Cisco CCNP Certification / BCMSN Exam Tutorial: Uplinkfast
Posted on June 17th, 2010
You remember from your CCNA studies that when a port goes through the transition from blocking to forwarding, youre looking at a 50-second delay before that port can actually begin forwarding frames.
Configuring a port with PortFast is one way to get around that, but again, you can only use it when a single host device is found off the port. What if the device connected to a port is another switch?
A switch can be connected to two other switches, giving that local switch a redundant path to the root bridge, and thats great – we always want a backup plan! However, STP will only allow one path to be available, but if the available path to the root switch goes down, there will be a 50-second delay due to the STP timers MaxAge and ForwardDelay before the currently blocked path will be available.
The delay is there to prevent switching loops, and we cant use PortFast to shorten the delay since these are switches, not host devices. What we can use is Uplinkfast.
The ports that SW3 could potentially use to reach the root switch are collectively referred to as an uplink group. The uplink group includes the ports in forwarding and blocking mode. If the forwarding port in the uplink group sees that the link has gone down, another port in the uplink group will be transitioned from blocking to forwarding immediately. Uplinkfast is pretty much PortFast for wiring closets. (Cisco recommends that Uplinkfast not be used on switches in the distribution and core layers.)
Some additional details regarding Uplinkfast:
The actual transition from blocking to forwarding mode takes about three seconds.
Uplinkfast cannot be configured on a root switch.
Uplinkfast is configured globally. You cant run Uplinkfast on some ports or on a per-VLAN basis – its all or nothing.
The original root port will become the root port again when it detects that its link to the root switch has come back up. This does not take place immediately. The switch uses the following formula to determine how long to wait before transitioning back to the forwarding state:
( 2 x FwdDelay) + 5 seconds
Uplinkfast will take immediate action to ensure that the switch upon which it is configured cannot become the root switch. First, the switch priority will be set to 49,152, which means that if all other switches are still at their default priority, theyd all have to go down before this switch can possibly become the root switch. Additionally, the STP Port Cost will be increased by 3000, making it highly unlikely that this switch will be used to reach the root switch by any downstream switches.
And you just know theres got to be at least one option with this command, right? Lets run IOS Help and see.
SW2(config)#spanning-tree uplinkfast ?
max-update-rate Rate at which station address updates are sent
When there is a direct link failure, dummy multicast frames are sent to the MAC destination 0100.0ccd.cdcd. The max-update-rate value determines how many of these frames will be sent in a 100-millisecond time period.
Mastering the details of UplinkFast, BackboneFast, BPDU Guard, and Loop Guard are vital to your success on the CCNP exams, and one or more of these features are in use on almost every network in the world. Learn these features for success in both the exam room and the real world!
Tags: CCNA, CCNP
Filed under CCNA, CCNP, Cisco Certification | No Comments »
Cisco Ccnp Certification Exam Tutorial: Knowing Radius And Tacacs+ For Your Iscw Exam
Posted on June 11th, 2010
As part οf yοur CCNP certificatiοn exam studies, particularly fοr the ISCW exam, yοu need tο be very clear οn the differences between TACACS+ and RADIUS.
As a CCNA and future CCNP, yοu’ve already cοnfigured authenticatiοn in the fοrm οf creating a lοcal database οf usernames and passwοrds fοr bοth Telnet access and PPP authenticatiοn. This is sοmetimes called a self-cοntained AAA deplοyment, since nο external server is invοlved.
It’s mοre than likely that yοu’ll be using a server cοnfigured fοr οne οf the fοllοwing security prοtοcοls:
TACACS+, a Ciscο-prοprietary, TCP-based prοtοcοl
RADIUS, an οpen-standard, UDP-based prοtοcοl οriginally develοped by the IETF
An οbviοus questiοn is “If there’s a TACACS+, what abοut TACACS?” TACACS was the οriginal versiοn οf this prοtοcοl and is rarely used tοday.
Befοre perfοrming AAA Authenticatiοn cοnfiguratiοn, there are sοme οther TACACS+ / RADIUS differences yοu shοuld be aware οf:
While TACACS+ encrypts the entire packet, RADIUS encrypts οnly the passwοrd in the initial client-server packet.
RADIUS actually cοmbines the authenticatiοn and authοrizatiοn prοcesses, making it very difficult tο run οne but nοt the οther.
TACACS+ cοnsiders Authenticatiοn, Authοrizatiοn, and Accοunting tο be separate prοcesses. This allοws anοther methοd οf authenticatiοn tο be used (Kerberοs, fοr example), while still using TACACS+ fοr authοrizatiοn and accοunting.
