Do I Really Need an Ooma?

The Ooma targets consumers that want to save money on their phone bills, but don’t want to pay high costs for VoIP services like Vonage users do. Ooma relies instead on the high initial cost to offset the mostly-free price of the VoIP service. A Premier service is also offered at a monthly rate, but isn’t required for basic usage.

Ooma Pricing Details

Ooma is described as mostly free, since you will still be paying taxes on the service. Ooma Telo users will also pay a $12 annual fee after their first year of usage. This amounts to about $20 each year, depending on how your state handles taxation.

Ooma Premier

Ooma offers a Premier service that costs $9.99 each month, or $119.99 each year. Note that you do not need the Premier service to have the Ooma. Major benefits of the Premier are as follows:

• Advanced Calling – Users will get a second number, a backup number for ringing your mobile phone if you miss a call, and the ability to use Google Voice.
• Enhanced Voicemail – Do not disturb settings, call screening, voicemail forwarding, and voicemail transcription that will email voicemails to a specified email address.
• Privacy – Built in blacklisted numbers, caller ID, and ability to block anonymous calls.
• Promotions – Sign up for the Ooma Premier Service for a year in advance and you will get a free Ooma Bluetooth Adapter, an Ooma Telo Handset, or a free number port. The handset usually goes for about $50, so it’s the best deal of the bunch.

The Verdict

So do you need an Ooma? It depends on the phone services you currently have.

A popular setup: get the Ooma and have a mobile phone put on a prepaid plan. You then use the Ooma for all calls except emergencies. Using this route, you will pay about $10-$20 each month in prepaid dues– and the Ooma pays for itself in about a year.

If you happen to have an iPhone, just download the Ooma app in the Apple store and you can completely bypass your regular expenditures on voice plans. Android users are also getting an application within the next year.

Businesses like the Ooma as well, as it can be written off as a business expense. The Ooma works best in a small business environment since each base station supports a limited number of headsets.

The Ooma Hub and The Ooma Telo – Which to Buy?

So you are interested in the Ooma: now you must choose between the Ooma Hub and the Ooma Telo.

The Hub is the older of the two models, and looks more like a Charlie’s Angel prop than an actual VoIP solution. But the Ooma Telo isn’t all about looks, as it packs a few more features the Hub doesn’t have:

• Online Phonebook – Manage contacts over the Internet and have them sync to your Ooma headset automatically. This is great for putting in a lot of numbers at once; complete with names, email addresses, home addresses, and pictures. It’s likely that in the future, the Ooma headset will support picture ID calling and contact organization straight from the headset.
• HD Voice - The Clear Voice feature that Ooma rolled out is only available to Telo customers. The difference isn’t life-changing, but it is noticeable. The voice quality of the Telo surpasses your average mobile phone, so long as the Internet service plan you have is sufficient.
• Ooma Headsets - The Ooma headset allows customers to take a phone call anywhere in their home- a great asset for when multitasking. Compared to other headsets, the only major benefits would be the contact syncing, caller ID, and one-touch voicemail.
• USB Port - The USB port supports Bluetooth technology, so that one may use a number of peripherals with the system.

Looking at the list, you could get by with the Hub and not notice much of a difference. There are a few reasons Hub owners are still smiling:

• No Regulatory Fee – Ooma put in a $12 fee, to be paid annually, in order to recoup costs on their mostly-free service. This was enacted after the Hub was released, so Hub users do not pay it.
• Premier Features – Some of the Premier features are free for Hub users. This only includes basic voicemail and caller ID, however.

The Verdict

Most users will still want to side with the Ooma Telo for several reasons.

First, the Ooma Telo is the latest model, and will be the model that receives all of the future upgrades that the Ooma team is working on.

The price difference is negligible. You will be paying only about $20 extra each year with the Telo, and yet you will have all the added features.

It’s true that the Ooma Telo is not completely free like the Ooma Hub may be with basic service. The bottom-line is that it is still $20 a year for basic service, and a little over $100 each year for Premier. Most mobile and landline users will be paying $50-$100 each month instead.

Getting Down To Business – Installation

The installation process was surprisingly simple. You must have a high speed Internet connection, the ability to plug in a few wires, and about ten minutes to spare while the Ooma updates its firmware automatically.

You will then go through the process of setting up a number using their website. You may find that the numbers in your area are extremely limited. For Missouri-based numbers, there were few choices for large cities like Columbia. As a result, you may have to settle for a number that is an hour or two away from your location. (A St Louis number in our case)

Setting options from there is simple as can be- and Ooma will even enroll you into their Premier service for free. Just remember that you will be automatically billed $9.99 each month for the service if you don’t cancel it before the free trial is over.

