The Journey of My Cisco Career Certification, Part 1 (CCNA R&S)

CCNA must sounds very familiar for those who work in IT networking field. But, whoever wants to start their Cisco Career Certification may possibly encounter some problems in determing what things should be learned or what IT Networking knowledge should be prepared in order to success in their CCNA certification exam. That’s why; I wrote my CCNA R&S (Routing and Switching) journey in order to share my experience and materials that I used during my CCNA certification journey.

Before we talk more about the tips and tricks in learning CCNA, first, I want to make some disclaimer. In this article, we don’t talk about the questions which is in CCNA exam because it violates the Cisco non-disclosure agreement policy. So, what do I want to share with you is the guide for studying CCNA certification exam.

Just for information, you must pass one of these two kinds of exam in order to get CCNA certification. The first CCNA certification exam path is you must pass Interconnecting Cisco Network Devices, Part 1 (640-822) exam and Interconnecting Cisco Network Devices, Part 2 (640-816) exam. Another CCNA certification exam path is you just only need to pass CCNA Composite (640-802) exam. The CCNA composite exam is the combination of ICND1 and ICND2 exam. You can find out more detail information about the CCNA exam syllabus on this provided link.

There are two studying paths that I want to share with you. The first, I would like to say that this is the ordinary path. In ordinary path, you will approximately spend about 5 months for preparing your CCNA exam. It’s really long but it offers several advantages such as develop the depth understanding in CCNA materials and empower both your knowledge and your skills with Cisco network devices such as router and switch.  I recommend for those who come from non-IT background to choose this ordinary path. Let’s me summarize the materials that you need to learn in the ordinary path:

A. Your study materials:

- CCNA Exploration including all four semesters. For those who join Cisco Networking Academy may not find some difficulties in accessing this material if they enrolled in CCNA program. But, if you are not CNA student, I will recommend you to buy this two books:

1. Interconnecting Cisco Network Devices, Part 1 (ICND1) by Steve McQuerry (Cisco Press)

2. Interconnecting Cisco Network Devices, Part 2 (ICND2) by Steve McQuerry (Cisco Press)

These two books are very comprehensive study material and offer you some essential information that you need to know in order to pass your CCNA exam. I, myself, am a Cisco Networking Academy alumni. From what I have experienced during my 5-months of CCNA preparation, I find out that this ordinary path gives much time for me to explore and learn CCNA materials from CCNA exploration as well as from other resources.

B. What you need for your CCNA lab preparation:

Packet Tracer, of course this is enough for those who has a financial limitation in building the Cisco lab. I would recommend you to use Packet Tracer 5.1 or later because it supports the features that you need to learn. But, the more important thing that we must not forget is that disadvantage and advantage in using Packet Tracer. In my opinion, packet Tracer is a simulation so it does not really offer the same experience when comparing with the real Cisco network devices. Besides, I also find out some bugs when using the packet tracer for example, super highly redundant link in switch may eventually crash the program. If you decide to create your own lab, I will share you this tutorial that I find out in networkworld.com. It’s is very comprehensive and detail. Thanks to Wendell Odom who gives the detail explanation about what kinds of Cisco router and switch you should buy for your CCNA lab.

If you are not CNA student, you will possibly find the difficulty in determining which the best materials for practicing CCNA lab topology are. Although there are many tutorials about CCNA lab topology available on internet, but information overload will bring us more confused and difficulty in absorbing those CCNA lessons. Moreover, you will not have the legal access to download the Cisco Packet Tracer software which is free and available for CNA student. If you are a lucky savvy search engine guy, you will possibly find them sharing on the internet. Anyway, I have another solution for you who want to practice CCNA lab from non-CNA products. It is  CCNA 640-802 Network Simulator by Wendell Odom. This is one of the cheapest and best cisco network simulator that you can buy it below 100 bucks on amazon.

The second path is the quick path. Really this is the quick path that you must make sure that you have some basic of ICND1 especially understanding in IP Subnetting. I’m guess approximately 1 month in preparing your CCNA exam.

A. Your study materials:

1. CCNA Exam Prep (Exam 640-802) (2nd Edition) by Jeremy Cioara. Reading this book is very existing and relax, because Jeremy Cioara can bring up the CCNA lesson in an enjoyable way and less of IT jargon. This is really help us to comprehending CCNA topics. Moreover, you can also find out Jeremy’s CCNA training videos at CBTNuggets.com.

2. CCNA Quick Reference Sheets by Eric Rivard

This is one of my hot stuff. I still remember, I read this book at H-4 before my CCNA exam, and I find out that this book review all the exam topics. Oh Gosh, it saves my times from reviewing all those CCNA exploration or two heavy book  ICND1 and ICND2. So, it’s really quick reference sheet.

