Path to the CCNA 3

[bobbyforhire]

Hello All, I am 25 and live in atlanta. I currently have my A+ and my Net+ Certifications and have reccently decided it's time to take on that little guy CCNA.

So far i have been able to dibble and dabble with some of what cisco has. I recently purchased a 2948G switch only to find it's the one of two in the whole world running the CATos and can't be swaped out for IOS but the drift of one to the other is somewhat there (some might say it's day and night). So my lab is on it's way, I got a cheap Cisco Router (2501) witch i really can't use but i can still run commands on it. And today i just put down a buck fifty for a PIX 501. So far so good, I have been eyeballing the 2621 router for my lab as everything I use will be in my house running live. So here are my questions to people who have been down this road before.


If you have your CCNA, how hard was it? From what I have heard so far alot of it has to do with subnetting and routing from a to b and letting c get a taste. But how far will it really go? I love to take on a challenge and so far this is the biggest for me yet so far, I would love just to say that I am CCNA certified but really knowing what to do is 99.9% of the fun of it all . Pointers Tip's and anything else would be great!


-Road to CCNA day 1-

 

[bobbyforhire]

?? Well off of the San Subject. I took my network down to the basics.

Also i found out that i only have a 2611 no xm.. the guy left the wrong info up and doesn't have my xm..so thats a bummer.

On a plus it's a 2611 with c2600-IOS3-123(6B).BIN it was 12.0 but i found a decent IOS i think


To keep internet active i have my comcast going into a linksys wireless router. Running 192.168.2.245 as it's internal IP and DHCP on the internet port for the cable.

On the 2611 I have two Interfaces ETH00 ETH01.
ETH00 - 192.168.2.1 255.255.255.0
ETH01 - 10.10.10.245 255.0.0.0

I have setup the linksys router to say that 192.168.2.1 is the DMZ and to forward all outside connections to this device.

On the 2611 I have added the following command
:
enable
conf t
ip route 10.10.10.0 255.0.0.0 192.168.2.245
:

I ran the command ip route show, and it's informing me that i need a default gateway. And also i was checking out the routers ability's, one of with i am very happy about is the ability to see all other cisco devices in the network..very cool.


I was to understand that this is how this should work. All data that is coming from the 10.10.10.X subnet should forward everything to the linksys router (192.168.2.245) and thus getting me to the internet.


Well i wouldn't be writing this if it was working. So what am i missing do i need to create an Access List on the interface? Everyone always says upload your config but if i do that then i won't really learn :|

Also is there a god list of all of the IOS's and what all of them do?

 

[burtsbees]

ip route 10.10.10.0 255.0.0.0 192.168.2.245
That tells the router
"To get to 10.10.10.0/8, go though the LinkSys"
Also, the netwrk boundary is 10.0.0.0 for a /8, not 10.10.10.0
That's all I'll tell you for now...

Burt

 

[burtsbees]

By the way, I have this "SAN" set up at work to hook different machines to boot. If I hook an X86 box to the SAN, I can boot Windows. If I have an Alpha, I can boot to OpenVMS or Tru64. Sun=Solaris, IBM=AIX, etc.

Burt

 

[bobbyforhire]

Thanks for not giving me the answer burt, thats really what i needed. Ok after you telling me that i am backwards i ran my own test, i tried to do an tftp and it would error out ( going from router to one of the 10.x) and it was reporting that i was trying to goto 192.168.2.x. So what this tells me i need to change it to this.


ip route 0.0.0.0 0.0.0.0 192.168.2.245

So, route any any to 192.168.2.245

Am i correct on this? I am at work right now but the router is at home. One other question is that if i was running dhcp on the router and the ip address would change how could i tell it to go out the ip address.

 

[bobbyforhire]

As much as i wanted to stay away from this.. here is my current config. I took your advice on my crazy 10's and got rid of a few.



C-CRTR01#sh run
Building configuration...

Current configuration : 793 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C-CRTR01
!
boot-start-marker
boot system flash c2600-entbase-mz.123-10.bin
boot system flash
boot-end-marker
!
enable secret 5 $1$c2v5$gPkpQX69xP9YVsKnxZanL.
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
!
!
!
!
interface Ethernet0/0
ip address 192.168.2.1 255.255.255.0
full-duplex
no clns route-cache
!
interface Ethernet0/1
ip address 10.0.0.254 255.255.255.0
half-duplex
no clns route-cache
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.245
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

C-CRTR01#

 

[bobbyforhire]

Also after posting this i noticed that i had two system boots. i went in an ran a

no system boot flash to remove the second boot.

