Friday, January 29, 2016

Raspberry PI Installation

Previous | Home | Next


Download the Linux image for Raspberry Pi (I use Raspbian) 


Image Download


Raspbian-Download-Page

Then follow the installation instructions:











Since I use Linux to image the SD card, so this is what it is going to look like:



1. Checksum check if the file is intact.

sha1sum 2015-05-05-raspbian-wheezy.zip

cb799af077930ff7cbcfaa251b4c6e25b11483de



Compared with the number on 'download' page and the digest value is the same.



2. Check how my system detects sd card. 



First 'df -h' without sd card installed




Output withot sd card
Output without SD Card



Then insert sd card and  repeat the same command:




Output with SD Card Inserted



My system mounts sd card as: /dev/mmcblk0p1.


3. Unzip the image downloaded:


unzip 2015-05-05-raspbian-wheezy.zip 



4. Unmount sd card


umount /media/jaro/D681-1D95



5. Using 'dd' copy the image onto the sd card (make sure you use the whole partition of the card - here: /dev/mmcblk0)


$ sudo dd bs=4M if=2015-05-05-raspbian-wheezy.img of=/dev/mmcblk0



It will take a while to copy image and nothing shows on the screen during that time. Just give it a time.



6. Insert sd card into Raspberry PI and connect to your TV set.



Once my Raspberry PI is hooked up to the TV set



A tool called 'raspi-config' is the first thing that is greeting me. It can be invoked at any point from CLI (command line interface) using the following command: 




$ sudo raspi-config




all information on raspi-config can be found at: http://elinux.org/RPi_raspi-config




Avoiding too much deliberation I arrive with the following settings:






Option 1: Expand Filesystem

This allows system to see and use the whole SD Card.



Option 2: Change User Password.

I have changed default password (defaults: user=pi, password=rasbberry)



Option 3: Enable Boot to Desktop/Scratch

Console Text console, requiring login (default)

In case I wanted Graphical User Interface (GUI) I can always type:



$ startx




Graphical User Interface is pretty and makes simple task simple. But my goal is to discover the full power of this little computer and Linux. This is why I will be using SHELL most of the time.



Option 8: Advanced Options

A3: Memory Split

(How much memory should the GPU have)? 32

Since I don't use GUI, 32 MB should do.



A4: SSH (in order to be able to log on to PI from other computers (putty etc.)



If I don't like them I can change them anytime I want by invoking the tool again. 



The last thing I want to do is to make sure that IP address of my Raspberry PI has a static IP address rather than using DHCP server. It will make my ssh access much easier later.



I edit the file in which system keeps the information about IP settings (I'm choosing IP address that is not part of DHCP in my network (A.B.C.D are values used in my home network):



$ sudo nano /etc/network/interfaces




iface eth0 inet static

 address A.B.C.D

 netmask 255.255.255.0

 network A.B.C.0

 broadcast A.B.C.255


 gateway A.B.C.254


Content saved with CTRL-x / save
(Note: learn VIM text editor. It's usage is more difficult but gives more power as well).



And...

IT'S ALIVE









Previous | Home | Next

Tuesday, January 19, 2016

Lab 2-2 Port Address Translation




Lab pre-requisites:
Lab 2-1 Packet Tracer Topology Download.

Topology Diagram


Connecting a LAN to the Internet requires a little thought as there are few ways of doing it. Here we are going to explore three of them:
  • Static NAT (one-to-one translation)
  • Dynamic NAT (many-to-many translation)
  • Dynamic NAT Overload or PAT (many-to-one translation)
Task 1: Defining static IP addresses and setting a static default route.
Task 2: Configure NAT.
Task 3: Configure PAT.

Port Address Translation
(NAT Overload)
Solution

Both, Dynamic NAT and PAT (Port Address Translation) are not used to allow users on the Internet to access local resources. They are designed to allow local users using private address scope to communicate on the Internet.

PAT is arguably the most popular way of connecting private network to the Internet. Before we do that let's clean up our previous lab configuration first:

On Branch Router:

Branch(config)#no ip nat inside source list 1 pool PUBLIC
Branch(config)#no ip nat pool PUBLIC 209.165.201.3 209.165.201.10 netmask 255.255.255.224

Branch(config)#

Now we're good to go with PAT configuration.

