30 October 2008

Adding Switch to Cisco Home Lab - Part 5


Configure Router as DHCP Server for VLANs

Now this part of configuration is the most fun part of all. I just love the way that one router accepts requests from clients on different VLANs (with different subnets), and the router gives away the addresses based on what VLAN a client resides.

That's just cool, your average home usage routers can't do this kind of stuff, most of the average home usage routers can do is just give away IP addresses for one network.

At the previous post, I posted about how to make a router to be DHCP server. Now this post is similar but I'm going to make the router to give away IP addresses for clients on different networks.

The configuration is also the same, but now I'm going to make several IP DHCP pool. The amazing thing is that the router can differentiate each client request for IP address.

The router listens to the requests, which request comes from which sub interface (subnet or VLAN).
Then the router takes the available IP address from the DHCP pool and tells the client that it's now using this IP address.

At this example I'm using four networks in my local area network. I won't be giving away the addresses for the VLAN 5 since I'm only going to assign the IP addresses for management purpose only - I'll assign the addresses statically on the networking devices.
The 3 networks left, the VLAN 10, 20, and 30 IP addresses are configured using DHCP server.

Same as before, you need to exclude the IP addresses that you don't want to give out through DHCP. I conserve the first ten addresses for each network, I probably need it for something else in the future.

router> enable
router# configure terminal
router (config)# ip dhcp excluded-address 192.168.10.1 192.168.10.10
router (config)# ip dhcp excluded-address 192.168.20.1 192.168.20.10
router (config)# ip dhcp excluded-address 192.168.30.1 192.168.30.10

Now the DHCP will give out addresses to the clients starting from XXX.XXX.XXX.11

Next is to configure the DHCP pools for respective VLANs:

router (config)# ip dhcp pool OFFICE
router (dhcp-config)# network 192.168.10.0 255.255.255.0
router (dhcp-config)# default-router 192.168.10.1
router (dhcp-config)# dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

router (config)# ip dhcp pool HOME
router (dhcp-config)# network 192.168.20.0 255.255.255.0
router (dhcp-config)# default-router 192.168.20.1
router (dhcp-config)# dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

router (config)# ip dhcp pool OFFICE
router (dhcp-config)# network 192.168.30.0 255.255.255.0
router (dhcp-config)# default-router 192.168.30.1
router (dhcp-config)# dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

You can set the dns-server option to point to up to 6 dns servers.
The default-router command tells the clients to set the ip default gateway to point to the router's sub interface.

At this point, if you can ping all the sub interfaces of the router from the switch, the router will give IP addresses for requests coming from the clients for DHCP service.

The router differentiates the requests like this, if a request coming from the sub interface ethernet 0/1.10, then the router will give the IP address according to the ip address on that interface (192.168.10.0 network).

After this you need to configure the router for internet connection, if you haven't done it before.
Remember to apply access-list that allows all networks you have in the LAN to be translated by the NAT.
Read more!

29 October 2008

Adding Switch to Cisco Home Lab - Part 4


Configure Router for InterVLAN routing

If you only configure VLAN on the 2950 or other layer 2 switches, the clients can only communicate with other clients within the same VLAN.
If you want them to be able to communicate with other clients on different VLANs, then you need to configure a router for interVLAN routing.

Configuration of router for interVLAN routing often called router on a stick. The reason is the clients that want to communicate with other clients on different VLANs need to go through the router first and the router will route the packets to the appropriate VLANs back through the same line.

The disadvantage of this is that single line going to the router will be filled by requests from one VLAN going to other VLAN, and the router will be set for handling the routing for this.

No problem for the small LAN, but if you have a huge number of clients, you need to consider using Layer 3 or multilayer switches (Cisco Catalyst 3550 series or above) for interVLAN routing.

The concept of layer 3 switch routing is something that you'd find on the CCNP level, not the CCNA.
I don't have layer 3 switch, the cheapest one I can find in my local area is more than $600 yikes. But the configuration is so easy, I'll only want to give you some snippets later.

For now lets configure the router to do interVLAN routing.

We know that routers have limited amount of physical interfaces right? The 2611 have a default of 2 ethernet interfaces.
One interface is going to the internet and the other is supposedly connected to the internal LAN.
How come one interface can handle multiple VLANs a.k.a. multiple networks with different subnets.

There's a genius way to get around this, that is by using logical sub interfaces. That one port can be logically devided into many sub interfaces.
Each sub interface will handle one VLAN/subnet.

NOTE:

Previously the interVLAN routing can only be done by routers with Fast Ethernet interfaces (100 Mbps) and not intended for Ethernet interfaces (10 Mbps) due to small bandwidth consideration. But now we can configure it on the ethernet ports also.

Before configuring the router, lets see again how the network diagram looks like:

So we need to define four sub interfaces and the respective IP addresses, we also need to define the VLAN assigned to the sub interface using encapsulation dot1q VLAN_NUMBER, where the VLAN_NUMBER is the VLAN ID for the sub interface.
You need to define the VLAN first on the sub interface, then you can assign IP address there.
You don't need to assign IP address for the main interface ethernet 0/0 but do no shutdown and the sub interfaces will automatically apply the same no shutdown.
here's how we configure them:

router> enable
router# configure terminal
router (config)# interface ethernet0/0
router (config-if)# no ip address
router (config-if)# no shutdown
router (config-if)# interface ethernet0/0.5
router (config-if)# interface ethernet0/1.5
router (config-subif)# encapsulation dot1q 5
router (config-subif)# ip address 192.168.5.1 255.255.255.0
router (config-subif)# interface ethernet0/1.10
router (config-subif)# encapsulation dot1q 10
router (config-subif)# ip address 192.168.10.1 255.255.255.0
router (config-subif)# interface ethernet0/1.20
router (config-subif)# encapsulation dot1q 20
router (config-subif)# ip address 192.168.20.1 255.255.255.0
router (config-subif)# interface ethernet0/1.30
router (config-subif)# encapsulation dot1q 30
router (config-subif)# ip address 192.168.30.1 255.255.255.0

You can give sub interface number up to 4294967295, the reason is it gives you the flexibility on naming the sub interface to match the VLAN ID. You can easily identify the sub interface e0/1.5 is for VLAN 5 and so on.

Oh, don't forget to do the no shutdown command on the main interface ethernet 0/1, it will also do no shutdown for the sub interfaces.

Now if you can successfully ping the interface VLAN 5 on the switch (192.168.5.2 in this example) then you are done configuring the router for interVLAN routing.