 

[burtsbees]

ip route 0.0.0.0 0.0.0.0 192.168.2.245

So, route any any to 192.168.2.245

Am i correct on this?

No---it says "To get to any any, go through 192.168.2.245"

More tomorrow---really swamped with my kids here...H...E...L...P!!!

Burt

 

[bobbyforhire]

Where am I going, Internet.
Where is the internet 192.168.2.245.

ip route 10.0.0.0 255.255.255.0 192.168.2.245

this should route the 10.x network to goto 192.168.2.245 for any 192.168.x.x action.

But i still don't see how this will give me internet, i mean my linksys router "has" the internet but i'm not telling my router to goto the linksys for http or ftp action. Is IP route the correct thing to use or should i really be looking at access-lists?

Burt - Man if i could i would help out with the kids for cisco help you have been there since my first post here talking about my 2948g switch.

THANKS

 

[CiscoGuy33]

bobbyforhire,

If you do as Burt listed above and route any any to 192.168.2.245 - the Linksys which is already connected to the Internet, will know what to do with the traffic it gets!

You said - "But i still don't see how this will give me internet, i mean my linksys router "has" the internet but i'm not telling my router to goto the linksys for http or ftp action. Is IP route the correct thing to use or should i really be looking at access-lists?" No you will not need an ACL, you do not need to tell it HTTP or FTP - traffic is traffic - the IP Route will send all traffic!

An ACL would only be needed if you ONLY wanted certain traffic etc.

Hope this helps!


E.A. Broda
CCNA, CCDA, CCAI, Network +

 

[bobbyforhire]

I am listening. I had the 0.0.0.0 0.0.0.0 witch says any any to 192.168.2.245 he said that i was wrong....

I am about to start looking this up to see what it is i'm missing here.

ip route 0.0.0.0 0.0.0.0 192.168.2.245

Will this work or no?

"ip route 0.0.0.0 0.0.0.0 192.168.2.245

So, route any any to 192.168.2.245

Am i correct on this?

No---it says "To get to any any, go through 192.168.2.245"

More tomorrow---really swamped with my kids here...H...E...L...P!!!

Burt "

 

[bobbyforhire]

PCA IP: 10.0.1.1
PCA Gateway: 10.0.1.245


PCB IP 10.0.2.1
PCB Gateway: 10.0.2.245


ROUTERA FE01 - 10.0.1.245 255.255.255.0
ROUTERA FE00 - 172.0.1.1 255.255.0.0



ROUTERB FE01 - 10.0.2.245 255.255.255.0
ROUTERB FE00 - 172.0.2.1 255.255.0.0



After you guys burning my head with ip routes i found out how to get
one pc to see the other pc just by adding the following.


Router A-ip route 10.0.2.0 255.255.255.0 172.0.2.1
Router B-ip route 10.0.1.0 255.255.255.0 172.0.1.1



So from PCA i was able to reach PCB by using ip route's. This was all done in
a virtual ccna lab that i was able to pick up.

Question: When i had the 172.x.x.x and the 10.x.x.x on a class c subnet together this
didn't work until i put the 172.x.x.x on a class b subnet. Can you not have two
interfaces with the same subnet?


When i get home today i will review my ip route 0.0.0.0 0.0.0.0 192.168.1.245 to see
if that will allow the internet to go out. From the looks of it, that should work.


Thanks again guys, I'm going to stick around with ip routes and see what kina cool stuff
i can do with it then move on to ACL'S

-Bobby

 

[burtsbees]

My bad---kids are driving me friggin crazy---I was looking at your config cross-eyed. I was looking at a combination of 192.168.2.1 and 10.0.0.254, which is both your interfaces, and I was getting 192.168.2.254---I thought your default route was pointing to your LAN! I need a drink...I know this stuff...I swear I do...I'm a CCNP...really...lol

Burt

 

[maczen]

LoL..
That's okay Burt... So far in the last few days I have mistook a straight-through for a x-over and missed the whole full-duplex thing... and I'm close to my CCNA now! LoL

Somehow, it is slightly more difficult on the actual equipment versus theory! But once again that is why I decided to invest in a lab and it is already paying off!!! Thanks!

