Feedback and Reflections

Our final class of the course has come :( 

Agenda

1. Final Comments and Resources - learning, friends, and next steps
• Class Contact Sheet
• Certificates
• Vue and Vouchers
• Student Employment Services & eJobs
2. Requirements and Requests
• SBAs
• Final Exam
• Feedback(s)
3. Testimonials and Reflections
4. Celebration Time - who brought the cake and ice cream?

Final Comments and Resources

Thank you for the opportunity to learn with you.  I appreciate your interest in learning and hope this course has raised your awareness, offered learning opportunities, and/or provided greater understanding relating to networking.  You have worked extremely hard, and I recognize this.  I am hopeful I met your expectations and goals, and possibly exceeded them.

Please take the opportunity tonight to establish connections with your classmates.  Together, you may form a study group, or even the next great company.  Give it a chance.  Blame me for making a new friend.  You are welcome to post your information on the class contact sheet, only available to CCNA Complete students.

Please remember to print out your certificates and letters from the gradebook.  I recommend printing in color.  If you need to obtain my signature, you will have to visit a future class and enrich the next group of learners :)

You can sign up for the certification exam from VUE.  Vouchers may be available on your student home page, under professional development (near the bottom), if you scored well enough on the E4 final exam.

Montgomery College offers Student Employment Services and eJobs.  This is a service of the college that offers assistance with resumes, interviewing, and much more.  It may be worthwhile to take advantage of the advising, planning, and counseling services.

Requirements and Request
You have worked hard, and should remember to keep your SBA files available, as a reference as well as a portfolio artifact.

The final exam is intended to challenge you.  Please do your best.

Please take a moment to provide feedback regarding this Cisco Networking Academy course.

The following forms are for different purposes. Please complete the form requested by your instructor, at the specific time requested.

Cisco Networking Academy

All students are required to complete a skills-based assessment, online final assessment, and a feedback form in order to graduate each semester and be eligible for the following semester. This form is intended for Cisco to improve the academy.  This form is found under take assessments of the Netspace.

Montgomery College

All students are required to complete a course evaluation at the end of the course. This form is used by the information technology institute to improve the course.

Derek

Each semester, I request informal feedback as part of my professional development. I am passionate about teaching and learning, and work to improve my knowledge and skills. Your feedback helps me grow, and is greatly appreciated. It is anonymous, unless you wish to add your name.

Thank you, in advance for helping to improve upon the Cisco Networking Academy @ Montgomery College Information Technology Institute, taught by Mr. Derek Sontz.

Testimonials and Reflections

Please consider posting a testimonial (if you liked the course), which will be posted on the blog and used to encourage others like you to take part in the CCNA Complete Learning Experience.

On a final note, consider taking a final look at the Reflections form as you prepare for the certification exam.  These are the certification objectives Cisco is certifying, and they would be nice to reflect upon prior to sitting for the exam.

Thank you again.  You are welcome back anywhere I am.

"Stay well, keep in touch, and do good work" GK

U.S. Department of Homeland Security (DHS) 2015 HS-STEM Summer Internships

Now accepting applications for

U.S. Department of Homeland Security (DHS)

2015 HS-STEM Summer Internships

The U.S. Department of Homeland Security (DHS) sponsors a 10-week summer internship program for undergraduate and graduate students majoring in homeland security related science, technology, engineering and mathematics (HS-STEM) Disciplines. The program provides students with quality research experiences at federal research facilities located across the country and allows students the opportunity to establish connections with DHS professionals. It is open to students in a broad spectrum of HS-STEM Disciplines and DHS mission-relevant Research Areas.

Undergraduate students receive a $6,000 stipend plus travel expenses.

Graduate students receive a $7,000 stipend plus travel expenses.

10-week research experiences are offered at: Argonne, Berkeley, Livermore, Los Alamos, Oak Ridge, Pacific Northwest, and Sandia National Laboratories; as well as at Homeland Security Studies and Analysis Institute, Coast Guard Research and Development Center, Customs and Borders Protection Laboratories and Scientific Services, Domestic Nuclear Detection Office, Federal Emergency Management Agency, Naval Research Laboratory, Engineer Research and Development Center, National Security Technologies Remote Sensing Laboratory, Transportation Security Laboratory, and more.

