Wednesday, July 30, 2014

Lesson 1 - Connecting to Cisco Console Port with MINICOM

If you are a linux user user you must learn how to connect to your Cisco router or switch using roll-over cable (the cable that comes with your device).

Step1 - Installing Minicom

Linux users will use application called 'minicom'.  If you are Ubuntu user you can install it using either 'Synaptic Package Manager' or type in the following in your terminal window:
$ sudo apt-get install minicom

Once it is installed, you must configure the 'minicom' to communicate with the console port of your router/switch. 

Step 2 - Connection to Console Port

Power up your router/switch and connect the roll-over cable to your computer's serial port (DB-9) and to the 'console' port of your router/switch (RJ-45).

Step 3 - Configure Minicom

Open your Terminal window (Applications ==> Accessories ==> Terminal) and type in:

$ minicom -s


Scroll down to 'Serial Port Setup' and hit Enter:
Pic. 1

Choose 'A' to set up the serial port of your computer (here the first serial port is referenced as ttyS0) so it reads as highlighted below. Then hit Enter again to accept the change:
Pic. 2

Next, press 'E' and then 'C' again to access the transmission speed and change it to '9600' value (no apostrophies). You should see values like highlighted below:
Pic. 3


Then hit Enter twice to get back to the first screen (Pic.1)

The last thing is to save this configuration (you can choose 'dfl' to be the default template or with some other name).
Pic. 4
  

If you chose 'dflp and then, 'Exit from Minicom', you can try out your work now. Type in:
$ minicom

and hit Enter

You should see the console prompt of your router/switch. If you want to leave the minicom use CTRL-A keystroke and then type 'x' and confirm you want to leave the application.
Posted by at No comments:

Lesson 2 - Navigating in Cisco IOS

Once, you have connected to your Cisco switch or router console port, and power up the device you will see some information displayed during the start of the device. If the device has no initial configuration you are presented with:

Pic. 1 - System Configuration Dialog


You can safely cancel this request as its capability to configure the device is not very impressive. Instead, you are going to do things all professionals do: command after command.

What follows is bunch of messages sent to the screen and after hitting the Enter key few times you get something like this (here is the router, but a switch would introduce itself as ... Switch> ):

Router>

IOS Modes (contexts)

This prompt of the device tells you in which 'context' you are, and the one above with the '>' character is known as 'user exec mode' or 'privilege level 1 mode'. You can't configure much in this mode of operation. It is designed as a 'monitoring' mode not a 'configuration' one. Also, the monitoring capability is limited. For instance, you can't see the running configuration of the device.

Type in the following command:

Router>enable
Router#

The prompt changes to '#' which is called 'privileged exec mode', 'enabled mode' or sometimes 'privilege level 15 mode'. I would like to draw your attention to two things here. Both modes of operation (or contexts, if you like) have two things in common:
  1. They are used primarily to monitor the device (you will be using 'show' and 'debug' commands in those modes).
  2. They are context for immediate execution of your commands. If the syntax is correct, system executes the command immediately.
Those two modes differ from one another as well:
  1. User Exec Mode - is limited in terms of what information will be available.
  2. Enabled Exec Mode - gives the operator ALL information (like root or Administrator account on a computer).
Question Mark 

As the commands take many attributes your best friend is the question mark '?'. This help is known as the 'context-sensitive help'. This means that depending on which context you use, while typing a question mark (?) the system is going to list the commands that can be executed in that particular mode of operation. See more in the attached video.

Configurations

In order to configure things in Cisco IOS (except for some minor changes), you must enter the 'global configuration mode' first which is characterized by the following prompt:

Router(config)#

This context can be accessed by typing the following command in the 'privileged exec mode':

Router#configure terminal

Whatever you configure this particular mode it is going to be applied to the device as a whole unit(e.g. hostname, default gateway on a switch etc.).

If you want to enter the context of the interface to configure it with some parameters like ip address, speed, duplex, description etc. , you must enter that interface from the global configuration mode like the one below:

Router(config)#interface fastethernet1/0

If you do not know what interfaces your device has, type the following command in the enabled mode:

Router#show ip interface brief

As you see, in the 'global configuration mode' I did the following actions in order to access the context of the interface:
  1. Entered the interface type (here: Fast Ethernet).
  2. Referenced the module number (here: 1)
  3. Referenced the port number in the module 1 (here: 0)
Please, note that routers count ports starting from 0, switches starting from 1.

You'll learn other contexts as we go through numerous labs and video presentations.

