Perbedaan CISCO ROUTER dengan Linux Router
Linux Router
1. Harus Install Sistem Operasi OS
2. Harus Install Aplikasi untuk Routing
3. Bekerja hingga Layer ke 7, dari layer 1 hingga ke 7
4. Processor Minimal CoreDuo mungkin Pentium 4 Sudah Bisa
5. Bisa menghubungkan 2 jaringan/ subnet yang berbeda, Hanya untuk jaringan yang kecil.
6. Bagaimana kalau jaringan yang besar seperti MAN/WAN?
CISCO ROUTER
1. Hanya Setting pertama kali.
2. Bekerja hingga layer ke 3, dari layer 1 hingga ke 3
3. Processor ASIC, Aplication Specific Integrated Circuit. Lebih cepat dari DualCore2Duo dalam hal routing.
4. Bisa menghubungkan 2 jaringan/ subnet yang berbeda. Hal ini bisa di backup oleh switch layer 3.
5. Untuk MAN & WAN OK
Kamis, 25 Maret 2010
Diskon 70 % dari Cisco untuk CCNA
Alhamdulillah akhirnya dapat diskon untuk ujian CCNA setelah mengikuti CNAP (CISCO NETWORKING ACADEMY PROGRAM)
26 April 2010, jam 9.00 WIB Harus sudah ada di pearson VUE, Belajar 1 Bulan CCNA kejar target
Congratulations!
You have successfully met the requirements to receive a discount voucher for the CCNA Composite Cisco Career Certification exam.
Voucher Number: ---Deleted---
Voucher Expiration: 19-Nov-2010
Discount Percentage: 70%
This voucher code entitles you to a substantial discount toward achieving a certification in the globally recognized Cisco Career Certification Program. Cisco certifications bring measurable rewards to individuals working in the IT industry, network professionals, their managers, and the organizations that employ them.
What’s in it for me?
Knowledge is power, and certification is your proof. As the demand for skilled professionals to manage information and communication technologies continues to grow, Cisco certifications help set you apart from other candidates in the IT networking profession.
* In a recent study by Forrester Consulting, IT decision-makers rated technical certifications second only to four-year degrees in qualifying for positions.**
* Hiring managers from approximately 700 companies viewed certifications as nearly as important as a bachelor’s degree.***
You have come a long way toward achieving your certification. Be sure to take advantage of this discount voucher and register for your certification exam today!
Visit the Cisco Learning Network for helpful resources:
* Free self assessments to determine your readiness to sit for the exam
* Additional test prep materials and practice exam questions
* Benefits of being certified
* Student success stories
* Links to job postings
How do I register for an exam?
Pearson VUE (Cisco’s test provider), offers three different methods to register:
1. Register online: please sign-in to your account using your Pearson VUE username and password. If you do not have a username and password, please create a web account at the linked sign-in page above.
2. Contact a Pearson VUE agent directly.
3. Register directly with a testing center. Click here to find a center near you.
When registering for an exam, please provide the following information:
* Your voucher number
* Method of payment for the remaining balance
* Your Academy Connection username
* Your Academy Connection ID (from "My Profile" on Academy Connection)
If you have further questions about Cisco vouchers, refer to the FAQs within the Certification and Voucher pages of Academy Connection or contact AcademySupport@netacad.net
Cisco Networking Academy
Cisco Systems is dedicated to the highest standards of legal compliance, ethical behavior and accurate disclosure to the public. Various government and other organizations may have gift rules that either limit or prohibit their employees from accepting anything of value or of some tangible benefit above a specific dollar amount. We respectfully request that you, as a potential qualified participant in this voucher program, first confirm with your employer that your acceptance of this voucher is in compliance with your employer’s ethics guidelines and other applicable laws and regulations before you proceed to participate in this program. By your participation in this program, you are acknowledging that you have confirmed that it is appropriate under your organization’s rules to accept this voucher. This voucher is not subject to any assignment and is not transferable. Qualified participants are those who meet all requisite criteria, as set forth in the Voucher and Certification pages of Academy Connection.
Note: These vouchers cover between 50 to 80 percent of exam costs that range between $125 and $250 USD each, depending on the exam.
** Forrester Research survey conducted on behalf of Cisco. *** The Journal of Information Technology
Education, Volume 7, 2008
© 2009 Cisco Systems Inc. All rights reserved.
If you are not an Academy Connection user and have received this email in error, please contact the Cisco Networking Academy Help Desk at 1-888-327-1116 or academysupport@netacad.net for assistance.
26 April 2010, jam 9.00 WIB Harus sudah ada di pearson VUE, Belajar 1 Bulan CCNA kejar target
Congratulations!
