1

Cisco IOS File System and

Devices

Managing Cisco IOS Images

Verifying Memory Image

Filenames
wg_ro_a#show flash
System flash directory:
File Length
Name/status
1
10084696 c2500-js-l_120-3.bin
[10084760 bytes used, 6692456 available, 16777216 total]
16384K bytes of processor board System flash (Read ONLY)

Creating a Software Image

Backup

Upgrading the Image from

the Network

LAB
Install TFTP server on a virtual machine
Connect the machine to a Router
To see the content of Flash file
#show Flash
To copy flash
#Copy flash tftp
supply IP address of TFTP Server and file name

To copy running-configuration
#copy running-config tftp
supply IP address of TFTP Server and file name

Resolving Host Names

To use a hostname rather than an IP address to
connect to a remote device
Two ways to resolve hostnames to IP addresses
building a host table on each router
building a Domain Name System (DNS)
server

Resolving Host Names

Building a host table

ip host host_name ip_address

R1(config)#ip host com1 10.0.0.1
R1(config)#ip host com2 10.0.0.2

To view table
R1#show hosts
To verify that the host table resolves names, try ping
hostnames at a router prompt.
9

Password Recovery
Normal Boot Sequence
POST
Bootstrap
IOS
Startup
Running

This
setup
is
decided
configuration register value

by

10

Configuration Register
Decimal
Bit

Default

4 2 1 8

4 2 1 8

4 2 1 8

4 2 1

15 14 13 12 11 10 9 8 7

6 5 4 3

2 1 0

0 0 0 0

0 1 0

0 1 0 0

0 0 1 0

2102

This means that bits 13, 8, and 1 are on.

To ignore NVRAM the 6th bit should be made ON
When the 6th bit is turned on the value will be 2142

11

Password Recovery
Show version will give configuration
register value
Password is stored in NVRAM
To by pass NVRAM during boot sequence
we need to change the configuration
register value
To change the CR values press Ctr+Break
and go to ROM monitor mode

12

Password Recovery
Router 2500
o/r 0x2142
i
Router 2600
confreg 0x2142
>reset

13

14

WAN vs LAN
Distance between WAN and LAN
WAN speed is less
WAN is leased from Service provider

15

Remote Access Overview

A WAN is a data communications network
covering a relatively broad geographical area.
A network administrator designing a remote
network must weight issues concerning users
needs such as bandwidth and cost of the variable
available technologies.

16

WAN Overview

Service
Provider

WANs connect sites

Connection requirements vary depending on user
requirements and cost
17

WAN
technology/terminology

Devices on the subscriber premises are called customer premises equipment (CPE).
The subscriber owns the CPE or leases the CPE from the service provider.
A copper or fiber cable connects the CPE to the service providers nearest exchange or
central office (CO). A central office (CO) is sometimes referred to as a point of presence
(POP)
This cabling is often called the local loop, or "last-mile".

CPE
(Customer
Premises
Equipment) are equipments
located at the customers
site,
they
are
owned,
operated and managed by
the customer.
18

WAN
technology/terminology
A demarcation point is
where customer premises
equipment (CPE) ends,
and local loop begins.

The local loop is the

cabling
from
demarcation
point
to
Central Office (CO).

19

WAN
technology/terminology
Devices that put data on the local loop are called data
communications equipment (DCE).
The customer devices that pass the data to the DCE are called
data terminal equipment (DTE).
The DCE primarily provides an interface for the DTE into the
communication link on the WAN cloud.

The DTE/DCE interface

uses various physical
layer protocols, such as
V.35.

These

protocols
establish the codes and
electrical
parameters
the devices use to
communicate with each
other.

20

WAN Devices
Modems

transmit data
over
voice-grade
telephone
lines
by
modulating
and
demodulating the signal.

The digital signals are

superimposed
on
an
analog voice signal that is
modulated
for
transmission.

The

modulated signal
can be heard as a series
of whistles by turning on
the
internal
modem
speaker.

