Certainly the Cisco 3550 and probably other Cisco IOS devices don't have the option to change the configuration register from the default. Now my C3550s have a value of 0x10F. This is different from your average, and the well-drummed-into-you-from-the-CCNA-to-CCNP, router and switch. This makes it difficult to understand why you can't issue the config-register command at any point while messing with you lab or production device.
I had a bit of trouble finding this out via the DocCD i.e. Cisco's on-line version of it that is now a CCIE must-have here:
http://www.cisco.com/cisco/web/psa/default.html?mode=prod
and ended back with Google and found this reference:
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_example09186a0080169623.shtml#concept5
So, you can't edit it and you can't use it to password recover. To do that you need to clear the systems files by reloading the unit by holding down one of the buttons on the front of the device and getting into the initial system configuration and changing name of the config.txt to config.old and re-loading the whole thing once the passwords have been reset. It's a little more involved than that but it'll get you there if you follow Cisco's advice here:
http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml
So, that's done now. Time to move on.
Saturday, 10 July 2010
Thursday, 1 July 2010
CCIE R&S and SP
I was looking at which route would serve me best. I think R&S is good because it's the most accessible in terms of location to take the lab and the quantity of resources to learn from but I've an interest in ISIS, both Integrated and pure CLNS. This is due to the large network at my current work place. So, I had a search around the syllabuses and there it was, in black and white, - no current ISIS or CLNS component in the R&S track but there in the SP (sorry for not clarifying this earlier but that's Service Provider).
The two documents are easily found on the Cisco Learning Network:
Again you'll have to log in to see these.
The lab equipment and the IOS versions looked very similar in both. I have my home lab setup to cover a good portion of this and with the two new routers I've ordered (I have a very good contact if anyone needs super support and quality goods in the UK) should take me to a point where I can work on nearly all of this in my own time.
Both tracks have a lot more similarities than difference so I've got to take time to work out which one I'll go for (if I actually do).
In the mean time I need to get down and dirty with pure CLNS and solve issues with secure access and work out if I need to spend bags of cash on training or training material. So far the INE has been recommended to me and the mountains of offers from Google seem to be too good to be true - pass for sure with just 5 days time in their labs etc. Umm?
I'm hoping work will offer me some support in payment for all the training I do and all the extra work and money I've saved them. Here's hoping.
Oh, INE can be found here:
Wednesday, 30 June 2010
The Routing Table: Level 1 & 2 Routes etc.
While it has always been a clear and present friend, the routing table baffled me at the lowest level of understanding. Why does it say what it says? Why does the logic confuse me at times? Why do I get the outputs from 'sh ip route' like this below?
3550-01(config-if)#do s ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
171.173.0.0/30 is subnetted, 2 subnets
D 171.173.0.4 [90/156160] via 172.16.0.50, 00:45:36, FastEthernet0/3
D 171.173.0.0 [90/156160] via 172.16.0.50, 00:45:36, FastEthernet0/3
50.0.0.0/32 is subnetted, 1 subnets
S 50.50.50.50 is directly connected, FastEthernet0/3
35.0.0.0/32 is subnetted, 2 subnets
C 35.35.35.35 is directly connected, Loopback1
S 35.2.35.2 is directly connected, GigabitEthernet0/2
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.1.3.0/30 is directly connected, FastEthernet0/21
D 2.1.0.0/16 is a summary, 01:11:59, Null0
53.0.0.0/32 is subnetted, 1 subnets
C 53.53.53.53 is directly connected, Loopback2
