CCNA Revision.pdf

7/28/2019 CCNA Revision.pdf

http://slidepdf.com/reader/full/ccna-revisionpdf 1/34

CCNA Revision Notes – By C. T. Amos

Page 1

BASICS

OSI Protocols Devices 7 – Application FTP, Telnet, etc

6 – Presentation HTML

5 – Session4 – Transport TCP, UDP

3 – Network IP, IPv6, Router

2 – Data Link PPP, Frame-Relay, etc NICs, Switch1 - Physical Repeater, Hub

802.11 – Wireless

802.5 – Token Ring

802.ab – 1G Ethernet (1000 BASE-SX), uses CSMA/CD

802.3z – 1G Ethernet (1000 BASE-T), uses CSMA,CD

802.3u – 100MB Ethernet (100 BASE-TX)

802.3ae – 10G Ethernet, approved in 2002.

RSTP =802.1w

STP =802.1d

Private IP Addresses:10.0.0.0 10.255.255.255172.16.0.0 172.31.255.255192.168.0.0 192.168.255.255

Common Protocol Ports:RIP – UDP 521

SSh - 22

FTP – 20 & 21 on TCP

DNS – 53 on both TCP & UDP

TFTP - 69

Telnet – 23

SMTP – 25

POP3 – 110




Page 2

Password Recovery Boot Process Default Sequence forLoading an OS

Default Sequence forLoading the

Configuration File. Ø Reboot Router

Ø CTRL +Break– To interruptboot process.

Ø confreg0x2142

Ø reset

Ø POST

Ø Locate IOSusingbootstrap.

Ø Load IOS

Ø LoadConfigurationfile intorunningconfig.

Ø Flash

Ø TFTP Server

Ø ROM (miniIOS orBootloader orRXBoot)

Ø NVRAM

Ø TFTP Server

Ø Setup Dialog

Runt – A packet size smaller than the medium’s minimum packet size. Usually anything lessthan 64kb. Can be caused by collisions, faulty NICs, duplex mismatch, and 802.1q & ISLmismatch.

Troubleshooting Steps:1. Ping loopback/diagnostics IP address – 127.0.0.1

2. Ping local PC IP address – Shows TCP/IP stack is properly installed.

3. Ping Default Gateway

4. Ping remote server.




Page 3

CISCO IOS

Router ModesØ User exec mode – Router>

Ø Privileged exec mode – Router#

Ø Global Configuration mode – Router(config)#

Ø Specific Configuration mode – e.g. Router(config-if)#

Ø Setup mode – Would you like to enter the initial configuration dialog? [yes,no]:

Banner TypesØ MOTD Banner

Ø Login Banner

Ø Prompt time-out Banner

Line Configurations:Auxiliary, Console, Telnet

line con 0password amosloginexec-timeout 0– prevents the console from timing outlogging synchronous– stops annoying console messages from popping up and disrupting theconfigs you’re trying to type

terminal monitor – Allows you 2view the debug output of or router you are telnetted into.

Secure Shell (SSh) – Alternative to Telnet. Sends encrypted keys.config tusername amos password ccnahostname ciscoip domain-name amos.comcrypto key generate rsa general-keys modulus 1024 – (Can be from 360 to 2048. RSA is anencryption algorithm).ip ssh time-out 60– Makes the ssh connection timeout after 60 secs of being idle.ip ssh authentication-retries 2– Allow on 2 incorrect password entry attemptsline vty 0 15transport input ssh– This restricts telnet access to ssh onlylogin local – Causes a prompt for a username and password in the local database.




Page 4

Router Name and Password

hostname ciscoenable password/secret amosservice password-encryption– encrypts passwords entered b4 & after this command.

Pipesh run | begin interface–Means show the running config beginning with info on interfaces.sh ip route | include 192.168.3.32– Find this IP in the routing tablesh run | redirect– Can be used to redirect output to a URL.

Setting DCE Clock Rate:int s0/0/1

clock rate 64000do sh controllers

Bandwidth / Port speedInt f0/1Speed 100 – limit port operation to 100Mbps

Copying and Erasingcopy run startor copy stat runcopy run tftp 10.1.1.1copy start tftp 10.1.1.1

copy tftp runor copy tftp startsh runor sh starterase start

Other Commandsping 10.1.1.1 – or, for an Extended PING just typeping followed by the return key and you candetermine the following PING variables:

a. Datagram size, b. Timeout value, c. Protocol, d. Source IP address

e. traceroute 10.1.1.1

telnet 10.1.1.1(or just10.1.1.1– automatically understood 2b a telnet command).a. sh sessions – Allows you to see all the multiple telnet connections open b. ctrl + shift + 6… + x.- Returns to current router c. resume 2, or 3 etc– Resumes connection to one of open sessions.d. Disconnect 2, or 3etc

sh processes– This command shows CPU utilization to determine if the device will be able tohandle the debug command for instance.