B. What you need for your CCNA lab preparation:

For your lab material, because you’re only have one month preparation, so what I can suggest you is CCNA 640-802 Network Simulator by Wendell Odom. In my opinion, it’s hard for you to have more time for lab. Therefore, I suggest the quick path is really for those who have a basic experience in IT Networking field and  ICND1 level knowledge.

I hope you enjoy some tips and tricks from me and the best thing that you must remember that CCNA exam is not accurately proved the capacity of test taker in my humble opinion. Because, your real skills will be tested in a real IT competitive world, so don’t cheat yourself (totally relied yourself on dump sites), or some day you will regret.

Configuring Role-Based Access CLI on Cisco Router

Hello, it’s pleasure to meet you again in my short tutorial. Today we will discuss about how to configure role-based access CLI views into our Cisco router. By using role-based command-line interface views, we can provide different sets of configuration information to different administrator. So, we can control exactly what commands an administrator can access in a router.

In this tutorial, we will use CMD Enterprise Network topology as our scenario. In CMD Enterprise, there are one Cisco router, one switch, one syslog server and three different types of administrator, which are Operator, Security Administrator and Network Administrator. Each administrator can only perform the commands which are related to their job. For the information, the operator has ability to:

• Ping and traceroute.
• Use all types of copy command.
• Use some show commands which are not related to security feature.
• Configure the router’s banner, the host name, the interface’s IP address, and the routing protocol.
• Configure Syslog logging solution. This configuration cannot be performed by security administrator.

Another administrator, the security administrator, has the rights to perform the all security related commands in router plus some exec commands such as ping, show and copy commands. The security administrator can configure SSH connection which cannot be configured by the operator. The network administrator is the supervisor for both operator and security administrator. Therefore, he can perform the commands both in operator and security administrator.

Picture 1. CMD Enterprise Network Topology

Moreover, we also has syslog server which can be used for monitoring the network condition. The syslog server’s IP address is 192.168.10.21/24, the IP address of interface fast ethernet 0/0 in CMD router is 192.168.20.1/24 and for interface fast ethernet 0/1 is 192.168.10.1/24.

I. Configure Role-Based Access CLI

The first step in configuring the role-based access CLI view is to enable the AAA function by issuing the following command:

Router_CMD(config)# aaa new-model

Router_CMD(config)# end

Before we enter the second step, let’s we firstly configure the username for super admin and the privilege mode’s password:

Router_CMD(config)# username SuperAdmin privilege 15 secret Cisco

Router_CMD(config)# enable secret Cisco2009

Then, we apply this username into both our console line and virtual terminal line:

Router_CMD(config)# aaa authentication login default local

Router_CMD(config)# line console 0

Router_CMD(config-line)# login authentication default

Router_CMD(config-line)# exit

Router_CMD(config)# line vty 0 4

Router_CMD(config-line)# login authentication default

Router_CMD(config-line)# exit

The second step is to enable the root view. The root view is represented by the set of commands available to an administrator who is in privilege level of 15. Issuing the following command in privilege mode:

Router_CMD# enable view

Password: (input the password which is used to access privilege mode)

If you do not configure the password for privilege mode, you can not access the root view. To verify our current view, issue the following command: “show privilege”.

The third step is to create and configure the view for different administrator. Issue the “parser view name” command to create a new view. Please remember that the view name is case sensitive. Before you can specify a command available to a particular view, the view’s password is firstly required to be set. For example:

A. Operator View

Router_CMD(config)# parser view operator_mode

Router_CMD(config-view)# secret operatorpswd

Router_CMD(config-view)# commands exec include ping

Router_CMD(config-view)# commands exec include traceroute

Router_CMD(config-view)# commands exec include all show

Router_CMD(config-view)# commands exec include all copy

Router_CMD(config-view)# commands exec include configure terminal

Router_CMD(config-view)# commands configure include banner

Router_CMD(config-view)# commands configure include hostname

Router_CMD(config-view)# commands configure include all interface

Router_CMD(config-view)# commands configure include all router

Router_CMD(config-view)# commands configure include-exclusive all logging

Router_CMD(config-view)#exit

The explanation for “commands” command is shown below:

Excerpt from Cisco.com

commands parser-mode {include | include-exclusive | exclude} [all] [interface interface-name | command] Example: Router(config-view)# commands exec include show version

Adds commands or interfaces to a view. •parser-mode—The mode in which the specified command exists. •include—Adds a command or an interface to the view and allows the same command or interface to be added to an additional view. •include-exclusive—Adds a command or an interface to the view and excludes the same command or interface from being added to all other views. •exclude—Excludes a command or an interface from the view; that is, customers cannot access a command or an interface. •all—A “wildcard” that allows every command in a specified configuration mode that begins with the same keyword or every subinterface for a specified interface to be part of the view. •interface interface-name— Interface that is added to the view. •command—Command that is added to the view.

