Moved my blog over to my new domain.
http://blog.matthewstone.net/
YAY! I'm a geek! YAY!
Friday, July 16, 2010
Tuesday, July 13, 2010
Chapter 3 Review
Spent my afternoon in the lab today going over Chapter 3: Switch Port Configuration.
Todays key topics: (As noted by the book)
Characteristics of Ethernet Switching
Ethernet Autonegotiation
Difference of Ethernet Types
10-Gigabit Ethernet
Interface Selection for Configuration
Configure Port Speed
Configure Port Duplex Mode
Configure Port error Detection
Verify Port State
Verify Port Speed and Duplex Mode
Vocabulary:
CSMA/CD - Carrier Sense Multiple Access/Collision Detection
Duplex Mode - The Ethernet mode that governs how a device can transmit over a connection - half-duplix mode forces only one device to transmit at a time, as all devices share the same media; full-duplix mode is used when only two devices share the media, such that both devices can transmit simultaneously.
Autonegotiation - A mechanism used by a device and a switch port to automatically negotiate the link speed and duplex mode
Duplex Mismatch - A condition where the devices on each end of a link use conflicting duplex modes.
IEEE 802.3 - The standard upon which all generations of Ethernet (Ethernet, Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet) are based.
Key Commands:
interface type module/number - Select a port
interface range type module/number [, type modulenumber ...] - Select Multiple Ports
interface range type module/first-number - last-number - Select Multiple Ports
define interface-range macro-name type modulenumber [, type modulenumber ...] [type module/first-number - last-number] [...] - Define an Interface Macro
interface range macro macro-name - Select interfaces in Macro
description description-string - Assign a description to an interface
speed {10 | 100 | 1000 | auto} - Set port speed
duplex {auto | full | half} - Set port duplex mode
errdisable detect cause [all | cause-name] - Detect port error conditions
errdisable recovery cause [all | cause-name] - Automatically recover from errdisable
errdisable recovery interval seconds - Automatically recover from errdisable
shutdown - Common...really
no shutdown - Common...really
He adds shut and no shut to manually recover from errdisable. But...yeah.
And I'll add this one because I think it's important...
show interface status errdisable - Shows errdisabled interfaces and reason for errdisable.
I'm not exactly sure why the last one was left off of the book list, but oh well. I added it, so there.
In all this chapter was good but mostly review. It still solidifies even more the things you learn as a network engineer. Building blocks for the later chapters.
Not really anything new or cool to post from this chapter. On to the next!
Monday, July 12, 2010
Today's reading - Chapter 2 review
Vocabulary words (and acronyms) for tonights reading....and the past couple of nights.
TCAM - Ternary Content-Addressable Memory
CAM - Contant-Addressable Memory
ACE - Access Control Entities
LOU - Logical Operation Unit
FIB - Forwarding Information Base
Collision Domain - Ethernet segment where a collision will be experienced.
Flooding - Forwarding a packet on each available interface except the one it was received.
Unknown Unicast Flooding - Forwarding a packet on each available interface except the one it was received because the destination MAC address's interface was unknown to the switch.
CSMA/CD - Carrier Sense Multiple Access/Collision Detection
So I am going through Chapter 2 of the Cisco Press book and it's all about the inner workings of the switch. How it learns MACs and how it uses hardware to switch (and route) at wire speed.
Not many commands for this chapter:
show mac address-table - Shows the current CAM table
show mac address-table count - Shows how many MAC addresses are in the CAM table and how many addresses are left over.
mac address-table static mac-address vlan vlan-id interface type number - Add a static entry to the CAM table
clear mac address-table dynamic [address mac-address | interface type number | vlan vlan-id] - Clear CAM table/entry.
The key topics covered in this chapter where:
Collision domains
Flooding/Unknown Unicast Flooding
Topology-Based Switching
CAM Table
TCAM Operation
Hopefully I can read some more tonight and post again, but I'm planning on making some homemade pizza and watching a movie with my fiancé...so maybe not.
TCAM - Ternary Content-Addressable Memory
CAM - Contant-Addressable Memory
ACE - Access Control Entities
LOU - Logical Operation Unit
FIB - Forwarding Information Base
Collision Domain - Ethernet segment where a collision will be experienced.
Flooding - Forwarding a packet on each available interface except the one it was received.
Unknown Unicast Flooding - Forwarding a packet on each available interface except the one it was received because the destination MAC address's interface was unknown to the switch.
CSMA/CD - Carrier Sense Multiple Access/Collision Detection
So I am going through Chapter 2 of the Cisco Press book and it's all about the inner workings of the switch. How it learns MACs and how it uses hardware to switch (and route) at wire speed.
Not many commands for this chapter:
show mac address-table - Shows the current CAM table
show mac address-table count - Shows how many MAC addresses are in the CAM table and how many addresses are left over.
mac address-table static mac-address vlan vlan-id interface type number - Add a static entry to the CAM table
clear mac address-table dynamic [address mac-address | interface type number | vlan vlan-id] - Clear CAM table/entry.
