1 00:00:02,577 --> 00:00:05,494 (electronic music) 2 00:00:08,583 --> 00:00:10,286 - So at this point, you should hopefully feel 3 00:00:10,286 --> 00:00:12,439 pretty comfortable with adding routers, 4 00:00:12,439 --> 00:00:14,718 and switches, and frame relay switches 5 00:00:14,718 --> 00:00:17,761 into your topology, into your GNS3 network. 6 00:00:17,761 --> 00:00:18,627 So, you might be getting to the point 7 00:00:18,627 --> 00:00:19,836 where you say, you know what? 8 00:00:19,836 --> 00:00:22,509 I'd really like to add a host into my network. 9 00:00:22,509 --> 00:00:24,529 I'd like to have a host for a variety of reasons. 10 00:00:24,529 --> 00:00:26,000 Maybe to ping back and forth, 11 00:00:26,000 --> 00:00:28,319 or to do some other types of testing. 12 00:00:28,319 --> 00:00:29,727 Now, let's step back here for a second. 13 00:00:29,727 --> 00:00:32,319 You might wonder, well Keith, why do I need a host? 14 00:00:32,319 --> 00:00:35,136 I mean, if I just wanted to do ping tests, 15 00:00:35,136 --> 00:00:37,530 or if I want to generate some, 16 00:00:37,530 --> 00:00:40,216 just test access lists or something like that, 17 00:00:40,216 --> 00:00:41,927 can't I just plug in another router 18 00:00:41,927 --> 00:00:43,516 and ping from the other router? 19 00:00:43,516 --> 00:00:44,465 Well certainly, you can do that. 20 00:00:44,465 --> 00:00:46,108 But keep in mind one thing. 21 00:00:46,108 --> 00:00:48,297 Anytime you plug a router into your topology 22 00:00:48,297 --> 00:00:50,946 and then you start it, you're consuming 23 00:00:50,946 --> 00:00:52,911 another instance of router memory. 24 00:00:52,911 --> 00:00:55,398 If that software that that router's running 25 00:00:55,398 --> 00:00:57,860 takes 500 megabits per second, 26 00:00:57,860 --> 00:01:00,277 let's say it's a 7200 series router, 27 00:01:00,277 --> 00:01:02,456 now you're just eating up a lot more RAM 28 00:01:02,456 --> 00:01:05,176 in your laptop simply to have some device 29 00:01:05,176 --> 00:01:07,059 that you can ping from. 30 00:01:07,059 --> 00:01:09,040 So for here, for something like that 31 00:01:09,040 --> 00:01:10,542 and a lot of other useful reasons, 32 00:01:10,542 --> 00:01:12,920 I'd like to talk about the VPCS, 33 00:01:12,920 --> 00:01:16,049 the Virtual PC Simulator that's included 34 00:01:16,049 --> 00:01:19,466 as yet another built in node within GNS3. 35 00:01:20,488 --> 00:01:22,464 Now, I've been using this quite a bit 36 00:01:22,464 --> 00:01:24,158 throughout the various topologies, 37 00:01:24,158 --> 00:01:25,505 and I've been promising you, well, 38 00:01:25,505 --> 00:01:26,631 I'll get to it, I'll get to it. 39 00:01:26,631 --> 00:01:28,433 Well now is our time to talk about it. 40 00:01:28,433 --> 00:01:29,728 So, let's talk about it a little bit. 41 00:01:29,728 --> 00:01:33,757 So first of all, this particular node is available 42 00:01:33,757 --> 00:01:37,983 right here in the Browse End Devices section. 43 00:01:37,983 --> 00:01:39,471 So, that's where you would find this. 44 00:01:39,471 --> 00:01:40,971 So, click on that, 45 00:01:42,242 --> 00:01:45,387 and then we're gonna be using VPCS. 46 00:01:45,387 --> 00:01:47,124 So, you just drag and drop it on just 47 00:01:47,124 --> 00:01:48,506 like you normally would. 48 00:01:48,506 --> 00:01:52,050 Now these, unlike your built in Ethernet switches 49 00:01:52,050 --> 00:01:54,777 and your built in frame relay switch and everything, 50 00:01:54,777 --> 00:01:57,462 these you can turn on and turn off. 51 00:01:57,462 --> 00:02:00,180 And notice that bu default, is deactivated. 52 00:02:00,180 --> 00:02:01,581 It's turned off. 53 00:02:01,581 --> 00:02:05,300 So, let me get rid of this one here. 54 00:02:05,300 --> 00:02:07,182 So, I've already go three instances 55 00:02:07,182 --> 00:02:10,042 of my Virtual PCs in this particular topology. 