Wednesday, May 6, 2009
Router Boot Sequence
Booting up the Router
Cisco routers can boot Cisco IOS software from these locations:
1. Flash memory
2. TFTP server
3. ROM (not full Cisco IOS)
Multiple source options provide flexibility and fallback alternatives
Locating the Cisco IOS Software
Default boot sequence for Cisco IOS software:
1. NVRAM
2. Flash (sequential)
3. TFTP server (network boot)
4. ROM (partial IOS)
Note: boot system commands can be used to specify the primary IOS source and fallback sequences.
Booting up the router and locating the Cisco IOS
1. POST (power on self test)
2. Bootstrap code executed
3. Check Configuration Register value (NVRAM) which can be modified using the
config-register command
0 = ROM Monitor mode
1 = ROM IOS
2 - 15 = startup-config in NVRAM
4. Startup-config file: Check for boot system commands (NVRAM)
If boot system commands in startup-config
a. Run boot system commands in order they appear in startup-config to locate the IOS
b. If boot system commands fail, use default fallback sequence to locate the IOS (Flash, TFTP, ROM)?]
a. Flash (sequential)
b. TFTP server (netboot)
c. ROM (partial IOS) or keep retrying TFTP depending upon router model
5. If IOS is loaded, but there is no startup-config file, the router will use the default fallback sequence for locating the IOS and then it will enter setup mode or the setup dialogue.
6. If no IOS can be loaded, the router will get the partial IOS version from ROM
==========================================================
Default (normal) Boot Sequence
Power on Router - Router does POST - Bootstrap starts IOS load - Check configuration register
in NVRAM to see what mode the router should boot up in (usually 0x102 to 0x10F to look in startup-config file) - check the startup-config file in NVRAM for boot-system commands (normally there aren't any) - load IOS from Flash.
Boot System Commands
Router(config)# boot system flash IOS filename - boot from FLASH memory
Router(config)# boot system tftp IOS filename tftp server ip address - boot from a TFTP server
Router(config)# boot system rom - boot from system ROM
Configuration Register Command
Router(config)# config-register 0x10x (where that last x is 0-F in hex)
When the last x is:
0 = boot into ROM Monitor mode
1 = boot the ROM IOS
2 - 15 = look in startup config file in NVRAMCISCO 2500 Router Recovery Procedures
Cisco 2500 Router
Enable Secret Password Recovery Procedures
- Attach a PC to the console port of the router. Password recovery cannot be done remotely.
- Type a show version at the console prompt. You only have to be in User mode to run the show version command. Make a note of the configuration register number. It will almost always be 0x2102, but might be 0x102. If you cannot do a show version use 0x2102 or check a similar router for it's configuration register.
- Once you have this information follow these steps:
Basic Steps
Power reset the router.
Go into ROMMON mode for password recovery.
Set the configuration register to boot the router without loading the configuration file.
Reboot the router.
Copy the startup-configuration into memory.
Go into Global Configuration mode and change the password.
Reset the configuration register to boot the router using the startup configuration file.
Save the configuration back to NVRAM.
Reboot the router.
Step Details
| Step 1 | Power reset the Router. |
| Step 2 | Within 60 seconds of the router reboot, press the Ctrl+Break keys. This puts the router in ROMMON mode. |
| Step 3 | The router should boot to a router> prompt with no router name. |
| Step 4 | Type o/r 0x42 at the router> prompt. This tells the router to boot from Flash Memory without loading the configuration file. If you want to boot from ROM instead, type o/r 0x41. |
| Step 5 | Type i at the router prompt. The router will now reboot, but ignore it's saved configuration (which contains the forgotten password). |
| Step 6 | When the router boots up it will ask you if you want to configure the router. Press Ctrl+C to break out of the startup configuration. |
| Step 7 | Type enable at the router> prompt. This will put you in enable or Privileged mode and the prompt will look like this: router# |
| Step 8 | Type copy startup-config running-config (or copy start run) to copy the startup configuration into memory. With the startup configuration in memory you can now change the enable secret password. |
| Step 9 | At the router# prompt type config t to go into global configuration mode. |
| Step 10 | At the router(config)# prompt type enable secret new_password where new_password is a new password. |
| Step 11 | You now need to change your configuration register to tell the router to boot up with the startup configuration file. Type config-register 0x2102 and press enter. This tells the router to load the startup-config file in NVRAM when it boots up. (use the number you saved from the show version command) |
| Step 12 | Press Ctrl+Z to leave global configuration mode. |
| Step 13 | At the router# prompt type copy running-config startup-config (or copy run start). This will save your password change to NVRAM. |
| Step 14 | Type reload and press enter to reboot the router. |
Subnetting Tips
The questions you will be asked on the CCNA exam will probably be one or all of the following:
- If you are going to use the subnet mask, x.x.x.x, how many subnets does this subnet mask produce? (You'll know this answer automatically if you memorize the subnet mask tables in our memorization lists).