For configuring interVLAN routing on Layer 3 switches you have to make interface VLAN for every VLAN that you want to route and give them IP addresses.

Layer3Switch> enable
Layer3Switch# configure terminal
Layer3Switch (config)# interface VLAN 5
Layer3Switch (config-if)# ip address 192.168.5.1 255.255.255.0
Layer3Switch (config-if)# no shutdown

Do this for every VLAN that you want to route, you don't need to configure sub interfaces on the router.
The layer 3 switch will do the routing for the VLANs without ever need to send anything to the router first.
But you need to activate the ip routing feature on the switch first, if it's not already activated using:

Layer3Switch (config)# ip routing

Very simple right?

Last things left is to configure the router for additional configuration, DHCP server for each subnet, connect to the cable internet, and other details on the next post.

Read more!

28 October 2008

Adding Switch to Cisco Home Lab - Part 3


Assigning Switch Ports to VLANs

After configuring VLANs on Cisco switch, now we need to assign the switch ports to VLANs.

We need to assign which ports should be in which VLAN, remember VLAN = broadcast domain = subnet.
So before making your own VLANs, consider the IP addressing scheme and which computer should be in which broadcast domain or network.

Next step is to configure the trunk port to connect to the router and access port to connect the switch ports to our clients' PCs or other network devices.

The trunk port is needed to carry all VLANs or selected VLANs (you can decide which VLANs are allowed to cross the trunk link) in one port and the native VLAN is assigned to "tag" untagged frames with the ID of the native VLAN.
You should also configure trunk if you want to connect a switch to another switch, you have to configure trunk port on both switches.

For the access port, one access port can only be a member for 1 VLAN, anything plug in to the access port will be assign with the configured VLAN ID.

You need to remember though, the devices attaced to the switch ports don't know anything about VLAN, it is only something the switch knows.
Before a frames are sent to the clients, the VLANs tags are stripped from the frames.

In this example I configure the FastEthernet port 0/1 to be the trunk port that connects to the router.

C2950> enable
C2950# configure terminal
C2950 (config)# interface fa0/1
C2950 (config-if)# switchport mode trunk

At this point you already configured the port FastEthernet or fa 0/1 to be trunk port.
There are two encapsulation method for trunking, the ISL which is proprietary method from Cisco - only for Cisco devices and the 802.1Q or dot1q for short which is the multi-vendor encapsulation method.

Since the 2950 switches only support dot1q method you don't need to define it again but if your switch support both methods then you need to configure it using switchport trunk encapsulation dot1q or you can replace the dot1q with isl if you want to use ISL.

Next is to define the native VLAN and if you want to, you can define which VLANs are allowed to cross that trunk port:

C2950 (config-if)# switchport trunk native vlan 5
C2950 (config-if)# switchport trunk allowed vlan add 5, 10, 20, 30

You can add or remove vlans on the trunk port, by default the trunk will carry all VLANs.

Finished with the trunk port configuration, now we assign ports to the VLANs we created. You can assign the ports one by one like this:

C2950 (config)# interface fa0/2
C2950 (config-if)# switchport mode access
C2950 (config-if)# switchport access vlan 10

Or you can define a range of interfaces at once, say I want to configure port 0/2 to 0/8 as the access port for VLAN 10, then I just have to do this:

C2950 (config)# interface range fa0/2 - 8
C2950 (config-if-range)# switchport mode access
C2950 (config-if-range)# switchport access vlan 10

Do the same thing with the VLAN 20 - the home network VLAN:

C2950 (config)# interface range fa0/9 - 16
C2950 (config-if-range)# switchport mode access
C2950 (config-if-range)# switchport access vlan 20

Very handy command right?

One trick I can give you, if you want to configure some ports that are not in sequential order, like you want to configure port 2 to 5 and 10 to 15 and port 24, you can do it like this:

C2950 (config)# interface range fa0/1 - 5, fa0/1 - 15, fa0/24

There, you successfully created access ports for VLAN 10 and 20. For the VLAN 30 or the VLAN used for wireless network, I need to safe it for another time since configuring wireless network with Cisco devices takes some tricks.

Now we're done with the Cisco switch configuration, next thing to do is configuring the router to accept VLANs and be DHCP server for all the networks.

Read more!

Adding Switch to Cisco Home Lab - Part 2


Configuring VLANs

I'll start the configuration of adding switch to my Cisco home lab by configuring the switch first. At the previous tutorial series, I posted about how to connect Cisco router to cable internet, and now here's how the network will look like again when added a switch to it:

The network will have 4 VLANs, with the VLAN 5 acting as the native VLAN.
By default, the native VLAN of Cisco switches is VLAN 1, you might want to change the native VLAN from VLAN 1 to other VLAN since there a security concern about this.

You can read a nice article about native VLAN security concern from cisco.

In 2950 switches, you have to type in these commands to create VLANs:

C2950> enable
C2950# configure terminal
C2950 (config)# vlan 5
C2950 (config-vlan)# name MANAGEMENT
C2950 (config-vlan)# vlan 10
C2950 (config-vlan)# name OFFICE
C2950 (config-vlan)# vlan 20
C2950 (config-vlan)# name HOME
C2950 (config-vlan)# vlan 30
C2950 (config-vlan)# name WIRELESS

You can verify that you successfully created the VLANs by issuing this command:

C2950# show vlan

Now to set the VLAN 5 as the native VLAN and assign it to be the native VLAN, we should do this:

C2950 (config)# interface VLAN 5
C2950 (config-if)# ip address 192.168.5.2 255.255.255.0
C2950 (config-if)# no shutdown

By issuing the no shutdown command, the VLAN 1 will be automatically shutdown and replaced by the VLAN 5.
Assigning an IP address to the VLAN other than VLAN 1 will make that VLAN as management VLAN so your switch can be accessible for configuration using telnet.
You can only alter the Native VLAN from VLAN 1 to other VLAN but you can't delete the VLAN 1.

Next thing you need to do is assigning those VLANs to the switch's ports.

Read more!

27 October 2008

Adding Switch to Cisco Home Lab - Part 1


So I was sitting and thinking about what to post next in my blog, and hey why not continuing on the last posts about setting up Cisco home lab.

The network topology might not be the best topology for CCNA home lab, but the configuration should be similar with any other topologies.

Let's take a look at the last network topology where I connected 2611 router to the cable internet:
I'm going to add a Cisco switch, 2950 Cisco switch that is. And I'll be adding some VLANs to it, I'll separate the PCs in my LAN into four different networks.

