94 Chapter 3 • Cisco Hardware and IOS Basics www.syngress.com Table 3.2 Continued Model Ports Comments 1602 R 1603 R 1604 R 1605 R 1 Ethernet 1 Serial w/integrated 56 Kbps CSU/DSU (Channel Service Unit/Data Service Unit) 1 WAN interface card slot 1 Ethernet 1 ISDN BRI (S/T interface) 1 WAN interface card slot 1 Ethernet 1 ISDN BRI with inte- grated NT1 (U interface) 1 S-bus port for ISDN phones 1 WAN interface card slot 2 Ethernet 1 WAN interface card slot The serial port can be used to sup- port asynchronous serial connections of up to 115.2 Kbps. It also provides support for synchronous serial con- nections (Frame Relay, Switched 56, and X.25) of up to 2.048 Mbps. The WAN interface cards available for the WAN interface slot include Serial (asynchronous and synchronous), T1/Fractional T1 CSU/DSU, 56/64 Kbps four-wire CSU/DSU, ISDN BRI with S/T interface, and ISDN BRI with inte- grated NT1, U interface. The WAN interface cards available for the WAN interface slot include Serial (asynchronous and synchronous), T1/Fractional T1 CSU/DSU, 56/64 Kbps four-wire CSU/DSU, ISDN BRI leased line. The WAN interface cards available for the WAN interface slot include Serial (asynchronous and synchronous), T1/Fractional T1 CSU/DSU, 56/64 Kbps four-wire CSU/DSU, ISDN BRI leased line. The WAN interface cards available for the WAN interface slot include: Serial (asynchronous and synchronous), T1/Fractional T1 CSU/DSU, 56/64 Kbps four-wire CSU/DSU, ISDN BRI with S/T interface, and ISDN BRI with inte- grated NT1, U interface. 71_BCNW2K_03 9/12/00 3:59 PM Page 94 Cisco Hardware and IOS Basics • Chapter 3 95 800 Series The 800 series (shown in Figure 3.12) consists of 11 different models including the 801, 801 CAPI, 802, 802 IDSL, 803, 803 CAPI, 804, 804 IDSL, 805, 827, and 827-4V. This series of routers is designed for small offices as well as telecommuters. The 800 series provides integrated voice and data support as well as security with VPNs. It can be confusing trying to compare the differences in the different models within the 800 series so Table 3.3 logically illustrates the differences. www.syngress.com Figure 3.12 The front of a Cisco 800 Series router Table 3.3 Port Configurations of the Cisco 800 Series Routers Model Ports Comments 801 801 CAPI 802 802 IDSL 803 803 CAPI 1 Ethernet 1 IDSN BRI (S/T interface) 1 Ethernet 1 IDSN BRI (S/T interface) 1 Ethernet 1 IDSN BRI with inte- grated NT1 (U interface) 1 Ethernet 1 IDSL (ISDN Digital Subscriber Line) with inte- grated NT1 (U interface) 4-port Ethernet hub 1 IDSN BRI (S/T interface) 2 Analog RJ-11 4-port Ethernet hub 1 IDSN BRI (S/T interface) 2 Analog RJ-11 Provides support for European ISDN and the Common Application Programming Interface (CAPI). Supports line rates up to 144 Kbps. Supports call waiting, call-waiting cancel, call hold, call retrieve, three- way conferencing, and call transfer. Provides support for European ISDN and the Common Application Programming Interface (CAPI). Continued 71_BCNW2K_03 9/12/00 3:59 PM Page 95 96 Chapter 3 • Cisco Hardware and IOS Basics Cisco IOS The “brains” of both Cisco switches and Cisco routers is the Internetwork Operating System (IOS). Without the IOS the hardware might as well be used as boat anchors. The IOS is responsible for everything from allowing the configuration of interfaces, to security using ACLs, and everything in between. Differences in Switch and Router IOSs The term Internetwork Operating System can be misleading—you may think that all IOSs are created equally. In reality, there is a difference in the IOSs used by switches and routers. Switch IOSs can support the con- figuration of VLANs, VTP, and items unique to switches, whereas router IOSs provide configuration support for various WAN configurations. The IOSs do have some commonality as they are used to configure Ethernet (and other) interfaces that can be present on both types of equipment. www.syngress.com Table 3.3 Continued Model Ports Comments 804 804 IDSL 805 827 827-4V 4-port Ethernet hub 1 IDSN BRI with inte- grated NT1 (U interface) 2 Analog RJ-11 4-port Ethernet hub 1 IDSL with integrated NT1 (U interface) 1 Ethernet 1 Serial 1 Ethernet 1 ADSL (Asymmetric Digital Subscriber Line) 1 Ethernet 1 ADSL 4 Analog RJ-11 Supports call waiting, call-waiting cancel, call hold, call retrieve, three- way conferencing, and call transfer. Supports line rates up to 144 Kbps. Supports both synchronous serial (Frame Relay, leased line, and X.25) connections up to 512 Kbps and asynchronous dial-up connections. Ideal for up to 20 users in a small office. Ideal for up to 20 users in a small office. 