Page 5

sh ip intsh ip int brsh protocols

Configuration Register: (0x2102 =Default)config-register 0x2142 - means ignore NVRAM contents and is used 4password recovery.reload

Backing up and Restoring the IOScopy flash tftpcopy tftp flash

CDP – Cisco Discovery Protocol

sh cdp neighborsh cdp nei detailint f0/1

cdp enableno cdp run

Resolving Hostnames Manually:ip host router2 10.1.1.1

Resolving Hostnames Dynamically:ip domain-lookup

ip name-server 10.1.1.2– The DNS Server.ip domain-name amos.com

Static Routing

Default Routing (for Stub Networks)Ip route 0.0.0.0 0.0.0.0 192.168.0.10(next hop or exit interface, s0/0/1 etc)

Ip classless

Gateway of Last Resort:ip route 0.0.0.0 0.0.0.0 196.24.31.8 public ip add of Gateway connected to ISP

Or

ip route 0.0.0.0 0.0.0.0 s0/0/0

Or

ip default-network 196.24.31.0




Page 6

Routing Protocols:

Route Source AdministrativeDistance

Connected Interface 0Static Route 1

EIGRP 90IGRP 100OSPF 110RIP 120

External EIGRP 170

Unknown 255 – never used

Ø Distance Vector Routing Protocols– RIP & IGRP (Send & receive routing info to

directly connected routers periodically).

Ø Link state– OSPF & IS-IS. (Send and receive routing info 2 all routers in the

Autonomous System (AS), have 3 tables in the routing table.)

Ø Hybrid– EIGRP

Solutions to Routing Loops (Counting 2Infinity)1. Maximum hop count, e.g. not more than 15 for RIP.

2. Split horizon – A router cannot advertise a path back 2the router from which it received

that data.

3. Route Poisoning – A router continues 2advertize an unavailable network but will assign

2it a metric hop count of 16 (unreachable).

4. Hold down – Prevents updates from happening too quickly when an unavailable route

comes up again or vice versa coz this slows down the network. Useful in wireless

networks.

RIP Timers1. Route update timer – Self explanatory and occurs every 30s.

2. Route invalid Timer – a router waits 180s b4 specifying a route as invalid.




Page 7

3. Hold down timer – 180s

4. Route flush Timer – 240s. The time between a route becoming invalid & the time it is

removed from the routing table.

RIPv2 uses multicast 224.0.0.9

IGRP

1. Maximum hop count of 255 (100 by default).

2. Uses a composite metric of bandwidth and delay by default but can also use MTU,

reliability & load.

3. Updates every 90secs.

EIGRP

Uses multicast 224.0.0.10.

All routing protocols are able to provide Load Balancing for equal cost paths. But only IGRP &EIGRP can load balance unequal cost paths (using thevariancecommand).

1. Fastest convergence time of all the routing protocols.

2. Uses bandwidth and delay (cumulative line delay) as metric. Can also use load,

reliability, & MTU size.

3. Supports VLSM (Variable Length Subnet Masks) & CIDR (Cisco Inter Domain

Routing.)

4. Supports discontiguous networks – using theno auto-summarycommand.

5. Supports IPv6 using Protocol-Dependent Modules (PDMs).

6. Classless

7. Efficient neighbor discovery – Uses Hellos & Acknowledgements.




Page 8

8. Communication via RTP (Reliable Transport Protocol)

9.

Best path selection using DUAL (Diffusing Update Algorythm)

Features:Ø Feasible Distance– Best path/metric to a destination.

Ø Neighbor Table– Each PDM has its neighbor table.

Ø Topology Table

Ø Feasible Successor – Backup route stored in the Topology table. EIGRP has 6 feasible

successors by default.

Ø Successor – Best route. Stored in the Routing table and backed up by the feasible

successor.

EIGRP is able to redistribute manually and automatically.

EIGRP Tables:

Neighborship Table Topology Table

Routing Table

Configuration Examples:router eigrp 10

passive-interface s0/0/1 – preventing EIGRP from sending routing info out particular interfaces.

no auto summary – required for discontiguous networks. Also necessary so the specific networks

can be advertized, not just the 172.16.0.0/16 summary.

Redistribution: So EIGRP and another routing protocol such as RIP can communicate.




