ࡱ > n o p q r s t u v w x y z { | } ~ 9 Z bjbj @ U l B B B B
k k k 8 k hl
R $ @r r " r r r d 4 Ѻ Ӻ Ӻ Ӻ Ӻ Ӻ Ӻ $ v f = O = = B B r r = B r r Ѻ = Ѻ & 9 ^! )` 4 ݤ r 4r 3
za k W ' y h ݤ " 0 R 5| ( [ ݤ
B B B B
CISCOSTEPS
Part 1 Foundations of Cisco Networking
Part 1a: Cisco Foundations
Part 1b: Workstation Foundations: Windows 2000/XP/ME
Part 1c: Networking Foundations
Part 2 Switching
Switch Maintenance
Basic STP
Basic VLAN
Using a 2950 switch
Using a 4000/5000 switch
Part 3 Command Review
Part 1:
Foundations of Cisco Networking
Here in this section I break it up into three big chunks. In the first part I wanted to give you a good overview of Cisco, Cisco certifications, testing and searching for stuff on Ciscos website. The next part I cover some foundational information about workstations that are particularly relevant to our labs here. I left the ones with Windows 98 because I figured there still would be some schools out there somewhere that may need them. I also did some of the stuff for Windows 2000 that should also be pretty close for ME and XP. Now here is the real deal: I put some labs in for Knoppix STD, a Linux-like free operating system (Security Tools Distribution). Long live open source! Do you want Ciscos operating system? I heard you could find it in China somewhere! Just kidding. The last section covers a whole bunch of networking topics that should bring you up to speed for the Cisco labs. It would really do you some good if you want to make a living doing this stuff to go out and take a couple of PC repair classes, a couple of Microsoft Networking classes, and a couple of Linux classes along with the CCNA.
Cisco Foundations
Workstation Foundations
Networking Foundations
1a. Cisco Foundations
Searching CISCO for CCNA Test information
Objective:
To learn how to find out the latest CCNA test information from the CISCO website.
Step-By-Step Instructions:
Open a browser window.
Navigate to HYPERLINK "http://www.cisco.com" www.cisco.com. You should see something like this (remember web pages are frequently updated so you may have to wing it a bitnever rely on the web to stay the same):
Feel free to take some time and just enjoy the scenery. There are actually some freebies you can sign up for like Packet magazine and some white papers. You just got to love the free stuff. Whats that? You are a bit confuseddont worry well hit all the important stuff as it pertains to this book.
Next, on the left hand side you should see a link under the Learning and Events link. After clicking on it then you should see:
Then (as shown in the above picture) click on the link for exam information. The page you should see next is:
Click on the link for Certification Exams. It will take you to the page for current exams and outlines (isnt that nice?). You should see:
Click on the link for the current CCNA exam (probably the one at the top) when this book went to print it was 640-801 and another window should open. You should see:
Again, scroll down a bit and you should see some available options (hyperlinks). Lets dissect the page a bitsome helpful links and information:
Practice simulation
very general topicsreally not too much help
The Preview Course Simulation Lab link will open another page. To learn more about the simulation tool, use the graphic tutorial links. You may want to spend some time going through the instructions. Figure out if short-cut keystrokes are allowed or not. Your actual CCNA exam may contain some of these simulations.
Also look at the description of exam topics. Yeah, I knowthey stink. It is kind of getting a recipe with no name and just some of the ingredients without any sort of instructions or amounts to use. Just make sure you feel comfortable with the subjects. The typical Cisco test over parts 1 through 3 will also require you to know parts 4, 5, and 6. Take that sentence for what you want. Use this to guide your studies as you progress through your CCNA training. Not every one of those topics is covered here in this book because this book was not designed to replace the Cisco curriculum, but to be used to enhance and supplement it.
So what have I learned here?
In this lab you have learned how to find the CCNA test objectives. Consider this sort of a table of contents for your studies, even though CISCO is extremely vague with their test information. It really doesnt help all that much. Remember that people are always updating their websites so you may have to do a little winging it. In any event, even though you are not ready for the CCNA test, you should keep those objectives in mind while studying and you should start spending more time at the Cisco website. Later, during your employment as a Cisco technician the more skilled you are at navigating their website, the more successful you should be as a technician.
Registering for Your CCNA Exam
Objective:
To learn how to register for the current CCNA test.
Question and Answers about the CCNA:
Where can I register? With any HYPERLINK "http://www.prometric.com/candidates/News.asp" prometrics center. You can also call 1-800-204-EXAM for more information. Or, you can also go to a VUE testing center.
How much does it cost? $125 per attempt for each test. (Dont flame me if it changesblame it on printed stuff)
What is a passing score? For CCNA 849 of 1000 is a passing score. There are about 45-55 questions to complete in 75 minutes. At least on the newer test questions are weighted. Some of those pick three of six questions give you partial credit for being close.
What is it like? The new test has simulations and drag and drop questions. It is Ciscos attempt at a practical exam for CCNA. Supposedly if you cannot work on the equipment then you should not be able to pass the test. This works well for you because you are learning by doing. The rest of the test is mostly multiple-choice questions. Some are command line entries, matching, and fill in the blanks. There are four sections: Planning and design, Implementation and operation, Troubleshooting, and Technology. I had heard from some of my students there are four or five troubleshooting simulations and a bunch of stuff on access control lists, frame relay, and subnetting. Believe it or not, even though OSPF is predominantly a CCNP-level topic, you need to know it very well for the CCNA. Get used to itfor anything in Cisco if you want to pass #4 you must first know 5 and 6. I know it makes absolutely no sense but what else should you think about from such a large conglomeration? Also, unlike other tests you are NOT allowed to mark a question to return to later. You get one look at a question. You will be given a computer workstation, a dry wipe marker, and a two-sided laminated card for notes AND NOTHING ELSE! You are not allowed any food, drinks, notes, NO CALCULATORS, etc. You will need two picture ID's.
What if I fail? Study a bit more, practice some more on the equipment and re-take it soon. If you miss by only one or two questions, then most people re-take the exam right then and there and usually pass. Don't feel bad. Most people need a time or two through the first one.
When should I take it? You should take it as soon as you finish Semester 4 while the information is still fresh in your mind. Don't wait too long. I had a bunch of students who took the tests at different times and we generally found that taking it on Wednesday morning tended to have the easiest pool of questions. I am really not sure why that seemed to be except that maybe they think people who cram all weekend take tests on Mondays and those who cram all week take tests on Fridays. Probably by the time this comes out it will change because we are on to their little secret. Anyways there is supposedly a pool of about 3,500 questions that are drawn from for the test and your test locks a portion of that database. They wouldnt dare do an adaptive test. Thats been tried before and failed. The way those tests worked is each question needed to be answered in so many secondsget it right and the computer assumed you knew that topic and it moved on to another one. But, get it wrong or take too long and get it right and it may have stumbled upon an area you did not know very well. So, it kept asking you questions about that topic until you barely passed or barely failed the test. Smarty-pants like me would find a question we absolutely knew front and back and just take 5 minutes to answer the question. Then we had effectively rigged the test for questions we knew very well. Neat huh? The best thing I can suggest for practicing is to purchase a Cisco test simulator. Yeah, sure I tried the ones from Boson, Transcender and the other companies but, strangely enough, the Cisco ones was closest to the real thing. Just be careful not to over-think any questions on the test. There is a big difference between what is in the textbooks and what you can do in the real world. If the book says you cannot use the first and last subnet (even though I know we can) then I would mimic that answer on the test. Thankfully, Cisco now will tell you if they are assuming the ip-subnet zero command is enable or not. This command will allow you to use the first and last subnet, but you will learn more about that later.
An Overview of CISCO Routers and Switches
Objectives:
To become familiar with CISCO networking categories which, in turn, will enable you to more easily find technical information about networking devices on the CISCO website:
http://www.cisco.com.
Background:
During the course of your studies you may encounter many different models of CISCO routers and switches. This lab is designed to give you a general overview of how CISCO routers and switches fit into their 3-layer hierarchical model which, will allow you to more easily find technical information about specific models. This lab will also give you an overview of some of the features of the 2500 and 2600 routers and 1900 and 2900 switches that you may encounter during your CCNA studies.
3-layer Hierarchical model
As you may recall from CISCO textbooks, CISCO strongly suggests using a 3-layer styled model for designing networks. The core of any network design should be implemented for high-speed switching. This layer just wants to move the information around as quickly as possible. The distribution layer helps to re-distribute those fast moving information packets, but may be slowed down by some decision-making from a router. Finally the access layer is where users connect to the network. This is considered to be the slowest layer because of the extensive decision-making that may be taking place here.
CORE
DISTRIBUTION
ACCESS
The core layer (high-speed switching) is where you would find the most redundancy between devices. The distribution layer is where you would find network policy implementations, some security, and routing between VLANs. The access layer is where you would find your users connected to the network, workgroups, servers, and some security. As you progress through your studies you will learn more about the functions of each layer and how they play an important role in network design.
More importantly to you right now if you wanted to find information about a CISCO 2500 router at CISCOs website you would almost need a miracle to find it unless you knew a 2500 router is classified as an Access router. Now, you could go to the CISCO website, access the technical document section, then select the access or modular access routers heading, and then select 2500s to get your information. This is much easier. I guess the old phrase easy when you know how really fits here. Table 1 shows a general overview of the CISCO routers and switches and which layer they are typically attributed.
CORE
6500 switches
8500 switches
7000 routers
10000 routers
12000 routers
DISTRIBUTION
4000 switches
5000 switches
6000 switches
3600 routers
4000 routers
ACCESS
700 routers
800 routers
1700 routers
2500 routers
2600 routers
1900 switches
2820 switches
2900 switches
Table 1CISCO routers and switches as they correlate to the 3-layer hierarchical design model.
The 2500 router seems to be the staple of many CCNA Academies worldwide. Too bad for them, because CISCO has recently declared these products to be End of Life and will not be supporting them, or doing software upgrades on them very shortly. There certainly will be a lot of schools scrambling to find money to replace them. Lets look at what some people call the front of a 2500 router in figures 1, 2, and 3. The 2500s are, for the most part, fixed units. There is very little we can do to change them. If we need three Ethernet ports, then we will have to add another router. At best we can have two Ethernet ports (using transceivers on the AUI ports).
Figure 1CISCO 2501 router front view.
Nothing fancy herepersonally I consider this to be the rear of the router since I do all of my work on the other side. So lets take a look at the CISCO-termed rear of the 2500 router.
(AUI port Serial Console Power Power
requires Ports Aux Switch Plug
transceiver)
Figure 2CISCO 2501 router rear view, dual serial, single AUX.
AUI ports Serial Console Power Power
(requires Ports Aux Switch Plug
transceivers)
Figure 3CISCO 2514 router rear view, dual serial, dual AUX.
The 2600s, on the other hand, are more modular in style. From figures 4 and 5 we can see some removable plates/covers. This is where a variety of modules can be inserted. The two smaller plates can have WAN Interface Cards (WICs) inserted. These are things like dual serial interfaces, ISDN modules and T-1 modules. The larger removable plate/cover is for, well, larger modules with many Ethernet, serial interfaces or even multiple ISDN interfaces. We are talking up to 24 or so lines. A far cry from those 2500s huh? Different routers can use different modules so check your documentation carefully.
Ethernet Console AUX Power Power
Port Port Switch Plug
Figure 4CISCO 2610 router rear view, single Ethernet, no serial.
Ethernet Ports Console Aux Power Power
Port Port Switch Plug
Figure 5CISCO 2611 router rear view, dual Ethernet, no serial.
10BaseT ports Uplinks
(1-24) (2)
Figure 6CISCO 1924 switch front view, 24-port switch (10Base T ports with 2 uplinks).
Power AUI Console
Plug port
Figure 7CISCO 1924 switch rear view, 24-port switch (10Base T ports with 2 uplinks)same on 2924.
Figure 8CISCO 2924 switch front view, 24-port switch (100 Base T portsall ports capable of being uplinks).
Figures 6 and 7 show the switches common to most students in these labs. These switches have 24-10BaseT ports and two ports at 100BaseT that serve as uplink/downlink ports. Heck, they are even called ports 26 and 27. Now there is a tasktry to figure out where port 25 is located! In figure 8 we see the 2924 switch common to CCNP labs. The only difference between the two is every port is 100BaseT and capable up uplink/downlink. That is why no extra ports 26 and 27 are out to the right side.
Supplemental Lab or Challenge Activity:
Go to HYPERLINK http://www.cisco.com www.cisco.com and look up:
Release Notes for CISCO 2500 Series Routers
Hardware Installation Notes for 2600 Series Routers
Catalyst 1900/2820 Enterprise Edition Software Configuration Guide
Catalyst 2900 User Guide
Print out the first page of each as evidence of completion for your instructor.
So What Have I Learned Here?
In this lab you have been introduced to the CISCO hierarchical model. We wont be doing too much with this here in the CCNA course but if you want to learn about the design stuff (CCDA) plan on seeing it in your sleep. We also have a lab on it again in Part 3. This is a nifty overview of the routers and switches that you may encounter during your CCNA studies.
Paper Lab: CISCO Three-Layer Hierarchical Model
Why do we need to do this? Simple, it will help with navigating Ciscos website. We dont go out looking for a 2620 router help; we first look for access routers then pick the 2620 from there. Crazy, I know, I know.
Match the function with the layer.
Provides workgroup and user access to the network. core
Provides policy-based connectivity. distribution
Provides optimal transport between sites. access
For the following please answer (1) for core-layer function, (2) for distribution-layer function, or (3) for access-layer function.
_____ Usually a LAN or group of LANs.
_____ Gives network services to multiple LANs within a WAN.
_____ Provides users with network access.
_____ Provides fast wide-area connections between geographically remote sites.
_____ Where ACLs are found.
_____ Where security policies are implemented.
_____ Used to tie together a number of campus networks in a WAN.
_____ Where servers are connected.
_____ Where the campus backbone is found.
_____ Usually point-to-point links.
_____ Broadcast/multicast domain definition.
_____ Where filters are found.
_____ T1/T3 lines are usually used here.
_____ Where servers that will be access by different workgroups would be placed.
_____ Used to connect together buildings on a single campus.
_____ Shared bandwidth.
_____ Provides boundary definition.
_____ Frame Relay lines are usually used here.
_____ Fast Ethernet is usually used here.
_____ Switched bandwidth.
_____ SMDS lines are usually used here.
_____ Provides a fast path between remote sites.
_____ MAC-layer filtering.
_____ Departmental or workgroup access to the next layer.
_____ Load Sharing, redundancy, and rapid convergence are essential.
_____ Microsegmentation.
_____ The layer where packet manipulation occurs.
_____ Address or area aggregation.
_____ Connects LANs into WANs.
_____ Efficient use of bandwidth is a key concern here.
_____ VLAN routing.
_____ Where any media transitions occur.
_____ Isolation of broadcast traffic.
Match the CISCO networking device with its associated layer. Use a (1) for core-layer device, (2) for a distribution-layer device, or a (3) for an access-layer device.