  • VLAN 5 as the native VLAN - 192.168.5.0 network
  • VLAN 10 for the office - 192.168.10.0 network
  • VLAN 20 for the home - 192.168.20.0 network
  • VLAN 30 for wireless - 192.168.30 network
In network diagram view, you can see it like this:
This is just a very simple network diagram, but most SOHO networks are typically look like this, maybe with some additional switches here and there.

You can see above the details of the network with exception of the wireless network, I'll leave the wireless network configuration for later posts but still provide a VLAN for wireless connectivity.

Same with the previous posts, I'll do the configuration on series and hopefully in the end I can make a full Cisco home lab scenario for Cisco certification exam.

Read more!

7 Reasons to Choose Cisco for Home or SOHO Network


After building my own Cisco home lab, I feel very satisfied with how they perform for my LAN.

So let me poison your mind, I'm going to show you why I think home network geeks - like my self - and SOHO network should consider to replace the network devices they have now with Cisco networking devices.

Actually Cisco has an article called Why Enterprise Choose Cisco, but frankly I don't quite understand what they're trying to say so I figured 7 reasons that I can think of why choose Cisco for Home or SOHO network.

1. Cisco Certification

The number one reason is of course to smooth your way in passing Cisco Certification exams. You can get away not having Cisco home lab for the CCNA exam, but above that, especially if you don't have a direct access to the real Cisco devices, at least you need to rent Cisco lab.

2. Wide Range of Products

Not just apply to Cisco, every vendor has wide range of products to offer, routers, switches, VPN concentrators, wireless, firewalls, you name it.
But wouldn't it be nice to have a room in your home or SOHO with that cool Cisco logo on all of the devices.
Imagine clients walking down your office and see the network rack or at least the picture of it, and shockingly say what the heck is that???
Oh, that's just our small data center you reply.
Surely make your business seems reliable enough or what??

3. Scalability

This is what I really like from Cisco, you can easily upgrade everything, well almost everything in the devices.
Say you bought a 2611 router, the chassis only, and later you found out you need WAN connectivity, DSL connection, additional switch ports, VPN, and even Voice card for VoIP, etc.
You can just buy the modules and slide in to your router, not all of them of course, but as much as the router permits.
The complete reference for the modules supported by 2600 routers can be found here.

You can buy and upgrade the IOS according to your needs. Routers such as linksys also can be upgraded (the firmware), many third party firmwares are also available, but the Cisco IOS can do much more functionalities no doubt.

Need more power for the Cisco routers, no problem, you can always upgrade the RAM, now this is hard to do on average home usage routers. You can easily slide in a bigger RAM in the router just like PCs.
My default amount of 2611 RAM provides me a great connectivity to the internet compared to my old router.
You know if you connect lots of clients to the internet, the router maintains a NAT table and if the RAM is not enough it should affect the connectivity.

4. Managabililty

Having Cisco devices in your LAN is like being a tyrant in your own kingdom. You can pretty much do anything in it at your wish.
Kick out a client, limit the connection to nearly bytes per second and let them come to you and beg for mercy.
No no that's not me.. I think. I don't know about you but controling network devices from the CLI is like having an unlimited power over the LAN.
You can configure anything right from nothing and seeing it connects successfuly, I'm telling you nothing beats the feel of it.

5. Reliability

No question about reliability for Cisco devices. In fact I just knew that Cisco Systems Sets Guinness World Record with the World's Highest Capacity Internet Router.

Now get this, with the show version command in the device you can view the uptime right? how long the router is up and running without shutting down or reloading.
A company has a record of about 10+ years, 10 years, man, you should see it here or search in google for "cisco 10 years uptime".

6. Enterprise Class Features

Depends on the router capabilities and the IOS image you have, you can have an enterprise class features in your LAN.
Advance firewall system, Intrusion Detection System, Multicast handling, VoIP, all of that you can have just by upgrading your Cisco routers later when your company got bigger.

7. Cost

No, I'm not talking about the cost of buying Cisco devices, the price for the new ones are insane for home usage and SOHO. But you can always buy the used ones from ebay or other used Cisco resellers.
What I want to say is the cost that you can save if you bought Cisco devices. Return of Investment what smarter people would say.

So the reasons are good enough for you? If you're working in a SOHO you might be able to persuade the finance department to upgrade the network devices you have now.

But you're just students or a techies want to get deeply intimate with Cisco, how could you ever afford them.
If you really really want it why not? Take a look at me, I'm currently just about a quarter of century old, living in a country where you wouldn't dream of having a real live Cisco home lab.
And no, my Dad is not a millionaire, I bought the Cisco lab purely from my own income, one by one at a time, you just need to know what to buy and where.

Good luck

Read more!

25 October 2008

SNMP (Simple Network Management Protocol) for Cisco


When you've set up your Cisco devices, you might also want to monitor them. It's very inconvenient if you have to look at the lights blinking on your Cisco devices or logging to the devices and type in show ip interface brief just to see if the interfaces is running correctly.

To make monitoring network devices easier, the great people in network industry invented SNMP or Simple Network Management Protocol).

SNMP gives you great flexibility, you can allow a group of people to just monitor the network devices in your LAN (read-only rights) and allow other group for monitoring and making changes to the network devices (read-write rights).



The image above shows one of many networking tools that implements SNMP, this one if from solarwinds.
You can view in graphical form of CPU/memory usage, bandwidth usage, etc.

Some terms that you need to be familiar with in configuring SNMP:

GET

Gets are used to collect information from network devices, it's in a read-only mode. You need to configure a community string in a Cisco device so a network tool can identify it. Apply read-only rights so the users having this community string can only view information on network devices.

To set it in a Cisco device is very easy, just go to the global configuration mode and type in:

router (config)# snmp community public ro

The above command configure the router to have a community string of "public" with read-only rights.
You can also apply an access list to that community string.

Now that you have that community string, set this community string to the network tool so it can monitor the network device.

SET

The sets can be used to make changes to a network device such as shutting down an interface, etc.
Configuring sets is similar to the GET configuration, you only need to change the read-only rights to be read-write rights.

router (config)# snmp community private read-write

Since this command allows users who know the community string to be able to configure the network device, you should always apply an access list to the read-write command.

TRAPS

If the GETs and SETs are initiated by the admin, the traps are initiated by the network device itself.
This is very useful, in case an emergency situation pops out like an interface is shutdown, fan failure, etc. the device can immediately send message to a preconfigured destination.

Do this to send traps to host 192.168.1.10 with community string "public":

router (config)# snmp host 192.168.1.10 public


Read more!

22 October 2008

Why Take CCNA Exam?


