Open University Student IT Tips & Deals

Last updated 24/09/2014

I have been with the Open University now for a few years studying Computing & IT and Business and thought I would give my views on some good IT tips students can take advantage of to ensure their work is secure and backed up.

Spotify

Spotify is a great way to listen to music when studying and on the go, allows you to listen on your iPhone, iPad, Android devices, Windows smart phone and Windows. Get yourself an NUS card for around £12 a year (as of posting) and save 50% of a yearly subscription on Spotify – saving of £60 (£48 if you include the NUS). If you already have a subscription paying the full price, I believe you can still get the offer, if not just cancel and re-sub.

Read More

PPP_PAP_CHAP

Cisco ICND2 – Configure and verify PPP connection between Cisco routers

PPP stands for Point-to-Point and is a protocol operating at Layer 2 of the OSI model.

HDLC is Cisco proprietary and is the default encapsulation on serial links great if you have all Cisco devices, otherwise you will need PPP configured.

There are two types of authentication that can be used with PPP. These are PAP and CHAP.

PAP (Password Authentication Protocol) – Passwords are sent in plain text. No periodic checks.

CHAP (Challenge Handshake Authentication Protocol) – Password is encrypted. Sends periodic checks to ensure the router is talking to the same router.

PPP_PAP_CHAP

Configuring PPP is rather simple:

configure terminal
int s2/0
encapsulation ppp

Configure PPP with PAP authentication

RouterA:

configure terminal
hostname RouterA
username RouterB password Cisco

int s2/0
ip address 10.0.0.1 255.255.255.0
encapsulation ppp
ppp authentication pap
ppp pap sent-username RouterA password Cisco

RouterB:

configure terminal
hostname RouterB
username RouterA password Cisco

int s2/0
ip address 10.0.0.2 255.255.255.0
encapsulation ppp
ppp pap sent-username RouterB password Cisco
ppp authentication pap

Configure PPP with CHAP authentication

RouterA:

configure terminal
hostname RouterA
username RouterB password Cisco

int s2/0
ip address 10.0.0.1 255.255.255.0
encapsulation ppp
ppp authentication chap

RouterB:

configure terminal
hostname RouterB
username RouterA password Cisco

int s2/0
ip address 10.0.0.2 255.255.255.0
encapsulation ppp
ppp authentication chap

Show commands:

show interface s0/0 – Look for encapsulation ppp and LCP is open. Check interface is up and line protocol is up. Password/Username or encapsulation mismatch will bring the line protocol down.

Debug:

debug ppp authentication – Look for any failures of the three-way handshake.

Cisco ICND2 – Describe VPN technology (including: importance, benefits, role, impact, components)

VPN stands for Virtual Private Network and extends network access to that beyond its current network. There are different types of VPN, these are:

  • Site-to-site VPN – Connects a company remote sites over the Internet together
  • Remote access VPN – Allow users to connect in from any remote location outside of the company over the Internet.

IPSec operates at layer 3 of the OSI model. IPSec is an industry standard created by IETF that provides security at the network layer.

Authentication Header (AH)  – Sender and receiver generate the same one-way hash. If packet has been changed it will be dropped.

Encapsulation Security Payload (ESP) – Provides data confidentiality, data integrity and replay service.

Symmetric encryption uses a shared secret to encrypt and decrypt. DES, 3DES and AES are different types of encryption.

Assymmetric encryption uses private and public keys. Public key is shared but private key is only know to the host. RSA is common encryption.

Benefits:

  • Cheaper – No need to get a second line to link sites, can use VPN and use existing connections to the Internet
  • Encrypted making the connection secure
  • Can have more than one VPN connection – Can connect to mutliple sites and allow remote users

Disadvantages:

  • Requires more overhead on the Router for encryption/decryption

Cisco ICND2 – Troubleshoot WAN implementation issues

Somethings to look out for when troubleshooting WAN implementation issues:

  • Mismatched IPs
  • debug ppp authentication – Will show if any authentication issues (password mismatch)
  • Encapsulation mismatch – ppp and HDLC for example
  • show cdp neighbors detail
  • show frame-relay lmi
  • show frame-relay map
  • show frame-relay pvc
  • show running-config
  • show interface s0
  • Frame relay encapsulation mismatch
  • debug frame-relay lmi