Routers: Layer: Features:
700 _____ _______________________________________________
800 _____ _______________________________________________
1600 _____ _______________________________________________
1720 _____ _______________________________________________
2500 _____ _______________________________________________
2600 _____ _______________________________________________
3600 _____ _______________________________________________
4000 _____ _______________________________________________
7000 _____ _______________________________________________
Switches:
1548 _____ _______________________________________________
1900 _____ _______________________________________________
2900 _____ _______________________________________________
4000 _____ _______________________________________________
5000 _____ _______________________________________________
6000 _____ _______________________________________________
8000 _____ _______________________________________________
There are some rumblings and grumblings about a fourth layer called the edge but I really dont see much difference at the CCNA-level. Just know it exists and it will be changing this a bit in a later version.
Paper Lab: ICONS for Computer Diagrams
Objective:
To learn about ICONS used in CISCO drawings and for what each represents.
Tools and Materials:
None.
Step-By-Step Instructions:
Lets just go through all of them one by one:
RouterLayer 3 device. Models include 2500 and 2600 series for access layer.
Communication ServerThis provide access to networking devices over a LAN or WAN using Serial Line Internet Protocol (SLIP). You wont probably use this too much since other technologies are getting cheaper and easier to use.
GatewayDevice that acts as a gateway to the network or Internet.
BridgeOld school layer 2 device not used too much anymore.
Workgroup switchLayer 2 device that you will use plenty. A CCIE-guy told me one good future in networking is in switching (the other is in security).
100BaseT hubNot used too much anymore since switches cost about the same.
10BaseT HubNot used too much anymore since switches cost about the same.
CISCO CAT5000/5500Older switching technology that uses set based commands. Newer 4000s and 6500s replace these.
Router switch processor (RSP)The brain of a switch router that handles routing functions on a switch.
Putting those two togetherCISCO Big-Cats 4000/5000 with route switch processors (RSP).
ATM switchNot harda switch for ATM networks.
ISDN switchditto for ISDN networks.
TAG router switchuses TAGs to forward packets. Does routing functions too.
Broadband routerRouter for broadband connections.
CISCO Net RangerCISCO security device.
ATM RouterRouter for ATM. 8500 series routers.
CISCO 7505 Routerdistribution/core layer router.
CISCO 7507 Routerdistribution/core layer router.
CISCO 7500 (7513) Routerdistribution/core layer router.
ATM TAG switch/routerhigher level switch routing. Typically 7000 series related.
MAIN Frameohthats the old school stuff.
IBM A/S 400ditto, although these are still found in accounting departments.
CSU/DSU CSU/DSUChannel Service Unit/Data Service Unitfrom the WAN cloud into this and then into your router. A TSU is a CSU/DSU for a T-line.
PIX FirewallSecurity device. Only works with IP. All other protocols must be tunneled through itso whats the point of having it?
Small PBXmini telephone company service that goes in your company. If you dial a 9 to get an outside line, then you have a PBX-type system.
The CloudThis is where all WAN starts and ends. We use this in many instancesto represent the Internet, a frame relay cloud, an ISDN cloud, a POTS cloud, etc.
PC/WorkstationI really should not have to explain this one.
Dumb terminalLike a regular PC, but no hard disk. It was mainly used to connect to mainframe who did the storage and processing for them. Yeah, they are still used. One of the newspapers here in town uses them with a mainframe.
PrinterI really should not have to explain this one either. So there.
Laptopditto.
File serverUsed on networks to hold files and share processing requests from workstations. Some here, some on the PC. Its called client-server networking.
SupercomputerSee Nasa, Berkely, MIT, etc. Kind of like the W.O.P.R. in Wargames.
Web clusterA special cloud indicating several web devices are contained within the cloud.
Web serverHolds the Internet pages of a company. Microsoft IIS and Apache are common software packages on these.
RepeaterLayer 1 device that performs no intelligent processing, only cleaning up, amplifying, and re-timing the signals. Not used too much anymore.
Token RingICON to represent a layer 2 token ring topology. Not used too much anymore.
FDDIIcon to represent a layer 2 FDDI topology. Similar to token ring stuff.
EthernetIcon to represent a layer 1 or 2 Ethernet cable.
SerialIcon to represent a layer 1 or 2 cable. V.35 and V.24 are common examples.
Circuit Switched Serialditto.
ModemModulator/Demodulator. Translates analog into digital signals.
PhoneI should not have to explain this.
PC CameraItty bitty camera for your computer.
PolyComm phoneSpeaker phone commonly used for conference calls.
FirewallNetwork Address Translation device. Great when they work properly. There is a big future in computer securityespecially if you can get these things to work right. A Cisco PIX firewall is an examplethe symbol for a PIX firewall and this little brick wall are sometimes used interchangeably.
Router with firewallJust what it sounds likea router with the addition of firewall commands.
SatelliteIf you have the bucks you can set up a network with thissometimes you have no choicethink about a cruise ship company and how they communicate. HYPERLINK "http://img.cmpnet.com/nc/1121/graphics/1121ancenterfold.pdf?ls=NCJS_1121rt" http://img.cmpnet.com/nc/1121/graphics/1121ancenterfold.pdf?ls=NCJS_1121rt
Satellite dishused with satellites.
CISCO Call managerWorks with Voice over IP equipment. Starting to be a hot item for resumes and career development.
IP telephoneyes you really can read your email over this phonegets its own IP address and everything.
You will see some of these used in the drawings in this book. I put the other ones in here because I see them being used in articles and books about networking.
More Icons on the web! (amazingly they didnt change since the first print!)
HYPERLINK "http://www.cisco.com/warp/public/784/packet/icons/" http://www.cisco.com/warp/public/784/packet/icons/
HYPERLINK "http://www.cisco.com/warp/public/503/2.html" http://www.cisco.com/warp/public/503/2.html
So what have I learned here?
You have been given a brief introduction to icons used in network drawings. Lets test your knowledge here. Without looking back at the pages can you identify what these icons represent?
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
1b. Workstation Foundations: Windows 2000/XP/ME
DOS Lab 2K
Objective:
This lab is designed to become familiar with basic DOS commands and utilities on Windows Operating Systems version 2000.
Tools and Materials:
(1) Computer with Windows 2000
paper and pencil
Background:
In this lab you will learn about DOSno, DOS is not dead! Being able to master simple DOS commands and utilities will enhance your networking skills considerably, especially in troubleshooting network problems. You may even wish to purchase a DOS tutorial at some point in your networking career. Many operating systems (windows-based too) use DOS commands for updates, patches, and maintenance. I know the Novell system frequently makes use of changing file attributes before applying new patches to the operating system. These are done with DOS-like commands. UNIX/LINUX is heavily DOS-command style oriented. If you want to get into computer security then you will have to live, eat, and breath DOS and UNIX/LINUX (or as you will find I like to use Knoppix).
Step-By-Step Instructions:
Opening DOS. Open the MS-DOS prompt into a full-window. If you are not sure, then follow these steps.
Click on the start button on your task bar.
Click on programs.
Search for and click on MS-DOS prompt (see figure 1). A black screen or a window with a black screen should appear.
Figure 1Starting MS-DOS from the task bar.
Or, if you want to be a show-off then click on Start then Run. The pop-up window should see something like figure 2 (without the Windows menu on the side).
Figure 2Starting the run utility.
Type in cmd (without quote marks) and the black screen DOS window should appear (see figure 3).
Figure 3The MS-DOS prompt window.
If you really have some time to kill then go to Start then Programs then (but dont click on it) MS-DOS Prompt. Once you are there right-click on it and select properties. You should see a window like figure 4.
Figure 4MS-DOS properties.
Oknow you can really start showing offclick on the options tab. You will see something like figure 5.
Figure 5MS-DOS prompt miscellaneous settings.
Here you can change which shortcut keys are allowed, sensitivity, etc. There are some neat settings under the screen tab also. Lots of things to play with and lots of things to do with DOS. Try changing background colors, fonts, etc. Aha! Your first script kiddie assignmenthearing the Oooos and Aaaaahhs when your DOS prompt comes up with different colors. Yeah, it only takes a little to impress.
DOS prompt and directory file structure. The DOS prompt and DOS system can be thought of similar to a filing cabinet. If you have three drives (C, D, and E) then each one can be thought of as separate filing cabinets C, D, and E. Each of those cabinets are then called the root directory of each cabinet. Each root directory can contain many different directories. These directories can be thought of as drawers in the cabinets. From there each directory can contain many different sub-directories similar to folders. Each sub-directory can contain other subdirectories and so onat any point (root, directory, sub-directory, etc) can contain computer files (thought of similar to documentsthey can be placed in a folder, drawer, etc). So lets take a peak and put this all into perspective
C:\ Root prompt
C:\Windows directory called windows of root C
C:\Windows\System sub-directory called system in directory windows of root C
Lets look at an example of navigation with Windows 2000 DOS. Using the directory tree structure shown on the next page (figure 6) we could write down the paths for certain files. For example the complete path to the album.zip file would become:
C:\ Documents and Settings\Basham.Matt.admin\MY_Documents\My_Pictures\album.zip
See if you can give the complete path for the following files (This is not what your computer will look likejust a make-believe one for this exercise):
lulu.url ___________________________________________________________
letter.doc__________________________________________________________
disk cleanup.lnk ____________________________________________________
Favorites __________________________________________________________
Accessories _____________________________________________________
C:\ Documents and Settings\Basham.Matt.admin\
|__Favorites\
| |__ 2600.url
| |__ cisco.url
| |__ lulu.url
|
|___MY_Documents\
| |___My Pictures\
| | |___picnic.gif
| | |___Christmas.gif
| | |___album.zip
| |___My Files\
| | |___addresses.doc
| | |___letter.doc
| | |___resume.doc
| |___My Webs\
|
|___\Start Menu\
| |__ Programs\
| |___Accessories\
| | |___Communications\
| | |__Hyperterminal
| |__ System Tools\
| |__disk cleanup.lnk
Figure 6Hypothetical directory tree.
Make a map of the structure of the C:\ drive on your computer. Be sure to include all sub-directories and folders if you have time. (This is probably gonna take a while)
Navigation. The next thing to learn is navigating and finding files in DOS. We have several commands and techniques for doing this. Sometimes this is called navigating the tree or walking up and down the tree. The first command you will learn allows you to change directories. You do this by typing CD at any prompt and the root/directory/ subdirectory you wish to change to. For example, when we first open our DOS window we see the prompt: C:\ Documents and Settings\Basham.Matt.admin\> If we wanted to navigate to the My Documents file directory (C:\Documents and Settings \Basham.Matt.admin\windows\my documents) we could switch to it in one of several ways(1) type CD C: \Documents and Settings\Basham.Matt.admin\mydocuments or (2) type CD My Documents (capitalization is not importantthis is also known as case sensistivity) this will change you from the directory C:\Documents and Settings \Basham.Matt.admin\ prompt to the C: Documents and Settings\Basham.Matt.admin\ My Documents prompt. Please note that you can use the dot-dot to go back one level with the CD command. To get back to the C;\ Documents and Settings \Basham.Matt.admin\ prompt just type CD.. .
So using figure 6 as a guide what would you type at the following prompts (dont actually do ityour computer file structure will be way different)?
From c:\ Documents and Settings\Basham.Matt.admin\ to get to the root prompt
__________________________________________________________________
From letter.doc back up two levels ____________________________________
Finding Files in DOS. Sometimes we do not always know or cannot remember the exact file name. For those times we can use a wildcard character. Say for example we knew it was an autoexec file but couldnt remember the extension. We can just do a directory for all files named autoexec by typing dir autoexec.* The asterisk will replace any one or any number of characters as in dir *utoexec.* If files named butoexec.com, cutoexec.zip, and futoexec.wiz existed on the directory being searched, then they all would be listed. As Emeril says, lets kick it up a notch! If we wanted to see all files in a directory then we would type dir *.* but, be careful, too many files might whiz byin that case we could append /p to the end of the command to only list one page at a timethen we would have to hit any key to see the next page(s) one at a time dir *.* /p Getting tired of too many pages? Just press control+C to cancel the action. You can get a widescreen view using the /w optiondir *.* /w or combine them: dir *.* /w /p or, in Windows 2000 you can simply just scroll up or down.
Getting help. To find out any subcommand or options available with a command just append /? to the command. For example, if we wanted to find out the subcommands available with ping type ping /? and read away!
What do these commands do? (Hint: some will not have anything listed for help)
Internal commands: Built into the operating system file (command.com) and loaded into memory whenever your computer is turned on.
break ______________________________________________________
call ______________________________________________________
cd ______________________________________________________
chcp ______________________________________________________
cls ______________________________________________________
copy ______________________________________________________
ctty ______________________________________________________
date ______________________________________________________
del ______________________________________________________
echo ______________________________________________________
exit ______________________________________________________
for ______________________________________________________
goto ______________________________________________________
if ______________________________________________________
mkdir ______________________________________________________
path ______________________________________________________
pause ______________________________________________________
prompt ______________________________________________________
rem ______________________________________________________
ren ______________________________________________________
rmdir ______________________________________________________
set ______________________________________________________
shift ______________________________________________________
time ______________________________________________________
type ______________________________________________________
ver ______________________________________________________
verify ______________________________________________________
vol ______________________________________________________
External commands: files with *.com or *.exe extensions. These are not built into the operating system and can vary between operating system versions.
attrib ______________________________________________________
chkdsk ______________________________________________________
cluster ______________________________________________________
command ______________________________________________________
debug ______________________________________________________
diskcopy ______________________________________________________
fc ______________________________________________________
find ______________________________________________________
finger ______________________________________________________
format ______________________________________________________
label ______________________________________________________
mode ______________________________________________________
more ______________________________________________________
nlsfunc ______________________________________________________
setver ______________________________________________________
sort ______________________________________________________
subst ______________________________________________________
xcopy ______________________________________________________
Make some files. Open up your notepad and create some files in the c:\temp folder:
File name Contents
Dave.txt This is Daves text fileso keep out!
Matt.txt This is Matts text fileso keep out!
Scott.txt This is Scotts text fileso keep out!
Tim.txt This is Tims text fileso keep out!
