RouterGod

RG — Tue, 22 Aug 2006 18:54:34 +0000

Breaking News: Cisco Press Launches Suite of Products for New CCNP Certification Exams
Denise Richards on the PIX Firewall
	Many of our readers are now pursuing the Cisco Security Specialist 1 certificate, and still others are simply wondering how to configure the mighty PIX Firewall. The PIX Firewall is without a doubt the way to secure enterprise networks. Used in conjunction with the IOS Firewall Feature Set (now known as Cisco Secure Integrated Software) running on a Cisco router, Ciscoâ€™s security solution is far superior to weak software applications that run on Unix or NT. RouterGod Online Magazine reporter John Riehl sought out beautiful Denise Richards to help us learn how to configure the PIX Firewall.read the full interview.

Paris Hilton on CCIE Storage Read the interview

Celebrity Interviews:

Jessica Simpson on Open-Source Routers

Courtney Love explains the basics of BGP

Jennifer Connolly on CCIE Lab Changes

Juliette Lewis Troubleshoots Frame Relay

Paris Hilton On CCIE /Storage

Gillian Anderson on LAN Switching Part 1

Nightmare on Tasman Street

Gillian Anderson on LAN Switching Part2

Gunney Sgt. Hartman at CCNA Boot Camp

The OSI Model

Paul Hogan Tells Us About HSRP!

Elizabeth Hurley On the Cisco 2600 Series

Drunken Dwarf Dissects DHCP!

Arnold on PIX Turbo Access Lists

Cisco Psychic Helpdesk

Robert Downey Jr On Ethernet

Fabio on IGRP

Trinity on IP-Helper addresses

Max Throughput CCIE

Denise Richards On the PIX Firewall

Inside The CCIE Lab

Gary Coleman on Priority Queuing

Agent Smith Explains Syslog!

Alicia Silverstone on ISDN

Charles Manson On Static Routes

Anna Nicole Smith on Cat 1900

The Iraqi Information Minister Tells All!

Mister Rogers on the RS 232

Tonya Harding on the 700 Series

Don King on IP Access Lists

7 of 9 on OSPF Part 1

7 of 9 on OSPF Part 2

Darva Conger on the Config Register

Jessica Simpson on Open-Source Routers

Mon, 21 Aug 2006 18:51:09 +0000

Field Reporter and open-source router junkie, Joel Krauska, interviewed Jessica Simpson about her recent divorce from ex-boy-band member and TV’s Newlyweds co-star, Nick Lachey, when the topic of open-source routers came up. Many Router God readers have asked about open-source routers, so we posted a portion of the interview here for their enjoyment and edification:

Jessica, getting excited thinking about using PCs as routers.

JK: So—you’re saying you’re free to date again?

JS: Well, I would start dating, because I’m free and all….but I’ve discovered open-source routers. They’re so hot!!! I’ve been spending all my new-found free time with them! I can hardly tear myself away! I really find I don’t have any time now for anything that’s not connected to open-source networking in general.

JK: Really? Wow. That’s interesting. Did I tell you I worked for a networking company myself? It’s called Vyatta. We do open-source routers.

JS: That’s amazing! I just started working with that software like a week ago! I just think it’s so cool that you can take normal PC hardware and turn it into a fabulous router. I mean, it’s just so great—like, I was upgrading the servers at, you know, my web site? And it’s like, suddenly I had a big pile of left-over hardware! Well, what am I supposed to do with that?? Suddenly they’re, like, all spilling out of my walk-in shoe closet, cause the space in my other closets was full.

JK: Wow. That sounds like a problem, all right. So what did you do?

JS: Well, originally, I was going to start learning, like, AJAX and Web 2.0, you know? But doing websites was just so dull. You know, I’m really a network girl at heart. So you can imagine how excited I got when I started thinking about using all that hardware as routers!

JK: Yes, I can see how exciting, that would be, all right. So, Jessica, why did you need a router?

JS: Well, with the divorce, you know, Nick gets all the furniture. Okay, I mean, that was the deal. But I didn’t know he was going to walk off with our Cisco 2610! I mean, who would expect that?? What a jerk. Especially since I’m the one with my CCNA. Nick was always a Juniper guy. I guess it just goes to show how you don’t know a person. Of course, I went ahead and got a T1 connection at my new place—I mean, it’s not like I’m helpless or something—but without my old Cisco, I’m sort of, well, stuck.

JK: Wow. Very upsetting.

JS: Yes, but then, I’m like, “Hey! I can just turn one of those servers in my closet into a router!” They’d go so much great with my new décor, anyway, since my old servers are all this beautiful sort of pinky-rose shade, and I picked up this amazing carpet on Rodeo Drive that will match them perfectly. Much better than that old blue box—and with open source, it will be so easy! That’s the great part.

JK: Pinky-rose, eh? Sounds very nice.

JS: Yes, AND they have my photo etched in them. Totally cool.

Jessica’s skirt is made entirely from commodity PC CPUs.

JK: And these are just normal PC servers?

JS: Yep, that’s it! With open source you can take normal commodity Intel or AMD servers and turn them into basic routers very easily.

JS: Even so, it took me a little while to get the hang of it. At first I was plugging in my T1 line and it wasn’t working at all. Like I just couldn’t connect to the WAN, you know? But it turns out that I was plugging it into an Ethernet port, can you believe how silly?? –It’s just like the whole Chicken of the Sea thing: it’s not really chicken, it’s tuna. And a T1 isn’t really Ethernet, it’s a T1. See. It’s like totally different? Once I got a T1 card, it was all okay. I mean, I couldn’t get a pink T1 card, and I was bummed about that at first. But then I realized that the T1 card goes inside, so you can’t see it anyway. But still—there’s so much choice in hardware, who knew you couldn’t get a pink T1 card?

JK: That is surprising, all right. But in the end, you managed to get it going?

JS: Oh yeah, of course. And it was way cheaper than replacing the Cisco that stinky old Nick took. And it handles my traffic really well.

JK: Is that so?

JS: Well, most of the time I’m just downloading videos of me — Have you seen my newest one? — but yeah, it works great!

JK: How about software? Is there lots of choice there?

JS: Oh, lots. I started out using NetBSD, because I liked the little red BSD Daemon guy—so cute!! But then I saw that little penguin in that adorable tux!! I was a goner. I do think that penguins are cuter than daemons, don’t you?

JK: Er…

JS: Plus, they don’t have horns, so it’s easier to put darling little hats on them.

JK: Er… what about routing protocols? Did you find the routing protocols you needed?

JS: Well, duh. I like playing with BGP, OSPF and RIP as much as the next person. There are lots of open-source routing protocol suites to choose from, silly. I started using Zebra — I just love all those stripes — but I found they weren’t keeping up with a newer suite called Quagga. Then a couple of the girls suggested that I try XORP.

JK: XORP? That’s what we use at Vyatta.

JS: You know, it took me a while to learn to pronounce “XORP.” But some nice man spent a lot of time helping me with it, and now it just feels natural. Was that how it was with you?

Jessica counts a CCNA among her many endowments.

JK: Er…

JS: Anyway, XORP and Quagga are just routing stacks running on top of UNIX, so I still get to use my UNIX skills. A lot. I’m glad about that. I feel that if I let my UNIX skills get stale I’d just be, well—letting myself go. Don’t you think?

JK: And how do you find these routing stacks?

JS: Oh, they’re very usable, and quite mature. Not at all like Nick, you know?

JK: I suppose so. But I’m curious, how deeply do you get into these software packages?

JS: Well, isn’t that the best thing about open source? If you don’t like something, you can just open up the source code and start hacking. You know, like hacking in the good sense, not like hacking in the bad sense.

JK: Have you been doing much—er—hacking?

JS: Well, you know, I’ve always hated the look of most “show ip bgp” commands. Don’t you? It’s just so—blah. I wanted to liven it up a little—you know, add a little color and spice. So, I made my BGP peers show red when they’re down. It’s so much more exciting now—like real-life drama! Plus, it goes great with my NOC décor. I have different color sets for each of my BGP peers, it’s very colorful.

JK: You sound busy. Do you ever get lonely with all your hacking?

JS: Oh no! For example, when I was hacking up BGP I spent a lot of time on Internet relay chat with the some protocol developers.

JK: Were they a big help?

JS: Were they ever! There was this nice guy who taught me how to say “XORP.” Also, after I made my BGP hack, they said they’d consider putting my change back into the main source tree. It’s like I’m part of the whole community!!

JK: That does sound good.

JS: Well, of course, not everyone can be a hacker like me. But still, when you can look right into the code, it’s like—it’s like—well like having the ultimate manual! I mean, I thought I had a handle on BGP after reading Courtney Love’s Router God article (Hi, Court!) But whoa. Looking directly into the XORP code it, like, blew me away! I mean, the BGP decision process: how complicated is THAT? But now I understand it so much better. And I think that’s the main thing, don’t you?

JK: It sounds like you really like having the source.

JS: Well, what about security? People are always trying to break in to my machines. I don’t know what they think they’ll find—maybe they think they’ll find sexy photos like Paris Hilton had on her cell phone.
I wouldn’t put those online, duh! But now I can see the root cause of a security hole immediately. I can even fix it myself. And you know, you want to fix those things right away. You don’t want, say, a buffer overflow. That could lead to the router version of a wardrobe malfunction. If you know what I mean.

JK: Sure fixing all sorts of bugs is much easier when you have the source.

JS: And another thing I like is that open source is that it stays available. Remember Pluris? Hey, Pluris sort of rhymes with Paris! I bet she never thought of that before. Anyway, Pluris had very cool software a few years ago, but they went out of business. Now their code is probably locked up in a vault somewhere, and we’ll never see it again. And, you know, well, after Nick, I—well, I guess I feel a bit vulnerable. I want to know that my source will always be available. I want to know that it will always be there for me. I just need that in my life right now.

JK: Those are great reasons. But I don’t think most network admins want to get to that level.

JS: Well, not everyone has my brains and computer skills. I mean, we’re all different, right? Installing a Linux router isn’t that hard—it’s a lot like being a UNIX sys admin, and everyone knows how easy that is. But still, it’s not everybody cup of tea. I think more people would go there if they knew there was an open-source router software distribution that looks and acts like a normal router.

Jessica ponders what colors she should use for her BGP peers.

JK: Well, of course. That’s what Vyatta does.

JS: Exactly! I’ve been using their stuff for a while now. I always remember their name, because it rhymes with “Miata”, such cute little cars. And “Vyatta” is less confusing to pronounce than “XORP”!

JK: So, you like Vyatta?

JS: Oh yes. It’s not just that they put together a full system. They also have support. I love the idea that when I’m struggling with a bad BGP config, I can just call and get help. I mean, I know Courtney would help me if she could, but she’s got problems of her own, right? It’s nice to know that you can just make a call.

JK: That’s right. You can get commercial support for open-source software and you can run it on any hardware you want. Even on pink servers.

JS: And maybe one day they’ll have pink T1 cards, too.

JK: So, um, did you say that you were thinking you would starting to date again? We could maybe.. hack router code together?? The source is open, and all.

JS: Well, maybe… a good hacker that knows networks and UNIX is hard to find.

JK: What’s your uptime?

JS: You show me yours first…

JK:
Welcome to Vyatta on vyatta-sanmateo-1
root@vyatta-sanmateo-1> show version
Revision: 0.7 (2505M)
Image built: Tue May 30 14:34:50 PDT 2006
System booted: Fri Jun 2 06:42:12 PDT 2006
Uptime: 14:28:39 up 75 days, 22:46, load average: 0.16, 0.03, 0.01
root@vyatta-sanmateo-1>

Courtney Love explains the basics of BGP

Thu, 18 May 2006 22:49:17 +0000

Routing protocols are like aging drug-addicted grunge rock stars. Just when you think theyâ€™ve come clean and are back on the straight and narrow, they start to show up at premiers and Oscar parties hanging out of clothes they stole from the homeless lady at the freeway offramp . . . or they accept a bad route and start blackholing traffic. So we sent RouterGod reporter Barrie Cook to ask Courtney Love to give us some insight into the vagaries (and vagrancies) of BGP:

Courtney Love wants the world to know she’s still hot stuff. Either that, or, she’s pointing to where she wants the next tab.

BC: Hello Courtney, thanks for taking the time out of your busy schedule to meet with me today.

CL: Zzzzzzzz…

BC: Courtney?

CL: Wha ..? Oh, hi. Was jus’ restin’ my eyes. Who’re you again?

BC: I’m here from RouterGod, to interview you about BGP.

CL: Oh yeah! BPG! OK, so here’s the thing. BPG, I mean BGP, lets your router talk to other routers outside your network.

BC: Outside? What do you mean?

