CCNA Revision Notes By C. T.

Amos

BASICS
OSI 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 - Physical Protocols FTP, Telnet, etc HTML TCP, UDP IP, IPv6, Router PPP, Frame-Relay, etc NICs, Switch Repeater, Hub Devices

802.11 Wireless RSTP = 802.1w 802.5 Token Ring STP = 802.1d 802.ab 1G Ethernet (1000 BASE-SX), uses CSMA/CD 802.3z 1G Ethernet (1000 BASE-T), uses CSMA,CD 802.3u 100MB Ethernet (100 BASE-TX) 802.3ae 10G Ethernet, approved in 2002.

Private IP Addresses:
10.0.0.0 172.16.0.0 192.168.0.0 10.255.255.255 172.31.255.255 192.168.255.255

Common Protocol Ports:

RIP UDP 521 SSh - 22 FTP 20 & 21 on TCP DNS 53 on both TCP & UDP TFTP - 69 Telnet 23 SMTP 25 POP3 110

Page 1

CCNA Revision Notes By C. T. Amos

Password Recovery Reboot Router CTRL + Break To interrupt boot process. confreg 0x2142 reset

Boot Process POST Locate IOS using bootstrap. Load IOS Load Configuration file into running config.

Default Sequence for Loading an OS Flash TFTP Server ROM (mini IOS or Bootloader or RXBoot)

Default Sequence for Loading the Configuration File. NVRAM TFTP Server Setup Dialog

Runt A packet size smaller than the mediums minimum packet size. Usually anything less than 64kb. Can be caused by collisions, faulty NICs, duplex mismatch, and 802.1q & ISL mismatch.

Troubleshooting Steps:
1. Ping loopback/diagnostics IP address 127.0.0.1 2. Ping local PC IP address Shows TCP/IP stack is properly installed. 3. Ping Default Gateway 4. Ping remote server.

Page 2

CCNA Revision Notes By C. T. Amos

CISCO IOS
Router Modes
User exec mode Router> Privileged exec mode Router# Global Configuration mode Router(config)# Specific Configuration mode e.g. Router(config-if)# Setup mode Would you like to enter the initial configuration dialog? [yes,no]:

Banner Types
MOTD Banner Login Banner Prompt time-out Banner

Line Configurations:
Auxiliary, Console, Telnet line con 0 password amos login exec-timeout 0 prevents the console from timing out logging synchronous stops annoying console messages from popping up and disrupting the configs youre trying to type terminal monitor Allows you 2view the debug output of or router you are telnetted into.

Secure Shell (SSh) Alternative to Telnet. Sends encrypted keys.

config t username amos password ccna hostname cisco ip domain-name amos.com crypto key generate rsa general-keys modulus 1024 (Can be from 360 to 2048. RSA is an encryption algorithm). ip ssh time-out 60 Makes the ssh connection timeout after 60 secs of being idle. ip ssh authentication-retries 2 Allow on 2 incorrect password entry attempts line vty 0 15 transport input ssh This restricts telnet access to ssh only login local Causes a prompt for a username and password in the local database.

Page 3

CCNA Revision Notes By C. T. Amos

Router Name and Password

hostname cisco enable password/secret amos service password-encryption encrypts passwords entered b4 & after this command.

Pipe
sh run | begin interface Means show the running config beginning with info on interfaces. sh ip route | include 192.168.3.32 Find this IP in the routing table sh run | redirect Can be used to redirect output to a URL.

Setting DCE Clock Rate:

int s0/0/1 clock rate 64000 do sh controllers

Bandwidth / Port speed

Int f0/1 Speed 100 limit port operation to 100Mbps

Copying and Erasing

copy run start or copy stat run copy run tftp 10.1.1.1 copy start tftp 10.1.1.1 copy tftp run or copy tftp start sh run or sh start erase start

Other Commands
ping 10.1.1.1 or, for an Extended PING just type ping followed by the return key and you can determine the following PING variables: a. Datagram size, b. Timeout value, c. Protocol, d. Source IP address e. traceroute 10.1.1.1 telnet 10.1.1.1 (or just 10.1.1.1 automatically understood 2b a telnet command). a. sh sessions Allows you to see all the multiple telnet connections open b. ctrl + shift + 6 + x.- Returns to current router c. resume 2, or 3 etc Resumes connection to one of open sessions. d. Disconnect 2, or 3 etc sh processes This command shows CPU utilization to determine if the device will be able to handle the debug command for instance.

Page 4

CCNA Revision Notes By C. T. Amos sh ip int sh ip int br sh protocols

Configuration Register: (0x2102 = Default)

config-register 0x2142 - means ignore NVRAM contents and is used 4password recovery. reload

Backing up and Restoring the IOS

copy flash tftp copy tftp flash

CDP Cisco Discovery Protocol

sh cdp neighbor sh cdp nei detail int f0/1 cdp enable no cdp run

Resolving Hostnames Manually:

ip host router2 10.1.1.1

Resolving Hostnames Dynamically:

ip domain-lookup ip name-server 10.1.1.2 The DNS Server. ip domain-name amos.com

Static Routing

Default Routing (for Stub Networks)

Ip route 0.0.0.0 0.0.0.0 192.168.0.10 (next hop or exit interface, s0/0/1 etc) Ip classless

Gateway of Last Resort:

ip route 0.0.0.0 0.0.0.0 196.24.31.8 Or ip route 0.0.0.0 0.0.0.0 s0/0/0 Or ip default-network 196.24.31.0 public ip add of Gateway connected to ISP

Page 5

CCNA Revision Notes By C. T. Amos

Routing Protocols:
Route Source Connected Interface Static Route EIGRP IGRP OSPF RIP External EIGRP Unknown Administrative Distance 0 1 90 100 110 120 170 255 never used

Distance Vector Routing Protocols RIP & IGRP (Send & receive routing info to directly connected routers periodically). Link state OSPF & IS-IS. (Send and receive routing info 2 all routers in the Autonomous System (AS), have 3 tables in the routing table.) Hybrid EIGRP

Solutions to Routing Loops (Counting 2Infinity)

1. Maximum hop count, e.g. not more than 15 for RIP. 2. Split horizon A router cannot advertise a path back 2the router from which it received that data. 3. Route Poisoning A router continues 2advertize an unavailable network but will assign 2it a metric hop count of 16 (unreachable). 4. Hold down Prevents updates from happening too quickly when an unavailable route comes up again or vice versa coz this slows down the network. Useful in wireless networks.

RIP Timers
1. Route update timer Self explanatory and occurs every 30s. 2. Route invalid Timer a router waits 180s b4 specifying a route as invalid.

Page 6

CCNA Revision Notes By C. T. Amos

3. Hold down timer 180s 4. Route flush Timer 240s. The time between a route becoming invalid & the time it is removed from the routing table. RIPv2 uses multicast 224.0.0.9

IGRP
1. Maximum hop count of 255 (100 by default). 2. Uses a composite metric of bandwidth and delay by default but can also use MTU, reliability & load. 3. Updates every 90secs.

EIGRP
Uses multicast 224.0.0.10. All routing protocols are able to provide Load Balancing for equal cost paths. But only IGRP & EIGRP can load balance unequal cost paths (using the variance command). 1. Fastest convergence time of all the routing protocols. 2. Uses bandwidth and delay (cumulative line delay) as metric. Can also use load, reliability, & MTU size. 3. Supports VLSM (Variable Length Subnet Masks) & CIDR (Cisco Inter Domain Routing.) 4. Supports discontiguous networks using the no auto-summary command. 5. Supports IPv6 using Protocol-Dependent Modules (PDMs). 6. Classless 7. Efficient neighbor discovery Uses Hellos & Acknowledgements.

Page 7

CCNA Revision Notes By C. T. Amos 8. Communication via RTP (Reliable Transport Protocol) 9. Best path selection using DUAL (Diffusing Update Algorythm)

Features:
Feasible Distance Best path/metric to a destination. Neighbor Table Each PDM has its neighbor table. Topology Table Feasible Successor Backup route stored in the Topology table. EIGRP has 6 feasible successors by default. Successor Best route. Stored in the Routing table and backed up by the feasible successor. EIGRP is able to redistribute manually and automatically.

EIGRP Tables:
Neighborship Table Topology Table Routing Table

Configuration Examples:
router eigrp 10 passive-interface s0/0/1 preventing EIGRP from sending routing info out particular interfaces.

no auto summary required for discontiguous networks. Also necessary so the specific networks can be advertized, not just the 172.16.0.0/16 summary. Redistribution: So EIGRP and another routing protocol such as RIP can communicate.

Page 8

CCNA Revision Notes By C. T. Amos

Changing bandwidth & Delay for EIGRP:

router eigrp 10 bandwidth 128560 delay 300000

EIGRP Commands.
sh ip route eigrp sh ip eigrp topology debug eigrp pockets debug ip notification Only has data if there is a problem with the network sh ip eigrp nei H Address Interface I 10.1.1.2 S0/0/1

Hold 14

Uptime SRTT RTO Q Seq 00:14:10 1 200 0 81

Page 9

CCNA Revision Notes By C. T. Amos

OSPF (Open Standard)

Uses multicast address 224.0.0.5 and sends data via Hello packets and LSAs. Supports Authentication. Max OSPF priority = 255 Default OSPF priority = 1 Least OSPF priority = 0 1. Uses the Dijkstra algorithm 2. Open standards 3. Fast convergence 4. Supports VLSM / CIDR 5. Uses Automomous Systems & Areas 6. Allows scalability 7. Unlimited hop count 8. Multicast route propagation on change

Features:
ASBR Autonomous System Border Router - Connects 1 OSPF AS to another. ABR Area Border Router Connects a router to a backbone router or Area 0. Link A router interface. Router ID (RID) Highest IP address of all interfaces on a router, or the highest loopback IP add if the router has one. Designated Router (DR) The router elected to receive and disseminate routing info to other routers on a network.

Page 10

CCNA Revision Notes By C. T. Amos BDR Backup Designated Router. Broadcast / Multi-access Networks e.g. Ethernet. The DR & BDR are elected on these networks. Non-Broadcast Multi-access Networks (NBMA) e.g. Frame Relay, X25, & ATM. Also elect a DR and BDR. Point-to-Multipoint No DR & BDR elected. Point-to-Point Here 2 routers can be directly connected either physically or virtually using Frame Relay circuits. OSPF uses Wildcards. OSPF uses the cost metric, & its accumulated over all the exit interfaces to a given destination. 10N = 100Mbps = a Cost of 1. 10Mbps = a Cost of 10 64Kbps = 1563 Process ID

OSPF commands:

network 10.0.0.0 0.0.255.255 area 2 This wild card means from 10.0.0.0 to 10.0.255.255 sh ip ospf Gives the RID & Area number. sh ip ospf database shows the RIDs of all the routers in the AS. sh ip ospf int f0/1 shows the IP add, RID, Process ID, Cost, Network type, DR/BDR. sh ip ospf nei sh ip protocols debug ip ospf packet debug ip ospf hello debug ip ospf adj

Page 11

CCNA Revision Notes By C. T. Amos

DR & BDR Election Process:

Setting Loopback Addresses

Then reload router The loopback add will be the RID but will not override the router-id command: router ospf 1 router-id 10.1.2.23

Setting Priority:
int f0/1 ip ospf priority 2

Configuring Summary Routes

router ospf 1 network 192.168.10.64 0.0.0.3 area 1 network 192.168.10.68 0.0.0.3 area 1 area 1 range 192.168.10.64 255.255.255.224 This will summarize all networks from Area 1 as one entry of 192.168.10.64/27.

Page 12

CCNA Revision Notes By C. T. Amos

SWITCHING
Switching works through the use of ASIC (Application Specific Integrated Circuits).

Switch Characteristics
1. Address Learning When MAC addresses are learned, theyre placed in a MAC Forward/Filter Table. 2. Forward Filter 3. Loop Avoidance

Features:
STP Uses the Spanning Tree Algorithm (STA) Root Bridge The Bridge/Switch with the lowest Bridge ID Bridge ID Combination of MAC add plus priority Non-Root Bridge BPDU Bridge Protocol Data Units. Messages sent to & from each switch containing STP info. Root Port The port directly connected to the root bridge. Designated Port Forwarding port. Has lowest cost on a switch. Blocked Port Will not forward frames but will listen. Used 2prevent loops.

Spanning Tree States:

Blocking Prevents loops. Listens for BPDUs. Listening Prepares to forward frames, listens for BPDUs. Learning Populates the MAC Add Table Forwarding Forwards frames if its a root port, learns MAC addresses.
Page 13

CCNA Revision Notes By C. T. Amos

Disabled Does not participate in STP but receives BPDUs. Forward Delay Period of time from listening state to learning state, 15s by default.

Switch Configuration Commands:

sh mac-address table sh port-security int f0/1 ip default gateway 10.1.1.1 Assigns a default gateway to a switch in order to access the switch remotely. spanning-tree vlan 1 priority 4096 int range fastethernet 0/1 12

Security

sp portfast sp bpdu guard enable Guards against creating loops if a switch is connected to this port. sp bpdu filter enable Prevents port from receiving BPDU packets. sp portfast default Enables portfast on all access ports.

Rapid Spanning Tree Protocol (RSTP)

spanning-tree mode rapid-pvst STP standard = 802.1w RSTP std = 802.1d

EtherChannel:
For bundling multiple links into 1. The multiple connections to devices can be used simultaneously, thus increasing bandwidth.

Page 14

CCNA Revision Notes By C. T. Amos

Redundancy is still present. int port-channel 1 int range f0/1 2 switchport mode trunk Creates a trunk port used between switches. switchport nonegotiate Prevents switches from auto detecting the type of link. channel-group 1 mode desirable

Static Mac Address

config t mac-address-table static aaaa.bbbb.cccc vlan 1 int f0/1

How to make a Switch the Root Bridge:

1. Reduce priority 2. spanning-tree vlan 1 root primary Works only if all switches have same priority. Will have 2b configured for the Vlan.

VLANS
A Vlan is a logical segmentation of a network. It is a broadcast domain and a router is therefore required for inter Vlan communication.

Features:
Static Vlans Self explanatory Dynamic Vlans This requires a database of MAC & IP addresses and info about which Vlan they belong to. Requires VMPS to function. VMPS VLAN Management Policy Server. Maps MAC addresses to Vlans. Access Port Belongs one particular Vlan and does not look at source addresses. Trunk Port a. Belongs to all Vlans and carries Vlan info. b. Can use DTP (Dynamic Trunking Port) for negotiation of port mode.
Page 15

CCNA Revision Notes By C. T. Amos c. Vlan traffic is multiplexed over a trunk port. Frame Tagging A frame is tagged with info about the Vlan its destined to. PVID Default Port Vlan ID. Identifier that passes through native Vlan or Vlan 1, on the trunk port.

VLAN Identification Methods:

1. ISL Inter-Switch Link. Cisco proprietary protocol used for fast gigabit Ethernet only. 2. IEEE 802.1q International standard. Adds a header to the frame with Vlan info. 3. VTP a. b. c. d.

Vlan Trunking Protocol Offers Vlan trunking over mixed networks e.g. Ethernet & ATM, etc. Dynamically reports additions of extra Vlans. Learns normal range Vlans (1-1005) but no Extended Vlans (1006 - 4094).

VTP Modes
VTP Server Creates, edits, and deletes VTP database info. Save database in NVRAM. VTP Client Updates and forwards updates but does not save them. VTP Transparent Mode No new Vlan updates are saved. Forwards updates but does not look at them or save them in its database. vtp mode server vtp domain amos vtp password cisco VTP Pruning Means Vlan X broadcast is not sent to switch without Vlan X on it. Vlans 1 to 1001 can be pruned: int f0/1 switchport trunk pruning vlan 3 4 Do sh int trunk

This command configured on one switch will automatically b enabled on the entire network.

Page 16

CCNA Revision Notes By C. T. Amos Assigning Vlans conf t vlan 2 name marketing do sh vlan Assiging Ports int f0/1 switchport mode access switchport access vlan 3 Trunking int f0/1 switchport trunk encapsulation dot1q (or isl) switchport mode trunk

Blocking & Allowing certain Vlans on a trunk Port

int f0/1 switchport trunk allowed remove vlan 4 12 no switchport trunk allowed vlan Allows all Vlans.

To change Native VLAN from VLAN 1 (for security purposes)

switchport trunk native vlan 3

Creating Sub Interfaces & Assigning Subnets to a Router

VLAN3

VLAN2 On the Switch: Int f0/1 Switchport mode trunk Switchport trunk encapsulation dot1q On the Router: int f0/1.2 encapsulation dot1q 2 ip add 10.1.1.1 255.255.255.0 int f0/1.3 encapsulation dot1q 3 ip add 10.1.2.1 255.255.255.0

Page 17

CCNA Revision Notes By C. T. Amos

SECURITY:
a. Cisco IOS Firewall b. Access Lists (ACLs) c. NAT

A ) Features of the Cisco IOS Firewall

1. Intrusion Detection References 102 intrusion detection signatures. 2. Firewall Voice Traversal Support SIP (Session Initiation Protocol). 3. ICMP Filtering ping & traceroute packets etc. 4. Authentication Proxy Requires authentication from users b4 granting them access to network resources. Profiles are kept on a RADIUS or TACACS Server. 5. DoS Detection and prevention of Denial of Service attacks. 6. Stateful IOS Firewall Inspection Engine Gives users access only to a particular application. Also called CBAC (Context Based Access Control).