56 00:02:10,042 --> 00:02:13,858 And, I wanna show you some of the real power behind this. 57 00:02:13,858 --> 00:02:17,266 For example, let's start out with PC number two here. 58 00:02:17,266 --> 00:02:19,337 And in this particular PC, I just wanna give 59 00:02:19,337 --> 00:02:22,020 it a static IP address and mask, 60 00:02:22,020 --> 00:02:23,970 and a static default gateway. 61 00:02:23,970 --> 00:02:25,077 Real easy to do that. 62 00:02:25,077 --> 00:02:28,233 So, just go ahead and double-click on it to open it up, 63 00:02:28,233 --> 00:02:30,129 and this is what your console window will look like. 64 00:02:30,129 --> 00:02:32,269 It actually has a pretty intuitive Help menu, 65 00:02:32,269 --> 00:02:33,202 and I like it a lot. 66 00:02:33,202 --> 00:02:35,466 I just type, for example, the question mark, 67 00:02:35,466 --> 00:02:37,724 and you can see all the different options 68 00:02:37,724 --> 00:02:39,627 are available to you here. 69 00:02:39,627 --> 00:02:40,867 So in my particular case, I'll say, 70 00:02:40,867 --> 00:02:43,556 well, I wanna add a static IP address. 71 00:02:43,556 --> 00:02:44,906 Well, we can see from here that 72 00:02:44,906 --> 00:02:46,243 IP is probably what I want to do. 73 00:02:46,243 --> 00:02:48,346 IP what, what should I do? 74 00:02:48,346 --> 00:02:50,343 IP and you can actually see, it gives you an example. 75 00:02:50,343 --> 00:02:54,510 IP, the address, the mask, and then the default gateway. 76 00:02:55,831 --> 00:02:57,635 So, my particular case if I want this guy 77 00:02:57,635 --> 00:03:01,802 to be 4.4.4.1, I would just type IP 4.4.4.1/24, 78 00:03:04,884 --> 00:03:08,674 and then this default gateway is 4.4.4.2. 79 00:03:08,674 --> 00:03:10,257 So you can see, it's a little bit of a different 80 00:03:10,257 --> 00:03:13,941 syntax than typing an IP address on a router's interface, 81 00:03:13,941 --> 00:03:16,248 where you actually type IP address. 82 00:03:16,248 --> 00:03:18,356 Here, you just type, as you can see. 83 00:03:18,356 --> 00:03:19,339 Now, there's one. 84 00:03:19,339 --> 00:03:22,044 Before I go any further with VPCS, 85 00:03:22,044 --> 00:03:25,235 one very important thing you have to remember. 86 00:03:25,235 --> 00:03:26,928 Let's think about routers for a second. 87 00:03:26,928 --> 00:03:29,632 If you make a change in your router's configuration, 88 00:03:29,632 --> 00:03:33,058 you're making a change in the running configuration, right? 89 00:03:33,058 --> 00:03:35,616 So, what happens if you stop that router, 90 00:03:35,616 --> 00:03:37,419 and you haven't saved those configs, 91 00:03:37,419 --> 00:03:40,239 or you completely stop your project. 92 00:03:40,239 --> 00:03:41,955 Anything in your running config that has 93 00:03:41,955 --> 00:03:43,752 not been saved, is gone. 94 00:03:43,752 --> 00:03:44,599 It's wiped out. 95 00:03:44,599 --> 00:03:46,690 So that's why, as hopefully by this point in time 96 00:03:46,690 --> 00:03:48,776 you know, with routers, you should always issue 97 00:03:48,776 --> 00:03:51,671 the right memory command or the Copy, Run, Start 98 00:03:51,671 --> 00:03:53,632 command after you make changes. 99 00:03:53,632 --> 00:03:56,639 Well in a similar way, these Virtual PCs, 100 00:03:56,639 --> 00:03:58,491 when you make a change so their configuration, 101 00:03:58,491 --> 00:04:01,777 like I just did here, you have to save it. 102 00:04:01,777 --> 00:04:04,228 If you don't, the moment you turn off that 103 00:04:04,228 --> 00:04:08,096 Virtual PC or the moment you exit from your GNS3 project, 104 00:04:08,096 --> 00:04:10,871 whatever you configured your Virtual PC for, 105 00:04:10,871 --> 00:04:12,261 his settings will be gone. 106 00:04:12,261 --> 00:04:13,240 It'll vanish. 107 00:04:13,240 --> 00:04:15,112 So, how do we save his settings? 