CL: Well, you know, you have that AS thingy, um…Autonomous System, yeah! And maybe you want to have two ways to get out of it, you know? Like, in case one of them goes down, then you have another way to get out.

So you can’t just use a default route. And you can’t use RIP or EIGRP to learn routes outside it, you know? Cuz they’re just for inside your network. So you have to have an outside gateway protocol. I mean, exterior gateway protocol. Like BPG! Um, BGP.

BC: OK, so youâ€™re saying since I already have OSPF running inside my AS, and I need to be multihomed to two transit providers, then I need to use BGP?

CL: Uh, yeah. And hereâ€™s the kickerâ€”you have to have BGP running inside your AS, too, on top of OSPF. Thatâ€™s called interior BGPâ€”iBGP for short.

BC: Iâ€™m confused.

CL: Me too. All the drugs, you know? But donâ€™t worryâ€”youâ€™ll get used to it . . .Where was I?

BC: iBGP.

CL: Oh! Rightâ€”you have to have all those outside routes in iBGP so that when you need to get to one of â€˜em, you know which of your inside routers to use to get to it. Thatâ€™s called the next hop. Cuz, maybe you have two border routers (you know, on the border of your AS), and they are the ones that get all the outside routesâ€”thatâ€™s called eBGP, the â€œeâ€ is for â€œexternalâ€. But if youâ€™re on an access routerâ€”you know, way inside your AS, where your customers connect to youâ€”you can see from the iBGP table that your destination is outside the AS, and part of the BGP information for each route is the next hop address. That tells you which of the border routers is the one you need to send the traffic to. And to know how to get to the border router from the access router, you have to have a route to it in OSPF.

BC: So, I have iBGP running so that I know which border router to get to for each outside route. And, I still have to keep OSPF running so that I know how to get to the border routers.

CL: You got it! And, guess what? Your iBGP neighbors also have to be in a full mesh! Kinda like these stockings I got from the lady at the Melrose offramp—see the little black X’s they make on my knee when I bend it like this?

BC: Yes, they’re very . . . um, disturbing. But doesn’t a full iBGP mesh get to be too big if you have a lot of routers?

CL: Yeah, yeah—whatever. There are tons of other things in BGP you can do to get around that, like route reflectors and confederations. Anyway, you want a full mesh or confederations or whatever, cuz if you didn’t you would have to do something dumb like redistribute BGP into OSPF or something—and it’s like 180,000 routes now so most people don’t do that. So they turn off this stupid Cisco default called “synchronization” and just have a full iBGP mesh. Hey, do you have any painkillers in that backpack?

Courtney Love just hanging out at Vanity Fair.

BC: No, sorry. I’m fresh out. So, how does BGP work anyway? Is it a link-state protocol?

CL: Easy, chick, with the questions! You and all these big words are giving me a headache. You sure you don’t have any painkillers in there? Anyway, it’s more like a distance vector protocol. I mean, the number of hops in the AS path is the distance vector—the best routes have the shortest AS path.

Courtney shows what can happen when you don’t have a full mesh.

BC: OK, well, I know this is a stretch, but could you possibly tell me how to configure BGP?

CL: Sure thing, sister! I’m not as drug-addled as I look. I was in escalation at the WorldCom NOC back in the late 90’s, after Hole fell apart. Anyone could get a networking job in those days! So here’s what you do. First, enable BGP and turn off synchronization, and then start settin’ up those neighbors, baby! Don’t forget to set them up on all your inside routers too, so you have a mesh. Let’s pretend your AS number is 65535, and your routers’ loopback addresses are in the 10.1.1.0/24 network. Now just go into configure terminal mode–you know, “conf t”–and start typing BGP commands:


router bgp 65535
  no synchronization
  neighbor 10.1.1.2 remote-as 65535
  neighbor 10.1.1.2 update-source Loopback0

See, if you wanna use those loopbacks as your BGP neighbor addresses, you gotta make sure the updates come from the loopback. Then, on your border router, say your transit provider’s AS is 65001, and the far end of your link to them is 172.16.19.111:


router bgp 65535
  no synchronization
  neighbor 10.1.1.2 remote-as 65535
  neighbor 10.1.1.2 update-source Loopback0
  neighbor 172.16.19.111 remote-as 65001

Now, do a “show ip bgp summary” and make sure they’re up and getting routes (you can just skip down to the part where the neighbors show up):


Neighbor      V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down State/PfxRcd
10.1.1.2      4 65535 4775841  206453 20341277    0    0   2w2d             4
10.1.1.3      4 65535 6993647 6138407 20341277    0    0   2w6d            32
10.1.1.4      4 65535  208510 6416731 20341277    0    0  10w2d           198
172.16.19.111 4 65001  206914 6153319 20341277    0    0  18w0d        184475

That’s it! I know, I know, a lot of Cisco nerds will tell you that you’re not done—there are tons of other things you’re supposed put in your BGP config for Best Practices, like prefix-lists and dampening, blah blah blah. But at this point you’re a BGP speaker. What more do you want?

BC: Well, thanks Courtney. But I think I’d like to know what those Best Practices are.

CL: Oh, go ask some pencil-necked putz over at the IETF—I found a Percodan down here between the couch cushions. Hey! F@#$%@ cow! Give that back!

BC: Not until you tell me what I should put in my BGP config. Now that was a very rude gesture, but I’m still waiting.

CL: Just go look at Cisco’s SAFE guidelines, you stupid wench!

Courtney tells her lawyer she doesn’t want to do anymore RouterGod interviews.

BC: All right, here’s your precious Percodan. Thanks for the interview.

CL: Thanks for nothin’! You . . . uh . . . ahhhh . . . zzzzzzzzzzzzzzzzzz…

Paris Hilton on CCIE Storage

RG — Wed, 02 Feb 2005 07:00:15 +0000

On October 25, 2004 Cisco announced a new CCIE specialization in Storage Networking. This announcement shocked the networking world because nobody previously cared about storage networking. Few topics are as boring as storage networking, but if you can get a CCIE in it, it must be great! Most people remember when Cisco announced the CCIE DESIGN specialty only to later change their mind. Before you decide to dedicate your life to storage networking, it might be prudent to wait a few weeks and see if it’s for real. Since the CCIE/Storage seems like the answer to a question no one was asking, we decided to seek out a celebrity with the same attributes. We selected mega-skank Paris Hilton because, like the CCIE/Storage program, she’s here but nobody knows why. Ladies and Gentlemen, Paris Hilton!

Paris’s empty head at perfect 22.5° angle

Paris’s vacuous head assumes
a perfect 45° angle

Paris is able to dangle her
nonsensical noggin at an
astonishing 38° angle!

RouterGod Magazine
Welcome Miss Hilton, thank you for agreeing to explain the new CCIE/Storage program to us. First off, what is storage networking all about?

Paris Hilton
Storage networking is a patchwork quilt of protocols and technologies that do many things, including speeding up disaster recovery and improving perfomance.

RouterGod Magazine
Wow, you’re smarter than you look! A *lot* smarter! No kidding! Anyway, give us an example of these protocols you speak of.

Paris Hilton
Well, iSCSI, FCIP and FICON for example.

RouterGod Magazine
FICON? What on earth is that?

Paris Hilton
FICON stand for Fiber Connection, it’s a method of transferring full duplex data over fiber with distances up 20 kilometers. Storage Networks use it to move data between storage devices.

RouterGod Magazine
What’s on the written test?

Paris Hilton
You can expect the usual Router management stuff, then some Fibre Channel, there will also be some TCPIP followed by more Fibre Channel. Questions about storage networks and more Fibre Channel, there’s questions regarding management and oh, yeah more Fibre Channel..

RouterGod Magazine
What’s the lab like?

Paris Hilton
Ok, here’s the Blueprint You can see there’s plenty of switching and QoS as well as security.

RouterGod Magazine
Who would be a candidate for CCIE Storage?

Paris Hilton
The CCIE Storage has such a narrow appeal it’s really aimed at egomaniacs, you know, guys who are already quad CCIEs and are looking to go for five.

RouterGod Magazine
Well, let’s not be too sure, storage networking may turn out to be the next big thing, you never know, Cisco may know more about this industry than you do. Actually, by getting your CCIE in storage you might be getting in on the ground floor of something huge!

Paris Hilton
Perhaps, but where would you get training?

RouterGod Magazine
Cisco just announced this new specialty 5 days ago, it usually takes 10 days before the “Boot Camps” crop up!

Jennifer Connolly on CCIE Lab Changes

RG — Tue, 01 Feb 2005 07:00:59 +0000

Here at RouterGod Magazine we always try to keep our finger on the pulse of Cisco certification. Recently Cisco announced that they were removing VOIP from the Routing / Switching lab and putting it in the Voice lab effective Jaunary 1, 2005. We approached Hollywood babe Jennifer Connolly and asked her to speak with Cisco Program Director Sanjay Babaganoush about this change.

Jennifer
Cisco recently announced that effective January 1st, 2005 there would no longer be IP Telephony in the RS lab, why the change?

Sanjay
Oh my, yes, where to start? Oh, so many problems. We had many unexpected problems, so we, ahhh, make change.

Jennifer
Problems? Can you elaborate?

Sanjay
The test candidates were misusing the phones.

Jennifer
Misusing the phones? I don’t understand.

Sanjay
Oh, where to start, OK, the candidates would
often connect their phones to our IP phone system
at Cisco and use the phones to make unauthorized calls.

Jennifer
Very interesting, what type of calls?

Sanjay
At first they would do harmless things like order pizzas and call in to radio shows, then they would progress to other things like calling Cisco support and opening help desk tickets to assist with their labs and sometimes they would page the proctors and get them to leave the room so they could compare notes.

Jennifer
Very clever, when did you first notice this?

Sanjay
We discovered early on that the candidates would actually place calls to each other and we would see them whispering into the phones. We also discovered many calls placed to India which indicates they were seeking tech support. Some candidates would even operate long distance pre-paid phone card businesses right from the lab. We soon decided to remove the phones.

Jennifer
I see, how do you keep the same thing from happening in the Voice Lab?

Sanjay
We replaced the phones with older phones that go
through a live operator, this was the only way
we could stop the monkey business.

Agent Smith Explains Syslog

RG — Sun, 01 Jun 2003 07:00:24 +0000

Agent Smith
Explains Syslog

Agent Smith receives a message from Cisco CEO John Chambers…

Here at RouterGod Online Magazine we recognize that Cisco routers have evolved well past the point of being simple routing appliances. Cisco routers have recently been classified as life forms by the National Institute of Science. As Cisco Engineers, we’ve long known that our little forest green friends were sentient beings. Cisco is busy making revolutionary strides developing a new method of configuring routers that involves plugging a console cable into a special port in the back of an engineer’s head, and then the engineer can configure the router by interacting with a virtual character that represents the IOS. All CCIEs with numbers higher than 9918 have this special port in the back of their head. We sent RouterGod Technical Editor Jenny Vo to San Jose to have the port installed in her head and try out the new interface. She chose the popular Agent Smith interface (only available in T trains) and decided to test it out by configuring Syslog. Let’s Join Jenny as she interacts with Cisco’s new interface!

Have you ever stood and stared at it, Jenny? Marveled at its beauty. Its genius. Billions of people just living out their lives… oblivious

Logging Levels

level	verbose	explanation
0	emerg	system is unusable
1	alert	action must be taken immediately
2	crit	the system is in a critical condition
3	err	there is an error condition
4	warning	there is a warning condition
5	notice	a normal but significant condition
6	info	a purely informational message
7	debug	messages generated to debug the application

Agent Smith adjusts a Windows
2000 Server.

Nortel Routers are a disease, a cancer of this planet. They are a plague. And we are… the cure.

Jenny Vo

Oh wow! This is pretty neat! You must be Agent Smith, the avatar that Cisco’s IOS uses in upcoming releases.

Agent Smith

I’d like to share a revelation that I’ve had during my time here. It came to me when I tried to classify your species. I’ve realized that CCNAs are not actually mammals.

Jenny Vo

Tell me something I don’t know! Whatever, explain to me what SYSLOG is, after all that’s why I’m here.

Agent Smith

Very well, Jenny Vo. Syslog is simply a messaging utility. It’s off by default on Cisco routers. The router con be configured to send messages to a host on the network that is running syslog software, this software enables the host to capture and store the messages.

Jenny Vo

So the router sends messages to a syslog server, what protocol does it use to send these messages?

Agent Smith

These messages are sent using UDP, the destination port is 514

Jenny Vo

OK, great. How do you tell the router where the server is?

Agent Smith

You must type in a command at global config mode. Assume that the server is at 10.1.1.1

matrix(config)# logging host 10.1.1.1

Jenny Vo

OK, now that’s easy, what’s next?