At the receiving end the

analog
signals
are
returned to their digital
form, or demodulated

21

WANs - Data Link

Encapsulation
The data link layer protocols define how data is encapsulated for transmission
to remote sites, and the mechanisms for transferring the resulting frames.
A variety of different technologies are used, such as ISDN, Frame Relay or
Asynchronous Transfer Mode (ATM).
These protocols use the same basic framing mechanism, high-level data link
control (HDLC)

22

WAN Technologies
Overview
Dedicated
T1, E1, T3,
E3
DSL
SONET

Circuit
Switched
POTS
ISDN

Switched

Analog
Dial-up
modems
Cable
modems
Wireless

Packet Switched
X.25

Covers a relative broad

area
Use transmission facilities
Frame Relay
leased
from
service
provider
ATM
Carries different traffic
(voice, video and data)
23

Dedicated Digital Services

Dedicated Digital Services
provide full-time connectivity
through a point-to-point link
T series in U.S. and E series in
Europe
Uses time division multiplexing and
assign time slots for transmissions
T1 = 1.544 Mbps
T3 = 44.736 Mbps

E1 = 2.048 Mbps
E3 = 34.368 Mbps

24

Digital Subscriber Lines

Digital Subscriber Line (DSL) technology is a broadband
technology that uses existing twisted-pair telephone lines
to transport high-bandwidth data to service subscribers.
The two basic types of DSL technologies are asymmetric
(ADSL) and symmetric (SDSL).
All forms of DSL service are categorized as ADSL or SDSL
and there are several varieties of each type.
Asymmetric service provides higher download or
downstream bandwidth to the user than upload bandwidth.
Symmetric service provides the same capacity in both
directions.

25

Analog Services
Dial-up Modems (switched analog)
Standard that can provides 56 kbps download speed and
33.6 kbps upload speed.
With the download path, there is a digital-to-analogue
conversion at the client side.
With the upload path, there is a analogue-to-digital
conversion at the client side.

26

Cable Modems (Shared

Analog)

Cable TV provides residential premises with a coaxial cable that has a

bandwidth of 750MHz
The bandwidth is divided into 6 MHz band using FDM for each TV channel
A "Cable Modem" is a device that allows high-speed data access
(Internet) via cable TV network.
A cable modem will typically have two connections because a splitter
delivers the TV bands to TV set and the internet access bands to PC via a
cable box
The splitter delivers the TV bands to TV set and the internet access bands
to PC via a cable box

27

Wireless
Terrestrial
Bandwidths typically in the 11 Mbps range
Cost is relatively low
Line-of-sight is usually required
Usage is moderate
Satellite
Can serve mobile users and remote users
Usage is widespread
Cost is very high
28

Circuit Switched Services

Integrated Services Digital Network (ISDN)
Historically important--first dial-up digital service
Max. bandwidth = 128 kbps for BRI (Basic Rate
Interface)
2 B channels @ 64kps and 1 D channel @ 16kps
B channels are voice/data channels; D for signaling

B
D
B

29

Integrated Services Digital

Network

30

WAN Connection Types

Leased lines
It is a pre-established WAN communications
path from the CPE, through the DCE switch, to
the CPE of the remote site, allowing DTE
networks to communicate at any time with no
setup procedures before transmitting data.
Circuit switching
Sets up line like a phone call. No data can
transfer before the end-to-end connection is
established.

32

WAN Connection Types

Packet switching
WAN switching method that allows you to
share bandwidth with other companies to save
money. As long as you are not constantly
transmitting data and are instead using bursty
data transfers, packet switching can save you a
lot of money.
However, if you have constant data transfers,
then you will need to get a leased line.
Frame Relay and X.25 are packet switching
technologies.
33

Defining WAN Encapsulation

Protocols
Each WAN connection uses an encapsulation
protocol to encapsulate traffic while it crossing
the WAN link.
The choice of the encapsulation protocol depends
on the underlying WAN technology and the
communicating equipment.