- How many valid hosts are available for the following subnet? (You'll know this answer automatically if you memorize the subnet mask tables in our memorization lists).
- What are the valid subnets that you can obtain from the given subnet mask?
- What is the broadcast address of each subnet?
- What are the valid hosts in each of the subnets?
- What subnet mask should you use if you need x subnets and y hosts?
The following is the easiest way to figure out the answers to each of these questions. It is the method used by Todd Lammle. If you have his CCNA book, he covers this method in the book.
First, memorize your "powers of two":
| 2^1 = 2 2^2 = 4 2^3 = 8 2^4 = 16 2^5 = 32 2^6 = 64 2^7 = 128 2^8 = 256 2^9 = 512 2^10 = 1024 |
Let's go over each of the above questions:
1. How many subnets:
Let's say you are going to use the subnet mask 255.255.255.224 with a class C address and you need to know how many subnets are available. Think of the subnet mask in binary as 11111111.11111111.11111111.11100000. Looking at the last octet (because you use this octet for subnetting on a class C address), you've got three "on" bits, or 1's. So, the formula to figure out how many subnets that this mask will produce is 2^n-2, where n is the number of "on" bits. 2^3-2 = 6 subnets. If you have memorized your subnet mask tables from our memorization lists, you'll know this is true and won't have to go through this procedure.
Let's try another one. Let's say you are going to use the subnet mask 255.255.255.224 with a class B address. Think of the subnet mask in binary as 11111111.11111111.11111111.11100000. Looking at the last two octets (because you use these two octets for subnetting on a class B address), you've got eleven "on" bits, or 1's. So, the formula to figure out how many subnets that this mask will produce is 2^n-2, where n is the number of "on" bits. 2^11-2 = 2046 subnets. If you have memorized your subnet mask tables in our memorization lists, you'll know this is true and won't have to go through this procedure.
2. How many hosts per subnet:
Let's say you are using the subnet mask 255.255.255.224 with a class C address and you want to figure out how many hosts are available for each subnet. Instead of looking at the "on" bits when trying to find the number of subnets, you will be looking at the "off" bits or 0's. So, once again think of your subnet mask as 11111111.11111111.11111111.11100000. You'll see that there are five "off" bits. So, the formula to figure out how many hosts per subnet that this mask will produce is 2^y-2, where y is the number of "off" bits. 2^5-2 = 30 hosts per subnet. If you have memorized your subnet mask tables from our memorization lists, you'll know this is true and won't have to go through this procedure.
Let's try another one: Let's say you are using the subnet mask 255.255.255.0 with a class B address and you want to figure out how many hosts are available for each subnet. Instead of looking at the "on" bits when trying to find the number of subnets, you will be looking at the "off" bits or 0's. So, think of your subnet mask as 11111111.11111111.11111111.00000000. You'll see that there are eight "off" bits. So, the formula to figure out how many hosts per subnet that this mask will produce is 2^y-2, where y is the number of "off" bits. 2^8-2 = 254 hosts per subnet. If you have memorized your subnet mask tables from our memorization lists, you'll know this is true and won't have to go through this procedure.
3., 4. and 5. Valid subnets, broadcast address, valid hosts
We can answer all of these at the same time using the following procedure. What are the valid subnets that you can obtain from the given subnet mask, what is the broadcast address of each subnet, and what are the valid hosts in each of the subnets.
Let's say that you need to subnet the network address 199.42.78.0 using the subnet mask 255.255.255.224.
First, to figure out the valid subnets, use the formula:
256 – subnet mask = base number.