Page 9

Changing bandwidth & Delay for EIGRP:router eigrp 10

bandwidth 128560

delay 300000

EIGRP Commands.sh ip route eigrp

sh ip eigrp topology

debug eigrp pockets

debug ip notification– Only has data if there is a problem with the network

sh ip eigrp neiH Address Interface Hold Uptime SRTT RTO Q Seq

I 10.1.1.2 S0/0/1 14 00:14:10 1 200 0 81




Page

10

OSPF – (Open Standard)

Uses multicast address 224.0.0.5 and sends data via Hello packets and LSAs.

Supports Authentication.

Max OSPF priority =255

Default OSPF priority =1

Least OSPF priority =0

1. Uses the Dijkstra algorithm

2. Open standards

3. Fast convergence

4. Supports VLSM / CIDR

5. Uses Automomous Systems & Areas

6. Allows scalability

7. Unlimited hop count

8. Multicast route propagation on change

Features:

Ø ASBR – Autonomous System Border Router - Connects 1 OSPF AS to another.

Ø ABR – Area Border Router – Connects a router to a backbone router or Area 0.

Ø Link – A router interface.

Ø Router ID (RID) – Highest IP address of all interfaces on a router, or the highest

loopback IP add if the router has one.

Ø Designated Router (DR) – The router elected to receive and disseminate routing info to

other routers on a network.




Page

11

Ø BDR – Backup Designated Router.

Ø Broadcast / Multi-access Networks– e.g. Ethernet. The DR & BDR are elected onthese networks.

Ø Non-Broadcast Multi-access Networks (NBMA) – e.g. Frame Relay, X25, & ATM.

Also elect a DR and BDR.

Ø Point-to-Multipoint – No DR & BDR elected.

Ø Point-to-Point – Here 2 routers can be directly connected either physically or virtually

using Frame Relay circuits.

OSPF uses Wildcards.

OSPF uses the cost metric, & it’s accumulated over all the exit interfaces to a given destination.

10N =100Mbps =a Cost of 1.

10Mbps =a Cost of 10

64Kbps =1563

Process ID

OSPF commands:

network 10.0.0.0 0.0.255.255 area 2– This wild card means from 10.0.0.0 to 10.0.255.255

sh ip ospf – Gives the RID & Area number.

sh ip ospf database– shows the RIDs of all the routers in the AS.

sh ip ospf int f0/1– shows the IP add, RID, Process ID, Cost, Network type, DR/BDR.

sh ip ospf nei

sh ip protocolsdebug ip ospf packet

debug ip ospf hello

debug ip ospf adj




Page

12

DR & BDR Election Process:

Setting Loopback Addresses

Then reload router

The loopback add will be the RID but will not override therouter-idcommand:

router ospf 1

router-id 10.1.2.23

Setting Priority:int f0/1

ip ospf priority 2

Configuring Summary Routesrouter ospf 1

network 192.168.10.64 0.0.0.3 area 1

network 192.168.10.68 0.0.0.3 area 1

area 1 range 192.168.10.64 255.255.255.224

This will summarize all networks from Area 1 as one entry of 192.168.10.64/27.




Page

13

SWITCHING

Switching works through the use of ASIC (Application Specific Integrated Circuits).

Switch Characteristics1. Address Learning – When MAC addresses are learned, they’re placed in a MAC

Forward/Filter Table.

2. Forward Filter

3. Loop Avoidance

Features:

Ø STP – Uses the Spanning Tree Algorithm (STA)

Ø Root Bridge– The Bridge/Switch with the lowest Bridge ID

Ø Bridge ID – Combination of MAC add plus priority

Ø Non-Root Bridge

Ø BPDU – Bridge Protocol Data Units. Messages sent to & from each switch containing

STP info.

Ø Root Port – The port directly connected to the root bridge.

Ø Designated Port – Forwarding port. Has lowest cost on a switch.

Ø Blocked Port – Will not forward frames but will listen. Used 2prevent loops.

Spanning Tree States:Ø Blocking – Prevents loops. Listens for BPDUs.

Ø Listening – Prepares to forward frames, listens for BPDUs.

Ø Learning – Populates the MAC Add Table

Ø Forwarding – Forwards frames if it’s a root port, learns MAC addresses.




Page

14

Ø Disabled – Does not participate in STP but receives BPDUs.

Forward Delay – Period of time from listening state to learning state, 15s by default.

Switch Configuration Commands:sh mac-address table

sh port-security int f0/1

ip default gateway 10.1.1.1 – Assigns a default gateway to a switch in order to access the switch

remotely.

spanning-tree vlan 1 priority 4096

int range fastethernet 0/1 – 12

Security

sp portfast

sp bpdu guard enable– Guards against creating loops if a switch is connected to this port.

sp bpdu filter enable– Prevents port from receiving BPDU packets.

sp portfast default– Enables portfast on all access ports.

