Staying Motivated

One of the biggest challenges that I am finding myself trying to overcome is the whole motivational factor. Naturally the last thing that I feel like doing on weekends and when I come home from work is jumping on my laptop and studying for CCNP. I feel as though Cisco has taken over my life…

I found the following article on Google helped encourage me a little. It has some particularly useful advice on keeping motivated when studying towards technical exams. The point that I found the most useful is Don’t stop studying – just take a break, the note on using alternative resources were of considerable interest to me. Some of the alternative resources that I have found myself using are YouTube, CBT Nuggets and Darrel Root’s Cisco Hands on Training Podcast available on iTunes

So for those out there that are in the same situation as me here is a short article on keeping motivated when studying towards IT certification.

Certification Book Studying – Tips to Stay Motivated

Deacon…

Module 2 – Describing Campus Interconnection Technologies

There are a number of different technologies available to interconnect devices in the campus network depending on the bandwidth, distances, noise immunity, security and other business requirements. The two most common forms of media are copper and fiber-optic cabling.

FastEthernet (100Mbps Ethernet)

• IEEE 802.3u
• Operates at 100Mbps over twisted pair
• Raised the standard from 10Mbps to 100Mbps with only minimal changes to the existing cable infrastructure
• Switches that can function at 10/100Mbps can move frames between ports without Layer 2 protocol translation
• Usually connects end user devices to the access layer switch

Gigabit Ethernet (1Gbps Ethernet)

• IEEE 802.3z (1Gbps over fiber-optics)
• IEEE 802.3ab (1Gbps over twisted pair)
• Connects access layer switches to distribution layer switches, also for high use servers

10 Gigabit Ethernet (10Gbps Ethernet)

• IEEE 802.3ae (10Gbps over fiber -SR, -LR, -ER, -LX4)
• IEEE 802.3ak (10Gbps over Infiniband)
• IEEE 802.3an (10Gbps over twisted pair)
• IEEE 802.3ap (10Gbps over -KR, -KX4 copper PMDs
• IEEE 802.3aq (10Gbps over -LRM fiber PMDs)
• Connects high-speed switch links, backbones
• Will become the norm for uplinks

EtherChannel

• Provides link aggregation of bandwidth over Layer 2 ports between two switches
• Bundles individual Ethernet ports into one logical link
• Aggregation of bandwidth up to 1600Mbps (8×100Mbps Full Duplex) or 16Gbps (8×1Gbps Full Duplex)
• All interfaces within an EtherChannel bundle must be configured with the same duplex, speed and VLAN information
• Connects high-speed switch links, backbones with redundancy

Determining Equipment and Cabling Needs
Security, availability, scalability and manageability are the four design objectives of any high performance network. The ECNM provides the framework to meet these objectives and below are some of the decisions that need to be considered when altering the existing network infrastructure.

• Hubs and legacy switches should be replaced with new switches at the Access layer.
• Designers should plan for about 30 percent growth in port densities.
• It is advisable to consider using modular switches to accommodate future expansion if funding permits.
• Dont forget about QoS and VOIP support as they may be required in the future
• Keep in mind that the links from the Access layer to the Distribution layer carry aggregate traffic from all of the end nodes at the access layer. You must ensure that these links have adequate bandwidth capability. EtherChannel bundles can be used to increase the capacity of the links
• Ensure that the switches at the Distribution layer are capable of handling the load of the current Access layer.
• Ensure that there is the port capacity to add further trunk links for additional Access, Distribution and Core layer switches later on.
• Distribution layer switches should be Layer 2 and Layer 3 devices that support routing between the different VLANs
• Backbone equipment must be high-speed, redundant and scalable to allow the network to be altered as the business objectives dictate.