RENAME. One of those tools you might require when loading patches or something is the ability to rename a file. Its usually a good idea to make a back up of a file before doing something drastically with it. For example if we had an executable called matt.exe that we were going to upgrade we should copy it to another directory and make a backup of it first. See script 2.
Copy c:\windows\matt.exe c:\temp
Ren c:\temp\matt.exe c:\temp\matt.bak
Script 2Copying and renaming a file to make a backup.
On the second line we see our rename command. First we indicate the rename, the file to be renamed, and then what the new file name will be.
DOS utilities. Lets find out about some really neat dos utilities on your computer. Try each file and getting help for each file. These are some from the same sub-directory as my command.com file. Most of these can be found in C:\WINNT\SYSTEM32. The ones in bold will be used a lot in up-coming labs.
ACCWIZ.EXE _______________________________________________
ARP.EXE _______________________________________________
ATMADM.EXE _______________________________________________
CALCS.EXE _______________________________________________
CALC.EXE _______________________________________________
CDPLAYER.EXE _______________________________________________
CLIPBRD.EXE _______________________________________________
CLSPACK.EXE _______________________________________________
CLEANMGR.EXE _______________________________________________
CLICONFG.EXE _______________________________________________
COMP.EXE _______________________________________________
CONTROL.EXE _______________________________________________
DDESHARE.EXE _______________________________________________
DOSX.EXE _______________________________________________
DOSSKEY.EXE _______________________________________________
DRWTSN32.EXE _______________________________________________
EVENTVWR.EXE _______________________________________________
EDIT.EXE _______________________________________________
EXPLORER.EXE _______________________________________________
FAXCOVER.EXE _______________________________________________
FAXSEND.EXE _______________________________________________
FREECELL.EXE _______________________________________________
FTP.EXE _______________________________________________
GPRESULT.EXE _______________________________________________
HOSTNAME.EXE _______________________________________________
IESHWIZ.EXE _______________________________________________
IEXPRESS.EXE _______________________________________________
IMMC.EXE _______________________________________________
IPCONFIG.EXE _______________________________________________
IPSECMON.EXE _______________________________________________
IRFTP.EXE _______________________________________________
JVIEW.EXE _______________________________________________
LPR.EXE _______________________________________________
MAGNIFY.EXE _______________________________________________
MEM.EXE _______________________________________________
MOBSYNC.EXE _______________________________________________
MPLAY32.EXE _______________________________________________
MSPAINT.EXE _______________________________________________
NARRATOR.EXE _______________________________________________
NBTSTAT.EXE _______________________________________________ NET.EXE _______________________________________________
NETSH.EXE _______________________________________________
NETSTAT.EXE _______________________________________________
NOTEPAD.EXE _______________________________________________
NSLOOKUP.EXE _______________________________________________
NTBACKUP.EXE _______________________________________________
NTDSUTIL.EXE _______________________________________________
ODBCAD32.EXE _______________________________________________
OSK.EXE _______________________________________________
PACKAGER.EXE _______________________________________________
PATHPING.EXE _______________________________________________
PING.EXE _______________________________________________
PERFMON.EXE _______________________________________________
PROGMAN.EXE _______________________________________________
RASADMIN.EXE _______________________________________________
RCP.EXE _______________________________________________
REGEDIT32.EXE _______________________________________________
ROUTE.EXE _______________________________________________
RUNAS.EXE _______________________________________________
SECEDIT.EXE _______________________________________________
SETVER.EXE _______________________________________________
SHRPUBW.EXE _______________________________________________
SIGVERIF.EXE _______________________________________________
SNDREC32.EXE _______________________________________________
SNDVOL32.EXE _______________________________________________
SOL.EXE _______________________________________________
SYSEDIT.EXE _______________________________________________
SYSKEY.EXE _______________________________________________
TASKMGR.EXE _______________________________________________
TELNET.EXE _______________________________________________
TFTP.EXE _______________________________________________
THEMES.EXE _______________________________________________
TLNTADMN.EXE _______________________________________________
TRACERT.EXE _______________________________________________
USERINIT.EXE _______________________________________________
UPWIZUN.EXE _______________________________________________
VERIFIER.EXE _______________________________________________
WELCOME.EXE _______________________________________________
WINCHAT.EXE _______________________________________________
WINREP.EXE _______________________________________________
WINHELP.EXE _______________________________________________
WINHLP32.EXE _______________________________________________
WINMINE.EXE _______________________________________________
WINMSD.EXE _______________________________________________
WINVER.EXE _______________________________________________
WJVIEW.EXE _______________________________________________
WRITE.EXE _______________________________________________
WSCRIPT.EXE _______________________________________________
WUPDMGR.EXE _______________________________________________
Lets look at those in bold a little closertype the command and /? or ? to find out the available options for the command.
ARP.EXE _______________________________________________
_______________________________________________
_______________________________________________
FTP.EXE _________________________________________
_______________________________________________
_______________________________________________
GPRESULT.EXE ____________________________________
_______________________________________________
_______________________________________________
HOSTNAME.EXE _____________________________________
_______________________________________________
_______________________________________________
IPCONFIG.EXE _____________________________________
_______________________________________________
_______________________________________________
NBTSTAT.EXE _____________________________________
_______________________________________________
_______________________________________________
NET.EXE _________________________________________
_______________________________________________
_______________________________________________
NETSTAT.EXE ______________________________________
_______________________________________________
_______________________________________________
NSLOOKUP _______________________________________________
_______________________________________________
_______________________________________________
PATHPING.EXE _______________________________________________
___________________________________
_______________________________________________
PING.EXE ___________________________________________
________________________________________
_______________________________________________
PERFMON.EXE _____________________________________
_______________________________________________
_______________________________________________
ROUTE.EXE _____________________________________
_______________________________________________
____________________________________________
TELNET.EXE __________________________________
_______________________________________________
_______________________________________________
TFTP.EXE ________________________________________
TRACERT.EXE _______________________________________________
_______________________________________________
_______________________________________________
DOSKEY. One very nice command for use with DOS is the DOSKEY command. If you enable this during a DOS session you will be able to use the up and down arrows to recall any previously typed commands. This is very nice when you are trying to ping different computers on the same network. Try it, youll like it! (Hint: you can also use F3). This is turned on by default in Windows 2000.
EDIT. The DOS editor is used to match basic DOS files like batch files. Here you can read the contents of some files. Go through and select all options from each pull-down menu to see what they dodont forget to read the help too! Save this file as rename.txt in a notepad or word document.
ECHO
ECHO Lets start those little buggers up!
ECHO
copy c:\temp\dave.txt c:\temp\dave.bak
copy c:\temp\matt.txt c:\temp\matt.bak
copy c:\temp\scott.txt c:\temp\scott.bak
copy c:\temp\tim.txt c:\temp\tim.bak
ECHO ALL DONE!
Now copy that file and go into your DOS window. All you have to do to copy that into the DOS window is right click with your mouse. You will see something like this:
C:\Temp>ECHO
ECHO is on.
C:\Temp>ECHO Let's start those little buggers up!
Let's start those little buggers up!
C:\Temp>ECHO
ECHO is on.
C:\Temp>copy c:\temp\dave.txt c:\temp\dave.bak
1 file(s) copied.
C:\Temp>copy c:\temp\matt.txt c:\temp\matt.bak
1 file(s) copied.
C:\Temp>copy c:\temp\scott.txt c:\temp\scott.bak
1 file(s) copied.
C:\Temp>copy c:\temp\tim.txt c:\temp\tim.bak
The system cannot find the file specified.
C:\Temp>ECHO ALL DONE!
ALL DONE!
C:\Temp>
So now go back and look at your temp directory and see if they were created:
C:\Temp>dir
Volume in drive C has no label.
Volume Serial Number is 1C6D-B558
Directory of C:\Temp
07/13/2004 11:45a
.
07/13/2004 11:45a ..
07/13/2004 11:44a 27 dave.bak
07/13/2004 11:44a 27 dave.txt
07/13/2004 11:44a 27 matt.bak
07/13/2004 11:44a 27 matt.txt
07/13/2004 11:44a 28 scott.bak
07/13/2004 11:44a 28 scott.txt
6 File(s) 164 bytes
2 Dir(s) 69,598,878,720 bytes free
C:\Temp>
See if you can make a script to rename those and/or to delete those back up files now.
Ok, every now and then you may have to change the attributes of a file. Lets start by looking at the attributes of those three txt files.
C:\Temp>attrib
A C:\Temp\dave.txt
A C:\Temp\matt.txt
A C:\Temp\scott.txt
C:\Temp>
What exactly does that mean? Well silly us we can find out with attrib /?
C:\Temp>attrib /?
Displays or changes file attributes.
ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [[drive:] [path] filename]
[/S [/D]]
+ Sets an attribute.
- Clears an attribute.
R Read-only file attribute.
A Archive file attribute.
S System file attribute.
H Hidden file attribute.
/S Processes matching files in the current folder
and all subfolders.
/D Processes folders as well.
Sometimes we need to make some changes. Lets say for example we do not want anyone to see the scott.txt file. So, lets change its attribute to hidden:
C:\Temp>attrib +h scott.txt
Now, lets go ahead and see the contents, or supposed contents, of our directory:
C:\Temp>dir
07/13/2004 11:45a .
07/13/2004 11:45a ..
07/13/2004 11:44a 27 dave.txt
07/13/2004 11:44a 27 matt.txt
2 File(s) 54 bytes
2 Dir(s) 69,597,230,592 bytes free
BUT! When we do a search for attributes on a directory we can see the hidden file:
C:\Temp>attrib
A C:\Temp\dave.txt
A C:\Temp\matt.txt
A H C:\Temp\scott.txt
C:\Temp>
Aha! Looks like good computer security stuff too! I will cover that in another book.
Supplemental Lab or Challenge Activity:
Go out to the web and find out what 8.3 means in regards to DOS (especially file names).
Write a batch file to install a \temp folder on the root drive of a computer and make it a hidden folder.
So What Have I Learned Here?
In this lab you have learned the basics of DOS. I find that many students do not have the experience with DOS that I had as I was brought up through the Commodore 64s, IBMs, 386s, 486s, etc. To me it is old-hatto many newcomers though it is totally foreign. You will be using some DOS while you are working on many of the labs in this book so I thought it best to put it right up front. Keep referring back to this lab as often as you need to. Later in this section I have put another lab on intermediate DOS. Here you will learn about some DOS troubleshooting tools that you will probably use quite frequently. DOS is not dead. If you continue your studies you may even end up purchasing my computer security fundamentals book called the Script Kiddie Cookbook. In that book one of the labs is about stopping pop-up ads. Sometimes you need to use DOS to help determine how to best stop them.
Windows 2000 Utilities Lab
Objective:
To become better aware of utilities included with Windows 2000 Operating systems.
Tools and Materials:+-
(1) computer with Win 2000
paper and pencil
Background:
In this lab you will learn the answer to Why didnt anyone tell me these programs were here? Well, quite simply, you have no one to blame but yourself. No one gives you anything for free (except for me), you have to go out and get it for yourself. As such, this lab is designed to help you explore little-publicized Windows utilities, some of which are pretty nifty. If you are not familiar with basic DOS commands you should do the DOS commands lab first. As a network administrator you will need to know basic DOS commands including: searching for files, wild-card characters, changing directories, and manipulating file names with DOS.
Step-By-Step Instructions:
1. Open the MS-DOS prompt into a full window.
2. Enable DOSKEY.
3. Start hunting for any executable, command, and batch files from the following prompts: root, windows subdirectory and windows/system subdirectory. Write down all files on your paper.
4. Go back and execute each file one at a time noting what happens. Some will do absolutely nothing noticeable. Be sure to check for any available subcommands and options using the DOS help feature.
5. Pare the list down to just the interesting programs.
Supplemental Lab or Challenge Activity:
6. Which programs did you find that may be useful to you as a network administrator?
7. If you had two different computers, one with 2000 and one with XP, what are the differences between the available programs?
8. Try a Windows ME or XP using the same techniques.
Make a chart comparing the evolution of programs in each operating system over time.
What has changed for the better, stayed the same, or changed for the worse?
So What Have I Learned Here?
This is actually almost a repeat of the DOS labI just wanted to make sure everyone realized the difference in the two and that no one skipped over either of these labs.
Cool Windows 2000/XP/ME Utilities
File nameDescriptionDynamic DHCP Lab
Objective:
To learn about DHCP and how it works with a workstation.
Materials and Tools:
(1) Workstation on network with DHCP server
Background:
Most workstations connected to networks use a DHCP server from which to obtain their IP address automatically. As you found out in the multiple hub networks using static addresses can cause problems very quickly. In this lab you will learn how to release and renew the IP address and mask from your workstation using DOS commands and windows utilities. Later, you will learn how to set up your router to be a dhcp server.
Step-By-Step Instructions:
Open up a DOS window.
Then type ipconfig to see your IP settings using DOS. From DOS you should see something like this:
C:\Documents and Settings\basham.matt.ADMIN>ipconfig
Windows 2000 IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : spcollege.edu
IP Address. . . . . . . . . . . . : 192.168.151.60
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.151.1
C:\Documents and Settings\basham.matt.ADMIN>
Its always a good idea to get a snapshot of the settings before we start changing them in case we need to put them back in later. Do not rely on your memory, write them down or print them out! Before we start changing these settings from DOS lets explore the options available with the ipconfig command. I have highlighted the commands we are more likely to use as networking administrators. On the next page I took a quick snapshot and look at my options with ipconfig as well.
C:\Documents and Settings\basham.matt.ADMIN>ipconfig /?
Windows 2000 IP Configuration
USAGE:
ipconfig [/? | /all | /release [adapter] | /renew [adapter]
| /flushdns | /registerdns
| /showclassid adapter
| /setclassid adapter [classidtoset] ]
adapter Full name or pattern with '*' and '?' to 'match',
* matches any character, ? matches one character.
Options
/? Display this help message.
/all Display full configuration information.
/release Release the IP address for the specified adapter.
/renew Renew the IP address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For SetClassID, if no class id is specified, then the classid is removed.
Examples:
> ipconfig ... Show information.
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapaters
> ipconfig /renew EL* ... renew adapters named EL....
> ipconfig /release *ELINK?21* ... release all matching adapters,
eg. ELINK-21, myELELINKi21adapter.