Areas of research: Engineering, computer science, mathematics, physics, chemistry, biological / life sciences, environmental science, emergency and incident management, social sciences, and more.

U.S. citizenship required

Application deadline: December 22, 2014

Detailed information about the internships can be found at: http://www.orau.gov/dhseducation/internships/

A poster is located at: http://www.orau.gov/dhseducation/internships/files/hs-stem-2015-poster.pdf

Previous participants’ testimonials can be found at http://www.orau.gov/dhseducation/internships/stories-hsstem.html

DHS has partnered with the Oak Ridge Institute for Science and Education (ORISE) to manage the program. For questions please email us at dhsed@orau.org

Skills-Based Assessments (SBA): Setup, Configuration, Testing and Saving

Each semester, students are required to take a skills-based assessment, online final assessment, and feedback. Without successfully completing these three tasks the following semester assessments will not become active.

The skills-based assessments requires a Packet Tracer file showing a working topology with correct device configurations and simulating traffic. Device configurations should also be in notepad files, providing quick configuration of physical devices.

Please be sure to correctly label, save, and submit your work to the shared folder. It is also suggested for you to keep a backup copy for your records.

The following displays the labeling expected for files submitted to the shared folder.

Introduction to Networks (ITN)
Folder: ITN-sba-lastname(s)

• ITN-sba-lastname(s)

Routing and Switching Essentials (RSE)
Folder: RSE-sba-lastname(s)

• RSE-sba-lastname(s).pkt
• RSE-sba-R1
• RSE-sba-R2
• RSE-sba-R3
• RSE-sba-S1
• RSE-sba-S2

Please consider a systematic approach to each SBA, becoming more efficient and effective in setup, configuration, testing, and saving your work.

Consider...

1. Clear Devices
• Remove any residual configurations on both the routers and switches
2. Cable Hardware
3. Create Packet Tracer File, simulating SBA
• Save file as noted above
4. Copy Configurations
• Copy configurations to notepad
• Clean up files of unwanted and unknown commands
5. Paste to Host
• Paste configuration files (from notepad) onto physical devices
• No Shutdown Interfaces
6. Test
7. Save Files as noted above and Submit to Netspace.

Final Classes

A lot of work has been accomplished.  A significant amount of learning has occurred.  There is always more to learn though.  Keep up the solid work ethic as the final semester and certification comes nearer.  Please add to, modify if necessary, and improve upon the shared document in an effort to achieve the perfect Certification Preparation Sheet (CPS :)

I appreciate and thank you for the opportunity to have you as a student, and would appreciate you returning any resources you may have borrowed.  Please return them to me before the end of the course.

In the remaining classes, it is important to keep track of the time. The following list are part of your CCNA Complete portfolio and items to be accomplished before the end of the course.

• Skills-Based Assessments (SBAs) are expected to be submitted to Netspace.


• tested and clearly labeled configurations able to be copied and pasted to host for immediate topology configuration
• this includes notepad configurations for each device as well as a single packet tracer file


• The semester completed, including the Final Assessment and Feedback
• Practice Certification Exams
• Review of Certification Objectives (Reflections and Shared Doc)
• Practice Final Exam v2

Shared CCNA spreadsheet
A shared spreadsheet is available for students to team up and develop for the purposes of directly identifying with the certification objectives and the many resources available for learning the objective.  They may come from a book, the curriculum, online, a friend, etc.  The important thing to remember is the power of working as a team in order to build something of value to the team and others.  Remember that there are many tabs to the spreadsheet.

Labs
Please ensure you have completed and submitted your Skills-Based Assessment (SBA) requirements.  This includes their Packet Tracer file as well as notepad files for each of the devices submitted to the shared folder.  You are welcome to practice any lab from any semester, however, I recommend ensuring the SBAs are understood and mastered.

Assessments
There is a practice certification exam.  It will be available on Saturday for students wishing to take them.  Additionally, the chapter assessments will be available.  The practice final exam will also be available for students to do for homework.  Please check the gradebook to see the assessments you have not taken yet.  Reviewing the personalized feedback can be most beneficial to students for reviewing before the final and certification exam.

