Blog Archives

Introducing-route-reflectors quick learning module

1/13/2014

Subnetting made easy

1/11/2014

What is “subnetting”?
“Subnetting” means we borrow some bits from the Host part to add to the Network part. This allows us to have more networks than using the default subnet mask. For example, we can borrow some bits in the next octet to make the address 11.1.0.1 belong to a different network from 11.0.0.1.

What's the benefit of subnetting?
Reduce the size of the routing tables.
Reduce network traffic. Broadcast traffic can be isolated within a single logical network.
Provide a way to secure network traffic by isolating it from the rest of the network.

3 main classes of IP address are :
Class A Range 0 - 127 in the first octet
Class B Range 128 - 191 in the first octet
Class C Range 192 - 223 in the first octet

NOTE : 0 and 127 which belongs to Class A are reserved for other purpose.

We can split IP address as mentioned below. IP address consist of 32 bits and we can write it as 4 parts having 8 bits in each

NNNNNNNN . HHHHHHHH . HHHHHHHH . HHHHHHHH
Class A [One network portion and 3 host portion]

NNNNNNNN . NNNNNNNN . HHHHHHHH . HHHHHHHH
Class B [2 network portion and 2 host portion]

NNNNNNNN . NNNNNNNN . NNNNNNNN . HHHHHHHH
Class C [3 network portion and one host portion]

At each dot imagine that there is a boundary, ie there are boundaries after bits 8, 16, 24, and 32. This is an important concept to remember.

While subnetting bits will always move to your right side.No change will occur in Octets having 255

For eg:
255.255.255.0 – here changes will takes place in fourth octect
255.255.128.0 – here changes will takes in third octect
255.255.255.128 – here changes will takes place in fourth octet

Default subnet mask of Class A : 255.0.0.0 [CIDR /8 ]
Default subnet mask of Class B : 255.255.0.0 [CIDR /16]
Default subnet mask of Class C : 255.255.255.0 [CIDR /24 ]

Now have a look at the block sizes .If you can memorize Block Size subnetting will be so easy

Important : We can find block size by reducing our CIDR value from next Boundary.

Lets have few examples

Q : What subnet does 192.168.10.25/29 belongs to ?

Our mask is /29. The next boundary is 32. So 32 - 29 = 3. Now 2^3 = 8 which gives us our block size i.e. 2 to the power of 3 equals 8. Subnet mask for /29 is 255.255.255.248

First network address : 192.168.10.0
Second network address : 192.168.10.8
Third network address : 192.168.10.16
Fourth network address :192.168.10.24
Fifth network address : 192.168.10.32

Our IP address comes in 192.168.10.24 range

Q :What is the broadcast address of the network 172.27.216.80/28

Our mask is /28.Next Boundary is 32. So 32-28 = 4 Now 2^4 =16 which gives our block size

Given network is 172.27.216.80/28 .We get block size is 16.So next network will be 172.27.216.96.Broadcast address will be the last ip address of 172.27.216.80 network.So it will be 172.27.216.95

Q : What valid host range is the IP address 172.20.232.102 255.255.255.0 a part of?

Here subnet mask is given as 255.255.255.0
Valid host = 2^[Off bits ] -2 means 2^8 -2 =254.we know 2^8 is 256.

Note :Off bits means number of 0’s . 11111111.11111111.1111111.00000000

Q: What is the first valid host on the subnetwork that the node 172.30.119.235 255.255.255.128 belongs to?

Here subnet mask is 255.255.255.128 .So from above table CIDR is /25.next boundary is 32.So 32-25 = 7 .So block size is 2^7 = 128

Network address of 172.30.119.235 is 172.30.119.128 and first valid host is 172.30.119.129
Q : What subnet does 172.16.16.25/20 belongs to ?