C:\Documents and Settings\basham.matt.ADMIN>
From DOS we can now type ipconfig /release_all to let go of our IP address. After doing that you should see:
C:\Documents and Settings\basham.matt.ADMIN>ipconfig /release
Windows 2000 IP Configuration
IP address successfully released for adapter "Local Area Connection"
C:\Documents and Settings\basham.matt.ADMIN>
Then we can use ipconfig /renew_all or ipconfig /renew to get a new one from the DHCP server. You should see:
C:\Documents and Settings\basham.matt.ADMIN>ipconfig /renew
Windows 2000 IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : spcollege.edu
IP Address. . . . . . . . . . . . : 192.168.151.60
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.151.1
C:\Documents and Settings\basham.matt.ADMIN>
5. Notice how our address may differ slightly. When we give up our IP address it usually will go to one of the next devices requesting an IPsometimes we get the same one back and sometimes we do not. Sometimes we encounter an error like this (and then do an ipconfig):
C:\Documents and Settings\basham.matt.ADMIN>ipconfig /renew
Windows 2000 IP Configuration
The following error occurred when renewing adapter Local Area Connnection: DHCP Server unreachable
C:\Documents and Settings\basham.matt.ADMIN>ipconfig
Windows 2000 IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 169.254.55.102
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Notice how our IP address is within the 169 network. Does this mean it worked? Not at all. Microsoft uses the 169 address as a place holder in case something goes wrong with DHCP.
So What Have I Learned Here?
You have learned how to release and renew the DHCP address from a workstation using DOS. In later labs you will work more with DHCP and need to know how to do what we learned in this lab when setting up your routers to be DHCP servers.
Changing TCP/IP Settings on Your Computer (2000)
a.k.a Static DHCP lab
Objective:
In this lab you will complete the installation of the NIC by performing the software installation and changing TCP/IP settings. You will be changing TCP/IP settings in many of the labs in this book.
Tools and Materials:
(1) Workstation (2000)
Lab Diagram:
e0/0
192.168.1.1/24
Workstation A
IP 192.168.1.3
SM 255.255.255.0
GW 192.168.1.1
Step-by-Step Instructions:
In this lab you will be configuring only the workstation portion of the above lab diagram. It is just shown as an overall reference perspective.
Open the My Network Places icon on the desktop. You should see the network and dial up connections window:
Figure 1Network and dial up connections window.
Then right click on the icon local area connection and select properties. You should see:
Figure 2Finding the TCP/IP configuration for the NIC.
Double-click on Internet Protocol (TCP/IP) or highlight Internet Protocol (TCP/IP) and select properties. In either case you should see another pop up window like this:
Figure 3TCP/IP Properties pop up window.
Now, say we are told to put in an IP address of 192.168.1.3 with a subnet mask of 255.255.255.0 and a gateway of 192.168.1.1. Here is how we would do it. First we would select specify an IP address and then put in IP address and mask on this window. After doing that the window should look like this:
Figure 4Putting in an IP address and mask.
Sometimes you can add in more than one gateway. For example if you have two routers connected to one switch and a workstation coming from that switch, as long as everyone is on the same subnet you have two possible gateways to route your information (see figure on next page). So, if you prefer one way over the other you can put the more preferred one in last and the least preferred one first (it moves it down when new ones are entered).
Lab Diagram:
WWW
Backup ISP connection
Main ISP
connection
e0/0
e0/0 6 192.168.1.100/24
192.168.1.1/24 1 Gateway 2 (backup)
Gateway 1 (preferred)
3
Workstation A
IP 192.168.1.3
SM 255.255.255.0
GW1 192.168.1.1 (preferred)
GW2 192.168.1.100
To add another gateway click on the advanced tab. You should see:
Just click on the add tab and add in your second gateway. You can also change the metrics tooits almost like making a routing table on your PC.
Almost done. To finish it up we click on ok three times. You should then be prompted to reboot your computer to make the settings take effect. If you do not reboot then they will not work properly.
You can double-check your settings using those DOS or windows commands IPCONFIG.EXE.
Supplemental Lab or Challenge Activity:
Try to find out about all of those other tabs and settings in the network and TCP/IP Properties windows.
What is a gateway?
So What Have I Learned Here?
Now you are talking about the meat and potatoes of things to come. In almost every lab you will be installing workstation TCP/IP settings. Heck, some of your troubleshooting will involve this laterI have seen it too many times beforeMr. Basham, my computer doesnt get any Internet! The answer: Did you see if the last student reset their TCP/IP settings back to obtaining them automatically? Better learn it good now and never assume anything was put back properly.
Intermediate DOS Lab: Troubleshooting Utilities
Objective:
To learn about DOS utilities to use for troubleshooting in networks.
Tools and Materials:
(2) workstations
(1) cross-over cable (xo)
Lab Diagram:
xo
192.168.1.1/24 192.168.1.2/24
Step-By-Step Instructions:
Cable the lab as shown.
Ask your instructor or buddy for help if necessary if you have problems with peer-to-peer networking. You may have to use the ip address of the other workstation as a gateway address. Sometimes yes, sometimes noyou just got to love Microsoft.
In this lab we will be using ping and trace route commands for troubleshooting (layer 3 commands). Lets start by opening a DOS window and finding out what options are available with ping.
C:\ >ping /?
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] destination-list
Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
The first step in troubleshooting is testing layer 1 and working our way up the OSI model. Check the cabling. Be certain the LED on the NICs is lit up. You can also do a visual verification on the cable to be certain you are using the correct one. Just because the light is lit does not mean the cable is working or is the proper cable. Be careful!
First we can test the functionality of the NIC (layers 1-2) and the computer for its ability to communicate with networking. We can do this by using ping to any address on the 127.0.0.1-127.255.255.254 network. This is called the loopback adapter network. So I pick an IP address from the 127 network and ping it. You should see something like this if everything is fine:
C:\ >ping 127.127.127.127
Pinging 127.127.127.127 with 32 bytes of data:
Reply from 127.127.127.127: bytes=32 time<10ms TTL=128
Reply from 127.127.127.127: bytes=32 time=1ms TTL=128
Reply from 127.127.127.127: bytes=32 time=1ms TTL=128
Reply from 127.127.127.127: bytes=32 time=1ms TTL=128
Ping statistics for 127.127.127.127:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\ >
Next we can test our basic network connection between the two computers using ping (layer 3). If my workstation used 192.168.1.1 and the other one used 192.168.1.2 then I would ping 192.168.1.2 to test connectivity. If you cannot ping the other workstation then check the IP addresses and masks on each workstation. When all else fails reboot the workstations too.
C:\ >ping 192.168.1.2
Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 time<10ms TTL=128
Reply from 192.168.1.2: bytes=32 time=1ms TTL=128
Reply from 192.168.1.2: bytes=32 time=1ms TTL=128
Reply from 192.168.1.2: bytes=32 time=1ms TTL=128
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Oktime to play with our new found ping friend. Lets see what some options are for ping and what they do. First adding the t option will cause multiple pings UNTIL YOU STOP IT by using the break sequence in DOS (control+C)this is technically illegal because it creates a very, very small denial of service attack:
C:\ >ping 192.168.1.2 -t
Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 time<10ms TTL=128
Reply from 192.168.1.2: bytes=32 time=1ms TTL=128
Reply from 192.168.1.2: bytes=32 time=1ms TTL=128
Reply from 192.168.1.2: bytes=32 time=1ms TTL=128
Reply from 192.168.1.2: bytes=32 time=1ms TTL=128
Reply from 192.168.1.2: bytes=32 time=1ms TTL=128
Reply from 192.168.1.2: bytes=32 time=1ms TTL=128
(control+C stops it)
Ping statistics for 192.168.1.2:
Packets: Sent = 7, Received = 7, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Why do this? Lets just say we start it up on one machine and it is telling us that it is not replyingby using the constant ping we can see the instant the other computer or interface comes on-line. This is very handy later when you will be doing access control list labs. Oklets try another one. Adding the n will let us specify how many packets to send. Sometimes waiting for four packets can be problematic, so we just want to send one.
C:\ >ping 192.168.1.2 t 1
Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 time<10ms TTL=128
Ping statistics for 192.168.1.2:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Now, the mother of them alladding the l will let us change the size of our packet from 32 bytes to whatever we want it tosometimes during labs you may want to see how much it would take to choke out the performance of an interface or to test some traffic balancing and this would work for it. Actually a Linux box would work way better for actually choking something out but you should get the point with this:
C:\ >ping 192.168.1.2 l 50000
Pinging 192.168.1.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Huh? What happened to our one ping and why didnt it get received? Yeah, you can only have so big of a size go round trip through DOS on a Windows-based workstation. I even set it down to 5000 bytes and got the same thing. From a Linux box it worked no problem. We can combine these too:
C:\ >ping 192.168.1.2 l 5000 n 2
Pinging 192.168.1.2 with 5000 bytes of data:
Reply from 192.168.1.2: bytes=5000 time=10ms TTL=30
Reply from 192.168.1.2: bytes=5000 time=10ms TTL=30
Ping statistics for 192.168.1.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 10ms, Average = 10ms
One last thing here. You can open MULTIPLE DOS windows too. Try it. Go to the run panel and type in cmd and then repeat it several times. Try taking the ip address out of one of your workstations. Then put a continuous ping from the workstation (with the good ip address) to the one without. Watch it for a couple of seconds and then put the address back in. You should see the ping packet replies almost instantly. Heres another fun oneping the broadcast address (192.168.1.255). Why does it work? You will find out later or ask your instructor if you really need to know right now, right now.
We know we have good connections between the two. When you have more than two computers in a network you can also use another layer 3 tool: trace route.
Lets start by looking at our options with tracert in DOS:
C:\ >tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
If you are having difficulty connecting to another device several hops away trace route will show you exactly which device looses your communication. For example, if I had a network with several routers and was trying to get to www.spjc.edu I could find the faulty device. First, since it helps to have a baseline before something goes bad lets look at a good trace route to our destination:
C:\ >tracert www.spjc.edu
Tracing route to www.spjc.edu [172.16.1.68]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.151.1
2 4 ms 5 ms 5 ms 192.168.154.1
3 5 ms 7 ms 4 ms do-esr5000 [172.23.1.1]
4 6 ms 6 ms 6 ms 192.168.100.27
5 6 ms 6 ms 6 ms www.spjc.edu [172.16.1.68]
Trace complete.
Now, when troubleshooting if we ran a trace route and got this:
C:\ >tracert www.spjc.edu
Tracing route to www.spjc.edu [172.16.1.68]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.151.1
2 4 ms 5 ms 5 ms 192.168.154.1
3 5 ms 7 ms 4 ms do-esr5000 [172.23.1.1]
4 * * * Request timed out
5 * * * Request timed out
Trace complete.
Then we would have a good idea there is a problem with the do-esr5000 device with IP address 172.23.1.1. In this case its a 5000 series router at district office.
If it does not work at all have your instructor check with your schools network administratorsome of them have been denying icmp traffic within the school.
Lets do another tracert, this time to www.yahoo.com
C:\ >tracert www.yahoo.com
Tracing route to www.yahoo.akadns.net [216.109.117.110]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms 192.168.151.1
2 <10 ms <10 ms 10 ms 192.168.154.1
3 <10 ms 10 ms 10 ms do-esr5000 [172.23.1.1]
4 10 ms <10 ms 10 ms 192.168.100.27
5 10 ms 10 ms <10 ms 192.168.255.3
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 40 ms 40 ms 30 ms p25.www.dcn.yahoo.com [216.109.117.110]
Trace complete.
You can see we had a lot of time outs here and not a whole lot of information. Tracert is limited in DOS but can occassionaly yield some good information.
Basic Troubleshooting
Check cabling and lights Layer 1
Ping the loopback adapter Layer 1-2
Ping, trace route Layer 3
Still stuck? Ask your instructor or a buddy for help.
Supplemental Lab or Challenge Activity:
Is there an upper limit in DOS to the size of packet that you send?
Open up multiple DOS windows and send pings to each workstation in your classroom only at the same time.
Go find out what a traffic generator ishow could you use your knowledge of ping to make a traffic generator?
Make a traffic generator using ping commands that will choke out your network. You will know it is working when they start timing out. Figure out the optimal ping size that starts choking the network and the maximum size just before the network chokes. This will be cool to use later to test your networks.
Sometimes in your reading you are hearing about network broadcasts. How can you make a network broadcast using the ping command?
What are the similarities and differences between ping, tracert, and pingpath?
So What Have I Learned Here?
In this lab you learned the basics of troubleshooting workstation network problems. You will be using this knowledge as you Learn by Doing and practicing for your CCNA Exam.
Supplemental Labs or Challenge Activities:
Go out and find a program called CuteFTP and compare it to FTP.
Your instructor will have the TFTP program (or you can download it from CISCO). How do these programs differ?
So What Have I Learned Here?
You have learned about basic FTP commands and how FTP works. I have seen some CCNA test review software that ask about the FTP commands (get and put specifically) so I wrote this lab for all of you. Aint that nice?
Fun Ports to Surf with Telnet
To open Telnet, go to START, then RUN, and type TELNET then press enter.
***Be careful when surfing telnet ports. If you are not authorized on anyones computer then you will be guilty of a felony!****
PortServiceWhat it is7EchoWhatever you type in is repeated9Discard/null11SystatLots of info on users in network13DaytimeTime and date at computers location15NetstatLots of info on networka must see!19ChargenASCII character stream20ftpftp data21ftpTransfer files (control)23telnetTerminal emulation program25SmtpMail program37TimeTime39RlpResource location43Whoisinfo on hosts and networks53DomainName server70GopherOut-of-date information tool79FingerUNIX information finder80httpWeb server107rtelnetRemote telnet110PopEmail post box server113Ident/authIdentification/authorization119nntpNews group servers135EpmapDCE endpoint resolution139NetbiosNetbios session service
Hyperterminal Lab
Objectives:
Learn how to set up a router and login through a router console port from a workstation using the Hyperterminal program.
Tools and Materials:
Workstation with Hyperterminal Program
CISCO router
(1) rollover cable (ro)
Background:
Easy when you know how is very applicable when accessing a router through a workstation. This lab is designed to show you how to set up the hyperterminal program, to connect cabling and how to access the router.
Lab Diagram:
CON
ro
COM1
Step-By-Step Instructions:
Verify the existence of the hyperterminal program on your Windows workstation. Check this path: Start>Programs>Accessories>Hyperterminal or Start>Programs>Communications>Hyperterminal. If you do not have it installed on your workstation, then follow these steps (you will probably need your Windows CD):
go to Start>Settings>Control Panel>Add/Remove Programs
select the middle tab Windows Setup
select Communications
select the Hyperterminal pick box
follow the prompts to finish the installation
Open the Hyperterminal folder/program using the path you just found.
Open the hypertrm icon.
Type in a name for the session and select an icon.
Pick Connect using direct to COM1
Make sure you have the following settings:
bits per second
data bits
None parity
stop bit
Hardware flow control
Later on you may have to change these settings. Some switches (like Cabletron) like to use flow control set to none instead of hardware.
