HuuHoa
28-02-2005, 07:55 AM
From: Question 11
Subject: Is there a block of private IP addresses I can use?
In any event, RFC 1918 documents the allocation of the following addresses for use by ``private internets'':
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Most importantly, it is vital that nothing using these addresses should ever connect to the global Internet, or have plans to do so. Please read the above RFCs before considering implementing such a policy.
As an additional note, some Internet providers provide network-management services, statistics gathering, etc. It is unlikely (if at all possible) that they would be willing to perform those services if you choose to utilize private address space.
With the increasing popularity and reliability of address translation gateways, this practice is becoming more widely accepted. Cisco has acquired Network Translation, who manufacture such a product. It is now available as the Cisco Private Internet Exchange. With it, you can use any addressing you want on your private internet, and the gateway will insure that the invalid
addresses are converted before making out onto the global Internet. It also makes a good firewall. Information on this product is available at
http://www.cisco.com/warp/public/751/pix/index.html
************************************************** ************************
From: Question 12
Subject: How do I interpret the output of ``show version''?
Typing ``show version'' or ``show hardware'' yields a response like:
prospect-gw.near.net>sh version
Cisco Internetwork Operating System Software
IOS (tm) GS Software (GS7), Experimental Version 10.2(11829) [pst 113]
System-type (imagename) Version major.minor(release.interim)[who] Desc
System-type: type of system the software is designed to run on.
imagename: The name of the image. This is different (slightly) for
run-from-rom, run-from-flash, and run-from-ram images, and also
for subset images which both were and will be more common.
"Version": text changes slightly. For example, if an engineer gives you
a special version of software to try out a bug fix, this will say
experimental version.
Major: Major version number. Changes (in theory) when there have been
major feature additions and changes to the softare.
Minor: minor version number. Smaller but still signficant feature added.
(in reality, cisco is not very sure what the difference between
"major" and "minor" is, and sometimes politics gets in the way,
but either of these "incrementing" indicates feature additions.)
EXCEPT: 9.14, 9.17, and 9.1 are all somewhat similar. 9.1 is
the base, 9.14 adds specical feature for low end systems, 9.17
added special features specific the high end (cisco-7000) This
was an experiment that we are trying not to repeat.
release: increments (1 2 3 4 ...) for each maintenance release of released
software. Increments for every compile in some other places.
interim: increments on every build of the "release tree", which happens
weekly for each release, but is only made into a generically
shipping maintenance release every 7 to 8 weeks or so.
[who]: who built it. Has "fc 1" or similar for released software.
has something like [billw 101] for test software built Bill
Westfield (billw@cisco.com).
Desc: additional description.
The idea is that the image name and version number UNIQUELY identify
a set of sources and debugging information somewhere back at cisco,
should anything go wrong.
Copyright (c) 1986-1995 by cisco Systems, Inc.
Compiled Thu 09-Mar-95 23:54 by tli
Image text-base: 0x00001000, data-base: 0x00463EB0
Copyright, compilation date (and by whom), as well as the
starting address of the image.
ROM: System Bootstrap, Version 5.0(7), RELEASE SOFTWARE
ROM: GS Software (GS7), Version 10.0(7), RELEASE SOFTWARE (fc1)
The version of ROM bootstrap software, and the version of IOS
in ROM.
prospect-gw.near.net uptime is 2 weeks, 4 days, 18 hours, 38 minutes
System restarted by reload
How long the router has been up, and why it restarted.
System image file is "sse-current", booted via flash
How the router was booted.
RP (68040) processor with 16384K bytes of memory.
Type of processor.
G.703/E1 software, Version 1.0.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Bridging software.
ISDN software, Version 1.0.
Various software options compiled in.
1 Silicon Switch Processor.
2 EIP controllers (8 Ethernet).
2 FSIP controllers (16 Serial).
1 MIP controller (1 T1).
8 Ethernet/IEEE 802.3 interfaces.
16 Serial network interfaces.
128K bytes of non-volatile configuration memory.