Rapid Spanning Tree Protocol (RSTP)spanning-tree mode rapid-pvst

STP standard =802.1w

RSTP std =802.1d

EtherChannel:Ø For bundling multiple links into 1.

Ø The multiple connections to devices can be used simultaneously, thus increasing

bandwidth.




Page

15

Ø Redundancy is still present.

int port-channel 1

int range f0/1 – 2

switchport mode trunk– Creates a trunk port used between switches.

switchport nonegotiate– Prevents switches from auto detecting the type of link.

channel-group 1 mode desirable

Static Mac Addressconfig t

mac-address-table static aaaa.bbbb.cccc vlan 1 int f0/1

How to make a Switch the Root Bridge:1. Reduce priority

2. spanning-tree vlan 1 root primary

Ø Works only if all switches have same priority.

Ø Will have 2b configured for the Vlan.

VLANS

A Vlan is a logical segmentation of a network. It is a broadcast domain and a router is therefore

required for inter Vlan communication.

Features:

Ø Static Vlans– Self explanatory

Ø Dynamic Vlans– This requires a database of MAC & IP addresses and info about whichVlan they belong to. Requires VMPS to function.

Ø VMPS – VLAN Management Policy Server. Maps MAC addresses to Vlans.

Ø Access Port – Belongs one particular Vlan and does not look at source addresses.

Ø Trunk Port

a. Belongs to all Vlans and carries Vlan info.

b. Can use DTP (Dynamic Trunking Port) for negotiation of port mode.




Page

16

c. Vlan traffic is multiplexed over a trunk port.

Ø Frame Tagging– A frame is tagged with info about the Vlan it’s destined to.

Ø PVID – Default Port Vlan ID. Identifier that passes through native Vlan or Vlan 1, on the

trunk port.

VLAN Identification Methods:1. ISL – Inter-Switch Link. Cisco proprietary protocol used for fast gigabit Ethernet only.

2. IEEE 802.1q – International standard. Adds a header to the frame with Vlan info.

3. VTP

a. Vlan Trunking Protocol

b. Offers Vlan trunking over mixed networks e.g. Ethernet & ATM, etc.

c. Dynamically reports additions of extra Vlans.

d. Learns normal range Vlans (1-1005) but no Extended Vlans (1006 - 4094).

VTP ModesØ VTP Server – Creates, edits, and deletes VTP database info. Save database in NVRAM.

Ø VTP Client – Updates and forwards updates but does not save them.

Ø VTP Transparent Mode – No new Vlan updates are saved. Forwards updates but does

not look at them or save them in its database.

vtp mode server

vtp domain amos

vtp password cisco

VTP Pruning– Means Vlan X broadcast is not sent to switch without Vlan X on it. Vlans 1 to1001 can be pruned:

int f0/1

switchport trunk pruning vlan 3 – 4 This command configured on one switch will

Do sh int trunk automatically b enabled on the entire network.




Page

17

Assigning Vlans Assiging Ports Trunking

conf t

vlan 2name marketingdo sh vlan

int f0/1

switchport mode accessswitchport access vlan 3

int f0/1

switchport trunkencapsulation dot1q(or isl) switchport mode trunk

Blocking & Allowing certain Vlans on a trunk Portint f0/1

switchport trunk allowed remove vlan 4 – 12

no switchport trunk allowed vlan – Allows all Vlans.

To change Native VLAN from VLAN 1 (for security purposes)switchport trunk native vlan 3

Creating Sub Interfaces & Assigning Subnets to a Router

VLAN3

VLAN2

On the Switch: On the Router:

Int f0/1Switchport mode trunkSwitchport trunk encapsulation dot1q

int f0/1.2encapsulation dot1q 2ip add 10.1.1.1 255.255.255.0

int f0/1.3encapsulation dot1q 3ip add 10.1.2.1 255.255.255.0




Page

18

SECURITY:

a. Cisco IOS Firewall

b. Access Lists (ACLs)

c. NAT

A ) Features of the Cisco IOS Firewall

1. Intrusion Detection – References 102 intrusion detection signatures.

2.

Firewall Voice Traversal – Support SIP (Session Initiation Protocol).

3. ICMP – Filtering ping & traceroute packets etc.

4. Authentication Proxy – Requires authentication from users b4 granting them access to

network resources. Profiles are kept on a RADIUS or TACACS Server.