Our mask is /20. The next boundary is 24. So 24 - 20 = 4. Now 2^4 = 16 which gives us our block size i.e. 2 to the power of 4 equals 16. Subnet mask for /20 is 255.255.240.0

First network address : 172.16.0.0
Second network address : 172.16.16.0
Third network address : 172.16.32.0

3 Comments

CCNP – Important Switch Commands

1/9/2014

0 Comments

Switch command for Voice (IP Phone

Switch command for HSRP (First Hop Redundancy)

First Hop Redundancy With VRRP

First Hop Redundancy With GLBP

IPSLA ( IP Service Level Agreements )

Private VLANs (Technic)

Authentication with 802.1x

VACLs / VLAN Access Maps

Spanning Tree Customization

Private VLANs

IP Source Guard

DHCP Snooping

0 Comments

NAT/PAT best example vs. traffic sourced from router

1/9/2014

0 Comments

I can bet that you say that to configure NAT/PAT, ip nat inside and ip nat outside commands are always needed. I will show you example where we can translate IPs just with ip nat outside.

Specific exception is traffic generated from the router itself. Let’s play with NAT, configure PAT with simple ACL and compare difference for traffic generated from host that resides behind the router and for traffic from the router itself.

I would to translate all traffic from LAN network to Internet and will use fa0/0 interface IP. Instead use specific subnet IP I’m going to configure any/any in ACL (this will make me in trouble ). I just configure ip nat outside command under fa0/0 interface that simulates internet subnet.

Here you are my base config. R1 and R2 are connected directly via fa0/0 interfaces.

Let’s first generate telnet traffic from the host.

As you see user has been connected from 192.168.1.105.

At R1 no translation appear, so NAT does not work and user’s telnet traffic has been simply routed with translation. To resolve this problem ip nat inside under int fa0/1 needs to be added.
Before we add it let’s generate test traffic from router itself.

NAT is working fine without ip nat inside even if we generated traffic with source fa0/1, telnet traffic has been translated to fa0/0 10.0.12.1.

Translation has been added.
What about traffic generated from the router itself. Let’s ping R2.

R1 has translated own generated traffic. This test show us one important issue that can influence traffic from and to router. Because NAT is enabled on outside interface via ip nat outside command router verifies NAT policy, traffic matches ACL and source IP is translated to fa0/0 interface IP. For traffic passing thru the router for example from the host behind the router ip nat inside and ip nat outside commands are required to properly NAT traffic. Because NAT works also for traffic generated from the router itself even if we have just ip nat outside configured under outside interface traffic from the router will be translated. Important thing is to properly define source and/or destination traffic in ACL otherwise all traffic that match ACL will be nated. Improper ACL configuration can break our management traffic and thus we lose access to our box.
For example. I have configured simple PAT but didn’t add ip nat outside yet to fa0/0. I was able to established telnet session to the router. Once I added ip nat outside router started translate source TCP port due to PAT configured so port TCP 23 has been translated to TCP 3. Then TCP stack on PC from where I’m trying connect will drop these packets because they are not related to this session (wrong source port). If you would like to establish new telnet session to R1 from R2 you will get the same issue, R2 will sent SYN/ACK to reponse for SYN packet but source port 23 will be translated to different one, R2 will replay via RST packet because of wrong source port. Hope it was interesting post for you.

0 Comments

OSPF Area Types and LSA Propagation

1/9/2014

0 Comments

The idea of this post is to show the LSA propagation manner depending on area type.

OSPF routing protocol has hierarchical network topology that use concept of area. OSPF area reduces the protocol’s impact on CPU and memory. Resources can be saved by blocking the propagation of some type of LSA to specific areas. Lets recall the LSA types to see how they are propagated between areas.

LSA Types

LSA 1 – O, Router LSA contains all Link IDs – network, generated by every router and is local to the area
LSA 2 – O, Network LSA contains all routers attached to the segment, generated by DR and is local to the area
LSA 3 – O IA, Network Summary LSA describes network from another area, generated by ABR and is propagated between areas
LSA 4 – O IA, Summary ASB Link States, generated by the ABR and is propagated between areas
LSA 5 – O E1, O E2, External Link States, generated by ASBR and is propagated between areas
LSA 7 – O N1, O N2, NSSA External Link States, generated by ASBR into NSSA area and is propagated into area 0 as E1 or E2

Knowing the LSA types we have to state one important OSPF protocol rule that allows devides entire OSPF domain to smaler areas. A OSPF router must share an identical link-state database only with the other routers in its area, not with the entire OSPF domain. Does it mean for example that internal router in area 2 does not need to know about LSA generated by the internal router in area 1 or by ASBR in area 3 that redistributes routes from another routing domain.

