Networks Training

The Cisco Packet Tracer is a tool for learning and simulating networks interactively for instructors and students of Cisco CCNA. This e-learning software is offered as part of the Cisco Networking Academy. This tool allows users to create network topologies, configure devices, inject packets, and simulate a network with multiple visual representations. Packet Tracer focuses on helping students to understand networking protocols better as taught in the CCNA curriculum.

This product is intended to be used as an educational product that provides exposure to the command line interface (CLI) of Cisco devices to practice and learn by discovery.

Packet Tracer 5.3 is the latest version of this Cisco network simulator, and it’s a key tool to use if you are a student pursuing the CCNA or dedicated to networking. This program creates a physical topology of network devices by simply drag-and-drop devices on the worksheet screen. After clicking on them you can access the configuration console of this device. All Cisco IOS commands are supported and even does the “tab completion” on a command. Once the physical and logical configuration of the network is build, you can do simulations of connectivity (ping, traceroute, etc) all from the device’s own console.

Main Features

The improvements to the new Packet Tracer 5.3 are:

* Support for Windows (2000, XP, Vista) and Linux (Ubuntu and Fedora).
* Allows multi-user and collaborative settings in real time.
* Support for IPv6, multi-area OSPF, route redistribution, RSTP, SSH, and multilayer switches.

Supports the following protocols:

* HTTP, Telnet, SSH, TFTP, DHCP and DNS.
* TCP / UDP, IPv4, IPv6, and ICMPv6 ICMPv4.
* RIP, EIGRP, OSPF multi-area, static routing and route redistribution.
* Ethernet 802.3 and 802.11, HDLC, Frame Relay and PPP.
* ARP, CDP, STP, RSTP, 802.1q, VTP, DTP and PAgP.

Cisco IOS Routers support both static and dynamic routes. In small networks (2 to 5 routers) I would suggest to configure only static routes, especially if the network is not going to change much over time. Of course dynamic routing (using dynamic routing protocols such as RIP, OSPF, EIGRP) is much more flexible and scalable (for larger networks) but gets a little bit tricky to troubleshoot in case of problems. There is also the option to mix static and dynamic routing if needed, but you need to take into consideration issues such as route redistribution (you will usually need to redistribute static routes into the dynamic protocol).

In this post I will try to illustrate static routing using a small network scenario (see picture below) and explain also some other issues related with ICMP Redirects and Cisco ASA firewall.

Network Description

From the example network above, we have a Cisco ASA firewall (ASA1) protecting our internal networks from the Internet. LAN1 is a Class C network subnet (10.1.1.0/24) which has user computers connected (this might be the headquarters LAN of the Enterprise). There is also a Router (R1) serving as a WAN router to connect a distant remote office over a WAN link.

At the other side of the WAN link we have R2 which serves as the Hub router having two spokes (R3, R4). There are also two more LAN networks with user computers (LAN2 connected to R3 and LAN3 connected to R4).

The IP addresses assigned to the network are as following:

ASA1 Internal IP: 10.1.1.254

R1 IP on LAN1 network: 10.1.1.253
R1 IP on the WAN link: 192.168.1.1

R2 IP on the WAN link: 192.168.1.2
R2 IP connected with R3: 192.168.2.2
R2 IP connected with R4: 192.168.3.2

R3 IP connected with R2: 192.168.2.1
R3 IP on LAN2 network: 10.2.1.254

R4 IP connected with R2: 192.168.3.1
R4 IP on LAN3 network: 10.2.2.254

LAN1 network: 10.1.1.0/24
LAN2 network: 10.2.1.0/24
LAN3 network: 10.2.2.0/24

Traffic Flow Requirements

We need to have the following communication between networks:

• LAN1 computers need to access the Internet through the ASA and also must be able to communicate with users and servers on LAN2 and LAN3.
• LAN1 users should be able to communicate also with “transit subnets” for troubleshooting and management purposes (“transit subnets” are the point-to-point networks connecting routers between them). These “transit subnets” are 192.168.1.0/30, 192.168.2.0/30, 192.168.3.0/30.
• LAN2 and LAN3 computers need to access the Internet through the ASA and also must be able to communicate with LAN1 network.