Connect the router from the console port to COM1 on your workstation using a rollover cable. You many need to add in a DB-9 to RJ-45 adapter to your COM1 port.
Now you can turn the power on to the router. After a couple of seconds you should start seeing some information on the Hyperterminal window.
Troubleshooting:
Are you connected to COM1?
Do you have a rollover cable?
Is your rollover cable good?
Do you have your Hyperterminal settings correct?
Is COM1 correctly set up in your BIOS?
Supplemental Lab or Challenge Activity:
Go search the Internet for instructions on COM ports, their settings, and what they do. Why do we set to 9600 bps, 8 databits, no parity, and 1 stop bit? What is parity?
Look up a program called Kermit on the web. How does it differ from Hyperterminal? What about Xmodem?
Go to downloads.com and see if there are other communications software packages available.
Go to HYPERLINK "http://www.sigmanet.com" www.sigmanet.com and download the utilities for the Adtran Atlas 550. They have a communication tool package their too. See if you can use their communication package to hyperterminal into a router too.
Is hyperterminal only for routers? Try it by connecting to lynx.cc.ukans.edu
It is possible to capture text from a hyperterminal session and save it to a text file WHILE you are working. In this manner you can see everything you did during an active session. Click on the transfer pull-down menu, then enter a path and file name to save it too. Its just that easy!
So What Have I Learned Here:
Another day, another utility to use. Gosh! Will they ever stop? Oh who caresmore knowledge, more tricks in our arsenal, more lines on the resume. We learned about some more communication software. Hyperterminal is going to be used quite a lot through out the rest of this book. Who know? Be different and use another communications tool to access the router and impress your friends or just show off smugly.
Paper Lab: Proper Cable for the Proper Job
Objective:
To learn which type of networking cable to use in which instance.
Tools and Materials:
Paper and pencils
Different colored pencils or markers would be nice.
Background:
You will be putting together lots of equipment with plenty of cables during your career. Knowing which cable to use and when will save you plenty of time, trouble, and potential embarrassment if you get it right from the start. Heck, you can even help someone else latermost network administrators do not know a straight through from a rollover.
Telephones have been around since the late 1800s and our wiring patterns have evolved from the telephone industry. The two most common wiring patterns are EIA/TIA 568A and EIA/TIA 568B (Electronics Industry Association/Telecommunications Industry Association). There are four pairs of wires in a Category 5-type cable. Pair 1 is the blue pair, pair 2 is the orange pair, pair 3 is the green pair, and pair 4 is the brown pair. For you football fansThe Blue and Orange Gators play on the Green Grass with the Brown Football. (Yeah, I went to UF) In fact, 66 and 110 punch down blocks are wired in this fashion:
Blue Pr White/blue White/blue
Blue Blue
Or. Pr White/Orange White/Orange
Orange Orange
Gr. Pr White/Green White/Green
Green Green
Br. Pr White/Brown White/Brown
Brown Brown
Figure 1punch down block.
Unfortunately our wiring patterns for our cables could not align easily with this pattern (figure 2). They had to go and come up with some other ones (see figure 3).
White/bluebluewhite/orangeorangewhite/greengreenwhite/brownbrown
Figure 2Matts nice pattern.
EIA/TIA 568A EIA/TIA568B
White/green 2 White/orange
3 Green Orange
White/Orange White/green
2 1 Blue 3 1 Blue
White/Blue White/Blue
Orange Green
4 White/Brown 4 White/Brown
Brown Brown
Figure 3EIA/TIA 568A and B wiring patterns.
Straight Through (ST): Used for connecting dis-similar devices (workstations to hubs, switches to routers, hubs to switches, etc.). The cables are wired with the same wiring pattern on each end.
EIA/TIA EIA/TIA
568A 568A
ST
EIA/TIA EIA/TIA
568B 568B
ST
Crossover (xo): Used for connecting similar devices (workstations to workstations, switches to switches, hubs to hubs, etc). The cables are wired with pairs 2 and 3 crossing over from one end to the other (see also figure 3).
EIA/TIA EIA/TIA
568A 568B
xo
EIA/TIA EIA/TIA
568B 568A
xo
Rollover (ro): Used for connecting communication ports to other communication ports (workstation com ports to router console ports, etc). It does not matter which colors are used here as long as the pattern rolls over from one side to the other.
12345678 ro 87654321
In the following diagrams indicate which type of cable is used, label each cable, apply the appropriate pattern in the drawing, and indicate which port or connection would be used at the each end of the cable.
Crossover Rollover Straight-through
(xo) (ro) (ST)
Peer-to-Peer Cabling
Two workstations and a hub
Three workstations and a hub
Six workstations (3 to a hub) and two hubs
Change hubs to switches:
Add in a router:
Add in a web access:
DSU/CSU
WWW
Paper Lab: OSI Model and Encapsulation
Objective:
To be able to learn more about the OSI model, its layers, and their descriptions.
Tools and Materials:
Paper and pencil
Background:
In your textbook you have learned about the layers of the OSI model, what happens on each layer, and descriptions of each layer. You probably took the time to memorize exactly the definitions of each layer. I got news for youon the test the definitions are completely different from the ones in the book. Wouldnt it be nice if they did something consistent for once? Actually the definitions are similar, just completely worded differently. So here we will look at the definitions you were told and try to create some alternate wordings. Your test will probably have something like a drag and drop scenario for it so we will just use simple matching exercises here.
Step-By-Step Instructions:
Okso those are the definitions/encapsulations that they asked you to know. Lets take a few seconds to re-write them in our own words.
Layer CISCO definition Your definition
Applicationidentifies and establishes the availability of intended communication partners, synchronizes cooperating applications, and establishes agreement on procedures for error recovery and control of data integrity. browsersPresentationtranslates multiple data representation formats by using a common data representation format. concerned with data structures and negotiation data transfer syntax encoding, representation of data, ASCII
Sessionsynchronizes dialogue between presentation layer entities and manages their data exchange. Information is encapsulated into data blocks here.TransportResponsible for reliable network communication between end nodes and provides transport mechanisms for the est., maintenance, and termination of virtual circuits, transport fault detection and recovery and information flow control.NetworkProvides connectivity and path selection between two end systems where routing occurs. Segments are encapsulated into packets here.Data LinkConcerned with physical addressing, network topology, and media access. Packets are encapsulated into frames here.PhysicalDescribes the various types of networking media. Frames are converted into bits here. Defines the electrical and functional specifications for activating and maintaining the link between end systems.
Lets compare. My definitions of the OSI model layers are:
ApplicationWhere most non-networking programs function. This is the layer where networking (like client-server) and the encapsulation process starts and ends.
PresentationThe second step in networking. This is where data is compressed, formatted or encrypted. The super-secret-spy-stuff layer.
SessionThis is where networking sessions between two devices are started, managed, and terminated. The information is called data.
TransportThis is where the data is chunked into segments before being passed to the network layer. Each chunk/segment is labeled 1 of X, 2 of X, 3 of X, etc. This is the layer predominantly in charge of error control, even though each individual layer has its own error control (to a lesser extent).
NetworkThis is where each segment is given directions on how to get from here to there using logical addresses. After this information is added the segment is called a packet.
Data LinkTakes care of topologies and physical addresses. The packet is now called a frame.
PhysicalWhere the media is located. No intelligent processing takes place here just conversion to binary.
Matching:
Please match the definition on the left with the corresponding OSI layer on the right.
1. ____ Agreement of using ASCII is performed here. Presentation
Physical
2. _____ Signals are amplified here. Session
Transport
3. _____ Version of protocol used will be found here. Data Link
Application
4. _____ Responsible for terminating communication between Network
network devices.
Please match the item on the left with the corresponding OSI layer on the right.
1. _____ Manage communication session Presentation
Transport
2. _____ Capturing Packets Session
Network
3. _____ Flow Control Application
Physical
4. _____ Logical addressing Data link
So What Have I Learned Here?
That they really want you to know your layers inside and outnot just an exact definition but other similar definitions. Lets face itits enough to drive you friggin nuts. The only advice I can give is to memorize the ones that are extremely technical, geeky, and just plain obnoxious. Then write your own definitions to check your understanding of the layers and have someone else (like a teacher or really knowledgeable friend) check them over for accuracy.
Broadcast and Collision Domains
Objective:
To learn how to identify broadcast and collision domains in a network topology.
Tools and Materials:
Pencil and paper
Background:
In any networking design selection of networking devices can depend upon isolation of traffic using knowledge of broadcast domains and collision domains.
A broadcast domain is an area in which any network broadcast is sent to every device in the broadcast domain. For example, if a workstation is set up to get its IP address from a DHCP server it uses a broadcast address that is sent over the network to retrieve the IP address from the DHCP server. So, in a way, a broadcast address is like a maintenance channel. It exists so individual devices can broadcast messages to one or every device within the broadcast domain. By keeping the broadcast domains smaller we are reducing the overall network traffic. We use routers to create separate broadcast domains. Each interface on a router is a completely separate broadcast domain. Therefore broadcasts within one network on an interface will not pass to the network on another interface (unless we program the router to do so which is not likely).
A collision domain is an area where collisions can occur in a network. Using Layer 1 devices create one large collision domain. Each port on a Layer 2 device is its own collision domain reducing the possibility of collisions and errors down to nothing.
So lets jump into defining and identifying collision and broadcast domains. Along the way you will also learn more about how networking devices function.
1 3 5 7
Workstation Workstation Workstation Workstation
A B C D
Figure 1Small hubbed network.
Since no intelligent functions can take place with a hub (they only clean-up, amplify and re-time signals) we have one big broadcast domain and one big collision domain. The likelihood of collisions is high. A hub basically allows transmission on only one port at a time. The hub allows port one x seconds to transmit (but it doesnt send a notification to port 1 that it is their turn) then changes to port two if no information is transmitted. It allows port one to finish then changes to port two. It will allow port two x seconds to transmit and then it will change to port three if no information is transmitted. The process is repeated on port three, then four, then five and then to all the ports one at a time. But, as we have said, hubs are not intelligent. Once the hub finds information being transmitted over a port it does not go to the next port it starts back over at the first port. Therefore you want your more important devices on the first ports.
In our diagram lets look at an example for workstation A to send information to workstation D. The information from workstation A enters the hub on port 1. The hub then makes duplicate copies of that information and sends it to each port (active or not). In this case workstations B, C, and D will receive the copies. The information is received on the workstations and the de-encapsulation process is started. The frame has the header and footer information removed. First the CRC process will reveal if the information is correct. Next, the destination MAC address is checked to see if it matches the MAC on the workstation (Is this for me?). If they match then the de-encapsulation process continues (which it does only on computer D). If they do not match (which it does not on computers B and C) then the frame and all its information is discarded and ignored. Therefore only the destination device (computer D), for which it was intended, will process the information.
1 3 5 7
to:00-00-00-00-00-04
from: 00-00-00-00-00-01
Workstation Workstation Workstation Workstation
A B C D
mac: 00-00-00-00-00-01 00-00-00-00-00-04
Figure 2Workstation A sends a request to workstation D.
As we have seen with a hub making multiple copies of each incoming request the chances for a collision are high. Lets look a bit deeper at what happens during a collision. Most textbooks and teachers will tell you workstations will listen before transmitting. Do they have ears? I do not think so. A NIC just monitors the transmitting pin and receiving pin for voltage for a short period of time. By detecting this voltage the workstation is listening to the network for transmissions. When the voltage is detected on both pins the networking devices sees this as a collision and grounds the media for a period of time (which stops the collisionthis is called a jam signal). Then the workstation randomly picks a number of milliseconds to wait to re-transmitting its information (called the back-off algorithm).
1 3 5 7
to:00-00-00-00-00-04
from: 00-00-00-00-00-01
Workstation Workstation Workstation Workstation
A B C D
mac: 00-00-00-00-00-01 00-00-00-00-00-04
Figure 3The information is duplicated and sent to every node attached to the hub.
This is why we must select our networking devices carefully: to reduce the possibility of collisions. Today higher-level networking devices, such as switches and routers, are available at lower costs, which make them more affordable for installation. Switches eliminate the possibility of collisions because each port is its own collision domain. With one device on a port we have absolutely no chance of a collision happening. Using a switch also divides up the available bandwidth from a backbone line to each port. Unlike a hub, our switch can have many simultaneous transmissions. The switch is therefore a more robust device that performs better in networks. We didnt use them as much in our networks before because they used to be really expensive. In the past few years the prices have come down so much that it is not even worth buying hubs because switches are only a few dollars more. I can buy a 8 port switch for under a hundred dollars. So the only reason to use hubs is when you already have them and do not have the money to spend to upgrade. You should just phase them in.
In our previous example we demonstrated how collisions occur. In this example we replace the hub with a switch, which eliminates the possibility of collisions. Each port becomes its own collision domain. A switch, unlike a hub, also has the possibility to store information to be sent out later. That way, if workstation A and D were transmitting at the same time the switch could store information from one workstation while passing on the transmission from the other over the backbone.
A switch is an intelligent device. It allows us to change the priorities of our ports to determine who gets to transmit first in the event of tie. The information from the other port would be stored and transmitted later after the first one is done. Since the possibilities of two workstations transmitting at exactly the same time is remote, we usually wont have to monkey around with it. I knowI knowI just said we use switches to eliminate collision problemsso why go through all of that hassle and expense to replace hubs with switches? First, as we have said switches do not cost much anymore. Second, a key word in networking design is scalability the ability to grow without replacing equipment. We get more functionality out of a switch than with a hub
1 3 5 7
Workstation Workstation Workstation Workstation
A B C D
Figure 4Small switched network.
so why not just use it now? A switch is more scalable than a hub. And, third, switches are cool. Many of my cohorts and colleagues believe switching will become more prevalent in networking than routing. We use switches at the core of our networks, not routers. Switches only use layer 2 information to make decisions. Routers need layer 2 and 3 information to make decisions so they tend to be slower (in geek-speak: switches have less latency than routers).
So where were we? Oh yeah, switches eliminate collision domain problems. Lets look at our network diagram again. Now we have many collision domains (one per port) and one big broadcast domain. Workstation A and D could communicate almost instantaneously with each other or to other ports and their devices.
But we still have that one big broadcast domain hanging out theredont get me wrong big broadcast domains arent necessarily bad but we would like to keep them as small as possible. As we said earlier a broadcast domain is used for network maintenance. One analogy for a broadcast domain may be the public address system in your classroom. The staff can make announcements to the whole school or can communicate with just an individual classroom. By keeping the broadcast domain as small as possible we keep our overhead traffic as minimal as possible and, therefore, lessen any possible network traffic.