When you have finished your configuration, please remember to issue the “exit” command in order to save your configuration in the running-config file. If you issue another command for example the CTRL+Z, the configuration commands on operator_mode view will not be saved.

B. Security Administrator View

Router_CMD(config)# parser view security_mode

Router_CMD(config-view)# secret secadminpswd

Router_CMD(config-view)# commands exec include ping

Router_CMD(config-view)# commands exec include all copy

Router_CMD(config-view)# commands exec include all show

Router_CMD(config-view)# commands exec include-exclusive all show crypto

Router_CMD(config-view)# commands exec include-exclusive all show key

Router_CMD(config-view)# commands exec include configure terminal

Router_CMD(config-view)# commands configure include-exclusive all crypto

Router_CMD(config-view)# commands configure include-exclusive all key

Router_CMD(config-view)# commands configure include all ip

Router_CMD(config-view)# commands configure include all line

Router_CMD(config-view)# exit

C. Network Administrator View

Because the network administrator has the ability to use all the commands both in operator and security administrator, the type of this administrator’s view is superview.

Router_CMD(config)# parser view network_mode superview

Router_CMD(config-view)# secret netadminpswd

Router_CMD(config-view)# view security_mode

Router_CMD(config-view)# view operator_mode

Router_CMD(config-view)# exit

Then, we assign each view to these three different administrators:

Router_CMD(config)# username Operator view operator_mode secret operatorpswd

Router_CMD(config)# username SecAdmin view security_mode secret secadminpswd

Router_CMD(config)# username NetAdmin view network_mode secret netadminpswd

Router_CMD(config)# aaa authorization console

/ To apply authorization to a console, use the aaa authorization console command in global configuration mode/

Router_CMD(config)# aaa authorization exec default local

/ To determine if the user is allowed to run an EXEC shell. /

II. Verify Role-Based Access CLI

Now, it is time to prove that we can control exactly what commands an administrator has access to. First, try to use the operator mode to configure router for syslog, and then use the security administrator mode to configure SSH connection.

A. Configure the Router for Syslog

I use kiwisyslog as my syslog server, and it’s free. In order to store log message from router (syslog client) to kiwi syslog (syslog server) please issue the following command:

1. Router_CMD(config)# logging 192.168.10.21

The logging syslog-server-address command points to the syslog server’s IP address.

2. Router_CMD(config)# logging trap notifications

The logging trap command sets up the trap level. There are eight levels of trap messages which are emergency, alert, critical, error, warning, notice, informational and debug. The debug is the highest level and provides all the trap messages from its level below.

3. Router_CMD(config)# logging source-interface FastEthernet0/1

The logging source-interface local-interface command identifies local interface that forwards logs to the server.

To verify the syslog configuration, issue the following command: show logging

B. Enabling Secure Shell on a Router

Secure Shell was designed to provide secure connection between our router and the management workstation. The usual method we used when configuring router from terminal emulation is by using Telnet program. But, telnet has some drawbacks, because it cannot provide encryption for the transferring information. So, it is easy to intercept. When you configure SSH on a Cisco Router, the router acts as an SSH server. Following are the steps required to configure a Cisco IOS router to act as an SSH server:

1. Configure a domain name on your router:

Router_CMD(config)# ip domain-name CMD.com

2. Generate the security key used by SSH

Router_CMD(config)# crypto key generate rsa general-keys modulus 512

3. Specify the SSH version, depends on what version do you want to use:

Router_CMD(config)# ip ssh version 2

The default value for authentication timeout is 120 secs, and you can change this value by issuing the following command: ip ssh timeout seconds from global configuration mode. You can also specify the number of SSH authentication retries before an interface is reset by issuing the following command: ip ssh authentication-retries number (Its default value is 3).

4. Apply ssh connections in our router using the transport input ssh command in line configuration mode, for all our vty lines. Please remember to prevent Telnet session using the no transport input telnet in line configuration mode in order to ensure that only ssh connection is allowed in this router.

I hope this tutorial informative for you, and thank you for reading.

How to configure Router-on-a-stick

How to Configure Router On A Stick at GNS3

Overview

Router-on-a-stick is a type of router configuration in which a single physical interface routes traffic between multiple VLANs on a network. In order to perform inter-vlan routing, the router must accept VLAN tagged traffic on the trunk interface coming from the adjacent switch and internally routing between the VLANs using the sub-interface.

Sub-interfaces are virtual interfaces that are created on a single physical interface. When a physical interface is divided into these virtual interfaces, the router still considers them to be directly connected interfaces with subnets assigned to them and can route in between them. So, in router-on-a-stick configuration, each VLAN is assigned to the different sub-interface at the router physical interface.

