Troubleshooting – Link Layer

  • Debug ip icmp
  • Debug ip packet
  • Debug interface
  • Debug arp
  • Debug frame packet (if debug ip packet shows encapsulation failed)
  • Passive interfaces – can bypass with neighbour statement as it only stops multicasts NOT unicasts

HDLC and PPP Written Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind.


*** Theory ***

  • HDLC – Cisco made it properity by adding keepalives to see if the line is up or not.  SLARP (Serial Link Address Resolution Protocol) – assigns itself an IP address for TFTP etc configs. Added STAC compression &increases performance with only 7-12 bytes. Can be seen as the netbui of WAN.
  • STAC Compression – do under interface, you will need to do on both routers / both end of links otherwise the link will be kind of down as one side is compressing and the other side isn’t. STAC also taxes the CPU
  • Predictor Compression – less CPU than STAC, but uses more memory. It tries to predict the next data and uses that compression for it
  • MPPC – used for Microsoft environment / clients
  • Troubleshoot – use debug interface serial to check HDLC messages. If 3 messages are missed the link is declared down
    • myseq – is the seq no. You are sending to the otherside
    • myseen – they are acknowledging
    • yourseen – is the number you have seen

  • PPP is an alternate WAN comms to HDLC.
  • Multilink PPP – You can bundle 2 or more serial PPP links as a logical link and then load balance between them.
    • For each serial connection you must specify the multilink-group [1], encapsulation ppp, ppp multilink
    • Then create interface multilink [1]. Give this the IP address, encapusaltion ppp, ppp multilink and multilink-group [1]
    • Show ppp multilink – will show all interfaces assigned and if they are active etc

*** Commands ***


Network Model Crib Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind

Network Modelling

*** Theory ***

  • Three Layer Model (3 Layers)
    • Core – Low latency, fast switching, Advanced QoS, Redundancy, Root Bridges
    • Distribution – Handle routing, High Speed ports,
    • Access – VLAN, Basic QoS, Traffic Filtering, Redundant uplinks, future growth, high port density
  • Cisco Enterprise Architecture (6 Modules)
    • Campus – Core layer of campus network.
    • Edge – Internet connectivity, DMZ, VPNs
    • WAN – PPP, Frame, DSL, MPLS
    • Branch – Remote Office
    • Teleworker – SOHO / Mobile Users
    • Data Centre – DR
  • Intelligent Information Network (Vision)
    • SONA – Single Vendor and Virtualisation
      • Application Layer – How end users interact
      • Interactive Service Layer – Virtualisation
      • Network Infrastructure layer

    *** Other ***

    • Reconinsense Attack –Uses packet sniffers etc . Combat with switched infrastructure.
    • DoS Attacks – Can use IP spoofing and DoS attacks
    • Virus – requires human assistance to spread
    • Worm – Saved in memory, spreads automatically
    • ip inspect – is IOS firewall (formly CBAC). Inside interface inspects inbound and outside interface inspects outbound

Cable Network Crib Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind


*** Theory ***

  • DOCSIS – Standard governing how cable operators reserve bandwidth for data transfers. When modem boots up it finds a DOCSIS channel (scans for RF for QAM lock). CMTS sends 3 messages (MAP, UCD, SYNC) to modem. It then requests IP from DHCP Server. Modem gets config file via TFTP (address given by DHCP). Modem then register with CMTS and negotiates QoS etc
  • ADSL – Up to 8MB DL and 1MB UL. Limited to 18,000 feet limitation. Can use phone via POTS Splitter.
    • Coding methods
      • CAP – Single Carrier Method – Divides phone line into three separate channels. (V, Upstream, Downstream) – Been replaced by DMT
      • G.Lite – one of two multicarrier methods “splitterless ADSL”. Limited to 1.5MBPS DL and 512 KBPS UL = slow
      • DMT – The 2nd multicarrier method – Uses 256 channels to carry data
    • HDSL – Same UP/DL rate (Symmetric). Can’t use the phone
    • HDSL2 – Allows for VOIP
    • RADSL – UL/DL are adjusted dynamically
    • Satellite – Very slow.  DL 500K and UL 50K (On a clear day!)
      • Problems
        • Attenuation – Signal gets weak
        • Impedance Mismatch – Bad splice or corrosion
        • Cross talk (Inside)
        • AM Radio (Outside)
      • ATM – Uses DSLAM Switches (has DSL card) for data transport.
        • PPPoE vs PPPoA – Key difference is oA uses routing and oE uses bridging
        • PPPoE (RFC 2516) – Typically uses Chap.  Host devices uses discovery to get MAC of PPPoE Server. This creates SESSION_ID.
          • Interface setups
            • Connection to DSLAM – No IP address need and dial pool number (needed) which binds a dialler interface to an Ethernet one.
            • Dialler
              • Ip mtu 1492 – Reduce from 1500 to allow for PPPoE headers
              • Ip address negotiated – Allows for DHCP address to be given
              • Ip nat outside (if using Nat)
          • Default route should be dialler interface
          • Use dialler interface when using NAT inside for PAT.
      • PPPoA – If encapsulation is running under PVC, you are running PPPoA
        • Interface Setups
          • Connecting to DSLAM (ATM 0/0)
            • No ip address
            • Dsl operating-mode auto / Auto negotiate modulation with downstream router
            • Pvc 100/120 / Like DLCI
            • Pppoe-client-dialer-pool-number-1
      • RFC 1483/2684 Bridging – Easy to setup. Multiprotocol. Single user environment. Uses lots of broadcasts, not scalable, can be attacked.