4096K bytes of flash memory sized on embedded flash.
Hardware configuration.
Configuration register is 0x102
Lastly, the "configuration register", which may be set via
software in current releases...
************************************************** ************************
From: Question 13
Subject: When are static routes redistributed?
In the simple case, any static route *in the routing table* is redistributed if the ``redistribute static'' command is used, and some filter (set with either ``route-map'' or ``distribute-list out'') doesn't filter it out.
Whether the static route gets into routing table depends on:
Whether the next hop address is reachable (if you use static route pointing to a next hop)
OR Whether the interface is up (if you use static route pointing to an interface).
If one of these is true, an attempt is made to add the route to the routing table; whether that succeeds depends on the administrative distance of the route -- a lower administrative distance (the route is "closer") than a preexisting route will cause the preexisting route to be overwritten.
************************************************** ************************
From: Question 14
Subject: When is the next hop of a route considered ``reachable''?
When a static route is added, or during an important event (eg: interface up/down transition), the next hop for a route is looked up from the routing table (i.e. recursive routing). As a consequence, if a route which is depended upon for evaluation of the next hop of a static route goes away, a mechanism is required to remove that (now-invalid) static route. Scanning all static routes each time the routing table changes is too expensive, so instead, a period timer is used. One a minute, static routes are added and removed from the routing table based on the routes they depend upon. It should be noted that a particular static route will be reevaluated when its interface transitions up or down.
************************************************** ***********************
From: Question 15
Subject: How do name and phone number of ``dialer map'' interfere?
How do name and phone number of `dialer map' interfere?
We use the telephone number first actually. If the caller id matches the telephone number to call, then you don't need the 'name' parameter with a phone number. I realized that the above is ambiguous, so let's do this. You have:
dialer map ip x.x.x.x name <param1> <phone-num>
<param1> is used for incoming authentication. It can be either the hostname, for PAP and CHAP, or it can be a number as returned by caller id. If this is not there, and it is an imcoming call, and there is caller id, we will compare against <phone-num> to see if that matches.
************************************************** ************************
From: Question 16
Subject: What's the purpose of the network command?
>* what is the real purpose of the network subcommand of
> router commands? When do I not want to include a network
> I know about?
The real purpose of the 'network' sub-command of the router commands is to indicate what networks that this router is connected to are to be advertised in the indicated routing protocol or protocol domain. For example, if OSPF and EIGRP are configured, some subnets may be advertised in one and some in the other. The network command enables one to do this.
An example of such a case is a secure subnet. Imagine the case where a set of subnets are permitted to communicate within a campus, but one of the buildings is intended to be inaccessible from the outside. By placing the secure subnet in its own network number and not advertising the number, the subnet is enabled to communicate with other subnets on the same router, but is unreachable from any other router, barring static routes. This can be extended by using a different routing protocol or routing protocol domain for the secure network; subnets on the various routers within the secure domain are mutually reachable, and routes from the non-secure domain may be leaked into the secure domain, but the secure domain is invisible to the outside world.
************************************************** ************************
From: Question 17
Subject: What is VLSM?
A Variable Length Subnet Mask (VLSM) is a means of allocating IP addressing resources to subnets according to their individual need rather than some general network-wide rule. Of the IP routing protocols supported by Cisco, OSPF, Dual IS-IS, BGP-4, and EIGRP support "classless" or VLSM routes.
Historically, EGP depended on the IP address class definitions, and actually exchanged network numbers (8, 16, or 24 bit fields) rather than IP addresses (32 bit numbers); RIP and IGRP exchanged network and subnet numbers in 32 bit fields, the distinction between network number, subnet number, and host number being a matter of convention and not exchanged inthe routing protocols. More recent protocols (see VLSM) carry either a prefix length (number of contiguous bits in the address) or subnet mask with each address, indicating what portion of the 32 bit field is the address being routed on.