71_BCNW2K_03 9/12/00 3:59 PM Page 96 Cisco Hardware and IOS Basics • Chapter 3 97 Router Feature Sets Not only are there differences in switch and router IOSs, but there are even different feature sets among the router IOSs geared toward different functions. The decisions don’t stop after you decide on the routers for your Windows 2000 network infrastructure. You need to determine which IOS feature set meets the needs for the routers in question since each feature set contains a specific set of Cisco IOS features. Let’s examine some of the different feature sets that you need to be aware of. Enterprise The Enterprise feature set provides the widest range of features available in the IOS. Some of the features normally found within the Enterprise fea- ture set, which can vary depending on the hardware platform, are support for Apollo Domain, Banyan VINES, Frame Relay SVC support, Intermediate System-to-Intermediate System (IS-IS), Kerberos V client support, and other items normally seen in the enterprise environment. IP/IPX/IBM The IP/IPX/IBM feature set provides support for adding IP, IPX, and IBM routing support to the router. The IBM features include support for Systems Network Architecture (SNA) bisync, caching and filtering, NetView Native Service Point, as well as numerous other items. IP Plus The IP Plus feature set adds items related to the Internet Protocol. Some of the items present in the IP Plus feature set include Network Address Translation (NAT), Hot Standby Router Protocol (HSRP), Voice-over IP (VoIP), and ATM LAN Emulation (LANE). Of course these features can vary and are dependent on the hardware on which the IOS is running. Firewall Feature Set The Firewall feature set provides additional security functionality to the routers on which it is running. It provides not only firewall features such as stateful, application-based filtering, but also intrusion detection. Alerts can be configured to provide reporting in real-time. The Firewall feature set can be combined with IP Security (IPSec) and Layer 2 Tunneling Protocol to provide a complete virtual private network environment. Memory Requirements The amount of memory required for your router depends in part on the feature set you plan to use. For example, on a 3620 router with the www.syngress.com 71_BCNW2K_03 9/12/00 3:59 PM Page 97 98 Chapter 3 • Cisco Hardware and IOS Basics Enterprise feature set you need a minimum of 16MB of flash memory and 64MB of dynamic random access memory (DRAM). If you decide instead to use the IP/H323 feature set, the router requires a minimum of 8MB of flash memory and 48MB of DRAM. Of course these are just the minimum requirements for the feature set and you may require more memory depending on the use of the router within your Windows 2000 network infrastructure. Command Line Interface (CLI) The most common method of interacting with the router is through the command line interface provided by the Cisco IOS software. Every Cisco router has a console port that can be directly connected to a PC or ter- minal so that you can type commands at the keyboard and receive output on a terminal screen. The part of the Cisco IOS software that provides the user interface and interprets the commands you type is called the com- mand executive, or EXEC. www.syngress.com Enhanced Editing Keys Some of the commands you will type in the CLI can be very long. Cisco has been thoughtful enough to include a series of keystrokes that you can use to navigate around on the command line. This feature is known as enhanced editing, and for those of you familiar with UNIX, you will recognize the following keystrokes as the EMACS editing keystrokes. CTRL-A Go to the beginning of the line CTRL-E Go to the end of the line ESC-B Go back to the beginning of the previous word ESC-F Go forward to the beginning of the next word CTRL-B Go back one character CTRL-F Go forward one character These are not the only keys available to you in the IOS; I encourage you to research the documentation that came with your router for other time-saving keystrokes. For IT Professionals 71_BCNW2K_03 9/12/00 3:59 PM Page 98 Cisco Hardware and IOS Basics • Chapter 3 99 How to Get Around in the IOS Moving around the IOS is similar to typing at an MS-DOS prompt on a PC. You don’t change directories as you do on a PC, but you can change the mode you are operating in as well as various configuration settings. The IOS has a context-sensitive Help feature built in. This is a feature you will learn to depend on as you work with the command line interface. To enter the Help system all you need to do is type a ?. The screen will show the commands that are available to you. This list changes depending on the mode you are in within the IOS as well as on where you are in the IOS when you enter the help system. You can also enter the help system if you forget the syntax for a command. All you have to do is type the part of the command you remember and then a ?. The help system will display the options available to you at that point. While in the IOS you do not have to type the full command name. You can abbreviate commands to the point that it is unique so that the IOS knows what you want to do. Look at the following example from a Catalyst 2924 switch in which the command show running-config has been abbre- viated to sh ru. The IOS understands what you want to accomplish but you have saved yourself a lot of typing! 