Basically OSPF area types can be devided into three types: Normal/Standard Area, Stub Area and Not-So-Stubby. The difference is that Standard gets all LSA types but Stub and Not-So-Stubby Areas have some LSA limitation. It’s worth to mention that OSPF have few variations of Stub and Not-So-Stubby. Below you can find OSPF domain diagram that shows which LSA type is or is not propagated into specific area type and explanation of each area type.

Here you are the basic keyword and rule that help you understand the concept:

Words “Totally Stubby” = “no-summary” keyword in the area type command definition = no LSA Type 3,4 and 5 propagation into area instead ABR produce default route as Intra Area LSA (O*IA 0.0.0.0/0) into Totally Stubby Area.

Stub Area – area <area> stub

Allows propagation of LSA type 1,2 and 3 additionally with default route as Intra Area LSA format (O*IA 0.0.0.0/0)

Blocks propagation of LSA type 4 and 5

Stub area can not be a transit area for Virtual link, but a GRE tunnel can be used instead
Stub area can not have an ASBR
The Backbone area can not be configured as a Stub area
No LSA type 4 and 5 (E1 or E2) is allowed in a Stub area, but the routers in the Stub Area can connect to the External routes via the default route that is injected into the area by the ABR
Every router and the ABR of that area should have “area <area> stub” command
By default, the cost of the default route is 1
The cost of the default route can be changed by “area <area> default-cost <cost>”

Totally Stubby – area <area> stub no-summary

Allows propagation of LSA type 1 and 2 additionally with default route as Intra Area LSA format (O*IA 0.0.0.0/0)

Blocks propagation of LSA type 3,4 and 5

This area has the same features as standard Stub Area
Only ABR has to be configured with the “no-summary” keyword in area definition
Intra area routers in the Totally Stubby area should have “area <area> stub” command only

Not-So-Stubby – area <area> nssa

Allows propagation of LSA 1, 2, 3 and 7

Blocks propagation of LSA type 3,4 and 5, no default route

All Intra Area routers in the Not-So-Stubby area should have “area <area> nssa” configured
Not-So-Stubby area can not be a transit area for Virtual link, but a GRE tunnel can be used instead
No LSA type 3,4 and 5 (E1 or E2) is allowed in a Not-So-Stubby area, but external routes can be injected into area and appear as LSA type 7, then translated on the ABR to LSA type 5
Not-So-Stubby area can have an ASBR
The backbone area can not be configured as a Not-So-Stubby area

Totally Stubby Not-So-Stubby – area <area> nssa no-summary

Allows propagation of LSA 1 and 2 additionally with default route as Intra Area LSA format (O*IA 0.0.0.0/0)

Blocks propagation of LSA type 3,4 and 5

This area has the same features as standard Not-So-Stubby the only one difference is that default route as Intra Area LSA format (O*IA 0.0.0.0/0) is produced

Not-So-Stubby – area <area> nssa default-information-originate

Allows propagation of LSA type 1, 2, 3 and 7 additionally with default route as LSA type 7 Eternal 2 LSA format (O*N2 0.0.0.0/0)

Blocks propagation of LSA type 4 and 5

This area has the same features as standard Not-So-Stubby the only one difference is that default route as LSA type 7 Eternal 2 LSA format (O*N2 0.0.0.0/0) is produced

Totally Stubby Not-So-Stubby – area <area> nssa no-summary no-redistribution

Allows propagation of LSA 1 and 2 additionally with default route as Intra Area LSA format (O*IA 0.0.0.0/0)

Blocks propagation of LSA type 3,4 and 5

This area has the same features as standard Not-So-Stubby the only one difference is that prefixes that have been redistributed on the ABR will not be propagated into area

0 Comments

Highly Important EIGRP – Fast Track Notes

1/8/2014

0 Comments

Here you are my fast notes regarding EIGRP.