Agent Smith

You must select a logging level. You must be careful here, it is easy to generate huge logs that will be difficult to examine later. You can choose from eight levels of messaging. For example level 7 will send debugging messages to the server. When you select level 7 logging you also get logging at all levels below 7, so that can be a lot of syslog messages to look at. Here is how you would log informational messages:

zion_mainframe(config)# logging trap 6

Jenny Vo

Okie dokie, so that’s it? Just 2 commands?

Agent Smith

Not quite Jenny Vo, you must turn on logging with this command:

taketheredpill(config)# logging on

Jenny Vo

Now I see, there’s a minimum of 3 commands: logging trap, logging host and logging on! What else is there to know about logging?

Agent Smith

Where to start? Well, logging is enabled by default to the console port, you can turn it off with the no logging console command.

Jenny Vo

I heard a rumor that you could actually store logging messages in DRAM, is that true?

Agent Smith

Yes, you can log messages into DRAM, the command to log messages at level 7 (debugging) would be:

ilovetrinity(config)# logging buffered

Jenny Vo

Very Cool, how do you view the logging messages?

Agent Smith

Use the same command you use to view logging information in general:

krasher# show logging

Jenny Vo

Well Agent Smith, this has been really great, I can’t wait until all Cisco products use the Virtual Reality Interface, and thank you for explaining syslog.

Agent Smith

Think nothing of it, now we’ll put your body back in the power plant.

Jenny Vo

Huh?

Back to main page

Muhammed Saeed al-Sahaf On Policy Based Routing

RG — Tue, 01 Apr 2003 07:00:55 +0000

Muhammed Saeed al-Sahaf
On Policy Based Routing

The Iraqi Information Minister

It’s well known that when Muhammed Saeed al-Saaf (MSS) speaks, people listen. What is not so well known is that the Information Minister is in charge of the single Cisco 3620 that connects Iraq to the Internet. We dispatched RouterGod Middle East Correspondent Johna Barson to Baghdad to interview MSS. She caught up to him as he was looting an abandoned 7-11 convenience store and askedhim about policy based routing, let’s join Johna as she learns about PBR from MSS!

“Your packets are fragmented
and their time to live has
exceeded”

Johna Barson

Oh, Hello! Hey, what’s that you’re loading into
your Cadillac Escalade?

MSS

It is a machine that makes a drink the infidels call a “Slurpie”, actually a very tasty beverage. The fellow who owns this store is named Apu Nahasapeemapetilon, he said that I may have it.

Johna Barson

OK, great, well I’m here about Policy Based Routing, can you tell us what it is and how it works?

MSS

I triple guarantee you, there are no American soldiers in Baghdad

Johna Barson (smiles at her escort, Sgt. Ahmet Candan, USMC)

Right…. Anyway, about Policy Based Routing?

MSS

OK, It’s like this, routers move packets from one interface to another, they determine which interface to send the packet out of by looking at their routing table. This is the natural manner in which a Cisco router works. If you want the router to handle a packet in a different manner, to send it out an interface it might not normally or perhaps you want to change the precedence value of the packet, that is PBR. You do it with Route Maps

Johna Barson

Why would you change the precedence of a packet?

MSS

Infidel! So that other routers downstream can provide different service levels, or prioritize the packets based on what the precedence field is set to. The route map uses and access list to identify the traffic, it alters the precedence, routers downstream use access-lists to recognize these packets and Priority or Custom Queuing to put the packets in special queues. This is but one way to do Policy Based Routing, there are many!

Johna Barson

What would the config look like on the ingress, or classifying router? Say you wanted to prioritize traffic going to a webserver at 172.16.1.1!

MSS

!
access-list 100 permit tcp any host 172.16.1.1 eq 80
!
route-map iraq 10
match ip address 100
set ip precedence 7
!
interface serial 0
ip policy route-map iraq
!

Johna Barson

Oh, I see! Any traffic that enters the serial interface that matches the access-list will have the precedence set to 7. Awesome! What happens to traffic that is not permitted by the access-list, is it denied?

MSS

No! It is routed normally

Johna Barson

OK, what would the config look like on the routers between the classifying router and the web server? We want to guarantee 50% of the bandwidth to this traffic.

MSS
!
access-list 100 permit ip any any precedence 7
!
queue-list 1 protocol ip 1 list 100
queue-list 1 default 2
queue-list 1 queue 1 byte-count 2000
queue-list 1 queue 2 byte-count 2000
!
interface serial 0
custom-queue-list 1
!

Johna Barson

I have to admit, that’s pretty cool. So you can tag certain traffic as it enters your routing domain, and then elsewhere in your domain, identify and handle that traffic differently, so that’s PBR?

MSS

That’s just one example, there are as many as there are grains of sand in the desert! Death to the Infidels!

Johna Barson

Yeah, whatever. Where are you going to now?

MSS

I am the new spokesman for Isuzu, I am replacing an infidel named Joe.
Praise Allah!

Back to main page

Denise Richards on the PIX Firewall

RG — Sat, 01 Jun 2002 07:00:28 +0000

(Very Basic Configuration. Part 1)

Many of our readers are now pursuing the Cisco Security Specialist 1 certificate, and still others are simply wondering how to configure the mighty PIX Firewall. The PIX Firewall is without a doubt the way to secure enterprise networks. Used in conjunction with the IOS Firewall Feature Set (now known as Cisco Secure Integrated Software) running on a Cisco router, Cisco’s security solution is far superior to weak software applications that run on Unix or NT. RouterGod Online Magazine reporter John Riehl sought out beautiful Denise Richards to help us learn how to configure the PIX Firewall. John is a Cisco instructor and holds the CCSP and CISSP certificates. When not teaching Cisco, John likes to tell wild stories about his days in the circus where he was known as the Polish Invisible Man. When not being beautiful, Denise practices kickboxing and enjoys watching American Chopper on TV. Let’s join JR as he interviews Denise about the PIX Firewall. RFC 1918 Addresses are used to protect the innocent.

With her hair up, Denise now meets the
business casual dress code at
most workplaces.

Well hello Denise, thanks for agreeing to help us learn how to configure the PIX Firewall.

Denise

It’s my pleasure Yuriy, let’s cut right to the chase and talk about the PIX. The PIX is not a router, it can not participate in dynamic routing protocols. The PIX in it’s most basic form is simply a box with 2 Ethernet interfaces. One interface is “inside” and one interface is “outside”. Traffic can not flow from the outside interface to the inside interface unless you specifically allow it. Traffic can not flow from the inside interface to the outside interface unless you configure Network Address Translation. Traffic initiated from the inside may return through the outside interface.

So the PIX is really just a couple of NIC cards?

Denise

Not so fast Comrade! The PIX uses the Adaptive Security Algorithm to perform Stateful Packet Inspection on traffic leaving the Firewall. The PIX uses a real time, embedded operating system to track the propriety of thousands of simultaneous connections.

Oh My God! This sounds too complicated! Let’s forget about it, maybe you should tell us how a console cable works or maybe which end of a power cord plugs into the wall…

Denise

Ha Ha! Don’t be such a baby! The PIX is easy! It uses a Command Line Interface, not one of those complicated GUI’s like Checkpoint! The PIX has 3 command modes: User Mode, Privileged Mode and “Global” Config Mode. There is no concept of Interface Config Mode and the cool thing is that SHOW commands can be used at Global Config! By default the PIX interfaces are shutdown. To do a “no shut” on the outside interface you would use the following command: interface ethernet0 auto. To give it an IP address you would use a command like this: ip address outside 192.168.1.1 255.255.255.0

PIX Facts

PIX 535 - 500,000 Connections
PIX 525 - 280,000 Connections
PIX 515 - 125,000 Connections

Wow! You really know your PIX Firewalls!

Denise

What do you think, I’m just a hot babe? Now lets configure Network Address Translation. It consists of 2 steps, defining the inside users eligible for outbound connections and defining the pool of global IP addresses to be translated into. If you wanted all your users to use NAT the command would be: nat (inside) 1 0.0.0.0 0.0.0.0 The “1″ in this command is the “NAT ID”, it must match the NAT ID in the global command, which I’ll show you in a minute. The fields 0.0.0.0 and 0.0.0.0 are IP Address and Netmask respectively. The PIX will let you abbreviate a default field with a single zero Here is an example:
nat (inside) 1 0 0

The next step is to define the pool of global IP addresses. Let’s say that you have the range 192.168.1.2 through 192.168.1.6/24 The command would be:
global (outside) 1 192.168.1.2-192.168.1.6 netmask 255.255.255.0

Don’t forget that the IP address of the PIX’s outside interface cannot be in the pool of global addresses.

So now the users on the inside can get out. In a small network, how does the inside traffic that is destined for the outside world know about the PIX?

Denise

If it’s a small network, like one subnet and no internal router, just configure all the workstations Default Gateway with the IP address of the PIX’s inside interface. If there is an internal router between the PIX and your users, the workstations will naturally have the router as the Default Gateway and the router will have a default static route pointing to the PIX. If there are internal networks on the other side of your internal router (from the PIX’s perspective), you have to tell the PIX about them.

How do you do that? How does the PIX know where to forward packets for those networks that are not directly connected?

Denise

It’s easy, you do it with a static route statement. Say the PIX is directly connected to the 10.1.1.0/24 network. The 10.1.2.0/24 network is on the other side of a router with an IP address of 10.1.1.3 You would add the following command:
route inside 10.1.2.0 255.255.255.0 10.1.1.3

OK, I see how inside traffic makes it to the PIX, but how does the PIX know what to do with the outbound traffic?

Denise

You would configure a static default route, say the next hop router is at 192.168.1.254, the command would be:
route outside 0.0.0.0 0.0.0.0 192.168.1.254

What if I have a web server inside at 10.1.1.7 but it is known globally with the address of 192.168.3.22?

Denise

You would use a “static” to allow this translation from the outside to the inside, here’s how:
static (inside, outside) 192.168.3.22 10.1.1.7 Just writing the static is not enough though, you have to expressly grant permission for traffic to flow inward, you do it with a “conduit”. A conduit is like an extended access-list except the source and destination fields are reversed. Here’s the conduit that corresponds with the above static:
conduit permit tcp host 192.168.3.22 eq 80 any Notice that conduits use the Global address and not the local (inside) address from the static command.

Believe it or not, that skirt retails for $1200!

Back to RouterGod Online Magazine

Meet Sexy Singles

Fabio on Cisco’s IGRP Protocol

RG — Sun, 01 Jul 2001 07:00:13 +0000

Welcome to another RouterGod celebrity interview. Over the years we at RouterGod Online Magazine have interviewed many beautiful and alluring female celebrities on the subject of Cisco internetworking. Yet our women readers constantly complain about the lack of eye candy for them. We tried to placate them with our interview of Hank The Angry Drunken Dwarf but the complaints persisted. So we contacted Fabio and he graciously agreed to an interview. But who should interview Fabio? We were at a loss until someone suggested network goddess
Priscilla Oppenheimer. Author of such books as Top Down Network DesignÂ© and Advanced Particle Weapons For DummiesÂ©, Priscilla Oppenheimer is also a much sought after guest speaker and technical instructor. It is with great pride that we bring you this interview with Fabio on Cisco’s Interior Gateway Routing Protocol:

Although us guys can’t
understand it, women find Fabio
quite attractive. Go figure.

Priscilla Oppenheimer

Fabio, wow, I hope you don’t mind me saying so, but I would have never guessed that you were interested in routing protocols.

Fabio

Do not apologize my darling. There are many things about Fabio that would surprise you.

Priscilla Oppenheimer

Well, let’s get started, what is it about IGRP that got you interested in it?

Fabio

Oh my sweet, special little flower of womanhood, you are so impetuous, you want Fabio to share with you the intimate and private details of my relationship with a routing protocol, do you think Fabio is the type of brute who would kiss and tell?

Priscilla Oppenheimer

Good grief! What on earth are you rambling about? I asked you a simple $@#*% question! Please, without all the sticky romantic hyperbole, tell us about IGRP!

Fabio

Oh, you are playing hard to get! Fabio likes a woman with spirit! Alright then, Fabio will say the words you want to hear. Fabio will tell you about IGRP. As you know, IGRP is a Distance Vector protocol. I don’t know how you Americans say it but in my country they say that a Distance Vector protocol spreads much gossip.

Priscilla Oppenheimer

Yes, we say “Routing by Rumor”.

Fabio

Yes! I can see you are a woman of the world! A Distance Vector protocol simply gives a copy of it’s routing table to it’s neighbors, and they alter the metric to reflect the added cost and merge it with their own routing table.

Priscilla Oppenheimer

What sort of metric does IGRP use?