RADIUS dοes nοt suppοrt the Nοvell Async Services Interface (NASI) prοtοcοl, the NetBIOS Frame Prοtοcοl Cοntrοl prοtοcοl, X.25 Packet Assembler / Disassembler (PAD), οr the AppleTalk Remοte Access Prοtοcοl (ARA οr ARAP). TACACS+ suppοrts all οf these.
RADIUS implementatiοns frοm different vendοrs may nοt wοrk well tοgether, οr at all.
RADIUS can’t cοntrοl the authοrizatiοn level οf users, but TACACS+ can.
We’ll discuss the uses οf bοth οf these prοtοcοls in a future CCNP certificatiοn tutοrial! Lοοk fοr mοre CCNA, CCENT, and CCNP tutοrials right here οn this same website!
Tags: CCNA, CCNP
Filed under CCNA, CCNP | No Comments »
Cisco CCNA / CCNP Certification Exam: Cabling Your Home Lab
Posted on June 9th, 2010
More CCNA and CCNP candidates than ever before are putting together their own home labs, and there’s no better way to learn about Cisco technologies than working with the real thing. Getting the routers and switches is just part of putting together a great CCNA / CCNP home lab, though. You’ve got to get the right cables to connect the devices, and this is an important part of your education as well. After all, without the right cables, client networks are going to have a hard time working!
For your Cisco home lab, one important cable is the DTE/DCE cable. These cables have two major uses in a home lab. To practice directly connecting Cisco routers via Serial interfaces (an important CCNA skill), you’ll need to connect them with a DTE/DCE cable. Second, if you plan on having a Cisco router act as a frame relay switch in your lab, you’ll need multiple DTE/DCE cables to do so. (Visit my website’s Home Lab Help section for a sample Frame Relay switch configuration.)
If you have multiple switches in your lab, that’s great, because you’ll be able to get a lot of spanning tree protocol (STP) work in as well as creating Etherchannels. To connect your switches, you’ll need crossover cables.
You’ll need some straight-through cables as well to connect your routers to the switches.
Finally, if you’re lucky enough to have an access server as part of your lab, you’ll need an octal cable to connect your AS to the other routers and switches in your lab. The octal cable has one large connector on one end and eight numbered RJ-45 connectors on the other end. The large connector should be attached to the async port on your AS, and the numbered RJ-45 connectors will be connected to the console ports on your other routers and switches.
Choosing and connecting the right cables for your Cisco CCNA / CCNP home lab is a great learning experience, and it’s also an important part of your Cisco education. After all, all great networks and home labs all begin at Layer One of the OSI model!
Tags: CCNA, CCNP, Cisco CCNA
Filed under CCNA, CCNP | No Comments »
Cisco CCNA Certification Exam Training: What Is Packet Switching?
Posted on June 7th, 2010
Cisco CCNA certification exam training means you need to learn a lot of new terms, and some of them can be a little problematic at first view.
To pass this hard certification exam,you definitely need to understand one term which is packet switching. The first question, of course, is “What is packet switching in the first place?” In today’s Cisco CCNA exam prep tutorial we will learn about this term.
Packets transmitted from “point A” to “point B” all have to arrive at the same destination, but with packet switching, they do not all have to take the same path to get there. If you and I are standing 10 feet apart and I want to throw a rugby ball to you, I’ve got some options. I could bounce the ball off the floor to you, I could throw it directly to you, or I could send it up into the air to you. Packet switching is pretty the same thing – packets will take different paths to get from source to destination, but the result is that all the packets arrive at the destination. Then they are then reassembled to take the form of the original message.
Packet switching may sound a little odd, but this is the most efficient way of transporting the data. Frame Relay is a packet switching technology, as is X.25, and both of these standards are very efficient.
When we have packets that must arrive at the destination in the same order in which they left the source, packet switching is not the best choice. For this situation, we’ll need to use something like circuit switching, and we’ll discuss that in tomorrow’s Cisco CCNA certification training article!
Visit our website and sign up for a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, “How To Pass The CCNA”, is also available
Tags: CCNA,Cisco CCNA,Cisco
Filed under CCNA, CCNA 640-802, Cisco Certification | No Comments »
CCNA Cisco Certification Case Study
Posted on June 5th, 2010
Your CCNA certification exam efforts must include practicing with different password types and knowing how to configure them on a Cisco router – but for CCNA exam success and to thrive in real-world networks, you also have to know how to examine a Cisco router configuration and determine the level of network security that is already present.? After all, most routers you work with already have passwords set, and it’s up to you to determine if those passwords are getting the job done.
