Moved my blog over to my new domain.
http://blog.matthewstone.net/
YAY! I'm a geek! YAY!
Friday, July 16, 2010
Tuesday, July 13, 2010
Chapter 3 Review
Spent my afternoon in the lab today going over Chapter 3: Switch Port Configuration.
Todays key topics: (As noted by the book)
Characteristics of Ethernet Switching
Ethernet Autonegotiation
Difference of Ethernet Types
10-Gigabit Ethernet
Interface Selection for Configuration
Configure Port Speed
Configure Port Duplex Mode
Configure Port error Detection
Verify Port State
Verify Port Speed and Duplex Mode
Vocabulary:
CSMA/CD - Carrier Sense Multiple Access/Collision Detection
Duplex Mode - The Ethernet mode that governs how a device can transmit over a connection - half-duplix mode forces only one device to transmit at a time, as all devices share the same media; full-duplix mode is used when only two devices share the media, such that both devices can transmit simultaneously.
Autonegotiation - A mechanism used by a device and a switch port to automatically negotiate the link speed and duplex mode
Duplex Mismatch - A condition where the devices on each end of a link use conflicting duplex modes.
IEEE 802.3 - The standard upon which all generations of Ethernet (Ethernet, Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet) are based.
Key Commands:
interface type module/number - Select a port
interface range type module/number [, type modulenumber ...] - Select Multiple Ports
interface range type module/first-number - last-number - Select Multiple Ports
define interface-range macro-name type modulenumber [, type modulenumber ...] [type module/first-number - last-number] [...] - Define an Interface Macro
interface range macro macro-name - Select interfaces in Macro
description description-string - Assign a description to an interface
speed {10 | 100 | 1000 | auto} - Set port speed
duplex {auto | full | half} - Set port duplex mode
errdisable detect cause [all | cause-name] - Detect port error conditions
errdisable recovery cause [all | cause-name] - Automatically recover from errdisable
errdisable recovery interval seconds - Automatically recover from errdisable
shutdown - Common...really
no shutdown - Common...really
He adds shut and no shut to manually recover from errdisable. But...yeah.
And I'll add this one because I think it's important...
show interface status errdisable - Shows errdisabled interfaces and reason for errdisable.
I'm not exactly sure why the last one was left off of the book list, but oh well. I added it, so there.
In all this chapter was good but mostly review. It still solidifies even more the things you learn as a network engineer. Building blocks for the later chapters.
Not really anything new or cool to post from this chapter. On to the next!
Monday, July 12, 2010
Today's reading - Chapter 2 review
Vocabulary words (and acronyms) for tonights reading....and the past couple of nights.
TCAM - Ternary Content-Addressable Memory
CAM - Contant-Addressable Memory
ACE - Access Control Entities
LOU - Logical Operation Unit
FIB - Forwarding Information Base
Collision Domain - Ethernet segment where a collision will be experienced.
Flooding - Forwarding a packet on each available interface except the one it was received.
Unknown Unicast Flooding - Forwarding a packet on each available interface except the one it was received because the destination MAC address's interface was unknown to the switch.
CSMA/CD - Carrier Sense Multiple Access/Collision Detection
So I am going through Chapter 2 of the Cisco Press book and it's all about the inner workings of the switch. How it learns MACs and how it uses hardware to switch (and route) at wire speed.
Not many commands for this chapter:
show mac address-table - Shows the current CAM table
show mac address-table count - Shows how many MAC addresses are in the CAM table and how many addresses are left over.
mac address-table static mac-address vlan vlan-id interface type number - Add a static entry to the CAM table
clear mac address-table dynamic [address mac-address | interface type number | vlan vlan-id] - Clear CAM table/entry.
The key topics covered in this chapter where:
Collision domains
Flooding/Unknown Unicast Flooding
Topology-Based Switching
CAM Table
TCAM Operation
Hopefully I can read some more tonight and post again, but I'm planning on making some homemade pizza and watching a movie with my fiancé...so maybe not.
TCAM - Ternary Content-Addressable Memory
CAM - Contant-Addressable Memory
ACE - Access Control Entities
LOU - Logical Operation Unit
FIB - Forwarding Information Base
Collision Domain - Ethernet segment where a collision will be experienced.
Flooding - Forwarding a packet on each available interface except the one it was received.
Unknown Unicast Flooding - Forwarding a packet on each available interface except the one it was received because the destination MAC address's interface was unknown to the switch.
CSMA/CD - Carrier Sense Multiple Access/Collision Detection
So I am going through Chapter 2 of the Cisco Press book and it's all about the inner workings of the switch. How it learns MACs and how it uses hardware to switch (and route) at wire speed.