Abbreviations

You don't have to type in the full words of the commands and certain attributes that follow the commands. For instance, instead of typing:

Router#configure terminal
Router(config)#

You can type:

Router#conf t
Router(config)#

As long as the abbreviation uniquely describes which command you want to use, the system has no problem accepting it.

Shortcuts And Keystrokes

When you type enough of the characters that uniquely identify the command in a given context you can use 'tab' key and the system is going to complete the command on the screen for you (just like in Linux).

I often use the following keystrokes while editing the commands:
  • CTRL-z - takes the cursor back to the 'enabled exec' mode from any other context
  • CTRL-a - takes the cursor to the beginning of the line
  • CTRL-e - takes the cursor to the end of the line
  • CTRL-k - erases everything to the right of the cursor
  • CTRL-u - erases everything to the left of the cursor
  • Upper Arrow or CTRL-P - displays previous command from the history buffer
  • Lower Arrow or CTRL-N - displays next command from the history buffer
System keeps the record of up to ten (default) commands you typed in. You can increase/decrease the history buffer up to 256 commands.

If you want to check the history buffer size, type in:

Router#show terminal | include history

Changing the buffer size can be accomplished with the following command in the 'enabled mode'

Router#terminal history size 256

The above command  will increase the size of the history buffer to 256 commands.

If you want to see the buffer (which commands were typed) use this command:

Router#show history
    Please, take a look at the video I posted below to see most of those things in action. Practice them until you are confident with the content of this lesson before you proceed to the next one.
    Posted by at No comments:

    Lesson 3 - Initial Configuration of Cisco Switch and Router

    Understanding technologies requires a skill. Even though not mine, but the best definition of what a skill is, could be summarized in five words: knowledge and one thousand repetitions.

    In this lesson, there is no real technology to explain. Instead, you will get familiar with some useful commands we use very often while configuring our routers and switches. This practical exercise however, is going to help hone your skills obtained in the previous lesson.

    Take a look at our simple topology first:

    Switch/router/computer icons designed by: Andrzej Szoblik - http://www.newo.pl

    And here's our plan for the initial configuration. 
    1. Configure the host names on both the switch and the router (SW1 and R1 respectively).
    2. When you mistype the command in the 'enabled mode' the IOS is trying to resolve this name to ip address. Disable that name resolution.
    3. Protect the 'privileged exec mode' with clear text password. Use 'cisco_enable' as your password.
    4. Encrypt the password with 'over-shoulder' algorithm.
    5. Protect the access to the console port 0. Use 'cisco_console' as your password.
    6. Configure the console port 0, so it disconnects you after 5 min. 30 sec. of idleness.
    7. Configure the console port 0 such, that system messages sent to the screen, do not interfere with what you are typing.
    8. After careful consideration you decide to use the most secure access to the 'privileged exec mode'. Disable the previous method and configure the same password using MD5 algorithm to encrypt the password.
    9. On the switch assign ip address (use: 192.168.1.253/24) on the management interface Vlan 1.
    10. Configure the switch to use the default-gateway (address of the default gateway: 192.168.1.254/24) in case it is managed remotely from another subnet or network.
    11. Enable the router's interface FastEthernet1/0. Use 192.168.1.254/24 address.
    12. Enable the interface facing the Internet Serial0/1 (we pretend it is the public interface). Use ip address 172.31.1.1/30.
    13. Enable the remote access to your devices via telnet. Use password 'cisco_remote'.
    14. After careful consideration you decide to use ssh as the remote access method rather than telnet. Configure that.
    15. Save the configuration on both switch and the router so it is available after reload/power cycle.
    Solution:
    1. Configure the host names on both the switch and the router (SW1 and R1 respectively). 
    Most of the steps are identical on a switch and a router.  That is why I'm presenting, router's configuration only. You have to repeat them on the switch yourself. If the configuration of the switch is different, it is presented as well (step 9 and step 10).

    If your prompt shows the user mode '>' you must enter the privileged mode first by typing 'enable':

    Router>enable
    Router#

    Then, in order to set the host name on the router you must enter the 'config mode' (you can abreviate the command to 'conf t'):

    Router#configure terminal
    Router(config)#

    Finally, you type in:

    Router(config)#hostname R1
    R1(config)#

    NOTICE!
    The commands take effect immediately as long as their syntax is correct.

    2. When you mistype the command in the 'enabled mode' the IOS is trying to resolve this name to ip address. Disable that name resolution. 