So, your base number is 256 – 224 = 32. Now just keep adding 32 to itself to get the valid subnets. 32, 32+32=64, 64+32=96, 96+32=128, 128+32=160, 160+32=192. You can't use 192+32=224 because 224 is your subnet mask. So, your valid subnets are 32, 64, 96, 128, 160, and 192. Let's start making a table to easily see what is happening:
| Subnet 1 | Subnet 2 | Subnet 3 | Subnet 4 | Subnet 5 | Subnet 6 | |
| Subnet Address | 32 | 64 | 96 | 128 | 160 | 192 |
| First Valid Host | ||||||
| Last Valid Host | ||||||
| Broadcast Address |
Next, to figure out what the broadcast addresses are for each subnet, just use the number before the next subnet. So, for the subnet address 32, the number before the next subnet 64 is 63. This is the broadcast address for subnet 32. For the subnet address 64, the number before the next subnet 96 is 95. This is the broadcast address for subnet 64. Do this for each subnet. Remember, just use the number before the next subnet. Let's fill in our table to see what we have so far:
| Subnet 1 | Subnet 2 | Subnet 3 | Subnet 4 | Subnet 5 | Subnet 6 | |
| Subnet Address | 32 | 64 | 96 | 128 | 160 | 192 |
| First Valid Host | ||||||
| Last Valid Host | ||||||
| Broadcast Address | 63 | 95 | 127 | 159 | 191 | 223 |
Finally, figuring out the valid hosts is easy. Just fill in the numbers between the subnet address and the broadcast address. Let's fill in the rest of the table:
| Subnet 1 | Subnet 2 | Subnet 3 | Subnet 4 | Subnet 5 | Subnet 6 | |
| Subnet Address | 32 | 64 | 96 | 128 | 160 | 192 |
| First Valid Host | 33 | 65 | 97 | 129 | 161 | 193 |
| Last Valid Host | 62 | 94 | 126 | 158 | 190 | 222 |
| Broadcast Address | 63 | 95 | 127 | 159 | 191 | 223 |
Now that you know how to create the whole table to find all the subnets, the broadcast addresses, and the valid hosts, let's find out how to quickly figure out answers to what you need without doing the whole table. Let's say you receive the following question on the exam:
Using the subnet mask 255.255.255.224, what is the subnet that the host 199.42.78.133 belongs to and the broadcast for this address?
All you have to do is use your formula 256 – subnet mask = base number.
256-224=32, which is your first subnet. Now just add the 32 to itself until you reach the subnet that contains the host 133. 32+32=64, 64+32=96, 96+32=128, 128+32=160. We can stop here because 133 is between 128 and 160. So, we know that the address 199.42.78.133 belongs within the 199.42.78.128 subnet and the broadcast is one less than the next subnet of 160, which is 159. So, the broadcast address is 199.42.78.159.
Let's try another one:
Given the network address 172.16.68.17 and the subnet mask 255.255.192.0, find the subnet it belongs to and its broadcast.
First, use the formula 256 – subnet mask = base number. 256-192=64. 64+64=128, 128+64=192. We can't use 192 because it is your subnet mask. So, our valid subnets are 64.0 and 128.0 (notice that the subnetting is on the third octet of the mask 255.255.192.0, that's why the subnets are 64.0 and 128.0, not just 64 and 128 - Remember this!!!).
Let's use a chart for this one to make it easier to see:
| Subnet 1 | Subnet 2 | |
| Subnet address | 64.0 | 128.0 |
| First valid host | 64.1 | 128.1 |
| Last valid host | 127.254 | 191.254 |
| Broadcast address | 127.255 | 191.255 |
We can tell from the chart that the host 172.16.68.17 is in the 172.16.64.0 subnet and its broadcast is 172.16.127.255.
The more examples that you do on subnetting, the easier it becomes. Here is a summary of what you need to know:
- Number of subnets = 2^n-2 where n is the number of "on" bits or 1's
- Number of hosts = 2^y-2 where y is the number of "off" bits or 0's
- 256 – subnet mask = base number or first subnet (add this number to itself to find remaining subnets)
- Broadcast address = the number before the next subnet
- Valid hosts = the numbers between the subnets, not including the broadcast address
6. This is the final question that you saw at the beginning of this document. If you are given a particular network and you need x subnets and y hosts, which subnet mask should you use?
The easiest way to do these types of questions is to memorize the subnet mask tables in our memorization lists. The other way is to use the formulas:
Number of subnets = 2^n-2 where n is the number of "on" bits or 1's
Number of hosts = 2^y-2 where y is the number of "off" bits or 0's
Let's say you receive the following question on the exam:
You are given the network 130.175.0.0. You want at least 70 subnets and 500 hosts per subnet. What subnet mask should you use?
If you memorized our subnet mask tables, you could easily see that you would have to use subnet mask 255.255.254.0 to satisfy these conditions. If you don't memorize the lists, here is one way you could do it:
This is a class B address, so you have 16 bits that can be used for subnetting (the 0.0 in the subnet mask can be written 00000000.00000000, which is 16 bits).