You may have heard someone refer to Novell as a chatty network. What they really mean is there is a lot of network broadcasting on the broadcast channel. Each networking device in a Novell uses SAP (Service Advertising Protocol). Periodically every single device in a Novell network sends out a broadcast here I am! message over the broadcast channel (typically every 60 seconds). As you can deduce if you had 100 devices this could create a lot of traffic. Other protocol suites use the broadcast address channel, albeit to a lesser extent. TCP/IP uses the broadcast channel for ARP/RARP (Address Resolution Protocol, Reverse Address Resolution Protocol). These are used when the workstations are booted that need to find their IP or MAC addresses if they have not been statically configured. You will learn more about ARP/RARP later.
Now lets say our company is growing so we need to add in another network.
A B C D E F G H
Figure 5Small multiple-switched network.
Now we would have 8 collisions in our one broadcast domain. Would you think our link between the switches be considered a collision domain too? Gotta say no here because switches have the ability to store information and send it off later (geek speak: queueing). Therefore no collision possibility exists.
Now that we have multiple switches we have the possibility for excessive broadcasts that could slow our network down. Okwith three or four workstations on each switch it would never get that bad, even with Novell, but cut me a break here ok? We could use a router to reduce our broadcast domain size. Each interface on a router, in fact, is its own broadcast domain. So lets add a router into our network. Here we would have eight collision domains and two broadcast domains.
A B C D E F G H
Figure 6Small network.
Supplemental Labs or Challenge Activities:
Lets have you count up the number of collision domains and broadcast domains in several network types.
Collision Domains: ____________ Broadcast Domains: ___________________
Collision Domains: ____________ Broadcast Domains: ___________________
Collision Domains: ____________ Broadcast Domains: ___________________
Collision Domains: ____________ Broadcast Domains: ___________________
Collision Domains: ____________ Broadcast Domains: ___________________
Collision Domains: ____________ Broadcast Domains: ___________________
Collision Domains: ____________ Broadcast Domains: ___________________
Collision Domains: ____________ Broadcast Domains: ___________________
The redundant link will act as a backup in cast the main link goes down. You will learn how to set up redundant links between switches in Part 2.
Okgot the idea? Lets start getting bigger!
Collision Domains: ____________ Broadcast Domains: ___________________
20 PCs 20 PCs 20 PCs 20 PCs
Classroom 101 Classroom 102 Classroom 103 Classroom 104
Collision Domains: ____________ Broadcast Domains: ___________________
Internet
20 PCs 20 PCs 20 PCs 20 PCs
Classroom 101 Classroom 102 Classroom 103 Classroom 104
This is an OK design.
Collision Domains: ____________ Broadcast Domains: ___________________
Internet
20 PCs 20 PCs 20 PCs 20 PCs
Classroom 101 Classroom 102 Classroom 103 Classroom 104
This is a better design.
Collision Domains: ____________ Broadcast Domains: ___________________
Internet
Detroit Chicago
20 PCs 20 PCs 20 PCs 20 PCs
Admin/Sales Engineering Admin/Sales Engineering
So What Have I Learned Here?
In this lab you learned how selecting networking devices can enhance or degrade network performance. You learned how switches and hubs work. You also learned how to identify broadcast and collision domains.
Part 2:
Switching
Switch Maintenance
Objective:
In this lab you will learn the basics of switch maintenance including telnetting/using a web browser to console into a switch, resetting a switch and password recovery on a switch.
Tools and Materials:
(1) workstation
(1) console cable
(1) switch Cisco 1900
(1) straight through cable
Lab Design:
192.168.1.1/24
192.168.1.2/24
192.168.1.1 gw
Step-By-Step Instructions:
Each of these topics are really too small for an individual lab so I lumped them all together in this one. Before we can do these first two we need an IP address, mask, and gateway on the workstation and an IP address and mask on the switch. To set up the switch from the main menu select:
[I] IP configuration
[I] IP address
192.168.1.1
[S] Subnet mask
255.255.255.0
then, like our routers, we need a password in order to be able to telnet into this device:
[X] Exit to previous menu
[M] Menus
[C] Console Settings
[M] Modify password
cisco
cisco
enter
Telnetting/using a web browser to console into a switch:
Without an IP address and subnet mask you cannot telnet into a switch. If you have put one on it then just start telnet and use the ip address with the telnet port. Its really cool. Open telnet by using Start then Run and typing telnet. The telnet window should open. Then click on connect and remote session. When the pop up window opens type in the IP address of the switch and click on Connect. You should see something like this:
After only a couple of seconds you should see something like this:
Notice how you no longer have the IP configuration option available.
Guess what? You can also get to your switch over the web. Just type that IP address in a web page and see what happens. Its really cool with pictures and everything. You should see something like this:
Remember how we just put in a password? Yupwe use it onlyno user name required.
After putting in the password and clicking on ok you should see:
So how cool is that? You cannot tell from this picture but you can actually see if a port is activenice when you are not in front of the switch. You can click on the port and view the statistics or even make changes.
But waitthere is more. You can also access the switch through the web browser. Scroll down and click on Fast etherchannel management and there will be a hyperlink for telnet. This will actually bring up a hyperterminal session to the switch. You will see this (next page):
Resetting a switch:
Resetting a switch is really simple. First start by selecting [M] for menus.
Then select [S] for system management.
Select [F] for reset to factory defaults.
Select [yes].
Then select [R] for reload.
Select [yes] and watch the switch reload. Its just that simple!
Password recovery:
You thought the last one was easy? Heckthis is the easiest password recovery you will ever do. Just unplug the switch (its okno matter what the configuration is savedits not like a router where you have to do a copy to save the configsounds like a good test question).
When the switch reboots just watch the hyperterminal screen. During the boot it will ask you if you want to reset the password like this:
Just click on yes to clear the passwords or ignore the message altogether to keep the current ones in use. Most people miss it because they are too busy watching all the blinking lights, talking with someone, or off getting their Dew.
Supplemental Lab or Challenge Activity:
Try doing these labs (this one and the ones to follow) using the command line interface. Some people have seen questions related to this on tests or on practice test CD-roms.
Try setting up usernames with passwords for telnet access with your switch.
So What Have I Learned Here?
In this lab you learned about some miscellaneous, yet nifty, features about switches and maintaining switches. In the next lab you will start learning about the Spanning Tree Protocol.
Basic STP
Objective:
To learn how to construct and understand Spanning Tree Protocol (STP) connections, to view and understand spanning tree states with a protocol inspector, and to construct and configure redundant backbones between switches.
Tools and Materials:
Three (3) cross-over cables
Three CISCO switches (1900 series)
Two (2) straight-through cables
Two Windows PC workstations with Hyperterminal and Ethereal installed
Lab Diagram:
Switch A Switch
B
1 bx ax bx ax bx ax 1
st xo xo st
NIC
xo
workstation A workstation B
Background:
The main function of the Spanning-Tree Protocol (STP) is to allow us to set up redundant back up lines in case of emergency between switches. When a main line between two of the switches becomes dysfunctional the switch, through its STP states (Blocking, Listening, Learning, Forwarding, Disabled), implements the Spanning Tree Algorithm (STA) when a link down is detected. By default the switch checks the condition of its ports every 30 seconds. In other words, when a main line goes down, the redundant backbone should come up within 30 seconds (although sometimes it takes up to about 60 seconds with default settings). STP is implemented on switches, by default, for VLANs 1-64. This means all you have to do is plug in your redundant backbone (a cross over cable) into any available port between switches because all switches in their default state have all ports assigned to VLAN 1.
The switch uses priorities to determine which lines are the main lines and which are the redundant backbones. The values can be 0 through 255. The lower number has the higher priority (the main lines). By default each 10BaseT port is assigned a priority of 128 and each 100BaseT port is assigned a priority of 10. On our 1900 series switches this means that the Ax and Bx ports will be selected as main backup lines before ones using the numbered (1-12 or 1-24) ports. In practice, we use the Ax and Bx lines to set our Trunks or backbone lines. Since the Ax and Bx lines are typically used for high speed this works best. In the next lab you will be configuring the backbone lines by changing the settings (cost, priority, etc) on each port to determine statically which will be the main backbones and which will be the redundant backbones.
Step-By-Step Instructions:
You should set each switch back to its factory default settings. The power should be turned off when you are finished re-setting.
Test default Spanning Tree Settings:
1. Make sure the power is turned off on all of the switches. For ease, place each switch on top of each other. For this lab, the top switch will be called SW-A, the middle switch will be called SW-B, and the bottom switch will be called SW-C.
2. Plug one end of a crossover cable into port Ax on SW-A and the other end into port Bx on SW-B.
3. Plug one end of a crossover cable into port Ax on SW-B and the other end into port Bx on SW-C.
4. Plug one end of a crossover cable into port Ax on SW-C and the other end into port Bx on SW-A. You have now created a loop in your switches.
5. Turn on the power. After the switches cycle through their start-up procedures one by one the lights over the Ax and Bx ports should change from amber-colored (Problem or not functioning) to green-colored (OK-operational). One of the lights should change back to amber. This line was chosen to be the redundant backbone because all priorities are equal in default mode.
6. Lets test the backup line. Unplug any one of the cables that appears with green lights on both ends. In about 60 seconds or so the redundant backbone line amber light will turn green. This indicates the switch is going through the five STP states.
7. Plug the back up line back init will return back to its original state in only a couple of seconds.
Test the ability to ping from (PC)-to (switch)-to (switch)-to (switch)-to (PC):
1. Connect a PC workstation (PC-A) to SW-A using a straight-through cable.
2. Change the TCP/IP settings to IP: 192.168.1.1 and S/M 255.255.255.0.
3. Connect a PC workstation (PC-B) to SW-B using a straight-through cable.
4. Change the TCP/IP settings to IP: 192.168.1.2 and S/M 255.255.255.0.
5. Test the connectivity from PC-A to PC-B by pinging. This should be successful.
6. Start an Ethereal capture on workstation B.
7. Lets test the backup line. Unplug any one of the cables that appears with green lights on both ends.
8. WHILE THE LIGHT IS STILL AMBERtest the connectivity from PC-A to PC-B by pinging. It should not work.
9. Within 60 seconds the redundant backbone line amber light will turn green.
10. Test the connectivity from PC-A to PC-B again. This should be successful again.
11. Stop the capture. Lets see what we have in figure 1.
Figure 1Capture for ping and STP. (note: complete icmp request and replies).
Manually select main and redundant backbones:
1. Plug one end of a crossover cable into port Ax on SW-A and the other end into port Bx on SW-B.
2. Plug one end of a crossover cable into port Ax on SW-B and the other end into port Bx on SW-C.
3. Start an Ethereal capture on workstation B.
4. Plug one end of a crossover cable into port 18 on SW-C and the other end into port 18 on SW-A. You have now created a loop in your switches. The cables in the Ax and Bx ports will have priorities of 10 (since they are 100BaseT by default) and the #18 ports will have priorities of 128. The higher priority cables will have the lower priority numbers. Do not use the Ax or Bx for either end of the cable.
5. The light over the #18 ports on one end should be green and amber on the other. This line was chosen to be the redundant backbone because of its manually static priority setting in the default mode was a higher priority number (and therefore the last one to be enabled in this scenario). Stop the capture and lets see our STP state with a cost of 10. See figure 2.
Figure 2STP showing cost of 10.
6. We are looking at one with a cost of 110 because the 100 is added to the 10 for a total cost between two devices. Our pure cost for that line is 10.
7. Lets test the backup line. Unplug any one of the Ax/Bx cables that appears with green lights on both ends. Within 60 seconds the redundant backbone line amber light will turn green. This indicates the switch is going through the five STP states. Repeat steps 2-4 to return cabling to their original settings.
Supplemental Activity or Challenge Lab:
Try doing this lab with as many switches as you can. Sounds silly but it can be tricky.
Start a ping storm by using many very large icmp packets. See what this does to your network performance and the time it takes for STP to bring up back up lines. Geezeyou thought it took long before.
So What Have I Learned Here?
To set up redundant lines between switches we just need to know which ports to use for best service. It really doesnt matter which ones we use but certain ones are more preferred to others. In the next lab we will change settings.
Basic VLAN
Objective:
To learn how to construct and understand how to use basic Virtual LANs in a network.
Tools and Materials:
(1) CISCO switch (1900 series)
(2) straight-through cables
(2) Windows PC workstations with Hyperterminal and Ethereal installed
(1) console cable
Lab Diagram:
4 14
st st
NIC NIC
workstation A workstation B
192.168.1.1/24 192.168.1.2/24
Background:
Virtual Lans (VLANs) are used to keep devices from communicating to each other without the services of a layer 3 device (router). If you were designing a school it would be nice to use a VLAN for teachers and a VLAN for students. No communication would be possible without the use of a router. So lets get to the learning by doing!
Step-By-Step Instructions:
Set up and cable the lab as shown. The switch requires no ip address, mask or gateway.
Ping from workstation A to B using DOS. It should work just fine.
Now lets put the teachers on one VLAN and the students on another. From the switch console lets create the two VLANs:
Click on [M] for menus
Click on [V] for VLANs
Click on [A] for add a VLAN (this will become VLAN #2)
Click on [1] for Ethernet type VLAN
Click on [S] to save and exit
Click on [V] for VLANs
Click on [A] for add a VLAN (this will become VLAN #3)
Click on [1] for Ethernet type VLAN
Click on [S] to save and exit
Now we need to assign ports to the VLANs:
Click on [E] for VLAN membership
Click on [V] for VLAN assignment
**Type in the ports to assign for the VLAN: 4-12 (I have a 24-port switch)
Click on [2] to assign them to VLAN #2
Click on [E] for VLAN membership
Click on [V] for VLAN assignment
**Type in the ports to assign for the VLAN: 13-24 (I have a 24-port switch)
Click on [3] to assign them to VLAN #3
All done! You can exit back to the main menu.
** We typically do not want to use VLAN #1we reserve it for network management functionsI saved 3 ports on my 24 port switch for VLAN #1If you take the semester 7 Building CISCO Switched Multi-Layered Networks then you will learn more about using VLAN 1for now restrict users to VLAN #2 and above.
Try pinging again from workstation A to B using DOS. It should not work now. The VLANs electrically separate the two networksits kind of like using two switches.
Supplemental Lab or Challenge Activity:
Add a protocol inspector and observe the VLAN information.
Go to CISCOs website and research VLAN information.
Try setting up a switch with 5 VLANs.
So What Have I Learned Here?
VLANs are nice to use in large networks. Instead of physically separating network users from each other with separate (and sometimes expensive devices) we can now do it logically without using added equipment. In the next lab we will add a router into our little lab design and see how it improves or messes up our network
Using a 2950 Switch
Objective:
There are many schools that use only 2950s for their switches. In this lab you will learn how to set up the basics on the switch, configure interfaces, and set up VLANs.