    R1(config)#no ip domain-lookup

    3. Protect the 'privileged exec mode' with clear text password. Use 'cisco_enable' as your password.

    R1(config)#enable password cisco_enable

    4. Encrypt the password with 'over-shoulder' algorithm.

    R1(config)#service password-encryption

    5. Protect the access to the console port 0. Use 'cisco_console' as your password.

    In order to do that you have to change the context from 'config mode' to 'line console 0' mode. Pay attention to the prompt! The 'login' keyword is going to prompt the user for the password.

    NOTICE!
    the 'no login' command would allow the user to access the console 0 WITHOUT asking for the password even if one was configured.
    R1(config)#line console 0
    R1(config-line)#password cisco_console
    R1(config-line)#login

    6. Configure the console port 0, so it disconnects you after 5 min. 30 sec. of idleness.

    We're still in console 0 prompt so, we can continue configuring console 0.

    R1(config-line)#exec-timeout 5 30
    R1(config-line)#

    If you wanted the console line 0 to never disconnect you during the time of idleness, you would use:exec-timeout 0 0.

    7. Configure the console port 0 such, that system messages sent to the screen, do not interfere with what you are typing.

    By default, all system messages are sent to the console 0 and they may interfere with what you are currently typing on the console 0 line. If you are accessing the device via telnet/ssh (remotely), you do not see any messages. If you want to see them on the vty lines (remote connection via telnet/ssh), you must type in: 'terminal monitor' in the 'enabled mode'. Here is the command to satisfy the step 7 in our design:

    R1(config-line)#logging synchronous

    8. After careful consideration you decide to use the most secure access to the 'privileged exec mode'. Disable the previous method and configure the same password using MD5 algorithm to encrypt the password.

    As we are still in the line console 0 context (look at the prompt), we need to step back to the 'config mode', and then remove the previous 'enable' password. Next we will proceed with md5 password configuration. If you did not remove the previous 'enable password', system is going to use the more secure one anyway.

    R1(config-line)#exit
    R1(config)#no enable password
    R1(config)#enable secret cisco_enable

    9. On the switch assign ip address (use: 192.168.1.253/24) on the management interface Vlan 1.

    I assume that you have completed the steps 1-8 on BOTH router and switch. The commands and prompts will be identical. Now, you can assign ip address on Vlan 1 interface.

    SW1>enable
    SW1#conf t
    SW1(config)#interface vlan 1
    SW1(config-if)#ip address 192.168.1.253 255.255.255.0
    SW1(config-if)#no shutdown

    10. Configure the switch to use the default-gateway (address of the default gateway: 192.168.1.254/24) in case it is managed remotely from another subnet or network.

    We need to step back to 'config mode' from interface Vlan1 mode to accomplish the task.

    SW1(config-if)#exit
    SW1(config)#ip default-gateway 192.168.1.254

    11. Enable the router's interface FastEthernet1/0. Use 192.168.1.254/24 address.

    R1(config)#interface f1/0
    R1(config-if)#ip address 192.168.1.254 255.255.255.0
    R1(config-if)#no shutdown


    12. Enable the interface facing the Internet Serial0/1 (we pretend it is the public interface). Use ip address 172.31.1.1/30.

    Even though we are currently in F1/0 interface context (look at the prompt), we can jump directly towards s0/1 without typing 'exit' first. If you use real routers (not dynamips), one end of the connection must use DCE cable and the other DTE cable. They are connected back-to-back and DCE interface must be set up with the clock rate.

    R1(config-if)#interface s0/1
    R1(config-if)#ip address 172.31.1.1 255.255.255.252
    R1(config-if)#no shutdown

    13. Enable the remote access to your devices via telnet. Use password 'cisco_remote'.

    Remote access connections are service by special, virtual lines called vty. Here, we will use vty lines 0 through 4, allowing only five concurrent connections via telnet.

    R1(config-if)#line vty 0 4
    R1(config-if)#password cisco_remote
    R1(config-if)#login

    14. After careful consideration you decide to use ssh as the remote access method rather than telnet. Configure that.

    This is going to be the most complex part in our lab. Below are four steps need to complete the task.

    a) Configure system domain-name. Without the domain name, IOS cannot generate rsa keys used for encryption and decryption (public/private). The domain name can be any name you choose to use (here: ccna.local) but company's real name is a good idea.

    R1(config-line)#exit
    R1(config)#ip domain-name ccna.local
    R1(config)#

    b) When you type the below command the system will ask you what should be the length of the keys. Choose 1024 value. IOS will take a few seconds to generate them and automatically start SSH server. Wait till it's done.