C 172.17.0.0/16 is directly connected, FastEthernet0/4
C 172.16.0.0/16 is directly connected, FastEthernet0/3
D 172.19.0.0/16 [90/2172416] via 172.21.0.62, 01:10:15, FastEthernet0/2
[90/2172416] via 172.17.0.62, 01:10:15, FastEthernet0/4
[90/2172416] via 172.16.0.62, 01:10:15, FastEthernet0/3
[90/2172416] via 172.16.0.50, 01:10:15, FastEthernet0/3
D 172.18.0.0/16 [90/2172416] via 172.20.0.61, 01:10:14, FastEthernet0/1
[90/2172416] via 172.17.0.61, 01:10:14, FastEthernet0/4
[90/2172416] via 172.16.0.61, 01:10:14, FastEthernet0/3
[90/2172416] via 172.16.0.50, 01:10:14, FastEthernet0/3
C 172.21.0.0/16 is directly connected, FastEthernet0/2
C 172.20.0.0/16 is directly connected, FastEthernet0/1
D 172.22.0.0/16 [90/284160] via 172.21.0.61, 01:10:15, FastEthernet0/2
[90/284160] via 172.20.0.61, 01:10:15, FastEthernet0/1
[90/284160] via 172.17.0.61, 01:10:15, FastEthernet0/4
[90/284160] via 172.16.0.61, 01:10:15, FastEthernet0/3
C 172.35.0.0/16 is directly connected, FastEthernet0/17
C 192.168.4.0/24 is directly connected, FastEthernet0/23
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, GigabitEthernet0/2
11.0.0.0/30 is subnetted, 3 subnets
C 11.11.0.12 is directly connected, Loopback3
C 11.11.0.16 is directly connected, Loopback4
C 11.11.0.20 is directly connected, Loopback5
62.0.0.0/32 is subnetted, 1 subnets
S 62.62.62.62 is directly connected, FastEthernet0/3
61.0.0.0/32 is subnetted, 1 subnets
S 61.61.61.61 is directly connected, FastEthernet0/3
C 192.169.0.0/16 is directly connected, Loopback6
Well, I finally tried to solve this and it wasn't that hard. Better than reverse engineering it as I had been trying to do. I found this document via the CCIE learning site at Cisco.com:
https://learningnetwork.cisco.com/docs/DOC-5923
You need to sign up and login to read it but it clearly shows what's needed. Again, Cisco come out tops on the info available and the standard of the information presentation.
The routing table does the below logic to speed up look-up and ultimately processing.
So, know that if the mask of the known network is equal to or less than the classful network mask you'll get a 'Level 1' route.
If the mask is greater than the classful mask you'll get your route along with the level 1 'parent' and a description of it's subnets. This is a level 2 route i.e. a child of a level 1 route.
35.0.0.0/32 is subnetted, 2 subnets
3550-01(config-if)#do s ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
171.173.0.0/30 is subnetted, 2 subnets
D 171.173.0.4 [90/156160] via 172.16.0.50, 00:45:36, FastEthernet0/3
D 171.173.0.0 [90/156160] via 172.16.0.50, 00:45:36, FastEthernet0/3
50.0.0.0/32 is subnetted, 1 subnets
S 50.50.50.50 is directly connected, FastEthernet0/3
35.0.0.0/32 is subnetted, 2 subnets
C 35.35.35.35 is directly connected, Loopback1
S 35.2.35.2 is directly connected, GigabitEthernet0/2
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.1.3.0/30 is directly connected, FastEthernet0/21
D 2.1.0.0/16 is a summary, 01:11:59, Null0
53.0.0.0/32 is subnetted, 1 subnets
C 53.53.53.53 is directly connected, Loopback2
C 172.17.0.0/16 is directly connected, FastEthernet0/4
C 172.16.0.0/16 is directly connected, FastEthernet0/3
D 172.19.0.0/16 [90/2172416] via 172.21.0.62, 01:10:15, FastEthernet0/2
[90/2172416] via 172.17.0.62, 01:10:15, FastEthernet0/4
[90/2172416] via 172.16.0.62, 01:10:15, FastEthernet0/3
[90/2172416] via 172.16.0.50, 01:10:15, FastEthernet0/3
D 172.18.0.0/16 [90/2172416] via 172.20.0.61, 01:10:14, FastEthernet0/1
[90/2172416] via 172.17.0.61, 01:10:14, FastEthernet0/4
[90/2172416] via 172.16.0.61, 01:10:14, FastEthernet0/3
[90/2172416] via 172.16.0.50, 01:10:14, FastEthernet0/3
C 172.21.0.0/16 is directly connected, FastEthernet0/2
C 172.20.0.0/16 is directly connected, FastEthernet0/1
D 172.22.0.0/16 [90/284160] via 172.21.0.61, 01:10:15, FastEthernet0/2
[90/284160] via 172.20.0.61, 01:10:15, FastEthernet0/1
[90/284160] via 172.17.0.61, 01:10:15, FastEthernet0/4
[90/284160] via 172.16.0.61, 01:10:15, FastEthernet0/3
