Author: Valter Popeskic

Wildcard mask – What’s the difference from subnet mask?

Valter Popeskic January 23, 2013 Network Fundamentals

What is Wildcard Masking?

Wildcard mask is like any other computer IP address basically a group od zeroes and ones (o and 1). To be short, in wildcard mask all number one (1) mean “I don’t care about that position”, and all zeroes (0) mean “I care about that position in binary address”. Let’s take an example where Access list with wildcardmask will be able to deny fourth subnet and alow next four and so on for all /24 subnets of 192.168.0.0/16 supernetwork.

In the access-list we put an 0.0.0.0 255.255.251.255 network;

We know that 255 means 1111 1111 in binary.
We know that 251 means 1111 1011 in binary.

In the 0.0.0.0 255.255.251.255 line we could change 0.0.0.0 to any other kind of 1.1.0.1 23.23.0.33 because in this situation our ACL will not care about the bits in the first, second and last octet. We could write 192.168.0.0 it will fit in our example.

One more thing to make myself more clear. If we use deny 192.168.0.0 255.255.251.255 in ACL, this ACL will not filter only 192.168.0.0/16 network, but every network in the whole 32bit range from 0.0.0.0 to 255.255.255.255 in which third octet has an zero (0) in 6th position. To filter only those subnets that are part of 192.168.0.0/16 supernet we would need to use deny 192.168.0.0 0.0.251.255 because in that way we will say that we care about first and second octet of the address.

Example:

[Continue Reading...]

When I connect to device with telnet or SSH I don’t see logging?

Valter Popeskic January 10, 2013 Configuration, Troubleshooting

Cisco device will not send log messages to your terminal session by default. That means that you will see log messages in putty only if you are connected to console port but if you connect with telnet or SSH you will not get log messages. Here’s how to resolve this:

There are three types of logging: Console, Monitor and Buffer.

Console logging is seen if you connect to console port directly. Monitor logging is what you will se on your screen when you are connected to CLi in some other way. And the last is Buffer logging that means all the logs that are going into buffer memory to be viewed later in time. Every of the logging type has its own setting on which loggs will be registered.

There are this types of looging levels with their severity numbers where greather number means smaller severity case, from severity 1 to 7:

[Continue Reading...]

IPv6 – SLAAC EUI-64 Address Format

Valter Popeskic January 7, 2013 IPv6

UPDATE on 22 Mar 2018:

Article is correctly describing what is SLAAC and why is needed and describes how SLAAC uses RFC 2373 to generate interface IPv6 address. The thing is that today RFC 7217 describes an enhanced new way of SLAAC algorithm to improve user security and protect hosts from attacks. Details are available here in my new article about SLAAC.

Stateless autoconfiguration or SLAAC

SLAAC is a method in which the host or router interface is assigned a 64-bit prefix, and then the last 64 bits of its address are derived by the host or router with help of EUI-64 process which is described in next few lines. SLAAC uses NDP protocol to work.

As the format of the EUI-64 format is seen quite frequently, covering its details seems important too.

[Continue Reading...]

L2TP – Layer 2 Tunneling Protocol

Valter Popeskic January 2, 2013 Data link layer

L2TP Attributes Summary

Projected L2TP standard was made available in the year 1999 by means of RFC 2661. It was originated primarily from two different tunneling protocols, named as: Point-to-Point communication protocol and PPTP (Point to Point Tunneling protocol). In other words, L2TP (Layer 2 Tunnel Protocol) is an up-and-coming IETF (Internet Engineering Task Force) standard that came in front with the traits of two on-hand tunneling protocols, named as: Cisco’s L2F (Layer 2 Forwarding) and Microsoft’s PPTP (Point-to-Point Tunneling Protocol). L2TP protocol is actually an expanded form of the PPP (a significant constituent for VPNs).

[Continue Reading...]

NDP – Neighbor Discovery Protocol

Valter Popeskic December 31, 2012 Data link layer, IPv6

IPv6 Neighbor Discovery Protocol

In IPv6 we do not have ARP (address resolution protocol) anymore. ARP is replaced with ICMP based NDP protocol. NDP or ND protocol uses special IPv6 ICMP messages to find and resolve L2 neighbours IPv6 addresses.

It’s a simple way for hosts to learn IPv6 addresses of neighbours on L2 subnet around himself. That includes learning about other hosts and routers on local network. That is the biggest difference between IPv4 and IPv6, there’s no ARP but ICMP takes the function.

NDP is defined in RFC 2461 and this article will introduce you to NDP functions, main features’ lists, and the related ICMPv6 message types.

As the most precise description of NDP is that it belongs to the Link layer of the Internet Protocol suite in TCP/IP model. We can say that Link layer of TCP/IP model is basically a direct combination of the data link layer and the physical layer in the OSI Open Systems Interconnection protocol stack. As in this blog I always try to use OSI model this article was inserted both to Data-link and Physical layer category.

NDP function

In case of IPv6 networks, the NDP Protocol make use of ICMPv6 messages and solicited-node multicast addresses for operating its core function, which is tracking and discovering other IPv6 hosts that are present on the other side of connected interfaces. Another use of NDP is address autoconfiguration.

Let’s discuss some major roles of IPv6 NDP:

Stateless address autoconfiguration – SLAAC
Duplicate address detection DAD
Router discovery
Prefix discovery
Parameter discovery link MTU, hop limits
Neighbor discovery
Neighbor address resolution – replaces ARP in IPv6
Neighbor and router reachability verification

In order to carry out work NDP uses five types of ICMPv6 messages. In the following list you can find the function as well as summary of their goals.

NDP message types:

[Continue Reading...]