Month: April 2012

Linux CentOS – Routing Table Configuration

You may use the following method to add a static route to the routing table of a Linux server using the command line. The server in this example is running CentOS 5.5 64 bit.

I have decided to create a static route to Google.com but before doing so I need to find the Internet Protocol (IP) address of Google.com using the “host” command.

# host google.com
google.com has address 74.125.91.104
google.com has address 74.125.91.105
google.com has address 74.125.91.106
google.com has address 74.125.91.147
google.com has address 74.125.91.99
google.com has address 74.125.91.103
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.

I will use the IP address 74.125.91.104 for this example.

First, we will view the current routing table of the Linux server using the “netstat -r” command.

# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
209.208.62.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
default 209.208.62.1 0.0.0.0 UG 0 0 0 eth0

Second, we will ping the IP address 74.125.91.104 to verify the network connection between these two devices is successful.

# ping -c 4 74.125.91.104
PING 74.125.91.104 (74.125.91.104) 56(84) bytes of data.
64 bytes from 74.125.91.104: icmp_seq=1 ttl=48 time=29.6 ms
64 bytes from 74.125.91.104: icmp_seq=2 ttl=48 time=29.6 ms
64 bytes from 74.125.91.104: icmp_seq=3 ttl=48 time=29.2 ms
64 bytes from 74.125.91.104: icmp_seq=4 ttl=48 time=29.2 ms

— 74.125.91.104 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 29.257/29.451/29.668/0.256 ms

Third, I will purposely create a static route to route the IP address 74.125.91.104/24 to interface “eth 1″ which is a private interface and then change the static route to utilize the public interface “eth 0″.

# route add -net 74.125.91.0 netmask 255.255.255.0 dev eth1

Fourth, we will view the routing table to verify it has added the static route that was just configured.

# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
209.208.62.0 * 255.255.255.0 U 0 0 0 eth0
74.125.91.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
default 209.208.62.1 0.0.0.0 UG 0 0 0 eth0

Fifth, we will now ping the IP address 74.125.91.104 and it should not work due to the fact that eth 1 is a private interface and does not route to the internet.

# ping -c 4 74.125.91.104
PING 74.125.91.104 (74.125.91.104) 56(84) bytes of data.
From 10.0.24.1 icmp_seq=2 Destination Host Unreachable
From 10.0.24.1 icmp_seq=3 Destination Host Unreachable
From 10.0.24.1 icmp_seq=4 Destination Host Unreachable

— 74.125.91.104 ping statistics —
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3000ms
, pipe 3

Sixth, we will now delete the static route and create a new one that will forward the traffic to network 74.125.91.0/24 out of eth 0 then view the routing table.

# route del -net 74.125.91.0 netmask 255.255.255.0 dev eth1
# route add -net 74.125.91.0 netmask 255.255.255.0 dev eth0
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
209.208.62.0 * 255.255.255.0 U 0 0 0 eth0
74.125.91.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth1
default 209.208.62.1 0.0.0.0 UG 0 0 0 eth0

Lastly, we will ping the IP address 74.125.91.104 to verify the static route configuration is functioning correctly.

# ping -c 4 74.125.91.104
PING 74.125.91.104 (74.125.91.104) 56(84) bytes of data.
64 bytes from 74.125.91.104: icmp_seq=1 ttl=48 time=32.1 ms
64 bytes from 74.125.91.104: icmp_seq=2 ttl=48 time=28.7 ms
64 bytes from 74.125.91.104: icmp_seq=3 ttl=48 time=29.2 ms
64 bytes from 74.125.91.104: icmp_seq=4 ttl=48 time=29.3 ms

— 74.125.91.104 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 28.780/29.884/32.131/1.321 ms

Enjoy!


Networking – Subnetting Practice

If you ever need to practice your subnetting you may use the following website http://www.subnetting.org/. The website contains numerous subnetting questions that will allow you to test yourself periodically. If you don’t find yourself subnetting every day you may use that website for about fifteen minutes each day to be certain that you don’t forget how to subnet in your head.

Enjoy!


Cisco – Building a Host Table on a Router or Switch

In this example there is a router with a hostname of “router-2″ that has a serial interface configured with the Internet Protocol (IP) address of 172.16.4.2. Without an entry in the host table of the router or a Domain Name System (DNS) server I cannot use the hostname of the router in order to ping or telnet to the device.

router-1#ping router-2
Translating “router-2″
% Unrecognized host or address, or protocol not running.

router-1#telnet router-2
Translating “router-2″
% Unknown command or computer name, or unable to find computer address

To create a host table entry that provides name resolution for “router-2″ that points to IP address 172.16.4.2 I use the following commands.