34

Defining WAN Encapsulation

Protocols
Typical WAN encapsulation types include the
following:
Point-to-Point Protocol (PPP)
Serial Line Internet Protocol (SLIP)
High-Level Data Link Control Protocol (HDLC)
X.25 / Link Access Procedure Balanced (LAPB)
Frame Relay
Asynchronous Transfer Mode (ATM)

35

Determining the WAN Type to

Use
Availability
Each type of service may be available in
certain geographical areas.
Bandwidth
Determining usage over the WAN is important
to evaluate the most cost-effective WAN
service.
Cost
Making a compromise between the traffic you
need to transfer and the type of service with
the available cost that will suit you.
36

Max. WAN Speeds for WAN

Connections
WAN Type

Maximum
Speed

Asynchronous Dial-Up

56-64 Kbps

X.25, ISDN BRI

128 Kbps

ISDN PRI

E1 / T1

Leased Line / Frame Relay

E3/T3
37

Typical WAN Encapsulation

Protocols: Layer 2
Leased Line

HDLC, PPP, SLIP

X.25, Frame Relay, ATM

Packet-switched

Service
Provider

PPP, SLIP, HDLC

Circuit-switched

Telephone
Company
38

WAN Protocols
LAN

E0

S0

S0

Network
Datalink

WAN

Physical

Point to Point - HDLC, PPP

Multipoint
- Frame Relay, X.25 and ATM

HDLC Proprietary cisco device default

PPP - Open

39

HDLC Command

Router(configif)#encapsulationhdlc
Enable hdlc encapsulation
HDLC is the default encapsulation on
synchronous serial interfaces

41

An Overview of PPP

PPP Encapsulation

Link setup and control

using LCP in PPP

PPP is open standard

HDLC is only for encapsulation
PPP provides encapsulation and authentication
PPP is made up of LCP and NCP
LCP is for link control and NCP for multiple protocol support
and call back
42

PPP LCP Configuration Options

Feature
Authentication

How It Operates

Protocol

Require a password

PAP
Perform Challenge Handshake CHAP

Compression

Compress data at source;

reproduce data at
destination

Error
Detection

Monitor data dropped on link

Multilink

Load balancing across

multiple links

Avoid frame looping

Multilink
Protocol (MP)
43

PPP Authentication
Overview
Dialup or
Circuit-Switched
Network

PPP Session Establishment

1
2
3

Link Establishment Phase

Optional Authentication Phase
Network-Layer Protocol Phase

Two PPP authentication protocols:

PAP and CHAP

44

Selecting a PPP
Authentication Protocol
Remote Router
(SantaCruz)

PAP
2-Way Handshake

Central-Site Router
(HQ)

santacruz, boardwalk
Accept/Reject
Hostname: santacruz
Password: boardwalk

username santacruz
password boardwalk

Passwords sent in clear text

45

Selecting a PPP
Authentication Protocol
(cont.)
Remote Router
(SantaCruz)

CHAP
3-Way Handshake

Central-Site Router
(HQ)

Challenge
Response

Hostname: santacruz
Password: boardwalk

Accept/Reject

username santacruz
password boardwalk

Use secret known only to authenticator and

peer
46

Configuring PPP and

Authentication Overview
Verify who
you are.

Service
Provider

Authenticating Router

(The router that received the call.)

Router to Be
Authenticated

Enabling PPP

(The router that initiated the call.)

Enabling PPP

Enabling PPP Authentication

Enabling PPP Authentication

ppp encapsulation
hostname
username / password
ppp authentication

ppp encapsulation

hostname
/ password
username
ppp authentication

47

Configuring PPP

Router(configif)#encapsulationppp
Enable PPP encapsulation

48

Configuring PPP
Authentication
Router(config)#hostnamename

Assigns a host name to your router

Router(config)#usernamenamepasswordpassword

Identifies the username and password of

authenticating router

49

Configuring PPP
Authentication
(cont.)