Not many commands for this chapter:
show mac address-table - Shows the current CAM table
show mac address-table count - Shows how many MAC addresses are in the CAM table and how many addresses are left over.
mac address-table static mac-address vlan vlan-id interface type number - Add a static entry to the CAM table
clear mac address-table dynamic [address mac-address | interface type number | vlan vlan-id] - Clear CAM table/entry.
The key topics covered in this chapter where:
Collision domains
Flooding/Unknown Unicast Flooding
Topology-Based Switching
CAM Table
TCAM Operation
Hopefully I can read some more tonight and post again, but I'm planning on making some homemade pizza and watching a movie with my fiancé...so maybe not.
Saturday, July 10, 2010
802.3ba
100GB and 40 GB standards completed by IEEE. In fact it was approved in June. Sorry 40 GB, you're going to get passed over.
Friday, July 9, 2010
802.1x
Had a pretty productive day today. I've enabled 802.1x in the lab and plan on deploying it next week at my place of work. So what sparked this you might ask? Well this morning I got a call from one of my friends that I work in the same area with. We happen to share the same internet connection. He controls the ASA and Barracuda. The reason for my friend's call was to inform me one of our users was responsible for 30 percent of the bandwidth used until that point of the day. I did some poking around and found out it wasn't even a computer on our domain. That's got to go. The answer? 802.1x. 802.1x is kind of port level network security. It requires a computer to authenticate with a RADIUS server before it can contact the rest of the world.
Now what I couldn't find was any good documentation out there on the interwebs to help me. So now that I've ironed out a bunch of the kinks for our own deployment here I'll show you what I did to make this happen.
First things first was to install the Windows Network Policy and Access Server. This guy is essentially Windows' RADIUS server. It allows our bubbling Cisco switch to authenticate ports based on Active Directory. Sweet! To add the role do the following:
Select Server Manager:
Now Select "Add Roles"
Select Network Policy and Access Services: Obviously I have it installed already
Next go to Active Directory and add a group. You can do either user or computer authentication....or both for that mater. I called my group "Network Access"
And obviously add your user to the group:
Select "Create Self-Signed Certificate". Unless you have one that's official and signed.
Now let's get into the Network Policy Server:
On thing I forgot to take screen shots on is to add a RADIUS Client. The Cisco switches are actually your RADIUS clients. Just add the IP and generate/create a key for each switch you want to add. We'll get to the configuration of the switch later, but remember this key. You'll need it for the switch configuration later.
Select "Configure NAP". I think I want to configure a nap every day after lunch...hahahahha...ha...yeah.
I'm missing the screen shot, but on the first selection select "802.1x Wired" who ha, and click next. Then you'll add that "Network Access" group to your users.
And finish! Yay! Now on to our switch!
At this point we should be completely configured correctly as far as windows is concerned. We're ready to rock and roll on the switch side of things. Type these commands in:
aaa new-model
aaa authentication dot1x default group radius
dot1x system-auth-control
interface GigabitEthernet0/1
switchport mode access
dot1x port-control auto
radius-server host 10.0.0.1
radius-server key rAnDoMkEyH3r3
Once you do all that you have one last thing to do. Enable 802.1x on your pc. If you're on Windows 7 (and vista I think) enable the service "Wired AutoConfig." That service will give you another tab in your network interface properties. Enable 802.1x and you're in business. Oh man how I love this technology.
Hope this helps,
Matt
Thursday, July 8, 2010
Some Good After All
So I am cheesing a little bit tonight because I found out something good. I didn't know this but packet tracer actually emulates 3560 switches with...get this...advanced ip services. So I have a mock lab on my laptop now. Pretty sweet if you ask me. I don't know yet if it will have all the features of a full in-the-flesh switch but so far I have seven switches on the table. Three using the multi layer switch capabilities (Route ports with OSPF running between them all) and four are just plane jane switches at this point. I'll configure port channels and the like on the plane jane switches and hopefully run HSRP/VRRP on these puppies too! In any case I thought it'd be worth mentioning that packet tracer CAN run 3560's. That's good news for all of us trying to study on the cheep!
Hope this helps,
Matt
High Hopes
I had high hopes of studying for a couple of hours today, but as you would guess that didn't work out. I am hoping to hit the lab pretty hard tomorrow. Friday's are usually pretty slow (fingers crossed). Just because I said that tomorrow is going to be the craziest day of the week. I think this blog is doing me some good though. It helps me to regurgitate the information in a format like this. Helps me understand it a little bit more. The only thing about it is I need to be hitting this stuff every day if I plan to pass the SWITCH test...or any of the exams for that matter. If I've learned one thing about Cisco exams it is this; you can't over-prepare. You have to hit this stuff every day and beat it into your head. When I was setting up the MPLS VRF deployment at my job I sat down with four 3750-Metro switches one weekend and pounded away at it until I knew what each command was doing and why. I know it will be a long road but it will pay itself off, and I enjoy it which helps make it better.
Subscribe to:
Posts (Atom)