Using your formulas above, you will want to come as close as you can to 70 subnets and 500 hosts. If we start by trying to find the amount of subnets (using "on" bits or 1's), we know that 2^6-2=62 (11111100.00000000) isn't enough subnets so let's use 2^7-2= 126 (11111110.00000000). This is enough but let's make sure it will give us enough hosts. Since we used 2^7-2=126 (11111110.00000000) for the subnets, we would use the "off" bits to find the hosts. Since we have 7 "on" bits, this means we have 9 "off" bits. So, 2^9-2=510, which just gives us enough hosts. This means that 11111110.00000000 would work for the subnet mask. Knowing what we do about binary, let's add up the "on" bits or 1's: 128+64+32+16+8+4+2=254. So, the subnet mask would be 255.255.254.0. You could also figure out this problem finding the hosts first instead of the subnets first.
CCNA Exam Tips and Preparation
In the IT industry, the Cisco Certified Network Associate (CCNA) program is hugely popular and is in fact Cisco's most popular certification. CCNA was introduced in April 1998 and is the entry-level certification for the Cisco Career Certification Program.
Cisco's globally recognized certifications certify the competence of Internetworking professionals in the areas of routing, switching and connectivity. And CCNA is the first step in this route.
The significance of CCNA isn't just because it is the first step for Cisco certification, but it is in addition proof of a solid foundation in networking. It is a prerequisite for CCNP, CCDP, and CCSP certifications, and recommended for CCIP certification.
How to get the CCNA
Candidates have two paths to approach CCNA certification:
¨ a single-exam path that includes exam #640-801
OR
¨ a two-exam path that includes exam #640-821 (Introduction to Cisco Networking Technologies, or INTRO) and exam #640-811 (Interconnecting Cisco Network Devices, or ICND).
Prerequisites
There are no prerequisites for CCNA certification.
Exam Interface
You need to be familiar with the nature of exam and the exam interface. "Cisco Career Certifications exams includes the following test formats: multiple-choice single answer, multiple-choice multiple answer, drag-and-drop, fill-in-the-blank, and simulations. Prior to taking the exam, candidates should become familiar with how all exam types function-especially the exam simulation tool. Such practice will allow candidates to focus their exam-taking effort on the exam questions rather than how to correctly use the tools".
Exam Focus for the 640-801
With the exam changes in the 640-801 is to ensure that only those who actually learn Cisco's stuff and can practice it can get certified. It has made CCNA tougher but it has also increased the credibility and value of the exam. It is indeed very hard to simply cram some materials and braindumps and pass the CCNA, without being able to configure a router.
What's the exam like? There is a heavy focus on Access Lists, Switching, Routing protocols, Subnetting and simulation. Subnetting is key in the exam. You have to know how to subnet very well. Can you subnet in your head? You really need to be comfortable with subnetting before you take the CCNA. If you have doubts start practicing now.
Practice and understand access-lists very well. What are your access-list commands and what do they do?
Simulation
You need to build your speed in doing simulations. In the exam, simulations can make or mar your efforts. To prepare well you need to have access to simulators or real routers. The actual number simulation questions may vary from three to five. Essentially, the exam will test your ability to configure routers and switches in different scenarios. These scenarios are designed to test your knowledge of configuration and listing commands as well as your ability to pay attention to detail, and your ability to analyze and troubleshoot scenarios. Simulations have been noted to be slow during the exam and when switching between the simulator-based questions and the rest of the exam. Even if the simulator engine appears slow, don't let this throw you off balance during the exam.
Time management
The test is 90 minutes. To get a good score and keep your CCNA dreams and hopes alive you must manage your time well. Determine how long you will spend on each question. Remember that you can't go back after answering a question. This means you can't review questions you've answered. As noted simulations are usually slow and will take more time. They also weigh heavily in your exam scores. So take your time on the simulations and don't panic or rush. Note that there will be a lot of subnetting. Be able to subnet fast. OSI model, the Access lists, the Subnetting etc, questions are time consuming. But concentrate, understand the basics and be ready for calculations.
Exam Preparation for the 640-801
How you prepare for CCNA depends largely on your current knowledge and experience of networking and your chosen certification preparation option. Options include instructor-led training, e-simulations, practical labs, practice tests, study materials, etc. Books and simulations are the most popular preparation tools. However, for efficiency and effectiveness, if you have the funds and time, it is advisable to include instructor-led training in your preparations.