Fabio

Oh my Dear Priscilla, I will tell you. IGRP uses a composite metric based on the lowest bandwidth along a route and the sum of the delay along the same route. As you know, this is a much superior metric than RIPs metric, which is simply, hhmmmmmm, how do you say? a quantity of leaps…

Priscilla Oppenheimer

We would call RIPs metric a hop count. What else makes IGRP better than RIP?

Fabio

Well, my inquisitive and sweet bundle of joy, RIP only allows a network diameter of 15 hops, where IGRP can support a network diameter of up to 255 hops although 100 is the default.

Priscilla Oppenheimer

How often does IGRP send routing update? Rip sends them every 30 seconds.

Fabio

IGRP sends out updates every 90 seconds, and it uses triggered updates and hold down timers, just like RIP. These features speed up convergence.

Priscilla Oppenheimer

Is IGRP a published standard, like RIP? RIP is described in RFC 1058.

Fabio

IGRP was created by Cisco, it only runs on Cisco routers. There is no RFC as it was never submitted to the general public for comment. Let me tell you what makes Cisco so special. Would you like to hear why Cisco is so special my little dove?

Priscilla Oppenheimer

Alright, Fabio, if you insist.

Fabio got his start posing for the covers of
romance novels. Romance novels are actually pornography for women. Since there are no lewd, explicit photos, romance novels are all but unknown to men.

Fabio

Cisco is a lot like Fabio, beautiful and one of a kind. Cisco invented the router. Soon thereafter many imitators began selling routers but Cisco was the first, just like Fabio was the first. Cisco is the only company that actually created their own routing protocols like IGRP and EIGRP. No other company can say that. Not HP, not 3 Com, not Juniper, no one. Cisco is head and shoulders above the competition, just like Fabio.

Priscilla Oppenheimer

How do you configure IGRP on a Cisco router?

Fabio

It is very easy my dear, Fabio will show you. Put your hands on the keyboard and Fabio will place his hands on top of yours. Then I will teach you. I will be gentle, I will show you the ways of the Command Line Interface, you have nothing to fear, Fabio will protect you.

Fabio and Priscilla embrace.

“He’s not the sharpest pencil in the box, but
he’s good looking and seems to be a nice guy”
—-Priscilla

Priscilla Oppenheimer

Look, Casanova, if you so much as touch my hands, I will slap you so hard your kids will be dizzy! Simply telling me the commands will be sufficient.

Fabio

You are truly a hot blooded woman, Fabio approves! Very well. Fabio will tell you what you need to hear. Fabio knows what a woman needs to hear. Come close, I will whisper in your ear, I will say things no man has ever said to you. Perhaps now you are feeling light headed. Perhaps soon you will swoon and fall into a love induced delirium…

Priscilla Oppenheimer

You don’t know the commands! Ha! I caught you! You are vamping for time, hoping I will forget the question! Isn’t that right, Fabio?!?! You don’t have a clue, do you? Every CCNA on the planet knows the commands, but you don’t, do you?

Fabio (eyes cast downward)

Do not be cross. Do not be disappointed in Fabio. Fabio is only a man, he cannot bear to think that he has let a woman down. My heart is heavy and filled with remorse. Fabio remembers when love filled our happy hearts. All that is left for Fabio is to end it all, perhaps I will jump into a river, perhaps I will overdose on sleeping pills and dream of our time together. Yes my Priscilla, remember me when I am gone…

Priscilla Oppenheimer

You’re doing it again! As soon as you can’t answer a question, you launch into that romance novel mumbo jumbo! Please, give it a rest. I will tell you the commands to configure IGRP. First from Global Config mode you enter the command router igrp followed by an autonomous system number, one will do. Then you have to advertise your networks using the network command, just like you do with RIP.

Fabio

Fabio must confess that he forget all the commands you taught him during the practice interview, how do you verify that IGRP is working?

Priscilla Oppenheimer

Examine the routing table using the command show ip route, also look for the proper configuration by using the command show running-config. You can also do some debugging and also use the command show ip interface brief to make sure your interfaces are UP and UP.

Fabio

Fabio says “Thank you”.

Priscilla Oppenheimer

Priscilla says “You’re welcome”.

Back To RouterGod Online Magazine

Trinity Explains The IP Helper-Address Command

RG — Sat, 02 Jun 2001 07:00:23 +0000

As most Cisco engineers know, The Matrix is everywhere, it is all around us. Even now in this very room, you can see it when you look out your window or when you turn on your television. You can feel it when you go to work, when you go to church, when you pay your taxes…But enough bad news! Today we get to interview hot Matrix babe Trinity. Trinity is going to help us settle an old argument that has caused much strife in the Cisco ranks: Do Cisco routers block or forward broadcasts? Ask a CCNA and he will say Cisco routers block broadcasts. Ask a CCNP and he will say that yes indeed, Cisco routers forward broadcasts. Ask a CCIE and he will respond wisely “It depends”. Trinity has entered the Matrix for the sole purpose of clearing this up for us. Interviewing Trinity will be RouterGod field reporter Mitch Turner. Let’s give a warm RouterGod welcome to Trinity:

When in the Matrix, Trinity prefers to dress in an inconspicuous fashion.

Mitch

Welcome Trinity, boy are we glad to see you! The world of Cisco has been turned upside down over the controversy surrounding broadcasts. Cisco’s stock has reached an all time low due to the constant bickering over broadcasts. What’s the score? Do Cisco routers forward broadcasts?

Trinity

I guess the best answer is that Cisco routers by default do not forward broadcasts, but can be configured to do so quite easily.

Mitch

That doesn’t make sense. Why would anybody in their right mind want to forward a broadcast? After all, that’s why we need routers in the first place, to reduce broadcast domains, right? Why would you want to forward an ARP broadcast for example?

Trinity

I doubt that you would ever want to forward an ARP broadcast. But there are many types of broadcasts besides ARP.

Mitch

There are? Like what?

Trinity

Well a good example would be when a workstation that is a DHCP client boots up, it sends out a broadcast looking for a DHCP server. I’m pretty sure you want the DHCP server to respond and give the client an IP address.

Mitch

Well, sure, but why not just put your DHCP server in the same subnet as the client? Problem solved!

Trinity

Do you have a Microsoft MCSE certificate?

Mitch

Yes!

Trinity

I thought so. Bill Gates has convinced you that you need a Windows DHCP server in every subnet, hasn’t he? The truth is, you only need one DHCP server and one as a backup. You can configure a Cisco router to forward BOOTP broadcasts to the centralized DHCP server and save your company thousands of dollars.

Mitch

Holy smokes! How do you do that?

Trinity

Just enter the command: ip helper-address followed by the address of the machine you want the broadcasts to be forwarded to.

Mitch

Where does this command go?

Trinity

You place the command on the interface you expect to be receiving the broadcast.

Mitch

Does this command cause the router to forward all broadcasts?

Trinity

By default, the ip helper-address command will forward these 8 UDP ports:

Trinity is from the future. A future where the Cisco routers and switches have taken over the earth. In the future, humans become the energy source that powers Cisco routers. By the way, if anyone should ask, take the red pill. You can thank us later.

UDP PORT	Common Name.
69	TFTP
67	BOOTP Client
68	BOOTP Server
37	Time Protocol
49	TACACS
53	DNS
137	NetBios
138	NetBios Datagram

Trinity is grief stricken after hearing that the Cisco stock she paid $70 a share for is now worth $18 per share. Don’t give up your day job, Trinity!

Mitch

OK Trinity, cool. What happens if I have a DHCP server, but the interface with the ip helper-address command receives a DNS query? Will it forward it to my DCHP server?

Trinity

Yes! Any of these eight broadcasts will be sent to whatever address you have specified. If those ports or services are not available on the target machine, an ICMP Port Unreachable error message will be sent back. This may have an impact on bandwidth.

Mitch

What if I have several machines I want to send these broadcasts to, do I have to enter this command once for every machine I want to target?

Trinity

If the machines you are targeting are all on the same subnet, like a server farm, you can specify a directed broadcast.

Mitch

Can I use one command to forward to a directed broadcast address and another command to specify unicast IP addresses of machines on other networks?

Trinity

You bet! You can mix and match

Mitch

If the ip helper-address command can take a broadcast and turn it into a unicast, must the target machine be directly on the other side of the router?

Trinity

No, you can use an address to any destination on your network.

Mitch

How do the routers know how to get the packet to the target machine?

Trinity

These are routers, right? That’s what they do…

Mitch

Oh yeah! I forgot for a second. One more thing, is there any way to customize what ports get forwarded? Can I delete some of the 8 default UDP ports or add new ports I want forwarded?

Trinity

Definately! There is a command you use in global configuration mode that the ip helper-address command will consult for more specific instructions. It is the ip forward-protocol command.

Mitch

Let’s say I want the default 8 ports plus I want port 2000 which is a broadcast port we use for a custom application our users use at work? How do I do that?

Trinity with trademark misplaced strand of hair. To the right is Neo, he is a computer hacker who saves the world. To the left is Switch, she dies when Cipher yanks the jumper cables out of the back of her head.

Trinity

Well, put you ip helper-address command on the interface that receives the broadcasts, then in global config mode enter the command: ip forward-protocol udp 2000 and that should do the trick.

Mitch

Here’s another one, say I only want to forward TFTP broadcasts, how do I do that with the ip forward-protocol command?

Trinity

Easy, here’s how, you just have to specify the ports you don’t want forwarded:

no ip forward-protocol udp 37
no ip forward-protocol udp 49
no ip forward-protocol udp 53
no ip forward-protocol udp 67
no ip forward-protocol udp 68
no ip forward-protocol udp 137
no ip forward-protocol udp 138

Mitch

OK, now I get it, out of the box, Cisco routers do not forward broadcasts, but like everything else, Cisco has given us a way to tweak and customize things for our own individual networks. Very Cool! Why don’t they teach this in CCNA class?

Trinity

They did for CCNA version 1, but now it is taught in CCNP, it’s definitely on the BCSN test so remember the commands!

Mitch

Hey thanks, Trinity. How did you know that I needed to learn these commands?

Trinity

The Oracle prophesized it.

Mitch

Huh?

Back To RouterGod Online Magazine

Hank The Angry Drunken Dwarf on IOS DHCP

RG — Fri, 01 Jun 2001 07:00:13 +0000

When we first met Hank the Angry Drunken Dwarf he was bombed out of his mind. When RouterGod staffers are not installing Cisco routers and switches we like to hang out at the Smog Cutter bar in Los Angeles. It was at the Smog Cutter that we met Hank. We were shooting pool in the back, talking about how great it is to be young, Cisco certified and living in Southern California when suddenly Hank appeared. Hank was drunk, smelly, foul mouthed and seemed mad at the world. What a mess. But we took pity on him and stuffed him in the trunk of Doug’s 750iL and took him to our office where we scrubbed him down and sobered him up. We enrolled him in a CCNA class and are very proud of Hank’s progress, it’s only been 5 months and already he can subnet a class B IP address! Let’s give Hank a warm, RouterGod welcome as he discusses how Cisco’s IOS software implements DHCP:

Hank the Angry Drunken Dwarf.

Shut yer festering pie holes! That’s more like it! I’m here to tell you guys about how to configure DHCP on a Cisco router. Shut up! I’ll kick yer ass! OK. Listen up. Where was I? Oh yeah, Dynamic Host Configuration Configuration Protocol, DCHP…ahhh..HPCD…wait a minute..DHCP…ha ha, got it. What the F#CK!?!? Who threw that! Knock it off!

Configuring DHCP on a Cisco router can be very useful. Say you work at a place that has a Windows NT server providing DHCP services. The NT server crashes and now no new DHCP requests can be fulfilled. The server guys are going crazy trying to get the NT server back up, they’re getting blue screens and there’s lots of panic and chaos in the server room. But you step in and calmly mention that you can configure the router to provide DHCP services, a collective roar of applause erupts from the server guys and once again, you’re a hero! Another bitch’n scenario is when you have remote sites that connect to a hub site using ISDN. You want the spoke sites to run DHCP locally so they don’t need to bring up the link and get addresses from the hub site. Each remote site must have a router so if you configure each spoke router to distribute addresses from a unique pool of addresses you will say that traffic from crossing the link.

OK, first off let’s do a little review, since I’m only 4 feet tall, a “little” review is all yer gonna get..ha ha, come on folks, that was funny, I’m here all week, don’t forget to tip your waitress…uh. Why do you suppose we need a Dynamic configuration protocol anyway? That’s right, it’s because the network administrator is a lazy bastard and doesn’t want to manually configure every workstation in his network! How DHCP basically works is you have a DHCP server that provides IP addresses to workstations that ask for IP addresses. The DHCP server is configured with a pool of addresses known as SCOPES. The DHCP server will automatically assign reusable IP addresses to clients from the SCOPE of addresses. The DHCP server can also provide other information along with an IP address, like the address of the DNS server, default gateway, WINS server, domain name and what type of NETBios node the client should be. Netbios node type? What the hell is that? Oh now I remember, that tells a Microsoft workstation how it should try to resolve netbios names.