Packet Tracer
Students have the opportunity to practice the Skills-Based assessments using Packet Tracer online.  There is a Practice Skills Assessment - PT available on Netspace.

Students are encouraged to actively participate in the following opportunities in teams.

1. Certification Prep: Develop the CCNA Objectives spreadsheet, ensuring a lasting resource is directly related to the areas of certification testing.
2. Troubleshooting: Practice configuring SBAs, having a student modify a few parts of the network, then have the remaining students troubleshoot the problems.
3. Review: Review chapter assessments related to RS and discuss what is clear, foggy, and unknown.

Continuing Ed???

If you are a student who needs some financial aid to register for module II, you need to know about this scholarship.  The application for the spring semester will be available this week.  

http://www.montgomerycollege.edu/wdce/careerpathscholarship.html

ABOUT THE CAREER PATH SCHOLARSHIP PROGRAM
A limited number of scholarships are available, pending funding, through Montgomery College Workforce Development & Continuing Education for qualified students pursuing career path courses with the intention to obtain entry-level employment.  The scholarship is awarded for up to $1000 to cover tuition and fees only.  The scholarship may be applied to one or more eligible courses, within the career area chosen, to pay tuition and fees not covered by another funding source, waiver eligibility, or payment plan (including employers).  This scholarship will not cover 100% of the applicable tuition and fees if the total tuition and fees exceed $1000.

Embedded Event Manager Overview

• Embedded Event Manager Overview
• Cisco IOS Embedded Event Manager (EEM)
• Cisco EEM Basic Overview and Sample Configurations

Understanding Cisco Auto Archive Feature to Backup Configuration File

https://learningnetwork.cisco.com/blogs/vip-perspectives/2013/10/30/understanding-cisco-auto-archive-feature-to-backup-configuration-file

Gizmodo Australia: What Happens When Routers Go Wrong?

http://google.com/newsstand/s/CBIw6bHx2Ro

RSE Lab Day

Welcome to your labs for Routing & Switching Essentials (RSE).

The primary purpose of lab days are for students to work on labs and build networking skills working directly with the hardware and software. Students are able to work on the curriculum, assessments, and any other course material to improve their awareness, learning, and understanding. Students are highly encouraged to work in teams, and share their learning.

Skills-based assessment(s) can also be practiced.

Make a goal to master the following labs!

ITN 0.0.0.1 Lab - Initializing and Reloading a Router and Switch

*2.1.1.6 Lab - Configuring Basic Switch Settings *2.2.4.11 Lab – Configuring Switch Security Features

*3.3.2.2 Lab – Implementing VLAN Security *3.2.2.5 Lab – Configuring VLANS and Trunking

*4.1.4.6 Lab – Configuring Basic Router Settings with IOS CLI

*5.1.3.7 Lab – Configuring 802.1Q Trunk-Based Inter-VLAN Routing

*8.2.4.5 Lab – Configuring Basic Single-Area OSPFv2

*9.2.3.4 Configuring and Verifying VTY Restrictions

*10.1.2.5 Lab – Configure Basic DHCPv4 on a router

*11.2.2.6 Lab – Configure dynamic and static NAT

DTP: How do I know the functionality of a switch port?

Dynamic Trunking Protocol

• Access
• Dynamic Auto
• Dynamic Desireable
• Trunk

Switch#show interfaces switchport

Native VLAN Explained

Here is the scoop! Trunks ONLY CARRY TAGGED FRAMES, that's what trunks were designed to do. the purpose of a trunk is to be able to TRANSFER DATA FROM DIFFERENT VLANs. The reason the frames are tagged before they traverse the trunk is so that when it gets to the other side of the trunk, the switch can READ THE TAG AND DETERMINE WHICH VLAN THE FRAME BELONGS TO and then forward it on to that VLAN.