5. DoS – Detection and prevention of Denial of Service attacks.

6. Stateful IOS Firewall Inspection Engine – Gives users access only to a particular

application. Also called CBAC (Context Based Access Control).

B ) Traffic Filtering Techniques:

Ø Time based Access Lists.

Ø Peer router authentication.

Ø Policy based multi-interface support.

Standard Access Lists – Only make decisions based on source IP add.

Extended Access Lists – Evaluates many other fields in layer 3 & 4 headers.

There is an implicit deny at the end of every access list.

Access List Rules:Ø Rule 1– Place IP std access lists as close to the destination as possible

Ø Rule 2– Place Extended ACLs as close 2the source as possible.




Page

19

Ø Rule 3– One ACL per interface pr protocol per direction

Rules For Regulating ACLs For Traffic From The Internet To The LANØ Rule 1 - Deny entry from any addresses from the internal network

Ø Rule 2 - Deny any local host addresses (127.0.0.0/8)

Ø Rule 3 – Deny any reserved private addresses

Ø Rule 4 – Deny any multicast IP add range (224.0.0.0/4)

ACL Numbers :Ø 0 -99 =Standard

Ø 100 – 199 =Extended

Ø 1300 – 1999 =Expanded std

Ø 2000 – 2699 =Expanded extended

Configuration Examples:access-list 10 deny any – similar toaccess-list 10 deny 0.0.0.0 255.255.255.255

access-list 10 deny 10.1.1.1 – Denies a single IP address

access-list 10 deny 10.1.1.0 0.0.3.255 – Using wildcards

access-list 10 permit any – Required because of the implicit deny.

int f0/1

ip access group 10 out

sh access-list 10

sh ip access-list

sh ip int

Extended ACLs




Page

20

Limiting Telnet AccessAccess-list 10 permit 10.0.0.1

Access-list 10 permit 10.0.1.1Line vty 0 5

Access-class 10 in

If port 23 or telnet traffic is blocked with an extended ACL from host A to network X, all telnet

traffic from network X to host A will automatically be blocked as well.

Advanced ACLs:Ø Named ACLs

Ø Switch Port ACLs

Ø Time-Based ACLs

Named ACLs:conf t

ip access-list standard BlockFinance

deny 10.0.0.8 0.0.0.7

permit any

exitint f0/1

ip access-group BlockFinance out

Switch Port ACL s:

deny any host aaaa.bbbb.cccc

permit any any

exit

int f0.1mac access-group Amos_List in

do sh mac access-group

Time-Based ACLs:conf t

time-range no-http

periodic weekend 06:00 to 12:00

exit




Page

21

time-range tcp-yes

periodic weekend 06:00 to 12:00

exitip access-list extended time

deny tcp any any eq www time-range no-http

permit tcp any any time-range tcp-yes

int f0/1

ip access-group time in

do sh time range

Remark:ip access-list extended no_telnet

remark deny all of sales from telnetting to marketingdeny tcp 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255 eq 23

permit any any

NAT

Static NAT

Dynamic NAT

Overloading (PAT)

NAT IP Addresses:Inside local

Outside Local

Inside Global

Outside Global

sh ip nat translation

debug ip nat

netwmask 255.255.255.0 = prefix-length 24

Static Nat Configurationip nat inside source static 10.0.0.1 176.0.0.1

int f0/1

ip nat inside

int s0/0/1

ip nat outside




Page

22

Removing NAT from a routerclear ip nat translation * - This command removes only dynamic entries.

ip nat translation max-entries– Limits the number of IP adds that will be mapped onto 1 global

IP add.

Dynamic NAT:ip nat pool amos 176.0.0.2 176.0.0.254 netmask 255.255.255.0

ip nat inside source list 1 pool amos

int f0/1

ip add 10.0.0.1 255.255.255.0

ip nat inside

int s0/0/1

ip add 176.0.0.1 255.255.255.0

ip nat outside

access-list 1 permit 10.0.0.0 0.0.0.255

PAT (NAT Overload) - Mapping of multiple IP adds to a single IP add using different

ports.

ip nat pool amos 176.0.0.1 176.0.0.1 netmask 255.255.255.0

ip nat inside source list 1 pool amos overload

int f0/1

ip nat inside

int s0/0/1

ip add176.0.0.1 255.255.255.0

ip nat outside

access-list 1 permit 10.0.0.0 0.0.0.255




Page

23

WIRELESS

802.11 – Wireless Standard

1 ) 802.11bØ 2.4GHz,

Ø DSSS (Direct Sequence Spread Spectrum).

