Warning

Warning: Keep out of reach of small children and smart-alec teenagers. Keep printed material away from open flames or excessive heat. Studying these documents may cause drowsiness. Do not read while driving heavy equipment or machinery. If nervousness, sleeplessness or irritability occur, discontinue use and seek professional help. Excessive and prolonged use may cause career burnout and has been known to cause cancer in laboratory rats. Isolated cases of schizophrenia exhibiting delusions of grandeur have been reported. Do not use if you are being treated for high blood pressure or have problems urinating due to excessive consumption of caffinated drinks.

Thursday, June 12, 2014

How to Configure a Cisco Frame Relay Switch - Part 1

Today I am going to explain how to create a Frame Relay switch using the most basic configuration possible. As I searched the Internet in search of instructions on how to setup a Frame Relay switch for use in my own lab, I was somewhat frustrated because the procedures I found were confusing in how they were written, mainly because they tried to implement too many concepts and principals at once. Their diagrams, if any, were also not all that great either.

So in this lab, I am going to create a single PVC between two routers using a single Frame Relay switch in between. Because I’m a visually oriented person, I also created this Visio drawing of the Frame Relay circuit. Here is a logical/physical diagram of how the routers are connected together:



DLCI 100 is the address for the link or connection between R1 and the Frame Relay switch’s serial 1/0 interface.  DLCI 200 is the address for the link or connection between R2 and the Frame Relay switch’s serial 1/1 interface.

Here is what my Frame Relay switch looks like:


Procedure:
The Physical Connections
  1. Connect the DTE end of a serial cable to router R1’s serial interface 0/0 and the DCE end of the cable to serial interface 1/0 of the router that I am using for my Frame Relay switch.
  2. Connect the DTE end of a serial cable to router R2’s serial interface 0/0 and the DCE end of the cable to serial interface 1/1 of the Frame Relay switch.
Configure the Frame Relay Switch
Leave R1 and R2 turned off for now. Just turn on the Frame Relay switch and configure it. The very first thing that you do on the switch is enable Frame Relay switching with the global mode command:
  • Frame-relay switching
Next, configure the switch’s serial interfaces with the following interface mode commands:
  • clock rate number
  • encapsulation frame-relay
  • frame-relay intf-type dce
  • frame-relay route incoming-DLCI interface exit-interface exit-DLCI
  • no shutdown
In this lab we are using the following default Frame Relay settings for Cisco routers:
  • Frame Relay encapsulation is “Cisco” and not “IETF”.
  • Inverse-ARP is being used.
Also, it doesn’t matter what the clock speed is. I picked 64kbps for grins and giggles. Show here are the commands as I entered them into the Frame Relay switch:

FR-SW(config)#frame-relay switching
FR-SW(config)#interface serial 1/0
FR-SW(config-if)#clock rate 64000
FR-SW(config-if)#encapsulation frame-relay
FR-SW(config-if)#frame-relay intf-type dce
FR-SW(config-if)#frame-relay route 100 interface serial 1/1 200
FR-SW(config-if)#no shutdown
FR-SW(config-if)#interface serial 1/1
FR-SW(config-if)#clock rate 64000
FR-SW(config-if)#encapsulation frame-relay
FR-SW(config-if)#frame-relay intf-type dce
FR-SW(config-if)#frame-relay route 200 interface serial 1/0 100
FR-SW(config-if)#no shutdown

What the Frame Relay route command on serial 1/0 is basically doing is this:
  • Assigning the DLCI of 100 to the link or connection connected to the serial 1/0 interface.
  • Assigning the DLCI of 200 to the link connected to the serial 1/1 interface.
  • Directing traffic coming in on serial 1/0 and sending it out serial 1/1.
Now let’s look at the status of the PVC that we just created:

FR-SW #show frame-relay pvc

PVC Statistics for interface Serial1/0 (Frame Relay DCE)

              Active     Inactive      Deleted       Static
  Local          0            0            0            0
  Switched       0            1            0            0
  Unused         0            0            0            0

DLCI = 100, DLCI USAGE = SWITCHED, PVC STATUS = INACTIVE, INTERFACE = Serial1/0

  input pkts 0             output pkts 0            in bytes 0
  out bytes 0              dropped pkts 0           in pkts dropped 0
  out pkts dropped 0       out bytes dropped 0
  in FECN pkts 0           in BECN pkts 0           out FECN pkts 0
  out BECN pkts 0          in DE pkts 0             out DE pkts 0
  out bcast pkts 0         out bcast bytes 0
  30 second input rate 0 bits/sec, 0 packets/sec
  30 second output rate 0 bits/sec, 0 packets/sec
  switched pkts 0
  Detailed packet drop counters:
  no out intf 0            out intf down 0          no out PVC 0
  in PVC down 0            out PVC down 0           pkt too big 0
  shaping Q full 0         pkt above DE 0           policing drop 0
  pvc create time 00:03:45, last time pvc status changed 00:03:45