You have successfully met the requirements to receive a discount voucher for the CCNA Composite Cisco Career Certification exam.
Voucher Number: ---Deleted---
Voucher Expiration: 19-Nov-2010
Discount Percentage: 70%
This voucher code entitles you to a substantial discount toward achieving a certification in the globally recognized Cisco Career Certification Program. Cisco certifications bring measurable rewards to individuals working in the IT industry, network professionals, their managers, and the organizations that employ them.
What’s in it for me?
Knowledge is power, and certification is your proof. As the demand for skilled professionals to manage information and communication technologies continues to grow, Cisco certifications help set you apart from other candidates in the IT networking profession.
* In a recent study by Forrester Consulting, IT decision-makers rated technical certifications second only to four-year degrees in qualifying for positions.**
* Hiring managers from approximately 700 companies viewed certifications as nearly as important as a bachelor’s degree.***
You have come a long way toward achieving your certification. Be sure to take advantage of this discount voucher and register for your certification exam today!
Visit the Cisco Learning Network for helpful resources:
* Free self assessments to determine your readiness to sit for the exam
* Additional test prep materials and practice exam questions
* Benefits of being certified
* Student success stories
* Links to job postings
How do I register for an exam?
Pearson VUE (Cisco’s test provider), offers three different methods to register:
1. Register online: please sign-in to your account using your Pearson VUE username and password. If you do not have a username and password, please create a web account at the linked sign-in page above.
2. Contact a Pearson VUE agent directly.
3. Register directly with a testing center. Click here to find a center near you.
When registering for an exam, please provide the following information:
* Your voucher number
* Method of payment for the remaining balance
* Your Academy Connection username
* Your Academy Connection ID (from "My Profile" on Academy Connection)
If you have further questions about Cisco vouchers, refer to the FAQs within the Certification and Voucher pages of Academy Connection or contact AcademySupport@netacad.net
Cisco Networking Academy
Cisco Systems is dedicated to the highest standards of legal compliance, ethical behavior and accurate disclosure to the public. Various government and other organizations may have gift rules that either limit or prohibit their employees from accepting anything of value or of some tangible benefit above a specific dollar amount. We respectfully request that you, as a potential qualified participant in this voucher program, first confirm with your employer that your acceptance of this voucher is in compliance with your employer’s ethics guidelines and other applicable laws and regulations before you proceed to participate in this program. By your participation in this program, you are acknowledging that you have confirmed that it is appropriate under your organization’s rules to accept this voucher. This voucher is not subject to any assignment and is not transferable. Qualified participants are those who meet all requisite criteria, as set forth in the Voucher and Certification pages of Academy Connection.
Note: These vouchers cover between 50 to 80 percent of exam costs that range between $125 and $250 USD each, depending on the exam.
** Forrester Research survey conducted on behalf of Cisco. *** The Journal of Information Technology
Education, Volume 7, 2008
© 2009 Cisco Systems Inc. All rights reserved.
If you are not an Academy Connection user and have received this email in error, please contact the Cisco Networking Academy Help Desk at 1-888-327-1116 or academysupport@netacad.net for assistance.
Senin, 22 Maret 2010
ASA/PIX Order of Operations
====================
Packet Flow Sequence
====================
PIX/ASA - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
---------------------------------------------------------------
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a connection is created.
10. ROUTE-LOOKUP - [output and adjacency] -
Packet Flow Sequence
====================
PIX/ASA - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
---------------------------------------------------------------
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a connection is created.
10. ROUTE-LOOKUP - [output and adjacency] -
====================
Packet Flow Sequence
====================
Packet Flow Sequence
====================
PIX/ASA - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
---------------------------------------------------------------
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a connection is created.
10. ROUTE-LOOKUP - [output and adjacency] -
---------------------------------------------------------------
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a connection is created.
10. ROUTE-LOOKUP - [output and adjacency] -
PIX/ASA - VPN - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
---------------------------------------------------------------
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. VPN - [encrypt] -
9. VPN - [ipsec-tunnel-flow] -
10. IP-OPTIONS - [] -
11. FLOW-CREATION - [] - If everything passes up until this point a connection is created.
12. FLOW-LOOKUP - [] - On the new header
13. ACCESS-LIST - [] - On the new header
14. FLOW-CREATION - [] -
15. ROUTE-LOOKUP - [output and adjacency]
ASA/PIX - Outside (Lower SEC_Level) to Inside (Higher Sec_Lev)
-----------------------------------------------------------
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a new connection.
