Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA Certification Preparation Session 4 of 4 April, 2012 Jaskaran Kalsi.

Published byNora Cooper Modified over 8 years ago

Similar presentations

Presentation on theme: "Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA Certification Preparation Session 4 of 4 April, 2012 Jaskaran Kalsi."— Presentation transcript:

1 Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA Certification Preparation Session 4 of 4 April, 2012 Jaskaran Kalsi & Bogdan Doinea Assoc. Technical Managers Europe/CEE/RCIS Cisco Networking Academy

2 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 NAT PPP Frame Relay Access Lists Troubleshooting

3 Cisco Confidential 3 © 2010 Cisco and/or its affiliates. All rights reserved.

4 Cisco Confidential 4

5 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 192.168.101.0/24 209.165.200.1 NAT Given the network topology make configurations on R2 to enable 50 users from R1 LAN to access internet. 129.10.20.1/30 Possible solution: R2(config)#access-list 1 permit 192.168.101.0 0.0.0.255 R2(config)#ip nat inside source list 1 interface s 0/0/0 overload LAN 50 users

6 Cisco Confidential 6 © 2010 Cisco and/or its affiliates. All rights reserved.

7 Cisco Confidential 7 WAN connections are often leased lines, PPP, Frame Relay, ATM works on OSI level 2. Instead of MAC addresses, they have own 2 nd layer addressing technology (DLCI, VPI/VCI etc).

8 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 HDLC (High level Data Link Control) Cisco proprietary (enabled by default) Low overhead PPP (Point to Point) Open protocol Moderate overhead Features: Authentication, compression etc.

9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Router(config)#interface serial 0/0 Router(config-if)#encapsulation ppp Router#show interfaces serial 0/0 Link Control Protocol is open. LCP handles all the features, services and service messages of PPP IP Control Protocol allows IP to work over PPP CDP Control Protocol allows Cisco Discovery Protocol to work over PPP Network Control Protocol family (NCP)

10 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 PPP can use PAP or CHAP authentication methods PAP (Password Authentication Protocol) uses encrypted password, like below encrypted passwords can be decrypted (cracked) CHAP (Challenge Handshake Authentication Protocol) uses hashed password HASHED passwords can not be decrypted

11 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Notes: sent-username and password must match remote username and password. Passwords are case-sensitive, but usernames are not. Hostnames are not involved. hostname SantaCruz username HQ password HQpass interface Serial0 ip address 172.25.3.2 255.255.255.0 encapsulation ppp ppp authentication pap ppp pap sent-username SantaCruz password SantaCruzpass hostname HQ username SantaCruz password SantaCruzpass interface Serial0 ip address 172.25.3.1 255.255.255.0 encapsulation ppp ppp authentication pap ppp pap sent-username HQ password HQpass

12 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Notes: Hostnames are involved unless the ppp chap hostname command is used, and must match remote router’s username command (not case-sensitive). Passwords are case-sensitive and must match hostname SantaCruz username HQ password boardwalk ppp chap hostname SantaCruz (optional) interface Serial0 ip address 172.25.3.2 255.255.255.0 encapsulation ppp ppp authentication chap hostname HQ username SantaCruz password boardwalk ppp chap hostname HQ (optional) interface Serial0 ip address 172.25.3.1 255.255.255.0 encapsulation ppp ppp authentication chap

13 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Do a Router#debug ppp authentication And re-enable the interface (shutdown/no shutdown)

14 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Layer 1 Cable problems results in “Serial0/0/0 is down, line protocol is down” Layer 2 Clock rate, encapsulation or authentication error results in “Serial0/0/0 is up, line protocol is down” Layer 3 “Serial0/0/0 is up, line protocol is up” Still does not work? PPP is not involved here. Check IP addressing!

15 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Which of the following are key characteristics of PPP (choose two)?  PPP can work with several routed protocols  PPP provides error correction and compression  PPP supports only IP  PPP works on Layer 3 OSI model

16 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Which PPP sub-protocol is responsible for establishing and terminating connection? o NCP o IPCP o CDP o LCP o DLCI o VPI/VCI

17 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 o Incorrect ip addressing o Wrong type of cable o Incorrect encapsulation on Layer 2 o Link reliability is too poor The PPP link between RTA and RTB seems to be down. What could be the problem?