So you haven't decided yet to take the Cisco CCNA exam, no time to study, too much works got in the way, etc.
Well I found something that might raise your spirit again in taking the CCNA exam.

First, why bother taking the exam? According to indeed.com the percentage of job vacancies in need of CCNA certified people have been growing wild in the last few years.
They search from millions of jobs from thousands of job sites about the CCNA required jobs, you can see from the graphic of indeed.com below:

Cisco CCNA Job Trends graph

From the looks of that chart, 50 plus percent growth of jobs in need for CCNA, WOW blur, the demand for CCNA certified are definitely won't run out in the next following few years.

So we know that there are still lots of jobs need CCNA, what about the salary? from indeed.com again, they provide the following graph about the CCNA income in a year:
The above graph depicts that CCNA salaries in the US have average salaries of US $75,000 per year.

Of course this depends also on the experience of the CCNA holders, most ten years experienced network engineers with CCNA certification can get this kind of salary.

What about CCNA salaries world wide? As I know in my country definitely won't reach that kind of number, but network engineers with CCNA certification are claiming that they got raise in their salaries.

Some interesting surveys by TCPmag.com can be read here. They regularly conduct salary survey on their readers. The fact is outstanding, just read the article, I know you'll gonna love it.

So what's the moral of this story? Get Cisco certified, the higher the better, average CCIE salaries are reported about US$102,000 - $116,000.

Even if you're living in a country like mine where the average salary of professionals are about US$250 - US$500 per month, you can always get in a project abroad if you have great resume. With no intention of bragging or anything, at the last project I was involved in, I can get way far beyond the average salaries in my country.

So good luck with your certifications.

Read more!

21 October 2008

Configure Cisco Router to Work With Cable Internet - Part 4


Configuring NAT (Network Address Translation)

Continuing for the tutorial series of configuring Cisco router to work with cable internet, now we'll set the router to do NAT.

When connecting your router to the cable internet through cable modem, your router will receive a dynamic IP address from the ISP DHCP server according to the scenario.

While you only get one IP address from the ISP, you also need to connect more than one computer to the internet.
Plus the public IP address is different network with the private IP addresses in your LAN.

NAT can solve this problem, it stores the requesting private IP addresses in the address translation table of the router, translates every request from your LAN and forward it to the internet using the single public IP address.

Now NAT can be used in different scenario, but I'll save them for future posts, for now the NAT form that we'll use is many-to-one scenario of NAT.
Many private IP addresses translated to be one public IP address, some people call it overloading and/or Port Address Translation (PAT).

NAT Overload will assign a unique logical port number to every request from the LAN to the internet thus PAT.
For example, if you have a public IP address of 202.1.1.1, then for a request from the user of 192.168.1.20 in your LAN will be translated into 192.168.1.20:1720 for the incoming request to the router, and 202.1.1.1:1521.
This is how the router can identify which request goes to which device.

To configure it requires some steps, first lets see again how the network diagram looks like:

The image shows I only use one computer to connect to the internet, for now lets pretend I have a lot of computers in my LAN for internet connection.

You need to remember three basic steps for configuring NAT/PAT:
  1. Create access list to decide which private IP addresses are allowed to be translated by the router.
  2. Issue the NAT command to cooperate NAT with access list that we created and tell the router that we need to overload the requests if you use PAT.
  3. Identify which interface in the router that is connected to the LAN then issue ip nat inside command, and which interface is connected to the internet then issue ip nat outside command.
The steps are not necessarily be in that order, we can start with whichever step first. Here how you do those steps:

Create Access List

router> enable
router# configure terminal
router (config)# access-list 101 permit ip 192.168.1.0 0.0.0.255 any

Issue PAT command

router (config)# ip nat inside source list 101 interface Ethernet0/0 overload

Identify interfaces for ip nat inside and outside

router (config)# interface ethernet0/0
router (config-if)# ip nat outside
router (config-if)# interface ethernet0/1
router (config-if)# ip nat inside

That's it three easy to remember steps for configuring NAT/PAT, one last thing to do for connecting your router to the cable internet is configuring default route.

Configuring Default Route

I decided to include configuring default route into this post since I only have a simple network topology and we only need one line of command to configure the default route.
Here's how we do it, from the last command we jump back to the global configuration mode:

router (config-if)# exit
router (config)# ip route 0.0.0.0 0.0.0.0 ethernet0/0

What the above command does is to route all request that point to any ip address that the router doesn't know (0.0.0.0 0.0.0.0) to the ethernet0/0 interface.

If you have a static public IP address from the ISP then you can replace the ethernet0/0 with the IP address given by the ISP.

That concludes the tutorial series for connecting your router to the internet cable, thank you for following the series, and please give me feedback about my posts.

Please read also:
Configure Cisco Router to Work With Cable Internet - Part 1
Configure Cisco Router to Work With Cable Internet - Part 2
Configure Cisco Router to Work With Cable Internet - Part 3

Read more!

18 October 2008

Configure Cisco Router to Work With Cable Internet - Part 3


Setting Cisco Router as DHCP Server

This option really is optional if you want to set Cisco router to work with cable internet, but this is a good chance to add your skill in configuring Cisco devices.

From the previous post, you know how to configure your router's interface to accept IP address from DHCP server.
Now it's time to configure your router as DHCP server.

Once again you need to make sure your Router IOS image support the DHCP server feature if not then the command won't be available.

To set a DHCP server, you will configure a pool of network IP addresses that you want to give out to the clients (PC, printer, NAS, etc).
As shown on the image in the previous post, I want to give out the IP addresses from the network 192.168.1.0.

First thing you need to configure is to exclude the IP addresses that you dont want to give out.
For example, I've configured the router interface 0/1 to be 192.168.1.1, then I need to exclude 192.168.1.1 so the router won't give out this address.
You can configure the exclusion in the router's global configuration mode:

router> enable
router# configure terminal
router (config)# ip dhcp excluded-address 192.168.1.1

This command is very useful especially if you need to exclude a range of IP addresses, if you need to exclude say 192.168.1.1 until 192.168.1.10 you can do it like this:

router (config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10

After the ip dhcp excluded-address we give the low IP address and the high IP address, this way your router not give IP addresses from 192.168.1.1 to 192.168.1.10, the router will start giving out address from 192.168.1.11 and so on.

