Monday 30 April 2012

Cisco Show Interface Explained

Hi every one, I hope every one if fine and enjoying good Health, for last couple of weeks a lot of people asked me if I can explain each and every line of output from Cisco one important command when we start troubleshooting any thing which is 




Show interface  Gi0/10

Output from the command above is explained each output one by one. 
 
GigabitEthernet0/10 is up,

Indicates whether the interface hardware is currently active and if it has been taken down by an administrator. "Disabled" indicates the router has received errors in a keep alive interval and some time you have port security setup you will see error disbaled

line protocol is up (connected)

This indicates whether the software processes that handle the line protocol believe the interface is usable (that is, whether keepalives are successful)

Hardware is Gigabit Ethernet, address is 0022.0d50.2d32 (bia 0022.0d50.2d32)

Hardware type and Ethernet address.

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

Maximum Transmission Unit of the interface.
Bandwidth of the interface in kilobits per second.
Delay of the interface in microseconds.

 reliability 255/255, txload 1/255, rxload 1/255

Reliability of the interface 255/255 is 100% reliability , calculated on average over 5 minutes.
Load on the interface 255/255 is completely saturated link it is also calculated on average over 5 minutes

Encapsulation ARPA, loopback not set
Encapsulation method assigned to interface.

Keepalive not set
Indicates whether keepalives are set or not.


Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
Duplex setting of the interface if the interface is full Duplex , in the example above I have media type of SFP fiber interface module


ARP type: ARPA, ARP Timeout 04:00:00
Type of Address Resolution Protocol assigned.


  Last input 00:00:00, output 00:00:03, output hang never

Number of hours, minutes, and seconds since the last packet was successfully received by an interface, it is Useful for knowing when an interface failed.

Number of hours, minutes, and seconds since the last packet was successfully transmitted by an interface

Number of hours, minutes, and seconds since the interface was last reset because of a transmission that took too long. 

When the number of hours in any of the "last" fields exceeds 24 hours, the number of days and hours is printed. If that field overflows, asterisks are printed.

Last clearing of "show interface" counters never

Time at which the counters that measure cumulative statistics like number of bytes transmitted and received 
     
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Number of packets in output and input queues. Each number is followed by a slash, the maximum size of the queue, and the number of packets dropped due to a full queue or saturation.

  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
5 minute input rate 14000 bits/sec, 15 packets/sec
5 minute output rate 4000 bits/sec, 4 packets/sec


Mentions Hardware Queue which is First in First out everytime  
Average number of bits and packets transmitted per second in the last 5 minutes.
you can even guess the transmit speed of the interface as well from the 5 minutes output , if you dont have acces to NMS


71618919 packets input, 21731123446 bytes, 0 no buffer

Total number of error-free packets received by the system 

Number of received packets discarded because there was no buffer space in the main system

Received 57218887 broadcasts (26378769 multicasts)
Total number of broadcast or multicast packets received by the interface.

0 runts, 0 giants, 0 throttles

This is quiet important this tells us Runts are the number of packets that are discarded because they are smaller than the medium's minimum packet size. i.e any Ethernet packet that is less than 64 bytes is considered a runt.

Number of packets that are discarded because they exceed the medium's maximum packet size. For example, any Ethernet packet that is greater than 1,518 bytes is considered a giant


0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

Cyclic redundancy checksum generated by the originating LAN station or far-end device does not match the checksum calculated from the data received. 

On a LAN, this usually indicates noise or transmission problems on the LAN interface or the LAN bus itself. A high number of CRCs is usually the result of collisions or a station transmitting bad data or Bad data cabling or any EMI.
Number of times the receiver hardware was unable to hand received data to a hardware buffer because the input rate exceeded the receiver's ability to handle the data.#

Number of received packets ignored by the interface because the interface hardware ran low on internal buffers. These buffers are different than the system buffers mentioned previously in the buffer description. Broadcast storms and bursts of noise can cause the ignored count to be increased.

0 watchdog, 26378769 multicast, 0 pause input
0 input packets with dribble condition detected

Dribble bit error indicates that a frame is slightly too long however router accepts this frame


9667499 packets output, 1711527019 bytes, 0 underruns

Number of times that the transmitter has been running faster than the router can handle. This may never be reported on some interfaces.

0 output errors, 0 collisions, 1 interface resets

Sum of all errors that prevented the final transmission of datagrams out of the interface being examined. 

Number of messages transmitted due to an Ethernet collision. This is usually the result of an overextended LAN 

A packet that collides is counted only once in output packets.

0 babbles, 0 late collision, 0 deferred

The transmit jabber timer expired.

Number of late collisions. Late collision happens when a collision occurs after transmitting the preamble.