OverSubscription Ratios

• Access to Distribution layer links – No higher than 20:1, meaning that the link can be no less than 1/20th of the total bandwidth available cumulatively to all end devices using that link.
• Distribution to Core layer links – No higher than 4:1
• Between Core devices – There should be no oversubscription planning in the core

Consider Traffic Source to Destination Paths
The following types of traffic must be considered before VLAN configuration and devices are placed on the network

• Network Management – CDP, BPDUs, SNMP, RMON. Designers should consider creating a separate VLAN for carrying network management traffic as this eases network troubleshooting
• IP Telephony – Signaling and Data packets both need to be considered when designing a network. Signal traffic is traffic that is transmitted between the end devices (IP Phones and the Call Manager). Data traffic is the voice conversation itself. Often signal and data traffic are placed on separate VLANs as QoS measures are applied to give high priority to the voice traffic. When deploying VOIP it is recommended to have separate voice and data VLANs for the following reasons:
  • Address space conservation and voice device protection from external networks
  • QoS trust boundaries extension to voice devices
  • Protection from malicious network attacks
  • Ease of management and configuration
• IP Multicast – Traffic that is sent from a particular source address to non-unique MAC addresses. Layer 3 multicast is provided by the Protocol Independent Multicast (PIM) routing protocol. IPTV broadcasts and software for configuring workstations and servers quickly is an example of multicast traffic. Switches and routers need to be configured correctly to prevent traffic from being flooded to devices that have not requested it and to ensure that the traffic is only forwarded onto the networks that are requesting it
• Normal Data – This is traffic related to typical services such as file & print, email, web traffic, database applications etc. This type of data may be required to be treated differently in certain parts of the network.
• Scavenger Class – this includes all traffic with protocols or patterns that exceed their normal data flows. Examples are peer-to-peer traffic.

Notes are my version of the material available at Cisco.NetAcad.Net

Deacon…

Module 2 – Implementing Best Practices For VLANs

One of the major concepts that Cisco is pushing forward in BCMSN is that creating non-hierarchical networks is a big “No, No”.

So here are a quick few points as to why we should avoid them:

Issues with poorly designed networks

• Failure domains – If Layer 2 and Layer 3 boundaries are not clearly defined, reducing the impact of a failure in one area from affecting other areas can become difficult.
• Broadcast domains – Broadcasts exist in every network and are often required by applications to function correctly. Excessive broadcasts have a detrimental impact on network performance and can be minimized by segmenting the network into a number of different broadcast domains.
• Large amounts of unknown MAC unicast traffic – Remember from the CCNA days, switches keep a record of unicast mac-addresses in the mac-address-table. If this table becomes full the switch cannot keep a record of where to send the destined frame and hence the frame will be sent out of all switch ports. This is referred to as unknown MAC unicast flooding.
• Multicast traffic on ports where not intended – Multicast is a technique by which IP traffic from one source can be propagated to a multicast group identified by a single IP and MAC destination group address pair. In a poorly designed network multicast flooding can occur similarly to unicast and broadcast flooding.
• Difficult to manage and support – Lack of documentation, poorly designed network flows, time consuming problem resolution.
• Possible security vulnerabilities – Poorly designed security requirements at the access layer can compromise security.

Implementing a hierarchical addressing scheme addresses some of the issues with poorly designed networks. A hierarchical addressing scheme is a means of assigning IP addresses to network segments and VLANs in an orderly fashion whereby the entire network is considered.

Benefits of Hierarchical Addressing

• IP addresses are assigned on contiguous blocks. This leads to more efficient troubleshooting because devices are easier to locate.
• There is the reduced possibility of duplicate IP address assignment
• Routing protocols can perform route summarisation to reduce routing tables. This results in reduced CPU and memory requirements on routers, faster convergence times and easier troubleshooting

Guidelines for Hierarchical Addressing

• Design the IP addressing scheme so that blocks of 4, 8, 16, 32, 64 contiguous network numbers can be assigned to a switch block. This allows route summarisation to occur
• Assign network numbers contiguously from the distribution layer to the access layer
• Assign each VLAN a single IP subnet thereby creating a separate broadcast domain for each VLAN
• Subnet at the same binary value on all network numbers, avoiding VLSM where possible. This reduces confusion and eases troubleshooting.