Now the native VLAN. The purpose of the native VLAN is so that if untagged data finds its way traversing the trunk (usually because it entered the trunk somewhere in the middle, most likely from a connected hub so that the frame could not be tagged by the switch before entering the trunk), when that untagged frame gets to either end of the trunk, the switch then reads the frame sees that it is an untagged frame that ended up on the trunk and sends that untagged frame to the VLAN that has been assigned as the native VLAN.

Remember, TRUNKS ONLY CARRY TAGGED FRAMES, all untagged frames goes to the native vlan. So to answer your question, if VLAN1 hits the trunk, it too will be tagged, so that the switch on the other side of the trunk can determine which VLAN the frame belongs to and forward the frame to the appropriate VLAN.

For more discussion on this topic, take a look at https://learningnetwork.cisco.com/thread/2217.

PCWorld: Quality of Service explained: How routers with strong QoS make better home networks.

http://google.com/newsstand/s/CBIwzeT-1Ro

ABC News: Software bug may pose bigger threat than Heartbleed.

http://google.com/newsstand/s/CBIwqd_H2x8

Forbes Now: Forbes Career Opportunity: Senior Network Engineer

http://google.com/newsstand/s/CBIwiM_Wtho

PCWorld: Cisco patches traffic snooping flaw in operating systems used by its networking gear.

http://google.com/newsstand/s/CBIw3c_ewxo

Equipment for Sale

If you are in the market for networking equipment, take a look at this list of items and see Derek for more information.  While Packet Tracer is an incredible and worthwhile tool, nothing beats hands on with the actual devices.

Sr. No.	Equipmment List	Qty.	Used	New
1	Cisco 2620 with 10/100TX and WIC	1	x
2	Cisco 2620 with no LAN/WAN card	1	x
3	Cisco 2610 with 10/100TX and WIC	1	x
4	Cisco WS-3550-24 FX SMI	1		x
5	Cisco Aironet AP 350	3	x
6	Cisco AIR-1231G-A-K9	3		x
7	Cisco WS-C3524-XL-EN	2	x
8	Cisco WS-C2924-XL-EN	1	x
9	Cisco WS-C3524-PWR-XL-EN	1		x
10	Cisco WS-C3524-PWR-XL-EN	1		x
11	Cisco WS-3550-48-EMI	1		x
12	Cisco 1720 router	2	x
13	Cisco CAT5509 with 3 WS-X5224 + 2 sup modules	1	x
14	Nokia IP  330 Firewall	3	x
15	Nokia IP  440 Firewall	2	x
16	Netscreen 10 Firewall	1	x
17	Zyplex MaxServer - 1620-20TX	11	x
18	Bay Networks 350T	1	x
19	Bay Networks 450T	2	x
20	Bay Networks ARN-1	2	x
21	Fore Systems ES-1200	3	x
22	Fore Systems/Marconi Communications Accelar-1200	4	x
23	Fore Systems/Marconi Communications ES2810	1	x
24	Fore Systems/Marconi Communications ESX-24-24TX+2OC12-MM	1	x
25	Fore Systems/Marconi Communications ASX-2008X	2	x
26	Fore Systems/Marconi Communications Power Hub-7000	1	x
27	Fore Systems/Marconi Communications ASX-1000	1	x
28	Fore Systems/Marconi Communications ESX-NAC-1	2	x

How Encryption Works

http://computer.howstuffworks.com/encryption3.htm

Public Key Encryption

One of the weaknesses some point out about symmetric key encryption is that two users attempting to communicate with each other need a secure way to do so; otherwise, an attacker can easily pluck the necessary data from the stream. In November 1976, a paper published in the journal IEEE Transactions on Information Theory, titled "New Directions in Cryptography," addressed this problem and offered up a solution: public-key encryption.

Also known as asymmetric-key encryption, public-key encryption uses two different keys at once -- a combination of a private key and a public key. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. Although a message sent from one computer to another won't be secure since the public key used for encryption is published and available to anyone, anyone who picks it up can't read it without the private key. The key pair is based on prime numbers (numbers that only have divisors of itself and one, such as 2, 3, 5, 7, 11 and so on) of long length. This makes the system extremely secure, because there is essentially an infinite number of prime numbers available, meaning there are nearly infinite possibilities for keys. One very popular public-key encryption program is Pretty Good Privacy (PGP), which allows you to encrypt almost anything.

http://static.howstuffworks.com/flash/encryption-animation.swf

The sending computer encrypts the document with a symmetric key, then encrypts the symmetric key with the public key of the receiving computer. The receiving computer uses its private key to decode the symmetric key. It then uses the symmetric key to decode the document.

To implement public-key encryption on a large scale, such as a secure Web server might need, requires a different approach. This is where digital certificates come in. A digital certificate is basically a unique piece of code or a large number that says that the Web server is trusted by an independent source known as acertificate authority. The certificate authority acts as a middleman that both computers trust. It confirms that each computer is in fact who it says it is, and then provides the public keys of each computer to the other.

Let’s check out an IPv6 header

Let’s check out an IPv6 header.

with one comment

 

I touched on the IPv6 addressing scheme a few weeks ago before and I wanted to continue the trend into a few more IPv6 related posts but that last IPS post spiked my interest, so I had to publish that one. Now we know the addressing scheme is different in IPv6 but what about the packet format? Obviously the packet headers will be larger because the source and destination addresses within that header are now 128 bits but let’s see what else we have in the IPv6 header:

 

 

Now that doesn’t look too intimidating right? I think that looks a little simpler compared to the IPv4 packet header. Now let’s see what we got going on here:

• Version: This field is in an IPv4 packet and simply tells us what version of IP we are running. Since this is an IPv6 packet it’s going to have a value of 6
• Traffic Class: This is the equivalent of the DiffServ/DSCP portion of the IPv4 packet which carries the QoS markings of the packet. Just like in IPv4 the first 6 bits are designated for the DSCP value, and the next 2 bits are for ECN (Explicit Congestion Notifications) capable devices.

• Flow Label: This field is 20 bits long and is defined in RFC 6437, I’ll admit finding information about the flow label is tough, but the RFC state this field could be used as a ‘hash’ for the routing devices look at and make forwarding decisions based on the field’s value. Its intention is for stateless ECMP (Equal Cost Multi-Path) or LAG mechanisms, but we will have to see how different vendors implement this feature. I’d take guess that IPv6 CEF will use the flow label, but I’ll have to wait and see.

• Payload Length: Specifies the size of the data payload following the IPv6 header. 
• Next Header: This field is 8-bits and specifies the layer 4 transport protocol which follows the IP header. These values are hex format as well, you’ll notice ICMPv6 has a value of 0x3a, IPv6 protocol numbers use the same numbers that were used in IPv4. IANA’s list of protocol numbers can be found here.
• Hop Limit: This is also an 8-bit field and replaces the TTL field that was in the IPv4 header. Each hop decrements the hop limit value by 1 and when the hop limit reaches Zero the packet is discarded.
• Source/Destination: This should go without saying but it tells you the source IPv6 address of the packet and the destination IPv6 address this packet is destined to. As you would expect both of these field are 128-bits each.

So there is a snappy run down of the IPv6 IP Packet header, I think it is actually simpler than the IPv4 IP packet headers but don’t tell that to a Cisco router. Remember these packet headers are considerably larger than their IPv4 counterparts so it takes more processor power to process IPv6 packets which is not a problem for the ISR G2’s we have todays but it is something you might want to keep in mind when run IPv6 on older hardware.
Now back to CCIE: R/S Labbing I go!

Cisco Express Forwarding (CEF)

From Cisco Learning Network

"Process switching requires the CPU to be personally involved with every forwarding decision.

Fast switching still uses the CPU, but after a packet has been forwarded, information about how to reach the destination is stored in a fast-switching cache.  This way, when another packet going to the same destination is seen, the next hop information can be re-used from the cache, so the processor doesn’t have to look up and assemble all the information again.  If the information is not cached, (for example a first packet for a given destination network) the CPU will have a similar workload, for that packet, as if fast switching was not in use.

Cisco Express Forwarding (CEF), is the evolution of optimizing the router to make it be able to forward more packets faster.  CEF cheats a little, by building a Forwarding Information Base (FIB), and an adjacency table.  The FIB is accessed very quickly based on how they built it (it is Cisco proprietary), and contains pre-computed reverse lookups, next hop information for routes including the interface and L2 information to use.  (All the stuff a router would have to consider when forwarding a packet).

In short:

Process switching is like doing math, long hand.   

Fast switching, using the cache, is like doing a problem once long hand, and subsequent problems you remember the answer for, (from memory, or the cache).

CEF is like having programmed an excel spreadsheet, and when the numbers hit the cells, the answer is already calculated.

Best wishes,

Keith (Barker)"

From Routing bits

What is CEF?

Definition from Cisco.com :

Cisco Express Forwarding (CEF) is advanced, Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns, such as the Internet, on networks characterized by intensive Web-based applications, or interactive sessions.

To understand this better, one has to understand why and how CEF came about.  With Cisco IOS  there are different Switching Methods, that define how packets are forwarded through a router. The first method, which happens to be the oldest and slowest is Process-Switching. Alternatively when  packets arrive, the interface processor can interrupt the central CPU and asks it to switch the packet according to a route cache or switching table. That cache or table can be built in several ways, the two of interest here are Fast-Switching and CEF.

With Process-Switching, when a packet enters the router the Layer-2 info is stripped off,   the packet is then copied to the CPU memory where a L3  lookup is performed, and any other CPU required features, like NAT, queuing, compression etc, along with any other housekeeping like lowering the TTL, recalculating the CRC are done, before the frame is rewritten with the new L2 destination address and sent to the outgoing interface. The Big, the Bad and the Ugly!

With Fast-Switching, the first packet in a flow is still copied to the CPU for the L3 lookup and housekeeping, before being rewritten with the L2 destination address. The switching of the first packet by the central CPU gives the CPU the opportunity to build a cache called the fast-switching cache, which is used to switch all subsequent packets for the same destination using the same switching path across the router. With Fast-Switching the cache is only built on demand, which can be time consuming when huge numbers of potential destinations are involved. To avoid this a pre-build cache was needed, and thus CEF was born.

With CEF (Cisco Express Forwarding), there are two main data structures:

• The Adjacency-Table : is responsible for the MAC or Layer 2 rewrite. This adjacency can be built from ATM,  Frame Relay map statements, dynamic information learned from Ethernet-ARP, inverse ARP on ATM, or Frame Relay. The Layer 2 rewrite string contains the new Layer 2 header which is used on the forwarded frame.  For Ethernet, this is the new destination and source MAC address and the Ethertype. For PPP, the Layer 2 header is the complete PPP header, including the Layer 3 protocol ID.

• FIB (Forwarding Information Base) Table : The CEF table/FIB table holds the essential information, taken from the routing table, to be able to make a forwarding decision for a received IP packet. This information includes the IP prefix, the recursively evaluated next hop, and the outgoing interface.

The CEF process flow:

1. When a packet enters the router, the router strips off the Layer 2 information.
2. The router looks up the destination IP address in the CEF table (FIB), and it makes a forwarding decision.
3. The result of this forwarding decision points to one adjacency entry in the adjacency table.
4. The information retrieved from the adjacency table is the Layer 2 rewrite string, which enables the router to put a new Layer 2 header onto the frame,
5. The packet is switched out onto the outgoing interface toward the next hop.

To enable Proccess-Switching on a interface you have to disable Fast-Switching and CEF that is enabled by default:

#no ip route-cache
#no ip cef

To enable Fast-Switching on a interface use the following command:

#ip route-cache

To display the IP Fast-Switching Route-Cache :

#show ip cache [verbose] [prefix mask]

To enable CEF globally  (Default = Enabled) :

#ip cef

To enable CEF on the interface :

#ip route-cache cef


To see the CEF Adjacency Table, the [detail] option displays the L2-Rewrite string:

#show adjacency [detail]

To see the CEF FIB Table:

#sh ip cef [prefix]

Helpful IOS Commands

Router Commands

• Logging Synchronous
• No IP Domain-Lookup
• No Logging Console

Old Information

• Modes - user exec vs. privileged exec vs.
• ? and [space] ?
• Tab = autocomplete
• Return vs. Space Bar
• Up Arrow = history
• Exit vs. End