Who knew that the dating life of OSPF devices were controlled by the IT ELF?

First off if you are not subscribed to Keith’s Youtube channel and you are working on your CCNA, what are you thinking?  Follow this link and subscribe!  https://www.youtube.com/user/Keith6783

So IT Elf is an acronym for the OSPF states

  • I – Init
  • T – Two-way
  • E – Estart & Exchange
  • L – Loading
  • F – Full

Now as far as the dating portion, I will leave the video to explain that in detail but know that the DR (Designated Router) and BDR (Backup Designated Router) are a bit of a player as they are the only devices that build a full relationship will all the other devices.  The devices that become DROTHER routers build two way relationship with the other DROTHER devices but will build a full relationship with DR and BDR.

Check out Keith’s OSPF Neighbor States | Cisco CCNA 200-301 video

 

United States Info Sec Information.

Sites to be used for reporting cyber issues.

FTC.GOV

Federal Trade Commision – one-stop resource, www.IdentityTheft.gov can help you report and recover from identity theft. Report fraud to the FTC at ftc.gov/OnGuardOnline or www.ftc.gov/complaint.

Cybersecurity & Infrastructure Security Agency – Report Computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or www.us-cert.gov. Forward phishing emails to websites to US-CERT at phishing: report@us-cert.gov

IC3.GOV

Internet Crime Complaint Center – If you are a victim of online crime, file a complaint with the IC3 at http://www.IC3.gov

Social Security Administration – If you believe someone is using your SSN, contact the Social Security Administration’s fraud hotline at 1-800-269-0271.

 

 

Numbered Standard ACL

  • Standard ACL Numbers
    • 1-99, 1300-1999
  • Configure a number standard route to allow one subnet to pass-though while denying another subnet to a third subnet.
    • As soon as a rule is applied there is also a deny all rule applied to the access list also.
    • Standard Access lists only check the source address as opposed to extended ACL that checks both source and destination.
      • This requires that the list be completed on the outbound port toward the subnet that needs to be blocked.
    • Commands
      • Create the outbound ACL on interface sending traffic to the subnet to be denied
        • (config-if)#ip access-group [Standard ACL#] out
      • Add rules to the newly created ACL
        • (config-if)#exit
        • (config)#access-group 1 deny [restricted subnet] [restricted wildcard mask]
        • (config)#access-group 1 permit [allowed subnet] [allowed wildcard mask]
          • This is needed as the default Deny All rule that is applied to all ACLs
    • In the lab, they create the ACL rules first and then create the ACL that will house these rules.  This makes sense as when you apply the ACL all traffic will be blocked until a permit rule is put in place.

Numbered Extended ACL

  • Extended ACL Numbers
    • 100-199, 2000-2699
  • Configure a numbered extended ACL to permit telnet access to a single IP address while denying all other IP addresses.
    • I did this incorrectly as I applied two rules while three are needed (all rules were provided on the inbound interface on the router for the subnet making the request.
      • I provided the permit rule for the single IP address and a deny rule for all other IP addresses.  The default deny all traffic on the ACL blocked all other traffic.
      • Since numbered ACLs cannot be reordered, the ACL was deleted and re-applied the rules in the ordered needed.
    • Commands
      • (config)#access-list 100 permit tcp host 10.0.1.10 host 10.0.0.2 eq telnet
      • (config)#access-list 100 deny tcp 10.0.1.0 0.0.0.255 host 10.0.0.2 eq telnet
      • (config)#access-list 100 permit ip any any
      • (config)#int [inbound interface]
      • (config-if)#ip access-list 100 in

Named Extended ACL

  • Remove the number extended ACL
    • Command
      • (config-if)#no ip access-group [group#] in
  • Configure and apply a named extended ACL
    • (config)#ip access-list extended [Name]
    • (config-ext-nacl)#permit tcp host 10.0.1.10 host 10.0.0.2 eq telnet
    • (config-ext-nacl)#deny tcp 10.0.1.0 0.0.0.255 host 10.0.0.2 eq telnet
    • (config-ext-nacl)#permit icmp host 10.0.1.11 host 10.0.0.2 echo
    • (config-ext-nacl)#deny icmp host 10.0.1.0 host 10.0.0.2 echo
    • (config-ext-nacl)#permit ip any any
  • Apply ACL to interface
    • (config-if)#ip access-group [access-list name] in|out

