Sunday, 23 June 2013

VLANS & VTP In a Nutshell


Virtual LANS provide a way to split a single physical LAN into multiple broadcast domains. This reduces the number of broadcast frames that each device must process and that each switch must forward. Thus reducing congestion on the network. VLANS are also helpful in providing security by isolating devices that handle sensitive data from the rest of the network.


You can have a single switch with five interfaces (and the devices attached to them) assigned to VLAN 1 and another five interfaces assigned to VLAN 10. You can also assign IP phones to their own VLAN thus separating voice traffic from regular data.

If you would like the multiple VLANS throughout your entire network you would need to configure those VLANs on all switches in the network. In large networks that can be very  laborious since some large networks have hundreds of switches. The solution to this problem is the VLAN Trunking Protocol - VTP.

VTP allows you to create a VLAN on one switch and have it automatically replicated to all other switches (or a subset of switches). Once two switches are in the same VTP domain and have the same password (if this option is enabled) they will be able to exchange VLAN information.

Each time a switch learns of a change to the VLAN database it increments a "revision number" upward by 1 and all other switches synchronize.

NB. It is important that new switches attached to an existing network have a lower revision number than the currently network-wide revision number, otherwise the network switches will synchronize to use the new switches VLAN database and erase their own database.

VTP configuration is relatively simple. Take a look at the example below:













"vtp mode server" enables the device to initiate vtp updates and is the default. The two other modes are client and transparent. Clients cannot create or delete vlans but they receive and apply VTP updates.

Transparent mode switches do not initiate updates nor do they apply updates that they receive, but they do forward updates that they receive to other devices. When transparent mode is configured on a switch it effectively disables vtp on that switch.

So there you have it, VLANS & VTP in a nutshell, I hope this was informative.


All the best,

Roger.


Recommended Resource: GNS3 Vault





Saturday, 22 June 2013

LAN Switch Forwarding Logic


When I just started learning networking, getting my mind around the switching logic was one of the hardest tasks for me. I sort of understood how it worked but whenever I saw a question with mac address tables and interface numbers and I was then supposed to predict the path that the frame would take, I just went blank.

As it turned out, it actually wasn't half as hard as I thought it was. And I'll try to explain the forwarding logic as clearly as possible here.

First let me distinguish "forwarding logic" from "processing logic". Processing logic means how will the switch process the frame. Will it wait to receive the whole frame before it starts forwarding it (store-and-forward), will it start forwarding the frame after it has received a portion of the frame (fragment-free) or will it start forwarding the frame immediately upon receipt? This is a question of how the switch will process the frame. Forwarding logic asks: will the switch "forward" the frame, "flood" the frame, or "filter" the frame?

Forward means send the frame out a specific interface, flood means send the frame out all interfaces (except the interface that the frame came in on) and filter means will not forward or flood the frame.

Here's how it works:

When a switch receives a frame it checks its mac address table to see if it knows the destination device's mac address and what interface (port) has a path to that device. If it sees the device in its mac table then it will forward the frame directly to that device out the corresponding port. 

So a frame destined for device with mac address 0000.aa67.64c5 will be "forwarded" out interface Fa0/14 only and not any other interface. It could be said that the frame is "filtered" from going out any other interface.


If the device was not listed in the mac table the frame would be "flooded" out all interfaces (except the one it came in on) in hopes that it will reach the correct host. If the host receives the frame and responds, the switch will have learnt the devices mac address and will add it to the table.

All devices are within VLAN 1, but imagine now that the device with mac address 0000.aa67.64c5 is in VLAN 2. Then the switch will only forward frames that originate in VLAN 2 to that device. 

If Inter-VLAN routing is configured, the switch will forward any frame destined for that device but originating in a different VLAN to the default-gateway (router) on that network and the router will move the frame over to VLAN 2 so that the switch now sees it as originating in VLAN 2 and so it can now forward the frame to the above mentioned device in VLAN 2.

I do hope this was helpful.


Roger.






Thursday, 20 June 2013

The OSI Network Model - What You Need to Know

In computer networking you've got to take a layered approach to solving problems on more advanced and complex networks. It makes it much easier when you focus on one small aspect of a network at a time than focusing on the entire thing all at once.

A computer may not be able to communicate with the server and there could be any number of reasons for this. But how many physical reasons could there be? Well it could be a cable unplugged or broken, it could be that the switch lost electric power, it could be that a large industrial saw is running near the switch and causing interference. The point is there are a limited number of things that could be wrong "physically".

What could be wrong at the network layer? Well it could be a misconfigured IP address or it could be a misconfigured routing protocol, it could even be an access-control list preventing data communication, but it could NOT be an unplugged cable because we already checked that at the physical layer so we don't even need to think about that now.

This approach makes troubleshooting not only easier but also a lot quicker. And fixing problems quickly in a production network is vital.

The 7 layers of the OSI network model are as follows:




















The image above also explains what each layer does (or entails). It is good to know what each layer does but it is important especially to know what happens at layers 1 - 4. The truth is that for the CCENT/CCNA exam you won't need to pay much attention to layers above layer 4.

To remember the names of the layers I use the following mnemonic:

All               -Application
People         -Presentation
Seem           -Session
To               -Transport
Need           -Network
Data             -Data Link
Processing    -Physical

Of course there are other mnemonics out there and you can look them up and choose what works best for you.