108 00:04:15,112 --> 00:04:18,334 It's simply the save command. 109 00:04:18,334 --> 00:04:19,270 And, that's all you have to do. 110 00:04:19,270 --> 00:04:22,306 So, remember that with your Virtual PC to issue 111 00:04:22,306 --> 00:04:24,522 the save command whenever you make a change. 112 00:04:24,522 --> 00:04:27,756 So, that's a way of configuring a static IP Address, 113 00:04:27,756 --> 00:04:29,708 mask, and default gateway. 114 00:04:29,708 --> 00:04:32,867 What about over here, PC number one? 115 00:04:32,867 --> 00:04:35,812 I wanna configure him as a DHCP client. 116 00:04:35,812 --> 00:04:37,277 Well, this is another powerful thing 117 00:04:37,277 --> 00:04:39,772 we can do here within VPCS. 118 00:04:39,772 --> 00:04:42,522 So I'll just double-click on him, 119 00:04:43,539 --> 00:04:45,706 so I'm on PC one, and now, 120 00:04:46,923 --> 00:04:49,923 if I do ip ?, I can just do ip dhcp. 121 00:04:52,443 --> 00:04:54,565 That's all I have to do. 122 00:04:54,565 --> 00:04:57,517 Now, there are some options if you wish. 123 00:04:57,517 --> 00:05:01,807 But if you just do ip dhcp, the moment you type that, 124 00:05:01,807 --> 00:05:05,378 it will send out a DHCP discover message and attempt 125 00:05:05,378 --> 00:05:07,734 to get an IP address. 126 00:05:07,734 --> 00:05:10,208 Now, this guy already has an IP address, 127 00:05:10,208 --> 00:05:11,680 as you can see, 1.1.1.4. 128 00:05:11,680 --> 00:05:14,026 So, let's see actually how this works in action. 129 00:05:14,026 --> 00:05:16,420 So number one, let's try releasing that address 130 00:05:16,420 --> 00:05:17,584 and getting a new one. 131 00:05:17,584 --> 00:05:20,592 So ip dhcp, and it says right here, 132 00:05:20,592 --> 00:05:24,092 - r, actually -x is to release the address. 133 00:05:25,109 --> 00:05:25,942 So, -x. 134 00:05:27,184 --> 00:05:30,425 Sho ip, okay so now we have nothing, right. 135 00:05:30,425 --> 00:05:33,420 So, -x was to release the address and now it's gone. 136 00:05:33,420 --> 00:05:37,468 Still remember the DNS settings and the DHCP server, 137 00:05:37,468 --> 00:05:39,289 but the address is gone. 138 00:05:39,289 --> 00:05:40,153 So, how do I get a new one? 139 00:05:40,153 --> 00:05:41,236 Just ip dhcp. 140 00:05:43,589 --> 00:05:45,231 I'll explain to you in just a moment 141 00:05:45,231 --> 00:05:47,231 what these letters mean. 142 00:05:48,154 --> 00:05:48,987 And, there we go. 143 00:05:48,987 --> 00:05:52,004 So, what did those letters mean that I was looking at? 144 00:05:52,004 --> 00:05:56,473 This is actually showing you the DHCP decode. 145 00:05:56,473 --> 00:06:00,851 This is the discover, and then you sent another discover, 146 00:06:00,851 --> 00:06:04,277 and then he received a DHCP offer, then the client 147 00:06:04,277 --> 00:06:07,796 sent out a DHCP request, and the transaction 148 00:06:07,796 --> 00:06:12,167 was finished by receiving a DHCP acknowledgement. 149 00:06:12,167 --> 00:06:13,212 And what's kinda nice is you can drill 150 00:06:13,212 --> 00:06:14,962 down even further than that. 151 00:06:14,962 --> 00:06:18,187 If I do ip dhcp ?, you'll see 152 00:06:18,187 --> 00:06:22,423 I can also do -d to actually get a packet decode. 153 00:06:22,423 --> 00:06:24,779 So, let's try that, ip dhcp. 154 00:06:24,779 --> 00:06:28,268 I want to release my address in -d. 155 00:06:28,268 --> 00:06:30,304 I want to see the decode of it. 156 00:06:30,304 --> 00:06:31,698 And there we go, see? 157 00:06:31,698 --> 00:06:34,602 So, he sent out a DHCP Option 53, 158 00:06:34,602 --> 00:06:36,850 which is a release message. 159 00:06:36,850 --> 00:06:39,884 And now, I can do ip dhcp -d 160 00:06:39,884 --> 00:06:43,043 to actually watch the whole process in action. 161 00:06:43,043 --> 00:06:46,384 So now, he's sending out requests. 