Tools and Materials:
(1) workstation
(1) console cable
(1) 2950 switch (I used IOS version 12.1 here)
Lab Design:
Step-By-Step Instructions:
Set up and cable the lab as shown. Use a console cable from COM1 on the workstation into the console port on the back of the switch. Open a hyperterminal session on the workstation. Turn the power on to the switch by plugging it in. Put in a n or no to not enter the intial configuration. You should see something like:
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
00:09:24: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
00:09:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Switch>
Switch to enable mode by typing an en or enable at the prompt:
Switch>en
Switch#
If you are prompted for a password then someone else has been there first and has put in an enable password. You will have to have your instructor or lab technician clear this out. Be sure to have them reset the switch to the factory default settings.
Now, lets double check and make sure everything is set to defaults for this particular IOS and switch version. Here is what I saw using a sh ru or show run command to see the running configuration file on the switch (some blank lines have been edited out to save some trees):
Switch#sh run
Building configuration...
Current configuration : 1449 bytes
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname Switch
ip subnet-zero
spanning-tree extend system-id
!
interface FastEthernet0/1
no ip address
!
interface FastEthernet0/2
no ip address
!
(I took out interfaces FastEthernet 0/3 through 0/22they are all the same with no ip addressjust saving a page and some trees)
!
interface FastEthernet0/23
no ip address
!
interface FastEthernet0/24
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
!
line con 0
line vty 5 15
!
end
Switch#
The first thing we will want to do is set up some basics on the switch that will keep us from screaming our head off. Here is what I recommend (just read this for nowI will explain line-by-line in a minute):
Switch>
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname Matt_switch
Matt_switch(config)#line vty 0 ?
<1-15> Last Line number
Matt_switch(config)#line vty 0 15
Matt_switch(config-line)#password cisco
Matt_switch(config-line)#login
Matt_switch(config-line)#exit
Matt_switch(config)#line con 0
Matt_switch(config-line)#logging syn
Matt_switch(config-line)#exec-t 0 0
Matt_switch(config)#enable secret cisco
Matt_switch(config)#enable password class
Lets break this down a bit. First I switched into configuration mode. Having the prompt with a carat is called the user mode and you cannot do anything but look at how the switch is performing. Any changes require you to be in the configuration mode first. This is that sequence of commands:
Switch>
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Next, I changed the name of the switch. When you have many switches in your network this will help you keep them apart when configuring several at the same time. Here is that command. Notice how the prompt changes immediately:
Switch(config)#hostname Matt_switch
Matt_switch(config)#
Hostnames must be one contiguous group of characters and numbers. But, aha! I can use an underscore mark to make it appear like I have multiple words (21 character maximum). Here are a few good hostnames:
hostname mattswitch1
hostname May_I_Momma_Dogface
hostname Orlando_switch
hostname OrlSwitch1%
Next, I want to configure the virtual terminal lines. In the standard curriculum you are told to only configure the first five lines (vty 0 through 4). Well, the newer equipment comes available with more than five lines so you want to be sure you get them all. So first we find out how many lines we have and then configure it for all of them.
Matt_switch(config)#line vty 0 ?
<1-15> Last Line number
Matt_switch(config)#line vty 0 15
Matt_switch(config-line)#password cisco
Matt_switch(config-line)#login
Matt_switch(config-line)#exit
Matt_switch(config)#
The vty lines are used during telnet sessions to the switch. If you do not configure a password or add the capability to login in to a vty session then you will not be able to telnet into the switch. Its a catch-22, if you do not use it then you cannot telnet into the switch. But if you do, then you open a possible security hole that may allow anyone to telnet in to the switch. If you only configure the first five telnet lines then you may also open a security hole on all remaining lines. You do not have to use the same password on all lines. You can make a configuration like this too:
Matt_switch(config)#line vty 0 4
Matt_switch(config-line)#password cisco
Matt_switch(config-line)#login
Matt_switch(config)#line vty 5
Matt_switch(config-line)#password matt
Matt_switch(config-line)#login
Matt_switch(config)#line vty 6 15
Matt_switch(config-line)#password lophtcrack
Matt_switch(config-line)#login
The fun never stopsright? Next, I used the exit command to exit from configuring the vty lines and then used the line con 0 command to switch into configuring the console line. You can do it like the top or the bottom example here:
Matt_switch(config-line)#exit
Matt_switch(config)#line con 0
or,
Matt_switch(config-line)#line con 0
Matt_switch(config-line)#
Unlike the vty lines there is only one console line on the 2950 switch. You can verify this for good measure:
Matt_switch(config)#line con ?
<0-0> First Line number
Matt_switch(config)#line con 1
% Invalid input detected at '^' marker.
Matt_switch(config)#
Okso lets get in and configure our console line. This is where all console messages are sent to by default on the switch. It makes sense because that is the port that is connected to our hyperterminal session. I know, I know, but I saw the question on a practice test.
Matt_switch(config)#line con 0
Matt_switch(config-line)#logging syn
Matt_switch(config-line)#exec-t 0 0
Lets look at what I didI got into line configuration mode and enabled logging synchronous. This is helpful to you when setting up the switch. Sometimes messages will interrupt what you are doing. If you have this command enabled then the switch console session will repeat what you had typed before the interruption. Nice, huh? The executive timeout command acts sort of like a screen saver. Without this command you could run to the restroom and come back and find your self having to hit enter to get back into the switch at the user mode, typing enable, and then entering the password to get back into priviledged mode. What a pain. Of course in the real world you really dont want to do this so the IOS has a way to set the time out with the little numbers at the end.it is sort of a start and stop if you will. Setting it to 0 0 will never time out the session. Setting it to 0 60 will have it time out after 60 seconds. Unlike the hostname command this sometimes takes a bit to kick insetting it to 0 1 will totally torque off someone, so use it only on special occasions. The last two commands are password settings for use with your switch. The enable secret password is used to access the privileged mode on your switch.
Matt_switch(config)#enable secret cisco
Matt_switch(config)#enable password class
Enable password is something that Cisco drums into your head for tests. Thats all you need to know about it for now.
Another thing you may want to do is to configure the interfaces on the 2950 switch. The first thing you need to decide is whether you are configuring one interface or a whole group with the same settings. Since you have way more Ethernet ports on the switch than you usually do with a router you can do ranges to configure multiple ports at once. Lets say for example we want to set ports 1 through 12 to be 10 MB per second and the rest of the ports to be 100 MB per second. Here is the sequence of commands we could use to do all of them as a two separate range commands. Notice that there is a space between the 1 and the dash and the dash and the 12.
Matt_switch#config t
Matt_switch(config)#interface range fastethernet0/1 - 12
Matt_switch(config-if-range)#speed 10
Matt_switch(config)#interface range fastethernet0/12 - 24
Matt_switch(config-if-range)#speed 100
That is all fine and jim dandy but it usually is best to set all the ports so they can autonegotiate how fast they can communicate. If you set the speed to 10 MB and more is available then guess what? You will still only get 10MB max. You might as well set it up for maximum efficiency. The only times I can think of where you would want to scale it back is to limit someone from watching lots of video or doing audio streaming when they should be working. Then you can slow them down (with the permission of the boss of course).
Matt_switch(config)#interface range fastethernet0/1 - 24
Matt_switch(config-if-range)#speed auto
This command is enabled by default so if you look at your running configuration to see if it is there you will not see anything. Just know that is really is there. You would think they would have another mode that would allow you to see all of the default commands. Well, if they do eventually get one I want the royalties and call shotgun on that one! Now there are a couple of additions to the 2950 that the 1900s really did not have, the addition of two uplink/downlink gigabit ports. The earlier 1900s have an A and a B port capable of 100 Mbps. This is analogous to that, except that it is gigabit speed. In order to use these you need a Gigabit Interface Converter (GBIC). This is nothing more than a transceiver (or plug in converter module) that will usually be a fiber optic connection module. This is where your connection from the main wiring closet will come in to the switch. Those too are configurable.
Matt_switch(config)#interface range gigabitethernet0/1 - 2
Matt_switch(config-if-range)#speed auto
One nice feature is the description command. This will allow you to add a comment about an interface. It is particularly helpful with the gigabit interfaces like so:
Matt_switch(config)#interface range gigabitethernet0/1
Matt_switch(config-if-range)#description main line to MDF
Matt_switch(config)#interface range gigabitethernet0/2
Matt_switch(config-if-range)#description backup line to MDF
Lastly, you may want to configure VLANs on the 2950 switch. Doing this will require you to be in VLAN server mode. By default you are in the VTP client mode. Dont believe me? Good! Lets try it out.
Matt_switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Matt_switch(config)#vlan 10
VTP VLAN configuration not allowed when device is in CLIENT mode.
Isnt that about enough to drive you nuts? Well first we need to get into the VLAN database to make the switch. Notice how we do not get into terminal configuration mode first.
Matt_switch#vlan data
Matt_switch(vlan)#vtp ?
client Set the device to client mode.
domain Set the name of the VTP administrative domain.
password Set the password for the VTP administrative domain.
pruning Set the administrative domain to permit pruning.
server Set the device to server mode.
transparent Set the device to transparent mode.
v2-mode Set the administrative domain to V2 mode.
Matt_switch(vlan)#vtp server
Setting device to VTP SERVER mode.
Matt_switch(vlan)#exit
APPLY completed.
Exiting....
Matt_switch#
Now lets go back again and set up those VLANs. Like the VLANs on our 1900s there is a two-step process. First we create the VLAN and then we apply it. To create it:
Matt_switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Matt_switch(config)#vlan 10
Matt_switch(config-vlan)#media Ethernet
I believe the media type is set to Ethernet by default but I add it in just to be safe. Now to apply it:
Matt_switch#config t
Matt_switch(config)#interface range fastethernet0/1 - 12
Matt_switch(config-if-range)#switchport access vlan 10
To confirm this exit the configuration mode and do a show run. You should see something like this (I omitted a bunch of stuff and put just the pertinent stuff):
interface FastEthernet0/12
switchport access vlan 10
no ip address
!
interface FastEthernet0/13
no ip address
!
interface Vlan1
no ip address
no ip route-cache
shutdown
Oops! Notice our Vlan1 is shutdown I didnt see any Vlan 10 listing though. That is because we need to go back and bring it up to show up in our running configuration:
Matt_switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Matt_switch(config)#vlan 10
Matt_switch(config-vlan)#no shut
02:50:21: %LINK-3-UPDOWN: Interface Vlan10, changed state to up
Matt_switch(config-vlan)#
Then we can double-check it with our running-configuration:
interface Vlan10
no ip address
no ip route-cache
!
One last thing you may do is to configure an IP address on a switch. When we did it from the menus on 1900s it was easy. Here too. It just combines using VLANs and interfaces.
Matt_switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Matt_switch(config)#vlan 1
Matt_switch(config-vlan)#no shut
02:50:21: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
Matt_switch(config-vlan)#ip address 192.168.1.2 255.255.255.0
Matt_switch(config-vlan)#ip default-gateway 192.168.1.1
There are just so many things to do with the switches. Where to start is easy. Where to stop is difficult. The best thing you can do to learn more is to go out to the Cisco website and look up all the different command options available for your specific 2950 and IOS version. Try starting with VTP and STP on your switch. When you are done with your work or even intermittingly you should be sure to save your work:
Matt_switch#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
or,
Matt_switch#wr
Building configuration...
[OK]
Matt_switch#
Later on after you learn about ACLs on routers come on back and put some ACLs on your switches. Yeah, I said ityou can do that here too.
Using a 4000/5000 Switch
Objective:
There are many schools that use only 2950s for their switches. In this lab you will learn how to set up the basics on the switch, configure interfaces, and set up VLANs.
Tools and Materials:
(1) workstation
(1) console cable
(1) 2950 switch (I used IOS version 12.1 here)
Lab Design:
Background:
Before we begin I wanted to explain a bit about the monster that is the 4000 and 5000 series of switches. For starters, they are really more of a layer 3 switch, in other words they are mostly layer 2 switches with layer 3 (routing) functionality. As you will see there will be a switch and a router to configure within this device. Later you will see how these function come together in the whole enchilada crazy insano labs.
First off the Catalyst family is a modular switch, meaning you can interchange modules (also known as blades) to change the functionality of the overall device. For example, you could fill the chasis of a 5000 that has five blade slots with one supervisor engine (minimum one soup engine required), three 12 port fast Ethernet switching modules and one FDDI card. Each catalyst is also number according to how many blade ports are contained within it. For example a catalyst 5005 is a catalyst 5000 with 5 blade ports. A catalyst 5513 is a catalyst 5500 with 13 blade ports.
Next you will see two or three power supply ports that may have two or three power supplies in them. If we have two power supplies is one a redundant power supply? You may think so but, in fact, they are both required to be turned on in order for the switch to work properly.
The next oddity with the catalyst is the console port on the supervisor engine. It really depends on each specific catalyst which type of cable is used to console into the catalayst. Some, like the catalyst 5005, uses a console cable. Others, like a catalyst 5513 uses a straight through cable. Just know if one cable does not work then try the other until you get the scripts in a hyperterminal session. Yeah, I know, weird. But Cisco has bought, subcontracted, or developed various parts of them from all over the world and really didnt, in my opinion, provide consistency specifications for them. Disorder by dissemination! Resistance is futile! With this in mind lets get going!
Step-By-Step Instructions:
Set up and cable the lab as shown. Turn the power on to the catalyst switch and open a hyperterminal session.
When the power comes up and the switch settles in you may be asked for a password. If so, put it in (ask your instructor). If not, then lets see our default configuration using the show config command. Be readythis is going to burn a few pages (I did take out some blank lines and compress for spacing a bit):
Console> (enable) show config
begin
#version 4.5(13a)
set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set prompt Console>
set length 24 default
set logout 20
set banner motd ^C^C
#system
set system baud 9600
set system modem disable
set system name
set system location
set system contact
#snmp
set snmp community read-only public
set snmp community read-write private
set snmp community read-write-all secret
set snmp rmon disable
set snmp trap disable module
set snmp trap disable chassis
set snmp trap disable bridge
set snmp trap disable repeater
set snmp trap disable vtp
set snmp trap disable auth
set snmp trap disable ippermit
set snmp trap disable vmps
set snmp trap disable entity
set snmp trap disable config
set snmp trap disable stpx
set snmp trap disable syslog
set snmp extendedrmon vlanmode disable
set snmp extendedrmon vlanagent disable
set snmp extendedrmon enable
#ip
set interface sc0 1 0.0.0.0 0.0.0.0 0.0.0.0
set interface sc0 up
set interface sl0 0.0.0.0 0.0.0.0
set interface sl0 up
set arp agingtime 1200
set ip redirect enable
set ip unreachable enable
set ip fragmentation enable
set ip alias default 0.0.0.0
#Command alias
!