It is also a good idea to become familiar with the numbers corresponding to each layer. For example a network engineer might say; "that sounds like a layer 3 problem" and you need to know immediately that he's talking about the network layer. The exams also use the layer numbers instead of the layer names quite often so it is really a good idea to get familiar with that.

All-in-all you want to apply this model when considering how data passes throughout a network and when trouble-shooting problems on your network. Take the modular approach and be methodical rather that haphazard and you will be able to identify and correct problems much quicker and with much less effort.



Roger.

Wednesday, 19 June 2013

The Absolute Easiest Subnetting Method on Earth




Subnetting.... I still hate it, but now I don't fear it, NOW IT'S EASY. I remember when I just started learning subnetting and I saw all these methods being touted by each person as the best or easiest method when they were in fact quite complicated and often involving binary math.






The method I'm about to show you involves no binary math at all. All you need to do is memorize a simple chart.

It looks like this:














Class A = 1-126
Class B = 128-191
Class C = 192-223


Mask means all possible subnet mask octet values
Bits means number of subnet or "borrowed" bits
MN means magic number which is the increment between subnets or the number of addresses in the subnet
Snets means number if subnets (I'll explain this one in more detail later)

So if you are asked to find the subnet in which the IP address 172.16.44.2 /19 resides all you have to do is the following:

Just by looking at the IP address you can see that it is a class B address because it starts with 172, so that means it has 16 network bits (the first two octets). Since the mask is /19 just subtract 16 from 19 and you get the number of borrowed bits (3 in this case). Looking at the chart: 3 in the "bits" column matches with 32 in the "MN" column so compare 32 to the third octet in the IP address (this is the octet from which the bits were borrowed) the subnet number will be a multiple of the Magic Number. 32 goes into 44 once and if you multiply 32x2 you get 64 which is too much. So your subnet number will be 172.16.32.0

THAT'S IT - YOUR'E DONE!

For questions that ask you what mask will give you X number of subnets just look at the "Snets" colum in the chart and whichever value matches the number of subnets you need use the corresponding mask value in the "mask" column as the mask value needed to achieve that number of subnets. You can extend the chart to include more subnets by just doubling the figures as you go along.

Memorize the chart and practice the method over and over and it will become second nature to you. Just write down the chart before you start your exam and use it as a reference chart while doing subnetting questions on the exam.

Subnetting is a complex concept to grasp when you're just starting out so I may be posting more information on subnetting periodically and certainly on VLSM subnetting in the near future so stay tuned.

I hope this helps and I wish you all the best.


Roger.





Tuesday, 18 June 2013

Cisco IOS - Easier to Learn Than You Think

CISCO IOS



What sets Cisco apart from other mainstream network hardware manufacturers is in fact not the hardware at all. It's their software; specifically the operating system that runs the routers and switches referred to as IOS or the Internetwork Operating System.

IOS provides flexibility in managing network devices and provides a staggering plethora of features that sets Cisco equipment in a whole different league. If you can master IOS then you can manage Cisco devices and earn a decent income. When I say master IOS I mean having a good understanding of how it works, how to configure the most important features quickly and how to interpret command output.

Fortunately learning IOS is much easier than people think. Using IOS is the best way to learn it. If you can afford to buy physical equipment go right ahead and do so. If not you can try to get your hands on a network emulator like GNS3 or Packet Tracer.

Once you have your equipment or emulator and you've loaded IOS, the single most important command for you to learn is "?". Thats right, a question mark. The question mark tells you all the possible commands within the context of the IOS mode that you are in and also tells you what each command does. In the case where there are multiple commands that must be strung together to accomplish a task just keep hitting the "?" after each command and it will tell you the next command options available to you and what they do.

Eample:



































Setting the clock is so easy because IOS shows me how. This is true of  every configuration task in IOS. And in time you'll memorize a large number of commands and command sets.

But don't worry you won't look like a newbie if you use the "?" feature. Even CCIE's use this feature periodically.

So go ahead and get some cheap equipment on ebay and practice, its fun!



Monday, 17 June 2013

Cisco Networking Basics

The title of this post is "Cisco Networking Basics". In the world of networking it seems that nothing to do with Cisco is "basic". It's not just about plugging cables in and typing in an IP address. It involves implementing security features on advanced networking devices such as access-control lists, implementing subnetting schemes, interpreting gobblygook-looking command output among other things. However my purpose in creating this blog is to present these networking concepts in a way that will be easily understood.

The idea of a blog about basic Cisco networking means I assume the reader is a beginner and so even though I intend to provide explanations and insights into pretty much all concepts covered at the CCNA level, I still want it to be as dumbed-down as possible in a manner of speaking. I hope to make this a "Cisco Networking for Dummies" kind of approach.

If you are interested in enterprise-level networking as a career there is no better certification to pursue than Cisco certification. And when I say no better I mean: in the world of networking nothing else comes close.

I intend to post regularly explaining topics in their entirety or individual concepts within a topic and try to spell-out some of the more difficult to understand concepts in Networking.

Interestingly, although Cisco certification is by far the most valuable you could get, if you are totally new to networking I actually recommend casually reading the Comptia Network+ All-In-One Guide just to get an overview of networking concepts in a broad sense.

Then Cisco CCENT/CCNA (also known as ICND1 & ICND2) will focus on the more exciting details.


I hope this resource will be of benefit and I look forward to sharing my knowledge.


Roger.




Recommended Resource: GNS3 Vault: