Cisco CCNA Cram Guide


Published on

Cool Free Cisco CCNA cram guide for the exam.

Published in: Technology
  • great
    Are you sure you want to  Yes  No
    Your message goes here
  • so thanXXX
    Are you sure you want to  Yes  No
    Your message goes here
  • A tad expensive to access howtonetworks stuff on ccna
    Other than this cram guide - you must join them by the month or membership more permanent I just need to quickly revise all ccna and this page does the trick thanks again for the heads up about
    Are you sure you want to  Yes  No
    Your message goes here
  • a great summary of the book.
    Are you sure you want to  Yes  No
    Your message goes here
  • It's a good guide and is really useful
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cisco CCNA Cram Guide

  1. 1. CCNA Cram Guide A Presentation by Faruk Mamaniat (mrlogic0) Based on Paul Browning’s “CCNA Cram Guide”
  2. 2. CCNA Cram Guide
  3. 3. 1. OSI Model
  4. 4. 7. Application Layer <ul><li>Provides Services to lower layers </li></ul><ul><li>Enables program to program communication </li></ul><ul><li>Determines if sufficient resources exist for communication </li></ul><ul><li>Examples: </li></ul><ul><ul><li>Email gateways (SMTP) </li></ul></ul><ul><ul><li>FTP </li></ul></ul><ul><ul><li>TFTP </li></ul></ul><ul><ul><li>SNMP </li></ul></ul>
  5. 5. 6. Presentation Layer <ul><li>Presents information to the Application layer. </li></ul><ul><li>Compression </li></ul><ul><li>Data conversion </li></ul><ul><li>Encryption </li></ul><ul><li>Standard formatting occurs here. </li></ul><ul><li>Contains data formats: </li></ul><ul><ul><li>JPEG </li></ul></ul><ul><ul><li>MPEG </li></ul></ul><ul><ul><li>MIDI </li></ul></ul><ul><ul><li>TIFF </li></ul></ul><ul><li>[Encapsulation = data] </li></ul>
  6. 6. 5. Session Layer <ul><li>Establishes and maintains communication ‘sessions’ between applications (dialogue control) </li></ul><ul><li>Sessions can be: </li></ul><ul><ul><li>Simplex (one direction only) </li></ul></ul><ul><ul><li>Half-duplex (one direction at a time) </li></ul></ul><ul><ul><li>Full duplex (both ways simultaneously) </li></ul></ul><ul><li>Keeps different applications' data separate from other applications </li></ul><ul><li>Protocols include: </li></ul><ul><ul><li>NFS </li></ul></ul><ul><ul><li>SQL </li></ul></ul><ul><ul><li>X Window </li></ul></ul><ul><ul><li>RPC </li></ul></ul><ul><ul><li>ASP </li></ul></ul><ul><ul><li>NetBIOS Names </li></ul></ul><ul><li>[Encapsulation = data] </li></ul>
  7. 7. 4. Transport Layer <ul><li>Responsible for end to end integrity of data transmissions </li></ul><ul><li>Establishes a logical connection between sending and receiving hosts via ‘virtual circuits’ </li></ul><ul><li>Windowing works at this level to control how much information is transferred before acknowledgement is required </li></ul><ul><li>Data is segmented and reassembled at this layer </li></ul><ul><li>Port numbers are used to keep track of different conversations crossing the network at the same time </li></ul><ul><li>Error correction (not detection) </li></ul><ul><li>Supports: </li></ul><ul><ul><li>TCP </li></ul></ul><ul><ul><li>UDP </li></ul></ul><ul><ul><li>SPX </li></ul></ul><ul><ul><li>NBP </li></ul></ul><ul><li>[Encapsulation = segments] </li></ul>
  8. 8. 3. Network Layer <ul><li>Routes data from one node to another and determines the best path to take </li></ul><ul><li>Routers operate at this level </li></ul><ul><li>Network addresses are used here for routing </li></ul><ul><li>Routing tables, subnetting and control of network congestion occur here. </li></ul><ul><li>Routing protocols regardless of which protocol they run over reside here: </li></ul><ul><ul><li>RIP </li></ul></ul><ul><ul><li>IP </li></ul></ul><ul><ul><li>IPX </li></ul></ul><ul><ul><li>ARP </li></ul></ul><ul><ul><li>IGRP </li></ul></ul><ul><ul><li>Appletalk </li></ul></ul><ul><li>[Encapsulation = Packets] </li></ul>
  9. 9. 2. Data Link Layer <ul><li>Sometimes referred to as the LAN layer . </li></ul><ul><li>Responsible for the physical transmission of data from one node to another </li></ul><ul><li>Packets are translated into Frames here and hardware address is added. </li></ul><ul><li>Error detection </li></ul><ul><li>Bridges and switches operate at this layer. </li></ul><ul><li>[Encapsulation = Frames] </li></ul>
  10. 10. Data Link Sublayers <ul><li>Logical Link Control (LLC) 802.2:- </li></ul><ul><ul><li>Manages communications between devices over a single link on a network </li></ul></ul><ul><ul><li>Uses Service Access Points (SAPs) to help lower layers talk to the Network Layer. </li></ul></ul><ul><li>Media Access Control (MAC) 802.3:- </li></ul><ul><ul><li>Builds frames from the 1’s and 0’s that the Physical Layer (address = 6-byte/48 bit) picks up from the wire as a digital signal </li></ul></ul><ul><ul><li>Runs a Cyclic Redundancy Check (CRC) to assure no bits were lost or corrupted. </li></ul></ul>
  11. 11. 1. Physical Layer <ul><li>Puts data onto the wire and takes it off </li></ul><ul><li>Physical layer specifications such as: </li></ul><ul><ul><li>Connectors </li></ul></ul><ul><ul><li>Voltage </li></ul></ul><ul><ul><li>physical data rates </li></ul></ul><ul><ul><li>DTE/DCE interfaces </li></ul></ul><ul><li>Some common implementations include: </li></ul><ul><ul><li>Ethernet/IEEE 802.3 </li></ul></ul><ul><ul><li>Fast Ethernet </li></ul></ul><ul><ul><li>Token Ring/IEEE 802.5 </li></ul></ul><ul><li>[ Hubs operate here] </li></ul><ul><li>[Encapsulation = Bits] </li></ul>
  12. 12. 2. Cisco Hierarchical Model
  13. 13. Core Layer <ul><li>Switch traffic as quickly as possible </li></ul><ul><li>Fast transport to Enterprise services (internet etc). </li></ul><ul><li>No packet Manipulation, VLANs or access-lists </li></ul><ul><li>High speed access required such as FDDI, ATM </li></ul>
  14. 14. Distribution Layer <ul><li>Time sensitive manipulation such as routing, filtering and WAN access </li></ul><ul><li>Broadcast/Multicast, media translations, security </li></ul>
  15. 15. Access Layer <ul><li>Switches and routers </li></ul><ul><li>Static (not dynamic) routing </li></ul><ul><li>[Network] Segmentation occurs here </li></ul><ul><li>Workgroup access </li></ul>
  16. 16. 3. Port Numbers
  17. 17. Common port numbers are: <ul><li>20 - File Transfer Protocol – Data (TCP) </li></ul><ul><li>21 - File Transfer Protocol – Control (TCP) (Rarely Used) </li></ul><ul><li>22 - SSH (TCP) </li></ul><ul><li>23 - Telnet (TCP) </li></ul><ul><li>25 - Simple Mail Transfer Protocol (TCP) </li></ul><ul><li>53 - Domain Name Service (TCP/UDP) </li></ul><ul><li>69 - Trivial File Transfer Protocol (UDP) </li></ul><ul><li>80 - HTTP/WWW (TCP) </li></ul><ul><li>110 - Post Office Protocol 3 (TCP) </li></ul><ul><li>119 - Network News Transfer Protocol (TCP) </li></ul><ul><li>123 - Network Time Protocol (UDP) </li></ul><ul><li>161/162 - Simple Network Management Protocol (UDP) </li></ul><ul><li>443 - HTTP over Secure Sockets Layer (TCP) </li></ul>
  18. 18. 4. TCP/IP & UDP
  19. 19. TCP – (protocol 6) <ul><li>Reliable, sequenced Connection-oriented delivery </li></ul><ul><li>20-byte header. </li></ul>
  20. 20. UDP – (protocol 17) <ul><li>Connectionless, Unsequenced, best effort delivery </li></ul><ul><li>6-byte Header. </li></ul><ul><li>Sends data but does Not check to see if it is received. </li></ul>
  21. 21. Services/Protocols <ul><li>Telnet </li></ul><ul><ul><li>Used to connect to a remote device (TCP) </li></ul></ul><ul><ul><li>A password and username is required to connect. </li></ul></ul><ul><ul><li>Telnet tests all seven layers of the OSI model. </li></ul></ul><ul><li>SNMP </li></ul><ul><ul><li>Allows remote management of network devices. </li></ul></ul>
  22. 22. Services/Protocols <ul><li>FTP </li></ul><ul><ul><li>Connection orientated (TCP) protocol </li></ul></ul><ul><ul><li>Used to transfer large files. </li></ul></ul><ul><li>TFTP </li></ul><ul><ul><li>Connectionless (UDP) protocol used for file transfer </li></ul></ul>
  23. 23. ICMP <ul><li>ICMP </li></ul><ul><ul><li>Supports packets containing error, control and informational messages. </li></ul></ul><ul><ul><li>Ping uses ICMP to test network connectivity. </li></ul></ul><ul><li>ARP </li></ul><ul><ul><li>Used to map an IP address to a physical (MAC) address. </li></ul></ul><ul><ul><ul><li>A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. </li></ul></ul></ul><ul><ul><ul><li>The host replies with its physical address. </li></ul></ul></ul>
  24. 24. DNS <ul><li>Resolves hostnames to IP addresses (not the other way around). </li></ul><ul><li>To configure the router to use a host on the network use the command: </li></ul><ul><ul><li>ROUTER(config)#ip nameserver </li></ul></ul><ul><li>To configure DNS the command: ‘ip Name-server’ is usually already turned on for the router config by default. </li></ul><ul><li>If you want hosts on the network to use the router as a proxy DNS server put this command onto the router: </li></ul><ul><ul><li>ROUTER(config)#ip dns server </li></ul></ul>
  25. 25. DHCP <ul><li>Involves a central server or device which relays TCP information to hosts on a network. </li></ul><ul><li>You can configure a router to be a DHCP server with the below config </li></ul><ul><li>Must have hosts on the same LAN as the router interface: </li></ul><ul><li>ROUTER(config)#ip dhcp pool E00_DHCP_Pool </li></ul><ul><li>ROUTER(dhcp-config)#network </li></ul><ul><li>ROUTER(dhcp-config)#dns-server </li></ul><ul><li>ROUTER(dhcp-config)#domain-name </li></ul><ul><li>ROUTER(dhcp-config)#default-router </li></ul><ul><li>ROUTER(dhcp-config)#lease 1 </li></ul>
  26. 26. 5. Cisco IOS
  27. 27. 6 Modes: <ul><li>User EXEC:- Router> </li></ul><ul><li>Privileged EXEC:- Router# </li></ul><ul><li>Global Configuration:- Router(config)# </li></ul><ul><li>ROM Monitor:- > or rommon> </li></ul><ul><li>Setup:- series of questions </li></ul><ul><li>RXBoot:- Router<boot> </li></ul>
  28. 28. Editing Commands (1): <ul><li>Ctrl+W - Erases a word </li></ul><ul><li>Ctrl+U - Erases a line </li></ul><ul><li>Ctrl+A - Moves cursor to beginning of line </li></ul><ul><li>Ctrl+E - Moves cursor to end of line </li></ul><ul><li>Ctrl+F - (or right arrow) – Move forward one character </li></ul><ul><li>Ctrl+B - (or left arrow) – Move back one character </li></ul><ul><li>Ctrl+P - (or up arrow) – Recalls previous commands from buffer </li></ul><ul><li>Ctrl+N - (or down arrow) – Return to more recent commands in buffer </li></ul><ul><li>Esc+B - Move back one word </li></ul><ul><li>Esc+F - Move forward one word </li></ul>
  29. 29. Editing Commands (2): <ul><li>Tab - completes a command you have started: </li></ul><ul><ul><li>Router# copy ru <- press tab key after the ‘u’ </li></ul></ul><ul><ul><li>Router# copy running-configuration </li></ul></ul><ul><li>? gives you the command options: </li></ul><ul><ul><li>Router#copy ? </li></ul></ul><ul><ul><li>Flash: Copy from flash: file system </li></ul></ul><ul><ul><li>Ftp: Copy from ftp: file system </li></ul></ul><ul><ul><li>Nvram: Copy from nvram: file system </li></ul></ul><ul><ul><li>Running-config Copy from current system configuration </li></ul></ul><ul><ul><li>Startup-config Copy from startup configuration </li></ul></ul><ul><ul><li>System: Copy from system: file system </li></ul></ul><ul><ul><li>Tftp: Copy from tftp: file system (truncated to save space) </li></ul></ul><ul><li>Or the commands beginning with the letters you have typed: </li></ul><ul><ul><li>Router#a? </li></ul></ul><ul><ul><li>Access-enable </li></ul></ul><ul><ul><li>access-profile </li></ul></ul><ul><ul><li>access-template </li></ul></ul>
  30. 30. 6. Router Elements
  31. 31. DRAM (1) <ul><li>Working area for router. </li></ul><ul><li>Contains: </li></ul><ul><ul><li>Routing tables </li></ul></ul><ul><ul><li>ARP cache </li></ul></ul><ul><ul><li>Packet buffers </li></ul></ul><ul><ul><li>IOS </li></ul></ul><ul><ul><li>Running config </li></ul></ul><ul><li>Some routers run the IOS from DRAM. </li></ul>
  32. 32. DRAM (2) <ul><li>Show version </li></ul><ul><ul><li>Shows information about IOS in RAM </li></ul></ul><ul><ul><li>Displays how much physical memory is installed </li></ul></ul><ul><ul><li>Shows the config register setting. </li></ul></ul><ul><li>Show process </li></ul><ul><ul><li>Shows info about programs running in DRAM. </li></ul></ul><ul><li>Show running-configuration </li></ul><ul><ul><li>Shows active configuration in DRAM </li></ul></ul><ul><li>Show memory/stacks/buffers </li></ul><ul><ul><li>To view tables and buffers </li></ul></ul>
  33. 33. NVRAM <ul><li>Stores router's start up configuration </li></ul><ul><li>Does not lose data when powered off (due to a battery power source.) </li></ul><ul><li>Show startup-configuration </li></ul><ul><li>Erase startup-configuration </li></ul><ul><li>Copy running-configuration startup-configuration (copy run start) </li></ul><ul><li>Config register 0x2142 skips start up config file in NVRAM (for password recovery) </li></ul><ul><li>Config register 0x2102 loads start up config files from NVRAM </li></ul>
  34. 34. Flash <ul><li>(EEPROM or PCMCIA card) holds the compressed operating system image (IOS) </li></ul><ul><li>This is where software upgrades are stored. </li></ul><ul><li>Show flash </li></ul><ul><li>Dir flash: </li></ul>
  35. 35. ROM <ul><li>Contains power on diagnostics, a bootstrap program and a mini IOS (rommon). </li></ul><ul><li>You can specify which file the router boots from if you have more than one in flash memory </li></ul><ul><ul><li>Router(config)#boot system flash {IOS filename} </li></ul></ul><ul><li>Or that it boots from a TFTP server if for example the image is too large to fit in flash. </li></ul><ul><ul><li>Router(config)#boot system tftp {IOS filename}{tftp address) </li></ul></ul><ul><li>You can also back up the flash image for emergency use. </li></ul><ul><ul><li>Router(config)#copy flash tftp </li></ul></ul>
  36. 36. 7. Cabling
  37. 37. Pinouts <ul><li>Crossover </li></ul><ul><li>1 <-> 3 </li></ul><ul><li>2 <-> 6 </li></ul><ul><li>3 <-> 1 </li></ul><ul><li>6 <-> 2 </li></ul>Straight Through 1 <-> 1 2 <-> 2 3 <-> 3 4 <-> 4 5 <-> 5 6 <-> 6 7 <-> 7 8 <-> 8 Rollover (PC to Console/Aux port) 1 <-> 8 2 <-> 7 3 <-> 6 4 <-> 5 5 <-> 4 6 <-> 3 7 <-> 2 8 <-> 1
  38. 38. Two types of crosstalk can occur on twisted pair cables: <ul><li>Near end crosstalk (NEXT) </li></ul><ul><li>Far end crosstalk (FEXT) </li></ul>
  39. 39. 8. Router Management
  40. 40. Router Management <ul><li>Console port: </li></ul><ul><ul><li>A PC is connected to the console port via a rollover cable. </li></ul></ul><ul><ul><li>Used for initial configuration or disaster recovery. </li></ul></ul><ul><li>Auxiliary port: </li></ul><ul><ul><li>Normally a modem connected to this port. </li></ul></ul><ul><li>Virtual Terminals: </li></ul><ul><ul><li>Normally accessed by telnetting to the router. </li></ul></ul><ul><ul><li>Five lines available numbered [vty] 0-4 </li></ul></ul>
  41. 41. Router Management <ul><li>TFTP server: </li></ul><ul><ul><li>The router can get its configs or IOS from a server (PC for example) running TFTP software and holding the necessary files. </li></ul></ul><ul><li>NMS: </li></ul><ul><ul><li>Network management station </li></ul></ul><ul><ul><li>Uses SNMP to manage the router normally via a Web style interface. </li></ul></ul>
  42. 42. 9. CDP
  43. 43. Router#show cdp neighbors <ul><li>This command displays the neighbouring router or switches hostname, hardware platform, port identifier and capabilities list. </li></ul>
  44. 44. Router#show cdp neighbors detail <ul><li>This command displays more detail than the previous one. You can view IP address, IOS release and duplex setting. </li></ul>
  45. 45. 10. LAN Switching
  46. 46. A LAN switch has three primary functions: <ul><li>1. Address Learning </li></ul><ul><ul><li>Maintains a table (CAM – Content Addressable Memory) of addresses and which port they can be reached on. </li></ul></ul><ul><li>2. Forward/filter decision </li></ul><ul><ul><li>Forwards frames only out of the relevant port. </li></ul></ul><ul><li>3. Loop avoidance </li></ul><ul><ul><li>STP </li></ul></ul>
  47. 47. Transmitting Frames Through a Switch <ul><li>Store-and-Forward </li></ul><ul><ul><li>Switch copies the entire frame into its buffer and computes the CRC </li></ul></ul><ul><ul><li>Frame is discarded if there is an error. </li></ul></ul><ul><ul><li>High latency. </li></ul></ul><ul><li>Cut-through </li></ul><ul><ul><li>Reads only the destination address (first 6 bytes after preamble), looks up address and forwards frame. </li></ul></ul><ul><ul><li>Lower latency. </li></ul></ul><ul><li>Fragment free </li></ul><ul><ul><li>Switch reads first 64 bytes before forwarding the frame. </li></ul></ul><ul><ul><li>(Collisions normally occur within the first 64 bytes.) </li></ul></ul>
  48. 48. Spanning Tree Protocol (STP) IEEE 802.1d <ul><li>A link management protocol that provides path redundancy whilst preventing undesirable loops in the network </li></ul><ul><li>For communication to work correctly on an ethernet network there can only be one path between two destinations. </li></ul><ul><li>STP uses Bridge Protocol Data Units (BPDU) received by all switches to determine the spanning-tree topology. </li></ul><ul><li>A port on a switch is either in forwarding or blocking state. </li></ul><ul><ul><li>Forwarding ports provide the lowest cost path to the root bridge </li></ul></ul><ul><ul><li>A port will remain in blocking state from start up if spanning tree determines there is a better path. </li></ul></ul>
  49. 49. Rapid Spanning Tree Protocol (RSTP) IEEE 802.1w <ul><li>Spanning tree takes up to 50 seconds to converge to a stable network whereas RSTP takes 2 seconds. </li></ul><ul><li>RSTP port roles are: </li></ul><ul><ul><li>Root Port </li></ul></ul><ul><ul><li>Designated Port </li></ul></ul><ul><ul><li>Backup Port </li></ul></ul><ul><ul><li>Alternate Port </li></ul></ul><ul><ul><li>Disabled </li></ul></ul><ul><li>Most implementations of RSTP use PVST+ (Per VLAN Spanning Tree+): </li></ul><ul><ul><li>Multiple instances of Spanning Tree are running so the load on the CPU is higher but we can load share over the links. </li></ul></ul><ul><li>To enable RSTP for each VLAN in our switched network we use the following command: </li></ul><ul><ul><li>Switch(config)#spanning-tree mode rapid-pvst </li></ul></ul>
  50. 50. Bridging & Switching <ul><li>Switching </li></ul><ul><ul><li>LAN Switches are primarily hardware based. </li></ul></ul><ul><ul><li>Many spanning-tree instances per switch and up to 100 ports. </li></ul></ul><ul><li>Bridging </li></ul><ul><ul><li>Bridges are primarily software based and have one spanning-tree instance per bridge. </li></ul></ul><ul><ul><li>Normally 16 ports per bridge. </li></ul></ul>
  51. 51. Virtual LAN (VLAN) <ul><li>A VLAN is a switched network that consists of logically segmented communities without regard to physical location. </li></ul><ul><li>Each port on a switch can belong to a VLAN. </li></ul><ul><li>VLAN ports share broadcasts. </li></ul><ul><li>A router is needed to route traffic between VLANs because layer 2 devices do not use IP addresses. </li></ul><ul><li>Reduces admin costs, tighter security and better control of broadcasts. </li></ul>
  52. 52. 11. IP Addressing