Ø 3 non overlapping channels,

Ø About 25 users per cell,

Ø Up 350 feet (105m) at 1Mbps & 11Mbps at 150 feet (45m),

2 ) 802.11gØ 2.4GHz

Ø DSSS & OFDM (Orthogonal Frequency Division Multiplexing)

Ø 3 non overlapping channels

Ø About 20 users per cell

Ø Up to 300 feet at 6 Mbps

3) 802.11a(h)Ø Tech has lower market penetration

Ø 5GHz

Ø OFDM

Ø 802.11h has up to 23 non overlapping channels & 802.11a has 12..

Ø 15 users per cell

Ø Up to 200 feet at 6Mbps

802.11h Features:Ø TPC (Transmit Power Control) – Alters power watts to change cell range and has been

used by Cellular companies for some time.

Ø DFS (Dynamic Frequency Selection) – Avoids radar in order to eliminate interferencecoz radar uses the 2.4GHz range as well, & so does Bluetooth & Microwaves.

4 ) 802.11nØ Latest Wireless technology

Ø 2.4GHz & 5GHz

Ø MIMO (Multiple Input Multiple Output) – Uses 4 antennas, 2 for receiving and 2 for

sending. Can also have up to 8 antennas.

Ø Up to 250Mbps maximum link speed.




Page

24

Features:

Ø Ø ESS (Extended Service Set) – Has 2 or more BSS with the same SSID.

o The AP has its own BSSID, usually it’s MAC address.

Ø SSID – Service Set ID

Ø BSID – Basis Service Set ID

Ø IBSS (Independent Basic Service Set) – An ad hoc connection mode that allows

computers to connect directly to each other without the use of an Access Point. Usually

for SOHOs.

Ø Infrastructure Mode(Either BSS or ESS) – Requires at least 1 access mode.

Ø BSA (Basic Service Area) – Contains 1 cell & 1 Access Point.

Ø ESA (Extended Service Area)– Has more than 1 cell & each cell has a different

channel.

o It should have at least 10-15% overlap & 15-50% for Voice.

Wireless Security:

Ø WFP – Wireless Encryption Protocol or Wired Equivalent Privacy. Uses the RC4

encryption algorithm.

Ø WPA – Wi-Fi Protection Access. Uses a 128 bit key.

o WPA Enterprise – Uses a Radius Servero WPA Personal – Also known as WPA-PSK ()Pre Shared Key. Does not use a

server.

Ø WPA2– Uses AES-CCMP encryption.

Cisco Unified Wireless Solution:Requires APs & a Cisco WLAN Controller in order 2function. The APs here all have 2 be in the

same SSID.




Page

25

IPv6

Ø Has 4 times more possible IP addresses

Ø 128 bits long – 64 bits for the add, 16 for the Subnet mask, & 48 for the global prefix.

Ø No Broadcasts.

Ø Anycast – Multiple computers with the same IP add,when an anycast packet is sent it will

be delivered to the closest computer.

Mixed IPv4 & IPv6 Network – 0:0:0:0:0:0:192.168.0.1

Auto Configuration: A device assigns itself a globally or locally unique IP add by 1st looking at

the router and then converting its own MAC add. For example:

Router MAC add – 0060.d673.1987

Append with FFFE

conf t

ipv6 unicast-routing– Enables IPv6int f0/1

ipv6 add 2001:db8:3c4d:1::/64 eui-64 - This allows the router to use its MAC add & pad it

2mak the interface ID.

DHCPv6IPv6 dhcp pool cisco

Domain-name amos.com

Int f0/1

Ipv6 dhcp server cisco

ARP is now ICMPv6 neighbor discovery.




Page

26

Routing Protocols

RIPripng

ipv6 router rip 1 - The 1 is the process ID or tag.

int f0/1

ipv6 router rip 1 enable - Now enabled in interface mode.

EIGRPv6ipv6 router eigrp 10

no shut

int f0/1ipv6 eigrp 10

OSPFv3ipv6 router ospf 1

router-id 1.1.1.1 – Every router has 2b assigned a router id.

int f0/1

ipv6 ospf 1 area 0

Migration StrategiesØ Dual Stacking – Uses both IPv4 & IPv6

Ø 6 to 4 Tunneling – Traversing through an IPv4 Network

Ø NAT-PT (Protocol Translation)

A ) Dual Stackingipv6 unicast-routing

int f0/1

ipv6 add 2001:db8:3c4d:1::/64 eui-64

ip add 10.0.0.1 255.255.255.0

B ) 6 to 4 Tunneling

Router 1 (Has 2b a Dual Stack Router)

int tunnel 0

ipv6 add 2001:db8:1:1::1/64

tunnel source 10.0.0.1

tunnel destination 10.0.1.1

tunnel mode ipv6ip




Page

27

Router 2 (Has 2b a Dual Stack Router)

int tunnel 0ipv6 add 2001:db8:2:2::1/64

tunnel source 10.0.1.1

tunnel destination 10.0.0.1

tunnel mode ipv6ip

It is best to encapsulate these packets in UDP coz NAT on the IPv4 network will blast away the

tunnel info.

C ) NAT-PTInstead of local to global address translation, we have IPv4 to IPv6, IPv6 t0 IPv4, etc.

Uses Static NAT, Dynamic NAT, & NAPT-PT.

NAPT-PT (Network Address Port Translation – Port Translation) – Maps multiple IPv6 adds to

1 IPv4 add.

Reserved IPv6 AddressesØ Loopback address - ::1

Ø Link local – This is like a private IPv4 add but can’t be routed even within theorganization.

Ø Unique local – Like the link local but can be routed within the organization but not the

internet.

Ø Multicast – All these adds begin with FF

Ø Unicast

Ø Global Unicast – Just like a normal routable public IPv4 address.




Page

28

WANs

Usually involves an SP (Service Provider).

WAN Terms:Ø CPE – Customer Premises Equipment. Owned by subscriber.

Ø Demarcation Point – Where the SPs equipment end a& the CPE begins, usually with a

CSU/DSU.

Ø Local Loop – This connects the demarcation point 2the closest switching office called

the CO (Central Office).

Ø CO – Connects the customers network to the provider’s switching network. Also called

POP (Point of Presence).

Ø Toll Network – Trunk line or collection of switches & facilities owned by the ISP.

WAN Connection Types:

1. Leased line – Point to Point Synchronous serial dedication lines. Fast & up to 45Mbps.Uses HDLC & PPP.

2. Circuit Switched – ISDN & Dial Up. Asynchronous & uses a Bri Interface.

3. Packet Switched – Synchronous. Allows many companies to share bandwicth cost. Uses

Frame Relay & X.25.

ISDN – Intergrated Services Digital Network

HDLC – High-Level Data Link Control. Has no protocol info in the header & therefore is

proprietary. Also has no authentication.

PPP – Can run on synchronous (e.g. ISDN) & Asynchronous (e.g. Dial Up) links. Has protocol

info in the header. Allows:

Ø Authentication

Ø Compression

Ø Call back

Ø Error detection

Ø Multilink support




Page

29

PPPoE – a PPP frame encapsulated in an Ethernet frame. Has lower MTU size than Ethernet &

if firewall is not properly configured this can cause a great deal of problems.

PPPoA – PPP over ATM

CABLE – Also be called HFC (Hybrid Fibre-Coaxial)

DSL – Digital Subscriber Line. Deployed at the last mile or local loop, between the CPE &

DSLAM (DSL Access Multiplexer) which has connections to other clients as well. ADSL uses

ATM.

MPLS – Multiprotocol Label Switching. Imposes labels to packets & makes forwarding packetsfaster through the service provider’s network since there’s no routing decisions made based on

the IP adds. MPLS is WAN tech that operates at layer 3 & therefore has more capabilities than

other WAN technologies, e.g. it can assign different priority levels to packets from SP clients.

ATM – Uses cells instead of packets. An ATM Switch is called a DSLAM.

Types of ConnectorsØ V.35 – Used to connect to a CSU/DSU

Ø EIA/TIA 332

Ø EIA/TIA 449

Ø EIA – 530

PPP

Ø Uses LCP (Link Control Protocol) to establish sessions, & NCP (Network Control

Protocol) for multiple layer 3 protocols.

Ø LCP does authentication using PAP or CHAP.

Ø Allows callback but both the client & remote router have 2b configured for it 1

st

.

PAP – Password Authentication Protocol. Authenticates only once, when the session is created,

& the password is sent in clear text.

CHAP – Challenge Handshake Authentication Protocol. More secure, checks periodically that

the devices communicating are the correct ones.

int s0/0/1

encapsulation ppp




Page

30

ppp authentication chap pap– PAP will act as backup

exit

hostname router1username router2 password amos– username has 2b the hostname of the other communication

router / device.

PPPoE

int f0/1

pppoe enable group global

pppoe-client dial-pool-number 1

int dialer 0

ip add negotiated – Logical interface

ip add negotiatied – Instruction to use DHCP

ip mtu 1452

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname amos

pp chap password cisco

Frame Relay

Access Rate– The max speed of the link. Can be 1.54Mbps.