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#ip host router-2 23 172.16.4.2
router-1(config)#^Z

The above command “ip host” is provided the name of the device (router-2), default telnet port (23) and the IP address of the router. I may then check this entry using the “show hosts” command.

router-1#show hosts
Default domain is not set
Name/address lookup uses static mappings

Host Flags Age Type Address(es)
router-2 (perm, OK) 0 IP 172.16.4.2

Additionally, I may test the entry by pinging and telnetting to the router using the hostname provided in the host table.

router-1#ping router-2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.4.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
router-1#telnet router-2
Trying router-2 (172.16.4.2)… Open
User Access Verification

Password:

Enjoy!


Cisco – Configuring Static Routes

You may use the following method to add a static route to the routing table of a Cisco router.

Before configuring the static route(s) you may run the following commands in order to get a better idea of the network(s) configured on the existing router.

router-1#show ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
U – per-user static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 2 subnets
C 172.16.4.0 is directly connected, Serial0
C 172.16.3.0 is directly connected, Ethernet0

router-1#show cdp entry * protocol
Protocol information for router-2 :
IP address: 172.16.4.2

The “show ip route” command provides us with the directly connected routes/networks. Additionally, the “show cdp entry * protocol” command provides the Internet Protocol (IP) address of a directly connected router (172.16.4.2) which we will use to complete the static routing entry. Before creating the static routing entry use the “ping” command to be certain you can reach the next hop router.

router-1#ping 172.16.4.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.4.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

Now, we may begin creating the static routing entry.

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#ip route 172.16.5.0 255.255.255.0 172.16.4.2 permanent
router-1(config)#^Z

The “ip route” tells the router it is a static entry, 172.16.5.0 is the network to be reached, 255.255.255.0 is the subnet mask of the 172.16.5.0 network, the IP address of 172.16.4.2 is the address of the router that will accept and forward the packet (router-2) and the “permanent” tells the router to keep the entry in the routing table even if the network can’t be reached (such as the interface of the 172.16.5.0/24 network being down).

Next, you may use the “show ip route” command to verify the route in the routing table.

router-1#show ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
U – per-user static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 3 subnets
C 172.16.4.0 is directly connected, Serial0
S 172.16.5.0 [1/0] via 172.16.4.2
C 172.16.3.0 is directly connected, Ethernet0

As you can see from the output above the 172.16.5.0/24 is in the routing table. Now, you may ping the gateway of the network, in this example it is 172.16.5.1, to verify network connectivity.

router-1#ping 172.16.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

Enjoy!


Cisco – Troubleshooting Static Routes

The following example is utilizing two Cisco 2500 series routers with two serial interfaces and two ethernet interfaces. I created a lab Wide Area Network (WAN) in order to configure static routes on Cisco routers. My goal was to create a static route from the ethernet interface (172.16.3.1) on router-1 to reach the ethernet interface (172.16.5.1) on router-2. After creating the static route on the router-1 ethernet interface (172.16.3.0/24) to reach the 172.16.5.0/24 network on the ethernet interface of router-2 I was still unable to ping the 172.16.5.0/24 network from the 172.16.3.0/24 network. I then began troubleshooting.

My first thought was that the network cable could be the cause due to the fact that I had not used it prior. After switching the network cable in question with a known good cable and receiving the same results I was able to rule out the network cable as the cause of the issue.

My next suspicion was that the ethernet interface on router-2 was possibly dead. I knew this was not the case after viewing the results of the “show ip interface brief” command and seeing the interface was up/up.

router-2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 172.16.5.1 YES NVRAM up up
Serial0 172.16.4.2 YES NVRAM up up
Serial1 unassigned YES unset administratively down down

My next step in troubleshooting was to view the static route entry I previously created from the 172.16.3.0/24 network to the 172.16.5.0/24 network using the “show running-config” command. I did not use the “show ip route” command because the static route entry would not have shown itself in the routing table due to the fact that the two networks were not communicating (only networks that communicate show up in the routing table). Upon inspecting the static routing entry I realized I made a mistake in the command syntax and created a new static route entry from the 172.16.3.0/24 network on router-1 to the 172.16.5.0/24 network on router-2. Please keep in mind that the two prior networks are configured on the ethernet interfaces of the router and are separated by the WAN (172.16.4.0/24) on the serial0 interfaces of the routers. The new static entry looks like this.

