To pass the BSCI exam and move one step closer to CCNP certification success, you’ve got to know how and when to use debug commands to troubleshoot and verify network operations. While you should never practice debug commands on a production network, it’s important to get some hands-on experience with them and not rely on “router simulators” and books to learn about them.

When it comes to RIP, “debug ip rip” is the primary debug to use. This debug will show you the contents of the routing update packets, and is vital in diagnosing RIP version mismatches and routing update authentication issues.

You know how to use the variance command to configure unequal-cost load-sharing with IGRP, but IGRP has no topology table that will give you the feasible successor metrics you need. With IGRP, you need to use the “debug ip igrp transactions” command to get these vital metrics.
Read the full story

Dialer Watch is a vital part of your CCNA and CCNP studies, particularly for the BCRAN exam, but it’s one of the most misunderstood technologies as well. To help you pass the CCNA and CCNP certification exams, here’s a detailed look at Dialer Watch.

Dialer Watch allows you to configure a route or routes as “watched” when the watched route leaves the routing table and there is no other valid route to that specific destination, the ISDN link will come up. In the following example, R1 and R2 are connected by both a Frame Relay cloud over the 172.12.123.0 /24 network and an ISDN cloud using the 172.12.12.0 /24 network. The routers are running OSPF over the Frame cloud, and R1 is advertising its loopback of 1.1.1.1/32 as well as an Ethernet segment, 10.1.1.0/24, via OSPF. R2 has both of these routes in its OSPF table, as shown below.

R2#show ip route ospf

1.0.0.0/32 is subnetted, 1 subnets

O 1.1.1.1 [110/65] via 172.12.123.1, 00:00:07, Serial0

10.0.0.0/24 is subnetted, 1 subnets

O 10.1.1.0 [110/128] via 172.12.123.1, 00:00:08, Serial0

We want R2 to place a call to R1 if either the loopback or Ethernet networks leave R2’s routing table, but we don’t want to have to depend on interesting traffic. That dictates the use of Dialer Watch.

First, configure the list of watched routes with dialer watch-list. Only one of the watched routes needs to leave the routing table for the ISDN link to come up. In this example, R2 will watch both routes from its OSPF routing table.
Read the full story

There are more and more individuals opting to work from home than ever before. The advantages to this are many including avoiding the morning and evening rush hours, being able to spend time with your kids and significant other, and doing everything on your own time. Though the pitfalls are many, the one that I will be focusing on in this article is that of setting up a secure wireless network for your home based business. Right now somewhere out there, there is someone with a receiver waiting to pick up on an unsuspecting person’s wireless local area network. Their hope is to garner some sensitive information that may lead to identity theft, and stolen proprietary business information.

Most businesses owners are not technically inclined, though they may be power users, in general security settings is not one of the first things they want to mess around with in their day to day operations. This makes most wireless LANs a great target for information predators.
Read the full story

In a previous article we discussed the basics of what a router did. We’re now going to get into a more detailed, and yes technical, explanation of how packets are transmitted as well as a few other tech specs of how routers work. So put on your learning caps because you’re in for a real mind bender.

Internet data, whether it be in the form of a web page, a downloaded file or an email message, travels over what is called a packet switching network. Basically what happens is that the data is broken up into individual packets because there is only so much data that can be transmitted at one time. Each packet is about 1500 bytes long. Each packet contains quite a bit of information including the sender’s address, the receiver’s address and of course the information being sent which includes the order of each packet how it should be put back together so that the end user can make sense of the data. The packet is sent off to its destination based on what the router believes to be the best route to follow, which is usually the route with the least amount of traffic and if possible, the shortest route. Each packet may actually given a different route depending on conditions at the time, which in a high traffic network can change every second. By doing this, the router can balance the load across the network so that no one segment gets overloaded. Also, if there is a problem with one piece of equipment in the network, the router can bypass this piece of equipment and send the packet along another route. This way if there is a problem, the entire message will still arrive intact.

In conducting this process, routers have to speak to each other. They tell each other about any problems on the network and make recommendations on routes to take. This way, paths can be reconfigured if they have to be. However, not all routers do all jobs as routers come in different sizes and have different functions.

