22 09 2011

Both a 2950 switch, and a 2811 router (that one hurt!) in two days! Unbelievable.

Firstly, the switch – I used write erase, expecting this to effectively delete my startup configuration file, but it actually deleted the OS image file. D’oh! I am finding the 2900XL fine for my study needs so far, but will be buying a replacement 2950 on pay day.

The router wasn’t my fault – it went from being fine one day to having a non-working console port the next. Tried alternative rollover cable, a different router etc, and every other combination worked fine. Unfortunately, I hadn’t enabled Telnet / SSH access so although it was working (a show cdp neighbor showed it live and kicking), so it’s effectively bricked.

This was my only 2-ethernet port router and my DCE-DTE cable hadn’t arrived yet, so I ordered a Cisco 1605 from Ebay for ¬£30. Looks OK, with two ethernet ports (not fast ethernet) and a Serial port – plenty of scope for messing around with routing protocols etc.


DCE-DTE cable arrived

22 09 2011

Can’t believe how excited I am about the arrival of my DCE-DTE cable for my home network – I do have a life, honest!

ICND2 update

22 09 2011

Completed the ICND2 on Friday, as scheduled. I didn’t pass the exam, getting an 804, with the pass mark 825.

Slightly gutting, but a good experience, with some positive outcomes and learnings.

Firstly, time, or lack of it. In almost every forum or blog post about this exam, the lack of time is mentioned, and with really good reason. This cannot be emphasised enough.

My particular exam had 44 questions, with 75 minutes to complete it. However, some of the questions were testlets, in the same style as the Microsoft 70-646 that I completed recently.. these had 4 sub questions each, so there were technically more like 50 questions.

There were a few simulator questions, which I’m positive I smashed, along with a lot of the first half of the exam.

This is where the problem became apparent – I simply took too long to answer (including being very thorough with checking) the questions. On question 23, I had only about 30 minutes or so remaining. Throw in a few of the non standard multiple choice questions (drag and drop, testlets etc), and that time soon diminished, culminating in a complex VLSM question near the end, which I ended up half guessing – I did calculate the masks correctly based on the number of hosts needed, and answered accordingly, but didn’t check for overlapping networks etc – simply too little time.

I wanted to answer all of the questions, so I hurried the above, and got through the last few in a really short time.

Secondly, was to know the entire syllabus really well. I did work hard on this, but tended to neglect access lists and NAT somewhat, and this showed through with a really poor score in this section.

My strongest area was switching, which is also the area I enjoy most, and which I have exposure to at work. I was pleased when one of the SIMs was switching related, but I still took too long on the answer, double and triple checking my config – this comes back to point 1 – time. So to combine the two points: “Know the material, and be confident enough in your knowledge to move on from each question once you’ve answered”.

I have no exposure to dynamic routing protocols in my environment, or frame relay – my point to point link has an RJ45 hand-off which is plugged directly in to a layer 3 switch.

I identified Frame Relay as the weakest area around a week before the exam (which I had taken off work), so focused relatively heavily on that, and ended up answering quite confidently.

I also did quite well on the routing protocol elements – there was a lot of theory, rather than configuration, thank goodness, and theory was something that I learnt a fair bit of from my various learning sources – same as usual, CBTNuggets, TrainSignal CBT, and the official Cisco ICND2 Certification Guide.

Needless to say, I’ve booked a retake. My study between now and then will consist of heavy revision of calculating network ranges, subnetting etc, combined with as much time as possible working with my small Cisco home network (a 2811 router, a couple of 2600’s, a 2500, a 2950 switch and a 2900XL switch). I’ve ordered a new DCE-DTE cable (lost the previous one during a house move), so once I’ve got that I’ll be able to practise configuring point to point links and routing protocols to a higher level than I was able to without it.

I’m sure there was a third point, but can’t remember it ūüėČ I’ll update the post if I do.

Rowter on a stick

7 01 2011

No I can spell, promise – the title of this post is a reference to the American way of pronouncing “router” – which I find myself using more and more as a result of listening to my Trainsignal and CBT Nuggets videos for ICND2 ūüėČ

Had a great experience experimenting with “router on a stick” using my home Cisco network – in this case, I used the 12 port Catalyst 2950 switch, and a 2811 router.

A few useful points to note for those studying for the CCNA / ICND2.

Originally I tried using a 2600 router with a standard¬†ethernet port – this won’t work with ROAS – you need at least Fast Ethernet (100MB).

Also need to ensure that the switch supports the encapsulation type that you specify on the router. This will be either ISL (Inter Switch Link, the Cisco proprietary protocol), or 802.1q (the industry standard), or both.

Finally, I did get stung by the Windows Firewall being turned on – RoaS was working fine but the firewall on one of the hosts was blocking pings – schoolboy error hehe.

Walking the Network – the Cisco Discovery Protocol (CDP)

11 09 2010

Thought I’d write about “walking the network”, using the Cisco Discovery Protocol. This is not exactly high-level Cisco stuff, but useful for those with little experience of using Cisco gear.

Walking the network is a useful way of verifying that network diagrams are up to date, and diagramming the network if no documentation exists.

CDP is a layer 2 protocol running by default on most Cisco gear. It can be disabled, because of potential security risks (I’ll expand on that later). It reports the directly connected Cisco devices. It shows which ports the devices are connected to, the IP addresses of the devices.

My methodology for walking the network is:

1. Connect to a Cisco device, using a rollover cable, or telnet / SSH if you have login details.

2. Use “show CDP neighbors” to show a concise list of Cisco devices connected, and which port they’re connected to. For the purposes of documenting the network, I normally sketch it out on paper first, then transfer to electronic format once I have all the information I need.

3. Once you have device and port information for connected devices, you could then use “show cdp neighbors detail“. This shows much more information about each connected device, including its’ IP address.

Now you can add the IP address information to the devices on your sketch.

4. Once you’ve gathered the information you need from the first device, connect to the first directly connected device via Telnet, using the IP address information gained from step 3. Repeat the “show cdp neighbors” and update your network sketch accordingly.

5. Repeat this for all devices until all devices are accounted for. Provided the CDP protocol is enabled on all devices, you’ll have an accurate diagram of the Cisco connections on your network.

Back to those security issues Рthis is a potential issue in two circumstances; firstly if an edge device has been compromised, and secondly if someone has already gained unauthorised access to an item of kit on your network internally. All kit should be physically secured, and logically secured with well protected passwords to prevent this.

However, in the circumstance that unauthorised access has been gained, a malicious user can use the exact techniques described above to walk the network and potentially gain access to other devices.