2. UN-NAT - [static] -
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [rpf-check] -
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a connection is created.
10. ROUTE-LOOKUP - [output and adjacency] -
Sabtu, 13 Maret 2010
CCNA QUICK NOTES
1.Besides named access lists, what are the two types of IP access lists?
The two types of IP access lists are standard and extended.
What criteria do standard IP access lists use to filter packets? Standard IP access lists filter packets by the source address. This results in the packet’s being permitted or denied for the entire protocol suite based on the source network IP address.
2.What criteria do extended IP access lists use to filter packets? Extended IP access lists filter packets by source address, destination address, protocols, and port numbers.
3.In what two ways can IP access lists be applied to an interface?
Access lists can be applied as inbound or outbound access lists. Inbound access lists process packets as they enter a router’s interface and before they are routed. Outbound access lists process packets as they exit a router’s interface and after they are routed.
4.How many access lists can be applied to an interface on a Cisco router?
Only one access list per protocol, per direction, per interface can be applied on a Cisco router. Multiple access lists are permitted per interface, but they must be for a different protocol.
5.How are access lists processed? Access lists are processed in sequential, logical order, evaluating packets from the top down, one statement at a time. As soon as a match is made, the permit or deny option is applied, and the packet is not applied to any more access list statements. Because of this, the order of the statements within any access list is significant.
6.What is at the end of each access list?
At the end of each access list, an implicit deny statement denies any packet not filtered in the access list.
7.What are the number ranges used to define standard and extended IP access lists? The number ranges used to define standard and extended IP access lists are as follows:
· Standard IP access lists 1 to 99 and 1300 to 1999· Extended IP access lists 100 to 199 and 2000 to 2699
8.When implementing access lists, what are wildcard masks?
Wildcard masks define the subset of the 32 bits in the IP address that must be matched. Wildcards are used with access lists to specify a host, network, or part of a network. Wildcard masks work exactly the opposite of subnet masks. In subnet masks, 1 bits are matched to the network portion of the address, and 0s are wildcards that specify the host range. In wildcard masks, when 0s are present, the octet address must match. Mask bits with a binary value of 1 are wildcards. For example, if you have an IP address 172.16.0.0 with a wildcard mask of 0.0.255.255, the first two portions of the IP address must match 172.16, but the last two octets can be in the range 1 to 255.
9.What is the IOS command syntax used to create a standard IP access list? Here is the command syntax to create a standard IP access list:
access-list access-list-number {permit deny} source-address [wildcard mask]access-list-number is a number from 1 to 99.
For example:
RouterA(config)#access-list 10 deny 192.168.0.0 0.0.0.255
10.After you create a standard or extended IP access list, how do you apply it to an interface on a Cisco router?
To apply an access list to an interface on a Cisco router, use the ip access-group interface command: ip access-group access-list-number {in out}For example:RouterA(config)#int s0RouterA(config-if)#ip access-group 10 in
Create a standard access list that permits the following networks:
192.168.200.0192.168.216.0192.168.232.0192.168.248.0
There are two ways to do this. First, you can create one access list that contains an entry for each network:
access-list 10 permit 192.168.200.0 0.0.0.255access-list 10 permit 192.168.216.0 0.0.0.255access-list 10 permit 192.168.232.0 0.0.0.255access-list 10 permit 192.168.248.0 0.0.0.255
A second way to do this is to create a single entry with wildcard masks:
access-list 10 permit 192.168.200.0 0.0.48.255
To see how this one statement denies all the networks, you must look at it in binary:
.200= 11001000.216= 11011000.232= 11101000.248= 11111000
All the bits match except the third and fourth bits. With wildcard masks, these are the bits you want to match. Therefore, your wildcard mask would be 00110000 in binary, which is 48.
11.What is the Cisco IOS command syntax used to create an extended access list?
Here is the Cisco IOS command syntax to create an extended access list: access-list access-list-number {permit deny} protocol source-address source-wildcard [operator port] destination-address destination-wildcard [operator port]
protocol examples include IP, TCP, UDP, ICMP, GRE, and IGRP.
operator port can be lt (less than), gt (greater than), eq (equal to), or neg (not equal to) and a protocol port number.
Create an extended access list denying web traffic to network 192.168.10.0.
The following commands deny web traffic to network 192.168.10.0:
access-list 101 deny tcp any 192.168.10.0 0.0.0.255 eq wwwaccess-list 101 permit ip any any
12.What IOS command can you use to see whether an IP access list is applied to an interface?