A simple example of a network using variable length subnet masks is found in Cisco engineering. There are several switches in the engineering buildings, configured with FDDI and Ethernet interfaces and numbered in order to support 62 hosts on each switched subnet; in actuality, perhaps 15-30 hosts (printers, workstations, disk servers) are physically attached to each. However, many engineers also have ISDN or Frame Relay links to home, and a small subnet there. These home offices typically have a router or two and an X terminal or workstation; they may have a PC or Macintosh as well. As such, they are usually configured to support 6 hosts, and a few are configured for 14. The point to point links are generally unnumbered.
Using "one size fits all" addressing schemes, such as are found in RIP or IGRP, the home offices would have to be configured to support 62 hosts each; using numbers on the point to point links would further compound the address bloat.
One configures the router for Variable Length Subnet Masking by configuring the router to use a protocol (such as OSPF or EIGRP) that supports this, and configuring the subnet masks of the various interfaces in the 'ip address' interface sub-command. To use supernets, one must further
configure the use of 'ip classless' routes.
************************************************** ************************
From: Question 18
Subject: What are some methods for conserving IP addresses for serial lines?
VLSM and unnumbered point to point interfaces are the obvious ways. The 'ip unnumbered' subcommand indicates another interface or sub-interface whose address is used as the IP source address on messages that the router originates on the unnumbered interface, such as telnet or routing messages. By doing this, the router is reachable for management purposes (via the
address of the one numbered interface) but consumes no IP addresses at all for its unnumbered links.
************************************************** ************************
From: Question 19
Subject: Flash upgrade issues for Cisco 2500 series routers
> When I remove the original flash and replace it with ether one or both of
> the new flash chips, I get the following error on boot upand the router ends
> up in boot mode.:
> ERR: Invalid chip id 0x80B5 (reversed = 0x1AD ) detected in System flash
This has to be the most common FAQ for this group. You have non-Intel flash chips on your new SIMMs and boot ROMs that are too old to know about the different access method for the flash chips you have.
You need to either get the (free, call TAC) BOOT-2500= ROM upgrade from Cisco, or exchange the flash SIMMs for ones using Intel chips. Note that Intel no longer makes those chips, which is why everybody has this prob-lem.
Subject: Is there a block of private IP addresses I can use?
In any event, RFC 1918 documents the allocation of the following addresses for use by ``private internets'':
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Most importantly, it is vital that nothing using these addresses should ever connect to the global Internet, or have plans to do so. Please read the above RFCs before considering implementing such a policy.
As an additional note, some Internet providers provide network-management services, statistics gathering, etc. It is unlikely (if at all possible) that they would be willing to perform those services if you choose to utilize private address space.
With the increasing popularity and reliability of address translation gateways, this practice is becoming more widely accepted. Cisco has acquired Network Translation, who manufacture such a product. It is now available as the Cisco Private Internet Exchange. With it, you can use any addressing you want on your private internet, and the gateway will insure that the invalid
addresses are converted before making out onto the global Internet. It also makes a good firewall. Information on this product is available at
http://www.cisco.com/warp/public/751/pix/index.html
************************************************** ************************
From: Question 12
Subject: How do I interpret the output of ``show version''?
Typing ``show version'' or ``show hardware'' yields a response like:
prospect-gw.near.net>sh version
Cisco Internetwork Operating System Software
IOS (tm) GS Software (GS7), Experimental Version 10.2(11829) [pst 113]
System-type (imagename) Version major.minor(release.interim)[who] Desc
System-type: type of system the software is designed to run on.
imagename: The name of the image. This is different (slightly) for
run-from-rom, run-from-flash, and run-from-ram images, and also
for subset images which both were and will be more common.
"Version": text changes slightly. For example, if an engineer gives you
a special version of software to try out a bug fix, this will say
experimental version.
Major: Major version number. Changes (in theory) when there have been
major feature additions and changes to the softare.
Minor: minor version number. Smaller but still signficant feature added.
(in reality, cisco is not very sure what the difference between
"major" and "minor" is, and sometimes politics gets in the way,
but either of these "incrementing" indicates feature additions.)