IP Protocol: 88, Uses Multicast IP: 224.0.0.10
Protocol Dependent Modules (IP, IPX, Appletalk)

Determining Loop Free Path

Feasibility Condition (AD<FD) must be meet
Split-Horizon – never advertise a route out of the interface through which you learned it

Reliable Transport Protocol (RTP)

Packets (reliable delivery and packets will be delivered in order – waits for ACK)

Guaranteed delivery > reliable multicast and confirmation reply as unicast ACK

Ordered delivery > 2 sequence number in EIGRP packet (incremented seq each pack. and last received seq)

HELLO – multicast, unreliable
ACK – (it Hello packet with no data in them), unicast, unreliable
UPDATE – include route info, multicast/unicast, reliable
QUERY – manage DUAL computation, multicast or unicast, reliable
REPLAY – manage DUAL computation, unicast, reliable
If packet is reliable/multicast and ACK is no received from the neighbor
- Then packet is retransmitted as a unicast to unresponding neighbor
- If ACK is not received after 16 unicast retransmission > neighbor is dead
- Timers – calculated based on the Smooth Round Trip Time (SRTT)>average time between transmission of packet to the neighbor and the receipt of an ACK
- Multicast Flow Timer – time to wait for ACK before switching from multicast to unicast
- Retransmission Timeout (RTO) – time between subsequent unicast packets

Neighbor Discovery/Recovery

Hello – 5/60 seconds – ip hello-interval eigrp
Hold-Time – 15/180 – ip hold-time eigrp

DUAL – Diffusing Update Algorithm

Feasible Distance – lowest calculated metric to the destination
Successor – router (next-hop) with the lowest (best) metric to the destination
Feasible Successor – one of the backup of Successor that meets Feasibility Condition

Before DUAL compute the metric following have to take place

Establish adjacency between neighbors
Updates exchange
DUAL calculates metric based on the received Advertised Distance from the neighbor + cost to the neighbor
Lowest calculated metric is Feasible Distance (FD), router that advertised this metric isSuccessor
Successor’s router with the best metric is RIB
If the Feasibility Condition is meet when AD<FD (FD of current successor) [Loop Free condition]
If neighbor’s AD to the destination meets the FC neighbors become a Feasible Successor. FS can be elected as Successor when current Successor goes down and if has the lowest metric to the destination with comparison with other Feasible Successors

DUAL Finite State Machine

If FS can’t be found in the Topology Table, then router begins a Diffusing computation and route is Active
Router sends Query to all of it’s neighbors
If Neighbor has one or more Feasible Successors for the destination it will send reply to the questioning router
If Router doesn’t receive reply to query in Active time, route is declared Stuck-In-Active (SIA)
Neighbors that didn’t reply will be removed from the neighbor table

METRIC (BW, Delay, Load, Reliability)

M = (10 000 000 /minBW + DLY/10 [in 10 micro sec])*256

traffic-share balanced

Bandwidth— A value represented as the smallest bandwidth between the source and destination
Delay— The collective delay of interfaces along the path
Reliability— The lowest (worst) reliability along the network path
Load— Represented by the worst load on a connection between the source and destination, in bps
MTU— The smallest maximum transmission unit value in the path
K1 = bandwidth
K2 = load
K3 = delay
K4 = reliability
K5 = MTU

Default EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

Stuck-In-Active (SIA)

timers active-time 3
timers active-time disabled
Stub and Summarization allows to reduce sending of Query to neighbors
show ip eigrp topology all-links – shows routes that are not Feasible Successors

0 Comments

CCNA Planning & Designing

1/8/2014

1 Comment

www.examdump.net

Question 1:
Which of the following host addresses are members of networks that can be routed across the public Internet?(Choose three.)
A. 10.172.13.65
B. 172.16.223.125
C. 172.64.12.29
D. 192.168.23.252
E. 198.234.12.9
F. 212.193.48.254

Answer: CEF

Explanation:
Private IP address scheme
Class A: 10.0.0.0 – 10.255.255.255
Class B: 172.16.0.0 – 172.31.255.255
Class C: 192.168.0.0 – 192.168.255.255
Other then private ip addresses remaining IP’s addresses are routed across internet.