C 172.35.0.0/16 is directly connected, FastEthernet0/17
C 192.168.4.0/24 is directly connected, FastEthernet0/23
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, GigabitEthernet0/2
11.0.0.0/30 is subnetted, 3 subnets
C 11.11.0.12 is directly connected, Loopback3
C 11.11.0.16 is directly connected, Loopback4
C 11.11.0.20 is directly connected, Loopback5
62.0.0.0/32 is subnetted, 1 subnets
S 62.62.62.62 is directly connected, FastEthernet0/3
61.0.0.0/32 is subnetted, 1 subnets
S 61.61.61.61 is directly connected, FastEthernet0/3
C 192.169.0.0/16 is directly connected, Loopback6
Well, I finally tried to solve this and it wasn't that hard. Better than reverse engineering it as I had been trying to do. I found this document via the CCIE learning site at Cisco.com:
https://learningnetwork.cisco.com/docs/DOC-5923
You need to sign up and login to read it but it clearly shows what's needed. Again, Cisco come out tops on the info available and the standard of the information presentation.
The routing table does the below logic to speed up look-up and ultimately processing.
So, know that if the mask of the known network is equal to or less than the classful network mask you'll get a 'Level 1' route.
If the mask is greater than the classful mask you'll get your route along with the level 1 'parent' and a description of it's subnets. This is a level 2 route i.e. a child of a level 1 route.
Here are examples for the above two statements from my lab:
C 172.21.0.0/16 is directly connected, FastEthernet0/2 - mask = classful i.e. 16 so just a level 1 route
C 172.21.0.0/16 is directly connected, FastEthernet0/2 - mask = classful i.e. 16 so just a level 1 route
35.0.0.0/32 is subnetted, 2 subnets
C 35.35.35.35 is directly connected, Loopback1
S 35.2.35.2 is directly connected, GigabitEthernet0/2 - mask > classful i.e. 32 so it's a level 2 route that comes along with it's level 1 parent
Now, routes are classed even further. If a route contains a next-hop address (path) or interface then it is an 'ultimate' route.
All subnetted routes, be it either from a classful or non-classful boundary, will show up as such. If the subnetted routes have the same mask then this mask won't be shown:
171.173.0.0/30 is subnetted, 2 subnets
D 171.173.0.4 [90/156160] via 172.16.0.50, 00:45:36, FastEthernet0/3
D 171.173.0.0 [90/156160] via 172.16.0.50, 00:45:36, FastEthernet0/3
Here they both are /30, clarifying the previous two points i.e. subnets of a non-classful network boundary and not showing the mask as they are equal at /30.
Now, take a look at these routes that are subnets of the /8 classful mask:
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.1.3.0/30 is directly connected, FastEthernet0/21
D 2.1.0.0/16 is a summary, 01:11:59, Null0
As both have different masks (/30 and /16) they are shown and the parent, non-ultimate route is generated. Note also in the last two route examples that the number of masks is specified only where they differ from the level 1 route i.e. '2 masks'.
Finally, this is a classful network so is a level 1 and an ultimate route:
C 172.21.0.0/16 is directly connected, FastEthernet0/2
The routing table then follows a simple bit of logic (and I'll only talk about classless networks here with the 'ip classless' command enabled as we're in the 21st century now) that makes sense of all of this:
1 -Search the table for level 1 matches - if there's a match and it's not an ultimate route, search its subnets for the longest match:
2 - If there are no level 1 matches, search supernet routes
3 - If there are no supernet matches, search default routes
4 - If there are no default matches, drop the packet
All this has to be taken in context with the fact that the router looks for all matches in the table, then selects the longest match of these, if there's equal cost routes then load-sharing takes effect. Also, this is just the recursive routing table and when CEF is on, although the output is the same as the recursive one, the actual mechanism of the parallel look-up and decision is probably different.