Deferred indicates that the chip had to defer while ready to transmit a frame because the carrier was asserted.

0 lost carrier, 0 no carrier, 0 PAUSE output

Number of times the carrier was lost during transmission.
Number of times the carrier was not present during the transmission.



 0 output buffer failures, 0 output buffers swapped out

Number of failed buffers and number of buffers swapped out. 


Source :- Cisco.com

Posted by at 4 comments:
Labels: , , ,

Friday 27 April 2012

Router on Stick or Inter Vlan Routing

 



 Router-on-a-stick or (inter vlan routing) is used to describe a setup that consists of a router and switch connected using one Ethernet link configured as an 802.1q trunk link.

In this configuration, a switch is configured with multiple VLANs and trunk port from switch is connected to router or any Layer 3 device Fast Ethernet interface and that router performs all routing between
the different networks or VLANs or subnets.

we already know each vlan = to Subnets = Networks.

There are a lot of practical implementations but it has some drawbacks like all inter-vlan traffic will pass through only on Fast etherenet interface which may lead to congestion on the network.

In the example below we will see how to configure a Cisco router and
switch in order to create a trunk link between them and have the
router route packets between your VLANs



SW1# configure terminal
SW1(config)# interface vlan1
SW1(config-if)# description Accounts
SW1(config-if)# ip address 192.168.0.2 255.255.255.0
SW1(config-if)# exit
SW1(config)# interface vlan2
SW1(config-if)# description HR
SW1(config-if)# ip address 192.168.2.2 255.255.255.0


SW1# configure terminal
SW1(config)# interface Fa0/24
SW1(config-if)# description Trunk-to-Router
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk
R1# configure terminal
R1(config)# interface Fa0/1
R1(config-if)# no ip address
R1(config-if)# duplex auto
R1(config-if)# speed auto
R1(config-if)# interface fa0/1.1
R1(config-subif)# description Accounts
R1(config-subif)# encapsulation dot1q 1
R1(config-subif)# ip address 192.168.0.1 255.255.255.0

R1(config-subif)# interface Fa0/1.2
R1(config-subif)# description HR
R1(config-subif)# encapsulation dot1q 2
R1(config-subif)# ip address 192.168.2.1 255.255.255.0 
Encapsulation dot1q 2 command defines 802.1q encapsulation and sets
the subinterface to VLAN 2



Posted by at No comments:
Labels: , , , , ,

Wednesday 4 April 2012

ICND1 CRAMM SHEET

QUICK Reference (ICND 1)


Protocol :- Predefined set of rules to communicate


Network Applications
  • Email
  • Collaboration 
  • Messaging 
  • Web Browsing 
  • Databse applications
Speed = Data Rate 
Availability  = Likelihood network is avialable 
Scalability= How well network can scale 
Topology= Physical components  of network like cable, switches, router

  
Network Security (Type of Attacks)
 
Passive attack :- Sniffing aata like capturing password on the wire or wireless
Active attack :- Actively try to invade security , adding malicious code
Inside attack:- Attack from authorised users
Close in Attack :- Attack with in close physical proximity
Distribution:- Attack launched during distribution phase of any hardware of software. 

Network Security Process 

Security is  ever evolving process 
  1. Secure 
  2. Monitor 
  3. Test
  4. Improve 
 
Reconnaissance attack(Gathering Information like sniffing data , Ping Sweep)
Access Attack
  • Password Attack 
  • Trust Exploitation
  • Port Redirection
  • Man-in-the Middle
  • Buffer Overflow.
Application Layer Attack 
  •  Exploiting well known weekness in the software
  • Trojon programms that loggs the key. 
  • Password stealing
  •  Java or activeX codes that work maliciously
Managament / Monitoring Protocols
  • Telent (but information is sent in Plain txt) 
  • SSH (secure encrypted communication)
  • Secure Socket Layer (SSL)
  • Monitoring Protocols (SNMP, syslog, NTP, TFTP)
OSI Reference Model  
 
All People Seem To Need Data Processing
 
TCP UDP = Transport Layer 
Router, ICMP, IGMP, IP = Network Layer 
802.3 802.2 Framerelay, HDLC = Data Link Layer

Data  = Application Layer
Segment = Transport Layer
Packet = Network Layer
Frames = Data Link Layer
Bits = Physical Layer

TCP  = Connection Orieneted  (More overheads, Confrmation of delivery)
IP, UDP= Connection Less (best effort, no recovery of lost packet)

CLASS of IP Address 



CLASS A: 1.0.0.0 to 126.0.0.0
Class B: 128.0.0.0 to 191.255.0.0.
Class C: 192.0.0.0 to 223.255.255.0.
Class D: 224–239
Class E: 240 - 255