EXCEPT: 9.14, 9.17, and 9.1 are all somewhat similar. 9.1 is
the base, 9.14 adds specical feature for low end systems, 9.17
added special features specific the high end (cisco-7000) This
was an experiment that we are trying not to repeat.
release: increments (1 2 3 4 ...) for each maintenance release of released
software. Increments for every compile in some other places.
interim: increments on every build of the "release tree", which happens
weekly for each release, but is only made into a generically
shipping maintenance release every 7 to 8 weeks or so.
[who]: who built it. Has "fc 1" or similar for released software.
has something like [billw 101] for test software built Bill
Westfield (billw@cisco.com).
Desc: additional description.
The idea is that the image name and version number UNIQUELY identify
a set of sources and debugging information somewhere back at cisco,
should anything go wrong.
Copyright (c) 1986-1995 by cisco Systems, Inc.
Compiled Thu 09-Mar-95 23:54 by tli
Image text-base: 0x00001000, data-base: 0x00463EB0
Copyright, compilation date (and by whom), as well as the
starting address of the image.
ROM: System Bootstrap, Version 5.0(7), RELEASE SOFTWARE
ROM: GS Software (GS7), Version 10.0(7), RELEASE SOFTWARE (fc1)
The version of ROM bootstrap software, and the version of IOS
in ROM.
prospect-gw.near.net uptime is 2 weeks, 4 days, 18 hours, 38 minutes
System restarted by reload
How long the router has been up, and why it restarted.
System image file is "sse-current", booted via flash
How the router was booted.
RP (68040) processor with 16384K bytes of memory.
Type of processor.
G.703/E1 software, Version 1.0.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Bridging software.
ISDN software, Version 1.0.
Various software options compiled in.
1 Silicon Switch Processor.
2 EIP controllers (8 Ethernet).
2 FSIP controllers (16 Serial).
1 MIP controller (1 T1).
8 Ethernet/IEEE 802.3 interfaces.
16 Serial network interfaces.
128K bytes of non-volatile configuration memory.
4096K bytes of flash memory sized on embedded flash.
Hardware configuration.
Configuration register is 0x102
Lastly, the "configuration register", which may be set via
software in current releases...
************************************************** ************************
From: Question 13
Subject: When are static routes redistributed?
In the simple case, any static route *in the routing table* is redistributed if the ``redistribute static'' command is used, and some filter (set with either ``route-map'' or ``distribute-list out'') doesn't filter it out.
Whether the static route gets into routing table depends on:
Whether the next hop address is reachable (if you use static route pointing to a next hop)
OR Whether the interface is up (if you use static route pointing to an interface).
If one of these is true, an attempt is made to add the route to the routing table; whether that succeeds depends on the administrative distance of the route -- a lower administrative distance (the route is "closer") than a preexisting route will cause the preexisting route to be overwritten.
************************************************** ************************
From: Question 14
Subject: When is the next hop of a route considered ``reachable''?
When a static route is added, or during an important event (eg: interface up/down transition), the next hop for a route is looked up from the routing table (i.e. recursive routing). As a consequence, if a route which is depended upon for evaluation of the next hop of a static route goes away, a mechanism is required to remove that (now-invalid) static route. Scanning all static routes each time the routing table changes is too expensive, so instead, a period timer is used. One a minute, static routes are added and removed from the routing table based on the routes they depend upon. It should be noted that a particular static route will be reevaluated when its interface transitions up or down.
************************************************** ***********************
From: Question 15
Subject: How do name and phone number of ``dialer map'' interfere?
How do name and phone number of `dialer map' interfere?
We use the telephone number first actually. If the caller id matches the telephone number to call, then you don't need the 'name' parameter with a phone number. I realized that the above is ambiguous, so let's do this. You have:
dialer map ip x.x.x.x name <param1> <phone-num>
<param1> is used for incoming authentication. It can be either the hostname, for PAP and CHAP, or it can be a number as returned by caller id. If this is not there, and it is an imcoming call, and there is caller id, we will compare against <phone-num> to see if that matches.