The IOS command to see whether an IP access list is applied to an interface is
show ip interface interface-type interface-number
For example:
RouterA#show ip interface s0
Serial0 is up, line protocol is up Internet address is 192.168.1.2/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is not set Inbound access list is 10 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is enabled IP Feature Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled Web Cache Redirect is disabled BGP Policy Mapping is disabled
13.How can you display all access lists on a Cisco router? To display all access lists on a Cisco router, use the show access-list command: RouterA#show access-listStandard IP access list 10 deny 192.168.0.0, wildcard bits 0.0.0.255Extended IP access list 101 permit tcp any any eq www permit udp any any eq domain permit udp any eq domain any permit icmp any any deny tcp 192.168.10.0 0.0.0.255 any eq wwwRouterA#
14.How do you figure out wildcard questions?
Identify the class192.68.12.0 – Class C24 bits for networks/29 tells us that we need an additional 5 bits29 – 24 = 5 bits5 bits = 128 + 64 + 32 + 16 + 8 = 248Default subnet mask for Class C network = 255.255.255.0New subnet mask for /29 network = 255.255.255.248To find the wildcard value:255.255.255.255 255.255.255.248
- —————
0.0.0.7 Same logic for Class B172.31.0.0 /1916 bits for networks/19 tells us we need an additional 3 bits19 – 16 = 3 bits3 bits = 128 + 64 + 32 = 224Default subnet mask for Class B network = 255.255.0.0New subnet mask for /19 network = 255.255.224.0To find the wildcard value:255.255.255.255255.255.224.0 —————-0.0.31.255
The two types of IP access lists are standard and extended.
What criteria do standard IP access lists use to filter packets? Standard IP access lists filter packets by the source address. This results in the packet’s being permitted or denied for the entire protocol suite based on the source network IP address.
2.What criteria do extended IP access lists use to filter packets? Extended IP access lists filter packets by source address, destination address, protocols, and port numbers.
3.In what two ways can IP access lists be applied to an interface?
Access lists can be applied as inbound or outbound access lists. Inbound access lists process packets as they enter a router’s interface and before they are routed. Outbound access lists process packets as they exit a router’s interface and after they are routed.
4.How many access lists can be applied to an interface on a Cisco router?
Only one access list per protocol, per direction, per interface can be applied on a Cisco router. Multiple access lists are permitted per interface, but they must be for a different protocol.
5.How are access lists processed? Access lists are processed in sequential, logical order, evaluating packets from the top down, one statement at a time. As soon as a match is made, the permit or deny option is applied, and the packet is not applied to any more access list statements. Because of this, the order of the statements within any access list is significant.
6.What is at the end of each access list?
At the end of each access list, an implicit deny statement denies any packet not filtered in the access list.
7.What are the number ranges used to define standard and extended IP access lists? The number ranges used to define standard and extended IP access lists are as follows:
· Standard IP access lists 1 to 99 and 1300 to 1999· Extended IP access lists 100 to 199 and 2000 to 2699
8.When implementing access lists, what are wildcard masks?
Wildcard masks define the subset of the 32 bits in the IP address that must be matched. Wildcards are used with access lists to specify a host, network, or part of a network. Wildcard masks work exactly the opposite of subnet masks. In subnet masks, 1 bits are matched to the network portion of the address, and 0s are wildcards that specify the host range. In wildcard masks, when 0s are present, the octet address must match. Mask bits with a binary value of 1 are wildcards. For example, if you have an IP address 172.16.0.0 with a wildcard mask of 0.0.255.255, the first two portions of the IP address must match 172.16, but the last two octets can be in the range 1 to 255.
9.What is the IOS command syntax used to create a standard IP access list? Here is the command syntax to create a standard IP access list:
access-list access-list-number {permit deny} source-address [wildcard mask]access-list-number is a number from 1 to 99.
For example:
RouterA(config)#access-list 10 deny 192.168.0.0 0.0.0.255
10.After you create a standard or extended IP access list, how do you apply it to an interface on a Cisco router?
To apply an access list to an interface on a Cisco router, use the ip access-group interface command: ip access-group access-list-number {in out}For example:RouterA(config)#int s0RouterA(config-if)#ip access-group 10 in
Create a standard access list that permits the following networks:
192.168.200.0192.168.216.0192.168.232.0192.168.248.0
There are two ways to do this. First, you can create one access list that contains an entry for each network:
access-list 10 permit 192.168.200.0 0.0.0.255access-list 10 permit 192.168.216.0 0.0.0.255access-list 10 permit 192.168.232.0 0.0.0.255access-list 10 permit 192.168.248.0 0.0.0.255
A second way to do this is to create a single entry with wildcard masks:
access-list 10 permit 192.168.200.0 0.0.48.255
To see how this one statement denies all the networks, you must look at it in binary:
.200= 11001000.216= 11011000.232= 11101000.248= 11111000
All the bits match except the third and fourth bits. With wildcard masks, these are the bits you want to match. Therefore, your wildcard mask would be 00110000 in binary, which is 48.