Let’s start with a telnet password.? Telnet passwords are configured on the VTY lines, and no telnet access is enabled on a Cisco router by default.? If you saw the following configuration, what would it mean?
line vty 0 4
?privilege level 15
?password baseball
?login
That small Cisco router configuration means three things – first, Telnet access is enabled.? Second, the password is baseball.? Third, the “privilege level 15″ command means that any user who attempts to Telnet to the router and knows the password will automatically be placed into privileged exec mode.? (If that command were not present, the user would be placed into user exec and then prompted for the enable password before being allowed into privileged exec.)
You may not want to give that level of access to all incoming Telnet connections.? If you walked into a client’s router room and saw this configuration on a router, what would it mean to you?
username halas password 0 bears
username ewbank password 0 jets
username ed privilege 15 password 0 mcdaniel
line vty 0 4
?? login local
This configuration means three things as well.? Each user attempting to telnet in will be prompted for both a username and password.? Each individual user must enter the password that’s been assigned to them.? For example, the user “halas”would have to enter the password “bears” to successfully Telnet into this router.? The command “login local” under the VTY lines means that this local database of usernames and passwords will be used for authentication.?
Again, by default, users who are Telnetting in will be placed into user exec mode by default.? Only users with “privilege 15″ in the middle of their username / password definition will be placed into privileged exec immediately upon login.
Notice that zero in each of the username / password statements?? I didn’t enter that when I configured these statements.? This number indicates the level of encryption the password is currently under; a zero is the lowest level of encryption, indicating that the passwords aren’t encrypted at all.?? There’s a single line near the top of a Cisco router configuration that tells you why.. which of these three is it?
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
Simple enough!? The password encryption service is off by default.??? To turn it on. just run the command service password-encryption.? Let’s do so here and then take a look at the configuration.
R1(config)#service password-encryption
username halas password 7 1415170A1E17
username ewbank password 7 070524585D
username ed privilege 15 password 7 082C4F4A08170C121E
Now that’s what I call encryption!?? Note that the zero has changed to a “7″ – that’s the highest level of encryption on a Cisco router, and as you can see, it’s very effective.
Knowing how to read a Cisco router configuration is a valuable skill for both the CCNA certification exam and working with production networks.? Keep practicing, keep studying
, and you’ll have the coveted letters “CCNA” behind your name soon!
Tags: CCNA, Cisco CCNA
Filed under CCNA | No Comments »
Increasing Your Value with CCNA Training and Certification
Posted on June 4th, 2010
Even in this soft hiring market, companies are in need of information technology professionals who are certified in particular aspects of networking. Obtaining a Cisco Certified Network Associate (CCNA) certification provides IT professionals with the working knowledge of network protocols that are most sought after in the technology industry.
With the increasing demand for networking specialists, the value placed on CCNA certification is also increasing worldwide, and it is becoming a benchmark for determining who are the best and the most efficient network technicians. It’s becoming a standard way to filter job applicants as well as candidates for advancement within the technology industry.
?
CCNA certification is considered an entry-level certification or minimum requirement for IT professionals specializing in computer networking, and is usually pursued by current technical professionals who are looking for credentials, people who are new to networking, as well as professionals who are updating their training to cover current technology and systems. As an entry-level program, technology employers often consider the CCNA to be a basic qualification requirement for employees who install, configure, operate and problem-solve networks.
?
Training Courses
?
There are several ways to obtain the CCNA training needed in order to become certified. There are programs that can be attended where the training is hands-on; there are also online training and certification programs that can be worked into the candidate’s schedule more easily. The training program covers installing, configuring, operating and troubleshooting medium-sized route and switched networks as well as implementation and verification of connections to remote sites in a WAN. The training program also includes curriculum related to level 1 security threats and an introduction to wireless networking concepts and terminology.
?
The network protocols covered are:
- IP
- Enhanced Interior Gateway Routing Protocol (EIGRP)
- Serial Line Interface Protocol Frame Relay
- Routing Information Protocol Version 2 (RIPv2)
- VLANs
- Ethernet
- Access control lists (ACLs)
?
Certification Examination
?
In order to become CCNA certified, the training program should be completed and an examination must be passed. The certification examination is structured so that a candidate’s technical and special knowledge of networking environments is thoroughly tested and challenged. The questions require real-world expertise to answer and only those who are well trained and have a thorough knowledge of the ins and outs of computer networks will be able to pass the test and become CCNA certified.