18 Cisco Confidential 18 © 2010 Cisco and/or its affiliates. All rights reserved.

19 Cisco Confidential 19 Packet Switched X.25 => Frame Relay => ATM => MPLS Can be more flexible than Leased Lines, bandwidth may vary Point to Point or multipoint

20 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 CIR (Commited Information Rate) – min bandwidth guaranteed by ISP LAR (Local Access Rate) – Local physical link – maximum bandwidth (like 100Mb/s for FastEthernet) LMI (Local Management Interface) – “language” used between ISP and end device. Purpose – manage service parameters of connection (quality, statistics, etc) DLCI (Data Link Connection Identifier) – analog of MAC address used in FR PVC (Permanent Virtual Circuit) – your dedicated virtual link, the way thru a cloud Your serial link can have many PVCs, each of them has it’s own agreed CIR and DLCI. You can have many PVCs until their summary bandwidth fits LAR.

21 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 FECN (Forward Explicit Congestion Notification) – indicates frames that the switch receives on the congested link, BECN (Backward Explicit Congestion Notification) – packets that switch places onto the congested link DE (Discard Eligibility) flag is set on “less important” packets that can be dropped in case of congestion

22 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 In FR DLCIs are used instead of MAC address DLCIs are locally significant You only know your local (own) DLCI, and you never know “destination” DLCI PVC is your path through a FR cloud, but you don’t care how it’s elected. This is ISP’s responsibility, not yours You should only care of your DLCI

23 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

24 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Multipoint is similar to Shared Ethernet, but issues can appear like split horizon P2P is similar to inter VLAN routing, when each subinterface has it’s own IP network

25 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Notes Highly scalable solution Disable Split Horizon on Hub router when running a distance vector routing protocol Interface Serial0 (for all routers) encapsulation frame-relay no ip address HubCity interface Serial0.1 mulitpoint ip address 172.16.3.3 255.255.255.0 frame-relay interface-dlci 301 frame-relay interface-dlci 302 no ip split-horizon Spokane interface Serial0.1 point-to-point ip address 172.16.3.1 255.255.255.0 frame-relay interface-dlci 103 Spokomo interface Serial0.1 point-to-point ip address 172.16.3.2 255.255.255.0 frame-relay interface-dlci 203 Multipoint Subinterface at the Hub and Point- to-Point Subinterfaces at the Spokes One subnet

26 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Point-to-Point Subinterfaces at the Hub and Spokes Each subinterface on Hub router requires a separate subnet (or network) Each subinterface on Hub router is treated like a regular physical point-to- point interface, so split horizon does not need to be disabled. Interface Serial0 (for all routers) encapsulation frame-relay no ip address HubCity interface Serial0.1 point-to-point ip address 172.16.1.1 255.255.255.0 encapsulation frame-relay frame-relay interface dlci 301 interface Serial0.2 point-to-point ip address 172.16.2.1 255.255.255.0 encapsulation frame-relay frame-relay interface dlci 302 Spokane interface Serial0.1 point-to-point ip address 172.16.1.2 255.255.255.0 frame-relay interface dlci 103 Spokomo interface Serial0.1 point-to-point ip address 172.16.2.2 255.255.255.0 frame-relay interface dlci 203 Two subnets

27 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 With multipoint subinterface you can have: can have multiple DLCIs assigned to it. can use frame-relay map & interface dlci statements can use Inverse-ARP Remember, with point-to-point subinterfaces you: cannot have multiple DLCIs associated with a single point-to-point subinterface cannot use frame-relay map statements cannot use Inverse-ARP (can use the frame-relay interface dlci statement for both point-to- point and multipoint)

28 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 What are three Frame Relay congestion management mechanisms? (Choose three.)  BECN  DLCI  DE  FECN  LMI  Inverse ARP

29 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Based on the output of the Router connected to a FR cloud, what is the meaning of “dynamic” statement?  DLCI 102 has been dynamically allocated by ISP  Interface S0/0/0 was dynamically configured with the help of DLCI 102  IP address 10.0.0.2 is configured via DHCP  The remote IP address 10.0.0.2 was mapped to a local DLCI 102 dynamically via inverse-ARP Router#show frame-relay map Serial0/0/0 (up): ip 10.0.0.2 dlci 102, dynamic, broadcast, CISCO, status defined, active

30 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 What are the three possible LMI types?  PAgP  IETF  CDPCP  Cisco  ANSI  inARP  Q.933 A

31 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Why this FR network is failing? o Split horizon must be disabled. o The LMI type must be specified. o Logical subinterfaces must be used instead. o The frame-relay map commands are using incorrect DLCIs.