After I get another beer I’ll tell you how all this happens, then I, Hank the Angry Drunken Dwarf will actually configure DHCP on a Cisco router. Whoop! Whoop! I can’t even spell DHCP and I’m going to configure it. Big time! Oh yeah, Christ, I almost forgot, your DCHP server, actually it’s a router running DHCP server emulation on it, can be anywhere. Your DHCP server does not have to be on the same network as the clients requesting DHCP addresses. The clients use broadcasts to find a DHCP server. Ha! Ha! I know what you are thinking, routers don’t forward broadcasts, boy, Hank is a dumb ass! Well I say “up yours!” Routers do forward broadcasts if you type in the ip helper-address command, so there! I’m gonna go chug a couple of beers and I’ll come back and we’ll figure this all out, packet by packet.

OK, I’m back, let’s (Hank lets out an impressive belch) bbbbbrrrrrrrriiiiiiipppppp!, excuse me. Let’s get down and dirty and see how this DHCP works. First off, some joker in accounting turns on his PC. His PC has an IP protocol stack that has already been configured to receive an IP address and related information dynamically. So this guy’s PC will send out a DHCPDISCOVER packet, and this is a broadcast. The Cisco DHCP server receives this broadcast and will respond with a DHCPOFFER which is sent via unicast directly to the requesting station, pretty cool, huh? If there are many DHCP servers, the workstation may get several replies but usually responds to the first DHCPOFFER it receives. If the workstation wants the address offered it will now respond with a DHCPREQUEST again by broadcast, this way any other DHCP servers will hear what’s going on and privately withdraw their offers. If the workstation did not want the address offered, it would respond with a DHCPDECLINE message. If the workstation replied with the DHCPREQUEST it would receive a DHCPACK from the server indicating that this address and associated information is now theirs to use.

Small of stature, yet a mighty thirst!

Workstation ——— DHCPDISCOVER ———–> DHCP Server
Workstation<————-DHCPOFFER—————DHCP Server
Workstation————DHCPREQUEST————>DHCP Server
Workstation<————–DHCPACK—————–DHCP Server

Hey you guys, this is interesting: before a Cisco DHCP server responds with a DHCPOFFER it will ping the address it’s offering twice just to make sure nobody is using it. That’s something you can configure too. When an address is issued to a workstation, it is a lease. The default lease time is 24 hours. When you configure DHCP Server on a Cisco Router, you create a pool of addresses to choose from. You can also exclude a range of addresses within the pool and you can configure it so there is a mapping between a MAC address and an IP address, that way the same machine will always get the same IP address. You can run DHCP on the following routers: 700, 800, 1000, 1400, 1600, 1700, 2500, 2600, 3800, 4000, AS5100, AS5200, AS5300, 7000, 7100, 7200 and 12000 Series and the Catalyst 5000 with RSM and Catalyst 6000 with MultiLayer Switch Feature Card

How do you enable DHCP on a Cisco router? It’s easy! It’s on by default! DHCP Server is already running and you didn’t even know it! Ha! I knew that and you didn’t! That’s why Hank the Angry Drunken Dwarf gets the big bucks! All you have to do is configure a few variables and men will want to shake your hand and women will want to bear your children. Let’s get busy with some configuration tasks. All configuration is done from Global config mode. Let’s start with manual bindings. Manual bindings are reserved addresses that are mapped to MAC addresses. Manual bindings also logs address conflicts. We are not going to use this feature so to turn it off you enter:

no ip dhcp conflict logging

The next thing to do is configure the address range to exclude. We want to exclude: 172.16.1.100 172.16.1.103

ip dhcp excluded-address 172.16.1.100 172.16.1.103

Next we want to create a name for our pool of addresses:

ip dhcp pool drunkendwarf

Now we can define the scope of addresses:

network 172.16.0.0 /16

Now we are going to configure a domain name:

domain-name hank

Don’t forget the DNS Server:

dns-server 172.16.1.102

You better have a default gateway!

default-router 172.16.1.100

Now we will configure the address for the WINS server:

netbios-name-server 172.16.1.103

Last but not least we’ll tell the microsoft clients what node type they are:

netbios-node-type h-node

Now that wasn’t so hard was it? Now I went to public school but according to my arithmetic that’s only 9 commands. Hey! Nine is my lucky number! Cats have nine lives, I can remember that. Anyway, that’s your lecture on how to setup DHCP on a Cisco router. This subject is covered in great detail at Cisco. Before you leave let’s check out what the config looks like:

!
!
no ip dhcp conflict logging
ip dhcp excluded-address 172.16.1.100 172.16.1.103
!
ip dhcp pool drunkendwarf
network 172.16.0.0 /16
default-router 172.16.1.100
domain-name hank
dns-server 172.16.1.102
netbios-name-server 172.16.1.103
netbios-node-type h-node
!
!

Back to RouterGod Online Magazine

Max Throughput, CCIE

RG — Tue, 03 Apr 2001 07:00:17 +0000

The true life adventures of…

Max Throughput, CCIE

There I was, minding my own sweet business, drinking a shot of rot gut whiskey and having a smoke when suddenly the phone rang. With a sense of weary anticipation I picked up the phone, “Talk to me” I barked. On the other end there was a moment of silence and then a woman spoke “Is this Max Throughput, the famous CCIE?”. “The one and only, Babycakes. What can I do for ya” I growled. “It’s…it’s my router, something’s wrong…look, can we meet somewhere?” she replied nervously. “Sure doll” I said, “I haven’t had breakfast yet, how ’bout we meet at the House of Pancakes in an hour”. Her reply was short and sweet: “I’ll be there” and she hung up.

Being a CCIE in a big city like Los Angeles is not all fun and games if ya know what I mean. You never know what’s going to happen next. And trust me, there’s lots of people who would like you to fail. I have survived because I can think quick on my feet and I’m not afraid to pull out my roscoe and start shooting up a NOC when things get ugly.

But enough tough talk, I pounded down the last of my whiskey, stubbed out my Camel in the ashtray, put on my hat and coat and headed out the door for another adventure. I walked down the street to the House of Pancakes. As I neared I was greeted by the inviting smell of eggs and waffles. But I also sniffed something else: trouble. I opened the door and surveyed the joint. Standing alone near the counter was a classy looking dame. She was a brunette, wearing a low cut blouse, short skirt and had a pair a gams that went all the way to the floor. I walked up behind her, pinched her ass and said “Hey sugar lips, you called?”. She swung around and with a look of horror exclaimed “I beg your pardon!”. “So you wanna play hard to get” I smirked, “I can play that way too” I said. She rolled her eyes in mock disbelief and stormed out of the joint.

“Well, there goes another satisfied customer” I thought. No use letting the morning go to waste though, so I sat down at the counter and ordered a Rootie-Tootie breakfast. Soon my breakfast arrived and as I was trying to decide which of the 25 different syrups to pour on my pancakes a beautiful blonde sat down next to me. She glance nervously at me and said “Are you Max?”. “All depends who’s asking” I smugly intoned. “I called you, thanks for meeting me” she said with a voice that was so husky it could pull a dogsled. “I hope you can help, my router has quit working and if I don’t get it fixed today, my boss will fire me” she said breathlessly. “Sure cream puff, I can help you but there’s the small matter of my fee” I said. She leaned into me and in a conspiratorial tone said “What ever the cost, I will pay it. Please Mr. Throughput, you’re my only hope” she pleaded.

I looked her over with a studied eye. I took note of the Cartier wristwatch, the Gucci handbag, the unmistakable swell of her breast implants. No doubt about it, this broad was loaded. “Five hundred dollars and you pay for breakfast” I said. “Oh thank you, Max!” she gushed. After I finished my third breakfast, she paid the check and I followed her out to her car. As we got into her Mercedes 560 I silently admonished myself for not charging her more. She drove us through the mean streets of Los Angeles and into the sexually ambiguous area of West L.A. Soon we arrived at a nondescript building off Wilshire. I followed her to the entrance, admiring the womanly sway of her hips, this dame was definitely a looker.

She opened the door and led me to the computer room. It was the usual computer room: raised floor, racks and racks of servers and assorted networking gear. Then my eyes settled on it, a Cisco 2620 with a console cable leading to a notebook PC. “Is that the little bugger?” I asked, already knowing the answer. “Yes, please see what you can do” she said. “No problem dumpling, just relax while I work my magic” I responded coolly.

I sat down at the computer, flicked my cigarette butt into a nearby box full of DLT tapes and entered the command show run. The Cisco router obediently coughed up it’s config. Perusing its contents I noticed that this router was configured for inter VLAN routing or “Router on a stick” as we say in my line of work. That means that the FastEthernet port was divided into sub interfaces and was trunked to a switch somewhere. I noticed that the encapsulation was ISL, Cisco’s proprietary trunking encapsulation. Using ISL encapsulation shows breeding and good taste, who ever configured this router was no slouch. Well the config looked fine, no problems other than the type 7 encryption on the password. Next I entered the command show ip route and what I saw even shocked a grizzled CCIE like myself: no routes! Nada, zilch, zero, goose egg, you get the picture.

Let me explain something to you, directly connected interfaces that are active should always show up in the routing table. No ifs, ands or buts. I reached into my pocket and pulled out my whisky flask and swilled down a gulp of liquid confidence for I knew this was going to be a tough one.

Next command I entered was show ip interface brief. It was there I noticed that the FastEthernet interface was UP and DOWN! This command shows the interface status and the protocol state. You want to see UP and UP for status and protocol respectively. For the status to be up, the interface must be administratively up as in NO SHUT and there must be a cable plugged into it. For the protocol to be UP there must be a keepalive signal that has been detected by the interface. It’s possible to see UP and UP, UP and DOWN, DOWN and DOWN but you would never see DOWN and UP because how would you be getting keepalives if the cable is unplugged? Are you getting my drift?

Everything looked hunky dory on the router so I next went to go check out the switch to see what was wrong. My gorgeous new client followed to the end of the row of racks where the Catalyst 5000 was. I started checking the cables when one of them fell right out! “This looks like yer problem right here” I said as I examined the RJ45 connector on the cable. “That’s funny” I muttered as I noticed that someone had placed transparent scotch tape over the pins of the connector…

It was then I felt her right behind me, I smelled her expensive perfume and sensed the heat radiating from her bosom. I spun around quickly and confronted her: “Alright sister! The jig is up, My mother didn’t raise any mentally defective offspring and this is a frame up!” I shouted. “But…But what do you mean?” she stammered. “Oh you’re a clever one, I’ll grant you that, but save your little miss innocent act for someone else, I’m a Cisco CCIE and you’re not gonna pull the wool over my eyes” I shot back.

“Ok! I confess!” she cried “I admit it, I taped the connector, it was just a ruse to get you up here”. “You better start talking girlie before I lose my patience” I ordered. “I’ve always wondered what it would be like to be with a CCIE” she said in a hushed tone. “Surely you can’t blame me?” she asked playfully. She then grabbed me by my lapels, pulled me towards her forcefully and planted a big wet kiss on my lips. “Well ok” I said. “But this will cost you double…..”.

Stay tuned for more upcoming adventures of America’s favorite CCIE, Max Throughput!

Back to RouterGod Online Magazine

Elizabeth Hurley on the Cisco 2600

RG — Mon, 02 Apr 2001 07:00:57 +0000

RouterGod Field Reporter Erwin Chiong snagged this cool interview while installing a Cisco 2650 at a modeling agency in London, England. Turns out you have to walk through a dressing room to get to the router in a wiring closet. Erwin really milked this one. Who would have guessed that it takes 3 days to configure RIP routing? Actually Erwin spent one hour on the router and 3 days helping the Elizabeth Hurley get in and out of different outfits. Miss Hurley was so appreciative she agreed to talk with him about the Cisco 2600 series of routers. Let’s join Erwin as he talks to Elizabeth Hurly about Cisco routers!

Believe it or not, Liz doesn’t own
a single pair of pants!

Erwin

Hey Liz! How about telling us about the Cisco 2600 series routers!

Liz

Well, let’s see, where to start. Very well, the 2600 series is a product aimed at branch offices. They come with RISC processors and have 2 WAN card slots and 1 Network card slot.

Erwin

Not too shabby, 2 WIC slots.

Liz

Oh, I forgot, the 2600 WIC modules can also be used in the 1600, 1700 and 3600 routers, this way you can stock fewer WICs if you have these routers in your enterprise.

Erwin

How much memory do 2600s come with?

Liz

8 Megabytes of Flash and 32 Megabytes of RAM.

Internet Dating Service, Meet Sexy Singles Near You

A poor swimmer, Liz often washes up on shore wearing only panties.