162 00:06:46,384 --> 00:06:49,528 There's the reply, and then we're done. 163 00:06:49,528 --> 00:06:52,195 So, let's go up to the top here. 164 00:06:54,411 --> 00:06:58,328 Okay, so the first message was a DHCP Discover. 165 00:06:59,426 --> 00:07:02,951 Then he sent out another Discover. 166 00:07:02,951 --> 00:07:04,564 And then, we received back the Offer, 167 00:07:04,564 --> 00:07:05,887 and we can see all the information 168 00:07:05,887 --> 00:07:08,848 that was included in that offer. 169 00:07:08,848 --> 00:07:11,326 Then, we sent out a DHCP Request. 170 00:07:11,326 --> 00:07:12,785 And the final step in the process was 171 00:07:12,785 --> 00:07:16,952 a DHCP server sent back to us, a DHCP acknowledgement. 172 00:07:17,912 --> 00:07:20,267 So, the -d option is very useful in this 173 00:07:20,267 --> 00:07:23,119 particular case as far as DHCP is concerned, 174 00:07:23,119 --> 00:07:26,023 if you want to actually watch the DHCP transaction. 175 00:07:26,023 --> 00:07:28,187 Now, you might be wondering, now wait a second Keith, 176 00:07:28,187 --> 00:07:31,589 who is the DHCP server in this particular topology? 177 00:07:31,589 --> 00:07:35,130 Well, as you go through your CCNA studies, 178 00:07:35,130 --> 00:07:36,152 one of the things they're gonna expect 179 00:07:36,152 --> 00:07:40,642 you to know is how to configure a router as a DHCP server. 180 00:07:40,642 --> 00:07:42,549 I'm not gonna go into the details of that right now. 181 00:07:42,549 --> 00:07:45,926 I will show you that I've done that on router two. 182 00:07:45,926 --> 00:07:48,593 If I show you his configuration, 183 00:07:51,830 --> 00:07:53,754 right up here towards that top is 184 00:07:53,754 --> 00:07:55,765 the DHCP configuration configuring this 185 00:07:55,765 --> 00:07:59,193 particular router as the DHCP server. 186 00:07:59,193 --> 00:08:01,864 So, that was already pre-done. 187 00:08:01,864 --> 00:08:04,541 Let's get back to VPCS here for a moment. 188 00:08:04,541 --> 00:08:08,995 So another powerful tool of VPCS, you can ping from it. 189 00:08:08,995 --> 00:08:12,245 For example, I can ping from PC1 to PC3 190 00:08:13,475 --> 00:08:15,028 to see if my routing and frame relay 191 00:08:15,028 --> 00:08:15,968 and everything is set up. 192 00:08:15,968 --> 00:08:19,135 So, let's see if PC1 can ping 5.5.5.1. 193 00:08:21,283 --> 00:08:23,116 Let's see if it works. 194 00:08:29,126 --> 00:08:31,468 We're getting a time out, 195 00:08:31,468 --> 00:08:34,862 and then the ping is successful. 196 00:08:34,862 --> 00:08:36,736 Now you might be thinking, okay Keith, but big deal. 197 00:08:36,736 --> 00:08:39,493 I mean, I can ping from a router. 198 00:08:39,493 --> 00:08:41,392 Why use this Virtual PC? 199 00:08:41,392 --> 00:08:44,549 Well, the Virtual PC for one thing uses a lot less 200 00:08:44,549 --> 00:08:47,480 memory than another router instance does. 201 00:08:47,480 --> 00:08:49,200 So yes, you could have put a router 202 00:08:49,200 --> 00:08:51,869 into your topology and had that router set up as 203 00:08:51,869 --> 00:08:54,959 a DHCP client, and watched the DHCP transaction. 204 00:08:54,959 --> 00:08:56,559 Sure you could have done that. 205 00:08:56,559 --> 00:08:59,095 Sure you could ping from a router and watch that 206 00:08:59,095 --> 00:09:00,959 and test your access lists and stuff. 207 00:09:00,959 --> 00:09:02,928 But remember, that router is using up 208 00:09:02,928 --> 00:09:07,274 a lot more memory in your laptop than VPCS is. 209 00:09:07,274 --> 00:09:09,309 And, there's things you can do from here 210 00:09:09,309 --> 00:09:12,349 within VCPS that you can't do within a router. 211 00:09:12,349 --> 00:09:16,663 For example, look what happens when I type pin ?. 212 00:09:16,663 --> 00:09:18,246 I can do UDP pings. 213 00:09:19,246 --> 00:09:21,538 I can do TCP pings. 