Hierarchical Addressing Scheme Example
Company XYZ has 1,000 employees and the company can be divided into six separate business communities. According to Cisco’s ECNM each business unit should be assigned its own VLAN and each VLAN should be allocated a different IP address range.

The largest department at Company XYZ is the finance department with 150 employees. Therefore a subnet mask of 255.255.255.0 or /24 is chosen giving a maximum of 254 hosts per network.

The six VLANs that will be created for company XYZ are as follows:

• Sales Department – VLAN 10 – Building A
• IT Department – VLAN 20 – Building A
• Engineering Department – VLAN 30 – Building B
• Marketing Department – VLAN 40 – Building B
• Executive Department – VLAN 50 – Building C
• Finance Department – VLAN 60 – Building C

Due to the building design of Company XYZ it has been decided that each building block will be assigned addresses accordingly to accommodate future growth:

• Building A – 10.0.0.0/16
• Building B – 10.1.0.0/16
• Building C – 10.2.0.0/16

The allocation of VLANs and IP subnets for Building A will be:

• Sales Department – VLAN 10 – 10.0.0.0/24
• IT Department – VLAN 20 – 10.0.1.0/24
• Spare Addresses – 10.0.2.0 – 10.0.255.0

The allocation of VLANs and IP subnets for Building B will be:

• Engineering Department – VLAN 30 – 10.1.0.0/24
• Marketing Department – VLAN 40 – 10.1.1.0/24
• Spare Addresses – 10.1.2.0 – 10.1.255.0

The allocation of VLANs and IP subnets for Building C will be:

• Executive Department – VLAN 50 – 10.2.0.0/24
• Finance Department – VLAN 60 – 10.2.2.1/24
• Spare Addresses – 10.2.2.0 – 10.2.255.0

Company XYZ – Hierarchical Network Diagram

Once again notes from Cisco.com and image is a modified image from Cisco.NetAcad.Net

Deacon…

Subnetting Practice

For those out there looking for subnetting practice questions here are a few sites that I like to visit during the arr.. quieter times at work. It never hurts to do a quick refresh on your subnetting skills.

• San Bernardino Valley College: IP Subnet Practice Page
• http://www.subnettingquestions.com/
• http://blog.internetworkexpert.com/wp-content/uploads/2008/11/ccentsubblog.htm

Deacon…

Module 1 – The Enterprise Composite Network Model – Revisited

In a previous discussion I outlined the five network models within The Enterprise Composite Network Model – Campus, Data Centre, Branch, Teleworker and WAN. I am going to cover ECNM again however this time its a little more in depth and particularly focused towards the Campus Infrastructure.

ECNM is a hierarchical model used to segment networks into physical, logical, hierarchical and functional areas. The three major functional areas of the Campus Infrastructure are the Enterprise Campus, Enterprise Edge and Service Provider Edge.

Enterprise Campus

• Defined as one or more buildings with multiple virtual or physical networks
• Usually buildings are interconnected via a high-speed multilayer backbone
• Contains the elements required for independent operation within the campus (ie central servers)
• Does not offer remote connections or Internet access
• Can be further broken down into specific modules – Campus Infrastructure Module, Network Management Module, Server Farm Module, Edge Distribution Module
  • Campus Infrastructure Module – includes building access/distribution/core submodules and connects users within the campus to the server farm and edge distribution modules.
  • Network Management Module – Perfoms system logging, monitoring, authentication etc
  • Server Farm Module – Contains servers, DNS, e-mail, print for internal users
  • Edge Distribution Module – Aggregates connectivity from the enterprise edge into the campus backbone submodule

Enterprise Edge

• Aggregates connectivity from various external resources and filters it as it comes into the enterprise campus functional area
• Contains elements required for secure communications between the campus and remote locations
• Can be compared to a DMZ

Service Provider Edge

• Facilitates communication to WAN and ISPs

Benefits of using the Enterprise Composite Network Model

• Creates clearly defined boundaries between modules
• Has clear demarcation points so designers know exactly where traffic flows
• Eases design and increases scalability by allowing modules to be added independently
• Allows designers to add services and solutions without changing the underlying architecture