11.What is the Cisco IOS command syntax used to create an extended access list?
Here is the Cisco IOS command syntax to create an extended access list: access-list access-list-number {permit deny} protocol source-address source-wildcard [operator port] destination-address destination-wildcard [operator port]
protocol examples include IP, TCP, UDP, ICMP, GRE, and IGRP.
operator port can be lt (less than), gt (greater than), eq (equal to), or neg (not equal to) and a protocol port number.
Create an extended access list denying web traffic to network 192.168.10.0.
The following commands deny web traffic to network 192.168.10.0:
access-list 101 deny tcp any 192.168.10.0 0.0.0.255 eq wwwaccess-list 101 permit ip any any
12.What IOS command can you use to see whether an IP access list is applied to an interface?
The IOS command to see whether an IP access list is applied to an interface is
show ip interface interface-type interface-number
For example:
RouterA#show ip interface s0
Serial0 is up, line protocol is up Internet address is 192.168.1.2/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is not set Inbound access list is 10 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is enabled IP Feature Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled Web Cache Redirect is disabled BGP Policy Mapping is disabled
13.How can you display all access lists on a Cisco router? To display all access lists on a Cisco router, use the show access-list command: RouterA#show access-listStandard IP access list 10 deny 192.168.0.0, wildcard bits 0.0.0.255Extended IP access list 101 permit tcp any any eq www permit udp any any eq domain permit udp any eq domain any permit icmp any any deny tcp 192.168.10.0 0.0.0.255 any eq wwwRouterA#
14.How do you figure out wildcard questions?
Identify the class192.68.12.0 – Class C24 bits for networks/29 tells us that we need an additional 5 bits29 – 24 = 5 bits5 bits = 128 + 64 + 32 + 16 + 8 = 248Default subnet mask for Class C network = 255.255.255.0New subnet mask for /29 network = 255.255.255.248To find the wildcard value:255.255.255.255 255.255.255.248
- —————
0.0.0.7 Same logic for Class B172.31.0.0 /1916 bits for networks/19 tells us we need an additional 3 bits19 – 16 = 3 bits3 bits = 128 + 64 + 32 = 224Default subnet mask for Class B network = 255.255.0.0New subnet mask for /19 network = 255.255.224.0To find the wildcard value:255.255.255.255255.255.224.0 —————-0.0.31.255
ACCES Control Lists
Standard IP Access Control Lists
Filtering logic could be configured on any router and on any of its interfaces. Cisco IOS software applies the filtering logic of an ACL either as a packet enters an interface or as it exits the interface. In other words, IOS associates an ACL with an interface, and specifically for traffic either entering or exiting the interface. After you have chosen the router on which you want to place the access list, you must choose the interface on which to apply the access logic, as well as whether to apply the logic for inbound or outbound packets.The key features of Cisco ACLs are:
. Packets can be filtered as they enter an interface, before the routing decision.
. Packets can be filtered before they exit an interface, after the routing decision.
. Deny is the term used in Cisco IOS software to imply that the packet will be filtered.
. Permit is the term used in Cisco IOS software to imply that the packet will not be filtered.
. The filtering logic is configured in the access list.
. If a packet does not match any of your access list statements, it is blocked.
Access lists have two major steps in their logic: matching, which determines whether it matches the access-list statement; and action, which can be either deny or permit. Deny means to discard the packet, and permit implies that the packet should be allowed. However, the logic that IOS uses with a multiple-entry ACL can be much more complex. Generally, the logic can be summarized as follows:
Step 1: The matching parameters of the access-list statement are compared to the packet.
Step 2: If a match is made, the action defined in this access-list statement (permit or deny) is performed.
Step 3: If a match is not made in Step 2, repeat Steps 1 and 2 using each successive statement in the ACL until a match is made.
Step 4: If no match is made with an entry in the access list, the deny action is performed.