    R1(config)#crypto key generate rsa
    R1(config)#

    c) Create a user account that will be used for ssh access (here: user=admin, password=S3cr3t).

    R1(config)#username admin password cisco_remote
    R1(config)#

    d) Enable ssh protcol and disable telnet on vty lines 0 4. Make sure that ssh will use locally created user (admin) for ssh connections. This is done using 'login local' command.

    R1(config)#line vty 0 4
    R1(config-line)#transport input ssh
    R1(config-line)#login local
    R1(config-line)#end
    R1#

    15. Save the configuration on both switch and the router so it is available after reload/power cycle.

    R1#copy running-config startup-config 
    Posted by at No comments:

    Lesson 4 - Introduction to TCP/IP Layers

    In this lesson we take a sneak peek at the fundamentals regarding TCP/IP. This is one of the most important aspects to understand in order to follow the upcoming lessons. It is not my ambition to explain everything here as this would turn into a hefty book to read. You can find a lot of them on the market anyway. Instead, I will try to focus on some basic aspects of TCP/IP. They will constitute the minimum knowledge to help us understand how computers communicate.

    If you feel the urge to learn more on TCP/IP right now please visit the following site:http://www.tcpipguide.com/free/t_toc.htm
    NOTICE!
    Familiarize yourself with ALL terms in red. They will be used throughout the classes.

    Introduction 
    Computer communication follows some well defined rules and guidelines which we call protocols. In order for the computers to exchange data they have to agree on using the same rules, otherwise they become incompatible. That was the case in the past. This was one of the reasons to create a common model for communication. It was called OSI Model (Open Systems Interconnection). This was an attempt to make different vendor's computers exchange data easily. This way IBM machines could talk to DEC machines and so on. Today however, it is the TCP/IP model that is all-pervasive. This protocol suite is derived from OSI model and somewhat loosely follows its rules and terminology. This is going to be the focus of our discussion and the main topic of this lesson.

    Note!
    Remember that TCP/IP model does not follow OSI model exactly. OSI model is now used as a reference. What's described in this blog is TCP/IP model, not OSI or IPX/SPX model. Look at the comparison below:

    TCP/IP Layers
    The designers decided to break down the whole complexity of data exchange and created five layers of functions to accomplish the goal. This approach helps develop and modify certain layers of code without touching other layers. For instance, if you are an application programmer, you will be writing a code in the 'application layer' which allows you to use already written code dealing with the transport of data between computers. You do not even have to learn how this transport is done. It has already been written for you. This way, you focus on the application you're creating, what it does and how it works rather than learning about network adapter drivers, signaling and other gory, hardware details.

    TCP/IP model divides the functions related to data transmission by using five distinct layers of responsibility. Below area these layers.

    Layer 5-7 - Application
    This is where the data's journey begins. Everyday, you use many applications that  rely on network services. Those applications are classified to be layer 5 code. Your web browser and web server, mail client and mail server, ssh client and ssh server etc. You may have noticed the term client andserver often used in the above description. Pretty much all applications use this architecture.Client, is an application that requests some services from the server application. Server application is providing a client with what they want. A common example of that architecture is your Firefox orInternet Explorer web browser (client application) requesting a page from Apache or IIS web server (server application). Applications, in general, provide a User Interface (UI) which offloads us from a burden of knowing how a computer does things internally.

    So, once your application formed the request, that one is sent down to the layer 4 (transport layer) asking for the delivery to the host somewhere in the network.

    Layer 4 - Transport
    This layer accepts all requests coming from the upper layer (application layer) and tries to organize the transport of that request across the network. In TCP/IP model this layer of software is responsible for:
    • Breaking down big files that are sent across into smaller chunks called segments. There are technology limitations that do not allow our computers to send large files in one piece. It would not be a good idea anyway as any small change of the data during transmission would make the sender re-transmit the whole file again instead of the smaller chunk only. That of course, would take more time and resources to successfully transmit the data.
    • As your computer uses many applications that will transmit something across the network at the same time, the system must know how to mark those request such that they are delivered to the right receiver applications. And once the replies are coming back, they should be delivered back to the same process that initiated them. The concept of the port number has been introduced to deal with that. Source and destination ports ensure that all requests and replies are delivered to the appropriate processes on the computers exchanging data. More on that later in the upcoming lessons.
    • This layer also allows the application to use connection-oriented or connectionlessservices. The former, establishes communication with the receiving computer (or more generally: destination host) before data can be exchanged, the latter will send data without ensuring that the destination application is running and willing to receive anything. This form of transmission is used primarily for voice and video applications.
    • This layer will also give applications some options in terms of the reliability. Depending on which layer 4 protocol the application is designed to use, the reception of data can be verified or not. That creates reliable versus unreliable transport respectively. In the reliable transport any data that has not been delivered will be retransmitted, unlikely the unreliable transport.
    • One other function of layer 4 could be to moderate the transmissions so that the receiving host is neither swamped by the excess of packets coming in nor is it waiting and doing nothing because the sender's speed of transmission is too slow. Majority of the functions above are performed by TCP protocol, not UDP as applications choose one of them to use.
    Once all aspects and functions in this layer have been taken care of, layer 4 sends the data it received from layer 5 down to the layer 3 requesting its service.