Configuration of Static Routing

The intention of this article is to explain static routing only, so I will not get into the full configuration details of all devices in the network. I will just show snippets of commands for static routes.

The general format of a static route command on a Cisco router is:

Router(config)# ip route [destination network] [mask] [gateway address]

The command above tells the router the following information: “if you want to send a packet to the following “destination network”, then send it to this “gateway address”.

The format of a static route command on a Cisco ASA firewall is:

ASA(config)# route [interface name] [destination network] [mask] [gateway]

Now let’s see the commands needed for each router. It’s more convenient to start from the bottom up:

Router R3:

R3(config)# ip route 0.0.0.0 0.0.0.0 192.168.2.2

We just need a default route on this router to send ALL traffic towards R2 gateway address (192.168.2.2).

Router R4:

R4(config)# ip route 0.0.0.0 0.0.0.0 192.168.3.2

Similar with R3, we just need a default route on this router to send ALL traffic towards R2 gateway address (192.168.3.2).

Router R2:

! Default route
R2(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1

! Static routes to reach LAN2 and LAN3
R2(config)# ip route 10.2.1.0 255.255.255.0 192.168.2.1
R2(config)# ip route 10.2.2.0 255.255.255.0 192.168.3.1

This is a little tricky. We need both a default route (to send all upwards traffic, including traffic to the Internet, towards R1) and also we need two specific static routes to reach LAN2 and LAN3 network. The two specific static routes (two last lines) are needed for the reply packets from LAN2 and LAN3 and also for LAN1 to be able to reach LAN2/LAN3.

Router R1:

! Default Route towards ASA for Internet Traffic
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.254

! Static routes to reach LAN2 and LAN3
R1(config)# ip route 10.2.1.0 255.255.255.0 192.168.1.2
R1(config)# ip route 10.2.2.0 255.255.255.0 192.168.1.2

! Static routes to reach transit point-to-point networks
R1(config)# ip route 192.168.2.0 255.255.255.252 192.168.1.2
R1(config)# ip route 192.168.3.0 255.255.255.252 192.168.1.2

Firewall ASA1:

ASA1(config)# route outside 0.0.0.0 0.0.0.0 [asa gateway IP]

! Static routes to reach LAN2 and LAN3
ASA1(config)# route inside 10.2.1.0 255.255.255.0 10.1.1.253
ASA1(config)# route inside 10.2.2.0 255.255.255.0 10.1.1.253

The ASA will need a default route towards its default gateway IP (assigned by the ISP), and also two static routes to reach the distant LAN2 and LAN3 networks. You DO NOT need a static route for LAN1 network because it is directly connected to the ASA.

Default Gateway for LAN1 computers

As we said before, one of the traffic flow requirements was to access LAN2 and LAN3 networks from LAN1 computers. If I ask you what should be the default gateway address configured on LAN1 computers, most of you would answer “The ASA internal address 10.1.1.254”. However, this is WRONG. Let me explain why.

Assume you configure the default gateway address for LAN1 hosts to be the ASA address 10.1.1.254. If HostA on LAN1 wants to send traffic to the Internet, then it will send it to its default gateway address (ASA firewall) which will forward the packet to the Internet. So far so good.

However, if HostA wants to send traffic to LAN2 or LAN3 hosts, it will again send the traffic to the ASA which is supposed to send an ICMP Redirect to HostA and tell him “hey, you should really be using 10.1.1.253 to get to LAN2 or LAN3”. However, the Cisco ASA is NOT ABLE to send an ICMP Redirect like it should. Therefore, HostA will never be able to communicate with LAN2/LAN3. If the ASA was a router instead, everything would work fine because routers actually are able to send ICMP Redirects.

So, the correct answer is to configure all hosts on LAN1 network to have Default Gateway address the IP of R1 (10.1.1.253). This way, they will be able to access both the Internet and the other internal LAN networks (LAN2/LAN3).