PVC Statistics for interface Serial1/1 (Frame Relay DCE)

              Active     Inactive      Deleted       Static
  Local          0            0            0            0
  Switched       0            1            0            0
  Unused         0            0            0            0

DLCI = 200, DLCI USAGE = SWITCHED, PVC STATUS = INACTIVE, INTERFACE = Serial1/1

  input pkts 0             output pkts 0            in bytes 0
  out bytes 0              dropped pkts 0           in pkts dropped 0
  out pkts dropped 0       out bytes dropped 0
  in FECN pkts 0           in BECN pkts 0           out FECN pkts 0
  out BECN pkts 0          in DE pkts 0             out DE pkts 0
  out bcast pkts 0         out bcast bytes 0
  30 second input rate 0 bits/sec, 0 packets/sec
  30 second output rate 0 bits/sec, 0 packets/sec
  switched pkts 0
  Detailed packet drop counters:
  no out intf 0            out intf down 0          no out PVC 0
  in PVC down 0            out PVC down 0           pkt too big 0
  shaping Q full 0         pkt above DE 0           policing drop 0
  pvc create time 00:01:13, last time pvc status changed 00:01:13
FR-SW #show frame-relay route
Input Intf      Input Dlci      Output Intf     Output Dlci     Status
Serial1/0       100             Serial1/1       200             inactive
Serial1/1       200             Serial1/0       100             inactive
FR-SW#

Note the output of the “show frame-relay pvc” command for both serial interfaces:
  • DLCI USAGE = SWITCHED
  • PVC STATUS = INACTIVE

Configure R1 and R2.
Now power on R1 and R2. On the serial interfaces for R1 and R2, you enter the following interface mode commands:
  • ip address address subnet-mask
  • encapsulation frame-relay
  • no shutdown
R1(config)#interface serial 0/0/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#no shutdown

R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.1.2 255.255.255.252
R2(config-if)#encapsulation frame-relay
R2(config-if)#no shutdown

Verify Frame Relay Connectivity
On R2, enter the “show frame-relay pvc” command:

R2#show frame-relay pvc

PVC Statistics for interface Serial0/0 (Frame Relay DTE)

              Active     Inactive      Deleted       Static
  Local          1            0            0            0
  Switched       0            0            0            0
  Unused         0            0            0            0

DLCI = 200, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0

  input pkts 1             output pkts 0            in bytes 34
  out bytes 0              dropped pkts 0           in pkts dropped 0
  out pkts dropped 0       out bytes dropped 0
  in FECN pkts 0           in BECN pkts 0           out FECN pkts 0
  out BECN pkts 0          in DE pkts 0             out DE pkts 0
  out bcast pkts 0         out bcast bytes 0
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
  pvc create time 00:00:36, last time pvc status changed 00:00:26
R2#

Note the output of the “show frame-relay pvc” command as shown above. The DLCI usage is “LOCAL” instead of “SWITCHED” and the PVC status is “ACTIVE”. So, if you ever come across a situation in which the PVC is “INACTIVE”, you know that it means that one of the sides of the connection is not configured or turned on.

Now ping R1 from R2. The frame relay switch is working.

Friday, March 14, 2014

Installing the TFTP Server in OpenSuse 12.3


OBJECTIVE:

In this lab I would like to install a TFTP server in OpenSuse Linux, and then try to copy files from a Cisco router toe the server.

REQUIRED MATERIALS:

  • 1 x Cisco Router
  • 1 x Switch
  • 1 x PC with OpenSuse Linux 12.3 already installed
  • 2 x Ethernet cables to connect the equipment to the switch

PRE-REQUISITES:

A basic understanding of:
  • Ethernet networking
  • The Linux Operating System
  • Cisco Console and Command Line Interface

REFERENCES:

  • tftp(1) - Linux Man Page
  • tftp(8) - Linux Man Page

PROCEDURE:

This procedure consists of basically three parts:
  1. Installing the TFTP Server in OpenSuse
  2. Configuring the TFTP Server After Installing It
  3. Copying Files from a Cisco Device to the TFTP Server

Installing the TFTP Server in OpenSuse

Step 1.
To install a TFTP server in OpenSuse Linux, start the YaST Control Center. Click on “Software Management” in the right pane, as shown below.

Figure 1. YaST Control Center

Step 2.
Enter tftp in the search dialog box and click the “Search” button next to it.

Step 3.
The pane immediately to the right shows the results of the search. Mark the checkboxes next to “tftp” and “yast2-tftp-server” as shown in Figure 2. Click the “Accept” button on the bottom right of the window to start the installation process.

Figure 2. Yast Software Installation Dialog Box

Configuring the TFTP Server After Installing It

Step 1.
After the software has been installed, startup YaST again. Click on “Network Services” in the left pane. Click on “TFTP Server” in the right pane as shown in Figure 3.