There are what we call simple routers. A simple router is usually used in a simple small network. Simple routers simply look to see where the data packet needs to go and sends it there. It doesn’t do much else.

Slightly larger routers, which are used for slightly larger networks, do a little bit more. These routers will also enforce security for the network, protecting the network from outside attacks. They are able to do a good enough job of this that additional security software is not needed.

The largest routers are used to handle data at major points on the Internet. These routers handle millions of packets of information per second. They work very hard to configure the network as efficiently as possible. These are stand alone systems and actually have more in common with supercomputers than with a simple server one might have in a small office.

In our next instalment we’ll look at how to actually trace the path that a message has taken and some examples of transmitting packets.

Few people will really care about the path that your packet takes when sending a message, but if you’re one of those high tech egg heads then this article may be of great interest to you. It can become very addictive so proceed with caution.

If you’re using a Microsoft Windows based operation system, then it’s very easy to trace the route that your message has taken. Not only that, you can see exactly how many routers it took to get your message from point A to point B. You can do this by using a program that is on your computer called Traceroute. That is exactly what the program does. It traces the route a message takes to get to its final destination.

To run the program you have to go to a DOS prompt. After doing this, go to the C:\windows directory and type tracert followed by the URL of the Internet site you’re connected to at the time. It will give you a rather technical spec sheet of every IP address it stopped at along the way until it got to its final destination.

The first number on the spec sheet tells you how many routers it went through to get to its final destination. Then each individual router listed on the page is numbered from 1 down to the last one which is actually the final destination. The next 3 numbers on each line for each router shows how long the packet took to get to that router. The next piece of information on each line is the actual name of the router the information went through. Yes, routers have names. This may be important to the users but is totally irrelevant to the router itself. Finally, the last piece of info on each line is the actual IP address of the router itself.

The amount of time it takes information to get from one router to another varies depending on how much traffic there is on that route at the time. Normally, it is no more than a couple of seconds. But occasionally, it can be longer. That is why sometimes you will be trying to access a web site and it seems to take forever. This can be for a number of reasons, but usually it is because along the way one of the routers is not working correctly and has to be bypassed. Sometimes the actual final location itself is down or having problems and the delay is the last router in the chain trying to connect to the network.

Traceroute is not limited to just checking the number of routers between you and an Internet site. You can use it to check the number of routers between you and any other computer on a network. As long as you know the IP address of the other computer you can trace the route of the packets between you and the other computer.

In our next instalment we’re going to look at how routers handle denial of service attacks and other problems.

Routers are not perfect. For that matter, nothing is. So if somebody wants to give a router more than it can handle there is a way to do this. We’re going to take a look at what are called denial of service attacks.

A router can only handle so much information coming into it at one time. Every machine has its limits and routers are no exceptions. Well, when the nasty trend of denial of service attacks started early this century, routers were unprepared for them. As they began to understand what was happening they began to compensate for the problem. But there was still a way around it. To understand this we first have to understand what a denial of service attack is.

A denial of service attack is just as it sounds. It is when someone prevents the router or routers from servicing the network. The question is, how do they do this? As previously stated, a router can only handle so much information coming into it to be routed at a time. If too much information starts coming in then the router gets overloaded and can’t forward the information fast enough. Ultimately, what happens is this slows the network down to the point where nobody can access it. In a denial of service attack, which is a deliberate attempt to cause this problem, a person will send an enormous amount of information from one computer to the router at one time. Eventually this will effectively shut down the network. The reason is because of the trickle down effect. Once the main routers start to get overloaded they start to send messages to the rest of the network that the connection is full. These messages start to cascade through the entire network until all the pathways in the network are full and nobody can communicate with any server on the network.

When companies and web sites began to understand what was happening then started to put safeguards in place. They would put checks in the router software to see if a large amount of information was coming from one IP address. If so, then it simply discarded the information and didn’t attempt to pass it on. It seemed that the problem was solved. Not so.

Hackers began to figure out that if they send this enormous amount of information from multiple computers or IP addresses, the routers would have no way of knowing that a denial of service attack was in progress because it would see all this information coming in from multiple locations. Ultimately again, the network would effectively be shut down.