For any questions or comments please fill out the comment form below.

The newest Microsoft Exchange Server 2010 has been released a few months ago and enterprises are already upgrading from the older versions in mass scale. Microsoft holds almost 2/3 of the market share in email communication solutions and the Exchange Server 2010 is its flagship product and the cornerstone of Unified Communications for many companies.

The new Exchange 2010 version boasts ground breaking features such as PowerShell utilization as its main engine, Transport Protection Rules, Role Based Access Control, full unified communication support (text to speech, voice mail, instant messaging etc) and other advanced software communication features that make this product one of the most powerful enterprise tools.

If you are going to get involved for the maintenance and administration of Microsoft Exchange 2010 then you certainly need a good training for such a complex product. I.T administrators responsible for their Exchange Server must be ready and prepared to manage hundreds or thousands of users and their mailboxes, the security of the servers, the databases, the operating system etc. Getting a solid and proven Exchange 2010 training package is essential if you want to “survive” for such a demanding task.

There is also an Exchange Server 2010 relevant Exam, the 70-662 (Microsoft Exchange Server 2010 Configuration) which counts as credit towards two Microsoft Certifications (the Microsoft Certified Technology Specialist – MCTS and the Microsoft Certified IT Professional – MCITP certifications). Passing the 70-662 exam, you will be one step closer to a better career, to a better salary, and to a more stable IT position in your company.

Now, what if you could find a training package that will offer you two things:

1. Extensive in-depth training to teach you how to install, configure, maintain and troubleshoot the newest Microsoft Exchange 2010 Server with hands-on experience from a Certified Instructor.
2. Full coverage of 70-662 exam requirements with practice exam questions.

The combination of the above can be found in the Microsoft Exchange Server 2010 Training Package Here. Check it out because I believe it’s a great deal in terms of cost and the amount and quality of information that you will acquire. And the best part is that the training package above comes from one of the most trusted Computer Training companies, so you will be assured that you will get the best results.

Preparing for a Cisco Certification solely with Practice exams is a method that many candidates follow, however I do not recommend this study method at all. My intention in this article is not to slam practice exams. I just want to address the phenomenon among Cisco certification candidates who use practice exams solely as an attempt to pass their exams with the least possible effort. Practice exams should be used in your study strategy as a complimentary option together with other study resources such as books, video trainings, practice labs etc. When you are in the field in front of a rack of routers and switches trying to implement a network design, there is no A, B, C, or D choice like the practice exams. You’ve got to know what you are doing.

The current Cisco certification exams are designed in such a way as to weed out those candidates who just memorized hundreds of possible exam questions in their attempt to pass the exam. If those candidates used only practice tests for preparation, they will just be disappointed on exam day. The certification exams will not only test if you possess the requited knowledge, but also if you have the ability to apply that knowledge in real world cases. Thats why the current Cisco exams are full of practical scenario questions. By taking one practice exam after the other will certainly not develop this skill.

Practice simulators are also fine up to a certain extent, but also do not depend very heavily on them. The most common network simulators I’ve seen do not let you make any mistakes on the router or switch configuration, so you do not actually learn from your mistakes. Remember that making mistakes on a Cisco configuration, observing them and then fixing them is what really helps to actually learn what you are doing.

When preparing for a Cisco Certification (especially for an entry level certification such as CCENT and CCNA) you are not just studying for an exam. Rather, you are building and fortifying your base and foundation for the upper layer certifications and for your career as well. Try to make your study efforts as effective as possible by building a solid foundation. You will achieve this by learning all possible networking theory and fundamental concepts, rather than memorizing hundreds of exam questions. Especially when studying for CCNA, the knowledge that you will acquire will be the most important from all and will be the corner stone for future certifications such as the CCNP and CCIE.

The best preparation for Cisco certifications is to stick to a well-rounded study plan which includes books, lab networking equipment (real or virtual) and practice exams. A recommended training package for Cisco certification exams is this computer based training here. If you combine it with a relative book from CiscoPress then you will have a complete well-rounded study package for passing your Cisco exam.