Wildcard Masks
IOS IP ACLs match packets by looking at the IP, TCP, and UDP headers in the packet. Standard IP access lists can also examine only the source IP address. You can configure the router to match the entire IP address or just a part of the IP address. When defining the ACL statements you can define a wildcard mask along with the IP address. The wildcard mask tells the router which part of the IP address in the configuration statement must be compared with the packet header. The wildcard masks look similar to subnet masks, in that they represent a 32-bit number. However, the wildcard mask’s 0 bits tell the router that those corresponding bits in the address must be compared when performing the matching logic. The binary 1s in the wildcard mask tell the router that those bits do not need to be compared. Thus, wildcard mask 0.0.0.0, which in binary form is 00000000.00000000.00000000.00000000, indicates that the entire IP address must be matched, while wildcard mask 0.0.0.255, which in binary form is 00000000.00000000.00000000.11111111, indicates that the first 24 bits of the IP address must be matched, and wildcard mask 0.0.31.255, which in binary form is 00000000.00000000.00011111.11111111, indicates that the first 24 bits of the IP address must be matched.Standard IP Access List Configuration
A standard access list is used to match a packet and then take the directed action. Each standard ACL can match all, or only part, of the packet’s source IP address. The only two actions taken when an access-list statement is matched are to either deny or permit the packet.The configuration commands required are:
. ip access-group {number | action [in | out]}, in which action can be either permit of deny and is used to enable access lists; and
. access-class number | action [in | out], which can be used to enable either standard or extended access lists.
The standard access list configuration can be verified using the following show commands:
. show ip interface[type number], which includes a reference to the access lists enabled on the interface;
. show access-lists [access-list-number | access-list-name], which shows details of configured access lists for all protocols; and
. show ip access-list [access-list-number | access-list-name], which shows the access lists.
Extended IP Access Control Lists
Extended IP access lists are similar to standard IP ACLs in that you enable extended access lists on interfaces for packets either entering or exiting the interface. IOS then searches the list sequentially. The first statement matched stops the search through the list and defines the action to be taken. The key difference between the extended ACLs and standard ACLs is the variety of fields in the packet that can be compared for matching by extended access lists. A single extended ACL statement can examine multiple parts of the packet headers, requiring that all the parameters be matched correctly in order to match that one ACL statement. That matching logic is what makes extended access lists both much more useful and much more complex than standard IP ACLs. You can configure extended ACL to match the IP protocol type, which identifies what header follows the IP header. You can specify all IP packets, or those with TCP headers, UDP headers, ICMP, etc, by checking the Protocol field. You can also check the source and destination IP addresses, as well as the TCP source and destination port numbers.An extended access list is more complex than standard access lists. Therefore the configuration commands are more complex. The configuration command for extended access lists is:
. access-list access-list-number action protocol source source-wildcard destination destination-wildcard [log | log-input], which can be used to enable access lists;
Named IP Access Lists
Named ACLs can be used to match the same packets, with the same parameters, you can match with standard and extended IP ACLs. Named IP ACLs do have some differences, however. The most obvious difference is that IOS identifies named ACLs using names you assign them as opposed to numbers. Named ACLs also have another key feature that numbered ACLs do not: You can delete individual lines in a named IP access list.In addition, two important configuration differences exist between numbered and named access lists. One key difference is that named access lists use a global command that places the user in a named IP access list submode, under which the matching and permit or deny logic is configured. The other key difference is that when a named matching statement is deleted, only that one statement is deleted. With numbered lists, the deletion of any statement in the list deletes all the statements in the list.
Controlling Telnet Access with ACLs
Access into and out of the virtual terminal line (vty) ports of the Cisco IOS software can also be controlled by IP access lists. IOS uses vtys to represent a user who has Telnetted to a router, as well as for Telnet sessions a user of a router has created to other devices. You can use ACLs to limit the IP hosts that can Telnet into the router, and you can also limit the hosts to which a user of the router can Telnet.Configuring a Router to Support SDM
Configuring a Router to Support SDM
By Raiy Wong | November 5, 2009There are two types of SDM, SDM and SDM Express. The express version is just a limited form of SDM for routers that do not have enough flash memory to support the full SDM (SDM requires 6MB of flash, SDM Express requires only 2MB of flash). SDM is factory installed on the 1800 series, 2800 series, and 3800 series routers. SDM is also factory installed on router platforms with the (K9) security bundle. If a router does not have SDM installed, the software can be downloaded for free from Cisco. When downloading the SDM software from Cisco, make sure to verify the IOS version of the router can support SDM.
SDM provides several wizards to walk an engineer through configuring a router. These wizards range from interface configurations, to VPN (Virtual Private Network), and even QoS (Quality of Service) configurations. The Security Device Manager also provides real time monitoring, logging, and security audit features. It will even notify an engineer if it notices conflicting configuration parameters and suggest resolutions.
Note – SDM can be enabled on deployed routers without affecting the network
To configure a router to support SDM:
First, enable the HTTP or HTTPS server on the router.