The Campus Infrastructure can be further broken down into the following submodules : Building Access,
Distribution and Core Layers

Building Access Layer

• Provides connectivity for users/workstations to the network
• Supports VLANs and establishes trunk links to the builiding distribtuion module
• Each building access switch has redundant links to the building ditribution module
• Usually Layer 2 devices

Building Distribution Layer

• Aggregates building access devices and uses switches to segment the network and isolate problems
• Performs routing, Qos and access control (ACLs)
• Traffic generally flows from building access submodule, through the building distribution submodule and onto the backbone
• Must provide fast failure recovery and provide redundant links to switches in the core
• Usually Layer 3 devices

Building Core Layer

• Sometimes referred to as ‘the backbone‘
• Designed to switch packets as fast as possible between campus infrastructure modules
• Routing, ACLs and processor based forwarding decissions should be avoided as they introduce latency
• Is critical for connectivity so must provide a high level of availability
• Usually high end Layer 2 and Layer 3 switches are used at the core for high throughput

Switch Configuration Interfaces

Cisco offers two distinct interfaces to configure the Catalyst series switches.

Cisco CatOS

• Traditionally used to configure Layer 2 parameters on Catalyst 4500, 5500, 6500 series switches, however these devices now support Cisco IOS

Cisco IOS

• Standard software for most other switches and Layer 3 devices

Comparison of enabling a port on CatOS and CiscoIOS switch

CatOS> en
CatOS> (enable) set port enable 3/1
CatOS> (enable) exit
CatOS> show port 3/1

CiscoIOS> enable
CiscoIOS# configure terminal
CiscoIOS(config)# interface fastethernet 3/1
CiscoIOS(config-if)# no shutdown
CiscoIOS(config-if)# end
CiscoIOS# show interface fastethernet 3/1

Once again notes and the wonderful image above are from Cisco.com

I would also like to thank Sunny and Aragoen for the encouragement. I actually find it kind of exciting documenting my process. I feel that its making me take more pride in my work which improves the learning process and helps with fully understanding the concepts.

Can’t wait to get into the nuts and bolts of BCMSN.

Deacon…

Module 1 – Campus Network Solutions

Non-Hierachial Networks

Non-Hierachial networks are the simplest form of Ethernet networks and consist of a single collision and broadcast domain. This topology is often referred to as a “Flat” topology and hubs are the most commonly used type of devices.

Benefits

• Easy to configure
• Easy to install
• Fit for small home office & business

Downsides

• As devices are added the number of collisions increase, reducing overall throughput
• Broadcast traffic increases as device are added
• Isolating problems can become difficult

Layer 2 Switching

Layer 2 switching can improve performance as CSMA/CD is in place. Ideally each device should be placed on its own switch port thereby eliminating media contentions and segmenting collision domains

Benefits

• Easy to configure
• Easy to install
• Segments collision domains and traffic contained based on MAC address
• Wire-speed performance

Downsides

• If VLANs are not used very large broadcast domains can exist
• If VLANs are used, traffic cannot move between different VLANs (Layer 3 device would be required)
• As Layer 2 topology increases , the potential for Layer 2 loops increases. Therefore its necessary that STP be introduced
• Single broadcast domain

Layer 3 Routing

Layer 3 routing addresses the major issue of Layer 2 switching, whereby traffic cannot pass between different VLANs / networks in a Layer 2 switching environment.

Benefits

• Routers can be used as broadcast boundaries
• Routers provide optimal path determination (routing tables)
• Routers can act as security devices, implement QoS, apply policies

Downsides

• When security features such as ACLs are used this introduces delays as each packet needs to be processed in software
• End-to-end VLANs are no longer supported
• Routers are more expensive then Layer 2 switches per interface

Mulitlayer Switching

Multilayer Switching is a hardware based solution that provides the combined functionality of switching and routing into a single platform. Multilayer switches can do everything to a frame (Layer 2) and Packet (Layer 3) that a traditional switch and router do.