Disable Unused ports

  • (config)#int range f0/1-24
  • (config-if-range)shut

Port Security Configuration

  • (config-if)#switchport mode access
    • must be an access port to apply port-security
  • (config-if)#switchport port-security
  • (config-if)#switchport port-security maximum [number of MACs allowed]
  • (config-if)#switchport port-security mac-address [mac address]
    • To statically assign a MAC address to a port.

 

Configure EtherChannel

  • Each side of the etherchannel needs to be configured the same.
  • Types 
    • LACP
      • Active – Active = Connection
      • Active – Passive = Connection
      • Passive – Passive = No connection
    • PAgP
      • auto – auto = No connection
      • auto – desirable = Connection
      • desirable – desirable = Connection
    • Static
      • on – on = Connection
  • Commands
    • (config)#int range [interfaces]
    • (config-if-range)#channel-group [group#] mode [active, passive, auto, desirable, on]
    • (config-if-range)#int po[group#]
    • (config-if)#switchport mode trunk
    • (config-if)#switchport trunk native vlan [vlan#]

Verify EtherChannel status

  • #show etherchannel summary

StackWise, VSS and vPC

  • Depending on the switch it will use one of the three versions.  This allows two different switches to support upload links using IP addresses instead of layer two information.
  • Commands are very similar to layer 2 except for an additional command in the config-if-range and instead of setting trunk mode in the config-if you set an IP address
    • (config)#int range [interfaces]
    • (config-if-range)#channel-group [group#] mode [active, passive, auto, desirable, on]
    • (config-if-range)#no switchport
    • (config-if-range)#int po[group#]
    • (config-if)#ip address [IPAddress] [Subnet]
    • (config-if)#no shut

Spanning Tree Troubleshooting

  • Identify the routing path of traffic 
    • Is there any HSRP
      • #show standby
    • Check VLANs
      • #show vlan brief
    • Which switch is the root switch and which ports are block ports
      • Check the spanning-tree details and find the root bridge
        • #show spanning-tree vlan [vlan#]
          • Summary and details of Root and Bridge ID and interface details
          • Verify all switches have matching spanning tree Root Bridge
          • Check Priority
  • Set switch as Span-tree Primary and Secondary
    • Primary
      • (config)#spanning-tree vlan [vlan#] root primary
      • (config)#spanning-tree vlan [vlan#] root secondary
  • Portfast and bpduguard is set on an interfaces or can be set at default for all access ports
    •  Interface
      • (config)#int [interface]
      • (config-if)#spanning-tree portfast
      • (config-if)#spanning-tree bpduguard enable
    • Default on all access ports
      • (config)# spanning-tree portfast bpduguard default

HSRP Configuration

  • Basic HSRP
    • Configure basic HSRP of the 10.10.10.0/24 network
      • R1(config-if)#standby ip 10.10.10.1
      • R2(config-if)#standby ip 10.10.10.1
        • I missed a priority  when entering the standby, so it automatically set the group to zero and the priority to 100
        • #no standby 0 ip 10.10.10.1 and replace it by “standby group# ip VIP-IP”
        • When I changed one router to use group 1 I got a constant stream of Duplicate address 
    • Check HSRP active router
      • #show standby brief
      • #show standby
    • What is physical MAC address
      • show int g0/1
    • What is HSRP virtual interface MAC address
      • #show standby
  • Priority and Pre-emption
    • Set router 1 has the preferred router
      • (config-if)standby 1 priority 110
Moving and studying do no go hand in hand, but I am in my new place and the network is about all setup.  It will be rough trying to get all the studying that I need in and the test taken before the end of the month, but I am going to keep focusing and time will tell.