Next thing to do is creating a pool of addresses, when issuing the ip dhcp pool, you'll be taken to the dhcp configuration mode where you can set the additional parameters beside the ip address and subnet mask to the clients.
In this example I want to make a pool with the name of HOME_CLIENTS

router> enable
router# configure terminal
router (config)# ip dhcp pool HOME_CLIENTS
router (dhcp-config)# network 192.168.1.0 255.255.255.0
router (dhcp-config)# default-router 192.168.1.1
router (dhcp-config)# import all

At the third line above you can see the configuration command of a pool with the name HOME_CLIENTS.

Fourth line shows that the pool HOME_CLIENTS will give out the addresses in the network 192.168.1.0, with the exception of the addresses in the ip dhcp excluded-address 192.168.1.1 that I showed you previously.

Fifth line tells the clients should be given a default gateway address of 192.168.1.1 (the router's IP address).

The sixth line is the one important thing for configuring DHCP server in cable internet environment.
The import all command tells the router to give out other configuration received from the ISP cable internet DHCP server to the clients in the LAN.
For example, most ISP will give the DNS servers IP addresses from their DHCP server and this configuration might change depends on the ISP, so you definitely want to give this configuration out to the clients.

If you have your own DNS server in the LAN, you can tell the clients to use this DNS server using the following command:

router (dhcp-config)# dns-server 192.168.1.2 192.168.1.3

The above command will send out DNS server address of 192.168.1.2 and 192.168.1.3 to the clients.

You can also configure the router to use the above DNS server using the following command in the global configuration mode:

router (config)# ip name-server 192.168.1.2 192.168.1.3

You can get more information on Cisco IOS DHCP and DNS commands in the cisco site, please click here to go there.

Please read also:
Configure Cisco Router to Work With Cable Internet - Part 1
Configure Cisco Router to Work With Cable Internet - Part 2
Configure Cisco Router to Work With Cable Internet - Part 4

Read more!

17 October 2008

Configure Cisco Router to Work With Cable Internet - Part 2


Setting IP Address to Cisco Router's Interfaces

We need to first set the IP address of the router's interfaces to begin configuring Cisco router to work with cable internet.

If you configure the router for the first time, connect to it using the console cable.

WARNING!!!

Not every Cisco IOS image supports the commands below, make sure your router's IOS support the commands, please read here first. If your image doesn't support it, the commands wont work.
Or check the features of your IOS image here.

Make sure your Cisco IOS image supports DHCP features (client/server).

As I said in the last post, the interface ethernet 0/0 is connected to the cable modem and interface ethernet 0/1 connected to my PC like shown below:



Ethernet 0/0 is using configuration got from the ISP so we'll set it to receive IP address from ISP's DHCP server. Always remember to give no shutdown command on the interface:

router> enable
router# configure terminal
router (config) # interface ethernet 0/0
router (config-if)# ip address dhcp
router (config-if)# no shutdown

Now to set the Ethernet 0/1 port as the picture above, we can just jump right to the interface 0/1 configuration mode:

router (config-if)# interface ethernet 0/1
router (config-if)# ip address 192.168.1.1 255.255.255.0
router (config-if)# no shutdown

You have successfully configure IP addresses to your interfaces, you can check it using the following command:

router# show ip interface brief










InterfaceIP-AddressOK?MethodStatusProtocol
Ethernet0xxx.xxx.xxx.xxxYESDHCPupup
Ethernet1192.168.1.1YESNVRAMupup


The show ip interface brief is a very useful command, you would want to use it to check the status of your interfaces.

The interface column shows you all the interfaces you have, the IP-Address is of course shows the addresses of the respective interfaces.

The Method column shows whether the addresses given by a DHCP server or you configured it yourself (stored in NVRAM) or it can also shows TFTP - configuration from TFTP server.

When the status column is showing down then it indicates there is a problem with OSI Layer 2.
The protocol will show up if the interfaces are physically connected to other devices, if not they will show as down (a problem with the OSI Layer 1).
And there's also another state of the status column -administratively down - it means the interface is shutdown.
This is the most likely question you'd get in the CCNA exam.

You can read further about show ip interface brief command here.

When you finished this configuration, your router will be receiving IP address on interface 0/0 from DHCP server of the ISP, and the interface 0/1 will be ready to communicate with network 192.168.1.0

Please read also:
Configure Cisco Router to Work With Cable Internet - Part 1
Configure Cisco Router to Work With Cable Internet - Part 3
Configure Cisco Router to Work With Cable Internet - Part 4

Read more!

16 October 2008

Configure Cisco Router to Work With Cable Internet - Part 1


If you just bought your first used Cisco router, I bet one thing you want to immediately do is connecting the Cisco router to the cable internet.
I know I did, I have cable internet for my home network. Previously I used Linksys router to get my LAN connected to the internet.

Configuring Cisco router to connect to the cable internet is easy work, even if you know only the basic configuration stuff in Cisco.

I need to warn you that this configuration will be in series or else this configuration will be a very long post. And also this series will be a good chance to learn some aspects in configuring Cisco router.

All you need to do is to set the IP address of the interfaces, set the router as a DHCP server if you want it, configure NAT, and the last thing is routing. Very simple indeed.

I'm only going to show you to get your router up and running, I wont discuss about access list and other fancy stuff - that's for the next posts.
Also the devices involve in this tutorial is only the Cisco 2611 router, Motorola cable modem, and my PC. If you want to use other Cisco devices you might need to do more configuration.

In this Part 1, I'm going to review about the concept of this configuration, please look at the topology image below:

Configure IP Address of the Router's Interfaces

The router will get the ip configuration from DHCP server of the ISP, the Ethernet 0/0 port I use as the exit point to the internet.
The Ethernet 0/1 will be the port where my computer is connected. I'm going to set private IP address as the gateway for the computer.

Setting IP address of the interfaces is definitely a topic in the CCNA exam.

Configure the Router as DHCP Server

In this example I'm using the router as DHCP server, giving IP addresses to the computer along with other configuration such as subnet mask, gateway address, and the dns server ip address.

You won't be tested about setting router as DHCP Server in the CCNA exam, it will show up in the CCNP exam.

Configure NAT (Network Address Translation) in The Router

NAT is a powerful concept, you have one public IP address given by the ISP and also private IP addresses in your LAN.

What NAT will do is translate all your private IP address into the public IP address. If you're using overload - one public IP address used by many private IP address - the private IP address is converted into logical ports.

For example, if you got public IP address of 10.1.1.1, then the form of the translation might be like this 10.1.1.1:3000

NAT is also a topic in the CCNA exam and one of the thoughest that is.

Configure Routing

This example only shows the basic static routing, the router will send all request from the client (from port Ethernet 0/1) to the port Ethernet 0/0.