32 Cisco Confidential 32 © 2010 Cisco and/or its affiliates. All rights reserved.

33 Cisco Confidential 33 ACLs are for identifying traffic. Permitting, Denying, enabling or disabling smth. Not just a traffic filter or firewall. Can be used in: Traffic control Access control NAT Quality of Service Demand dial routing Route filtering …and more ACLs are read from TOP to BOTTOM and STOP at the FIRST match Invisible implicit “deny any” at the end Applied to an interface Inbound or Outbound, assuming that you are “inside” of a router

34 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 STANDARD Matches based on source address # 1 – 99 Applied to port closest to destination EXTENDED Matches based on source/destination address, port number, protocol # 100 – 199 Applied to port closest to source REFLEXIVE Allows return traffic from internal request (established)

35 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Network mask is a way to understand where the network portion of the IP address ends and where host portion begins Wildcard mask is a tool for filtering IP address bits. What bits should go through a “security control”? IP address11000000.10101000.00000010.00100110 Subnet mask11111111.11111111.11110000.00000000 LOGICAL ANDing process Net. address11000000.10101000.00000000.00000000 Reference IP11000000.10101000.00000010.00100110 Wildcard mask000000000000000000001111.11111111 Subject11000000.10101000.00000010.00000000 Network portion Host portion Check these bits Don’t care Subnet mask Wildcard mask

36 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Wildcard mask 0.0.1.128 Will require the first 23 and the last 7 bits of IP to be checked Given the reference IP 192.168.2.38 192.168.2.38 – ok 192.168.2.166 – ok 192.168.3.38 – ok 192.168.3.166 – ok All others will not match! Reference IP11000000.10101000.00000010.00100110 Wildcard mask000000000000000000000001.10000000 192.168.2.3811000000.10101000.00000010.00100110 192.168.2.16611000000.10101000.00000010.10100110 192.168.3.3811000000.10101000.00000011.00100110 192.168.3.16611000000.10101000.00000011.10100110 192.168.3.3911000000.10101000.00000010.00100111 Check these bitsDon’t care check

37 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 Example: 172.16.32.0 255.255.240.0 RouterB(config)#access-list 10 permit 172.16.32.0 0.0.15.255 We can calculate the Wildcard Mask by: 255. 255. 255. 255 Subnet Mask: - 255. 255. 240. 0 --------------------- Wildcard Mask: 0. 0. 15. 255 Remember: Wildcard mask for the given continuous network is always invert of a subnet mask, NOT vice versa. If not sure, Think in binary! …Twice!

38 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 Standard ACL Extended ACL Named ACL

39 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39

40 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 Network administrator would like to permit access to the internet for only hosts that are assigned an address in the range 172.16.8.0 – 172.16.15.255. Which wild card mask should be used? o 0.0.0.255 o 0.0.255.255 o 0.0.3.255 o 255.255.248.0 o 0.0.7.255

41 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 There is a need to restrict telnet access to R2’s LAN, for all R1’s LAN users. Which ACL can be used in this case and where should it be applied?  R1(config)#access-list 101 deny tcp 192.168.12.0 0.0.0.255 192.168.10.0 0.0.0.255 eq 23 R1(config)#access-list 101 permit ip any any R1(config)#interface fa 0/0 R1(config-if)#ip access-group 101 in  R1(config)#access-list 101 deny tcp 192.168.10.0 0.0.0.255 192.168.12.0 0.0.0.255 eq 25 R1(config)#access-list 101 permit ip any any R1(config)#interface fa 0/0 R1(config-if)#ip access-group 101 in  R1(config)#access-list 101 deny tcp 192.168.10.0 0.0.0.255 192.168.12.0 0.0.0.255 eq 23 R1(config)#access-list 101 permit ip any any R1(config)#interface fa 0/0 R1(config-if)#ip access-group 101 in  R2(config)#access-list 101 deny tcp 192.168.10.0 0.0.0.255 192.168.12.0 0.0.0.255 eq 23 R2(config)#access-list 101 permit ip any any R2(config)#interface fa 0/0 R2(config-if)#ip access-group 101 in

42 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 The access list below was applied on the e0/0 interface connected to 192.168.1.16/29 LAN in the outbound direction: Access-list 129 deny tcp 192.168.1.16 0.0.0.7 eq 20 any Access-list 129 deny tcp 192.168.1.16 0.0.0.7 eq 21 any What is the effect of such ACL?  FTP traffic from 192.168.1.38 will be denied  FTP traffic from 192.168.1.28 to any host will be denied  no traffic except FTP will be allowed to exit e0/0  All traffic exiting e0/0 will be denied  All FTP traffic to network 192.168.1.16/20 will be denied Comment: this ACL will deny all traffic, because of implicit DENY ANY. Do avoid it, the statement “access-list 129 permit ip any any” should have been added below.