Topology

Router-on-a-stick

At router-on-a-stick diagram, you will find out that we have three virtual PC and two routers, the router “R0” is used to perform the inter-vlan routing and the router “SW0”is used as a switch. Because cisco catalyst switch can not be emulate in GNS3, so in this scenario, I used cisco c2600 router to provide the switch interfaces. By default, GNS3 does not provide the virtual PC so you must install it to your computer by yourself. My recommendation tutorials which will help you in configuring virtual PC at your computer are shown below:

1. VPCS Official Website

2. Adding Hosts/PCs to GNS3 – VPCS Configuration Guide

In our example we will have three vlans:

VLAN 100   : 192.168.10.0/24

VLAN 200   : 152.118.83.0/24

VLAN 99    : 172.32.10.0/29

Before you run the router-on-a-stick configuration, keep in your mind that the PC1 (ip address 192.168.10.15/24)  is at VLAN 100, the PC2 (ip address 152.118.83.15/24)  is at VLAN 200 and the PC3 (ip address 172.32.10.4/29)  is at VLAN99. In SW0, I set the IP address and default gateway for VLAN 99 for management purposes. In order to use the default gateway at SW0, we need to enter “no ip routing” command at global configuration mode at SW0.

The last thing that you must not forget is to add three vlans (vlan 99, vlan 100 and vlan 200) in both router R0 and SWO vlan database:

Example at SW0:

SW0#

SW0#vlan database

SW0(vlan)#vlan 99

VLAN 99 added:

Name: VLAN0099

SW0(vlan)#vlan 100

VLAN 100 added:

Name: VLAN0100

SW0(vlan)#vlan 200

VLAN 200 added:

Name: VLAN0200

SW0(vlan)#apply

APPLY completed.

SW0(vlan)#

After we have finished the configuration of vlan database between two routers, now we should be able to ping PC2 from PC1 or PC3 from PC1 and also VLAN 99 from PC1 to verify the connectivity.

I enclose herewith the link to Download the router-on-a-stick configuration. I hope you enjoy this tutorial and thank you for reading it.

Hermin

How to Install RTLinux on RedHat 9

Please click the link below to access the short tutorial for installing RTLinux on RedHat 9

how-to-install-real-time-linux-on-redhat-9

Short Tutorial for installing Comedi & Comedilib

Comedi (Control Measurement and Device Interface) is a collection of device driver for data acquisition board. The specification of my computer system is

a. RTLinux 3.2-rc-1 from www.rtlinux-gpl.org

b. Linux Kernel 2.4.21 from kernel.org

c. Redhat 9

d. Comedi from RTLinux 3.2-rc-1 in “drivers” folder

e. Comedilib 0.7.22 from www.comedi.org

Below are the steps of installing comedi and comedilib in RTLinux :

1. Step 1 (Preparation)

– Modify the file “fs.h” in /usr/src/rtlinux/drivers/comedi/include/linux/fs.h become

/* linux/fs.h compatibility header

*/

# ifndef __COMPAT_LINUX_FS_H_

# define __COMPAT_LINUX_FS_H_

# include <linux/version.h>

# define KILL_FASYNC(a,b,c) kill_fasync(&(a),(b),(c))

# include_next <linux/fs.h>

# endif- Please check your kernel version which has already been patched with rtlinux. Use command prompt “uname -r” in shell prompt

- Upgrade the “swig” for linux redhat 9. The swig version must above 1.3.x

2. Step 2 (Configuration and Install)

- Do configuration inside the comedi folder, by typing “./configure”. After that type “make config” . And fill the name of location of linux installation folder. Remember this linux folder must be patched by rtlinux. Then, fill the name of location of rtlinux folder.

- type “make” for compile

- type “make install”

- After the comedi has been successfully installed in the system. Type “make dev” for making device files

3. Step 3 (Test the Driver) – Install driver module by using command: (ni_pcimio is the driver which is suitable for my data acquisition board)

“/sbin/modprobe ni_pcimio “

- for checking the message from this action, type “dmesg” in shell prompt

4. Step 4 (Install Comedilib)

- “./configure” in comedilib folder

- make

- make install

5. Step 5 ( Modify /etc/modules.conf )

If we type the command “/sbin/modprobe -c | grep comedi”, we get no result ( something like ” alias char-major-98 comedi”). We must modify modules.conf file by adding

“alias char-major-98 comedi”

in that file.

6. Step 6 (Showing the board information)

- use command like this below to show the information about our board:

“cat /proc/comedi”

Reference :

1. http://he3.dartmouth.edu/pci-ioc/LinuxIOC_2.html

2. http://www.comedi.org/cgi-bin/viewvc.cgi/comedi/Documentation/comedi/