Router(configif)#pppauthentication
{chap|chappap|papchap|pap}

Enables PAP and/or CHAP authentication

50

Configuring CHAP Example

R1

PSTN/ISDN

hostnameR1
hostnameR1
usernameR2passwordcisco
usernameR2passwordcisco
!!
intserial0
intserial0
ipaddress10.0.1.1255.255.255.0
ipaddress10.0.1.1255.255.255.0
encapsulationppp
encapsulationppp
pppauthenticationCHAP
pppauthenticationCHAP

R2

hostnameR2
usernameR1passwordcisco
!
intserial0
ipaddress10.0.1.2255.255.255.0
encapsulationppp
pppauthenticationCHAP

51

Verifying HDLC and PPP

Encapsulation
Configuration

Router#showinterfaces0
Serial0isup,lineprotocolisup
HardwareisHD64570
Internetaddressis10.140.1.2/24
MTU1500bytes,BW1544Kbit,DLY20000usec,rely255/255,load1/255
EncapsulationPPP,loopbacknotset,keepaliveset(10sec)
LCPOpen
Open:IPCP,CDPCP
Lastinput00:00:05,output00:00:05,outputhangnever
Lastclearingof"showinterface"countersnever
Queueingstrategy:fifo
Outputqueue0/40,0drops;inputqueue0/75,0drops
5minuteinputrate0bits/sec,0packets/sec
5minuteoutputrate0bits/sec,0packets/sec
38021packetsinput,5656110bytes,0nobuffer
Received23488broadcasts,0runts,0giants,0throttles
0inputerrors,0CRC,0frame,0overrun,0ignored,0abort
38097packetsoutput,2135697bytes,0underruns
0outputerrors,0collisions,6045interfaceresets
0outputbufferfailures,0outputbuffersswappedout
482carriertransitions
DCD=upDSR=upDTR=upRTS=upCTS=up
52

Verifying PPP Authentication with

the debug ppp authentication
Command
R1

Service
Provider

R2

4d20h:%LINK3UPDOWN:InterfaceSerial0,changedstatetoup
4d20h:%LINK3UPDOWN:InterfaceSerial0,changedstatetoup
4d20h:Se0PPP:Treatingconnectionasadedicatedline
4d20h:Se0PPP:Treatingconnectionasadedicatedline
4d20h:Se0PPP:PhaseisAUTHENTICATING,byboth
4d20h:Se0PPP:PhaseisAUTHENTICATING,byboth
4d20h:Se0CHAP:OCHALLENGEid2len28fromleft"
4d20h:Se0CHAP:OCHALLENGEid2len28fromleft"
4d20h:Se0CHAP:ICHALLENGEid3len28fromright"
4d20h:Se0CHAP:ICHALLENGEid3len28fromright"
4d20h:Se0CHAP:ORESPONSEid3len28fromleft"
4d20h:Se0CHAP:ORESPONSEid3len28fromleft"
4d20h:Se0CHAP:IRESPONSEid2len28fromright"
4d20h:Se0CHAP:IRESPONSEid2len28fromright"
4d20h:Se0CHAP:OSUCCESSid2len4
4d20h:Se0CHAP:OSUCCESSid2len4
4d20h:Se0CHAP:ISUCCESSid3len4
4d20h:Se0CHAP:ISUCCESSid3len4
4d20h:%LINEPROTO5UPDOWN:LineprotocolonInterfaceSerial0,changedstatetoup
4d20h:%LINEPROTO5UPDOWN:LineprotocolonInterfaceSerial0,changedstatetoup

debug ppp authentication

debug ppp authentication successful CHAP output

53

What is ISDN?
Small office
Digital
PBX

Provider
network

Telecommuter

Home office
Central site

Voice, data, video

54

Why ISDN?
ISDN - Integrated Services Digital
Network
Telephone services ->
Telecommunication services
Used for voice, data and video