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#ip route 172.16.5.0 255.255.255.0 172.16.4.2 permanent
router-1(config)#^Z

I then verified the route in the routing table.

router-1#show ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
U – per-user static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 3 subnets
C 172.16.4.0 is directly connected, Serial0
S 172.16.5.0 [1/0] via 172.16.4.2
C 172.16.3.0 is directly connected, Ethernet0

I tested the entry using the “ping” command from router-1.

router-1#ping 172.16.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
router-1#ping 172.16.5.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.5.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

The Internet Protocol (IP) address of 172.16.5.1 is the default gateway of the 172.16.5.0/24 network and the IP address of 172.16.5.2 is the host on the network. As you can see from the output above this static route entry was entered correctly and is functioning properly.

Enjoy!


Cisco – Performing a Password Reset on a Cisco Router

If you ever find yourself locked out of a Cisco router because you forgot the enable secret (privileged mode) password you may use the following steps to perform a password recovery on the Cisco device. The router in this example is 1700 series Cisco router.

1. Press ctrl+break during the boot sequence and enter ROM monitor mode.

monitor: command “boot” aborted due to user interrupt
rommon 1 >

2. Change the configuration register value to 2142 (0×2142).

rommon 1 > confreg 0×2142

You must reset or power cycle for new config to take effect

3. Reload the router using the ‘reset’ command.

rommon 2 > reset

4. Respond with a ‘no’ when prompted to enter setup mode.

— System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: no

5. Type ‘enable’ to enter privileged mode.

Router>enable

6. Copy the startup-config file into the running-config file.

Router#copy startup-config running-config
Destination filename [running-config]?

1154 bytes copied in 0.892 secs (1294 bytes/sec)

7. Configure the enable secret password (in this example I set the enable secret password to ‘cisco’).

router-1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#enable secret cisco

8. Change the configuration register back to the default value of 2102 (0×2102).

router-1(config)#config-register 0×2102

9. Copy the running-config file into the startup-config file.

router-1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]

10. Reload the router (optional).

router-1#reload
Proceed with reload? [confirm]

Once the router reloads all you have to do is login to user mode then use your new privileged mode password (the example above used ‘cisco’).

Enjoy!


Domain Name System – Propagation

If you ever update Domain Name System (DNS) records on a DNS server you may use the following method to verify that the updated record(s) are propagating to all internet DNS servers. The server in this example is utilizing Linux CentOS-5.5 64bit.

The command you may use is the following “nslookup” and the manual reveals the following information concerning the syntax of this command.

NAME
nslookup – query Internet name servers interactively

SYNOPSIS
nslookup [-option] [name | -] [server]

For instance, if I wanted to verify the A record for the domain google.com on separate DNS servers then I would use the following command.

# nslookup google.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: google.com
Address: 74.125.115.104
Name: google.com
Address: 74.125.115.105
Name: google.com
Address: 74.125.115.147
Name: google.com
Address: 74.125.115.99
Name: google.com
Address: 74.125.115.103
Name: google.com
Address: 74.125.115.106

# nslookup google.com 128.107.241.185
Server: 128.107.241.185
Address: 128.107.241.185#53

Non-authoritative answer:
Name: google.com
Address: 209.85.229.147
Name: google.com
Address: 209.85.229.99
Name: google.com
Address: 209.85.229.104

# nslookup google.com 151.197.0.38
Server: 151.197.0.38
Address: 151.197.0.38#53

Non-authoritative answer:
Name: google.com
Address: 74.125.91.104
Name: google.com
Address: 74.125.91.103
Name: google.com
Address: 74.125.91.106
Name: google.com
Address: 74.125.91.105
Name: google.com
Address: 74.125.91.147
Name: google.com
Address: 74.125.91.99

The examples above query the Google, Cisco and Verizon DNS servers. During a search on the internet, I found the following list of public DNS servers that you may use.

Google
======
8.8.8.8
8.8.4.4

Level 3 Communications (Broomfield, CO, US)
=============================
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

Verizon (Reston, VA, US)
================
151.197.0.38
151.197.0.39
151.202.0.84
151.202.0.85
151.202.0.85
151.203.0.84
151.203.0.85
199.45.32.37
199.45.32.38
199.45.32.40
199.45.32.43

Cisco (San Jose, CA, US)
================
64.102.255.44
128.107.241.185


Cisco – Configuring a Wide Area Network (WAN) and Telnet

You may use the following commands to configure a Wide Area Network (WAN) between two Cisco routers in a lab environment. The routers in this example are Cisco 2501 routers. Also, I will print the output from the “router-1″ router and you may mirror these configurations on the “router-2″ router (I will note any exceptions below).