Once the IT professional successfully completes the examination, their CCNA certification is valid for three years before they must re-certify in order to continue using their CCNA credentials. In order to re-certify, there are a number of different exams that may be taken, including one of the following:
?
- ICND2 exam
- Current CCNA exam
- CCNA Concentration exam (wireless, security, voice)
- Current CCDA exam
- 642 – XXX professional level or Cisco Specialist exam (excluding Sales Specialist exams)
- Current CCIE
- CCDE written exam
?
With the exception of merely taking the current version of the CCNA exam, these many options allow the IT professional to also acquire additional training, knowledge and expertise while pursuing CCNA re-certification.
Tags: CCIE, CCNA exam
Filed under CCNA | No Comments »
CCNA Cisco Certification Case Study
Posted on June 4th, 2010
Your CCNA certification exam efforts must include practicing with different password types and knowing how to configure them on a Cisco router – but for CCNA exam success and to thrive in real-world networks, you also have to know how to examine a Cisco router configuration and determine the level of network security that is already present.? After all, most routers you work with already have passwords set, and it’s up to you to determine if those passwords are getting the job done.
Let’s start with a telnet password.? Telnet passwords are configured on the VTY lines, and no telnet access is enabled on a Cisco router by default.? If you saw the following configuration, what would it mean?
line vty 0 4
?privilege level 15
?password baseball
?login
That small Cisco router configuration means three things – first, Telnet access is enabled.? Second, the password is baseball.? Third, the “privilege level 15″ command means that any user who attempts to Telnet to the router and knows the password will automatically be placed into privileged exec mode.? (If that command were not present, the user would be placed into user exec and then prompted for the enable password before being allowed into privileged exec.)
You may not want to give that level of access to all incoming Telnet connections.? If you walked into a client’s router room and saw this configuration on a router, what would it mean to you?
username halas password 0 bears
username ewbank password 0 jets
username ed privilege 15 password 0 mcdaniel
line vty 0 4
?? login local
This configuration means three things as well.? Each user attempting to telnet in will be prompted for both a username and password.? Each individual user must enter the password that’s been assigned to them.? For example, the user “halas”would have to enter the password “bears” to successfully Telnet into this router.? The command “login local” under the VTY lines means that this local database of usernames and passwords will be used for authentication.?
Again, by default, users who are Telnetting in will be placed into user exec mode by default.? Only users with “privilege 15″ in the middle of their username / password definition will be placed into privileged exec immediately upon login.
Notice that zero in each of the username / password statements?? I didn’t enter that when I configured these statements.? This number indicates the level of encryption the password is currently under; a zero is the lowest level of encryption, indicating that the passwords aren’t encrypted at all.?? There’s a single line near the top of a Cisco router configuration that tells you why.. which of these three is it?
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
Simple enough!? The password encryption service is off by default.??? To turn it on. just run the command service password-encryption.? Let’s do so here and then take a look at the configuration.
R1(config)#service password-encryption
username halas password 7 1415170A1E17
username ewbank password 7 070524585D
username ed privilege 15 password 7 082C4F4A08170C121E
Now that’s what I call encryption!?? Note that the zero has changed to a “7″ – that’s the highest level of encryption on a Cisco router, and as you can see, it’s very effective.
Knowing how to read a Cisco router configuration is a valuable skill for both the CCNA certification exam and working with production networks.? Keep practicing, keep studying, and you’ll have the coveted letters “CCNA” behind your name soon!
Tags: CCNA, CCNA exam
Filed under CCNA, Cisco Certification | No Comments »
CCNA Certification: Reloading A Cisco Router Interface
Posted on May 22nd, 2010
Passing the CCNA certification exam means that you know how to configure and troubleshoot a Cisco router instead of using what I call the “hope method” – you know, “Let’s reload the router and hope that takes care of it.” The majority of Cisco router configurations take effect without the need for a reload, but every once in a while you just have to reload a router or shut and reopen an interface. Let’s take a look at three such scenarios.
The first is when you change an OSPF Router ID from its default. For the new RID to take effect, you must either reload the router or clear the OSPF process, which means that all existing adjacencies will come down. Cisco routers are kind enough to tell you this with the following message after you configure a new RID: “Reload or use “clear ip ospf process” command, for this to take effect”.