- Router# configure terminal
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000
- Router(config)# username username privilege 15 secret 0 password
- Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
Article Source: http://www.ccbootcamp.com/support-resources/resources/articles-by-ccbootcamp.html
Sertifikasi ujian CCNP Terbaru 642-902 642-813 642 832
642-902 CCNP Route Exam
642-813 CCNP Switch Exam
642-832 CCNP Troubleshooting and maintaining CISCO IP Network TSHOOT
Daftar Harganya
Belajar yang semangat untuk salary yang TOP.
642-813 CCNP Switch Exam
642-832 CCNP Troubleshooting and maintaining CISCO IP Network TSHOOT
Daftar Harganya
| CCNP Versi Sekarang | Harga Dan Durasi | Hari Terakhir TEST |
| 642-901 BSCI | $ 150/ 90 Min | July 31, 2010 |
| 642-812 BCMSN | $ 150/ 90 Min | July 31, 2010 |
| 642-825 ISCW | $ 150/ 90 Min | July 31, 2010 |
| 642-845 ONT | $ 150/ 90 Min | July 31, 2010 |
| 642-892 Composite | $ 300/ 90 Min | July 31, 2010 |
| CCNP Versi Terbaru | Harga Dan Durasi | Available |
| 642-902 ROUTE | $ 200/ 120 Min | March 10, 2010 |
| 642-813 SWITCH | $ 200/ 120 Min | March 10, 2010 |
| 642-832 TSHOOT (Beta) | $ 50/ 120 Min | Feb16 – Mar 26, 2010 |
| 642-832 TSHOOT | $ 200/ 120 Min | April 30, 2010 |
Belajar yang semangat untuk salary yang TOP.
Kamis, 11 Maret 2010
CCNP Ujian Update
| CCNP Exams & Recommended Training | |
|---|---|
| Required Exam(s) | Recommended Training |
| 642-901 BSCI Last day to test: July 31, 2010 | Building Scalable Cisco Internetworks (BSCI) |
| OR | |
| 642-902 ROUTE Available March 10, 2010 | Implementing Cisco IP Routing (ROUTE) |
| 642-812 BCMSN Last day to test: July 31, 2010 | Building Cisco Multilayer Switched Networks (BCMSN) |
| OR | |
| 642-813 SWITCH Available March 10, 2010 | Implementing Cisco IP Switched Networks (SWITCH) |
| 642-825 ISCW Last day to test: July 31, 2010 | Implementing Secure Converged Wide Area Networks (ISCW) |
| 642-845 ONT Last day to test: July 31, 2010 | Optimizing Converged Cisco Networks (ONT) |
OR | |
| Required Exam(s) | Recommended Training |
| 642-892 Composite Last day to test: July 31, 2010 | Building Scalable Cisco Internetworks (BSCI) Building Cisco Multilayer Switched Networks (BCMSN) |
| 642-825 ISCW Last day to test: July 31, 2010 | Implementing Secure Converged Wide Area Networks (ISCW) |
| 642-845 ONT Last day to test: July 31, 2010 | Optimizing Converged Cisco Networks (ONT) |
OR | |
| Required Exam(s) | Recommended Training |
| 642-901 BSCI Last day to test: July 31, 2010 | Building Scalable Cisco Internetworks (BSCI) |
| OR | |
| 642-902 ROUTE Available March 10, 2010 | Implementing Cisco IP Routing (ROUTE) |
| 642-812 BCMSN Last day to test: July 31, 2010 | Building Cisco Multilayer Switched Networks (BCMSN) |
| OR | |
| 642-813 SWITCH Available March 10, 2010 | Implementing Cisco IP Switched Networks (SWITCH) |
| 643-832 TSHOOT BETA Available: February 16-March 26, 2010 | Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) |
| OR | |
| 642-832 TSHOOT Available: April 30, 2010 | |
OR | |
| Required Exam(s) | Recommended Training |
| 642-892 Composite Last day to test: July 31, 2010 | Building Scalable Cisco Internetworks (BSCI) Building Cisco Multilayer Switched Networks (BCMSN) |
| 643-832 TSHOOT BETA Available: February 16-March 26, 2010 | Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) |
| OR | |
| 642-832 TSHOOT Available: April 30, 2010 | |
Basic BINARY
I've seen a lot of people struggle when first learning decimal-to-binary and other conversions, mostly because they find themselves overwhelmed with conversion charts and don't quite grasp the concept of a numbering base. I decided to write this post when I realized the method I use to teach people binary and hexadecimal isn't used in any of the books I have (which isn't to say it's unique by any means, but perhaps not very widespread).