Benefits

• Segment broadcast and collision domains
• Provide high speed Layer 2 and Layer 3 functionality
• Provide multiple simultaneous switching paths
• Forwards frames and packets based on Layer 2 and Layer 3 information respectively
• Validates frames and packets via checksums
• Apply security and policy controls if required
• Have the ability to support QoS and VOIP
• Can cost effectively replace traditional devices if placed strategically

Downsides

• Can become single points of failure if redundancy is not provided due to the functions of switching and routing being condensed into a single chasis
• If placed in a flat topology with many interconnections its possible to create redundant briding loops.Therefore it is necessary to implement STP. Networks that implement STP may experience periods of disconnection when STP recalculates forwarding paths.
• If placed incorrectly in a network they may be underutilised

Notes are sourced from Cisco.com and Cisco.NetAcad.Net
Diagrams created using Visio

Deacon…

Module 1 – Cisco’s Enterprise Composite Network Model

Cisco provides five network models (Campus, Data Centre, Branch, Teleworker, WAN) to help companies optimise, protect and grow their network infrastructure.

Image from Cisco.NetAcad.Net

1. Campus Architecture

• Provides high availability through a resilient multilayer design
• Incorporates a core infrastructure of intelligent switching and routing
• Integrates IP Communications, mobility and advanced security for increased productivity
• Utilises multicast traffic and Qos for optimised bandwidth consumption and ensures sensitive traffic is not delayed or dropped
• Provides flexibility to add VPNs, access management and VLANs for increased security

2. Data Centre Architecture

• A cohesive, adaptive network architecture that supports consolidation, business continuance and security
• Supports virtualisation and on demand computing
• Redundant data centres can be provided using a(synchronous) data and application replication
• Server and application load balancing is used to maximise performance

3. Branch Architecture

• Allows enterprises to extend head-offices to thousands of remote locations and users
• Integrates security, switching, network analysis and converged voice/video applications into a series of integrated services that can be deployed on an as required basis
• Robust and secure architecture is provided by utilising advanced routing, VPNs, redundant WAN links
• Branch architectures can be easily supported by utilising tools that centrally manage, monitor and configure devices located at remote sites to pro-actively resolve congestion and bandwidth issues before they effect users

4. Teleworker Architecture

• Delivers secure voice and data services to remote small home/office sites over standard broadband connections
• Centrally managed to minimise costs and increase security
• Utilises identity based networking services to help extend campus security to teleworkers
• Staff can login via VPN connections to gain authorised access to centrally located services and applications
• Productivity can be increased by providing IP Phones and cost effective access to centrally managed IP communications systems

5. WAN Architecture

• Converges Voice, Video, and data services over a single IP communications network
• Enables enterprises to cost effectively span large geographic areas
• QoS, service levels and encryption ensure the secure delivery of data to all corporate sites enabling staff to work from any location
• Security can be provided with multiservice VPNs (IPSEC / MPLS) over Layer 2 and Layer 3 WANs (hub and spoke or full mesh)

Notes are from Cisco.com

Deacon…

SSH On A Windows Server

Wow… Where have the last 2 weeks gone. I am finding it extremely difficult to find time to sit down and concentrate on studying towards BCMSN, this has really put me behind in my study schedule. I have accomplished a million other things on my plate such as completing an ITIL course, getting Nagios to monitor some switches, conducting a full audit of the switches we manage which involved creating network diagrams, updating and documenting approximately 700 port descriptions and I also got around to implementing SSH on a Windows 2003 Server.

Here is some info about SSH on Windows

As you may be aware Windows 2003 does not come with an SSH server as part of the standard software packages and this was an essential requirement for us as we require secure terminal access to a Windows Server. After doing many hours of research and testing various products I came to the conclusion that Cygwin was going to be the best solution.

About The Cygwin Solution

Cygwin is a Unix like environment with a command line interface that can be run on top of a Windows platform. In order to create an SSH server on the Windows machine the goal was to run a minimalistic version of Cygwin and then run OpenSSH on the Cygwin emulator to act as a SSH Server.