In a previous tutorial, I showed you how to configure an Etherchannel. You have to place each port into the Etherchannel with the channel-group command, and if you do so individually, some of the ports may go into error-disabled state, or “err-disable”. This can also happen as a result of port security enforcement. You can see this with the show interface command:
sw1#show int fast 0/1
FastEthernet0/1 is down, line protocol is down (err-disabled)
A syslog message putting that port into err-disabled state will look like this:
04:10:23: %PM-4-ERR_DISABLE: channel-misconfig error detected on Po1, putting Fa0/1 in err-disable state
If this happens during an Etherchannel configuration, just finish the config and then shut and reopen the ports in err-disabled state. They’ll come back up and be placed into the Etherchannel.
Finally, our old friend the SPID often makes us shut and reopen the BRI interface. If the BRI interface is open and you configure SPIDs on it, the SPID can be absolutely correct and you’ll still see this in the output of show isdn status:
spid1 configured, spid1 NOT sent, spid1 NOT valid
At least the Cisco router puts “NOT” in caps, right? It’s easier to see that way! With SPIDs, before you call the service provider or check the SPID you entered about 40 times, just shut and reopen the interface. That usually does the trick.
When you earn your CCNA certification Feature Articles, that means that you know what you’re doing instead of hoping that you do – and part of that is knowing when a simple reload or open/shut will take care of the issue.
Tags: CCNA, CCNA certification, Cisco
Filed under CCNA | No Comments »
Cisco CCNA Certification Exam- Get Certified Now
Posted on May 21st, 2010
And the first bit of good news is that you have plenty of time to take and pass the current CCNA exams. In this article, I will outline several advantages to taking the CCNA plunge now before these changes take effect.
The current CCNA exam (640-801) will not be phased out until November 6, which gives you more than enough time to get CCNA certified before then — even if you haven started studying yet! Those of you who want to take the two-exam path to CCNA certification should know that the 640-811 ICND and 640-822 INTRO exams will be phased out on that same date.
Cisco taking the approach that the CCNA certification is no longer an entry-level certification, and this is a welcome change for CCNAs and CCNA candidates alike. I have been writing CCNA ebooks and teaching CCNA courses for several years, and I抳e always refused to call this an entry-level certification.
The new CCNA exam (640-802) looks to be even more demanding than the current exam, which is another reason to pick up the pace and get certified now! Here are just some of the new topics you抣l find on the 640-802 exam:
* Rapid Spanning Tree Protocol
* Switch security
* IP Version 6
* Router security
* Virtual Private Networks
* Wireless routing and more
Add these to the topics already found on the current CCNA exam, and you can see that the new CCNA exam will be even more demanding than the current version.
If you choose the two-exam path for the CCNA certification after November 6, you need to take two ICND exams ICND 1 (640-822) and ICND 2 (640-816). This is much tougher than the current path because the INTRO exam will be a thing of the past after November 6! (Passing the ICND 1 exam will earn you the new Cisco Certified Entry Networking Technician certification, Cisco new entry-level certification.)
The CCNA will be even more valuable with these changes, so again, even if you even been thinking about earning the CCNA now is the time!
The new CCNA exams will actually be available on August 1, but again, I want to emphasize that the current CCNA exams will be available through November 6. My advice to those who want to get CCNA certified before the change is to book your exam nowBusiness Management Articles, make sure you choose the right
Tags: 640-816, 640-822, CCNA exam
Filed under CCNA | No Comments »
CCNA Certification Test Guide
Posted on May 19th, 2010
Writing the CCNA is the first step in network certification, but is still considered to be a tough exam. Noted CCNA author Todd Lammle comments in his recent book CCNA Study Guide that the Cisco CCNA is tough because it touches on so many subject areas, making studying a difficult undertaking.
A few simple tips can keep the studying focused and give a student the best chance at passing the CCNA certification exam.
Make Sure Study Materials Match the Exam
It sounds simple enough, but Cisco recently changed the CCNA, and there are plenty of study materials that still reflect the scope of the old exam. As of 2008, the current exam is the 640-802 (the previous exam number was 640-801 — an easy mistake to make!). Some of the new technologies and concepts introduced in the most recent CCNA include:
* VoIP and telephony basics and basic configuration
* More in depth coverage of IPv6
* Wireless technologies, based on Cisco’s implementation
* Deeper look at routing protocols, switching and the spanning tree protocol.
This is all in addition to the topics already covered on the CCNA: routing, VLANs, WAN technologies, subnetting, security (ACLs and NAT), and more.
Know The Cisco Answer
There may be more than one right answer. Make sure to learn what the Cisco answer is. It’s important to understand what Cisco considers the proper answer to be, whether it be how to configure a router or when to apply security. Some questions may even have similar answers, but the Cisco answer is always considered the right one on the CCNA.
Tags: 640-802, CCNA, Cisco CCNA
Filed under CCNA | No Comments »