You surely want to learn about routing for the CCNA exam.

Please read also:
Configure Cisco Router to Work With Cable Internet - Part 2
Configure Cisco Router to Work With Cable Internet - Part 3

Configure Cisco Router to Work With Cable Internet - Part 4
Read more!

15 October 2008

Need Other Resources for Learning Cisco?


Ah, nothing like a long holiday for a tired mind, now back to blogging.

During my vacation I also took my chance browsing all over the internet, I'm surprise to see that in the internet, quite a lot of people claiming that Cisco.com didn't give them enough information about the devices in their home labs.

Sure Cisco did stop supporting some of the older devices, but they still keep the information about them including the configuration examples, etc. But maybe they did stop posting the information.

That's not what I want to post about now, just sharing my opinion. But I do want to post about some resources that provide you with the information about Cisco devices.

Two good resources are the Packet magazine and iQ magazine from Cisco, they're free to download. Too bad they stop issuing on new issues because they said they want to evolve their customer communications to a more interactive, web based model or something. Read here.

I really do prefer to read their magazines, although you can't get new issues now but you can still download them from Cisco.
Click here to browse on the older issues of Packet magazine and here for the iQ magazine back issues.

Sure they're maybe outdated reviews, for me, I can still learn a lot from them. For example I found this article about connected home from Packet magazine, making all devices in your home connected.


I actually took advantage of the article and start running my business by offering people this connected home network, turns out to be quite good.
There are many interesting articles like IPTV, VoIP, etc.

If you're aiming for cisco exams, joining in forums is important to get more information from people experienced with the exam.

Some forums that I recommend are from proprofs, sadikhov, and of course cisco. These are three of tons of cisco/networking forums out there.

The key is to find the forum best fit for you, some forums have different culture, some have very helpful people to help you while there are also grumpy people you might meet also.
Keep the list small, if you're like me, I often got confuse because I registered to many forums out there, quality not quantity.

Read more!

10 October 2008

Cisco IOS Naming Convention and Features


When you decided to buy Cisco devices for a home lab, it is very important to ask the reseller about the Cisco IOS image the devices are using.

This is something that most newbies are forgetting about when buying used Cisco devices for the first time.

This should be no problem if you buy Cisco kit/home lab package, since the reseller will optimize the requirements for you, including the IOS version.

Now what exactly is the differences in Cisco IOS package names and the features they have. To list every one of them here is a very tiring work since there might be hundreds if not thousands of IOS packages with different versions and features.

What I can tell you is that the above image shows the naming convention of Cisco IOS images. You will oftenly see the above format used in the naming of IOS image.

HARDWARE

The first part is quite self explanatory, hardware is the hardware supported by the IOS.

FEATURE SET

This is where you can find out the features supported by the IOS. This is the new naming convention of Cisco IOS, some older version still use letters to describe the features. The "Legacy naming convention" can be quite confusing, so it's good they decided to change the naming convention.

Cisco distributes IOS packages according their features, take a look at the following diagram:


The higher the features set, the more features it has. You can check the features of Cisco IOS image with the tool provided by Cisco.
Access the tool at cisco site, and you can search by features, IOS image name, platform, product code, and you can even compare features between images. Great tool you should try.

For the legacy naming convention, you can find it formated as yyyy, where the y can be replaced by the following letters:

  • b - For Apple talk support
  • c - For CommServer lite (CiscoPro)
  • g - For ISDN subset (SNMP, IP, Bridging, ISDN, PPP, IPX, and AppleTalk)
  • i - For IP sebset (SNMP, IP, Bridging, WAN, Remote Node, and Terminal Services)
  • n - For IPX support
  • q - For asynchronous support
  • t - For Telco return (12.0)
  • y - For reduced IP (SNMP, IP RIP/IGRP/EIGRP, Bridging, ISDN, and PPP)
  • (c1003 or c1004)
  • z - For managed modems
  • 40 - For 40 bit encryption
  • 50 - For 50 bit encryption


MEMORY LOCATION and COMPRESSION FORMAT

This section tells you from which memory location the IOS and what format of compression it uses. Check the following for the formats:

  • f - flash
  • m - RAM
  • r - ROM
  • l - the image will be relocated at run time


And these are the compression types:

  • z - zip compression
  • x - mzip compression
  • w - “STAC” compression


MAINTENANCE RELEASE and INDIVIDUAL RELEASE

These shows the release version number of the IOS image.

RELEASE

The last part shows whether the image is T Release (new feature release identifier), S (individual release), or XR (modular packages).

For further reference you can see the complete list here and here.

I've made a mistake when I first bought my router, I didn't ask about the IOS version of the router so I ended up with a very basic IOS version not having even DHCP server feature.
You don't want to make same mistake, so get familiar with Cisco IOS naming convention.

If you already bought it, check the features supported by the image with the Cisco tool I told you above.

You need also consider the amount of DRAM of the device. The higher the version and features of an IOS, the more DRAM you need.

Read more!

Password Recovery Procedure for Cisco 2600 and 2800 Series Routers


If you buy used Cisco device for your Cisco home lab, your used router/switch configuration most likely already erased to default configuration by the reseller. But what if you got a router/switch with password in it, or you forgot the password you gave to the device.


Cisco devices have a password recovery procedure that you can use to overcome this problem, some devices might have different procedure for password recovery.

The steps that I'm showing here is for Cisco 2600 and 2800 series routers, but most routers have the common steps to follow.
Some Cisco switches series have a button on the chassis that you must press for password recovery.


WARNING!!!

The password recovery procedure will wipe out all configuration in the router/switch, it is always a good idea to backup your configuration regularly and use the backup to reconfigure the router/switch after password recovery procedure.

To recover the password first you need to enter the ROMmon mode, for 2600 and 2800 series routers you need to change the configuration register from 0x2102 to 0x2142, then reset the router.

rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect

rommon 2 > reset

Changing the configuration register from 0x2102 to 0x2142 tells the router to ignore the configuration in the NVRAM - where you place the password for the router.

This is why you must backup the configuration file to TFTP server regularly, so you can recover the configuration file if something like this happen in the future.