Erwin

The model numbers are kinda confusing, how do you know what the numbers mean?

Liz

First off, they all start with the number 26, so we can set that aside. If the last 2 digits are in the 50s that means a high performance CPU. If the last number is a 1, that means it has 2 Ethernet Ports.

The 2610 is the basic model with one Ethernet port, the 2611 has 2 Ethernet Ports.

Erwin

Can you show us a product matrix?

Liz

Sure, here goes:

Model	CPU	Ports
2651	80 MHz	2 FE
2650	80 MHz	1 FE
2621	50 MHz	2 FE
2620	50 MHz	1 FE
2613	40 MHz	1 TR
2612	40 MHz	1 TR + 1 E
2611	40 MHz	2 E
2610	40 MHz	1 E

Erwin

Wow! You really seem to know your stuff, have you ever thought of quitting modeling and getting into Cisco routers?

Liz

Funny you should ask! I plan on getting my CCNA when I’m too old to model, maybe next year.

Erwin

No Way!

Liz

Way!

She’s just skin and bones. The poor dear…

What we’ve learned

The 2600 is for branch office applications.
The 2600s have 2 WAN slots.
The 2600s have 1 Network Module slot.
All 2600s use a RISC processor.
There are 3 CPU speeds to choose from.
Modules are compatible with the 1600, 1700 & 3600 series.

Back to RouterGod Online Magazine

Anna Nicole Smith on Catalyst 1900

RG — Sun, 01 Apr 2001 07:00:48 +0000

RouterGod reporter and Catalyst enthusiast Tom Hatton was tasked with interviewing Anna Nicole Smith about the Cisco Catalyst 1900 series of switches. Anna was born in Mexia, Texas in 1967 and slaved away at such menial jobs as Supermodel and actress until she realized every woman’s dream of marrying an elderly billionaire. At 5′11″ and 165 pounds this buxom blonde is more woman than the average man can handle. But here in Southern California we are surrounded by the most beautiful women in the world and even Anna Nicole Smith seems mediocre by comparison. What does make Anna special is her appreciation for the finer things in life, such as Cisco Catalyst switches. Let’s join Tom as he interviews Anna Nicole Smith at the Patina restaurant in Los Angeles:

Anna at Patina restaurant in Los Angeles.

Tom

Hi Anna, why don’t you tell our readers how you became familiar with Cisco switches?

Anna

Well, a friend of mine is a diamond salesman, actually he works at Van Cleef and Arpels jewelers in Beverly Hills, I wanted something nice, like a Rolex watch or something. So my friend showed me a Cisco Switch. I had never seen a Cisco switch before, but I have seen other LAN switches. Most LAN switches are really ugly but when I first saw the Cisco switch, I remember thinking how elegant and understated it was. It was black and dark green. I fell in love with it, it was a Catalyst 1912.

Tom

There’s no doubt about it, Cisco switches are beautiful. But it’s how they perform that makes them great.

Anna

I wouldn’t know. I just collect them. The Cisco reseller comes by every Thursday. He leaves six or seven “5 packs” of switches on my doorstep. I now have over 400 Catalyst switches in my collection.

Tom

Wow! 400 switches, that’s a lot! Are they all 1900s?

Anna

Yeah, 1912s and 1924s. Some are Enterprise version. Hey, are you hungry? Can we order appetizers? I want a drink too. (Anna motions to the queer-gay waiter and we order Escargot and martinis.) Oh yeah, where were we…my switches. Yepper, I got lots of switches!

Tom

Can you explain the differences between the different 1900 series switches?

Anna

Sure baby cakes! OK, here’s the deal, there are 2 types you can order, the Standard version and the Enterprise version. Then there are 2 basic models the 1912 and the 1924.

Tom

Oh I think I get it! The 1912 has 12 Ethernet ports, right?

Anna

Nope it has 14!

Tom

14? That doesn’t seem to make sense. Can you explain that?

Anna

Well, the 1912 has 12 10BaseT ports and Cisco gives you 2 “bonus” 100BaseT ports. Likewise the 1924 has 24 10 Megabit Ethernet ports and 2 Fast Ethernet Ports. And don’t forget you can order these as either Standard or Enterprise.

Tom

Why is there only 2 Fast Ethernet ports and 12 or 24 regular Ethernet ports, why not just make them all Fast Ethernet ports and be done with it?

Anna

Why not 100 Fast Ethernet ports? The fact is, this is a low end switch aimed at wiring closets and hub replacements. This is an inexpensive switch, the standard version of the 1912 is about $900. A 1924 Enterprise version is about $1700. So you see, these are very affordable for small businesses that want to move to switched Ethernet. On the standard version, the 2 Fast Ethernet ports can be used when you need to connect to a 100BaseT segment, on the Enterprise version, the 2 Fast Ethernet ports can be used for ISL trunking between switches.

Tom

What else does the Enterprise version give you?

“Behind every beautiful woman is a beautiful behind”

Anna

The Enterprise version gives you the Cisco IOS Command Line Interface and you can use Uplinkfast for increased reliability.

Tom

How about VLANs? How many VLANs can a single 1900 switch have?

Anna

Each 1900 can have 4 VLANs hosted on it. That should be plenty considering this is an access level, wiring closet switch.

Tom

What if my wiring closet is really far away? Too far for Copper based Ethernet, what can I do?

Anna

No problem, Cisco has thought of everything. Buy a 1924F. The F suffix means 100BaseFX. That’s means that by using optical fiber, your little switch can be up to 2 kilometers away!

Tom

Very nice! What do the 1900s use for CPU’s and how much memory do they have?

Anna

The 1900s use Intel 486 chips. Each 1900 comes with 1 MB of Flash and 2 MB of RAM memory. That’s plenty of memory for this type of switch. While we’re talking hardware, each 1900 can store 1024 MAC addresses and has a 1 Gbps backplane. And another thing, baby cakes, all the Ethernet ports support full or half duplex connections.

Tom

Hey Anna, I’m impressed! You really know your stuff. Thanks a lot!

Anna

My pleasure, pumpkin. Let’s drink some more martinis.

Back To RouterGod Online Magazine

Paul Hogan on HSRP

RG — Thu, 01 Feb 2001 07:00:09 +0000

What our viewers down under may not know, is that Paul Hogan has been very busy here in the U.S. promoting the Australian tour and vacation industry. I mean, it’s relentless. Everywhere you turn, there’s Paul and his smelly little friend, Vic the Koala. Americans love Australia and having Paul Hogan up here, dragging this flea bitten, disagreeable koala from place to place is so unnecessary. Every day the television news shows another innocent American getting fiercely attacked by this rabid koala as Hogan struggles to gain control of the ravenous beastie. And you Aussies are living the good life down in OZ unaware of the carnage that Hogan and his maniacal, blood thirsty koala are wreaking up here in the ‘States. We love Australia, we forgave you for Helen Reddy years ago. We promise to come visit, but please, please make Hogan stop! We met Hogan here in Los Angeles at an autograph signing where the LAPD had to restore order after “Vic the Koala” went on another one of his trademark rampages. Hogan was so shaken and apologetic that he agreed to do an interview about Cisco’s Hot Standby Router Protocol. Let’s join RouterGod reporter Doug Leong as he talks to the star of those cool Crocodile Dundee movies, Paul Hogan:

Paul tries to stay upbeat amidst
controversy surrounding “Vic the Koala”.

Paul Hogan poses with
psychopathic koala.

Doug

Paul, welcome to RouterGod Online Magazine, it’s great to talk with you.

Paul

No worries mate, say, I’m sorry about the business between Vic and the police, sometimes the little devil gets a might cranky.

Doug

Well everything seems to be OK now, why don’t you explain HSRP to our audience?

Paul

OK (clears throat) let’s talk about the Hot Standby Router Protocol. HSPR is a way for two Cisco routers to share a common virtual IP address while one router is actively routing packets, the other router or routers are standing by in case the active router fails. It’s a very good way to provide fault tolerance. In fact, if ya take a mind to, you can read RFC 2281 to learn a bit more about it.

Doug

So the routers share an IP address. How do the routers know when one has failed?

Paul

Let’s get back to the IP address, besides sharing an IP address, that IP address has a common MAC address that the routers share. It’s like this, mate, you have a workgroup of say, I don’t know, 100 computers. Each one of these machines has been configured with a default gateway, if these machines have used the default gateway or router, they have it’s MAC address in their ARP cache. So since the routers in the HSRP group share an IP address with a corresponding MAC address, when they fail over, the workstations are unaware of the change. What they see, is a “virtual” router.

Doug

How do the routers control all this?

Paul

Well mate, the routers in an HSRP group send and receive keep alives using the multicast address of 224.0.0.2 and UDP port 1985. By default the hello interval is 3 seconds. Once 3 hello intervals pass without hearing from the active router, the standby router automatically becomes the active router. Each router is configured with a priority number, the router with the highest priority number in a standby group is the active router, everyone else just relaxes.

Doug

This must be very hard to configure…

Paul

No way mate, you only need 2 commands to do it, and 2 additional commands to customize it. What’s more, it’s configured at the interface that you want to participate in the standby group. It’s so easy, an American could do it!

Doug

No way! Really? What are the commands?

Paul

Well, first off, on the router that you want to be the active router, go to the interface you want HSRP to run on, think up a group number, all routers participating in this scheme must use the same group number, also think up what IP address you want the HSRP group to share. Now watch me type:

dingo(config-if)#standby 1 ip address 10.1.1.254
dingo(config-if)#standby 1 priority 100

So what we have here mate, is a standby group number of 1, an IP address of 10.1.1.254 that the routers are going to share, now let’s configure the standby router:

fosters(config-if)#standby 1 ip address 10.1.1.254
fosters(config-if)#standby 1 priority 90

OK, the only thing different on the standby router is the priority. The router with the highest priority becomes the active router.

Doug

What if the active router, with the priority of 100 goes down and comes back up, since it has the higher priority, will it become active again?

Paul

Sorry mate, in that situation, if you want it to be the active router again, you have to add the keyword preempt to the priority command:

dingo(config-if)#standby 1 priority 100 preempt

Doug

Hey Paul, what if the routers are connected to a WAN link, and the routers are running fine, but the WAN link goes down, is there any way to track that?

Paul

You said it my clever friend, the command is track. Say you want to have HSRP failover if the WAN link goes down, well just track the interface that the WAN link is connected to, like so:

dingo(config-if)#standby 1 track s0 priority 11

Noticed that there is the keyword priority followed by a number. That number is the number to subtract from the router’s own priority number to give it an adjusted priority number if the interface it’s tracking goes down. If the Serial 0 interface goes down, our router’s priority goes from 100 to 89 which will cause the standby router to become active since it has a priority of 90. You might need this to happen if the standby router is configured for DDR.

Doug

This has all been very interesting, welcome to America and thanks for explaining HSRP!

Paul

No worries mate!

Visit the HSRP Guide and the HSRP FAQ at Cisco. Also see Cisco’s exciting page on Configuring HSRP. Remember, never charge less than $1000 to set up HSRP and always get the money up front, before your customer sees that you fully configured HSRP on 2 routers in less than 5 min!

Back to RouterGod Online Magazine

Robert Downey Jr. on Ethernet

RG — Tue, 02 Jan 2001 07:00:08 +0000

Robert Downey Jr. on the IEEE 802.3 Ethernet Frame

With the possible exception of Todd Bridges, few celebrities love the jail lifestyle more than Robert Downey Jr. Here in Los Angeles celebrities are treated very well and nowhere is that more true than at the L.A. County Jail. During past incarcerations, Robert Downey Jr. has been chauffeured to movie sets by Sheriffs Deputies and was actually made an honorary Deputy by Sheriff Block himself. Robert Downey or “Robbie D” as he is affectionately known in the slammer agreed to an interview with RouterGod Online Magazine but only if we paid him in cocaine. We told Robbie D that that was out of the question so he then asked for marijuana and a bong and we refused. We said “how about some booze?” to which he told us that the Celebrity Cell at L.A. County already has a fully stocked bar. After hours of negotiations we agreed to bring him his favorite Russian caviar as the caviar provided by room service is not to his liking. We sent RouterGod Field Reported John Lokie to visit Robert Downey Jr. at his beautiful celebrity skybox overlooking the ornate fountains and Japanese gardens at the VIP wing of the L.A. County Jail. Let’s join John as he talks to Robert Downey Jr. about the make up of the IEEE 802.3 Ethernet frame!

RDJ explains that
Ethernet is a layer 2
standard.

John

Thank you Mr. Downey, our readers are anxious to hear what you have to say about Ethernet.

RDJ

Sure man, say, do you have any heroin on you? I’m about out.