2924Outside#sh ru Building configuration Current configuration: ! version 11.2 no service pad no service udp-small-servers no service tcp-small-servers ! hostname 2924Outside ! enable secret 5 $1$.LeN$Cjuf.cxxxxxxxxxyu9YTKgU/ ! username kesnet privilege 15 password 7 xxxxxxxxxx 0 9 ! ! clock timezone Central 0 www.syngress.com 71_BCNW2K_03 9/12/00 3:59 PM Page 99 100 Chapter 3 • Cisco Hardware and IOS Basics ! interface VLAN1 ip address 10.10.14.150 255.255.255.0 no ip route-cache ! interface FastEthernet0/1 switchport access vlan 2 interface FastEthernet0/2 switchport access vlan 2 ! interface FastEthernet0/3 switchport access vlan 2 ! interface FastEthernet0/4 switchport access vlan 2 ! interface FastEthernet0/5 switchport access vlan 2 ! interface FastEthernet0/6 switchport access vlan 2 ! interface FastEthernet0/7 switchport access vlan 2 ! interface FastEthernet0/8 switchport access vlan 2 ! interface FastEthernet0/9 switchport access vlan 3 ! interface FastEthernet0/10 switchport access vlan 3 ! www.syngress.com 71_BCNW2K_03 9/12/00 3:59 PM Page 100 Cisco Hardware and IOS Basics • Chapter 3 101 interface FastEthernet0/11 switchport access vlan 3 ! interface FastEthernet0/12 switchport access vlan 3 ! interface FastEthernet0/13 switchport access vlan 3 ! interface FastEthernet0/14 switchport access vlan 3 ! interface FastEthernet0/15 switchport access vlan 3 ! interface FastEthernet0/16 switchport access vlan 3 ! interface FastEthernet0/17 switchport access vlan 3 ! interface FastEthernet0/18 switchport access vlan 3 ! interface FastEthernet0/19 switchport access vlan 3 ! interface FastEthernet0/20 switchport access vlan 3 ! interface FastEthernet0/21 switchport access vlan 3 ! interface FastEthernet0/22 www.syngress.com 71_BCNW2K_03 9/12/00 3:59 PM Page 101 102 Chapter 3 • Cisco Hardware and IOS Basics switchport access vlan 3 ! interface FastEthernet0/23 switchport access vlan 2 ! interface FastEthernet0/24 switchport access vlan 3 ip default-gateway 10.10.14.1 snmp-server community XXXX RW snmp-server chassis-id 0x0F banner motd ^C Access permitted to XXXXXXX personnel only all others must disconnect immediately!!! ^C ! line con 0 stopbits 1 line vty 0 4 access-class 100 in password XXXXXXXX login local line vty 5 15 access-class 100 in password XXXXXXXX login local ! end Enable Mode The IOS supports multiple modes. When you first log into a router you are in user EXEC mode. This mode is the lowest level of access to the router, and allows you to examine the status of most of the router’s configurable components, see the contents of routing tables, and do basic nondisruptive network troubleshooting. You cannot change the router’s configuration while in user EXEC mode, nor can you view the contents of the router’s configuration files. To do these things you must be in privileged EXEC www.syngress.com 71_BCNW2K_03 9/12/00 3:59 PM Page 102 Cisco Hardware and IOS Basics • Chapter 3 103 mode. This mode is sometimes called the enable mode, since that is the command you use to get this level of access. You can verify that you are in enable mode by the # sign shown after the router name. At this level you have full access to the router so you can do anything from viewing configu- ration files to disrupting network traffic by rebooting the router. ROMMON Mode The ROM monitor (ROMMON) mode is used to boot the router or perform diagnostic tests. There are two instances in which you enter ROMMON mode: if the router does not find a valid system image, and if you pur- posely interrupt the boot sequence by first using the reload command and then pressing the Break key within 60 seconds of booting. Once in ROMMON mode you can load an image from a Trivial File Transfer Protocol (TFTP) server, perform a stack trace, as well as other actions. When you want to exit ROMMON mode, simply type continue. This places you in user EXEC mode. If you want to initialize the router, enter the com- mand i. This command causes the bootstrap program to reinitialize the router, clear the memory, and boot the system. Normally the item everyone deals with when in ROMMON mode is the configuration register. The configuration register is 16-bit and is modified using the confreg command while in ROMMON mode. You may specify the hexadecimal address of the item you want to change as a value of the con- freg command or type confreg by itself to be prompted for each bit. For example, the lowest four bits of the configuration register are used for the boot field. This field determines whether the router boots from the net- work, from Flash memory, manually, or from ROM. Global vs Interface Mode on the CLI To configure the router you must be in the correct mode. First you must enter enable mode as all configurations are done from the privileged EXEC mode. Once you are in privileged EXEC mode you may enter global configu- ration mode. Use this mode to accomplish tasks such as naming your router and configuring a banner message for users logging into the router. Any configuration command that affects the operation of the entire router would be entered in global configuration mode. To enter global configura- tion mode, use the command configure terminal. Of course not all of the router configuration can be done in global con- figuration mode. To configure an interface you must go into the interface configuration mode for the correct interface you want to configure. It is easy to tell what configuration mode you are in as the router displays spe- cial prompts. When you are in global configuration mode you will see the following prompt: www.syngress.com 71_BCNW2K_03 9/12/00 3:59 PM Page 103 [...]