55

ISDN Access Options

Channel

Capacity

64 kbps

16/64 kbps

Mostly Used for

Circuit-switched data (HDLC, PPP)
Signaling information

BRI
D 2B

PRI
D 23 or 30B

BRI and PRI are used globally for ISDN

56

Interfaces and Devices

TE1

ISDN Ready
BRI Port
4W
S/T interface

2W

NT1

U interface
TE2
Analog devices:
phone, Serial port

TA
After connecting to TA it becomes TE1

I
S
D
N
S
w
i
t
c
h
58

Interfaces and Devices

Function Group A set of functions implemented by a device or software

Reference Point The interface between two function group
59

Reference Points

60

LAB-ISDN
ISDN Switch

R1
BRI
E0
192.168.0.1

10.0.0.1

192.168.0.2

Router(config)#hostname R1
R1(config)#username R2 password cisco
R1(config-if)#int bri 0
R1(config-if)# ip address 10.0.0.1 255.0.0.0
R1(config-if)#enacapsulation ppp
R1(config-if)#PPP authentication CHAP
R1(config-if)#no shut
Static Routes or default route
R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2
R1(config)#isdn switch-type basic-net3

R2
BRI
10.0.0.2 E0
192.168.1.1

192.168.1.2

Access List
R1(config)#dialer-list 1 protocol ip permit
R1(config)#int bri 0
R1(config-if)# dialergroup 1
R1(config-if)#dialer map ip 10.0.0.2 name
R2 20
R1(config-if)#no shut
R1(config-if)#dialer idle-timeout 100

61

ISDN DDR configuration

Commands
Command

Description

iproute

Global command that configure static route or

default route

username name name

password secret

Global command that configure CHAP username

and password

access-list

Global command that creates ACLs to define a

subset of traffic as interesting

dialer-list 1 protocol IP

Global command that creates a dialer list that

makes all IP traffic interesting or reference to
ACL for subset

dialergroup 1

Interface subcommand that references dialer list

to define what is interesting

dialer idle-timeout 100

Interface subcommand that settles idle time out

values

dialer string number

Interface subcommand that define dial numbers

int bri 0

Global command that selects BRI interface

62

Packet Switched Services

X.25 (Connection-oriented)
Reliable--X.25 has been extensively debugged and is now very stable-literally no errors in modern X.25 networks
Store & Forward--Since X.25 stores the whole frame to error check it
before forwarding it on to the destination, it has an inherent delay
(unlike Frame Relay) and requires large, expensive memory buffering
capabilities.

Frame Relay (Connectionless)

More efficient and much faster than X.25
Used mostly to forward LAN IP packets

63

Frame Relay Basics

FR is WAN layer2 protocol
FR developed in 1984, its a faster
packet switching technology
In
1990
FR
consortium
was
developed and extension added

64

Terminology
R1

FR Network

R2

Frame Relay Network

End Device

Interface Device
Encapsulate Data
Access Line

DCE Dedicated FR Switches, can be one or multiple

Trunk Line

Virtual Circuit an end to end connection between interface device - PVC or SVC

Data Link connection Identifiers (DLCI) number is the identification for VC, 16-1007
Committed Information Rate or CIR - agreed-upon bandwidth
Frame Relay there are two encapsulation types: Cisco and IETF
Local Management Interface (LMI) is a signaling standard used between your router
and the first Frame Relay switch i - Cisco, ANSI, and Q.933A.
65

LAB - Frame Relay

FR Switch

R1
S0
E0
192.168.1.1/24

100

192.168.3.9/29

192.168.1.2/24

200

192.168.3.10/29 R2
S0
E0

DCE

DCE

192.168.2.1/24

192.168.2.2/24

Frame Relay Switch

R1
Router#config t
Router#config t
Router(config)#hostname FRSwitch
Router(config)#hostname R1
FRSwitch(config)# frame-relay switching
R1(config)# int s 0
R1(config-if)#ip
address
192.168.3.9 FRSwitch(config)# int s 1/0
FRSwitch(config-if)#enacapsulation frame-relay
255.255.255.248
FRSwitch(config-if)# frame-relay intf-type DCE
R1(config-if)#enacapsulation frame-relay
FRSwitch(config-if)# clock rate 64000
R1(config-if)# frame-relay intf-type DTE
FRSwitch(config-if)# frame-relay route 100 int serial 1/1
R1(config-if)# frame-relay interface-dlci 100
200
R1(config-if-dlci)# exit
FRSwitch(config-if)#no shut
67
R1(config-if)#framerelay map ip 192.168.3.10
100