There is an occasional need for a DNS server in the absence of a dedicated host. This may occur in the following situations–
- Using PAT, Public DNS may return a non-RFC1918 address for internal server
- Lab/Demo Environment
- Other Name Resolution challenges in SOHO, SMB or Branch Office
When these corner-case challenges present, an IOS router may be beneficial by providing basic DNS functions. Assuming the router already has Internet connectivity, the configuration is straightforward–
//enable the dns server functionality
IOS-DNS(config)#ip dns server
//if public requests should be resolved, configure one or more name
//servers as resolvers and confirm domain-lookups are enabled
IOS-DNS(config)#ip name-server 188.8.131.52 184.108.40.206
Throughout this series, we have examined several fundamental building blocks of subnetting. In IP Subnetting Part 4, we looked at what was required to subnet a Class C network. This article takes the fundamentals one step further and looks at subnetting a Class A address. We will also add the complexity of crossing octet the octet boundary for both the subnet and the host portions of the address.
A Class A IP address has the following characteristics–
- I’s first octet begins with binary 0…….
- The first Octet will be in the range of 1 to 63 (0 is invalid)
- The first Octet (leftmost) represent the Network
- The last three Octets (rightmost) represents a Host on a network
You will also recall that a single network can be subnetting into multiple, smaller networks.
Using a consistent syntax, we could represent a Class A network as follows.
IP NAT is a very common configuration. One of the challenges that sometimes surfaces is the need for internal hosts to connect to the public address of a locally hosted server. Anyone who has tried to configure something like the following has likely faced this issue.
In this example, the top of the diagram represents the outside (Internet, ISP, or External Server), the left represents the DMZ area, and the bottom represents the inside. The goal is to enable dynamic port address translation for internal hosts and static port address translation for the host or hosts found in the DMZ area.
This configuration is fairly straightforward and typically covered in the CCNA curriculum. This includes identifying each interface as inside or outside and configuring the appropriate nat statements.
The Sourcefire NGIPS/NGFW solution is a way to quickly get some interesting information about traffic on a network. One of the things I like about the solution is that actionable information is almost immediately available after deployment.
There are five deployment modes for a Sourcefire Firepower appliance:
Passive and inline modes are the two deployment options for the Virtual versions of the Firepower appliances. Inline mode provides significant advantages over simple passive monitoring. Inline mode allows the appliance to block offending traffic or communications that violates the configured policy. Following the installation guide is straightforward and should allow a security engineer to quickly get this solution up and running.
At this point in the PacketU subnetting series, we have worked through the following–
This article takes the concept of subnetting to the next step. Today we are going to look at the concepts required to subnet a Class C network. As we reflect on the Classful IP rules, we recall that a Class C network has the following characteristics–
- First octet begins with binary 110…..
- The first Octet will be in the range of 192 to 223
- The first three (three leftmost) octets represent a Network
- The last (rightmost) octet represents a Host on a network
We also know that this single IP network can be further subdivided into multiple, but smaller, networks. This process is known as subnetting.
Continuing with the syntax used in previous articles, we might represent a Class C Network as follows– Continue reading
I just wanted to take a quick moment to share a site Dan DeBusschere has created. This site is a list of very useful config snippets, information and links. Most of the content is focused on Datacenter and UCS. If you support this type of environment, check it out.
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may not reflect the position of past, present or future employers.
Today was a bittersweet day for me. It was my final day working with a great group of people at a prominent community bank. I have nothing but good things to say about the people, the organization, and the interesting projects I’ve been involved in. I’ll miss everyone a lot and plan to stay in touch.
Tomorrow I begin a new role as a Systems Engineer at Cisco Systems. I will be working with the SLED (public sector) sales team in Kentucky and West Virginia. In this role I hope to broaden my knowledge of networking components and spend time helping customers better position their technology infrastructures.
What this means for me–
I will be aggressively learning the Cisco Product lines, including areas that I previously had less exposure to. I will take advantage of the resources I have and marry my vision of the changing network industry to the components Cisco positions into higher education environments. My intentions include better understanding the roadmap and technical details as they pertain to the integration path from traditional networking to software defined approaches.
But what about…
Today’s podcast spotlight goes to Software Gone Wild. This is a newer podcast hosted by our friend Ivan Pepelnjak. The topics are focused on the growing pains the networking industry is experiencing and various forms of automation that are attempting to solve them. This includes various aspects of SDN, NFV and how others are using technology to deliver bigger/better/faster solutions.
Recent episodes include Network Automation @ Spotify and The F-Script with my good friend John Herbert.
Disclaimer: I have no affiliation with the Software Gone Wild podcast or any organization linked to, represented in or derived from content found in this article. This article represents my own opinions and may not be that of my employer.
At some point, Network engineers will likely face some type of issue with MTU or maximum transmittable unit. Their first experience with this may be an eye opening and time consuming effort. After resolving the issue, those with a thirst for knowledge will take the necessary time to understand the issue.
MTU problems are most often seen when Path MTU Discovery, or PMTUD, fails to function. This is the process by which one end host determines the largest possible packet size to another station on the network. Symptoms of this type of issue include two devices having proven reachability, but applications fail to work in a way that indicates a network issue. Some applications may even crash or hang the system.
Symptoms of PMTUD Failure
- Hosts may be able to ping one another
- Service/Port may prove accessible using telnet
- Severe and persistent application issues
- Partial page loads
- Either host appearing to hang
I wanted to take a few minutes to share a scenario that some seem to struggle with. This scenario is a routing issue that sometimes occurs when an interior routing protocol allows routes to leak back through a tunnel. To demonstrate this, I’ve built a lab with three routers. R1 and R3 are participating in EIGRP and have a GRE tunnel configured directly between them.
I’ve often stated how simple subnetting really is. While each individual concept is rather simple, it is the combination that make the holistic process challenging. If we, as humans, could look at the process more like computers and network devices, subnetting would be a much simpler process. In short, some knowledge of binary is an important requirement prior to sharing more complex subnetting examples.
This article will demonstrate the process of converting binary to and from the more familiar decimal numbering system. This will establish the necessary baseline knowledge required to understand when applying subnet masks to IP addresses. The first question we need to answer is–
What is Binary?
Binary, also known as base-2, is a numbering system in which each position only has two possible values. We often represent one possible value as zero and the other possible value as one. Alternatively, it could be represented many other ways including: positive and negative voltage, black and white colors, voltage and no voltage present, or null and not null. This simplicity in representation is what makes the system so advantageous for a computer’s limited discreet capabilities. Continue reading
I know many have been [not so patiently] waiting for the arrival of a Cisco virtual lab. Although I haven’t heard any official release date for VIRL or CML, there is a small scale virtual router lab available today. This lab is the All-in-One Virtual Machine made available on the Cisco DevNet site.
While not a comprehensive lab, it is a quick and easy way to get some real command line experience or test smaller layer 3 challenges. This VM includes 3 routers with a total of 10 routed interfaces in use. There is no access to layer 2, so the topology can only be manipulated by shutting down interfaces on the routers.
Using the DevNet All-in-One Virtual Machine
Posted in Blogroll, CCNA, Certification, General, Network, Rant, Technology
Tagged career, ccna, ccna security, certification, cisco, network