43 Cisco Confidential 43 © 2010 Cisco and/or its affiliates. All rights reserved.

44 Cisco Confidential 44 Use common approach Bottom-up approach using the OSI Model Check all LEDs on your hardware Use Windows Service Utilities ipconfig; ping; trace route; Remember possible ‘SHOW’ commands CDP can help, do not forget about it! Be confident with DEBUG commands and what they represent Be very careful when subnetting, think twice!

45 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 General sh running-config Layer 1 sh ip interface brief sh interfaces Layer 2 sh cdp neighbors detail sh frame relay ? debug ppp ? L2 Switching  Sw#sh mac-address-table  Sw#sh vlan brief  sw#sh spanning-tree  Sw#sh vtp status  Sw#sh interfaces [trunk, swithport] Layer 3  sh ip route  sh ip protocols  sh ip interface  sh ip [routing protocol name ] ?  sh ip nat ?  sh access-lists  sh ip dhcp ?

46 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46  debug ip rip

47 Cisco Confidential 47 © 2010 Cisco and/or its affiliates. All rights reserved.

48 Cisco Confidential 48 PPP Understanding PPP PPP authentication PPP configuration Frame Relay Understanding Frame Relay and terminology Frame Relay topologies Point-to-Point and Multipoint Frame Relay Access Lists What are ACLs Understanding and calculation Wildcard mask Configuring ACLs Troubleshooting Frequently used commands

49 Thank you.

Download ppt "Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA Certification Preparation Session 4 of 4 April, 2012 Jaskaran Kalsi."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Ver 1,12/09/2012Kode :CIJ 340,Jaringan Komputer Lanjut FASILKOM Routing Protocols and Concepts – Chapter 2 Static Routing CCNA.

Ver 1,12/09/2012Kode :CIJ 340,Jaringan Komputer Lanjut FASILKOM Routing Protocols and Concepts – Chapter 2 Static Routing CCNA.
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Frame Relay CCNA4 Chapter 6.

Frame Relay CCNA4 Chapter 6.
Semester 4, Chapter 6 Allan Johnson

Semester 4, Chapter 6 Allan Johnson
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Static Routing Routing Protocols and Concepts – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Static Routing Routing Protocols and Concepts – Chapter 2.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
Kevin Large 1 FRAME-RELAY. Kevin Large 2 What is Frame-relay Frame-relay is a packet switching technology that offers fast flexible networking. Typical.

Kevin Large 1 FRAME-RELAY. Kevin Large 2 What is Frame-relay Frame-relay is a packet switching technology that offers fast flexible networking. Typical.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition

CCNA Guide to Cisco Networking Fundamentals Fourth Edition
PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.

PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.
CCNA 5.0 Planning Guide Chapter 4: Frame Relay.

CCNA 5.0 Planning Guide Chapter 4: Frame Relay.
Institute of Technology, Sligo Dept of Computing Frame Relay Technology Semester 4 Chapter 6.

Institute of Technology, Sligo Dept of Computing Frame Relay Technology Semester 4 Chapter 6.
Chapter 11 Wide Area Networking (WAN) Protocols Defining WAN Terms Customer Premises Equipment (CPE) is your stuff Demarcation (demarc) is end of provider’s.

Chapter 11 Wide Area Networking (WAN) Protocols Defining WAN Terms Customer Premises Equipment (CPE) is your stuff Demarcation (demarc) is end of provider’s.
Chapter 6- Semester4 Carl Marandola CCRI.

Chapter 6- Semester4 Carl Marandola CCRI.
1 16-Aug-15 Static Routing CCNA Exploration Semester 2 Chapter 2.

1 16-Aug-15 Static Routing CCNA Exploration Semester 2 Chapter 2.
WAN Networking Protocols 1 WAN Connection Types Share bandwidth Frame Relay and X.25 56Kbps to 2.048Mps Point-to-Point connection No setup before transmission.

WAN Networking Protocols 1 WAN Connection Types Share bandwidth Frame Relay and X.25 56Kbps to 2.048Mps Point-to-Point connection No setup before transmission.
Wide Area Networks (WANs)

Wide Area Networks (WANs)
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager.

Similar presentations

Ads by Google