#vmps
set vmps server retry 3
set vmps server reconfirminterval 60
set vmps tftpserver 0.0.0.0 vmps-config-database.1
set vmps state disable
#dns
set ip dns disable
#tacacs+
set tacacs attempts 3
set tacacs directedrequest disable
set tacacs timeout 5
#authentication
set authentication login tacacs disable console
set authentication login tacacs disable telnet
set authentication enable tacacs disable console
set authentication enable tacacs disable telnet
set authentication login local enable console
set authentication login local enable telnet
set authentication enable local enable console
set authentication enable local enable telnet
#bridge
set bridge ipx snaptoether 8023raw
set bridge ipx 8022toether 8023
set bridge ipx 8023rawtofddi snap
#vtp
set vtp mode server
set vtp v2 disable
set vtp pruning disable
set vtp pruneeligible 2-1000
clear vtp pruneeligible 1001-1005
#spantree
#uplinkfast groups
set spantree uplinkfast disable
#backbonefast
set spantree backbonefast disable
#vlan 1
set spantree enable 1
set spantree fwddelay 15 1
set spantree hello 2 1
set spantree maxage 20 1
set spantree priority 32768 1
#vlan 1003
set spantree enable 1003
set spantree fwddelay 15 1003
set spantree hello 2 1003
set spantree maxage 20 1003
set spantree priority 32768 1003
set spantree portstate 1003 block 0
set spantree portcost 1003 62
set spantree portpri 1003 4
set spantree portfast 1003 disable
#vlan 1005
set spantree enable 1005
set spantree fwddelay 15 1005
set spantree hello 2 1005
set spantree maxage 20 1005
set spantree priority 32768 1005
set spantree multicast-address 1005 ieee
#cgmp
set cgmp disable
set cgmp leave disable
#syslog
set logging console enable
set logging server disable
set logging level cdp 2 default
set logging level mcast 2 default
set logging level dtp 5 default
set logging level dvlan 2 default
set logging level earl 2 default
set logging level fddi 2 default
set logging level ip 2 default
set logging level pruning 2 default
set logging level snmp 2 default
set logging level spantree 2 default
set logging level sys 5 default
set logging level tac 2 default
set logging level tcp 2 default
set logging level telnet 2 default
set logging level tftp 2 default
set logging level vtp 2 default
set logging level vmps 2 default
set logging level kernel 2 default
set logging level filesys 2 default
set logging level drip 2 default
set logging level pagp 5 default
set logging level mgmt 5 default
set logging level mls 5 default
set logging level protfilt 2 default
set logging level security 2 default
set logging server facility LOCAL7
set logging server severity 4
set logging buffer 500
set logging timestamp enable
#ntp
set ntp broadcastclient disable
set ntp broadcastdelay 3000
set ntp client disable
clear timezone
set summertime disable
#permit list
set ip permit disable
#drip
set tokenring reduction enable
set tokenring distrib-crf disable
#igmp
set igmp disable
#standby ports
set standbyports disable
#module 1 : 2-port 100BaseTX Supervisor
set module name 1
set vlan 1 1/1-2
set port channel 1/1-2 off
set port channel 1/1-2 auto
set port enable 1/1-2
set port level 1/1-2 normal
set port duplex 1/1-2 half
set port trap 1/1-2 disable
set port name 1/1-2
set port security 1/1-2 disable
set port broadcast 1/1-2 100%
set port membership 1/1-2 static
set cdp enable 1/1-2
set cdp interval 1/1-2 60
set trunk 1/1 auto isl 1-1005
set trunk 1/2 auto isl 1-1005
set spantree portfast 1/1-2 disable
set spantree portcost 1/1-2 19
set spantree portpri 1/1-2 32
set spantree portvlanpri 1/1 0
set spantree portvlanpri 1/2 0
set spantree portvlancost 1/1 cost 18
set spantree portvlancost 1/2 cost 18
#module 2 : 12-port 100BaseTX Ethernet
set module name 2
set module enable 2
set vlan 1 2/1-12
set port enable 2/1-12
set port level 2/1-12 normal
set port duplex 2/1-12 half
set port trap 2/1-12 disable
set port name 2/1-12
set port security 2/1-12 disable
set port broadcast 2/1-12 0
set port membership 2/1-12 static
set cdp enable 2/1-12
set cdp interval 2/1-12 60
set trunk 2/1 auto isl 1-1005
set trunk 2/2 auto isl 1-1005
set trunk 2/3 auto isl 1-1005
set trunk 2/4 auto isl 1-1005
set trunk 2/5 auto isl 1-1005
set trunk 2/6 auto isl 1-1005
set trunk 2/7 auto isl 1-1005
set trunk 2/8 auto isl 1-1005
set trunk 2/9 auto isl 1-1005
set trunk 2/10 auto isl 1-1005
set trunk 2/11 auto isl 1-1005
set trunk 2/12 auto isl 1-1005
set spantree portfast 2/1-12 disable
set spantree portcost 2/1-12 19
set spantree portpri 2/1-12 32
set spantree portvlanpri 2/1 0
set spantree portvlanpri 2/2 0
set spantree portvlanpri 2/3 0
set spantree portvlanpri 2/4 0
set spantree portvlanpri 2/5 0
set spantree portvlanpri 2/6 0
set spantree portvlanpri 2/7 0
set spantree portvlanpri 2/8 0
set spantree portvlanpri 2/9 0
set spantree portvlanpri 2/10 0
set spantree portvlanpri 2/11 0
set spantree portvlanpri 2/12 0
set spantree portvlancost 2/1 cost 18
set spantree portvlancost 2/2 cost 18
set spantree portvlancost 2/3 cost 18
set spantree portvlancost 2/4 cost 18
set spantree portvlancost 2/5 cost 18
set spantree portvlancost 2/6 cost 18
set spantree portvlancost 2/7 cost 18
set spantree portvlancost 2/8 cost 18
set spantree portvlancost 2/9 cost 18
set spantree portvlancost 2/10 cost 18
set spantree portvlancost 2/11 cost 18
set spantree portvlancost 2/12 cost 18
#module 3 empty
#module 4 empty
#module 5 empty
#switch port analyzer
!set span 1 1/1 both inpkts disable
set span disable
#cam
set cam agingtime 1,1003,1005 300
end
Console> (enable)
Okright off the bat we can see this default configuration is huge. Well, ok, it is not so default because there are a couple of passwords, but it is there. You can see we have a slightly different language/programming style than we used with our 2950s. The programming for the 2950s more closely resembles the programming style of the 2500/2600 routers you will use later. The catalyst 4000/5000 series uses what is called a set based programming language. Instead of using enable password cisco to set the enable password we would now use set enablepass to start the process.
Now that we have seen our basic default configuration lets go ahead and put some basic commands to use here. Lets set up an enable password and change the name of the prompt. First, lets use our help function and see what commands are available:
Console> (enable) ?
Commands:
configure Configure system from network
disable Disable privileged mode
disconnect Disconnect user session
download Download code to a processor
enable Enable privileged mode
help Show this message
history Show contents of history substitution buffer
ping Send echo packets to hosts
quit Exit from the Admin session
reconfirm Reconfirm VMPS
reload Force software reload to linecard
reset Reset system or module
session Tunnel to ATM or Router module
set Set, use 'set help' for more info
show Show, use 'show help' for more info
slip Attach/detach Serial Line IP interface
switch Switch to standby
telnet Telnet to a remote host
test Test, use 'test help' for more info
traceroute Trace the route to a host
upload Upload code from a processor
wait Wait for x seconds
write Write system configuration to terminal/network
Then, lets also look at the options available with our set command:
Console> (enable) set help
Set commands:
set alias Set alias for command
set arp Set ARP table entry
set authentication Set TACACS authentication
set banner Set message of the day banner
set bridge Set br.,use 'set bridge help' for more info
set cam Set CAM table entry
set cdp Set cdp, use 'set cdp help' for more info
set cgmp Set CGMP (enable/disable)
set enablepass Set privilege mode password
set fddi Set FDDI, use 'set fddi help' for more info
set help Show this message
set igmp Set IGMP (enable/disable)
set interface Set network interface configuration
set ip Set IP, use 'set ip help' for more info
set length Set screen's # of lines(0 to disable more')
set logging Set system logging configuration info.
set logout Set number of minutes before auto. logout
set module Set module, use 'set module help' for info
set multicast Set multicast router port
set mls Set multilayer switching information
set ntp Set NTP, use 'set ntp help' for more info
set password Set console password
set port Set port, use 'set port help' for more info
set prompt Set prompt
set protocolfilter Set protocol filtering
set rsmautostate Enable/Disable RSM derived interface state
set snmp Set SNMP, use 'set snmp help' for more info
set span Set switch port analyzer
set spantree Set spanning tree information
set standbyports Set standby ports feature (enable/disable).
set summertime Set summertime
set system Set sys.,use 'set system help'for more info
set tacacs Set TACACS information
set time Set time
set timezone Set timezone
set tokenring Set tokenring information
set trunk Set trunk ports
set vlan Set virtual LAN information
set vmps Set VMPS information
set vtp Set VLAN Trunk Information
Lots of good information in there. Lets use some of these commands. First, to change the enable password you type in set enablepass and then you need to put in the old password and the new password, twice.
Console> (enable) set enablepass
Enter old password:
Enter new password:
Retype new password:
Password changed.
Alas! As you have come to expect by now (like using different cables to console into catalyst switches) all commands do not work the same with the catalyst switches. If you followed the logic of setting the enable password you would expect to type in set prompt and then be prompted for the new prompt name, but that is not so (see below). Instead the switch wants it all at once!
Console> (enable) set prompt
Usage: set prompt
Console> (enable) set prompt Cat_Switch
Cat_Switch (enable)
Notice how the prompt changes immediately after changing to the new name. Did you also notice by now that the prompts are different than you saw with the 2950s? Yeah, no more carats (>) or pound symbols (#), just a big empty spacethe final frontier.
Next, lets set up our vty line. You really do not have one, the closest thing you have is an sc and me interfaces. An sc interface is an in-band interface and a me is an Ethernet managemet interface. You need to have one of these configured to allow you to telnet into the catalyst switch. Basically this will apply an IP address to our switch. The command to do this is the set interface command. You just need to add the ip address and network mask to the end of the command like so:
Cat_Switch (enable) set interface sc0 192.168.1.2 255.255.255.0
Interface sc0 IP address and netmask set.
Cat_Switch (enable)
The next thing we may want to do is assign the sc0 interface to another VLAN. By default sc0 is set to VLAN 1. Here is the command in case you want to change sc0 from VLAN 1 to VLAN 20:
Cat_Switch (enable) set interface sc0 20
VLAN 20 does not exist.
You will note I left in the error message at this point. Of course we have not created a VLAN yet. Most instructions I have seen have you try to do this command too early on and I wanted to point it out to you.
So, lets make some VLANs and try again! First we have to set up our VTP domain and give it a name. This is a network-wide domain that is used to communicate between all other switches. There is actually vtp packets sent to communicate the information between the switches with vlan information, including adding, deleting or modifying the vlans. It really takes up VLAN a notch doesnt it?
Cat_Switch (enable) set vtp domain matt
VTP domain matt modified
Once we have created our vtp domain or set it up to communicate with the same domain name in our network then we can set up our vlans. In this example I want to create a VLAN 20 (named loophole) that uses the first 10 ports on my Fast Ethernet blade that has been put into blade port #2. Then I want to creat a VLAN 30 (named amaffew) that uses the other two ports. Notice how we have to call the interfaces out first by the blade port number add a slash and then the port numbers (2/1-10). Your numbers may vary because I have the soup engine in my first blade port and the Fast Ethernet blade in my second blade port.
Cat_Switch (enable) set vlan 20 2/1-10
VLAN 20 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
20 2/1-10
Cat_Switch (enable) set vlan 20 name loophole
Vlan 20 configuration successful
Cat_Switch (enable) set vlan 30 2/11-12
VLAN 30 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
30 2/11-12
Cat_Switch (enable) set vlan 30 name amaffew
Vlan 30 configuration successful
Cat_Switch (enable)
Lets just double check those vlans:
Cat_Switch (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- -----------
1 default active 5
20 loophole active 23 2/1-10
30 amaffew active 24 2/11-12
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8
You can see our five default vlans and the two vlans we just created.
Next, we should probably add a gateway to our catalyst switch. This will tell the switch where to send all packets when they come to the switch. You will notice that earlier I used the ip address 192.168.1.2/24 for the catalyst switch. Usually I use the first available ip address for the border device, in this case a router Ethernet interface (192.168.1.1/24). So lets add that in as our gateway:
Cat_Switch (enable) set ip route default 192.168.1.1
Route added.
Cat_Switch (enable)
There are just so many things you can do with these things and I am sure you will have a blast when you get to the CCNP switching class if you enjoyed this so far. Some of the topics you will see there include (some of these are my additions):
Catalyst family maintenance and upkeep
Configuring Port Fast
Configuring Uplink Fast
Configuring Backbone Fast
Router on a stick
Configuring Router Switch Modules
Hot Swappable Routing Protocol (HSRP)
Trunking
SNMP with Switches
Protocol inspectors and packet analysis with switches
DHCP on Catalyst switches
Encapsulation variations for switches
InterVLAN routing issues with current Cisco IOSs
AAA with Catalyst switches
ACLs with switches
Security functions on switches
Wireless networking with switches
Wireless security with switches
Setting up DNS servers and using them with switches
6500 switch basics
VOIP basics with 6500 switches
Holy Enchilada! Maximum Crazy Insano Labs!
Part 2 Command Review
Objective:
To list all commands utilized in Part 2 of this textbook.
Step-by-Step Instructions:
1. For each of the commands give a description of the command, the prompt for configuration, and any abbreviations for that command. You will have to list the commands here. (
PromptCommandShortcutDescription
PromptCommandShortcutDescription
PAGE
PAGE 115
6 ; X Y { Y 5
;
R
S
X
! C D E R S (
)
% & ' i j Ŷ jS U j24 U jI
U jC Uj CJ UmH nH u OJ QJ j U0J CJ j CJ U
j CJ U
6CJ ]
5CJ \ CJ 5>*B*\ph CJ0 6] CJ
5CJ0 \ 56\] 5\4
< = X Y
! : P Q R S T U V
! ^ ` Y Z Z V W X Y a
4
5
7
8
9
:
;
R
S
T
U
V
$a$
&