The key topics covered in this chapter where:
Collision domains
Flooding/Unknown Unicast Flooding
Topology-Based Switching
CAM Table
TCAM Operation
Hopefully I can read some more tonight and post again, but I'm planning on making some homemade pizza and watching a movie with my fiancé...so maybe not.
Saturday, July 10, 2010
802.3ba
100GB and 40 GB standards completed by IEEE. In fact it was approved in June. Sorry 40 GB, you're going to get passed over.
Friday, July 9, 2010
802.1x
Had a pretty productive day today. I've enabled 802.1x in the lab and plan on deploying it next week at my place of work. So what sparked this you might ask? Well this morning I got a call from one of my friends that I work in the same area with. We happen to share the same internet connection. He controls the ASA and Barracuda. The reason for my friend's call was to inform me one of our users was responsible for 30 percent of the bandwidth used until that point of the day. I did some poking around and found out it wasn't even a computer on our domain. That's got to go. The answer? 802.1x. 802.1x is kind of port level network security. It requires a computer to authenticate with a RADIUS server before it can contact the rest of the world.
Now what I couldn't find was any good documentation out there on the interwebs to help me. So now that I've ironed out a bunch of the kinks for our own deployment here I'll show you what I did to make this happen.
First things first was to install the Windows Network Policy and Access Server. This guy is essentially Windows' RADIUS server. It allows our bubbling Cisco switch to authenticate ports based on Active Directory. Sweet! To add the role do the following:
Select Server Manager:
Now Select "Add Roles"
Select Network Policy and Access Services: Obviously I have it installed already
Next go to Active Directory and add a group. You can do either user or computer authentication....or both for that mater. I called my group "Network Access"
And obviously add your user to the group:
Select "Create Self-Signed Certificate". Unless you have one that's official and signed.
Now let's get into the Network Policy Server:
On thing I forgot to take screen shots on is to add a RADIUS Client. The Cisco switches are actually your RADIUS clients. Just add the IP and generate/create a key for each switch you want to add. We'll get to the configuration of the switch later, but remember this key. You'll need it for the switch configuration later.
Select "Configure NAP". I think I want to configure a nap every day after lunch...hahahahha...ha...yeah.
I'm missing the screen shot, but on the first selection select "802.1x Wired" who ha, and click next. Then you'll add that "Network Access" group to your users.
And finish! Yay! Now on to our switch!
At this point we should be completely configured correctly as far as windows is concerned. We're ready to rock and roll on the switch side of things. Type these commands in:
aaa new-model
aaa authentication dot1x default group radius
dot1x system-auth-control
interface GigabitEthernet0/1
switchport mode access
dot1x port-control auto
radius-server host 10.0.0.1
radius-server key rAnDoMkEyH3r3
Once you do all that you have one last thing to do. Enable 802.1x on your pc. If you're on Windows 7 (and vista I think) enable the service "Wired AutoConfig." That service will give you another tab in your network interface properties. Enable 802.1x and you're in business. Oh man how I love this technology.
Hope this helps,
Matt
Thursday, July 8, 2010
Some Good After All
So I am cheesing a little bit tonight because I found out something good. I didn't know this but packet tracer actually emulates 3560 switches with...get this...advanced ip services. So I have a mock lab on my laptop now. Pretty sweet if you ask me. I don't know yet if it will have all the features of a full in-the-flesh switch but so far I have seven switches on the table. Three using the multi layer switch capabilities (Route ports with OSPF running between them all) and four are just plane jane switches at this point. I'll configure port channels and the like on the plane jane switches and hopefully run HSRP/VRRP on these puppies too! In any case I thought it'd be worth mentioning that packet tracer CAN run 3560's. That's good news for all of us trying to study on the cheep!
Hope this helps,
Matt
High Hopes
I had high hopes of studying for a couple of hours today, but as you would guess that didn't work out. I am hoping to hit the lab pretty hard tomorrow. Friday's are usually pretty slow (fingers crossed). Just because I said that tomorrow is going to be the craziest day of the week. I think this blog is doing me some good though. It helps me to regurgitate the information in a format like this. Helps me understand it a little bit more. The only thing about it is I need to be hitting this stuff every day if I plan to pass the SWITCH test...or any of the exams for that matter. If I've learned one thing about Cisco exams it is this; you can't over-prepare. You have to hit this stuff every day and beat it into your head. When I was setting up the MPLS VRF deployment at my job I sat down with four 3750-Metro switches one weekend and pounded away at it until I knew what each command was doing and why. I know it will be a long road but it will pay itself off, and I enjoy it which helps make it better.
Wednesday, July 7, 2010
TCAM, CAM, and FIB
Finished the first couple of chapters today in the book I'm going through (Cisco Press's CCNP SWITCH 642-813). I don't know if I recommend it or not, but I'll sure let you know following my completion of the book/642-813 exam. Today it covered some of the test's objectives like being able to do peer review and writing implementation documents and configurations for a given design. Seems a little overwhelming at first to think "Sit in front of this word processor and configure a switch" but the book does a good job of teaching you how to prepare for it.
