Thursday, May 28, 2009
BGP Foundation Lab Topology and .Net file ready...
I am working on BGP this week and I have added the Network diagram and Dynamips .Net file to my CCIE Foundation Labs page under "My Resources". Use these files to run through Narbik's BGP foundation Labs on Dynamips... Happy Labbing
When to use a Virtual Template???
I was working through my Frame Relay Labs, and did not have a good understanding of why/ or when we need to use Virtual Templates. I found this excerpt on Safari Books and I think it did a good job of explaining the technology/RFC.
RFC 1973 defines the standard for running the Point-to-Point Protocol (PPP) standard over a Frame Relay PVC. Normally you wouldn't want to do this, as the default Frame Relay encapsulation standards discussed in Recipe 10.1 are more than adequate for most situations. However, a PVC that is delivered via a Frame Relay circuit at one location may be converted to an ATM VC inside the carrier's cloud, and could ultimately arrive at another location as a DSL circuit delivered through an Ethernet interface. The only Layer 2 frame format that supports all of these standards is PPP. It is for these types of situations that RFC 1973 was developed.
One of the side benefits of using PPP encapsulation on a Frame Relay PVC like this is you can enforce an extra measure of security by requiring PPP CHAP authentication:
Router1(config)#username Router2 password cookbook
Router1(config)#interface Virtual-Template1
Router1(config-if)#ip unnumbered Loopback1
Router1(config-if)#encapsulation ppp
Router1(config-if)#ppp authentication chap
Naturally, the authentication method and password must match on the other router:
Router2(config)#username Router1 password cookbook
Router2(config)#interface Virtual-Template1
Router2(config-if)#ip unnumbered Loopback1
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap
When you do this, the Virtual-Access interfaces remain in a down state until the routers pass PPP authentication. Since the IP address information is not exchanged until the PPP session is established, it is not possible to use Inverse ARP to deduce a good IP address and insert a rogue router into the network. We note, however, that this type of attack is only possible if you don't control the physical security of the router at the remote site.
Finally, we note in passing that we always create a Loopback interface to carry the IP addresses for Virtual-Template interfaces. In this particular example, because we must use separate IP addressing on every PVC, this is not actually necessary. We could have assigned the IP address directly to the Virtual-Template interface. However, we do it this way because Virtual-Template interfaces are also used for other purposes such as dial backup and PPP over ATM. In some cases, you may want to have more than one type of Virtual-Template configuration, but with the same IP addressing. So because of these situations, it is a good general practice to put the IP address on a Loopback interface, as we have done here.
Excerpt taken from Cisco IOS Cookbook, 2nd Edition
RFC 1973 defines the standard for running the Point-to-Point Protocol (PPP) standard over a Frame Relay PVC. Normally you wouldn't want to do this, as the default Frame Relay encapsulation standards discussed in Recipe 10.1 are more than adequate for most situations. However, a PVC that is delivered via a Frame Relay circuit at one location may be converted to an ATM VC inside the carrier's cloud, and could ultimately arrive at another location as a DSL circuit delivered through an Ethernet interface. The only Layer 2 frame format that supports all of these standards is PPP. It is for these types of situations that RFC 1973 was developed.
One of the side benefits of using PPP encapsulation on a Frame Relay PVC like this is you can enforce an extra measure of security by requiring PPP CHAP authentication:
Router1(config)#username Router2 password cookbook
Router1(config)#interface Virtual-Template1
Router1(config-if)#ip unnumbered Loopback1
Router1(config-if)#encapsulation ppp
Router1(config-if)#ppp authentication chap
Naturally, the authentication method and password must match on the other router:
Router2(config)#username Router1 password cookbook
Router2(config)#interface Virtual-Template1
Router2(config-if)#ip unnumbered Loopback1
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap
When you do this, the Virtual-Access interfaces remain in a down state until the routers pass PPP authentication. Since the IP address information is not exchanged until the PPP session is established, it is not possible to use Inverse ARP to deduce a good IP address and insert a rogue router into the network. We note, however, that this type of attack is only possible if you don't control the physical security of the router at the remote site.
Finally, we note in passing that we always create a Loopback interface to carry the IP addresses for Virtual-Template interfaces. In this particular example, because we must use separate IP addressing on every PVC, this is not actually necessary. We could have assigned the IP address directly to the Virtual-Template interface. However, we do it this way because Virtual-Template interfaces are also used for other purposes such as dial backup and PPP over ATM. In some cases, you may want to have more than one type of Virtual-Template configuration, but with the same IP addressing. So because of these situations, it is a good general practice to put the IP address on a Loopback interface, as we have done here.