    Layer 3 - Internet
    Upon receiving a request from layer 4, this code is going to process the incoming information. Since, typically we have more than one path between the sender (source) and the receiver (destination), the function of this layer is to find the best path between them. In order to accomplish that there are two concepts I need to introduce here.

    Firstly, we need to know how computers find themselves in the network. This is accomplished by using specially designed, layer 3 addresses uniquely identifying computers in any network. The addresses used by this layer consist of four bytes delimited by the dots (e.g. 10.1.1.1) which are followed by a, so called, 'netmask' also consisting of four bytes with the dot used as the delimiter (e.g. 255.255.255.0). The whole IP address can look like this:
    10.1.1.1 255.255.255.0. More on those later.

    Secondly, because the destination of our data can be outside of our own network, a device calledrouter has been introduced to find the optimal paths between the different networks in which the computers reside. The data processed by layer 3 is called a packet or datagram. This layer also uses a mapping to the upper layer 4 that has requested its services. This is due to the fact that there are more than one protocols available in layer 4 (TCP or UDP). This information (which layer 4 protocol is sending the data) is going to be useful when the data arrives at the destination and the destination's layer 3 process needs to send the content to the appropriate layer 4 protocol for processing. It has to be the SAME protocol that the sender used in layer 4.


    Layer 2 - Network Interface (Data Link in OSI model)
    There is a great variety of technologies that handle data transmission on media such as copper and fiber optics cables or air (wireless). In order to offload the layer 3 protocols from learning all possible signaling methods, layer 2 was created. Thus, layer 3 can focus on finding the best path between the source and the destination, and the layer 2 functions will handle the details of preparing the data to be placed on the actual media (copper wire, fiber, air etc.). The piece of information processed at this layer is called a frame. This layer will also use specially designed addressing scheme to recognize the next device which a computer is sending the data to. For instance, in the commonly used layer 2 technology called Ethernet, this address uniquely identifying hosts in the same network is called MAC Address. The reason why we use different addressing schemes: layer 3 and layer 2, will become clearer when we get into some details of the actual data exchange. Please, bear with me till we reach the right lesson that explains it in more detail. The device that is capable of understanding the structure of a frame and delivers the data between the hosts in the SAME network is called bridge, or switch. As of the time of writing this, switches are very popular devices and bridges can be found mostly in museums.

    Once the layer 2 has prepared the data which layer 3 requested to send, (the process is called 'framing'), layer 2 will send the request to layer 1 asking for the data to be placed onto the wire/fiber/air using the appropriate signaling method.

    Layer 1 - Network Interface (Physical Layer in OSI)
    This layer receives requests from layer 2 (data traveled from layer 5 to layer 1 now). The physical layer is going to encode data received from layer 2 software and place them in the form of bits (1s and 0s) on the medium. This way, ones and zeros travel across the media to deliver them to their receipient. The bits can traverse multiple devices as they go across such as hubs, switches, routers. What type of devices will forward those bits depends on the design of the network. The devices referred to as layer 1 devices are hubscablesnetwork adaptersconnectors,transceivers etc. Also the data processed by this layer is called bits. This layer defines low level aspects of the transmission such as cables used, maximum distance the cable can reliably sent bits across, types of the connectors, speed of the transmissions etc.
    NOTICE!
    The names given to the data at each of the layers described above (segment, packet, frame, bits) are taken from the OSI model terminology. They are referred to as: Protocol Data Unit (PDU).

    Understanding the terminology and the concepts presented in this lesson are the pre-requisites to understand the next lesson.
    Posted by at No comments:
    Subscribe to: Posts (Atom)