************************************************** ************************
From: Question 16
Subject: What's the purpose of the network command?
>* what is the real purpose of the network subcommand of
> router commands? When do I not want to include a network
> I know about?
The real purpose of the 'network' sub-command of the router commands is to indicate what networks that this router is connected to are to be advertised in the indicated routing protocol or protocol domain. For example, if OSPF and EIGRP are configured, some subnets may be advertised in one and some in the other. The network command enables one to do this.
An example of such a case is a secure subnet. Imagine the case where a set of subnets are permitted to communicate within a campus, but one of the buildings is intended to be inaccessible from the outside. By placing the secure subnet in its own network number and not advertising the number, the subnet is enabled to communicate with other subnets on the same router, but is unreachable from any other router, barring static routes. This can be extended by using a different routing protocol or routing protocol domain for the secure network; subnets on the various routers within the secure domain are mutually reachable, and routes from the non-secure domain may be leaked into the secure domain, but the secure domain is invisible to the outside world.
************************************************** ************************
From: Question 17
Subject: What is VLSM?
A Variable Length Subnet Mask (VLSM) is a means of allocating IP addressing resources to subnets according to their individual need rather than some general network-wide rule. Of the IP routing protocols supported by Cisco, OSPF, Dual IS-IS, BGP-4, and EIGRP support "classless" or VLSM routes.
Historically, EGP depended on the IP address class definitions, and actually exchanged network numbers (8, 16, or 24 bit fields) rather than IP addresses (32 bit numbers); RIP and IGRP exchanged network and subnet numbers in 32 bit fields, the distinction between network number, subnet number, and host number being a matter of convention and not exchanged inthe routing protocols. More recent protocols (see VLSM) carry either a prefix length (number of contiguous bits in the address) or subnet mask with each address, indicating what portion of the 32 bit field is the address being routed on.
A simple example of a network using variable length subnet masks is found in Cisco engineering. There are several switches in the engineering buildings, configured with FDDI and Ethernet interfaces and numbered in order to support 62 hosts on each switched subnet; in actuality, perhaps 15-30 hosts (printers, workstations, disk servers) are physically attached to each. However, many engineers also have ISDN or Frame Relay links to home, and a small subnet there. These home offices typically have a router or two and an X terminal or workstation; they may have a PC or Macintosh as well. As such, they are usually configured to support 6 hosts, and a few are configured for 14. The point to point links are generally unnumbered.
Using "one size fits all" addressing schemes, such as are found in RIP or IGRP, the home offices would have to be configured to support 62 hosts each; using numbers on the point to point links would further compound the address bloat.
One configures the router for Variable Length Subnet Masking by configuring the router to use a protocol (such as OSPF or EIGRP) that supports this, and configuring the subnet masks of the various interfaces in the 'ip address' interface sub-command. To use supernets, one must further
configure the use of 'ip classless' routes.
************************************************** ************************
From: Question 18
Subject: What are some methods for conserving IP addresses for serial lines?
VLSM and unnumbered point to point interfaces are the obvious ways. The 'ip unnumbered' subcommand indicates another interface or sub-interface whose address is used as the IP source address on messages that the router originates on the unnumbered interface, such as telnet or routing messages. By doing this, the router is reachable for management purposes (via the
address of the one numbered interface) but consumes no IP addresses at all for its unnumbered links.
************************************************** ************************
From: Question 19
Subject: Flash upgrade issues for Cisco 2500 series routers
> When I remove the original flash and replace it with ether one or both of
> the new flash chips, I get the following error on boot upand the router ends
> up in boot mode.:
> ERR: Invalid chip id 0x80B5 (reversed = 0x1AD ) detected in System flash
This has to be the most common FAQ for this group. You have non-Intel flash chips on your new SIMMs and boot ROMs that are too old to know about the different access method for the flash chips you have.
You need to either get the (free, call TAC) BOOT-2500= ROM upgrade from Cisco, or exchange the flash SIMMs for ones using Intel chips. Note that Intel no longer makes those chips, which is why everybody has this prob-lem.