Making Home Lab. Part 1

Due to a lot of experience that I have with real networking hardware, it is not mandatory to have a Home Lab to pass CCNA R&S. However, I’ve decided that it could be extremely useful for my further professional development to have a lab at home.

It is understood that there are two options:

Option 1. Buy real Cisco gear on Ebay

“+”

  • real hardware

“-“

  • lack of flexibility
  • quite expensive
  • noisy
  • require a lot of space

(more…)

Cisco Certification

I have been around networks for over 8 years and I always have had a dream to become a CCIE. Now It is time to set the GOAL and to start my journey.

So that I’ve started studying for the CCNA R&S exam and thought I would put my notes on this blog. It might be useful for me and hopefully, my notes can be helpful to someone else. These notes are based on CCNAR&S 200-125 Official Cert Guide and CBT Nuggets.

Cisco native VLAN mystery revealed

Many people have trouble understanding cisco’s native vlan idea. Actually, it is very simple.

Let’s start with statement, that the native VLAN has two functions:

  1. It tags incoming untagged frames on trunk links with the native VLAN.
  2. It untags outgoing frames that has already been tagged with same VLAN that is being used for the native VLAN on the trunk.

(more…)

The New Scary Trend Happening in Russia

We’ve just changed our Cisco 2911 to Mikrotik 1100 on one of our sites. And it’s happening with all Russian ISPs. They are migrating to Mikrotik because it is cheap, powerful and easy. Otherwise, Cisco is expensive and cisco professionals are expensive too 😉  As for me, it is scary enough…

Switchport Configurations Explained

Originaly it was posted by Brad Hedlund.

It always helps me to think of the English translation when trying to memorize and understand some the Cisco IOS settings I think are important.

Here are some Cisco IOS switchport configurations translated into English:

switchport mode trunk says: “Always trunk on this end, and I will send DTP to attempt to negotiate a trunk on the other end.”

switchport nonegotiate says: “Do not send or respond to DTP from this end. Disable all DTP on this port.” (Best used on user access ports, when trunking to non-Cisco switches, when trunking to a router[1], or if you are paranoid about fast convergence[2])

switchport mode dynamic desirable says: “Ask the other end to trunk using DTP and trunk if the negotiation succeeds. If DTP negotiation fails then become an access port.”

switchport mode dynamic auto says: “If the other end asks me to be a trunk with DTP, then become a trunk, but I wont initiate any negotitation from this end. If no one asks me to become a trunk then I will become an access port.”

switchport mode access says: “Never trunk on this end, and I will send out DTP to help my link partner reach the same conclusion.”

switchport trunk encapsulation says: “Do not negotiate the trunk protocol with DTP. Only use the trunk protocol specified in this command (isl or dot1q).

[1] Cisco routers do not talk DTP

[2] The process of DTP message exchange adds some delay in negotiating and bringing up a trunk. Use ‘switchport mode trunk’ + ‘switchport nonegotiate’ + ‘switchport trunk encapsulation’ for the fastest possible formation of a trunk.

Routes via DHCP

Basically, this is a very old post. Originally it was posted in my old Russian blog in early 2012. Nevertheless, I hope it might be useful.

When I was working in the University we used PPTP VPN servers to let our staff access Internet. Computers got default gateway from VPN server and it was a real problem due to the fact that we had a lot of internal servers and different subnets so that gateway was unique for each building. To address this problem our system administrators had to add routes on every computer manually.

Possible solutions were to distribute routes thought DHCP-server.
At that time we used Cisco 4503E as a default gateway and DHCP server.

Routes are controlled by 249 DHCP option, for example, option 249 ip (network) (mask) (gateway).

There is RFC http://www.ietf.org/proceedings/52/I-D/draft-ietf-dhc-csr-06.txt

Unfortunately, it didn’t work /23 and /8 networks…windows computers just ignored them.

Lately, I realized, that it was possible to send option 249 in HEX format.

For instance:

route 172.172.0.0/21 168.168.168.168
write hex:
N byte: 1 2 3 4 5 6 7 8
hex: 15 AC AC 00 A8 A8 A8 A8

description:
byte 1 – mask in hex (21dec -> 15 hex)
byte from 2 to 4 – our network
bytes from 5 to 8 – gateway

in configuration:
!
ip dhcp pool POOL
….
option 249 hex 15ACAC00A8A8A8A8
….
!

Actually, I found the script below to calculate HEX format for 249 option:
#!/usr/bin/perl -w
use strict;
sub option_121 {
my $gw = shift;
my $out_str = '';
my ($subnet, $mask, $b0, $b1, $b2, $b3);
foreach my $cidr (@_) {
($subnet, $mask) = split('/', $cidr);
($b0, $b1, $b2, $b3) = split(/\./, $subnet);
$out_str .= sprintf('%02x', $mask);
$out_str .= sprintf('%02x', $b0);
$out_str .= sprintf('%02x', $b1) if($mask > 8);
$out_str .= sprintf('%02x', $b2) if($mask > 16);
$out_str .= sprintf('%02x', $b3) if($mask > 24);
$out_str .= sprintf('%02x%02x%02x%02x', split(/\./, $gw));
}
return $out_str;
}
if(@ARGV < 2)
{
print "Usage: $0 gw_ip subnet1/mask1 subnet2/mask2 ... subnetN/maskN\n";
}
elsif($ARGV[0] =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)
{
print "DHCP option 121 (249) hex string: ".option_121(@ARGV)."\n";
}
else
{
print "Invalid gateway IP address: '$ARGV[0]'\n";
}

Site Footer

Sliding Sidebar

About Me

About Me

About Me

Honors:
IPv6 Certification Badge for mvyudin