Question 2:
Given a subnet mask of 255.255.255.224, which of the following addresses can be assigned to network hosts?
(Choose three.)
A. 15.234.118.63
B. 92.11.178.93
C. 134.178.18.56
D. 192.168.16.87
E. 201.45.116.159
F. 217.63.12.192

Answer: BCD

Explanation:
For calculating network hosts range for subnet 255.255.255.224
Simple method to find out network subnet is 256 -224 = 32
Write down the multiples of 32 to get subnet networks
Host range for subnet 255.255.255.224 are between this ranges below
0 ----- 31 (0 is network address and 31 is broadcast address)
32 -----63
64 -----95
96 -----127
128 ----159
160---- 191
192 ----223
224 ----255

Question 3:
When variable length subnet masking is used, what does the term route aggregation describe?
A. calculating the total number of available host addresses in the AS
B. combining routes to multiple networks into one supernet
C. reducing the number of unusable addresses by creating many subnets from one supernet
D. reclaiming unused address space by changing the subnet size

Answer: B

Explanation:
Route aggregration is an effort to route smaller prefixes via an aggregated larger prefix (supernetting). The advantage is obvious: Many /24 networks, for example, could be aggregated to larger networks like /23, /22 or even bigger prefixes.

Question 4:
ABC Company is merging with several local businesses that use routers from multiple vendors. Which routing protocol would work best to connect ABC Company with the enterprise networks it has acquired by providing scalability and VLSM support while minimizing network overhead?

A. RIP v1
B. RIP v2
C. IGRP
D. OSPF
E. EIGRP

Answer: D

Explanation:
Since only OSPF,EIGRP and RIPv2 supports VLSM in above options. It requires working with multi vendor and providing scalability OSPF is best choice of the three mentioned.

Question 5:
Which of the following IP addresses fall into the CIDR block of 115.64.4.0/22? (Choose three.)
A. 115.64.8.32
B. 115.64.7.64
C. 115.64.6.255
D. 115.64.3.255
E. 115.64.5.128
F. 115.64.12.128

Answer: BCE

Explanation:
/22 is 8bits + 8bits + 6bits i.e 11111111.11111111.11111100.0
Third octet 11111100 = 128+64+32+16+8+4
= 252 therefore subnet mask is 255.255.252.0
Subnet networks are 256-252= 4
Host range for above subnet are
0------- 3
4 ------ 7

Host that fall under 115.64.4.0 /22 networks are
4 5 6 7

Question 6:
In the implementation of VLSM techniques on a network using a single Class C IP address, which subnet mask is the most efficient for point-to-point serial links?
A. 255.255.255.0
B. 255.255.255.240
C. 255.255.255.248
D. 255.255.255.252
E. 255.255.255.254

Answer: D

Explanation:
For point-to-point serial link exist only two hosts so the best possible subnet mask for two useable hosts for class C network is 255.255.255.252

Question 7:
Which statements are true regarding classless routing protocols? (Choose two.)
A. The use of discontiguous subnets is not allowed.
B. The use of variable length subnet masks is permitted.
C. RIP v1 is a classless routing protocol.
D. IGRP supports classless routing within the same autonomous system.
E. RIP v2 supports classless routing.

Answer: BE

Question 8:

The company internetwork is subnetted using 29 bits. Which wildcard mask should be used to configure an extended access list to permit or deny access to an entire subnetwork?
A. 255.255.255.224
B. 255.255.255.248
C. 0.0.0.224
D. 0.0.0.8
E. 0.0.0.7
F. 0.0.0.3

Answer: E

Explanation:
29 bits subnet is 8bits + 8bits + 8bits + 5bits
255.255.255.(5bits)
11111000 = 128+64+32+16+8+0+0+0
= 248
Subnet is 255.255.255.248
Simple method to calculate the Wildcard mask from known subnet is to
Reverse 1’s into 0’s and 0’s into 1’s from the binary representation of subnet.
For above example (248 = 11111000 subnet)
11111000 (subnet) = 00000111 (wildcard mask) last octet.
= 7 (wildcard mask) for last octet.
Converting the remaining first 3 octets of subnet into wildcard mask using above method
Resulted wildcard mask is 0.0.0.7

Question 9:
The MDA Company is implementing dialup services to enable remote office employees to connect to the local network. The company uses several different Layer 3 protocols on the network. Authentication of the users connecting to the network is required for security. Additionally, some employees will be dialing long distance and will need callback support. Which protocol is the best choice for these remote access services?
A. 802.1
B. Frame relay
C. HDLC
D. PPP
E. SLIP
F. PAP

Answer: D

Question 10:
Refer to the diagram. All hosts have connectivity with one another. Which statements describe the addressing scheme that is in use in the network? (Choose three.)
Add caption

A. The subnet mask in use is 255.255.255.192.
B. The subnet mask in use is 255.255.255.128.
C. The IP address 172.16.1.25 can be assigned to hosts in VLAN1
D. The IP address 172.16.1.205 can be assigned to hosts in VLAN1
E. The LAN interface of the router is configured with one IP address.
F. The LAN interface of the router is configured with multiple IP addresses.