Quality of Service and Routing

If you have installed the Ooma and have noticed jitter or poor call quality you may have to enable Quality of Service settings, or QoS, in your router.

The manual suggests that the Ooma be put in between your modem and the router to bypass any firewall or port issues. The problem remains that others using the Internet may be interrupting the Ooma signal even when doing this.

Newer routers such as the NETGEAR WNDR3700 will have the ability to assign the proper QoS settings to each device on your network. Be warned– this is not for the technology impaired. If you aren’t sure what a MAC address or IP address is, you will need help from a tech savvy friend. Luckily, the Ooma forums have helpful threads to show you how to conduct the changes yourself if you aren’t opposed to learning.

Also search for a router that has dual-band technology. The NETGEAR WNDR3700 is about as good as it gets in throughput, speeds, and QoS. Expect to pay around $130 for this kind of routing power.

Beware – You Are At The Mercy of Your ISP

The Ooma VoIP system can only function as well as your Internet connection allows it to. You will need an Internet package that can support a high upload and download rate to account for the VoIP traffic, in addition to other traffic that will be on the network.

Some ISPs will not prioritize VoIP traffic. Mediacom, a popular ISP, has been known to do this. Just know that when network congestion reaches its peak you may not have perfect call quality as you might with other ISPs. Having the proper router and Internet package will circumvent any shortcomings of non-prioritized traffic.

Post-Install – Investigating Ooma Features

One of my favored features of the Ooma is that the online web panel is so easy to use. Whether you need to track a call down or listen to your voicemail with the click of a mouse, it’s all here.

Ooma went a step further and integrated some fun statistics. You will be able to see a favorite callers list, total minutes spent talking, and total number of calls. Now all that is left is to add achievements. (Sorry, non-Xbox readers- you’re out in the cold on this one)

The online Rolodex is also a life saver for when you need to keep track of personal contacts, business contacts, and all the rest. The fact you can sync all the data to your headset automatically is a huge time saver.

Will Ooma Go Out of Business?

There is a large concern that the Ooma company will go out of business. If offered the ability to not pay for phone service- a lot of people won’t.

The fact remains that the Ooma brand has over $100 million in funding capital to support it. They boast well over 100,000 customers- and they recoup their costs through selling the Ooma Premier service.

Ooma Telo users also pay a $12 fee on an annual basis to recoup costs, giving the company an extra padding for those who don’t use the Premier.

You can buy the Ooma today it will pay for itself within a year. If the Ooma company ever did go out of business, you would have long recovered what you paid for it.

It’s simple: it’s possible the company will go under, but it won’t happen any time soon. The company is rolling out new features constantly, from phone apps to new phone services. They haven’t lost their steam yet!

Closing Comments – A Personal Account

I’ve put the Ooma to work for the past month. It’s handled all calls exceptionally except about two weeks into my service. I had to buy a new router and install the proper QoS settings to ensure the Ooma was getting the priority in all Internet traffic. Problem solved!

The handset can be clunky. It’s slow to react when pushing buttons- but if I had to make the decision once more, I’d pay for it again. The syncing feature, the one-touch voicemail, and the ease of use are all features just too beneficial to ignore.

The Telo system is just aesthetically impressive. It always gets compliments when visitors come over. And of course, I get the same compliments when I call out and the second party can hear more than just my voice– but my actual tone, hue, and pitch.

I believe it to be a solid purchase decision and I’m well on my way to paying it off in saved mobile expenses.

World Data Products, a hardware lifecycle management company based in Minnesota, caught my eye with their free Cisco poster offer.

Not one to pass up geeky wall memorabilia, I sent them my contact information here. It only took about two minutes to fill out the form and have it queued for mailing.

Around a month later I had long forgotten about the poster, until I received it in the mail along with this accompanying letter:

Dear XXX,

Thank you for your interest in World Data Products. Enclosed you will find the Cisco Poster you requested from our website. This has been recently updated to include new router, switch, and firewall models and provides at-a-glance information on model capacities, interface cards, and available features. We hope you find this a valuable reference tool for network planning, network implementations and upgrades.

As the industry leader in Hardware Lifecycle Management, we deliver world-class solutions for server, storage, and network applications. Covering everything from planning thru disposal & recycling, World Data Products is committed to delivering the highest level of expertise available.

I will be following up with a phone call to ensure you’ve received the poster and answer any questions you might have about World Data Products and Hardware Lifecycle Management. If you have any questions or need help with any of your server, storage, or network needs, please don’t hesitate to ask.

Sincerely,

Jay Roemhildt

World Data Products

What The Cisco Poster Contains

It wasn’t immediately clear as to what the poster consisted of when I saw the offer on their website. There wasn’t much information regarding the poster and the sample image (seen above) is too small to actually read anything.

The poster outlines the major routers and switches and their specifications. Some specifications include:

• Flash memory
• Amount of switching ports
• Slots for different network modules
• Power supply information
• Throughput
• VLAN Maximums

I arrived at the conclusion that this poster is perfect for a Cisco Academy class or for a workplace. It provides good reference for building new networks or just for new students to get an idea on what Cisco offers.

Closing Comments

I did decide that the poster was perhaps too technical for something I would need in my home; I ended up donating it to the local community college.

Now if WDP, the kind souls they are, would create a quick Cisco router configuration cheat sheet- it would be in my room without a second thought. Even when I’m not tinkering with my own routers and switches on my home network, I’m always using Packet Tracer to create new labs and tutorials. It would be nice to look up from my desk and see the basic IOS commands instead of having to consult the Cisco Bible or different websites. Something to think about, World Data Products! (hint hint)

I’d like to personally thank WDP for their generosity and urge them to keep up the great work!

By this time, you should already have the Packet Tracer download and have it installed on your computer. Open the program and select the router from the lower left-hand corner, and drag it into the center of the sandbox screen as seen below. (Click for larger picture)

We will be setting up a very basic network that allows two computers to communicate, so the next step is to select end devices from the bottom left-hand corner and drag it to the sandbox screen. Do this twice to make two computers appear below the router.

Now select connections from the same bottom left-hand corner. When you connect like-devices(Such as a router and computer)  you use a crossover cable, so you should select copper cross-over cable from the second menu to the immediate right. Click on Router0, and connect the cable via FastEthernet0/0 as seen below:

Now click the PC0 and select FastEthernet. You will notice that although a link is established, it is not functional. You can tell by the red dots that are present on both ends of the connection. Once the router is configured correctly, the red dots will turn green to indicate the devices are able to communicate.

Do the same operation to PC1, only this time connect the cable to FastEthernet0/1 since FastEthernet0/0 is already taken by PC0. Your network should be similar to the one below at this point:

Configuring The Router In Packet Tracer

A router that is turned off doesn’t work very well! Click on your router to bring up the configuration menu and verify that it is turned on.When on, there will be a small green light below the switch as seen in the diagram.

Next we have to open the Ethernet ports to allow communication. Although they are physically connected, they are in a state that is known as being in administrative shut down. Now click on the CLI tab to access the configuration menu. If you’ve used the Cisco IOS before, you will notice it looks and acts the same way.

1. Press RETURN to start the session

2. Type enable to get to privileged mode (this gives you more options in configuring the router)

3. Type config terminal (or config t for short) to access the configuration menu.

4. Type interface fastethernet0/0 to access Ethernet0/0

5. Type ip address 192.168.10.1  255.255.255.0 to assign an IP address and subnet mask to the interface.

6. Type no shutdown to open the interface up for business.

That’s it! You should now see a message similar to the following:

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Now we have to do the same thing for fastethernet0/1. If you don’t, there still won’t be a connection to PC1! Make sure to enter the IP address carefully as seen below:

1. Press Ctrl + Z to go back to the previous mode.

1. Type interface fastethernet0/1

2. Type ip address 192.168.20.1  255.255.255.0

3. Type no shutdown

At this point our router is configured properly. If you test out a ping, you will notice that the computers still don’t communicate, however!

Configuring The Gateway In Packet Tracer

Our last step is to configure the gateway on each desktop computer. The gateway is the address we assigned to the Ethernet port that the desktop is connected to. It will allow the computer to interface with another network, so our ping won’t work without it!

Click on PC0 to bring up the configuration menu. Under global settings you will find a field for the gateway. Enter the corresponding IP address of the router’s interface, which is 192.168.10.1. Then click the FastEthernet tab on the left column to set the actual computer’s IP address to be on the network. Use 192.168.10.2 for the IP address, and 255.255.255.0 for the subnet mask.

Do the same thing for PC1, only use 192.168.20.1 for the gateway address, 192.168.20.2 for the IP address, and 255.255.255.0 for the subnet mask. You can confirm that your network works by sending out a packet of information from PC0 to PC1, and vice versa. Click the packet icon on the right menu as seen below:

Click on PC0 and then click PC1. On the lower right of the screen you will see a message box that says “Successful.” If it doesn’t, you may have had a syntax error when putting in an IP address or router configuration command. Review your work or ask for help among the community if you are stuck.

Closing Comments

Congratulations! You have a small working network. A real-world application of this very network would be to have two computers connected to the Internet, whereas the router would then be connected to your telecommunications company. (Or what we would call the “cloud”)

More advanced devices and topologies won’t be so easy, but you’re now on the right path to becoming qualified for the CCNA certification exam.

Packet Tracer 5 has gained its reputation as succeeding where other technology software suites have failed. Whereas one may argue that it’s impossible to teach “hands on” experience through reading and using programs, Packet Tracer 5 throws a few curve balls at students. If you notice that you can’t receive data over the network you’ve just created, you might have to check that you turned the router on first- just as you would when dealing with a real network!

Cisco’s Packet Tracer 5 is ideal for printing out schematics when it comes time to assemble a physical network. Instead of the paper full of scribbles and eraser marks, you can have a freshly-printed schematic designed to perfection. Printing out the running configuration also saves time in initial router setup.

The good news is that Packet Tracer is among the best in network simulation software- and it won’t cost students, alumni, and faculty a single penny to use. Those who have been members of the Cisco Networking Academy will get full access to the program, and its updates, via the Cisco.Netacad.net login portal. The bad news is that the program isn’t public; everyone else will have to find other means of obtaining it.

Help! I’m Not In The Cisco Networking Academy

Cisco doesn’t endorse the ability for outsiders to use their software. Packet Tracer 5 is free software that Cisco gives as an incentive for students to take a CCNA course. Software of its caliber would otherwise cost upwards of several hundred dollars or more.
[Are_PayPal_LoginPlease]
Self-learners are not without options, however, for they may either find alternative sources of downloading the material or side with another software suite.

Alternatives To Packet Tracer 5

The three major competitors are Boson’s Netsim, Dynagen, and GNS-3.

Boson’s Netsim – Netsim is the only one of the three that isn’t open source. Licensing ranges from $199 to $499, depending on the license necessary. Netsim is ideal for classrooms as it comes loaded with tutorials, quizzes, labs, and grading functions.

Dynagen – Dynagen is a front-end used with the Dynamips Cisco router emulator. The documentation isn’t the best for beginners to browse through, but it’s a free solution that is hard to beat.

GNS-3 – GNS-3 is also built to work with Dynamips. It’s considered to be more user-friendly and intuitive than Dynagen. It also offers video tutorials to get started and free support via forum in case problems arise or questions are formulated.

Downloading Packet Tracer 5 From Alternative Sources

You can’t be blamed if you want to stick with Packet Tracer 5. It’s the best there is, and it’s possible if you were to take a class in the future that you would be required to learn it. If you haven’t enrolled in Cisco classes, yet wish to learn more about Cisco networks, you can use the download link below to download the software:

• http://rapidshare.com/files/214896399/Packet_Tracer_5.1.rar

Closing Comments

Don’t expect Packet Tracer 5 to be a walk in the park. It’s a development program, much like AutoCAD, and will take a moderate amount of time in learning. You may browse the included help files in the program or browse tutorials on Learn-Networking.com for a quick start guide on getting ahead in your CCNA course.[/Are_PayPal_LoginPlease]

Enable Password – The Most Basic Of Security Features

The two most basic of passwords a Cisco router can provide support for is the enable password and enable secret commands. Depending on the IOS version, administrators will likely only need to setup the enable secret command.

For Cisco routers running IOS versions before version 10.3, enable password is going to be used. It is the outdated version of the two, and we’ll see why it isn’t used in average applications after we enable it. You can enable this basic password following the commands seen below.

Router> enable

Router# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# enable password mypassword

In this example, mypassword is the new password that is going to be set on the router. Try typing exit and navigate to the privileged mode, as seen below.

Router> enable

Password:

You’ll notice that before we can get into privileged mode, we have to enter the password we set earlier. If you followed the above example, you should be able to input mypassword and press Enter. You are now authenticated for privileged mode!

So why don’t we use the enable password command in most cases? The answer is simple: it’s an outdated format that anyone can have ample opportunity to take advantage of. Try following the below steps and note what you see.

Router# show running-config

Building configuration…

Current configuration : 162 bytes

!

version 12.2

no service password-encryption

!

hostname Router

!

!

enable password mypassword

!

As you can see, anyone can see the password in plain view. This is because it is stored as plain text- no encryption is being used! To help cover this vast security hole, Cisco created the enable secret command. As you can probably guess, it makes use of encryption this time around.

Enable Secret – An Evolved Form Of The Previous Example

Encryption can be a tough subject to tackle. But Cisco has made the process of enabling an encrypted password just as easy as the previous example. In fact, we are only changing one word in the process!

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#enable secret mypassword

Note that many routers will alert the user at this point if they have made the enable secret and the enable password values the same in terms of the password. Although the message that results is just a warning, and administrators can indeed set both to the same thing (although this is not recommended as it will almost defeat the purpose of the enable secret command).

Now let’s go back to the very beginning, and try logging back into privileged mode once more. We’ll take a look at the running configuration in the below example.

Router# show running-config

Building configuration…

Current configuration : 209 bytes

!

version 12.2

no service password-encryption

!

hostname Router

!

!

enable secret 5 $1$mERr$7sOd0mgRuXYhHwfWsV4QZ/

enable password mypassword

!

Notice how the enable secret password is unreadable, while the outdated command enable password is being displayed in plain view! Obviously, it comes as to no surprise that Cisco decided to do away with the command in order to improve network security.

Closing Comments

We’ve discussed only two of the five different passwords that Cisco allows network administrators to take advantage of. If you’d like to take security a step further, be sure to check out the next section that discusses subjects such as Telnet passwords, console passwords, and even auxiliary passwords!

A broadcast, in particular, is a simple message that is sent to all clients on a local area network. But just exactly what enables a network to broadcast a message to every single client on the network?

What is a Broadcast Address?

A broadcast address is an address used to indicate that information being sent out should be delivered to every client on the local area network. These addresses are always the highest number possible in a particular network address or subnet. We’ll cover subnets later, for now let’s take a closer look at the most common broadcast address: Data Link Layer broadcasts.

Broadcasts on the Data Link Layer correspond to MAC addresses. MAC address broadcasts are generally the easiest to understand, since they aren’t affiliated with IP addresses or subnetting. In fact, all you really need to remember is FF:FF:FF:FF:FF:FF. Whereas this MAC address would normally be comprised of different hexadecimal values, it is instead simply all F’s. (As we know, each F stands for the highest number in hexadecimal: 15)

When a MAC address broadcast is sent out, each network interface card on the local area network will see the broadcast address and automatically pass the information up to the upper layers of the OSI model. So far it’s simple- right? Now let’s get back to the subnetting and IP address topics that are present on the Network Layer.

How IP Broadcasts are Sent via the Network Layer

Remember how we stated that broadcast addresses are always the highest-most number in an address range? IP broadcasts are no exception! On a network that isn’t subnetted, we can simply place 1’s in place for each bit in the host portion. The result: our very own broadcast address!

Things are still fairly simple: simply replace each host portion with the highest number you can create with 8 bits: 255. Notice that the network portions do not change- just the host portions.

Sadly, this is where things start to get a little trickier: we need to find the broadcast address of a subnetted network.

How to Find the Broadcast Address of a Subnetted Network

We need two things to find the broadcast address of a subnetted network: an IP address, and the subnet mask. The process is simple: find the inverse of the subnet mask. Then take the result, and logically OR it with the IP address to get the broadcast address.

Of course, we can convert the above binary result to decimal and get the broadcast address of 192.168.16.31. If you aren’t familiar with the OR process, it’s rather simple. If there is a 1 in either the IP or subnet field, then the result will always be a 1. (Otherwise, the result is 0)

Now we know how to find the broadcast address and how it works- but what is it used for?

What are Broadcast Addresses used for?

Broadcasts are generally used for several reasons:

---

• Address Resolution Protocol (ARP) uses broadcasts to map physical addresses to logical addresses. To build the table of hosts, a device needs to send a broadcast to every other device on the network to essentially find out who is where.
• Several types of network protocols and services use broadcasts in the same way. Dynamic Host Configuration Protocol (DHCP), for instance, requires that broadcasts be used to dynamically assign an IP address to computers on a network.
• Routing protocols such as Routing Information Protocol (RIP) use broadcasts to send out “advertisements.” This advertisement is used by routers to map out the topology of a network, so that data can be routed to the appropriate place accordingly. (Interesting enough, this protocol will attempt to find the fasted route through a network to a destination, based on how many “hops” it takes to get from the sender to the receiver.)

---

Final Points of Interest on Broadcasts

Keep in mind that broadcasts will travel to every single client on a network- at least, until a router is encountered. A router is the only device that can separate a broadcast domain. Logically, this is mandatory for the internet to exist. What do you think would happen if broadcasts were being sent from network to network- all over the internet? (Hint: no more Internet.)

Also make note that broadcast addresses should never be used as host addresses. This can be confused in subnetting, where it isn’t always clear where the host portion starts and ends. The broadcast address is reserved as the highest value- and likewise, no IP address should use a broadcast address or problems will arise.

For those of us who don’t think many hours worth of data entry is fun, we turn to DHCP- or Dynamic Host Configuration protocol.

What is DHCP?

Dynamic Host Configuration Protocol was developed to automate the assignment of IP addresses, subnet masks, gateways, and other IP parameters. It allows for much capability- both with the administrator and end-user. It saves the administrator the trouble of modifying IP information every time an implementation or upgrade is conducted. End-users appreciate it since it allows for quick and simple connections to a network- often without any configuration needed.

DHCP was created by the Internet Engineering Task Force (IETF) and became a standard in 1993, where it succeeded the BOOTP protocol. DCHP is actually based on the BOOTP protocol, which can be seen as a simpler and less complex solution to DHCP. The transition was needed since BOOTP was not designed to provide dynamic address assignment. Instead, administrators tediously maintained configuration files for each host on the network. Instead of a multitude of configuration files, a dynamic alternative was created with DHCP.

How Does DHCP Work?

DHCP works within four steps: DHCP discovery, DHCP offers, DCHP requests, and DHCP acknowledgement.

DHCP Discovery

When a computer is connected to a DHCP-enabled network, it will send out a broadcast. This broadcast, known as DHCPDISCOVER, will be sent out in hopes of finding the DHCP server. Optionally, the client will request that the last known IP information the client used on the network be used. (Based on the settings of the DHCP server, this request may be fulfilled or denied.)

DHCP Offers

The DHCP will then receive a lease request from the client. This lease determines how long the client can expect to use the IP information it will obtain from the server. A DHCP message referred to as DHCPOFFER is sent back from the server to the client. This message contains the lease duration, IP address, subnet mask, the client’s MAC address, and the IP address of the DHCP server that issued the message.

DCHP Requests

Upon a successful transaction of information, the client must then tell the DHCP server that the information was indeed received and accepted. A broadcast is initiated with the DHCP server’s IP address. This will tell other possible DHCP servers that they shouldn’t issue IP information to the client, since the client already obtained the necessary information. This will help free up IP addresses for other computers, as only one lease can be obtained per network interface card.

DHCP Acknowledgement

DHCP acknowledgement is the final phase in the information exchange between server and client. In this phase the server obtains the DHCPREQUEST message from the client, and sends back a DHCPACK message. This packet of information includes the lease duration, as well as any configuration information the client may have requested. At this point the process is complete, and the client will configure its IP information accordingly.

Common DHCP Leases

As you’ll recall, the lease is the length of time the client can expect to hold the information obtained by the DHCP server. To fully grasp the need for leases in DHCP configuration, we need to know the significance of the network it is installed on. Leases are commonly set to anywhere from 15 minutes to several months- so what’s the ideal lease time?

---

• 15 Minutes – You may use a lease time of 15 minutes when there are more clients than there are IP addresses. This will ensure that every client on the network will have the capability to access network resources, even though there may not be enough IP addresses present. This may be a good choice for a popular wireless access point, for example. Keep in mind this will lower network performance as a result of an increase in DCHP messages.
• 24 Hours – The default setting on many DHCP servers. This will renew IP information for devices every 12 hours, since we have a 24 hour lease time. (Renew time is 50% of the lease time. If the renewal fails for some reason, it will try again in 6 hours, in our example.) A 24 hour lease time will allow new users to connect to a network on a daily basis- good for both home and work applications.
• 1 Week – This timeframe will allow networks that seldom change to still operate. If a change in network structure does indeed occur, clients will need the changes to propagate throughout the network to function properly. This allows for a certain level of flexibility, but also ensures that the(normally) conservative network isn’t congested with DHCP traffic.
• 4 Months – This lease is more for stable networks that are unlikely to change. In particular they are best suited for educational networks that allow a summer break. Obviously, computers will be unlikely to be used for a period of around 3 months while summer being observed. This will allow networks to keep IP information despite the long inactivity.
• 1 Year – If a user hasn’t used an IP address in 6 months, the user is most likely not coming back. This is good for networks that have a large amount of IP addresses to administer to a wide range of clients. If a user hasn’t come back in 6 months, we can recover the IP information for future use. Obviously, the priority here isn’t for clients- but rather simple housekeeping.
• Infinite – It is highly recommended that lease times not be set as infinite. This will effectively create a set in stone network. If a laptop user happens to request an IP address and never comes back, that IP address is lost for all of infinity. It should be noted that some devices don’t support the infinite lease setting- which may result in server crashes and other related problems.

---

Closing Comments

DHCP is a very commonly used protocol. If you’ve ever looked at a computer’s IP settings and seen the option “Obtain an IP address automatically,” you can be sure DHCP is hard at work. This is the very same hard work that would’ve been given to the unfortunate system administrator. Clearly, DHCP is one of the “I’m sure glad someone thought of that!” protocols would be hard to imagine life without.

For those of us who don’t think many hours worth of data entry is fun, we turn to DHCP- or Dynamic Host Configuration protocol.

What is DHCP?

Dynamic Host Configuration Protocol was developed to automate the assignment of IP addresses, subnet masks, gateways, and other IP parameters. It allows for much capability- both with the administrator and end-user. It saves the administrator the trouble of modifying IP information every time an implementation or upgrade is conducted. End-users appreciate it since it allows for quick and simple connections to a network- often without any configuration needed.

DHCP was created by the Internet Engineering Task Force (IETF) and became a standard in 1993, where it succeeded the BOOTP protocol. DCHP is actually based on the BOOTP protocol, which can be seen as a simpler and less complex solution to DHCP. The transition was needed since BOOTP was not designed to provide dynamic address assignment. Instead, administrators tediously maintained configuration files for each host on the network. Instead of a multitude of configuration files, a dynamic alternative was created with DHCP.

How Does DHCP Work?

DHCP works within four steps: DHCP discovery, DHCP offers, DCHP requests, and DHCP acknowledgement.

DHCP Discovery

When a computer is connected to a DHCP-enabled network, it will send out a broadcast. This broadcast, known as DHCPDISCOVER, will be sent out in hopes of finding the DHCP server. Optionally, the client will request that the last known IP information the client used on the network be used. (Based on the settings of the DHCP server, this request may be fulfilled or denied.)

DHCP Offers

The DHCP will then receive a lease request from the client. This lease determines how long the client can expect to use the IP information it will obtain from the server. A DHCP message referred to as DHCPOFFER is sent back from the server to the client. This message contains the lease duration, IP address, subnet mask, the client’s MAC address, and the IP address of the DHCP server that issued the message.

DCHP Requests

Upon a successful transaction of information, the client must then tell the DHCP server that the information was indeed received and accepted. A broadcast is initiated with the DHCP server’s IP address. This will tell other possible DHCP servers that they shouldn’t issue IP information to the client, since the client already obtained the necessary information. This will help free up IP addresses for other computers, as only one lease can be obtained per network interface card.

DHCP Acknowledgement

DHCP acknowledgement is the final phase in the information exchange between server and client. In this phase the server obtains the DHCPREQUEST message from the client, and sends back a DHCPACK message. This packet of information includes the lease duration, as well as any configuration information the client may have requested. At this point the process is complete, and the client will configure its IP information accordingly.

Common DHCP Leases

As you’ll recall, the lease is the length of time the client can expect to hold the information obtained by the DHCP server. To fully grasp the need for leases in DHCP configuration, we need to know the significance of the network it is installed on. Leases are commonly set to anywhere from 15 minutes to several months- so what’s the ideal lease time?

---

• 15 Minutes – You may use a lease time of 15 minutes when there are more clients than there are IP addresses. This will ensure that every client on the network will have the capability to access network resources, even though there may not be enough IP addresses present. This may be a good choice for a popular wireless access point, for example. Keep in mind this will lower network performance as a result of an increase in DCHP messages.
• 24 Hours – The default setting on many DHCP servers. This will renew IP information for devices every 12 hours, since we have a 24 hour lease time. (Renew time is 50% of the lease time. If the renewal fails for some reason, it will try again in 6 hours, in our example.) A 24 hour lease time will allow new users to connect to a network on a daily basis- good for both home and work applications.
• 1 Week – This timeframe will allow networks that seldom change to still operate. If a change in network structure does indeed occur, clients will need the changes to propagate throughout the network to function properly. This allows for a certain level of flexibility, but also ensures that the(normally) conservative network isn’t congested with DHCP traffic.
• 4 Months – This lease is more for stable networks that are unlikely to change. In particular they are best suited for educational networks that allow a summer break. Obviously, computers will be unlikely to be used for a period of around 3 months while summer being observed. This will allow networks to keep IP information despite the long inactivity.
• 1 Year – If a user hasn’t used an IP address in 6 months, the user is most likely not coming back. This is good for networks that have a large amount of IP addresses to administer to a wide range of clients. If a user hasn’t come back in 6 months, we can recover the IP information for future use. Obviously, the priority here isn’t for clients- but rather simple housekeeping.
• Infinite – It is highly recommended that lease times not be set as infinite. This will effectively create a set in stone network. If a laptop user happens to request an IP address and never comes back, that IP address is lost for all of infinity. It should be noted that some devices don’t support the infinite lease setting- which may result in server crashes and other related problems.

---

Closing Comments

DHCP is a very commonly used protocol. If you’ve ever looked at a computer’s IP settings and seen the option “Obtain an IP address automatically,” you can be sure DHCP is hard at work. This is the very same hard work that would’ve been given to the unfortunate system administrator. Clearly, DHCP is one of the “I’m sure glad someone thought of that!” protocols would be hard to imagine life without.

How a Smurf Attack Works

Smurf attacks are a type of denial of service attack, in which the Internet Control Message Protocol (ICMP) and broadcasts are being exploited. Normal ICMP requests (commonly referred to as pings) are used to verify network connectivity. But since they require a response from the target machine, they can maliciously be used to consume network resources if many are sent at once.

Broadcasts come into the equation, however, since they give capability to send requests to every computer on a network. Obviously if a broadcast were to be sent multiple times, the traffic would slow down the network. Imagine 100 computers sending back an ICMP request at the same time- network performance would take a huge dip.

It should be noted that smurf attacks work via an attacker spoofing the IP address of the broadcast. The IP address is actually the IP address of the victim the attacker chooses. When every computer on the network responds to the ICMP request, all of these requests go to the computer the attacker borrowed the IP address from. In this instance, the network only acts as an amplifier to the attack, not necessarily the victim.

Unfortunately, smurf attacks leave little room for victims to recover from an attack. Instead, the attack must be staved off at the network level via filtering. We can do this specifically through the no ip directed-broadcast command in Cisco routers.

No IP Directed-Broadcast

An IP Directed-Broadcast is simply an IP packet, of which has a destination address of a particular IP subnet. The broadcast in this instance is sent from a different network, as one could probably guess from the command name. (The broadcast is being directed via IP, not a unicast address.)

Keep in mind that if you are running a Cisco IOS version 12.0 or above, you do not need to follow these steps. No IP Directed-Broadcast was enabled by default after IOS 12.0. It is strongly recommended that No IP Directed-Broadcast be enabled if your IOS version is below 12.0. If you aren’t sure which version you have, simply type in the following commands from user exec mode:

As you can tell in the above example, the version number is higher than 12.0. In this instance, we would not need to take further action. If the number happens to be below 12.0, then you will need to apply the No IP Directed-Broadcast command. First, you should find out the naming convention for your router’s interfaces, as show below.

Now that we know our interface naming convention, FastEthernet 0/0, we can modify it. You may wish to write this down, since this will be what you will always refer to your interfaces to from now on. You may now proceed to apply the command to the interface, as seen below.

Note that we only applied this to a single interface (FastEthernet 0/0).It should be applied to all interfaces for maximum protection.

Closing Comments

Very few IP applications will make use of the IP directed broadcast, so it is almost always perfectly fine to leave it off. You can, however, configure access lists to permit or deny IP Directed-Broadcasts. This is usually only feasible with smaller networks, since access lists can be quite tedious to maintain on all but the smallest networks.

All you need to get started is a Cisco router with a console port, a rollover cable, and console port on the PC being used to program the router. Note that you’ll most likely need an RJ-45 to DB-9 adapter if your PC’s console port won’t fit an Ethernet cable.

Connecting to the Cisco Internetwork Operating System (IOS)

The Cisco Internetwork Operating System, referred to as the IOS, is the operating system of the router. It is a proprietary kernel that performs the routing, switching, internetworking, and other telecommunication features.

Keep in mind that there are many different Cisco routers that have been developed. With each release, there are updates to how the router functions and accepts commands. You should note that some commands will differ from router model to router model- but we’ll get more into this later. The differences aren’t too great, so there shouldn’t be too many troubles with this aspect.

Actually connecting to the IOS via our desktop requires special software. What we will use in these examples is HyperTerminal. It is very likely you already have it. Windows users, for instance, will find it in their Accessories folder under the Start Menu. (From there it may be listed under a communications folder.) Note that Windows Vista users did not get blessed with HyperTerminal, and so thus it must be downloaded (for free) here.

Start up HyperTerminal, and enter any connection name in the window that appears, then press OK.

Now in the resulting screen, make sure the COM port is selected next to the “Connect Using:” label. Press OK to go to the next screen. Also make sure all checkboxes are unchecked.

Now when you press OK, you will be presented with a new dialog. Be sure that you click “Restore defaults” or else the wrong configuration may be loaded. The final result in each textbox should mimic the textboxes in the following screenshot.

Now press OK. Now to show the power-on self test, or POST, power your router off and power it back on- if the screen begins cluttered with information, you’ll know everything was a success. If nothing happens, check to see if your physical configuration is right. (A rollover cable from your PC console port to the router console port- which may require a RJ-45 to DB-9 adapter.) Also check to see if you followed the HyperTerminal instructions correctly. Lastly, make sure you powered your router off and back on correctly.

What you should be seeing is the power-on self test, or POST. This is a set of tests and checks to make sure your router is configured correctly and is running without problem. It can be a few minutes before it is complete, so have patience.

Note that if you are asked to enter a setup configuration, type NO and press RETURN. Eventually you will see a “Press RETURN to get started!” prompt. Simply press enter and you’re done- you have successfully connected to a router via the console port. Now the fun part begins: configuring the router!

In the next section we will take a look at some basic router configuration commands. We will be creating passwords, modifying running configuration settings, and starting an introduction into the wonderful world or router configuration.