  53. 53. Class A <ul><li>Format/Default Mask </li></ul><ul><ul><li>N . H.H.H </li></ul></ul><ul><ul><li> </li></ul></ul><ul><li>Leading Bit Pattern = 0 </li></ul><ul><li>Network Address Range = 0 - 126 </li></ul><ul><li>Max Networks = 126 </li></ul><ul><li>Max Hosts/nodes = 16,777,214 </li></ul>
  54. 54. Class B <ul><li>Format/Default Mask </li></ul><ul><ul><li>N.N. H.H </li></ul></ul><ul><ul><li> </li></ul></ul><ul><li>Leading Bit Pattern = 10 </li></ul><ul><li>Network Address Range = 128 -191 </li></ul><ul><li>Max Networks = 16,384 </li></ul><ul><li>Max Hosts/nodes = 65,534 </li></ul>
  55. 55. Class C <ul><li>Format/Default Mask </li></ul><ul><ul><li>N.N.N. H </li></ul></ul><ul><ul><li> </li></ul></ul><ul><li>Leading Bit Pattern = 110 </li></ul><ul><li>Network Address Range = 192 - 223 </li></ul><ul><li>Max Networks = 2,097,152 </li></ul><ul><li>Max Hosts/nodes = 254 </li></ul>
  56. 56. Class D <ul><li>Leading Bit Pattern = 1110 </li></ul><ul><li>Network Address Range = 224 - 239 </li></ul><ul><li>Multicast </li></ul>
  57. 57. Class E <ul><li>Leading Bit Pattern = 11110 </li></ul><ul><li>Network Address Range = 240 - 255 </li></ul><ul><li>Experimental </li></ul>
  58. 58. 12. Subnetting
  59. 59. 13. IPv6
  60. 60. The two methods of migrating from IPv4 to IPv6 are: <ul><li>Dual-Stack </li></ul><ul><li>Tunnelling </li></ul>
  61. 61. 14. IP Routing
  62. 62. Static routing: <ul><li>Router(config)#ip route {destination network}{mask}{next hop address} </li></ul><ul><li>E.g </li></ul><ul><ul><li>ip route </li></ul></ul>
  63. 63. Dynamic addressing is done by using a routing protocol: <ul><li>For RIP v2 </li></ul><ul><ul><li>Router(config)#router rip </li></ul></ul><ul><ul><li>Router(config-router)#version 2 </li></ul></ul><ul><ul><li>Router(config-router)#network </li></ul></ul><ul><ul><li>Router(config-router)#no auto-summary <- {optional} </li></ul></ul><ul><li>For EIGRP </li></ul><ul><ul><li>Router(config)# router eigrp 20 </li></ul></ul><ul><ul><li>Router(config-router)#network </li></ul></ul><ul><ul><li>Router(config-router)#no auto-summary <- {optional} </li></ul></ul><ul><li>For OSPF </li></ul><ul><ul><li>Router(config)#router ospf 20 </li></ul></ul><ul><ul><li>Router(config-router)#network area 0 </li></ul></ul>
  64. 64. Distance Vector (1) <ul><li>Distance Vector protocols understand the direction and distance to any given network connections. </li></ul><ul><li>Algorithms calculate the cost to reach the connection and pass this information to every neighbour router. </li></ul><ul><li>Examples are RIP and IGRP. </li></ul><ul><li>Problems: </li></ul><ul><ul><li>Routing loops </li></ul></ul><ul><ul><li>Counting to infinity </li></ul></ul>
  65. 65. Distance Vector Solutions: <ul><li>Defining a maximum number of hops: </li></ul><ul><ul><li>RIP = 15 </li></ul></ul><ul><ul><li>IGRP = 255 </li></ul></ul><ul><li>Split Horizon </li></ul><ul><ul><li>If the router learns a route on an interface do not advertise it out of the same interface. </li></ul></ul><ul><li>Route Poisoning </li></ul><ul><ul><li>Information passed out of an interface is marked as unreachable by setting the hop count to 16 (for RIP). </li></ul></ul><ul><li>Hold Down Timers </li></ul><ul><ul><li>Ignores new routing updates until a determined time has passed. </li></ul></ul><ul><li>Triggered Updates </li></ul><ul><ul><li>Instead of routing updates being sent at the default intervals; a triggered update is sent every time to indicate a change in the routing table. </li></ul></ul>
  66. 66. Link state (1) <ul><li>These have a picture of the entire network from link state advertisements (LSA) and link State packets (LSP). Once these have all been passed only changes to the network are sent out reducing network traffic. </li></ul><ul><li>Req a lot of CPU time & b/width when LSAs are flooded eg: </li></ul><ul><ul><li>OSPF </li></ul></ul><ul><ul><li>IS-IS </li></ul></ul><ul><li>Routers use administrative distances to determine how believable the route learned is depending upon the protocol it learns the router from: </li></ul><ul><ul><li>Routers prefer lowest distance eg: </li></ul></ul><ul><ul><li>Direct connection (0) >> OSPF (110) >> RIP (120) </li></ul></ul><ul><ul><li>Install this protocol in routing table </li></ul></ul>
  67. 67. Link state (2) <ul><li>Routing Protocols </li></ul><ul><ul><li>Maintain table of hosts </li></ul></ul><ul><ul><li>Which i/face they can be reached by </li></ul></ul><ul><ul><li>Eg: RIP, OSPF </li></ul></ul><ul><li>Routed Protocols </li></ul><ul><ul><li>Used to transport traffic from source to destination </li></ul></ul><ul><ul><li>Eg: IP, IPX, AppleTalk </li></ul></ul><ul><li>When a packet traverses a n/work from device to device (hop to hop): </li></ul><ul><ul><li>IP address = constant </li></ul></ul><ul><ul><li>MAC address changes </li></ul></ul>
  68. 68. Source - Default Distance: <ul><li>Directly Connected Interface = 0 </li></ul><ul><li>Static hop to next router = 1 </li></ul><ul><li>EIGRP Summary = 5 </li></ul><ul><li>External BGP = 20 </li></ul><ul><li>EIGRP (Internal) = 90 </li></ul><ul><li>OSPF = 110 </li></ul><ul><li>IS-IS = 115 </li></ul><ul><li>RIP = 120 </li></ul><ul><li>Exterior Gateway Protocol (EGP) = 140 </li></ul><ul><li>External EIGRP = 170 </li></ul><ul><li>Internal BGP = 200 </li></ul><ul><li>Unknown = 255 </li></ul>
  69. 69. 15. Routing Protocols
  70. 70. RIP v2 <ul><li>Uses UDP port 520 </li></ul><ul><li>Classless </li></ul><ul><li>Max hop count 15 </li></ul><ul><li>Multicasts route updates to </li></ul><ul><li>Supports authentication </li></ul><ul><li>Update timer 30 seconds </li></ul><ul><li>Invalid 90 seconds </li></ul><ul><li>Hold down 180 seconds </li></ul><ul><li>Flush 270 seconds </li></ul>
  71. 71. EIGRP <ul><li>Uses IP protocol 88 </li></ul><ul><li>Classless </li></ul><ul><li>Hybrid of distance vector and link state </li></ul><ul><li>Multicasts updates to </li></ul><ul><li>Uses feasible successors to determine alternative routes to networks. </li></ul><ul><li>The feasible successor is a backup route based upon the topology table. </li></ul>
  72. 72. OSPF <ul><li>Uses IP protocol 89 </li></ul><ul><li>Classless </li></ul><ul><li>Uses Dijkstras shortest path algorithm (SFP) </li></ul><ul><li>Router ID is the highest IP address but loopback address used if present </li></ul><ul><li>Backbone area is area 0 </li></ul><ul><li>All non backbone areas must connect directly to area 0 </li></ul><ul><li>Areas can be numbered from 0 to 65535 </li></ul><ul><li>Multicasts on </li></ul>
  73. 73. OSPF Interface / Cost: <ul><li>OSPF uses cost as a metric (see below - * indicates the most common) [Cost (10^8/Bandwidth)] </li></ul><ul><ul><li>ATM, Fast Ethernet, Gigabit Ethernet, FDDI (> 100 Mbps) = 1 </li></ul></ul><ul><ul><li>HSSI (45Mbps) = 2 </li></ul></ul><ul><ul><li>16 Mbps Token Ring = 6 </li></ul></ul><ul><ul><li>10 Mbps Ethernet = 10 </li></ul></ul><ul><ul><li>4 Mbps Token Ring = 25 </li></ul></ul><ul><ul><li>T1 (1.544 Mbps)* = 64 </li></ul></ul><ul><ul><li>DS-0 (64k)* = 1562 </li></ul></ul><ul><ul><li>56k = 1785 </li></ul></ul>
  74. 74. 16. NAT
  75. 75. NAT Facts <ul><li>Converts internal address to external address commonly: </li></ul><ul><ul><li>Convert non-routable address to routable address </li></ul></ul><ul><li>For all configs you must specify internal & external i/faces </li></ul><ul><ul><li>Router(config-if)#ip nat inside/outside </li></ul></ul>
  76. 76. Static NAT <ul><li>Maps one address to another address such as to </li></ul><ul><ul><li>Router(config)#ip nat inside source static </li></ul></ul>
  77. 77. Dynamic NAT <ul><li>Maps a number of internal addresses to a pool of external addresses. </li></ul><ul><li>Example config: </li></ul><ul><ul><li>1. Creates a pool of 10 addresses with a mask (prefix length) of and the name ‘ad_team.’ </li></ul></ul><ul><ul><li>2. The hosts to be NATted are on the network. </li></ul></ul><ul><ul><li>3. The Access list (source list) tells the router which addresses to NAT. </li></ul></ul><ul><ul><li>Router(config)#ip nat pool ad_team prefix-length 24 </li></ul></ul><ul><ul><li>Router(config)#ip nat inside source list 1 pool ad_team out </li></ul></ul><ul><ul><li>Router(config)#access-list 1 permit </li></ul></ul>
  78. 78. Overload NAT (PAT) <ul><li>Maps private internal addresses to one or more external addresses using port nos </li></ul><ul><li>Example config: </li></ul><ul><ul><li>Creates a pool of ten addresses (it could be more) </li></ul></ul><ul><ul><li>The command ‘overload’ tells the router to use port address translation. </li></ul></ul><ul><ul><li>Router(config)#ip nat pool ad_team prefix-length 24 </li></ul></ul><ul><ul><li>Router(config)#ip nat inside source list 1 pool ad_team out overload </li></ul></ul><ul><ul><li>Router(config)#access-list 1 permit </li></ul></ul>
  79. 79. 17. Wireless Networks
  80. 80. Ad-hoc Mode <ul><li>Similar to peer-to-peer networking where nodes connect directly to each other </li></ul><ul><li>They must have the same SSID and channel for this to work. </li></ul>
  81. 81. Infrastructure Mode <ul><li>W/less clients connect to access point (AP) </li></ul><ul><li>BSS (Basic Service Set) </li></ul><ul><ul><li>1 access point and multiple clients </li></ul></ul><ul><li>ESS (Extended Service Set) </li></ul><ul><ul><li>2 or more BSSs </li></ul></ul>
  82. 82. W/less Security <ul><li>Open System </li></ul><ul><ul><li>Host sends an association request to the wireless access point and it will be sent a success or failure message </li></ul></ul><ul><li>Shared key </li></ul><ul><ul><li>A key or pass phrase is configured on the AP & client(s) </li></ul></ul><ul><ul><li>3 Types of Authentication: WEP, WPA, WPA2… </li></ul></ul>
  83. 83. 3 Types of Authentication: <ul><li>WEP </li></ul><ul><ul><li>An encryption algorithm built in the 802.11 standard </li></ul></ul><ul><ul><li>RC4 40bit or 104 bit key </li></ul></ul><ul><ul><li>24-bit IV (Initialization Vector) </li></ul></ul><ul><li>WPA </li></ul><ul><ul><li>Uses dynamic key management </li></ul></ul><ul><ul><li>Adds a stronger encryption cipher </li></ul></ul><ul><ul><li>Built on the EAP/802.1X mechanism </li></ul></ul><ul><ul><li>Uses TKIP (Temporal Key Integrity Protocol) </li></ul></ul><ul><ul><li>48-bit IV </li></ul></ul><ul><ul><li>Used w/ RADIUS in the Enterprise </li></ul></ul><ul><li>WPA2 </li></ul><ul><ul><li>Next generation </li></ul></ul><ul><ul><li>Uses stronger AES (Advanced Encryption Standard) </li></ul></ul><ul><ul><li>Creates a new key for every new association </li></ul></ul><ul><ul><ul><li>Client's keys are unique & specific to that client </li></ul></ul></ul>
  84. 84. 18. Network Security
  85. 85. Access Lists <ul><li>A set of conditions that permit or deny access to or through a router's i/face </li></ul><ul><li>Inbound Access Lists </li></ul><ul><li>Outbound Access Lists </li></ul><ul><li>Can be applied to multiple interfaces </li></ul><ul><li>There can only be one access list per protocol per direction per interface </li></ul><ul><li>Wildcard masks </li></ul><ul><li>Access lists are applied to interfaces </li></ul><ul><li>Range <<>> Usage </li></ul><ul><li>Standard Access Lists </li></ul><ul><li>Extended Access Lists </li></ul><ul><li>Named Access Lists </li></ul><ul><li>‘ access-class’ </li></ul><ul><ul><li>Used if applying to console/aux/vty lines </li></ul></ul><ul><li>Show ip access-lists </li></ul><ul><li>Show access-list 1 </li></ul><ul><li>Packets are processed by the access list and then routed. </li></ul>
  86. 86. Inbound & Outbound Access Lists <ul><li>Inbound: </li></ul><ul><ul><li>Save the router having to process the packet </li></ul></ul><ul><ul><li>Denied packets will be dropped at the inbound interface </li></ul></ul><ul><li>Outbound: </li></ul><ul><ul><li>Will be processed by the router </li></ul></ul><ul><ul><li>Then dropped at the outbound interface if they match the access list </li></ul></ul>
  87. 87. Wildcard masks <ul><li>Tell the router which parts of the address to look at and which to disregard </li></ul><ul><li>Access-list 12 permit </li></ul><ul><ul><li>This would permit any host on network 172.16.5.x </li></ul></ul>
  88. 88. Access lists are applied to interfaces: <ul><li>Router(config)#access-list 1 permit </li></ul><ul><li>Router(config)#interface e0 </li></ul><ul><li>Router(config-if)#ip access-group 1 in </li></ul>
  89. 89. Range <<>> Usage <ul><li>1300-1999 >> IP Standard (Expanded Range) </li></ul><ul><li>100-199 >> IP Extended </li></ul><ul><li>1-99 >> IP Standard </li></ul><ul><li>2000-2699 >> IP Extended (Expanded Range) </li></ul>
  90. 90. Standard Access Lists <ul><li>Check only the source address of the packet & permits or denies entire TCP/IP suite </li></ul><ul><li>You cannot choose a particular port or application to block </li></ul><ul><li>Cisco recommends that they are placed as close to the destination as possible. </li></ul><ul><li>Router(config)#access-list{number 1-99}{permit/deny}{source address} </li></ul><ul><li>Access-list 10 permit <<- address can be a host or network </li></ul>
  91. 91. Extended Access Lists <ul><li>Allow for a lot more granularity when filtering IP traffic. </li></ul><ul><li>Can filter traffic based upon: </li></ul><ul><ul><li>Source or destination </li></ul></ul><ul><ul><li>A particular IP protocol </li></ul></ul><ul><ul><li>Port number </li></ul></ul><ul><li>Cisco recommends that they are placed as close to the source as possible. </li></ul><ul><li>Router(config)#access-list {number 100-99}{permit/deny}{protocol} </li></ul><ul><li>Access-list 112 permit tcp host host eq www </li></ul>
  92. 92. Named Access Lists <ul><li>Router(config)#ip access-list {standard/extended} name </li></ul><ul><li>Router(config)#ip access-list extended no_ftp </li></ul>
  93. 93. Passwords <ul><li>Service password-encryption </li></ul><ul><li>Enable </li></ul><ul><li>Enable Secret </li></ul><ul><li>VTY </li></ul><ul><li>Auxiliary </li></ul><ul><li>Console </li></ul>
  94. 94. Password cont… <ul><li>Service password-encryption </li></ul><ul><ul><li>Encrypts all passwords </li></ul></ul><ul><li>Enable </li></ul><ul><ul><li>Used to get from user exec to privileged exec. </li></ul></ul><ul><ul><li>Not encrypted </li></ul></ul><ul><ul><li>Router(config)# enable password {password} </li></ul></ul><ul><li>Enable Secret </li></ul><ul><ul><li>Encrypts password </li></ul></ul><ul><ul><li>Router(config)# enable secret {password} </li></ul></ul><ul><ul><li>(only use enable or enable secret not both) </li></ul></ul>
  95. 95. Password cont… <ul><li>VTY </li></ul><ul><ul><li>Needed if telnet access is required </li></ul></ul><ul><ul><li>Router(config)#line vty 0 4 </li></ul></ul><ul><ul><li>Router(config-line)#password cisco </li></ul></ul><ul><ul><li>Router(config-line)#login </li></ul></ul><ul><li>Auxiliary </li></ul><ul><ul><li>Allows modem access to the aux port </li></ul></ul><ul><ul><li>Router(config)#line aux 0 </li></ul></ul><ul><ul><li>Router(config-line)#password cisco </li></ul></ul><ul><ul><li>Router(config-line)#login </li></ul></ul><ul><li>Console </li></ul><ul><ul><li>Used to allow console access </li></ul></ul><ul><ul><li>Router(config)#line console 0 </li></ul></ul><ul><ul><li>Router(config-line)#password cisco </li></ul></ul><ul><ul><li>Router(config-line)#login </li></ul></ul>
  96. 96. Protecting the Network <ul><li>Firewalls </li></ul><ul><ul><li>Divide your network into three zones: </li></ul></ul><ul><ul><ul><li>Trusted </li></ul></ul></ul><ul><ul><ul><li>Semi-Trusted </li></ul></ul></ul><ul><ul><ul><li>Un-Trusted </li></ul></ul></ul><ul><li>VPN </li></ul><ul><ul><li>Allows information to be sent securely over an insecure medium (eg Internet) </li></ul></ul><ul><ul><li>Can be: </li></ul></ul><ul><ul><ul><li>Site-to-Site (eg WAN) </li></ul></ul></ul><ul><ul><ul><li>Access (eg homeworker) </li></ul></ul></ul>
  97. 97. Security Device Manager (SDM) <ul><li>A GUI web based tool </li></ul><ul><li>Allows you to configure and manage your Cisco routers </li></ul><ul><li>Can be installed on your router or your PC </li></ul><ul><li>(Huge amount of parameters and screens to navigate) </li></ul>
  98. 98. 19. Wan Protocols and Services
  99. 99. HDLC <ul><li>Cisco default on serial WAN connections </li></ul><ul><li>No authentication available </li></ul>
  100. 100. PPP <ul><li>Data link </li></ul><ul><li>Authentication is optional: </li></ul><ul><ul><li>PAP (clear text) </li></ul></ul><ul><ul><li>CHAP (secure hash) </li></ul></ul><ul><li>Use PPP if connecting a Cisco router to a non-cisco router. </li></ul><ul><li>Router(config)#hostname paul password cisco <<- case sensitive </li></ul><ul><li>Router(config)#interface serial 0 </li></ul><ul><li>Router(config-if)#encapsulation ppp </li></ul><ul><li>Router(config-if)# ppp authentication chap </li></ul>
  101. 101. Frame Relay (1) <ul><li>Based upon x.25 protocol </li></ul><ul><li>Less error checking = quicker </li></ul><ul><li>56K to 2Mb </li></ul><ul><ul><li>Ideal for SMEs </li></ul></ul><ul><li>Works at the physical & data link layers. </li></ul><ul><li>DLCI’s are used to identify the circuit </li></ul>
  102. 102. Frame Relay (2) <ul><li>Each router uses LMIs for keepalives on the line between the router & the frame relay switch: </li></ul><ul><ul><li>LMI type is Cisco by default. </li></ul></ul><ul><ul><li>You must use another type such as ansi if connecting to a non-cisco router. </li></ul></ul><ul><li>Router(config-if)#encapsulation frame-relay Router(config-if)#frame-relay map ip 100 </li></ul><ul><ul><li>Router is told to get to ip address use dlci 100 </li></ul></ul><ul><li>Use frame relay sub-interfaces if point-to-point or multipoint connection is needed </li></ul><ul><ul><li>IP address applied to sub-interfaces for these and NOT the main interface </li></ul></ul>
  103. 103. Frame relay uses: <ul><li>Backwards Explicit Congestion Notification (BECN) </li></ul><ul><ul><li>On returning frames to warn of congestion </li></ul></ul><ul><li>Forward Explicit Congestion Notification (FECN) </li></ul><ul><ul><li>Is set by the DCE end to warn of congestion from the sending end. </li></ul></ul>
  104. 104. Frame Relay Problems include: <ul><li>Incorrect LMI setting </li></ul><ul><li>Incorrect DCLI </li></ul><ul><li>Split horizon preventing routing updates leaving interface </li></ul>
  105. 105. 20. Troubleshooting
  106. 106. Show ip interface brief <ul><li>First command to issue to establish if the interfaces are up or down </li></ul><ul><li>(There are only a handful of ways to break any network in the exam.) </li></ul>
  107. 107. Layer 1 <ul><li>Ensure that there is a clock rate on the DCE interface </li></ul><ul><li>Show controllers serial X </li></ul><ul><ul><li>To check what type of cable is attached </li></ul></ul><ul><ul><li>X = serial i/face no </li></ul></ul><ul><li>Ensure that the ‘ no shut ’ command has been applied to the interface. </li></ul>
  108. 108. Layer 2 <ul><li>Ensure that the correct encapsulation type is on the interface i.e. HDLC, PPP etc </li></ul><ul><li>Show interface serial X </li></ul><ul><li>If it is not then go into interface configuration mode and change it. </li></ul>
  109. 109. Layer 3 <ul><li>Ensure that the correct IP address AND subnet mask is applied to the interface. </li></ul><ul><li>Ensure that the correct networks are being advertised by the routing protocol </li></ul><ul><li>Show ip protocols </li></ul>
  110. 110. Warning! <ul><li>Always ensure that you can ping across directly connected router interfaces BEFORE applying routing protocols and access lists. </li></ul>
  111. 111. CCNA Cram Guide