Since all is already configured except for nat command let's add it (line in blue)

interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 209.165.201.1 255.255.255.224
ip nat outside
duplex auto
speed auto

!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
ip route 0.0.0.0 0.0.0.0 209.165.201.2
!
ip flow-export version 9
!
!
access-list 1 permit 10.1.1.0 0.0.0.255
!

The advantage of this NAT method is that all your router needs to have is one public IP Address configured on the interface facing the Internet. Ports used by communication at layer 4 will be used as distinguishing elements to allow router keep the track of the existing sessions.

Monday, January 18, 2016

Lab 2-2 Dynamic NAT




Lab pre-requisites:

Lab 2-1 Packet Tracer Topology Download.

Topology Diagram


Connecting a LAN to the Internet requires a little thought as there are few ways of doing it. Here we are going to explore three of them:
  • Static NAT (one-to-one translation)
  • Dynamic NAT (many-to-many translation)
  • Dynamic NAT Overload or PAT (many-to-one translation)

Task 1: Defining static IP addresses and setting a static default route.
Task 2: Configure NAT.
Task 3: Configure PAT.

Dynamic NAT
Solution

Since in our previous lab exercise we used DHCP to assign IP Address to our Branch router, this time around let's try to do it manually (I should've done this in previous task; ups).

We begin by removing NAT line from our configuration on Branch

On Branch Router:

Branch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Branch(config)#no ip nat inside source static 10.1.1.100 209.165.201.10

Branch(config)#

We leave the following though:

interface FastEthernet0/0
 ip nat inside
!
interface FastEthernet0/1
 ip nat outside
!

They will be used in all flavors of NAT we configure here.

Now we need to configure the following steps to complete the lab:

  • IP Address assigned manually (default router will have to be added manually too).
  • Pool of public IP Addresses will need to be added (we'll use 209.165.201.3 - 209.165.201.10 /27).
  • Access Control List will need to be added to match on source IP addresses (subnet 10.1.1.0).
  • Dynamic NAT configuration.
And this is where the rubber meets the road.

Assign IP Address Manually

Branch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Branch(config)#int f0/1
Branch(config-if)#ip address 209.165.201.1 255.255.255.224
Branch(config-if)#exit

Default Route Configuration

Branch(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.2

Branch(config)#


Configuring Pool of Public Addresses (inside global)

Branch(config)#ip nat pool PUBLIC 209.165.201.3 209.165.201.10 netmask 255.255.255.224
Branch(config)#



NOTICE!
Packet tracer only supports 'netmask' argument. It does NOT support 'prefix-length number'.


Access Control List Configuration

Branch(config)#access-list 1 permit 10.1.1.0 0.0.0.255
Branch(config)#

Dynamic NAT Configuration

Branch(config)#ip nat inside source list 1 pool PUBLIC
Branch(config)#


NOTICE!
IOS is case sensitive when it comes to defining name and using them ('PUBLIC' is not the same as 'public').



At this point there are NO NAT entries built in the NAT table. However, if we send the ping packet from PC1 towards 209.165.201.2, the entry is going to be created.




NOTICE!
Packet Tracer emulates real life behavior. First ping attempt lost two packets on ARP request. 



Don't forget that ICMP protocol ages out very quickly (1 min.). So after pinging, try to look at the table as quickly as possible.

This type of NAT lends IP Address dynamically as soon as an interesting traffic matched in ACL is sent towards the Internet (out of 'ip nat outside' interface).

In case you want multiple hosts to borrow the same address you can either add the keyword 'overload' in as the last word in the NAT configuration:

ip na inside source list 1 pool PUBLIC overload

or use Port Address Translation (PAT), which will be used in our next exercise.

Meanwhile this is the whole configuration we have done:

interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 209.165.201.1 255.255.255.224
 ip nat outside
 duplex auto
 speed auto
!
ip nat pool PUBLIC 209.165.201.3 209.165.201.10 netmask 255.255.255.224
!
ip nat inside source list 1 pool PUBLIC
!
ip route 0.0.0.0 0.0.0.0 209.165.201.2 

!

Friday, January 15, 2016

Lab 2-2: Internet connections - Static NAT




Lab pre-requisites:

Lab 2-1 Packet Tracer Topology Download.

Topology Diagram


Connecting a LAN to the Internet requires a little thought as there are few ways of doing it. Here we are going to explore three of them:
  • Static NAT (one-to-one translation)
  • Dynamic NAT (many-to-many translation)
  • Dynamic NAT Overload or PAT (many-to-one translation)


Task 1: Defining static IP addresses and setting a static default route.
Task 2: Configure NAT.
Task 3: Configure PAT.

STATIC NAT
Solution

Let's tackle the first one.

Task 1: Defining static IP addresses and setting a static default route.

In this type of NAT we allow the Internet to connect to our private host in both directions. NAT table will contain a static entry presenting our local host address (inside local) with public IP address (inside global). Typically we register the public IP address in DNS database allowing users on the Internet to communicate with our local host.

In this task let's assume that our extra public IP Address is: 209.165.20.1.10.

Roll up your sleeves and let's make it work.

First, what is necessary to connect a router to the Internet?
  1. Router must have its interface facing the Internet configured with public IP Address. This can be done manually or a router can obtain public IP address from a DHCP server located at the ISP.
  2. Router must know how to access all unknown addresses on the Internet. This can be accomplished by learning Internet networks via BGP protocol or by using 'default route'. Here we're going to use the latter.
  3. CCNA courses do not use the latest methods of doing NAT which utilizes a NVI interface. The older method is used which requires signifying which interface is private (ip nat inside), and which interface is connected to the Internet (ip nat outside).
  4. Appropriate NAT method must be configured.
STATIC NAT (one-to-one translation)


In our first approach let's allow Branch router to learn public IP Address using DHCP pool configured on HQ. The pool will only have one IP Address (209.165.201.1). In order to do that, type the following configuration on HQ:

HQ Configuration:

HQ#ena
HQ#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#ip dhcp pool BRANCH
HQ(dhcp-config)#network 209.165.201.0 255.255.255.224
HQ(dhcp-config)#default-router 209.165.201.2
HQ(dhcp-config)#exit
HQ(config)#ip dhcp excluded-address 209.165.201.2 209.165.201.254
HQ(config)#

We're off to a good start now.

Assign public IP Address on Branch Fas0/1 interface using DHCP

Branch#
Branch#ena
Branch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Branch(config)#int fas0/1
Branch(config-if)#ip address dhcp
Branch(config-if)#exit
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/1 assigned DHCP address 209.165.201.1, mask 255.255.255.224, hostname Branch

Notice that apart from IP Address 209.165.201.1/27, the Branch router also received the 'default route' as per HQ DHCP configuration. Now it can send the packets towards all unknown IP Addresses using HQ as its next-hop router (209.165.201.2).



Now, let's assume that ISP (Internet Service Provider) has given us another public IP Address for our public server purpose (WWW, SMTP, FTP, etc.). 

Server IP Addresses:

Inside Local: 10.1.1.100 (private)
Inside Global: 209.165.201.10 (host will be seen as this public address)

Since our router has already IP Address dynamically assigned and default route has been installed in the routing table, the next step is to signify which interface is private and which one is public.

Branch(config)#int fas0/0
Branch(config-if)#ip nat inside
Branch(config-if)#
Branch(config-if)#int fas0/1
Branch(config-if)#ip nat outside
Branch(config-if)#exit

This is where a lot of beginners make mistakes by doing this in the opposite way. Remember the 'ip nat inside' interfaces are the ones facing LAN (private network), the 'ip nat outside' interface is the one connected to ISP.

Finally, static NAT configuration:

Branch(config)#ip nat inside source static 10.1.1.100 209.165.201.10
Branch(config)#end

Branch#

Let's observe what was installed in the NAT table.




It looks good. Whenever Branch router receives IP packet destined to 209.165.201.10 will redirect the packet towards its inside local IP Address 10.1.1.100 as signified by NAT entry.



NOTICE!
This entry never ages out. It means that the router can send the packets to your public server 10.1.1.100 whenever it receives IP packet on its OUTSIDE interface (Fas0/1) with IP Address destination 209.165.201.10.



Now we can check if HQ router is able to ping 209.165.201.10.



The first two packets were lost on ARP request. The second ping worked 100%.

After two rounds of ping here's what we find in NAT table on Branch.



Here's the final configuration of Both HQ and Branch.

HQ Configuration:

!
ip dhcp excluded-address 209.165.201.2 209.165.201.254
!
ip dhcp pool BRANCH
 network 209.165.201.0 255.255.255.224
 default-router 209.165.201.2
!

Branch Configuration:

interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address dhcp
 ip nat outside
 duplex auto
 speed auto
!
!
ip nat inside source static 10.1.1.100 209.165.201.10 
!

In the next exercise we're going to us Dynamic NAT configuration (many-to-many translation).

Thursday, January 14, 2016

Lab 2-1: Router startup and Initial Configuration




Lab pre-requisites:

Lab 2-1 Packet Tracer Topology Download.

Topology Diagram


There are four tasks in this lab. I am curious how Packet Tracer is going to handle them.

Task 1: Router hardware and software inspection.
Task 2: Create the initial Router configuration.
Task 3: Changing default CLI parameters.
Task 4: Neighbor discovery using CDP.


Task 1: Router hardware and software inspection.

In order to find out more about the router, let's start with 'show version' command:

I fill focus on few lines that seem important here:


It is a Cisco Router Platform 2800 series.
IOS Major version: 12
IOS Minor version: 4
IOS Release: 15
T1 train: in testing


The above picture shows that router is running an 'Advanced IP Services' IOS image (supporting things such as VPNs etc.) The file in flash is compressed (z), will run directly from RAM memory (m) and it is an executable file (.bin).


Router model: 2811
RAM: 64 MB
(60416K for processes and 5220K for IO; you must add both values to learn the amount memory)
Interfaces: 2 FastEthernet Interfaces (100Mbs each) and 1 serial (128Kbps)
NVRAM: 239 KB
FLASH: 62 MB

Task 2: Create the initial Router configuration.

First, let's bring factory defaults


After reboot ignore the 'System Configuration Dialog'.

Configure a Hostname as per topology diagram.

Router>enable
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname Branch
Branch(config)#

Disable DNS name lookup.

Branch(config)#no ip domain lookup
Branch(config)#

Configure and enable FastEthernet0/0 and FastEthernet0/1 interfaces as shown in the topology diagram. Perform this task on both Branch and HQ routers. On HQ the address 172.16.1.100 should be assigned to FastEthernet0/0 interface.

HQ Configuration:

Router>enable
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname HQ
HQ(config)#no ip domain lookup
HQ(config)#interface fas0/0
HQ(config-if)#ip address 172.16.1.100 255.255.255.0
HQ(config-if)#no shutdown
HQ(config-if)#
HQ(config-if)#interface fas0/1
HQ(config-if)#ip address 209.165.201.2 255.255.255.224
HQ(config-if)#no shutdown
HQ(config-if)#
HQ(config-if)#end
HQ#wr
HQ#

Branch Configuration:

Branch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Branch(config)#interface fas0/0
Branch(config-if)#ip address 10.1.1.1 255.255.255.0
Branch(config-if)#no shutdown
Branch(config-if)#
Branch(config-if)#do ping 209.165.201.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms

Branch(config-if)#end
Branch#wr

Task 3: Changing default CLI parameters.

Configure Console 0 interface so that system messages are sent above the cursor (so that they don't interrupt with your typing).

Branch(config)#line con 0
Branch(config-line)#logging synchronous
Branch(config-line)#

In the console 0 configuration context change the idle timer to 1 hour (it will not work in Packet Tracer properly but here we need to practice the command).

Branch(config-line)#exec-timeout 60
Branch(config-line)#

Change the history buffer size from default value (10 or 20 depending on the device), to 50 recently remembered commands. Make sure that this will be still working after terminating session (need to do it on the console 0)

Branch(config-line)#history size 50
Branch(config-line)#

The whole configuration of the console:

!
line con 0
 history size 50
 exec-timeout 60 0
 logging synchronous
!

Task 4: Neighbor discovery using CDP.

We can use Branch router and CDP protocol to obtain more information about its two neighbors. Compare the discovery below with the topology diagram at the top of the page.



If you want to obtain a more detailed output about a neighbor using CDP, you can either use the following command:

show cdp neighbor detail

It will display detailed information about all neighbors discovered (one by one). Alternatively, you can ask CDP for detailed information about specific neighbor (for instance SW1). 


NOTICE!
Pay attention here as IOS is CASE SENSITIVE. When you provide the name of the neighbor, you must type it exactly as presented in show cdp neighbor output.



SW1 detailed output would be provided with this command:

show cdp entry SW1

Here's my output: 


Cisco Is Easy - Main

  Cisco Basics (CCNA level)  Lessons: Watch Video Tutorials on Youtube 01 - Connecting to Cisco Console Port with MINICOM 02 - Navigatin...