214 00:09:21,538 --> 00:09:23,955 I can set any, if I'm doing a TCP ping, 215 00:09:23,955 --> 00:09:27,669 I can set any of the flags within the Tcp header. 216 00:09:27,669 --> 00:09:29,421 What if I'm testing quality of service, 217 00:09:29,421 --> 00:09:31,054 and I need to have a packet generator. 218 00:09:31,054 --> 00:09:33,926 I wanna see if my quality of service policers, 219 00:09:33,926 --> 00:09:37,080 or our markers or stuff are working correctly. 220 00:09:37,080 --> 00:09:39,339 Well, how would you create a packet generator 221 00:09:39,339 --> 00:09:41,049 out of a Syscall Router? 222 00:09:41,049 --> 00:09:42,555 It would be kinda hard to do. 223 00:09:42,555 --> 00:09:44,148 A ping's not gonna do it. 224 00:09:44,148 --> 00:09:48,082 But here with VPCS, I could ping via UDP, 225 00:09:48,082 --> 00:09:50,968 and do it like every five seconds. 226 00:09:50,968 --> 00:09:52,926 And then, I could use the -t option 227 00:09:52,926 --> 00:09:55,160 to say, just keep going. 228 00:09:55,160 --> 00:09:56,660 For example, ping. 229 00:09:58,585 --> 00:09:59,719 Who do I want to ping? 230 00:09:59,719 --> 00:10:00,552 5.5.5.1. 231 00:10:01,502 --> 00:10:05,669 Now, I wanna do -2, because I want to be in UDP mode, 232 00:10:06,606 --> 00:10:09,510 and then I wanna do -i, and I'll have those 233 00:10:09,510 --> 00:10:13,343 pings go out every 10 milliseconds, that's -i. 234 00:10:15,369 --> 00:10:17,429 And then, I'm gonna do -t. 235 00:10:17,429 --> 00:10:20,929 Keep those pings going, until I stop them. 236 00:10:21,889 --> 00:10:23,992 And, there they go. 237 00:10:23,992 --> 00:10:25,472 Now, let's keep running with them for a moment. 238 00:10:25,472 --> 00:10:27,020 I'll just keep letting them go. 239 00:10:27,020 --> 00:10:30,983 Now if I go over my router, router two, 240 00:10:30,983 --> 00:10:32,239 on router two, let's go ahead and check 241 00:10:32,239 --> 00:10:34,727 out those that are going through him right now, 242 00:10:34,727 --> 00:10:36,781 and they should be coming in Fast Ethernet 0/0 243 00:10:36,781 --> 00:10:40,091 and going out Serial 2/0. 244 00:10:40,091 --> 00:10:42,261 So if I had some sort of policer or something 245 00:10:42,261 --> 00:10:44,562 else like that configured for quality of service, 246 00:10:44,562 --> 00:10:47,610 maybe I applied it to Serial 2/0. 247 00:10:47,610 --> 00:10:50,065 Let's see what the actual output rate is right now, 248 00:10:50,065 --> 00:10:55,019 considering massive UPD pings are leaving on that interface. 249 00:10:55,019 --> 00:10:56,754 All right, so let's go to router two. 250 00:10:56,754 --> 00:10:59,004 Sho int ser 2/0. 251 00:11:02,484 --> 00:11:04,436 We can see that right now, the output rate 252 00:11:04,436 --> 00:11:07,201 is about 16,000 bits per second. 253 00:11:07,201 --> 00:11:09,768 Now, I tried this before I did this recording 254 00:11:09,768 --> 00:11:13,257 and if you wait, oh about five or six minutes, 255 00:11:13,257 --> 00:11:16,395 this will get up, not too far. 256 00:11:16,395 --> 00:11:19,079 It'll go, I waited for about three or four minutes 257 00:11:19,079 --> 00:11:22,367 and it got up to about 64,000 bits per second. 258 00:11:22,367 --> 00:11:25,051 But as far as just QOS testing is concerned, 259 00:11:25,051 --> 00:11:26,132 that's fine, right? 260 00:11:26,132 --> 00:11:27,686 If you just wanna create a simple policer 261 00:11:27,686 --> 00:11:31,437 and try to police this down to three kilobits per second 262 00:11:31,437 --> 00:11:33,975 or eight kilobits per second, you could do that. 263 00:11:33,975 --> 00:11:36,566 But in order to test a policer, you have to have 264 00:11:36,566 --> 00:11:38,902 some traffic coming in to police it. 265 00:11:38,902 --> 00:11:42,090 So, this VPCS can be used to generate that traffic. 