CCNABRAINDUMP1(3)
添加时间: 2007-9-6 0:49:52 作者: Cisco考试认证 阅读次数:54 来源: http://www.d9soft.com
Eg. 00007C80.0000.8609.33E9 is an IPX add in Hex. 20 Hex dig=10 B. In dual proto nets TCP/IP add is converted to Hex (4B) and used as IPX net add for uniqueness. Find IPX add: ask admn, use CDP, telnet to neighbor router,
Cisco Router: build SAP tables, respond to GNS req in locating svcs like Netware servers, saves WAN link b/w by doing this incase of remote servers, by def can’t pass SAP broadcast (can forwd if progmd), own SAP broadcast @ 60 sec,
Enable IPX routing: # config t, # ipx routing [node], (node-optional-mac add of int by def, must if R has only serial ports)
# ipx maximum paths 2 (max 512) forwards IPX pkts to mult paths. cisco does load sharing by def over parallel paths.
# ipx delay [6/1] =6 ticks, 1 hop. Tick metric- Cisco default for LAN int- 1 tick, WAN int- 6 ticks
IPX on each sub/interface for multi frames: # ipx network [number] [encapsulation encap-type] [secondary]:uses def if [encap+sec-optional] not given, # config t, # ipx routing, # int e0.1, # ipx network 3200 encap arpa sec,
Encapsulation / Frame types: Netware supports multi incompatible frames on the same media, All of them works in one media if Cisco router supports all frames. to use multi encap use subinterfaces, seconary nets. 4 types: Enet_802.3: def till Nw 3.11, Enet_802.2:def since Nw 3.12, Enet_II: supports tcp/ip & ipx, Enet_snap: supports Appletalk, ipx, tcp/ip.
Encapsulation : Ethet, Token Ring, FDDI, (Interface type, Novell Frame type, Cisco IOS key word)
Ethernet : IPX Enet_802.3: novell-ether (default), IPX Enet_802.2: sap, IPX Enet_II: arpa, IPX Enet_snap: snap
Token Ring : Token-Ring: sap (default), Token-Ring_snap: snap,
FDDI : fddi_snap: snap (default), fddi_802.2: sap IPX Fddi_raw: novell-fddi
Serial : HDLC (default)
arpa : IPX Enet_II, hdlc : HDLC on ser links, novel-ether : IPX Enet_802.3, novell_fddi : IPX Fddi_raw
sap : IEEE 802.2 on Enet, FDDI, Token ring, snap : IEEE 802.2 SNAP on Enet, FDDI, Token ring
Sub interfaces: are virtual interfaces on a Cisco router, A new way to run secondary ip, ipx adds on the same interface.
To define sub Int use # Interface ethernet slot / port. number, (number =e0.0-e0.4292967295), #config t
# int e0.100, # ipx network 2300 encap sap
Secondary address: To add multi frame types and IPX add on the same int. (No cisco support, cisco supports only sub interfaces. # config t, # int s0, # ipx network 2200 encap sap, # ipx network 3200 encap hdlc sec
Monitoring IPX on Cisco routers:.
R# sh ipx route : sh IPX routing table entries. C-conntd prim net, c-conntd sec net, S-static, F-floating static, L-local (int), W-ipx wan, R-rip, E-eigrp, N-nlsp, X-Extl., A-Aggregate, s-sec,
R# sh ipx servers: sh all net servers, SAP table with all SAP svcs, P-periodic,I- incremental, H-Hold down, S-static
R# sh ipx traffic: sh summary of No & type of both IPX RIP & SAP update pkts recd & sent @ 60 sec by the router.
R# sh ipx interface: sh status of IPX int & IPX paramtrs set on each interface. sh sap,rip info(book-ans)
R# debug ipx routing activity / events: shows IPX RIP & SAP update pkts recd & sent, live IPX as its running thro network
R# undebug ipx routing act, R# ping ipx 5200.0000.0c3f.1d86- test ipx congif, R# debug ipx sap : shows IPX SAP pkts sent & recd @ 60 sec. SAP 0x1/0x2 gen qry / resp, 0x3/0x4 GNS reqst / resp.
Extended Ping: R# ping, ipx, 5200.0000.oc3f.1d86. R # sh proto e0- also shows IPX add of an int.
Monitor neighbor router: R# sh cdp entry routerX; R# sh cdp neighbor detail; R# telnet routerX / ipadd, R# sh ipx add
Access Lists : A list of conditions that control access, filters un wanted pkts. IP + IPX works similar. applied inbound or outbound traffic. Rules: compared in sequential order, compared until first match, implicit deny if there is no match.