Figure 3. Starting the TFTP Server Configuration Utility

Step 2.
This will cause the “TFTP Server Configuration” dialog window to pop up as shown in Figure 4 below. Click the “Enable” radio button.

Step 3.
The dialog box entitled “Boot Image Directory” is where the files that are uploaded to and downloaded from the TFTP server are stored. Accept the default or change it by clicking the “Browse” button.

Step 4.
Mark the checkbox next to “Open Port in Firewall”. Click “OK”.

Figure 4. TFTP Configuration Dialog Box

Step 5.
Open a file and directory management program such as Dolphin. Right click on the folder “/srv/tftpboot”, or, if you selected another folder for the Boot Image Directory, right click on that.
Shown in Figure 5 below are the default permission settings for the directory.

Figure 5. Default TFTP Permissions

Step 6.
For the TFTP server to work properly, we need to change the default settings to match those shown in the next screen shot shown below in Figure 6. Basically we need to:
  • Change “Others” from “Forbidden” to “Can View & Modify Content”.
  • Change group ownership from “tftp” to “users”.
Click “OK”.

Figure 6. Modified TFTP Permissions

Step 7.
Next we need to change the configuration file. Using your favorite text editor (l like to use KWrite), open “/etc/xinetd.d/tftp”. Look for the line that shows:
  • server_args = -u tftp -s /srv/tftpboot

Step 8.
In your text editor:
  • Delete “-u tftp
  • Add “-c
  • If you selected a different Boot Imaging Directory above, that should be displayed in the line instead of “/srv/tftpboot”.
NOTE: There MUST be a space between the switches “-s” and the “-c” and the path, otherwise, the TFTP server will not work.

In order for a file to be copied to that directory, a zero sized file must be created first in that directory. What the “-c” switch does is that it allows the TFTP server to automatically create the zero sized file before the actual copy process begins so that you don’t have to create the zero sized file manually before copying the actual file. The configuration should like the one shown below:
service tftp
{
    socket_type     = dgram
    protocol        = udp
    wait            = yes
    flags           = IPv6 IPv4
    user            = root
    server          = /usr/sbin/in.tftpd
    server_args     = -s –c /srv/tftpboot
#   per_source      = 11
#   cps             = 100 2
    disable         = no
}

Copying Files from a Cisco Device to the TFTP Server

Something that you need to know when copying files from a Cisco device to the TFTP server is that when you enter the URL of the TFTP server, you do NOT need to enter the full path to the storage folder because the Linux configuration file takes care of that for you. For example, to copy the “startup-config” file to the TFTP server with an IP address of 192.168.1.10, I would enter the command:
#copy startup-config tftp://192.168.1.10/startup-config
Notice that I did NOT enter the command:
#copy startup-config tftp://192.168.1.10/srv/tftpboot/startup-config

Troubleshooting

1.    Verify that the Cisco device and the TFTP server can ping one another.
2.    Verify that your firewall is not blocking TFTP traffic.
3.    Open the “TFTP Server Configuration” dialog box, and click on “View Log” (Figure 4) for clues as to why things are not working.

If you see a message that says :
Unknown option: ‘-‘
Or,
Too many -s directories

That means that you need to insert a space between the switches in the configuration file or that there is some other typographical error.

If you get a message that says:
Cannot set groups for user tftp

Then you need to remove the “-u” and “tftp” from the “server_args” line of the configuration file. Verify that the line looks exactly like the one shown above.


Additional Comments:

Some people may think that it is a security risk setting the permissions of the Boot Image Directory like I did. So did I. So I tried every possible combination of configurations and nothing else worked. So, I would suggest that immediately after doing your file copy to or from the TFTP server, you move the files from the Boot Image Directory to another directory with stricter permissions.

Thursday, March 13, 2014

Thoughts about the CCENT Test

Well, I passed the CCENT test on February 11th, 2014. It is the first of 5 that I need to take on my path to renew my CCNP.

I am REALLY upset at Cisco though. They claim that their test contains 50 questions. That statement is a BOLD FACED LIE pure and simple.

Why do I say that? I say that because some of their so called "single questions" contain an additional 3-4 questions, each with their own set of multiple choice answers. There were about two or three of these on the test. So, in reality, the test has around 60 questions, give or take a few. I was sailing along thinking I was doing real good with lots of time time left, until I ran into several of these, and so I had to rush through them, because I didn't know how many more there would be before the 90 minute timer expired. In doing so, I sure I made a few mistakes lowering my score significantly.

I knew that they had these types of scenarios that contained multiple questions, but I assumed that each individual question was considered part of the 50. Not so. The whole scenario counts as a single question.

Next test though, now that I know their little trick, I hope to do better, unless of course they have some other trick to pull on me.