Cisco ICND2 – Configure and verify Frame Relay on Cisco routers

  • Packet-switching protocol
  • DCLI’s are local – layer 2 addressing. Not advertised to other routers
  • Permanent virtual circuit (PVC) – Dedicated circuit always up
  • Switched virtual circuit (SVC) – Temporary circuit that is only up for example during a data transfer session
  • Three LMI types cisoc, ansi and q933a
  • Local Management Interface (LMI) – passes information about the status of the circuit. Must match on the DCE (Provider) and DTE end
  • non-broadcast multi-access (NBMA) – broadcasts are not sent over frame-relay by default
  • inverse ARP – Used to allow dynamic mapping. On by default can be turned off using no frame-relay inverse-arp
  • Split horizon – Stops rouging updates such as RIP from being sent out of the same interface it was received on. Turning off split horizon may cause routing loops
  • Sub-interfaces can overcome the split horizon by creating sub interfaces out of a serial interface. This gets around the problem of a routing update being sent and received out of the same interface. Sub-interfaces can either be point-to-point or multipoint

Show commands:

  • show frame-relay map – Table of frame maps, shows dlci and lmi information
  • show frame-relay lmi – Shows configured LMI type, if timeouts occur and increase could indiciate a lmi mis-match
  • show frame-relay pvc – Shows BECN and FECN information

Debug commands:

  • debug frame-relay lmi – myseq increments but yourseen doesn’t indicates lmi mismatch

Frame relay point-to-point

Frame_Relay_P2P

R1:

interface Serial2/0
no ip address
encapsulation frame-relay

interface Serial2/0.301 point-to-point
ip address 10.0.1.1 255.255.255.0
frame-relay interface-dlci 301

interface Serial2/0.302 point-to-point
ip address 10.0.3.1 255.255.255.0
frame-relay interface-dlci 302

router rip
network 10.0.0.0

R2:

interface Serial2/0
no ip address
encapsulation frame-relay

interface Serial2/0.102 point-to-point
ip address 10.0.2.2 255.255.255.0
frame-relay interface-dlci 102

interface Serial2/0.103 point-to-point
ip address 10.0.1.2 255.255.255.0
frame-relay interface-dlci 103

router rip
network 10.0.0.0
network 192.168.0.0

R3:

interface Serial2/0
no ip address
encapsulation frame-relay

interface Serial2/0.201 point-to-point
ip address 10.0.2.1 255.255.255.0
frame-relay interface-dlci 201

interface Serial2/0.203 point-to-point
ip address 10.0.3.2 255.255.255.0
frame-relay interface-dlci 203

router rip
network 10.0.0.0
network 172.16.0.0

Frame relay multipoint

Frame_Relay_Multipoint

R1:

interface Serial2/0
ip address 10.0.1.1 255.255.255.0
encapsulation frame-relay
frame-relay map ip 10.0.1.2 301 broadcast

router rip
network 10.0.0.0

R2:

interface Serial2/0
ip address 10.0.1.2 255.255.255.0
encapsulation frame-relay

router rip
network 10.0.0.0
network 192.168.0.0

R3:

interface Serial2/0
ip address 10.0.1.2 255.255.255.0
encapsulation frame-relay

network 10.0.0.0
network 172.16.0.0

Cisco ICND2 – Troubleshoot NAT implementation issues

Here are some NAT troubleshooting tips:

  • show ip nat translations
  • show running-config
  • show ip nat statistatics
  • debug ip nat
  • clear ip nat translations *
  • Check inside and outside are placed on the correct interfaces
  • Ensure the natpool covers the correct range of IPs
  • Check the name of the pools are matched – I made a typo during testing and as a result NAT didn’t work
  • Ensure the access-list is configured correctly to allow translation

Cisco ICND2 – Configure Network Address Translation for given network requirements using CLI

Showing examples of Dynamic, Static and Nat overload.

NAT

Configuring NAT Overload on Router1:

interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.224
ip nat inside

interface Serial0/1/0
ip address 62.0.0.2 255.255.255.0
ip nat outside

ip nat pool natpool 62.0.0.2 62.0.0.2 netmask 255.255.255.0
ip nat inside source list 1 pool natpool overload

access-list 1 permit 10.0.0.0 0.0.0.31

Configuring Static NAT on Router1:

interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.224
ip nat inside

interface Serial0/1/0
ip address 62.0.0.2 255.255.255.0
ip nat outside

ip nat inside source static 10.0.0.2 62.0.0.2
ip nat inside source static 10.0.0.3 62.0.0.4

Configuring Dynamic NAT on Router1:

interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.224
ip nat inside

interface Serial0/1/0
ip address 62.0.0.2 255.255.255.0
ip nat outside

ip nat pool natpool 62.0.0.3 62.0.0.4 netmask 255.255.255.0
ip nat inside source list 1 pool natpool

access-list 1 permit 10.0.0.0 0.0.0.31