IP Std 1-99, IP Ext 100-199, IPX Std 800-899, IPX Ext 900-999, IPX SAP 1000-1099, DECnet- 3xx, AppleTalk- 6xx
Cisco IOS ver 11.2 or later allows to use Access list name rather than Number.
STD IP access list: acts up on source IP add. # config t, syntax # access-list [number] [permit / deny] [source add]
R# config t, t# int e0, if# ip access-group 10 out, only 1 Access list each on i/c & o/g is possible for each protocol.
Wild cad masking: 0-check, 255-ignore, # config t, # access-list 11 permit [172.16.50.2 0.0.0.0 / 172.16.30.0 0.0.0.255]
Eg: [172.30.16 (00010000).0] [0.0.15 (00001111).255]- permits sub nets from 16 (00010000) to 31 (00011111)
Extended IP access list: acts up on source add, dest add, IP proto, Port , number=100-199, # config t, Syntax
# access-list [number] [permit / deny] [proto] [source add] [detn add] [port],
# access-list 110 permit tcp host 172.16.50.2 host 172.16.10.2 eq 8080, # int e0, # ip access group 110 out
# access- list 110 permit tcp any any eq www, host 172.16.50.2 = 172.16.50.2 0.0.0.0, any = 0.0.0.0 255.255.255.255
Port nos.-bgp179, ftp21, ftpdata20, gopher70, lpd515, smtp25, telnet23, www80, tftp69, Dns53.
Monitoring Ext IP access list 3 ways: R# sh ip interface, R# sh acces-lists, R# sh run
# sh access-lists: sh all running access lists, no of hits/matches for each line (34matches)
o/p: Ext IP access list 110, permit tcp host x.x.x.x host x.x.x.x eq 8080 ( 15 matches)
R# sh ip access-list / xxx : shows all / xxx IP access lists. R# clear access list counters : clears no of matches counters
R# sh ip int eo : shows int config,< which ports have IP access lists applied> R# sh running config : shows full config
Logging : config t, # access-list 110 deny ip any any log- can see no of matches on the denied line eg. (4 matches)
By default will log to the console. Log contains: acc list no, source add, source port, dest add, dest port, no of pkts.
All the log info can be redirected to a syslog server and stored for security purpose.
Placing Access List : STD Access list - Close to the Destination, Extended Access list- Close to the source
Efficient Access list: Most commonly matched lines in the access list should be on top, this lets most pkts to match fast than going thro all the lines in the list causing a delay in traffic.
STD IPX access lists : based on source and dest add, config t, # access-list [number] [permit / deny] [source] [dest]
t# access-list 810 permit 30 10, If# ipx access-group 810 out - permits traffic from net 30 to net 10
t# access-list 811 permit -1 -1, -1 = any host, any net ID,
Extended IPX access list: based on source net/node, dest net/node, IPX proto (SAP, SPX etc.), IPX socket
# access-list [number] [permit/deny] [IPX protocol] [source] [socket] [dest] [socket] , # config t
# access-list 910 deny -1 50 0 30 0, # int e0, If # ipx access-group 910 out
Logging: logs source add, source socket, dest add, dest socket, proto type
Monitoring: # sh access-lists (sh list contents), # sh ipx int (sh total int config), # sh run (sh total router config)
I-series specifies Concepts, terminology and services, Q-series specifies switching and signaling.
Basic Rate Interface (BRI) : 2B+1D Chl. 2x64kb B Chl. carries Data, 16kb D chl. carries cntrl & signaling info.(tot 144kb). D chl signaling proto spans phy, dll, Net layers. Config BRI: Need SPID (Service Profile Identifiers), one for each B chl.
Its like Tel no. for each B chl. ISDN Device can access BRI service only after giving SPID no. to the ISDN switch.
# config t, # isdn switch-type basic-dms100, # int bri0, # encap ppp, # isdn spid1 77545, # isdn spid2 77546
Primary Rate Interface (PRI): 23B+1D64 chl. (1.544mb-T1), 30B+ 1D64 (2 mb-E1)
Config PRI: for each ISDN PRI int, need to specify Data link specific info for the T1 controller, this way PRI commtes with ISDN switch, Framing & line coding info is essential. # config t, # controller T1 1/0, # int pri0, # framing esf,
# linecode b8zs, # pri-group timeslots 1-24, Extended Superframe Framing (ESF) is used in T1 ckts, consists 24 frames of 192 data bits each, with bit 193 provides timing & other functions. B8ZS is a binary eight-zero substitution line-coding mechanism guarantees delivery of data of 8 cont. zeros. Time slots 1-24 defines ISDN PRI time slots 1 to 24.
上一篇文章: CCNABRAINDUMP1(2) 下一篇文章: CCNABRAINDUMP3(1)
相关软件: