study journal

Connecting all the pieces together was much easier than I expected it to be. There are only three pieces (XP Client, IPS, ACS) external to Dynamips, all running VMware that need to be part of the Dynamips lab network.

If you are using Windows, like I am, you need to create a few Loopback adapters on Windows. http://support.microsoft.com/kb/839013 explains how you can do that. Once you have the loopback adapter, and have assigned an IP to it, you need to bridge your VMware adapters to them. To do that, open up the VMware Server Console. Click on Host -> Virtual Network Settings, select the Host Virtual Network Mapping, and then pick the VMnet adapter that you want to bridge to the Loopback adapter you created. All the adapters appear in the drop-down.

Now, on GNS, create a cloud, right-click on it and select Configure. Select the loopback adapter from the drop-down list, and click Add. This is your link into the Dynamips network. That’s it folks! Now your VMware machine should be able to talk to your Dynamips network. Zoom zoom!

After much digging around, I found a bunch of stuff on how to get an emulated CCIE Security Lab set up, with the exception of the Concentrator (can’t be emulated, but can be connected externally). The components that go into emulating the lab are: GNS3 (front-end to Dynagen/Dynamips) and VMware.

GNS3 allows for emulation of various Cisco Routers as well as the PIX Firewall, which should be good enough for the lab exam. VMware can be used to emulate the IPS, as well as Cisco ACS running on Windows 2k3 Server. These can all be then connected into the Dynamips cloud. At the moment, I have all the pieces running separately - GNS3, ACS and IPS. Once I have all the pieces working together, I’ll write up another post (part 2). Meanwhile, if you have any questions about how to get the pieces working, feel free to ask - I’ll try to answer the best I can.

Tuesday, 12-09-2008

Passed the written exam today… now comes the tough part. Stay tuned!

Scheduled for the 350-018 on Monday June 23 ‘08! Wish me luck! Lab, here I come!

• cisco proprietary, distance vector
• user configurable metrics: bandwidth, delay, reliability, load, MTU
• metrics: uses ticks as primary metric, but falls back to hops in case of a tie
• default max diameter - 100 hops, configurable up to 255
• three types of routes: interior, system, exterior
• interior routes - routes between subnets attached to router int. if network not subnetted, igrp does not advertise interior routes
• system routes - routes to network with AS. derived from directly connected network int’s & system route info provided by other igrp routers. do not include subnet info
• exterior routes - routes to network outside AS; considered when identifying gateway of last resort
• update broadcast sent every 90 seconds
• route marked “possibly down” if no update received within 3 update periods (270s)
• after 7 update periods (630s), route removed
• if route “possibly down”, traffic still passes even though it might not be successful
• flash update - sending of update sooner than standard periodic update to notify routers of metric change
• poison reverse - sent to remove a route and place in holddown, which keeps new routing info from being used for some time
• to propagate ‘gateway of last resort’ the route specified by ip default-network command must already be known as a network - it must be igrp-derived, or a static route redistributed from another protocol

• 2 versions, distance-vector
• v1 - classful, fixed length subnet masks
• v2 - classless, vlsm
• metric - hop count (15 max)
• updates sent every 30 seconds with entire routing table
• operates on UDP 520
• hop count - 1 = directly connected, 16 = unreachable
• uses split-horizon with poison reverse and triggered updates
• split-horizon enabled by default. should disable in hub/spoke network, unless sub-interface used
• v2 summarizes networks automatically. ip summary-address takes precedence over auto-sum
• v2 updates are sent via multicast address 224.0.0.9
• by default, when router rip is configured on a router, it only sends v1 info, but listens to both v1 and v2

Yeah, I know - this was supposed to start on May 3, but you know how it goes. I’m going to start putting notes down as I go through each “chapter” of the book I’m reading, for stuff that I might need to look back at later on.

• TACACS responses: ACCEPT, REJECT, ERROR, FAIL
• TACACS / RADIUS use MD5 encryption
• Command for tacacs configuration: tacacs-server host; tacacs-server key
• PPTP - uses modified version of GRE, IP prot 47, TCP 1723, no auth mechanism
• L2TP - UDP 1701, uses PPP (address alloc, per-session auth), LAC (Access Conc), LNS (Network Server)
• ESP: IP prot 50, AH: IP prot 51