DNS (DYNAMIC NAME SERVER)

Short for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4.

The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.

DNS server is used to let the hosts in a network to learn the ip  addresses of other hosts in a network…

Host A Is gonna send a request to a dns server for the ip address of Host B  and the server is gonna reply with the ip  address…

A host must know atleast its

1. IP

2. network mask,

3.  DNS server IP 

4. default gateway….

To be able to send data from one point to another.

We got a couple of options to let the host know the above info…

5. Configure it manually….

6. Enable each workstation for DHCP...

IOS COMMANDS

Privileged Mode:-

• enable - get to privileged mode

• disable  - get to user mode

• enable password <password_here> - sets privileged mode password
• enable secret <password_here>  - sets encrypted privileged mode password

Setting Passwords:-

• enable secret <password_here> - set encrypted password for privileged access

• enable password <password_here> - set password for privileged access (used when there is no enable secret and when using older software)

Set password for console access:-

• (config)#line console 0

• (config-line)#login

• (config-line)#password <password_here>

Set password for virtual terminal (telnet) access (password must be set to access router through telnet):-

• (config)#line vty 0 4

• (config-line)#login

• (config-line)#password <password_here>

Set password for auxiliary (modem) access:-

• (config)#line aux 0

• (config-line)#login

• (config-line)#password <password_here>

Configuring the Router:-

• sh running-config - details the running configuration file (RAM)

• sh startup-config - displays the configuration stored in NVRAM

• setup - Will start the the automatic setup; the same as when you first boot the router

• config t  - use to execute configuration commands from the terminal

• config mem - executes configuration commands stored in NVRAM; copies startup-config to running-config

• config net - used to retrieve configuration info from a TFTP server

• copy running-config startup-config  - copies saved config in running config (RAM) to NVRAM or "write memory" for IOS under ver.11
• copy startup-config running-config  - copies from non-volatile (NVRAM) to current running config (RAM)
• boot system flash <filename_here> - tells router which IOS file in flash to boot from
• boot system tftp - tells router which IOS file on the tftp server to boot from

• boot system rom  - tell router to boot from ROM at next boot

• copy flash tftp - Copies flash to tftp server

• copy tftp flash  - Restores flash from tftp server
• copy run tftp  - Copies the current running-config to tftp server

• copy tftp run - Restores the running-config from tftp server

General Commands:-

• no shutdown - (enables the interface)
• reload - restarts the router

• sh ver - Cisco IOS version, uptime of router, how the router started, where system was loaded from, the interfaces the POST found, and the configuration register
• sh clock  - shows date and time on router
• sh history - shows the history of your commands
• sh debug  - shows all debugging that is currently enabled
• no debug all - turns off all debugging

• sh users - shows users connected to router
• sh protocols - shows which protocols are configured
• banner motd # Your_message # - Set/change banner

• hostname <router_name_here>  - use to configure the hostname of the router

• clear counters  - clear interface counters

Processes & Statistics:-

• sh processes  - shows active processes running on router
• sh process cpu - shows cpu statistics
• sh mem  - shows memory statistics

• sh flash - describes the flash memory and displays the size of files and the amount of free flash memory

• sh buffers - displays statistics for router buffer pools; shows the size of the Small, Middle, Big, Very Big, Large and Huge Buffers

• sh stacks - shows reason for last reboot, monitors the stack use of processes and interrupts routines

CDP Commands (Cisco Discovery Protocol uses layer 2 multicast over a SNAP-capable link to send data):-

• sh cdp neighbor  - shows directly connected neighbors
• sh cdp int - shows which interfaces are running CDP
• sh cdp int eth 0/0 - show CDP info for specific interface

• sh cdp entry <cdp_neighbor_here> - shows CDP neighbor detail

• cdp timer 120 - change how often CDP info is sent (default cdp timer is 60)

• cp holdtime 240  - how long to wait before removing a CDP neighbor (default CDP holdtime is 180)

• sh cdp run - shows if CDP turned on
• no cdp run  - turns off CDP for entire router (global config)
• no cdp enable - turns off CDP on specific interface

Miscellaneous Commands:-

• sh controller t1  - shows status of T1 lines
• sh controller serial 1 - use to determine if DCE or DTE device
• (config-if)#clock rate 6400 - set clock on DCE (bits per second)
• (config-if)#bandwidth 64 - set bandwidth (kilobits)

IP Commands:-

Configure IP on an interface:

• int serial 0

• ip address 157.89.1.3 255.255.0.0

• int eth 0

• ip address 2008.1.1.4 255.255.255.0

Other IP Commands:

• sh ip route  - view ip routing table
• ip route <remote_network> <mask> <default_gateway> [administrative_distance] - configure a static IP route
• ip route 0.0.0.0 0.0.0.0 <gateway_of_last_resort> - sets default gateway
• ip classless - use with static routing to allow packets destined for unrecognized subnets to use the best possible route
• sh arp - view arp cache; shows MAC address of connected routers
• ip address 2.2.2.2 255.255.255.0 secondary - configure a 2nd ip address on an interface
• sh ip protocol

IPX Commands:-

 Enable IPX on router:

• ipx routing

Configure IPX + IPX-RIP on an int:

• int ser 0
• ipx network 4A

Other Commands:

• sh ipx route  - shows IPX routing table
• sh ipx int e0 - shows ipx address on int
• sh ipx servers - shows SAP table
• sh ipx traffic - view traffic statistics
• debug ipx routing activity - debugs IPS RIP packets
• debug ipx sap - debugs SAP packets

Routing Protocols:-

Configure RIP:

• router rip
• network 157.89.0.0
• network 208.1.1.0

Other RIP Commands:

• debug ip rip - view RIP debugging info

Configure IGRP:

• router IGRP 200
• network 157.89.0.0
• network 208.1.1.0

Other IGRP Commands:

• debug ip igrp events - view IGRP debugging info

• debug ip igrp transactions - view IGRP debugging info

Access Lists:-

• sh ip int ser 0 -  use to view which IP access lists are applies to which int
• sh ipx int ser 0 -  use to view which IPX access lists are applies to which int

• sh appletalk int ser 0 -  use to view which AppleTalk access lists are applies to which int

View access lists:

• sh access-lists

• sh ip access-lists
• sh ipx access-lists

• sh appletalk access-lists

 Apply standard IP access list to int eth 0:

• access-list 1 deny 200.1.1.0 0.0.0.255
• access-list 1 permit any
• int eth 0

• ip access-group 1 in

 Apply Extended IP access list to int eth 0:

• access-list 100 deny tcp host 1.1.1.1 host 2.2.2.2 eq 23
• access-list 100 deny tcp 3.3.3.0 0.0.0.255 any eq 80

• int eth 0

• ip access-group 100 out

 Apply Standard IPX access list to int eth 0:

• access-list 800 deny 7a 8000
• access-list 800 permit -1
• int eth 0

• ipx access-group 800 out

 Apply Standard IPX access list to int eth 0:

• access-list 900 deny sap any 3378 -1
• access-list 900 permit sap any all -1
• int eth 0
• ipx access-group 900 out

PPP Configuration:-

• encapsulation ppp

• ppp authentication <chap_or_pap_here>

• ppp chap hostname <routername_here>
• ppp pap sent-username <username_here>

• sh int ser 0 - use to view encapsulation on the interface

Frame-Relay Configuration:-

• encapsulation frame-relay ietf - use IETF when setting up a frame-relay network between a Cisco router and a non-Cisco router
• frame-relay lmi-type ansi - LMI types are Cisco, ANSI, Q933A; Cisco is the default; LMI type is auto-sensed in IOS v11.2 and up

• frame-relay map ip 3.3.3.3 100 broadcast - if inverse ARP won't work, map Other IP to Your DLCI # (local)

• keepalive 10 - use to set keepalive

• sh int ser 0 - use to show DLCI, LMI, and encapsulation info

• sh frame-relay pvc - shows the configured DLCI's; shows PVC traffic stats

• sh frame-relay map - shows route maps

• sh frame-relay lmi - shows LMI info

Keyboard Shortcuts:-

• CTRL-P - show previous command
• CTRL-N - show next command
• SHIFT-CTRL-6  - Break

VLANs

A Virtual LAN (VLAN) is a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, it is very flexible for user/host management, bandwidth allocation and resource optimization. Most home or small office networks will not find it necessary to use this method of network management. But a business with, say, a networked point of sale system, a public network (like a wi-fi hotspot), and an internal office network will want to keep these systems separate for security reasons, but yet still have them all on the same physical network for ease of management. Here's how it works.

Virtual LANs fall into the following categories:-

1. Port-Based VLAN: each physical switch port is configured with an access list specifying membership in a set of VLANs.

2. MAC-based VLAN: a switch is configured with an access list mapping individual MAC addresses to VLAN membership.

3. Protocol-based VLAN: a switch is configured with a list of mapping layer 3 protocol types to VLAN membership ¡§C thereby filtering IP traffic from nearby end-stations using a particular protocol such as IPX.

4. ATM VLAN  using LAN Emulation (LANE) protocol to map Ethernet packets into ATM cells and deliver them to their destination by converting an Ethernet MAC address into an ATM address.

Switches

A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). Technically, network switches operate at layer two (Data Link Layer) of the OSI model.

Network switches appear nearly identical to network hubs, but a switch generally contains more intelligence (and a slightly higher price tag) than a hub. Unlike hubs, network switches are capable of inspecting data packets as they are received, determining the source and destination device of each packet, and forwarding them appropriately. By delivering messages only to the connected device intended, a network switch conserves network bandwidth and offers generally better performance than a hub.

As with hubs, Ethernet implementations of network switches are the most common. Mainstream Ethernet network switches support either 10/100 Mbps Fast Ethernet or Gigabit Ethernet (10/100/1000) standards.

 

 

 

                                   MICROSEGMENTATION = one host one collision domain

First Decision:

A cisco switch is gonna do 1 of 3 things to an incoming frame…..

1. Forward

2. Flood

3. Filter

The switch will look into its mac-address table to make this decision. First  The switch is gonna  check the source Mac-address to make the mac-address table.

Lets suppose we put a new switch on a network and it doesn’t know any mac address.

 Host A wants to send frame to Host C, when the frame reaches switch it has to make one of the above decisions but first the switch will make an entry for the source mac-address as it is newly added and doesn’t know any mac.

 

 Now it ll look for dest. Mac and it does not have an entry for dest. Mac so the switch will Flood the frame to all ports except the one it came in on. This is called unknown unicast frame . And flood is always a broadcast.

 

Now host C will reply to Host A

The switch ll look into its mac address table to check the entry for source mac which is all c's address, it is not going to find it so it'll add it.

 

Now the switch will check dest. Mac address and it is on the mac-address table. So it will FORWARD the frame to host A.

 

Now lets assume that the switch has learnt all the 4 mac-addresses .

 

Now the Host A want to send a Frame to host B.

 

When the frame reaches switch , switch will look into its mac address table for source, It is gonna find it, then it ll look for dest. Mac address and it has both in its table but they are both on the same port, so switch is gonna DROP (FILTER) the frame.

SWITCHES NEVER SEND A FRAME BACK TO THE PORT IT CAME IN ON…

The Processing Method:

When the switch decides whether to forward, flood or filter the frame, there's one more decision to be made … the processing method…

1. Store and Forward : the whole frame is stored checked and then forwarded…

2. Cut Through : only the MAC addresses are read before forwarding. It is fastest but no error detection,

3. Fragment-Free : it checks first 64 bytes of the frame and then forwards it if no error found in the first 64 bytes

Bridges (Switching)

A device that connects two local-area networks (LANs), or two segments of the same LAN that use the same protocol, such as Ethernet or Token-Ring.

A bridge device filters data traffic at a network boundary. Bridges reduce the amount of traffic on a LAN by dividing it into two segments.

Bridges operate at the data link layer (Layer 2) of the OSI model. Bridges inspect incoming traffic and decide whether to forward or discard it. An Ethernet bridge, for example, inspects each incoming Ethernet frame - including the source and destination MAC addresses, and sometimes the frame size - in making individual forwarding decisions.

Bridges serve a similar function as switches, that also operate at Layer 2. Traditional bridges, though, support one network boundary, whereas switches usually offer four or more hardware ports. Switches are sometimes called "multi-port bridges" for this reason.

HUBs (Switching)

A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

A passive hub serves simply as a conduit for the data, enabling it to go from one device (or segment) to another. So-called intelligent hubs include additional features that enables an administrator to monitor the traffic passing through the hub and to configure each port in the hub. Intelligent hubs are also called manageable hubs.

A third type of hub, called a switching hub, actually reads the destination address of each packet and then forwards the packet to the correct port.

It is a multiport repeater. Both hubs and repeaters are l 1 devices.

CSMA/CD is used in hubs to avoid Collisions.

Repeater (Switching)

Network repeaters regenerate incoming electrical, wireless or optical signals. With physical media like Ethernet or Wi-Fi, data transmissions can only span a limited distance before the quality of the signal degrades. Repeaters attempt to preserve signal integrity and extend the distance over which data can safely travel.

Actual network devices that serve as repeaters usually have some other name. Active hubs, for example, are repeaters. Active hubs are sometimes also called "multiport repeaters," but more commonly they are just "hubs." Other types of "passive hubs" are not repeaters. In Wi-Fi, access points function as repeaters only when operating in so-called "repeater mode."

Higher-level devices in the OSI model like switches and routers generally do not incorporate the functions of a repeater. All repeaters are technically OSI physical layer devices.