 

 

DHCP Configureation Lab

  • Configure the interface to accept DHCP address
    • (config-if)#ip address dhcp
  • Verify interface received IP address
    • (config-if)#do show ip int brief
  • What is the IP address of the DHCP server
    • #show dhcp lease
  • Enable router to be a DHCP server
    • (config)#ip dhcp pool [Name of pool]
    • (dhcp-config)#network 10.10.10.0 255.255.255.0
    • (dhcp-config)#dns-server 10.10.10.1
    • (dhcp-config)#exit
    • (config)#ip dhcp excluded 10.10.10.1 10.10.10.10
      • Note: the lab demestrates that all the exceptions can be put in before setting up the pool.  So I should have excluded the  range to ensure that they could not be handed out after the pool is created.  Additionally the lab did not not specifically call for a gateway but it was put in during the lab.
    • (config)#ip dhcp pool [name of pool]
    • (dhcp-config)#default-routere 10.10.10.1
  • Show that clients received ip addresses
    • #show ip dhcp binding
    • BONUS: Since I did not put in the exclusion be for create the pool my clients go IP addresses in the “excluded range” and I had a conflict since the routers IP address is 10.10.10.1 which is also in the excluded range.
      • Clear DHCP conflicts
        • # clear ip dhcp conflict *
      • First client’s IP address was change on the client itself using the cmd promt
      • Second client’s IP address was release through the following command but this only releases it on the DHCP server but the client will have to have it renewed on the device itself.
        • #clear ip dhcp binding 10.10.10.3
          • This command was missing in Packet Tracer but found it on Cisco’s chat board.
  • Remove DHCP from router
    • (config)#no ip dhcp pool [pool name]
    • (config)#no ip dhcp 10.10.10.1 10.10.10.10
  • Configure DHCP relay/helper address on client network
    • (config)#int f0/0
    • (config-if)#ip helper-addresss 10.10.20.10

 

 

 

 

 

 

Lab 20 – OSPF Configuration

  • Enable a loopback interface on all routers.
    • (config)#int loopback0
    • (config-if)#ip address [ip address] 255.255.255.255
  • Enable single area OSPF, exclude interfaces on edge router
    • (config)#route ospf 100
    • (config-router)#passive-interface [interface] – For segments that should not get ospf advertisement.
    • (config-router)#network 10.0.0.0 0.255.255.255 area 1
    • (config-router)#network 192.168.0.0 0.0.0.255 area 1
      • I forgot to add the loopback route
  • Show OSPF id
    • (config)#show ip protocols
  • Show router adjacencies
    • (config)#show ip ospf neighbors
  • Show all loopbacks are in the routing table
    • (config)#show ip route
  • Set reference bandwidth so that a 100 Gbps interface will have a cost of 1
    • (config-router)#auto-cost reference-bandwidth 100000
      • Had to look up in my notes for command
  • Verify the cost of the fastEthernet links
    • (config)#show ip ospf interface [interface]
      • Another lookup.
  • Edit the cost on the interfaces 
    • (config-if)#ip ospf cost [cost]

So I have decided that I am going to move toward getting my next piece of paper (certification) and take a back seat to applying for positions.  Maybe something will come out of the ones that I have already applied for but as this is all items that I know and I just need to focus on how Cisco wants the answered so that I can ensure my future employers can confirm I know CCNA subject matter,  time to focus on CCNA.

 

 

Lab 19 – IGP Interior Gateway Protocol Fundamentals Configuration

  • Configure RIP on all routers
    • (config)#route rip
    • (config-router)#no auto
    • (config-router)#network 10.0.0.0
  • Verify routes
    • (config-router)#do show ip route
  • Add Internet route to RIP on router R4 and make interface f1/1 passive to make sure rip info is not passed.
    • (config-router)#passive-interface f1/1
    • (config-router)#network 203.0.113.0
  • Add default route on R4 using 203.0.113.2
    • (config)#ip route 0.0.0.0 0.0.0.0 203.0.113.2
  • Distribute default route over rip
    • (config)#route rip
    • (config-router)#default-information originate
      • So the first time I did it will out looking at the answer I put in “network 0.0.0.0” before the originate command.  When I verified the routes on the other routers the 0.0.0.0 did not appear until I added “network 0.0.0.0”, but decided it was best to reset the entire RIP routing with a “no route rip” to clear everything out.
  •