RFC 1918 Private IP Address Range

10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255 

IPV6 

16 Octet
128 Bits
A524:72D3:2C80:DD02:0029:EC7A:002B:EA73 
 
 
TCP Header 
URG: Urgent Pointer field significant
ACK: Acknowledgment field significant
PSH:  Push Function application need data to be pushed immediately
RST:  Reset the connection
SYN:  Synchronize sequence numbers
FIN:   No more data from sender 
 
PORTS
  • ü  0 to 1023 are well-known ports.
  • ü 1024 to 49151 are registered ports
  • ü 49152–65535 are unregistered
 TCP/IP Applications
FTP = TCP based File transfer (TCP 21 Port)
TFTP= UDP based used to transfer Cisco IOS or configuration  (UDP 69 Port)
Telnet= Terminal Emuletion Command line  (TCP 23)
SMTP= Email delivery (TCP 25)
SNMP= Network Manamgement Protocol.  (UDP 161)
DHCP= Assign IP address automatically
DNS= Name to IP resolution  (Both TCP, UDP 53)

TCP 3 Way HandShake 
 

LAN Traffic Types 

  • Unicast (one to one communication)
  • Broadcast (one to any Communication)
  • Multicast (from one to Subnet of users)
Address Translation 

Inside local address =IP address assigned to a host on the inside network

Inside global address= A public IP address assigned by the ISP that represents one or more inside local IP addresses to the outside world.

Outside global address = IP address assigned to a host on the outside network

Outside local address = IP address of an outside host as it appears to the inside

When a host on an Ethernet LAN has information to send, the following steps are taken:1. A device with a frame to send listens until Ethernet is not busy CSMA/CD.
2. When the Ethernet is not busy, the sender begins sending the frame.
3. The sender listens to make sure that no collision occurred.
4. Once the senders hear the collision, they each send a jamming signal, to ensure that all
stations recognize the collision.
5. After the jamming is complete, each sender randomizes a timer and waits that long.
6. When each timer expires, the process starts over with step 1.
 
 
MAC Address
  • Layer 2 address 
  • Hexa Decimal Formate 
  • 48 Bits = 24 bits of Vandor ID + 24 bits of Unique ID
 
 Wireless
 IEEE 802.11a: 54 Mbps in the 5.7 GHz ISM band
 IEEE 802.11b: 11 Mbps in the 2.4 GHz ISM band
 IEEE 802.11g: 54 Mbps in the 2.4 GHz ISM band
 IEEE 802.11n: 300 +Mbps in the 2.4 and  5GHz ISM band

Wireless Security

  • WEP (Basic Enryption , not good)
  • 802.1x EAP  (Use dynamic Keys, User authentication)
  • WPA WiFi Protected access
  • WPA2 (Most Strongest uses AES for Encryption)
Configuring Port Security on Switch

SwitchX(config)# interface fa0/5
SwitchX(config-if)# switchport mode access
SwitchX(config-if)# switchport port-security
SwitchX(config-if)# switchport port-security maximum 1
SwitchX(config-if)# switchport port-security mac-address sticky
SwitchX(config-if)# switchport port-security violation shutdown


Keypoints
  • Switches increases the number of collisions domains in the network
  • Switches are multiport bridges that allow you to create multiple broadcast domains 
  • Switches and bridges work on L2 
  • Primary functions of a router are: Packet Switching and Path Selection
  • A straight-through cable is used to connect two different devices
  • Layer 4 functions are error recovery and flow control
  • Transport layer provides reliable networking via acknowledgments, sequencing,
    and flow control.
  • HTTPS is the secured version of the HTTP application, which normally uses 128 bit SSL
    encryption to secure the information uses port 443
  • VOIP systems utilize UDP because it is faster and uses less overhead
  • Spanning-Tree Protocol (STP) is a Layer 2 protocol
  • STP is used to avoid switching loops 
  • CDP is a device discovery protocol that runs over Layer 2
  • Crossover cable is used to connect two of the same device types
  • 100BaseT  (UTP, STP) has a distance restriction of 100 meter or 328 Feet
  • IEEE 802.3z standard describes 1000BASE-SX (Gigabit Ethernet)
  • Switches forward broadcast but routers do not forward broadcasts (by default)
  •  RIPv2 carries subnet mask information allowing for VLSM
  • For point to point Link  /30 IP address is used.
  • Network Address Translation (NAT) can be used to hide the private IP addressing
  • NVRAM-Nonvolatile RAM stores the initial or startup configuration file.
  • 0x2102, is the normal config-register
Posted by at 6 comments:
Labels: , , ,
Subscribe to: Posts (Atom)