... DNS database is logically distributed among servers and is unlimited in its growth potential Each server maintains a separate physical DNS database, and each DNS database includes references to both subordinate and parent DNS servers In this way, DNS is a hierarchy and can grow to any size that is required DNS names form a hierarchical tree structure, which is termed a domain namespace Each domain name... of ways of offering an address through a DHCP server: Dynamically assigned A pool of IP addresses, called a scope, is established for a subnet Each DHCP client receives an IP address that is available for a temporary period of time, called a lease At the lease expiration, the client can reestablish a new lease for the same address, or if the lease expired before the client started up again on the network, ... it can lease a new address Reservation IP addresses are set aside for individual hosts, so that when the client starts up on the network it always receives the same IP address Windows 2000 DHCP supports multicast IP addresses, as well as standard IP addresses It is available as part of the Windows 2000 Server operating system The Windows 2000 DHCP client has a new capability compared to older Windows. .. the server side application Client application sends data to a server Application Application Presentation Presentation Router Session Interface 1 Session Interface 2 Transport Network Network Network Data Link Data Link Data Link Physical Physical Physical Transport Network Data Link Physical www.syngress.com 111 71_BCNW2K_04 112 9/10/00 12 :35 PM Page 112 Chapter 4 • Protocols and Networking Concepts... Session Layer Layer 4 Transport Layer Host to Host Transport Layer Layer 3 Network Layer Internetwork Layer Layer 2 Data Link Layer Layer 1 Physical Layer www.syngress.com Network Access Layer 71_BCNW2K_04 9/10/00 12 :35 PM Page 111 Protocols and Networking Concepts • Chapter 4 In these models, each layer defines a data communication function that can be performed by one or more protocols For example, TCP... a DNS server To set the default domain name that the router appends to a host name lookup, use the following command but substitute your desired domain name for mydomain.com ip domain-name mydomain.com If you have multiple default domain names to use, you would use the command: ip domain-list domainname For Managers Cisco’s DNS/DHCP Manager The Cisco DNS/DHCP Manager is an application suite that can... the data-link layer (Layer 2) and routers operate at the network layer (Layer 3) We also examined the Hierarchical Design Model that consists of the core, distribution, and access layers We determined when it is appropriate to use switches and routers within your Windows 2000 network infrastructure Next we examined a variety of switches available from Cisco including the Catalyst 6500 series, Catalyst... including addressing, routing controls, and error checking As the data travels through the protocol stack at the sending host, each layer’s header wraps it This is called encapsulation When the data is received, each layer is processed and the header/trailer is dropped off, somewhat like the pieces of a rocket after it has blasted into space The way that this encapsulated data interacts with a router... low-bandwidth traffic to the front of the queue, and shares the remaining bandwidth between high-bandwidth traffic streams This is necessary because some high-bandwidth traffic streams have a tendency to act as a shuttle train by disallowing low-bandwidth data traffic its due bandwidth This scenario can often facilitate increased response time on low-bandwidth networks, causing noticeable latency Priority... hierarchy so that they can refer to the other server to find a name for IP address mapping that does not exist within its own zone DNS servers can host more than one zone When a server is primary, it is authoritative for the zone and all updates to the zone are made on it A server can also be secondary, where it contains a read-only copy of the zone and is available only for lookups, but not for changes . nec- essary because some high-bandwidth traffic streams have a tendency to act as a shuttle train by disallowing low-bandwidth data traffic its due bandwidth. This scenario can often facilitate increased. routers. We learned that switches typically operate at the data-link layer (Layer 2) and routers operate at the network layer (Layer 3) . We also examined the Hierarchical Design Model that consists. application receives the client data and processes it with the server side application Client application sends data to a server Router Application NetworkNetwork Data Link Physical Physical Data