 

[bobbyforhire]

Well im about to pull my hair out. It still is not letting me get out to the inet with 0.0.0.0 0.0.0.0 192.168.2.245. I did a tracert to 192.168.2.245 from the 10.x network and it gets to 10.0.0.245 but then just dies. So ok i give up can someone give me the answer to my problem and i can learn from what i'm not doing?

 

[burtsbees]

router(config)#int e0/1
router(config-if)#duplex full
router(config-if)#exit
router(config_#no ip cef
router(config)#ip classless

Then from the pc, try and ping 192.168.2.245
What is connected to e0/1???

Burt

 

[bobbyforhire]

no ip cef= turning off ( Cisco Express Forwarding)

ip classless not sure what this does but turns on classless? Ill look into this.


Eth0/1 = 10.x network
Eth0/0 - 192.x network

 

[burtsbees]

ip classless allows subnets to be advertised, like 10.x.x.x/24, like you have. It's usually for routing protocols, but I can't remember if something that old needs that command for a static route that is subnetted...

What is ROUTER A and ROUTER B, and all the other nodes mentioned a few posts up?

Burt

 

[Cluebird]

A couple of quick questions:
1. Was the Linksys getting traffic to/from the Internet before you added your internal devices. Was the dmz forwarding working before you added complexity?
2. Are you doing PAT (aka NAT overload) on the linksys? If so, are the addresses you're using internally allowed to be translated?
3. Does your Linksys have a route back to your internal network(s)?

Linksys is SOHO equipment at best and doesn't have all the features of the Cisco CLI. As you add more complexity, you'll wish you had CLI.

Sounds like the issue is with the edge router (Linksys) rather than your Cisco stuff. (Yes, I know Linksys is a Cisco subsidiary.)

Regarding ip classless: It changes the router from classful behavior to classless behavior. (Duh!) This means the router will forward traffic to unknown subnets of a major network the router is attached to. It's used with discontiguous addresses where subnets of a major network are spread throughout your routing empire. A classful router will not forward traffic to a subnet of a major network the router is directly connected to even if you configure a default route.

Think of it this way...The router gnome fills it's routing table by looking at the networks on directly connected interfaces. The gnome must be told about any other network that isn't directly connected. Classful gnomes aren't very intelligent. If they look at one of their interfaces and for example, see the 10.0.1.0 255.255.255.0 subnet, the classful gnomes ASSUME they have full knowledge about every subnet of the 10.0.0.0 255.0.0.0 major network. If traffic needs to go to the 10.0.2.0 255.255.255.0 subnet and the classful gnomes receive the traffic, they think "Hey, I'm directly attached to the 10.0.0.0 255.0.0.0 network. That means I know everything about the 10.0.0.0 network. I don't see the 10.0.2.0/24 network. Hence, I won't forward to the 10.0.2.0/24 subnet because I know nothing about that subnet." The classful router admin adds a default route trying to get the 10.0.2.0/24 subnet forwarded, but the classful gnomes ignore the default route because they think they know everything about the 10.0.0.0/8 network. After all, they think, "I am directly attached, I know more than the router admin and I won't forward to unknown subnets. That's my job description and I won't budge." That's why we usually fire the classful gnomes and hire the classless gnomes. A better fix is readdress the network so you don't have discontiguous networks.

 

[bobbyforhire]

Clue -

Well let me start off by saying, write a book. Very well written and hell made sence to me. This is what i got out of all of what you just wrote. Fix your network. The linksys is great for home use because it just plug and "pray" but because I am trying to do a larger scale and more advanced. So here it goes for my test network.

Comcast Internet ---> 2611 Router

Enable
conf t
int eth0/0
ip address dhcp
exit
wr mem

conf t
no ip route 0.0.0.0 0.0.0.0 192.168.2.245
ip route 0.0.0.0 0.0.0.0 eth0/0
exit
wr mem


I just did this out of my head and already i feel better about using the CLI. Thing is will that work? If a device is DHCP address can i just say eth0/0 and that will say what ever is on that line use it?

Thanks Again! I hope i'm learning something here.

P.S - All people seem to need data processing. These word haunt my mind

 

[bobbyforhire]

Burt

"What is ROUTER A and ROUTER B, and all the other nodes mentioned a few posts up?"

Sorry about that, When i was reading over the post's i wanted to get a better concept of the ip route statement. So i created a lab. I was able to get 10.0.1.x and 10.0.2.x to see eachother between two diffrent routers without connecting them directly to each other.