VLAN - Part - 3 VLAN Routing
| Communicating within VLANs: There are different protocols available for communicating between VLANs. These encapsulation schemes are also known as VLAN trunking protocols. These protocols are based on Layer 2 of the OSI model. These are:
|
Inter-Switch Link Protocol (ISL): The ISL protocol is used to interconnect two VLAN-capable Ethernet, Fast Ethernet, or Gigabit Ethernet devices. Here, VLAN information is tagged to the standard Ethernet frame. The packets on the ISL link contain a standard Ethernet, FDDI, or Token Ring frame and the VLAN information associated with that frame. ISL is a Cisco proprietary protocol.
IEEE 802.10 Protocol: This protocol provides connectivity between VLANs. The protocol incorporates authentication and encryption techniques to ensure data confidentiality and integrity. The protocol operates at layer 2 of OSI model, and hence ensures greater efficiency.
IEEE 802.1Q Protocol: This protocol is used to interconnect multiple switches and routers, and for defining VLAN topologies. IEEE 802.1Q is the industry standard for communicating within VLANs.
ATM LANE Emulation Protocol (LANE): Using LANE, you can benefit from the legacy LAN hardware. The LANE protocol operates over traditional LAN, emulating a broadcast environment like IEEE802.3. LANE makes. LANE allows standard LAN drivers like NDIS and ODI to be used. Applications can use normal LAN functions without the underlying complexities of the ATM implementation. Client work stations need LAN Emulation Client for running LANE protocol. The switches or routers also need to support appropriate LANE functionalities.
ATM LANE Fast Simple Server Replication Protocol (FSSRP): Cisco introduced the ATM LANE Fast Simple Server Replication Protocol (FSSRP). FSSRP provides better network redundancy. If a single LANE server is unavailable due to any technical reasons, the LANE client transparently switches over to the next LANE server and BUS.
Example:
Question:
Match the trunking protocols with respective media:
1. Inter Switch Link A. FDDI
2. LANE B. Fast Ethernet
3. 802.10 C. ATM
Choose the correct choice.
A. 1-> C, 2->B, 3->A
B. 1->B, 2->C, 3->A
C. 1->B, 2->A, 3->C
D. 1->A, 2->B, 3->C
Ans: B
Explanation: ISL, 802.1Q are the VLAN trunking protocols associated with Fast Ethernet. The VLAN trunking protocol defined by 802.10 is associated with FDDI. LANE (LAN Emulation) is associated with ATM.
VLAN - Part - 2 VLAN Types
| How a Switch distinguishes between VLANs? This is done by associating the work stations to a specific VLAN using specified format. This is known as VLAN membership. Four prominent VLAN membership methods are by port, MAC address, protocol type, and subnet address. Each of these are discussed below: |
- VLAN membership by Port:
Here, you define which ports of a Switch belong to which VLAN. Any work station connected to a particular port will automatically be assigned that VLAN. For example, in a Switch with eight ports, ports 1-4 may be configured with VLAN 1, and ports 5-8 may be configured with VLAN2.
One of the disadvantages of this method is that it requires Switch port reconfiguration whenever a user (of course, with associated workstation) moves from one place to another. VLANs by port association operates at Layer 1 of the OSI model.
- VLAN membership by MAC Address:
Here, membership in a VLAN is based on the MAC address of the user workstation. A Switch that participates in VLAN, uses the MAC addresses to assign a VLAN to each workstation. When a workstation moves to another place, the corresponding switch automatically discovers the VLAN association based on the MAC address of the workstation. Since the MAC address is normally inseparable from that of the workstation, this method of VLAN membership is more amenable to workstation moves.
This type of VLAN works at Layer 2 of the OSI model.
- Membership by Protocol Type:
Layer 2 header contains the protocol type field. You can use this information to decide on the VLAN association. For example, all IP traffic may be associated with VLAN 1 and all IPX traffic may be associated with VLAN 2.
- Membership by IP Subnet Address
In this type of VLAN association, membership is based on the Layer 3 header. The Switch reads the Layer 3 IP address and associates a VLAN membership. Note that even though the Switch accesses Layer 3 information, it still works at Layer 2 of OSI model only. A VLAN Switch doesn't do any routing based on IP address.
Examples:
IP Subnet VLAN 192.23.160.0 1 192.23.161.0 2 112.18.0.0 3 IP Subnet addresses assignment to different VLAN's.
IP address based VLANs allow user moves. However, it is likely to take more time to forward a packet by a Switch because it has to read Layer 3 information. Hence the latency rates may be relatively more using this type of VLAN membership.