266 00:11:42,090 --> 00:11:44,407 But, we're not done yet. 267 00:11:44,407 --> 00:11:46,907 So, let me go back to my VPCS. 268 00:11:48,483 --> 00:11:51,163 Control C, break out of it. 269 00:11:51,163 --> 00:11:53,846 For you aspiring CCNA candidates, 270 00:11:53,846 --> 00:11:56,343 you're gonna be learning about Cisco access lists. 271 00:11:56,343 --> 00:11:57,804 How do you test your access lists? 272 00:11:57,804 --> 00:12:00,155 Well certainly, you can create simple 273 00:12:00,155 --> 00:12:03,571 access lists like blocking telnet or blocking ping, 274 00:12:03,571 --> 00:12:05,605 because telnet and ping traffic is stuff you 275 00:12:05,605 --> 00:12:07,378 can source from a router, right? 276 00:12:07,378 --> 00:12:09,403 You can jump onto a router, and from that router, 277 00:12:09,403 --> 00:12:11,332 you can type ping or telnet, 278 00:12:11,332 --> 00:12:13,172 and then see if your access list works. 279 00:12:13,172 --> 00:12:14,476 But if you want, what if you want to create 280 00:12:14,476 --> 00:12:17,317 some more complex access lists that are maybe 281 00:12:17,317 --> 00:12:21,384 blocking or permitting certain TCP ports or UDP ports. 282 00:12:21,384 --> 00:12:23,761 In that case, how would you generate the traffic 283 00:12:23,761 --> 00:12:25,883 to actually test that access list? 284 00:12:25,883 --> 00:12:29,554 You could do it from right here within VPCS. 285 00:12:29,554 --> 00:12:33,246 As an example, on router four here, 286 00:12:33,246 --> 00:12:35,077 I have created an outbound access list 287 00:12:35,077 --> 00:12:37,149 of Fast Ethernet 0/0. 288 00:12:37,149 --> 00:12:38,935 And, that outbound access list is permitting 289 00:12:38,935 --> 00:12:41,935 all traffic except UDP traffic going 290 00:12:42,977 --> 00:12:45,894 to port number 99 as a destination. 291 00:12:47,067 --> 00:12:47,900 Sh run. 292 00:12:50,389 --> 00:12:52,844 So you can see here, I applied the access list. 293 00:12:52,844 --> 00:12:55,254 There's the access group outbound. 294 00:12:55,254 --> 00:12:57,837 And if I go to access list 101, 295 00:13:00,049 --> 00:13:01,843 here is that access list. 296 00:13:01,843 --> 00:13:05,074 Denying all UDP traffic from the 1.1.1 network 297 00:13:05,074 --> 00:13:08,402 to the 5.5.5 network if the destination UPD 298 00:13:08,402 --> 00:13:12,696 port number is 99, and then permitting everything else. 299 00:13:12,696 --> 00:13:14,660 So, how would I test that? 300 00:13:14,660 --> 00:13:17,243 Well, let's go back to my VPCS. 301 00:13:18,553 --> 00:13:19,470 So, ping ?. 302 00:13:20,731 --> 00:13:23,844 All right, so why don't we do ping 5.5.5.1, 303 00:13:23,844 --> 00:13:28,011 that's the remote PC, and why don't we do -2 for UDP, 304 00:13:29,666 --> 00:13:31,291 and then let's do -p. 305 00:13:31,291 --> 00:13:33,229 And notice, it's a lowercase p here. 306 00:13:33,229 --> 00:13:36,193 Very important that you select the lowercase p 307 00:13:36,193 --> 00:13:37,480 for the port number, as opposed to 308 00:13:37,480 --> 00:13:40,076 the uppercase P for protocol, which is 309 00:13:40,076 --> 00:13:43,078 the IP protocol in the IP header. 310 00:13:43,078 --> 00:13:46,346 So, I'm gonna do -p, and let's start out with the port 311 00:13:46,346 --> 00:13:47,864 number that should be okay. 312 00:13:47,864 --> 00:13:51,127 The access list should allow UDP pings 313 00:13:51,127 --> 00:13:53,747 going to destination port 90. 314 00:13:53,747 --> 00:13:55,427 Might get a timeout for one or two of 'em, 315 00:13:55,427 --> 00:13:56,286 but then they should work. 316 00:13:56,286 --> 00:13:58,166 There we go, so now, they're working. 317 00:13:58,166 --> 00:14:00,092 Now, let's test to see if the access list works. 318 00:14:00,092 --> 00:14:03,282 Let's change that destination port number to 99. 