Answer: BCF

Question 11:
Which routing protocols will support the following IP addressing scheme? (Choose three.)
A. RIP version 1
B. RIP version 2
C. IGRP
D. EIGRP
E. OSPF

Answer: BDE

Question 12:
A company with 25 computers decides to connect its network to the Internet. The company would like for all of the computers to have access to the Internet at the same time, but the company only has four usable public IP addresses. What should be configured on the router so that all computers can connect to the Internet simultaneously?
A. static NAT
B. global NAT
C. dynamic NAT
D. static NAT with ACL’s
E. dynamic NAT with overload

Answer: E

Question 13:
A network administrator would like to implement NAT in the network shown in the graphic to allow inside hosts to use a private addressing scheme. Where should NAT be configured?

A. Corporate router
B. Engineering router
C. Sales router
D. all routers
E. all routers and switches

Answer: A

Question 14:
Which of the following describe private IP addresses? (Choose two.)
A. addresses chosen by a company to communicate with the Internet
B. addresses that cannot be routed through the public Internet
C. addresses that can be routed through the public Internet
D. a scheme to conserve public addresses
E. addresses licensed to enterprises or ISPs by an Internet registry organization

Answer: BD

Question 15:
Refer to the graphic. A host is connected to switch port Fa0/3 with a crossover cable. The host and switch have been fully configured for IP connectivity as shown. However, the port indicator on switch port Fa0/3 is not on, and the host can not communicate with any other hosts including those connected to VLAN 2 on the same switch. Based on the information given, what is the problem?
http://www.examdump.net/latest-dumps.html

A. Switch port Fa0/3 is not configured as a trunk port.
B. The cable is the wrong type.
C. The switch has been assigned an incorrect subnet mask.
D. Switch port Fa0/3 has been blocked by STP.
E. The switch and the hosts must be in the same subnet.

Answer: B

Explanation:
Straight through cable is used to connect a host to switch.

Question 16:
What kind of cable should be used to establish a trunked link between two Catalyst 2950 switches?
A. a straight-through cable
B. an EIA/TIA-232 serial cable
C. an auxiliary cable
D. a modem cable
E. a cross-over cable

Answer: E

Explanation:
Cross-over cable is used to connect two switches.

Question 17:
What is the purpose of Spanning Tree Protocol?
A. to prevent routing loops
B. to create a default route
C. to provide multiple gateways for hosts
D. to maintain a loop-free Layer 2 network topology
E. to enhance the functions of SNMP

Answer: D

Question 18:
The network 172.25.0.0 has been divided into eight equal subnets. Which of the following IP addresses can be assigned to hosts in the third subnet if the ip subnet-zero command is configured on the router? (Choose three.)
A. 172.25.78.243
B. 172.25.98.16
C. 172.25.72.0
D. 172.25.94.255
E. 172.25.96.17
F. 172.25.100.16

Answer: ACD

Question 19:
Which wild card mask will enable a network administrator to permit access to the Internet for only hosts that are assigned an address in the range of 192.168.8.0 through 192.168.15.255?
A. 0.0.0.0
B. 0.0.0.255
C. 0.0.255.255
D. 0.0.7.255
E. 0.0.3.255

Answer: D

Question 20:
The exhibit shows a company network. The network administrator would like to permit only hosts on the 172.30.16.0/24 network to access the Internet. Which wild card mask and address combination will only match addresses on this network?

A. 172.30.0.0 0.0.0.0
B. 172.30.16.0 0.0.0.255
C. 172.30.0.0 0.0.15.255
D. 172.30.16.0 0.0.31.255
E. 172.30.16.0 0.0.255.255

1 Comment

Introducing-route-reflectors quick learning module

Subnetting made easy

CCNP – Important Switch Commands

NAT/PAT best example vs. traffic sourced from router

OSPF Area Types and LSA Propagation

Highly Important EIGRP – Fast Track Notes

CCNA Planning & Designing

Archives

Categories