CIR – Committed information rate. Max speed the SP will allow a client. Can be 256Kbps.

The default encapsulation for Frame Relay is Cisco and this can be changed as follows:

int s0/0/1




Page

31

encapsulation frame-relay ietf - Internet Engineering Task Force encapsulation.

encapsulation frame-relay - Uses the default cisco encapsulation.

PVC – Permanent Virtual Circuit

SVC – Switched Virtual Circuit

Router B Configuration

PVC SVC

int s0/0/1encapsulation frame-relay ietf frame-relay lmi-type ansiip add 10.0.0.1 255.255.255.0

int s0/0/1encapsulation frame-relay ietf frame-relay lmi-type ansiip add 10.0.0.1 255.255.255.0

Other Configuration examples:

RA RB & RCint s0/0/1encapsulation frame-relay ietf int s0/0/1.1 point-to-multipoint

Int s0/0/1.1 point-to-pointetc




Page

32

frame-relay lmi-type ansietc

no ip split-horizons - A prevents the router from advertising a Frame Relay route back 2the

router from which it received path data.

Ø Point-to-Point Subinterfaces – Each subinterface has a unique DLCI & subnet.

Ø Multipoint Subinterfaces – All the subinterfaces are in the same subnet but each has a

unique DLCI.

Ø DLCI – Data Link Connection Identifiers. Values used to identify specific virtual circuits

& route traffic to the correct destination.

Ø IARP (Inverse ARP) – Used to map DLCIs toIP addresses.

int s0/0/1

frame-relay interface-dlci 16

LMI (Link Management Interface)

Ø Auto detected on latest Cisco IOS versions

Ø LMI messages are sent on DLCI 0

A signaling standard that communicates PVC status between communication devices & has

Keep Alives, etc. Keep alives keep the PVCs up & ensure they don’t shut down due to

inactivity.

DE – Discard Eligibility.

This bit is set to 1 (on) when data exceeds the CIR & the network is congested.

FECN – Forward Explicit Congestion Notification

“Listen destination DTE, the route just traversed is congested.”

BECN – Backward Explicit Congestion Notification

“Listen source DTE, the network is congested.”

int s0/0/1

encapsulation frame-relay - Uses default of cisco not IETF.

int s0/0/1.2 point-to-point

frame-relay lmi-type ansi - Instead of Ansi, the default of cisco cld have been used.

frame-relay interface-dlci 101




Page

33

Subinterfaces make it possible to have multiple virtual circuits on a single serial interface. They

operate like separate physical interfaces.

sh frame-relay lmi

sh frame-relay pvc – Shows network congestion as well as all PVCs & DLCI numbers.

sh frame-relay map – This shows whether IARP is able to map a remote IP add 2 it’s DLCI #.

VPNs

Allow creation of private networks over the internet.

3 Types of VPNs:

Ø Remote Access VPNs

Ø Site to Site VPNs (Intranet)

Ø Extranet VPNs – For providing limited access to suppliers, partners, etc, e.g. connecting a

Bank to SAP.

The Difference between a VPN & Frame Relay is that frame relay traffic traverses a private

network (the service provider’s network) & VPN traffic traverses a public network (Internet).

A VPN can also have higher bandwidth than Frame Relay or PPP connection coz it can make use

of any access to the internet e.g. 3G & DSL.

There are 2 ways to create a VPN:1. Using tunneling

2. Using IPsec 2create authentication & encryption services between endpoints.

VPN ProtocolsØ GRE (Generic Routing Encapsulation) - A Cisco proprietary protocol that can work

with non-IP traffic.

Ø PPPT (Point to Point Tunneling Protocol) – Microsoft proprietary

Ø L2TP (Layer 2 Tunneling Protocol) - Created by Microsoft & Cisco & combines the

capabilities of L2F (Layer 2 Forwarding) & PPTP.

Ø IPsec– Most secure. A suite of protocols & algorithms that allows for secure data

transmission. Functions on Layer 3 & works only with IP based networks.




IPsec has 2 primary security Protocols:1. AH (Authentication Header) – Guarantees authenticity but offers no encryption.

Includes the following:

2. ESP (Encapsulation Security Payload)

Ø Offers encryption ,

Ø Provides confidentiality through the use of 3Des encryption.

Ø Anti-replay service –This prevents somebody from intercepting a packet &

resending it to the intended destination later.

Ø Data Origin authentication & connection integrity

NBAR ( Network Based Application Recognition) - Enables you to classify certain

applications as mission critical, e.g. ERP & SQL, so they have a minimum bandwidth allotted to

them.

Documents

CCNA Revision.pdf