In response to this, manufacturers of routers have placed additional safeguards into their routers to simply check for unusual traffic. The problem with this is that in some cases there is a large amount of traffic that is normal, like in the case of a news site being hit with an overload because a major breaking story hits the airwaves.

It remains to be seen if the hackers or the router manufacturers are going to win this war.

Whether you’re just starting to think about passing the CCNA or CCNP exams, or you’ve been on the certification track for a while, you’ve got to have a plan for success. If you wanted to drive your car from Florida to California, you’d create a plan to get there. You’d get a map and decide how far you wanted to drive per day, and maybe even make some hotel reservations in advance. You certainly wouldn’t get in your car, just drive it randomly down the nearest highway, and hope you ended up in California, would you?

Certainly not. Earning your CCNA certification is the same way. It’s not enough to just study a few minutes “when you feel like it”, or tell yourself that you’ll start studying for the exams “when I get such-and-such done”. The perfect time to start on the road to Cisco certification is not tomorrow, and it’s not next week. It’s today.

You’re much better off with one hour of solid study than three hours of interrupted, unfocused study. Here are a few ways to go about getting the kind of quality study time that will get you to the CCNA or CCNP (or any Cisco certification, for that matter!).

Schedule your study time, and regard this study time as you would an appointment with a client. If you were to meet a customer at 10:00 to discuss a network install, would you just decide not to show up and watch television instead? Not if you wanted the job. The same goes for your study time. That’s an appointment with the most important customer of all – YOU.

Turn your cell, iPod, TV, instant messenger, and all other electronic collars off for the duration of your study time. I know those of us in information technology don’t like to say this, but we can actually exist without being in touch with the world for a little while. You may even get to like it! Having uninterrupted study time is key to CCNA and CCNP exam success.

Finally, schedule your exam before you start studying. Contrary to what many people think, “deadline” is not a dirty word. We do our best work when we have a deadline and a schedule to keep. Make out your study schedule, schedule your exam, and get to work just as you would a network project for a customer. The project you’re working on is your career and your life, and by following these simple steps you can make it a highly successful project – by passing your CCNA and CCNP exam!

As a CCNA or CCNP, one thing you’ve got to get used to is that change is constant. Cisco regularly issues new IOS versions, not to mention the many different kinds of hardware they produce! While it’s always nice to have “the latest and the greatest” when it comes to routers, switches, firewalls, etc., we have to be prepared for the fact that not all our clients are going to have that latest and greatest!

For instance, there are still quite a few Catalyst 5000 switches out there humming away, and if you’re used to working on IOS-driven switches like the 2950, the same command can have dramatically different results.

Let’s say you’re going to examine the spanning tree protocol (STP) setup of a new client. You’re used to working with newer 2950 switches, and you’ve always run show span on those switches to display spanning-tree information. Then, you run show span on a Catalyst 5000 – and something like this shows:

switch (enable) show span

Destination : Port 6/1

Admin Source : Port 6/2

Oper Source : Port 6/2

Direction : transmit/receive

Incoming Packets: disabled

Learning : enabled

Multicast : enabled

Filter : -

Status : active

Total local span sessions: 1

What’s going on here?

The command show span on a 5000 will not show spanning tree stats – instead, what you’re going to see are statistics relating to Switched Port ANalyzer (SPAN). Surprise!

Consider an example where you’re used to running show span on 5000 switches to see SPAN information. When you run that on a 2950, you know now what you’re going to get – spanning tree information! On a 2950, you’ll need to run show monitor session, followed by the SPAN session number.

SW1#show monitor session 1

Session 1

———

Type : Local Session

Source Ports :

Both : Fa0/1

Destination Ports : Fa0/2

Encapsulation : Native

Ingress: Disabled

As a CCNA and CCNP, this is one of those things you just have to get used to. Commands are going to be different, sometimes radically so, between models. That’s why you need to be adept with both IOS Help and Cisco’s online documentation site. IOS Help is easy, but the online doc site take a little getting used to. Once you learn how to navigate that site, a world of Cisco knowledge is at your fingertips.

Besides, when you sit for the CCIE lab exam, that will be the only friend you have! And a valuable friend it can be – you’re just going to have to trust me on that one.