Your router will reload after the "reset" command in the ROMmon mode with no configuration, so it will ask again whether you want to enter the initial configuration prompt again, just answer no to this:

Would you like to enter the initial configuration dialog? [yes/no]: no

At this point you can enter the router without providing the password, if you check with show version command you will get that the configuration register has changed:

router# show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 15:15 by ccai
Image text-base: 0x80008088, data-base: 0x80865F64

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by reload
System image file is "flash:c2600-i-mz.121-2.T.bin"

cisco 2611 (MPC860) processor (revision 0x202) with 20480K/4096K bytes of memory.
Processor board ID JAB0317052N (1135645455)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Next thing is to fill in your new password or erase the password requirement from the router configuration mode. Use enable password or enable secret, saver to use enable secret.

router# configure terminal
router (config)# enable secret Cisco

Don't forget to paste your backup configuration file to the terminal and save the running configuration:

router# write memory

or

router# copy running-config startup-config

Last thing to do and the most important part is to change back the configuration register to 0x2102, or else everytime your router reloads it will ignore the configuration file.

router (config)# config-register 0x2142

You can check with show version command that your configuration register value will change to 0x2102 after reloading the router.


router# show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 15:15 by ccai
Image text-base: 0x80008088, data-base: 0x80865F64

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by reload
System image file is "flash:c2600-i-mz.121-2.T.bin"

cisco 2611 (MPC860) processor (revision 0x202) with 20480K/4096K bytes of memory.
Processor board ID JAB0317052N (1135645455)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configured from console Configuration register is 0x2142 (will be 0x2102 at next reload)

Reload the router using reload command:

router# reload

I don't think they will test you to recover password in CCNA exam, but they will ask you about the configuration register value you must change for password recovery procedure, just remember the values.

Read more!

08 October 2008

Fastest Way to Recover or Upgrade Cisco IOS using tftpdnld


There are many articles about how to recover or upgrade your Cisco IOS, but personally I find that using tftpdnld is the fastest and easiest way to do this.

tftpdnld is a command that you can use in the ROMmon mode of Cisco devices.

Using tftpdnld you can download files directly to the Cisco routers or switches from ROMmon mode using the console cable (serial connection).

In order to use the tftpdnld command you need a TFTP server running in your computer, any TFTP server will do.
In this example I recover my Cisco IOS image for my 2611 router, but this tutorial also good for 2800 and 3800 series routers.

I need to tell you that you can use tftpdnld to download image file from TFTP server to the router but not from the router to TFTP server.

Also this command requires you to use the first LAN port in the router - in 2611 is ethernet 0/0 port like shown below.


But in 2621 router you can also use the Token Ring or Fast Ethernet port.


WARNING!!!
Use this tutorial only if you understand the effect of the commands provided and you aware the effect of the procedures shown to a production or running network!



First thing you need to do to recover or upgrade Cisco IOS is prepare your IOS image file in the TFTP server folder.

Next is to get in to the ROMmon mode of the router.

In the ROMmon prompt, you need to set up some configuration for router to TFTP server connection. In this example I use the following configuration:


Issue the "set" command in the prompt, it shows the current configuration you've made, next is to type in the following commands:

rommon 1 > set

rommon 2 > IP_ADDRESS=171.68.171.0
rommon 3 > IP_SUBNET_MASK=255.255.254.0
rommon 4 > DEFAULT_GATEWAY=171.68.170.3
rommon 5 > TFTP_SERVER=171.69.1.129
rommon 6 > TFTP_FILE=c2600-is-mz.121-2.T.bin

Make sure you got everything right and your TFTP server is connected to the first LAN Port of the router.

Before issuing the tftpdnld, Cisco docummentation tells that in 2600 and 1720 series router, the tftpdnld in ROMmon mode might report a bad checksum comparison when it loads Cisco IOS software images of Cisco IOS Software Release 12.0(2.2)T or later - it's a bug thing.

To overcome this problem you need to issue another command:

rommon 7 > TFTP_CHECKSUM=0

Next you're ready to isssue tftpdnld command, type in the command as shown below then it will show you some output, answer y to the question prompted to you.
The question shows you that the content of the flash memory will be erased and replaced by the downloaded image file.

rommon 8 > tftpdnld

IP_ADDRESS: 10.1.1.1
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 10.1.1.1
TFTP_SERVER: 10.1.1.2
TFTP_FILE: c2600-is-mz.121-2.T.bin

Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n: [n]: y

Receiving c2600-is-mz.121-2.T.bin from 10.1.1.2 !!!!!.!!!!!!!!!!!!!!!!!!!.!!
File reception completed.
Copying file c2600-is-mz.121-2.T.bin to flash.
Erasing flash at 0x607c0000
program flash location 0x60440000

rommon 9 >

At this point your new image will be in the flash memory if there is no problem with the connection from TFTP server to the router.

You can verify that your image exist in the flash using the following command:

rommon 9 > dir flash:
File size Checksum File name
4603828 bytes (0x463fb4) 0x9719 c2600-i-mz.121-2.T.bin
rommon 10 >

Last thing to do is to set the boot command to tell the router that you want it to boot using the image file you just downloaded:

rommon 10 > boot flash:c2600-i-mz.121-2.T.bin
program load complete, entry point: 0x80008000, size: 0x51c0dc
Self decompressing the image : #################################################
##################################
...

That's it you just successfully recover your Cisco IOS image, check the new image using the show version from the router prompt:

Router2611>sh version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 15:15 by ccai
Image text-base: 0x80008088, data-base: 0x80865F64

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router2611 uptime is 1 minute
System returned to ROM by reload
System image file is "flash:c2600-i-mz.121-2.T.bin"

cisco 2611 (MPC860) processor (revision 0x202) with 22528K/2048K bytes of memory.
Processor board ID JAB0317052N (1135645455)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102


Read more!

TFTP Server for Newbies


TFTP or Trivial File Transfer Protocol can be a very useful network management tool. Although it's a simplified version of FTP, but because of that simplicity it wins the heart of all network engineers.


You can use TFTP server for numerous purposes when relating it with network devices.
You can use it for uploading or downloading Cisco IOS or other network vendors' operating systems, backup configuration files, or even run firmwares or operating system over the network for IP Phones, network devices, etc. without storing them in the devices.

I think most if not all of the professionally managed networks are definitely using TFTP servers.

I quoted from wikipedia about the details and features of TFTP Servers:

  • It uses UDP port 69 as its transport protocol (unlike FTP which uses TCP port 21).
  • It cannot list directory contents.
  • It has no authentication or encryption mechanisms.
  • It is used to read files from, or write files to, a remote server.
  • It supports three different transfer modes, "netascii", "octet" and "mail", with the first two corresponding to the "ASCII" and "image" (binary) modes of the FTP protocol; the third is obsoleted by RFC1350.
  • The original protocol has a file size limit of 32 MB, although this was extended when RFC 2347 introduced option negotiation, which was used in RFC 2348 to introduce block-size negotiation in 1998 (allowing a maximum of 4 GB and potentially higher throughput). If the server and client support block number wraparound, file size is essentially unlimited.
  • Since TFTP utilizes UDP, it has to supply its own transport and session support. Each file transferred via TFTP constitutes an independent exchange. That transfer is performed in lock-step, with only one packet (either a block of data, or an 'acknowledgement') ever in flight on the network at any time. Due to this lack of windowing, TFTP provides low throughput over high latency links.
  • Due to the lack of security, it is dangerous over the open Internet. Thus, TFTP is generally only used on private, local networks.