And finally, this leads back into the need to always make your routing tables small to make it all scalable: summarise, section off subnets to RTR-RTR links, section off Loopback address and a hierarchical network design.
S 35.2.35.2 is directly connected, GigabitEthernet0/2 - mask > classful i.e. 32 so it's a level 2 route that comes along with it's level 1 parent
Now, routes are classed even further. If a route contains a next-hop address (path) or interface then it is an 'ultimate' route.
All subnetted routes, be it either from a classful or non-classful boundary, will show up as such. If the subnetted routes have the same mask then this mask won't be shown:
171.173.0.0/30 is subnetted, 2 subnets
D 171.173.0.4 [90/156160] via 172.16.0.50, 00:45:36, FastEthernet0/3
D 171.173.0.0 [90/156160] via 172.16.0.50, 00:45:36, FastEthernet0/3
Here they both are /30, clarifying the previous two points i.e. subnets of a non-classful network boundary and not showing the mask as they are equal at /30.
Now, take a look at these routes that are subnets of the /8 classful mask:
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.1.3.0/30 is directly connected, FastEthernet0/21
D 2.1.0.0/16 is a summary, 01:11:59, Null0
As both have different masks (/30 and /16) they are shown and the parent, non-ultimate route is generated. Note also in the last two route examples that the number of masks is specified only where they differ from the level 1 route i.e. '2 masks'.
Finally, this is a classful network so is a level 1 and an ultimate route:
C 172.21.0.0/16 is directly connected, FastEthernet0/2
The routing table then follows a simple bit of logic (and I'll only talk about classless networks here with the 'ip classless' command enabled as we're in the 21st century now) that makes sense of all of this:
1 -Search the table for level 1 matches - if there's a match and it's not an ultimate route, search its subnets for the longest match:
2 - If there are no level 1 matches, search supernet routes
3 - If there are no supernet matches, search default routes
4 - If there are no default matches, drop the packet
All this has to be taken in context with the fact that the router looks for all matches in the table, then selects the longest match of these, if there's equal cost routes then load-sharing takes effect. Also, this is just the recursive routing table and when CEF is on, although the output is the same as the recursive one, the actual mechanism of the parallel look-up and decision is probably different.
And finally, this leads back into the need to always make your routing tables small to make it all scalable: summarise, section off subnets to RTR-RTR links, section off Loopback address and a hierarchical network design.
Tuesday, 29 June 2010
HTTP Access to Routers and Switches - It starts here
So, just been looking at ways to get into my Lab with HTTP.
Joy, just turn on the http server function with:
ip http server
In configuration mode.
The default is exec login i.e. ip http authentication exec. When I gained access by using the IP address of any of my routers it works fine. Try using a defined host name and it fails - the browser tries to resolve it via DNS and I get a search result. Didn't find how to disable this on Safari for the Mac or via IE8 and didn't want to try too hard. One can waste a lot of time solving issues like that.
Finished off the session with a look at how a 'reflexive' static route affects routing. The answer was not at all:
ip route 35.2.35.2 255.255.255.255 101.101.0.0
ip route 101.101.0.0 255.255.0.0 10.0.0.1
where 10.0.0.1 is the only route to the loopback address 35.2.35.2.
When pinged (35.2.35.2) from elsewhere I could easily stop the routing by removing the 101.101.0.0 route (as there's no 101.101.0.0/16 network in the lab).
This means the routes I've been seeing on the work's RTRs are either legacies of routing changes or just mistakes - probably mistakes as I've seen plenty of shoddy work done by the consultants. Isn't it true that ''In the land of the blind, the one-eyed man is king''?
Tomorrow is looming, more to think about.
Subscribe to:
Comments (Atom)