If anyone is intersted in setting up a SSH Server on a Windows box you can use the following instructions which were created by Kevin Scully at the University of Waterloo, Ontario, Canada.
Installing the Cygwin SSH daemon

Verification Procedures

The following procedures were used to verify that SSH was running on the Windows Server.

Issue the the netstat -a command to display the current network connections. As you can see the server is listening on the local address for incoming SSH connections.

The final test was to SSH into the machine using putty.
NOTE: I am SSHing to the loopback just for documentation purposes.

This picture illustrates that once you have accessed the machine via SSH you can access both the Unix and Windows environment.

Deacon…

Day 1

So today being the first day of my study schedule I was fairly excited to get stuck into things. I started off studying Module 1 Network Requirements from the BCMSN material available at NetAcad. Whilst this material doesn’t come under the Cisco Exam Overview I thought it would be a good idea to start off with some easy review material to get myself back into the swing of things and refresh my memory. Unfortunately things were fairly busy at work with the discussion of moving to 10Gb Ethernet and major upgrades to our DMZ infrastructure so I was unable to concentrate on studying… But it was exciting stuff anyway and I am looking forward to getting to play with a FWSM for the 6500 Series Switches.

I plan on finishing the rest of the reading from the Module 1 tonight and that leaves me the tomorrow to post up some notes before moving onto Module 2.

On Other Things

Over the weekend it seems that a new SOE was rolled out to the desktops at work and in the process I have lost all of my bookmarks , needless to say I was the least bit impressed. I decided that its time to find someway of managing my once treasured bookmarks so that I would never run into the issue again. To my savior I found the Firefox plugin Xmarks. Xmarks allows you to keep your bookmarks and (optional) passwords backed up and synchronised across multiple computers regardless of the OS. This is particularly useful for me as I use Windows XP at work and OpenSuse at home.
Further information about Xmarks is available – here

Deacon..

Plan of Attack

Somone once told me “a goal without a plan is just a wish” and I have always found the hardest part in achieving my goals was to get the ball rolling.

After reading Aragoen Celtdra’s blog Route My World! and seeing how Aragoen has used study schedules to help him achieve his goals, I decided what better way to kick things off than to create a study schedule.

I plan to tackle CCNP certification in the following order.

• Building Cisco Multilayer Switched Networks – 642-812
• Building Scalable Cisco Internetworks – 642-901
• Implementing Secure Converged Wide Area Networks – 642-825
• Optimizing Converged Cisco Networks – 642-845

I have chosen the order listed above because the data centre infrastructure at work is predominately switched based and by starting off with BCMSN it should ease the transition of getting back into study mode as alot of the material will be reinforced on a daily basis at work.

I plan to allow 1 week per module (theory and practical) but this will undoubtedly be altered due to work and personal commitments. Here is my study schedule on a week by week basis.

1. Implement VLANs
2. Conduct the operation of Spanning Tree protocols in a hierarchical network
3. Implement Inter-VLAN routing
4. Implement gateway redundancy technologies
5. Describe and configure wireless client access
6. Describe and configure security features in a switched network
7. Configure support for voice
8. Review all theory
9. Review all practical
10. Take Exam

For a further detailed exam overview you can checkout – 642-812 Exam Overview
For a full list of Cisco Exams and Exam Outlines – Click Here

As Dynamips/Dynagen is unable emulate Catalyst switches I will be using spare equipment that is available to me at work. I am very lucky in that my boss has given me permission to study towards CCNP as long as work is still my first priority, thanks Boss. Equipment that I will be using to setup switching labs will most likely include Catalyst 2950’s, 3750’s and 3750-E’s. Labs that I will be setting up are the labs from the BCMSN Lab Manual.

For the theory side I will be using material from Cisco’s NetAcad which is available online to those that have gone through Cisco’s Network Academy Program. For those unable to access NetAcad the material is also covered in the CCNP Official Exam Certification Library, 5th Edition from Cisco Press.

Deacon..