This network will consist of two routers. The Internet Protocol (IP) address of “router-1″ will be 172.16.4.100/24 and the IP address of router-2 will be 172.16.4.101/24. This IP addressing assignment puts these routers on the same network so that they may communicate as a Wide Area Network (WAN) link.

1. Configure the interfaces.

===START===

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#interface serial 0
router-1(config-if)#ip address 172.16.4.100 255.255.255.0
router-1(config-if)#clock rate 4000000
router-1(config-if)#description Wide Area Network (WAN) Link – DCE
router-1(config-if)#no shutdown

===END===

Notice that this is interface “Serial 0″ on the router. Additionally, I have given the interface a description and I have used the “clock rate” command as this interface will provide the clocking for this WAN (using the back-to-back serial cable).

2. Configure the telnet password on each router.

===START===

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#line vty 0
router-1(config-line)#password abc123
router-1(config-line)#login

===END===

In the above example I chose a very simple password “abc123″ because this is a lab environment.

3. Connect the back-to-back serial cable to the routers. You will plug the date communication equipment (DCE) end of the cable into the router that will be providing the clocking for this network (router-1 in this example) and plugging the date terminal equipment (DTE) end of the cable into the router that will be receiving the clock in this network (router-2 in this example).

In a non-production environment (such as the one in this example) I must use a back-to-back serial cable and use the “clock rate” command on the DCE side of the cable or the network will not function.

Now that all of the configurations have been provided on “router-1″ you may mirror these configurations on “router-2″. The difference would be that interface Serial 0 on “router-2″ would have an IP address of 172.16.4.101, you would not use the “clock rate” command on this router and optionally you may change the description to the following “Wide Area Network (WAN) Link – DTE”.

At this point we can test the IP connectivity between the routers by using the PING command as well as using the Telnet function.

router-1#ping 172.16.4.101

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.4.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
router-1#telnet 172.16.4.101
Trying 172.16.4.101 … Open
User Access Verification

Password:
router-2>

From the above output we see that we can PING and Telnet to router-2 successfully so this wide area network link is functioning correctly.


Cisco – Configure a Description on a Cisco Interface

You may use the following commands to configure a description on a Cisco router or switch. Please note that this will not affect the performance of the router or switch but I recommend doing this for easier administration.

===BEFORE===

router-1#show running-config interface FastEthernet0
Building configuration…

Current configuration : 68 bytes
!
interface FastEthernet0
no ip address
shutdown
speed auto
end

===CONFIGURING THE DESCRIPTION===

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#interface FastEthernet0
router-1(config-if)#description Local Area Network (LAN) Link – 1
router-1(config-if)#^Z

===AFTER===

router-1#show running-config interface FastEthernet0
Building configuration…

Current configuration : 115 bytes
!
interface FastEthernet0
description Local Area Network (LAN) Link – 1
no ip address
shutdown
speed auto
end

===SAVE THE CONFIGURATION===

router-1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]

I understand that this is a basic task so please stay tuned for more advanced configurations in the future.


Cisco – Configuring a Dynamic Host Configuration Protocol (DHCP) Server

You may use the following commands to configure a DHCP server on a Cisco router. The router in this example is a non-ISR 1720 Cisco router being run on Graphic Network Simulator 3 (GNS3). This configuration will name the pool of Internet Protocol (IP) addresses as Marketing, assign an IP address, subnet mask, default gateway, Domain Name System (DNS) server, DHCP lease and excluded IP addresses 172.16.2.1-172.16.2.99.

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#ip dhcp pool Marketing
router-1(dhcp-config)#network 172.16.2.0 255.255.0.0
router-1(dhcp-config)#default-router 172.16.1.1
router-1(dhcp-config)#dns-server 172.16.3.1
router-1(dhcp-config)#lease 8 0 0
router-1(dhcp-config)#exit
router-1(config)#
router-1(config)#ip dhcp excluded-address 172.16.2.1 172.16.2.99
router-1(config)#

You can see that I started in privileged mode and moved the command prompt to global configuration mode to configure the DHCP settings. I named the pool “Marketing” for this example. Additionally, the “default-router” setting is the IP address of the router’s interface that the hosts will connect to. Lastly, the lease command is configured in days, hours then minutes (so the configured lease is for exactly eight days).

I hope this post proves helpful to you!