319 00:14:03,282 --> 00:14:06,352 The access list is supposed to drop that. 320 00:14:06,352 --> 00:14:07,386 And, it is. 321 00:14:07,386 --> 00:14:10,742 We're getting communication administratively prohibited. 322 00:14:10,742 --> 00:14:14,508 So, this is a great way to also test your access lists. 323 00:14:14,508 --> 00:14:16,850 There's a lot of other things this can do here as well. 324 00:14:16,850 --> 00:14:19,351 One other thing I wanna show you, which is really neat. 325 00:14:19,351 --> 00:14:22,768 If you just do set ?, you'll see that one 326 00:14:24,885 --> 00:14:28,052 of the options is the set dump option. 327 00:14:29,678 --> 00:14:32,011 So, you can do set dump all, 328 00:14:35,044 --> 00:14:38,219 and what this does, it's actually like doing 329 00:14:38,219 --> 00:14:41,585 a debug packet all on a router. 330 00:14:41,585 --> 00:14:43,944 This basically says now, any packet that this 331 00:14:43,944 --> 00:14:46,568 PC sends out, whether it be a UDP ping, 332 00:14:46,568 --> 00:14:50,141 a TCP ping, whatever, I wanna see all of it. 333 00:14:50,141 --> 00:14:54,308 So for example, let's do that same UDP ping I just did. 334 00:14:55,556 --> 00:14:58,626 See now, we get a lot more information about it. 335 00:14:58,626 --> 00:15:02,980 We see the 3.3.3.2, so that's the actual address 336 00:15:02,980 --> 00:15:06,076 of the router that has the access list on it. 337 00:15:06,076 --> 00:15:08,976 We see the time-to-live, we see milliseconds, 338 00:15:08,976 --> 00:15:10,989 we see the ICMP type code. 339 00:15:10,989 --> 00:15:12,881 Okay, this isn't that big of a deal. 340 00:15:12,881 --> 00:15:14,578 But, look at the real power of this. 341 00:15:14,578 --> 00:15:17,016 What if I want to test out TCP? 342 00:15:17,016 --> 00:15:18,508 Maybe, you just learned about TCP 343 00:15:18,508 --> 00:15:19,536 and you wanna see, okay, I've learned 344 00:15:19,536 --> 00:15:21,803 there's this TCP three way handshake. 345 00:15:21,803 --> 00:15:24,362 I've learned a little bit about the TCP flags. 346 00:15:24,362 --> 00:15:27,278 So, I wanna see some of that stuff in action. 347 00:15:27,278 --> 00:15:29,695 Well, we can do this, ping ?. 348 00:15:31,345 --> 00:15:33,178 Let's do ping 5.5.5.1. 349 00:15:34,184 --> 00:15:38,612 Now remember, we still have the set dump all configured. 350 00:15:38,612 --> 00:15:41,083 Right, that didn't stop, right there. 351 00:15:41,083 --> 00:15:42,675 Set dump all. 352 00:15:42,675 --> 00:15:46,840 It's sort of like a debug all in the world of VPCS. 353 00:15:46,840 --> 00:15:49,299 So, we'll do ping 5.5.5.1. 354 00:15:49,299 --> 00:15:51,382 Let's do -3 for TCP mode, 355 00:15:53,247 --> 00:15:56,124 and why don't we do a, that's it. 356 00:15:56,124 --> 00:15:57,377 Well, just do that. 357 00:15:57,377 --> 00:15:59,544 But, TPC pings to 5.5.5.1. 358 00:16:07,872 --> 00:16:10,907 Okay, so something is blocking this. 359 00:16:10,907 --> 00:16:12,574 Can we ping 5.5.5.1? 360 00:16:14,320 --> 00:16:15,676 Yeah, we can still ping it. 361 00:16:15,676 --> 00:16:18,009 We just can't do a TCP ping. 362 00:16:20,600 --> 00:16:22,683 Sequence two, 5.5.5.1 -3. 363 00:16:23,851 --> 00:16:28,098 - 3 is supposed to be TCP mode, all right. 364 00:16:28,098 --> 00:16:30,695 Well, let's go over to our routers 365 00:16:30,695 --> 00:16:33,818 real quickly and troubleshoot this. 366 00:16:33,818 --> 00:16:37,985 First of all, let me look at my access list on router four. 367 00:16:39,394 --> 00:16:41,164 So, I'm denying UDP. 368 00:16:41,164 --> 00:16:43,738 I'm permitting all other IP. 369 00:16:43,738 --> 00:16:45,976 So, that should be all right, okay? 370 00:16:45,976 --> 00:16:49,809 Let's now go over to the remote PC of 5.5.5.1, 371 00:16:52,062 --> 00:16:57,007 and let's verify that he actually has an IP address. 372 00:16:57,007 --> 00:17:01,294 And he is 5.5.5.1, and his default gateway is 5.5.5.2. 