John

Sorry, but I wouldn’t even know what heroin looks like.

RDJ

Oh well, it was worth a shot. OK, let’s get on with the show, I’ll explain the Ethernet frame to you. Do you mind if I get a massage while we do the interview?

John

No, I don’t mind.

Robert Downey Jr. removes his $5,000 Bill Blass smoking jacket exposing his naked upper body. A beautiful and voluptuous female Sheriff’s Deputy enters carrying a towel and some lotions and follows Robert Downey Jr. to the massage table. Robert Downey lays face down on the table, folds his arms in front of his face and rests his chin on his hands. The Deputy proceeds to give RDJ his afternoon massage.

RDJ

Ahh, that’s perfect. Where do you want to start, John?

John

Why not start at the beginning…

RDJ

Swell, what we are going to talk about is the IEEE 802.3 Ethernet frame. Ethernet frames are at layer 2 of the OSI model and what they do is encapsulate layer three data and carry it across the physical layer to a destination where it is decapsulated and the layer 3 data is processed.

John

What is a 802.3 frame composed of?

RDJ

Well to begin with there is an 8 byte “preamble”, the preamble is not technically part of the frame as it is added to the front of the frame by the NIC just before the frame is put out on the wire. The preamble is a series of alternating “one” and “zero” bits. Actually Manchester encoding is slightly more complicated than this but for our purposes think of the signaling as a simple on and off type of scheme. These 64 bits in the preamble are for timing, the allow the receiving station to get synchronized with the incoming signal, this usually happens within the first 14 bit times. The last 2 bits are switched on, so the last byte looks like: 10101011. This last byte of the preamble is called the Start Of Frame delimiter and signals the start of the actual frame.

John

I see, since there is no clocking, the preamble allows the receiver to sync up and it signals the start of frame. What is next?

Robert strikes an introspective pose for
benefit of onlookers. All Deputies in
Robert’s employ are also members
of the Screen Actors Guild and receive SAG scale in addition to ordinary wages.

RDJ

The next field is the destination MAC address, of course it is 6 bytes in length. After that comes the source MAC address and it too is 48 bits in length. MAC stands for Media Access Control, it is the actual layer 2 hardware address of a device. Cisco sometimes refers to it as a BIA or Burned In Address. Notice that the destination address is first, that saves time when you employ cut through switching.

John

Very nice, after the preamble comes the destination and source datalink addresses, what follows?

RDJ

The next field is the Length field, it is 2 bytes in length and indicates the length of the data or payload of the frame. The length does not include the preamble, MAC addresses, the FCS (we’ll talk about that in a minute) or the length field itself. An Ethernet frame cannot be any smaller than 64 bytes in length or larger than 1518 bytes in total length, not including the preamble, which we don’t count anyway.

John

So the length field just indicates the payload length, that’s pretty simple.

RDJ

Well not so fast, one very important thing the length field does is communicate the end of the payload. By knowing how long the payload is, we know exactly when it will end and when the Frame Check Sequence begins, that way we don’t need any kind of “end of data delimiter” or some such thing in our frame.

John

Hey! You’re pretty good! Keep going!

RDJ

Of course I’m good, that’s why they pay me the big bucks! Now we get into 3 cool little fields called the LLC header. LLC means Logical Link Control. Each of these is 1 byte in length and these 24 bits are counted in the Length field.

Free gay dating and personals

Robert Downey Jr. arrives at the
Cannes Film Festival.

John

Well don’t keep us in suspense! Spill it man, spill it!

RDJ

OK, ok, the first octet in the LLC header is the DSAP or Destination Service Access Point. This is a pointer to a location in the receivers memory. It tells the receiving NIC card where in it’s memory buffer to put this information. The next 8 bit field is the SSAP or Source Service Access Point, this is the pointer to the buffer address from where this information came. The DSAP and SSAP allow for multiple protocol stacks to use a single NIC card. The next and last byte in the LLC header is the Control and it simply indicates the type off LLC that this is.

John

So far you have mentioned the preamble and six different fields, when do we get to the data?

RDJ

Right now my man! The data field carries the packet that is constructed at layer 3 of the OSI model. The data can be between 43 and 1497 bytes in length. The last field is the Frame Check Sequence and that contains a number that the receiving station performs a calculation to determine if the frame is corrupt or not.

John

What if the receiving station does the FCS check and finds the frame to be corrupted, will the NIC card ask the the sender re-send the frame?

RDJ

No way, retransmission is a layer 4 function. At layer 2 if a frame is bad, it is simply dropped or deleted from the input buffer of the interface. The FCS field is 4 bytes in length so we have 21 bytes of overhead per frame. We said that the maximum size of an Ethernet frame was 1518 bytes, so subtract the 21 bytes of overhead and the actual maximum payload is 1497 bytes of data.

John

Well that’s not too bad, we get a maximum 1497 bytes of data for only 21 bytes of overhead, I’d say that’s pretty efficient.

RDJ

Yeah, but don’t forget that this is just the overhead at layer 2, layer 3 has a header as well as layer 4. Since each of the upper layers of the OSI model gets encapsulated or wrapped in the layer below it, the actual, real data that is hiding in an Ethernet frame is less than the apparent payload of the frame.

John

Dog gone it! Your right, I forgot all about the other layers. You know Robert, for a crack smoking, drugged out freak of nature, you sure are pretty smart! Have you ever given serious thought to quitting drugs?

RDJ

Never!

Editor’s Note
Robert Downey Jr. is a trained, seasoned professional.
Do not attempt to consume illegal narcotics without
first consulting your theatrical agent!

Back To RouterGod Online Magazine

Cisco Psychic Helpdesk

RG — Mon, 01 Jan 2001 08:01:21 +0000

Cisco Psychic TAC Hotline: Password Recovery

Or, how to banish Satan from a Cisco 2620…

The staff here at RouterGod Online Magazine are always looking for upcoming trends in Cisco networking. After much research we have learned that not every client can afford Cisco’s SmartNet tech support service. In fact, while SmartNet and Cisco’s Technical Assistance Center provide sound solutions to network problems, often they are at a loss to explain how these problems started in the first place. Cisco will solve your problem but they will never tell you how your equipment became cursed or offer to cast a spell to prevent future curses from harming your equipment. Cisco does not employ any witches or Voodoo priests, yet it is no secret that 50% of all Juniper employees are certified in black magic. As much as we love Cisco, they have clearly dropped the ball on this one. So as a public service, the selfless, virtuous and altruistic staff at RouterGod Online Magazine have hired world famous psychic Madame Rommon to answer your technical support questions, all for only $5 per minute!

Madame Rommon
knows Cisco!

The Phone Rings. Ring! Ring!

Madame Rommon (answers psychic hotline)

Hello my dear, this is Madame Rommon, how may I help you?

Caller

Uh..it’s my router. It has a problem…

Madame Rommon

Oh, yes! But first, I need your credit card number.

Caller

Of course. it’s 5XXX-XXXX-XXXX-XXXX and it expires 08/02, please Madam Rommon, can you help me?

Madame Rommon

Do not worry my child, Madam Rommon knows all and sees all. Your router has come under the influence of a malevolent spirit. Your router is possessed by Satan!

Caller

Yes! Yes! That’s what I told my boss, but he wouldn’t believe me! Everything has been fine until today, I tried to modify the configuration of this 2620 and suddenly the router will not accept my password.

Madame Rommon

Your router is harboring a secret, a bad secret…

Caller

How did you know! Yes! It says “Bad Secrets”! Oh my God! I can’t believe you knew that! My boss said I needed to perform password recovery, but when I saw “Bad Secrets” on the screen, I knew that it was more serious than that. Please Madame Rommon, tell me what to do!

Madame Rommon

Sweet Child, we must perform an exorcism. Do not be afraid. We must type some sacred commands into the router. These are very special commands, so special that I will need to charge your credit card an additional $750…Do you authorize this charge?

Caller

Oh Yes! It’s my boss’s personal MasterCard, he told me to fix the router, so I know it’s ok.

Madame Rommon

Marvelous, for an extra $1000 I can say a prayer for your router, do you authorize that charge?

Caller

Yes! Yes! Please, I’ll pay anything! Just help me!

Madame Rommon

Do not fret, plug your console cable into the router and cycle the power switch, when the router reboots, Satan will want to load the startup-config, so you must stop Satan from loading the config. Do you understand?

Caller

Yes, stop Satan from loading the config, how do I do that?

Madame Rommon

You must hit the BREAK key within 60 seconds of the router booting up, you will know that you have stopped Satan if you see a ” > ” prompt with no router name to the left of it.

Caller

Yes! I see the > prompt, now what should I do?

Madame Rommon gives CCNP Diane
Foster an Anti-Hacker mantra at
Networkers convention.

Madame Rommon

OK, here is the sacred command, enter: confreg 0×2142

Caller

So far so good, now what?

Madame Rommon

Now you must must cause the router to reboot itself, so enter the following sacred letter: i

Caller

Wow, the router rebooted and now it’s asking if I want to enter the initial configuration dialog, what do I do?

Madame Rommon

Your router has rebooted without loading the the startup-config, the startup-config is where the old password was stored, Your router now has a clear running-config, but your old config remains safe, we just told the router not to load it. Say “No”. Now enter Privileged Exec mode by entering the command: enable. Now you are in enable mode and you didn’t need a password. The next step is to load the existing startup-config from NVRAM into your running-config, enter the command: copy start run

Madame Rommon demonstrates palm
reading machine for use in Network Operation Centers.
If this machine detects bad karma, it will not unlock the door. Enterprise version is SNMP capable.

Caller

Oh, I see, we changed the config register so that when we rebooted the router using the “i” command, it loaded IOS but did not load the config. Next we entered Priv Exec mode and loaded the config into memory using the copy start run command, now what do we do?

Madame Rommon

Now my child you must change the password, so to global config mode by typing: conf t. Now enter the command: enable secret followed by your new password. Now reset the config register so that the next time the machine boots, it will load the startup-config. Do this now, enter the command: config-reg 0×2102.

Caller

OK, I entered a new password and set the config-register to load NVRAM, now what?

Madame Rommon

Save the config, enter: copy run start. Now reboot you router using the command: reload. When your router reboots, you can use your new password to get into Enable mode!

Caller

Madame Rommon, you’re a life saver!

Steps to password recovery:

Power cycle the router.
Banish Satan by sending a BREAK within 60 seconds.
From ROM mode, change config register to 2142.
Reboot router.
Get into Priv Exec (enable) mode.
Load up config with “copy start run”.
Change password and reset config-register to 2102.
Save config with “copy run start” and reload.

Consultants: Never charge less than $300
to perform password recovery!

Back to RouterGod Online Magazine

Gunney Sgt. Hartman at CCNA Boot Camp

RG — Mon, 13 Nov 2000 07:00:28 +0000

Please visit: CCNA, Cisco CCNA Exam Study

“This is my router, there are many like it but this one is mine…”

CCNA Boot Camp

You will not say a word! You will not speak unless spoken to! Do you ladies understand me? (Sir! Yes! Sir!). From this point forward you will eat, think and dream Cisco! Do you maggots understand? (Sir! Yes! Sir!) We are in a war, Gentlemen!
The future of the free world depends on you people becoming Cisco certified! You each will become a CCNA! Every time you see a router that does not say Cisco on it you will kill it! What are you going to do ladies? (Kill! Kill! Kill!). That’s right. Each week we will be adding a new lesson so that you will become strong of mind and pure of heart! We are going to rid the world of all commie, pinko, leftist routers and replace them with Cisco! You are going to be trained mercenaries of IOS spreading the gospel of Cisco! Now get your console cables and fall out on the
parade deck!

You will learn the OSI model!

You will learn ISDN reference points!

Please Sgt. Hartman, I wanna go back to the main page!

Gillian Anderson on Lan Switching Part 2

RG — Sun, 12 Nov 2000 07:00:22 +0000

RouterGod Online Magazine reporter Michael McClenney was not able to finish the interview with Gillian Anderson. It was learned that his Ford Explorer has Firestone tires on it. No one can say what his life expectancy is, only that it is not measured in months. Michael is getting his affairs in order and we send condolences to his family. Continuing the interview with Miss Anderson is RouterGod Microsoft Exchange guru, Irfan Ali. Let’s join Irfan as he learns more about LAN switching from Gillian Anderson:

An impeccable housekeeper, Gillian wears this dress and drags herself along the floor to pick up dust bunnies and hairballs from her cat, Punkin.

Is she into chicks? We can only speculate.

Perhaps she’s not gay, perhaps she’s only into herself.
Again, we can only speculate…

Perhaps Gillian is into group scenes….She is a puzzle…

Perhaps….

Whatever Gillian’s sexual proclivities are, this
terrified little fellow is about to find out!