You can find many free TFTP servers in the internet, most popular ones are:

WinAgents TFTP Server
TFTPD32
SolarWinds TFTP Server
Kiwi CatTools - Network tools collection including TFTP Server

Personally I use the SolarWinds TFTP Server, don't get me wrong, every TFTP server you can find is easy to install and configure. I just use the one from SolarWinds because I have been using it from a very long time ago.

Up there in the post is the image of SolarWinds TFTP server when I used it to upload IOS image for recovery.

To use a TFTP server is fairly easy, just make sure your router can reach the computer you use for TFTP server, run the TFTP service in your computer, provide a space for placing your files to upload or download, and run the copy command from the router.

Read more!

07 October 2008

Router Stuck in ROMMON Mode


One time in a project, I worked on Cisco Catalyst 6500 series, it's one of the biggest switches you can find in the market, not to mention very expensive too.

The thing is it was using CatOS instead of IOS, the client only want to use IOS. CatOS is another flavor of Cisco Operating System which uses a set based commands. Meaning when you want to configure something the command usually use "set" as the first command.

So I upgraded the image to IOS, I had to change several switches since they were using quite a lot of those switches.

Then the problem came, one of the switches stuck in the ROMMON mode. It's not showing the normal switch > prompt but only the rommon 1 > prompt.

This is not a serious problem, I only forgot to change back the configuration register value.

You might have experienced this before, or in case you find this problem in the future, lucky you got in this post.

When a router/switch stuck in ROMMON mode, the first thing you need to check is the configuration register value.

The normal operation configuration register value is 0x2102, you can verify the value using the confreg command in the ROMMON prompt, or using show version in the normal prompt.

Here is the output you get if you have no problem with the configuration register:

rommon 1 > confreg


Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600

do you wish to change the configuration? y/n [n]:

And this is the output if you have the wrong configuration register:

rommon 2 > confreg

Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: the ROM Monitor

do you wish to change the configuration? y/n [n]:

With the confreg command, you'll also prompted if you want to change the configuration register value. Type y if you want to change it or type n or press enter if you want to leave it.

If you type y, you'd be taken to a series of questions, just answer no to all but the change the boot characteristics, set the value on the next prompt to 2.


rommon 2 > confreg

Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: the ROM Monitor

do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]:
enable "use net in IP bcast address"? y/n [n]:
disable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]:
change console baud rate? y/n [n]:
change the boot characteristics? y/n [n]: y
enter to boot:
0 = ROM Monitor
1 = the boot helper image
2-15 = boot system
[0]: 2

Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600

do you wish to change the configuration? y/n [n]: n
You must reset or power cycle for new config to take effect

Reset the device using the following command:

rommon 3 > reset

With the above steps, your Cisco device should be running normal again but if it's not, that means the device might unable to find the valid IOS image. This can happen because of mistype or even corrupted image file.

Verify first that you have a valid IOS image using:

rommon 3 > dir flash:
File size Checksum File name
3114612 bytes (0x2f8674) 0x7612 c2600-i-mz.113-9.T

There you can see I have an IOS image c2600-i-mz.113-9.T, then set the device to boot from the image using boot flash: command followed by the name of the IOS image.

rommon 2 > boot flash:c2600-i-mz.122-10b.bin
program load complete, entry point: 0x80008000, size: 0x51c0dc
Self decompressing the image : #################################################
##################################

It will decompress the image and start loading the device normally.

Related to the CCNA exam, the most common question for configuration register is the default value of the confreg which is 0x2102 and the value needed to disregard the content of the NVRAM (for password recovery) which is 0x2142

Read more!

05 October 2008

ROMMON in Cisco


If you have worked with Cisco devices for some time, you must have heard about ROMMON or ROM Monitor.

ROMMON or also known as bootstrap program is you can say a mini operating system in the Cisco devices that helps to initialize the processor hardware and boot the operating system software (Cisco IOS).

Since it's only a mini OS that has a very limited set of commands you can't do any configuration such as configuring routing, ip addressing, etc from ROMMON.

But the power of the ROMMON is that you can do very useful things such as password recovery procedure when you forgot your password to the devices, downloading softwares through serial connection, and upgrading your Cisco IOS.

Now why did I put an image of console cable up there? It's because you can only access the ROMMON using the console connection i.e. through terminal monitor.

You can access the ROMMON mode by changing the configuration register of the device using the break button on your keyboard.
Or if you're using laptops, you usually have limited set of keys in the keyboard right? So you have to use the Ctrl + Function Button + Break Button.

As quoted from the Cisco docummentation:

Break (system interrupt) is always enabled for 60 seconds after the router reboots, regardless of whether it is configured on or off in the configuration register. During this 60-second window, you can break to the ROM monitor prompt by pressing the Break key.



After issuing the break command, you'll be taken to the following screen (might different on all devices):

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 24576 Kbytes of main memory

program load complete, entry point: 0x80008000, size: 0x2f8558
Self decompressing the image : ##############################PC = 0xfff0a530, Vector = 0x500, SP = 0x817ff8b0

monitor: command "boot" aborted due to user interrupt
rommon 1 >

As I said before, you can't do anything much from the ROMMON mode, let's see what commands are available using the ? command:

rommon 1 > ?
alias set and display aliases command
boot boot up an external process
break set/show/clear the breakpoint
confreg configuration register utility
cont continue executing a downloaded image
context display the context of a loaded image
cookie display contents of cookie PROM in hex
dev list the device table
dir list files in file system
dis display instruction stream
dnld serial download a program module
frame print out a selected stack frame
help monitor builtin command help
history monitor command history
meminfo main memory information
repeat repeat a monitor command
reset system reset
set display the monitor variables
stack produce a stack trace
sync write monitor environment to NVRAM
sysret print out info from last system return
tftpdnld tftp image download
unalias unset an alias
unset unset a monitor variable
xmodem x/ymodem image download

If you want to go back to the router/switch mode just use the following command:

rommon 1 > reset


Read more!