373 00:17:01,294 --> 00:17:03,824 All right, that looks good. 374 00:17:03,824 --> 00:17:07,336 So, there's no reason I can think of at this point 375 00:17:07,336 --> 00:17:10,590 why those TCP pings were not functional. 376 00:17:10,590 --> 00:17:14,463 Let's set the dump to off, set dump off. 377 00:17:14,463 --> 00:17:16,387 That's sort of like an undebug all 378 00:17:16,387 --> 00:17:18,880 in the world of Cisco terminology. 379 00:17:18,880 --> 00:17:19,963 Ping 5.5.5.1. 380 00:17:25,438 --> 00:17:28,188 Okay, well -3 should be TCP mode. 381 00:17:29,736 --> 00:17:31,375 And just like a Cisco router, you can use 382 00:17:31,375 --> 00:17:33,683 the up and down arrows on your keyboard 383 00:17:33,683 --> 00:17:35,938 because it does keep a command history 384 00:17:35,938 --> 00:17:37,146 of what you've done. 385 00:17:37,146 --> 00:17:41,313 Ping 5.5.5.1 -3, and we'll do a count of three of them. 386 00:17:48,834 --> 00:17:50,434 Okay, so that's working. 387 00:17:50,434 --> 00:17:52,226 All right, so now let's turn the set dump back on. 388 00:17:52,226 --> 00:17:53,309 Set dump all. 389 00:17:55,816 --> 00:17:58,316 And, let's do that ping again. 390 00:18:08,649 --> 00:18:09,533 Hmm, okay. 391 00:18:09,533 --> 00:18:10,950 Well, set dump ?. 392 00:18:16,599 --> 00:18:19,342 Ah, it's set dump detail. 393 00:18:19,342 --> 00:18:23,239 That's what we're looking for, set dump detail. 394 00:18:23,239 --> 00:18:26,700 That's like an IP packet detail. 395 00:18:26,700 --> 00:18:30,033 All right, now let's do that ping again. 396 00:18:34,021 --> 00:18:35,524 There we go, that's what I was looking for, 397 00:18:35,524 --> 00:18:38,398 set dump detail is what we were looking for. 398 00:18:38,398 --> 00:18:41,027 So, let's go ahead and after our ping is done here, 399 00:18:41,027 --> 00:18:44,708 which I think it's done, set dump off. 400 00:18:44,708 --> 00:18:47,407 And starting at the top, 401 00:18:47,407 --> 00:18:49,571 we can see the detail we were looking for. 402 00:18:49,571 --> 00:18:52,293 So, let's go all the way to the top of this TCP stream. 403 00:18:52,293 --> 00:18:55,259 Okay, so here was when I did my TCP ping. 404 00:18:55,259 --> 00:18:59,198 So here we see, source address, destination address. 405 00:18:59,198 --> 00:19:00,531 Protocol is TCP. 406 00:19:01,396 --> 00:19:03,756 Acknowledgement number, sequence number, flags. 407 00:19:03,756 --> 00:19:06,524 This is the sync, this is the TCP sync. 408 00:19:06,524 --> 00:19:10,158 Here is the incoming sync ack, and the ack. 409 00:19:10,158 --> 00:19:12,719 So right here, these three show me all the details 410 00:19:12,719 --> 00:19:14,947 of my TCP 3 way handshake. 411 00:19:14,947 --> 00:19:18,331 Now, we can see the push bit and the ack bit are set. 412 00:19:18,331 --> 00:19:19,645 So as you can go through this, you can get 413 00:19:19,645 --> 00:19:21,889 a lot more information than you normally could 414 00:19:21,889 --> 00:19:26,399 in just a regular debug IP packet within a router, 415 00:19:26,399 --> 00:19:28,201 using the set dump detail. 416 00:19:28,201 --> 00:19:30,777 And once again, set dump off was the way 417 00:19:30,777 --> 00:19:32,527 that you turn it off. 418 00:19:33,528 --> 00:19:37,404 So, there's a lot more that you can do with Virtual PCs. 419 00:19:37,404 --> 00:19:41,030 I would encourage you to Google VPCS. 420 00:19:41,030 --> 00:19:43,467 There's a lot of documentation out there on it. 421 00:19:43,467 --> 00:19:45,695 But hopefully in this video, I've given you 422 00:19:45,695 --> 00:19:48,362 a good starting point as far as some good ideas 423 00:19:48,362 --> 00:19:50,825 as to ways you can use this to test 424 00:19:50,825 --> 00:19:54,505 various features and protocols in your topology. 425 00:19:54,505 --> 00:19:57,422 (electronic music)