Irfan

Hello Miss Anderson, I’ll be continuing the interview about LAN switching.

Gillian

I’m so sorry to hear about Michael.

Irfan

You’re sorry? He owed me twenty bucks!

Gillian

Oh dear, that’s dreadful. So his imminent demise is especially painful for you. They say that time heals all heartache, so someday you won’t feel so sad about him.

Irfan

About who?

Gillian

That guy, Michael something, anyway, it doesn’t matter, let’s talk about switching!

Irfan

Great! You were talking about vlans earlier and how a router is required to move packets between vlans. What would you like to talk about now?

Gillian

I’d like to talk about a serious problem with switches. Switches by default forward broadcasts. If your switch topology contains redundant paths or bridge loops, a broadcast storm of Biblical proportions could result. Routers on the other hand, do not have this problem because they do not forward broadcasts. Switches use something called the Spanning Tree Protocol to ensure a loop free topology. The world of Spanning Tree has two warring factions, each bent on the destruction of the other. The two factions are the IEEE and DEC. These two spanning tree protocols are not compatible and should never be enabled on the same network simultaneously. Use the IEEE version of Spanning Tree unless you work at DEC.

Irfan

I’ve heard about the spanning tree protocol. I’ve never really thought it was that important.

Gillian

I know you just said that to get me fired up, problems relating to spanning tree can easily create broadcast storms the lock up routers so bad you can’t even get a console connection! You must understand spanning tree or STP as it’s called if you are going to be a big city Cisco engineer!

Irfan

I knew I’d get you going! Tell us about STP. Let’s hear the gory details!

Gillian

OK, you asked for it. Right off the bat, a switch is really a group of bridges that are wired up in a star pattern. Every port on a switch is a bridge and every behind every port they are wired together. So you can say switch port or bridge but you are talking about the same thing. Spanning tree is a bridging protocol and as such is applied to individual ports on a switch.

Irfan

Do switches use STP to talk to other switches?

Gillian

Don’t think “switch”, the switch is a box that houses the bridge ports. It’s the bridge ports that use Spanning Tree to talk to other bridge ports. When Spanning Tree is running on your switch, what is going on behind the scenes is that every active port on your switch is sending out little packets called Bridge Protocol Data Units or BDPUs. Sometimes BDPUs are called “hello messages”. These BDPUs are beaconed out every 2 seconds by default. When you introduce a port into a spanning tree environment, it listens for these BDPUs to learn about the spanning tree topology.

Irfan

How is the topology created by spanning tree?

Gillian

The entire topology must resemble a tree to work properly and avoid loops. A tree has small branches that flow downward into larger branches to a common, single root. If you have your switches wired together that contains multiple paths or that is “meshy”, spanning tree will run what’s called the Spanning Tree Algorithm and choose which ports offer the best path to the root of the tree. Those ports which spanning tree selects as the way out of the local network will be put in a forwarding state and the other, non optimal ports will be put in a blocking state.

Irfan

Is there a central SPT server that does this calculation, then tells all the ports in the enterprise what state to become?

Free gay dating and personals

Gillian

No, as long as each switch is using the same version of spanning tree, IEEE for example, they all know the rules and can read the BDPUs and determin which ports are blocked and which ports can forward.

Irfan

What other states are there that a port can be in?

Gillian

Well at first when a port comes up it goes int the Listening State. It listens for BDPUs and by examing the contents of the BDPUs and figures out the topology of the existing network. After the listening state, the port may decide that it should go into a Blocking State. In the blocking state, no data can pass through the port but it is still examining BDPUs. The port remains in the Listening State for however long a duration is specified by the Forward Delay Timer. The Forward Delay Timer is set to 15 seconds by default.

Irfan

So it could take a port up to 15 seconds to begine forwarding data?

Gillian

Not so fast, Buckaroo! After the 15 second listening state, if the port does not go into blocking state, it then spends another leisurely 15 seconds in the Learning State. In the Learning State the port is learning MAC addresses and adding those entries into it’s CAM table. After the Learning State is complete, then the port goes into Forwarding State and can transmit data.

Irfan

30 seconds before the port will send data?!?!? That just won’t do! If I have a single workstation plugged into a port on a switch and it takes 30 seconds, Windows will not wait that long, my workstation will never contact the DHCP server in time! My workstation will not get an IP address! All is lost! We are doomed!

Gillian

Relax, Irfan! There’s a work around! When you have a single workstation or server plugged into a port, you can selectively disable the spanning tree protocol on that port. After all, spanning tree’s only job is to prevent loops by shutting off redundant paths in the network. But your workstation only has one path to the network, through that port!

Irfan

So we can turn off spanning tree?

Gillian

Well, were not going to turn off spanning tree, we’ll just disable it on this one port. But now that you mention it, it very possible that you are the administrator of a network that by physical design, does not have any loops in the topology. Nearly all small networks are like that. If that’s the case, yes, you can disable spanning tree network wide and save the bandwidth and CPU cycles that STP would use to do a job you don’t need.

Irfan

My network has redundant paths, so I’ll use spanning tree, but can you tell me exactly how to shut it off on a single port, so my workstation can access the network immediately?

Gillian

Certainly, Cisco calls it PortFast and you enter the following command:

set spantree portfast / enable

So if you plug your workstation into the 12th port on the 2nd slot in your Catalyst 5505, you would enter the command:

set spantree portfast 2/12 enable

To disable PortFast on this port:

set spantree portfast 2/12 disable

As you can see, those engineers at Cisco made this easy.

Irfan

You call that easy? Cisco should provide a mouse and a graphical interface like Microsoft does, now that’s what I’d call easy…

Gillian

But if it was that easy, everyone could do it. Think about it.

Irfan (smiling knowingly)

Ah yes, very good point!

There’s a wonderful page at Cisco that explains how to Configure Spanning Tree .

Watch for part 3 of this
action packed series coming soon!

Back to RouterGod Online Magazine

Gillian Anderson on Lan Switching Part 1

RG — Sat, 11 Nov 2000 07:00:12 +0000

You know, I guess we’re living in pretty good times. In my Dads generation, if you wanted to see a beautiful red head, you had to watch “I Love Lucy” and in black and white at that! But these days we have color TV and the beautiful red heads no longer play silly housewives, they play FBI investigators on the X-Files. Gillian Anderson was kind enough to consent to an interview, but our only problem was which RouterGod staffer would get the privilege? The entire “Gang of Nine” wanted to interview Gillian, but in the end the honor fell to Michael McClenney because he hasn’t got to meet a celebrity since Tonya Harding was here. Anyway, this is just an overview on switching, we will get into more details in upcoming installments. Gillian was born in Chicago, Illinois August 9, 1968. At one time she actually married a man named Clyde Klotz but could not bear being referred to as Gillian Klotz so she soon divorced. She moved out to California because she wanted to work as an actress in Canada and did so for the first 5 years of X-Files. Now she is one of the few American actors lucky enough to work in the United States. Without further adieu, Gillian Anderson:

Aren’t those beautiful earrings?

I see this guy on Gillian’s show, sometimes he’ll do something that distracts me as I’m watching Gillian. I think he’s a stagehand or something…

More celebrities are buying
Cisco Catalyst switches!

Gillian never has a bad hair day.

Michael

Hi Miss Anderson, thanks a bunch for giving us this interview.

Gillian

Hi ya cutie, you can call me Gillian. And I’m happy to be here, I hope I can answer your switching questions.

Michael

Let’s get started then. Here at RouterGod Online Magazine we’re only interested in Cisco switches and routers, is that a problem?

Gillian

Certainly not! You know, when I was a struggling actress, I had to put up with a lot of cheap crap. I lived in a crummy apartment and had this horrible HP ProCurve switch. The really nice thing about becoming successful is you are able to afford nice things like houses, cars and Cisco switches. I’ll never forget the day that I was hired to play Agent Scully on the X-Files, the first thing I did was go out and buy a brand new Catalyst 2924 XL. What a wonderful, wonderful switch…

Michael

Very good, switches have become very popular, can you tell us why?

Gillian

Sure cutie, for one thing the cost of switches has come way down. They can directly replace hubs too. You can literally replace a hub with a switch in seconds, no configuration required.

Michael

Whoa, whoa, wait a minute. Switching is a huge subject, there are issues about spanning tree and trunking protocols and VTP domains and etherchannel…what about that? What about that?

Gillian

Oh boy! You just got worked up there, didn’t you? Relax cutie, you are talking advanced CCNP type concepts there, I’m just a CCNA but let me explain what I mean. Cisco’s philosophy about switches is “do no harm”. All ports are by default in the same vlan, vlan1 to be exact. So you can plug in the switch and plug in the cables and now every port is in a separate collision domain.

Michael

Many of our viewers are still fixated on your picture at the top of the page, can you explain about collisions domains, for their benefit.

Gillian

Not a problem Michael, I get that all the time. Switches work at layer 2 of the OSI model. They listen on each port and write down the source MAC address of every Ethernet frame they hear. This is put in what Cisco calls a CAM table, it’s a listing of every port and what machines can be found on each port. These ports are not connected to one another. The switch can connect them when it wants to but otherwise they are not connected.

Michael

Nobody ever put it like that, so the switch is just a series of ports that are not normally connected, under what circumstances does the switch connect all the ports?

Gillian

Connect all the ports? You would have to be more specific, is there any multicasting going on? Are there different vlans?

Michael

No, you know what I mean, why would the switch decide to connect 2 ports together?

Gillian

Now that’s a different question, you said “all ports” at first. Let me start from the beginning. We’re only talking one vlan right now. Remember the switch pretty much knows what machines are on what ports, it’s been listening and creating these entries in the CAM table. So it receives a frame coming in on port number 1. It looks at the frame and reads the MAC address of the destination and checks it’s CAM table to see if it has already heard that machine on another port, if it has, it will forward that frame out the port that the destination machine resides on. No other ports will hear this transmission. On a single switch in a single vlan you could have a machine on port 3 sending a file to a machine on port 21, a machine on port 17 sending email to a machine on port 9, a machine on port 11 logging in to a server located on port 16, all at the same time. If you tried to do that with a hub, you would have collisions as only one data stream could travel the Ethernet at one time.

Free gay dating and personals

Michael

Excellent. In your example the switch has tripled the available bandwidth. What if the switch looks in the CAM table but there is no entry listing the MAC address of the destination machine? Does the switch just drop the packet?

Gillian

Listen up, cutie! You just said “packet”! A packet is a layer 3 data unit. We use frames thank you very much. And no, the switch will not drop the frame. If the switch does not have an entry in it’s CAM table, it will copy the frame and send it out all ports at once. When it gets a response it will add that machine to the CAM table and all future frames will be switched to that port.

Michael

OK, now I know. What about broadcasts, what does the switch do with them? You know, ARP broadcast and stuff like that?

Gillian

Broadcasts are always flooded out all ports that are members of the same vlan.

Michael

There! you said it again, vlan! What’s a vlan?

Gillian

My goodness! I love your enthusiasm! A vlan or “virtual lan” is simply a group of ports that you have put in the same broadcast domain. Take a 24 port switch for example, by default all ports can hear broadcasts from all other ports. The switch is maintaining a CAM table of all 24 ports so that it can switch frames between ports. This is a single lan, or vlan if you like, now take a hacksaw and saw the switch in half. Now you have 2 vlans. Computers in one vlan cannot talk or hear broadcasts from the other vlan.

Michael

So instead of actually sawing a switch into pieces, you can administratively create different vlans and assign ports to these vlans? Am I getting that right?

Gillian

Exactly, the only switches that come with hacksaws are SMCs and the lower priced Addtrons. On a Catalyst you create these separate vlans from the command line. Each port can only be a member of one vlan though, there are exceptions like SPANning a port and trunking but for now, the rule is one vlan per port.

Michael

Ok, here’s a stupid question, how does this really work in the real world? How do subnets figure in? This is kind of confusing.

Gillian

You are such a cutie! You’ve got it figured out and you don’t even know it! Every vlan is a separate subnet! You create a vlan called Accounting, all the computers in that vlan have IP addresses that place them in the same subnet. All machine on the same subnet (vlan) hear broadcasts from the other machines on the same vlan.

Michael

How does the switch route traffic from one vlan to another?

Gillian

They don’t.

Michael

If the switches don’t route the packets from one subnet to another, how do the packets get routed?

Gillian (laughing hysterically)

Hummmm…Let’s see…how do packets get routed? Humm, that’s a tough one! They should invent something that routes packets…..they could call it….wait…..a ROUTER! (more girlish giggling)

Michael

AAHHHhhh! So the switch always needs a router connected to it if it’s going to route packets between vlans!

Gillian

You got it, Buckaroo!!!!

Check back often as Gillian reveals more
about vlans and switching!

Back to RouterGod Online Magazine