If you do use the methodology described here, I would appreciate feedback on how well it worked (or didn't) so that it can be improved.
To express values greater than the highest available digit (e.g. values greater than 9), we must use multiple digits. We increase the column to the left (which is zero if not present) by one and reset the current column to zero; 09 becomes 10. This is a recursive process; it is repeated as necessary until we reach the leftmost column of the number (e.g. counting from 999 to 1000).
Here's the key concept to absorb: every numbering base works this way. The only difference is the amount of digits you can use.
Congratulations, you now know how to count in octal (or base-8), which uses only the digits 0 through 7.
And now you can count in binary.
One note here: binary numbers are typically written in groups of eight bits (_binary digits_), with leading zeros for padding. This is done out of convention simply because this is typically the smallest amount of bits a computer deals with at any one time.
Note that hexadecimal numbers are normally denoted with a leading "0x"; the number in the above example would typically be written 0x11. Padded to fill a 32-bit variable, it would be written 0x00000011.
The value of each place is derived as the base number (10 for decimal, 8 for octal, etc.) to the power of its column (starting with zero). In other words:
(A quick math tip: remember that any number to a power of zero equals one.)
Realizing this, we can easily extend this concept to converting other bases to decimal. Let's try our octal number 21:
Conversion from binary takes a bit longer but works exactly the same way:
It just takes a bit of practice to begin memorizing the first eight powers of two (1, 2, 4, 8, 16, 32, 64, and 128). Once you've got them locked in your head, converting between decimal and binary becomes second nature.
If you do use the methodology described here, I would appreciate feedback on how well it worked (or didn't) so that it can be improved.
Step 1: Relearn to Count in Decimal
Think back to kindergarten or whenever you first learned to count. As a typical example, let's say you have seventeen apples. To express this as a decimal value, start with zero and begin counting: 1, 2, 3... up to 9. When you reach the tenth apple, you've run out of digits. This is because we count in a base-10 numbering system, more commonly known as decimal, which employs the digits 0 through 9.To express values greater than the highest available digit (e.g. values greater than 9), we must use multiple digits. We increase the column to the left (which is zero if not present) by one and reset the current column to zero; 09 becomes 10. This is a recursive process; it is repeated as necessary until we reach the leftmost column of the number (e.g. counting from 999 to 1000).
Here's the key concept to absorb: every numbering base works this way. The only difference is the amount of digits you can use.
Step 2: Counting with Fewer Digits
Now let's try counting to seventeen again, but this time you can't use the digits 8 or 9. We begin counting, 1, 2, 3... 7. Since we're out of available digits at this point, we increase the column to the left from 0 (or nothing) to 1, and reset the current column to zero. We continue increasing the value of this column again until we run out of digits a second time. The column to the left is again increased and the current column reset. We continue increasing the value of the rightmost column again until we run out of apples to count.Congratulations, you now know how to count in octal (or base-8), which uses only the digits 0 through 7.
Step 3: Counting with Even Fewer Digits
Let's extend this concept to its extreme; for this exercise, you can only use the digits 0 and 1. Start counting: 0, 1 -- we're already out of digits, so add another column, resume counting, and repeat. Notice that we have to increase the column to the left and start over for every other apple we count.And now you can count in binary.
One note here: binary numbers are typically written in groups of eight bits (_binary digits_), with leading zeros for padding. This is done out of convention simply because this is typically the smallest amount of bits a computer deals with at any one time.
Step 4: Counting with More Digits
"What do you mean, more digits? We only have ten!" True, we only have ten numeric digits; that's why we begin adding letters to the mix for bases like hexadecimal (base-16) or "hex" for short.Note that hexadecimal numbers are normally denoted with a leading "0x"; the number in the above example would typically be written 0x11. Padded to fill a 32-bit variable, it would be written 0x00000011.
Step 5: Converting Back to Decimal
To convert a number from another base to a decimal number, each digit is multiplied by the value of its place. To illustrate this, first we example a the decimal number - 742, for instance - can be expressed as the sum of its place values:The value of each place is derived as the base number (10 for decimal, 8 for octal, etc.) to the power of its column (starting with zero). In other words:
(A quick math tip: remember that any number to a power of zero equals one.)
Realizing this, we can easily extend this concept to converting other bases to decimal. Let's try our octal number 21:
Conversion from binary takes a bit longer but works exactly the same way:
It just takes a bit of practice to begin memorizing the first eight powers of two (1, 2, 4, 8, 16, 32, 64, and 128). Once you've got them locked in your head, converting between decimal and binary becomes second nature.
Langganan:
Postingan (Atom)