The second thing the book covered was the inside guts of a switch. How it does exactly what it does. Which for me was just really cool. It covers the different ways Cisco has figured out how to make things work and work fast. Interesting that the CAM, TCAM, and FIB tables look up's all happen at the same time and all in hardware. Bravo.
If you're a little confused on what CAM, TCAM, and FIB tables are I'll give you a short rundown.
CAM - Content Addressable Memory: This table holds all of the MAC address information the switch has. So if a packet arrives with the destination of 000.0a9.3b9.01c then it looks that MAC address up in the CAM table. If it finds a match it spits the packets out the corresponding interface. If that MAC was not found then it relies on a "best effort" way of forwarding where it repeats that packet on every interface on the switch (excluding the one interface the packet originated from) hoping to find it's match. CAM table's can be manually populated (Putting every mac off of each interface into the CLI manually) or it can automatically populate it's table my adding the source address of ethernet frames and it's corresponding interface to the CAM table.
TCAM - Ternary Content Addressable Memory: There are two TCAM tables. One for access lists (ACLs) and one for quality of service (QOS). It takes the access list you put in and creates sort of a "matching string" to match incoming packets to. This table is populated when you add or edit access lists and/or quality of service policies.
FIB - Forwarding Information Base: The FIB (Which is really fun to say) is the "Layer 3 CAM" if you will. It contains the routes the switch knows about. This table is populated either when you manually add a route or if routes are updated via a routing protocol.
This is what I've learned/refreshed today.
Hope this helps,
Matt
Upgrade IOS
First things first on these 3750's was to upgrade the IOS to advanced IP services. That didn't take long, and here are the commands to do it.
Switch1#show flash:
Directory of flash:/
410 drwx 192 Mar 4 1993 21:44:16 +00:00 c3560-ipbase-mz.122-25.SEE3
32514048 bytes total (24361984 bytes free)
Switch1#copy tftp: flash:
Address or name of remote host [10.192.240.5]?
Source filename [advipserv.bin]?
Destination filename [advipserv.bin]?
Accessing tftp://10.192.240.5/advipserv.bin...
Loading advipserv.bin from 10.192.240.5 (via Vlan1):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 6398853 bytes]
6398853 bytes copied in 145.349 secs (44024 bytes/sec)
Switch1#show boot
BOOT path-list : flash:c3560-ipbase-mz.122-25.SEE3/c3560-ipbase-mz.122-25.SEE3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
Switch1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)#boot system flash:advipserv.bin
Switch1(config)#exit
00:40:13: %SYS-5-CONFIG_I: Configured from console by consoleeload
Switch1#reload
System configuration has been modified. Save? [yes/no]: yes
Building configuration...
[OK]
Proceed with reload? [confirm]
All done. My show ver looks like this now:
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 28 WS-C3560G-24PS 12.2(25)SEB4 C3560-IPSERVICES-M
Configuration register is 0xF
Work Work Study Work
Tuesday, July 6, 2010
Almost forgot.
I almost forgot to mention that if you don't like command line stuff and/or want an easier way to set up dynamips you should try out Graphical Network Simulator (GNS). http://www.gns3.net/
Hope this helps,
Matt
A lot of nothing.
After spending a few hours trying to get dynamips to accept my 3560 advanced ip services code I gave up. (Or rather found online that dynamips only supports router IOS) Which will help me when I take the ROUTE exam, but kind of sucks for the SWITCH. I don't have three 3560's at home...nor do I really feel like spending 3,000 bucks to get them here. So I am trudging on to try and figure out a good cheap (read free) way to study.
What's in your rack?
I figure a good second post would be to describe some of the equipment I'm working with to study. I've been fortunate enough to get some pretty good equipment to study with over the past few months. I have five 2600's. Three of which can't run anything past IOS 12.3. Then I have 2 2600XM's that run the 12.5 code for IPv6 and two 1800 series routers that we all know are about gold to get your hands on. I also have two 2924 switches. Which was good for the CCNA, but not such a help for the CCNP, so at work I have two 3560's in a rack to help me pass my CCNP Swtich. That's about all the equipment I've got, and if you don't have that don't freak out. There are plenty of places that rent equipment out and on top of that plenty of good software out there that'll emulate a cisco router/switch. There is one that even runs the actual IOS software. It's called Dynamips. Found at http://dynagen.org/
Hope this helps,
Matt
Another day another dollar.
Not really sure why I decided that should be the title of this blog. Perhaps it's closing in to 5:00 and I'm ready to leave, but nevertheless here it is. The first blog post in my road to the CCNP. I became a CCNA a little over a half a year ago now and since then I've been gearing up for my CCNP. That was until the tests changed a couple of months ago. After the tests changed I kind of slacked a while, disheartened they'd changed the curriculum I'd been studying, but no longer. It's time for me to get back on that "Cisco Career Path" who-ha and get after the CCNP tests. I'll post here on what I'm studying and hopefully some videos and general information that might help someone somewhere one day pass this test too. I'm starting my journey with the CCNP Switch test. The new 642-813. I'm reading through the Cisco Press book to start. We'll see where this takes us.
Subscribe to:
Posts (Atom)