switching
<16-1007>                  output dlci to use when switching






Posted by at No comments:
Subscribe to: Comments (Atom)