Excerpt taken from Cisco IOS Cookbook, 2nd Edition
Tuesday, May 26, 2009
Ch 3 & 4 Notes
I have decided not to add any notes for these test, because of the open book factor. I hope this does not inconvenience anyone. Hope everyone had a great weekend and see you all tomorrow...
Friday, May 22, 2009
ULTA-Frame Lab 1.0 Released
I am going ahead and releasing the ULTA-Frame Lab on "My Resources" site under "CCIE Foundation". This is my first run so give me your feedback. I will be posting my Dynamips .Net file as well as my configs soon... I am still working on Authentication (Virtuial-Templates) and some of the Keep alive stuff. They will be added in Version 1.1...
Ultimate Frame Relay Lab
I finished the connectivity portion of the ULTA-Frame Lab yesterday and will finish up the Authentication stuff this morning. I will have it on the site today. This lab has just about every possible Frame connection there is. This is all done with no routing protocols, just wait and see how this thing burns when we add OSPF in a few weeks. Next weeks lab will be BGP...
Thursday, May 21, 2009
!!!Switch Ferry!!!
Look what the Switch Ferry left me the other day…
I forgot to let everyone know; we were doing a Core Switch upgrade, from 6509’s to 6506’s and the contractors let me keep the old 6509’s…
Woot Woot… How great is that, oh yeah I also got a 3550 out of the deal too… The Switch Ferry Loves me
I forgot to let everyone know; we were doing a Core Switch upgrade, from 6509’s to 6506’s and the contractors let me keep the old 6509’s…
Woot Woot… How great is that, oh yeah I also got a 3550 out of the deal too… The Switch Ferry Loves me
CCNA 1 IP Addressing & Answers to Quiz 1...
The IP addressing notes and help sheets have been added to the "My Resources" Site...
Answers to Quiz 1:
#1:
246.170.85.2 Class E
#2
128.167.254.33 Class B
#3
10.6.250.109 Class A Private RFC 1918
#4
1010.11000100.11100010.1011 Class A Private RFC 1918
#5
10101100.1011.11100001.100001 Class B
#6
11000000.10101000.101101.1011 Class C Private RFC 1918
Answers to Quiz 1:
#1:
246.170.85.2 Class E
#2
128.167.254.33 Class B
#3
10.6.250.109 Class A Private RFC 1918
#4
1010.11000100.11100010.1011 Class A Private RFC 1918
#5
10101100.1011.11100001.100001 Class B
#6
11000000.10101000.101101.1011 Class C Private RFC 1918
Thursday, May 14, 2009
New CCNA 1 class starting soon...
My next CCNA class will start Monday May 18th @ 5pm... I keep all Labs posted @ Road to CCIE Labs...
Wednesday, May 13, 2009
Study Group??
Anyone looking for a CCIE study group in the Fort Worth area?? We have one that meets on Saturdays with a full CCIE lab rack just for us to work out Labs. If anyone is interested drop me a comment and we can setup a time to talk further...
Also Check out the DFW Cisco Users Group...
Also Check out the DFW Cisco Users Group...
Tuesday, May 12, 2009
Narbik's Frame Labs
I am going to run through Narbik's (a Great guy, check out one of his classes if you get the chance you will not regret it) Foundation Frame Relay Labs today and tomorrow. Thursday and Friday I will write my own and post them on the Lab site. I will be using Dynamips and the TCC CCIE Study Group rack to complete theses labs.
Keeping it real in Him...
Keeping it real in Him...
Working Hard
I have been working on Frame labs and getting my students finished up with CCNA 4. I received a nice surprising email from one of my students today. He told me how much help and knowledge I gave him, that helped him pass his CCNA. Sometimes it is nice to know you are actually making a difference. Just last week I though the same student was blowing me off, but boy was a wrong.
Check out the Labs Here
I will be teaching CCNA 1 & 2 this summer. A bit of a change from what I am use to, but I guess I need to get back to basics for a little bit. I hope I don't just run them over with stuff. More frame labs this week and I will be posting my CCNA practice Lab here for grins...
Check out the Labs Here
I will be teaching CCNA 1 & 2 this summer. A bit of a change from what I am use to, but I guess I need to get back to basics for a little bit. I hope I don't just run them over with stuff. More frame labs this week and I will be posting my CCNA practice Lab here for grins...
Subscribe to:
Posts (Atom)
Posts