B ) Traffic Filtering Techniques:

Time based Access Lists. Peer router authentication. Policy based multi-interface support. Standard Access Lists Only make decisions based on source IP add. Extended Access Lists Evaluates many other fields in layer 3 & 4 headers. There is an implicit deny at the end of every access list.

Access List Rules:

Rule 1 Place IP std access lists as close to the destination as possible Rule 2 Place Extended ACLs as close 2the source as possible.
Page 18

CCNA Revision Notes By C. T. Amos

Rule 3 One ACL per interface pr protocol per direction

Rules For Regulating ACLs For Traffic From The Internet To The LAN
Rule 1 - Deny entry from any addresses from the internal network Rule 2 - Deny any local host addresses (127.0.0.0/8) Rule 3 Deny any reserved private addresses Rule 4 Deny any multicast IP add range (224.0.0.0/4)

ACL Numbers :
0 -99 = Standard 100 199 = Extended 1300 1999 = Expanded std 2000 2699 = Expanded extended

Configuration Examples:
access-list 10 deny any similar to access-list 10 deny 0.0.0.0 255.255.255.255 access-list 10 deny 10.1.1.1 Denies a single IP address access-list 10 deny 10.1.1.0 0.0.3.255 Using wildcards access-list 10 permit any Required because of the implicit deny. int f0/1 ip access group 10 out sh access-list 10 sh ip access-list sh ip int

Extended ACLs

Page 19

CCNA Revision Notes By C. T. Amos

Limiting Telnet Access

Access-list 10 permit 10.0.0.1 Access-list 10 permit 10.0.1.1 Line vty 0 5 Access-class 10 in If port 23 or telnet traffic is blocked with an extended ACL from host A to network X, all telnet traffic from network X to host A will automatically be blocked as well.

Advanced ACLs:
Named ACLs Switch Port ACLs Time-Based ACLs

Named ACLs:
conf t ip access-list standard BlockFinance deny 10.0.0.8 0.0.0.7 permit any exit int f0/1 ip access-group BlockFinance out

Switch Port ACLs:

deny any host aaaa.bbbb.cccc permit any any exit int f0.1 mac access-group Amos_List in do sh mac access-group

Time-Based ACLs:
conf t time-range no-http periodic weekend 06:00 to 12:00 exit

Page 20

CCNA Revision Notes By C. T. Amos time-range tcp-yes periodic weekend 06:00 to 12:00 exit ip access-list extended time deny tcp any any eq www time-range no-http permit tcp any any time-range tcp-yes int f0/1 ip access-group time in do sh time range

Remark:
ip access-list extended no_telnet remark deny all of sales from telnetting to marketing deny tcp 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255 eq 23 permit any any

NAT
Static NAT Dynamic NAT Overloading (PAT)

NAT IP Addresses:
Inside local Outside Local Inside Global Outside Global sh ip nat translation debug ip nat netwmask 255.255.255.0 = prefix-length 24

Static Nat Configuration

ip nat inside source static 10.0.0.1 176.0.0.1 int f0/1 ip nat inside int s0/0/1 ip nat outside

Page 21

CCNA Revision Notes By C. T. Amos

Removing NAT from a router

clear ip nat translation * - This command removes only dynamic entries. ip nat translation max-entries Limits the number of IP adds that will be mapped onto 1 global IP add.

Dynamic NAT:
ip nat pool amos 176.0.0.2 176.0.0.254 netmask 255.255.255.0 ip nat inside source list 1 pool amos int f0/1 ip add 10.0.0.1 255.255.255.0 ip nat inside int s0/0/1 ip add 176.0.0.1 255.255.255.0 ip nat outside access-list 1 permit 10.0.0.0 0.0.0.255

PAT (NAT Overload) - Mapping of multiple IP adds to a single IP add using different
ports. ip nat pool amos 176.0.0.1 176.0.0.1 netmask 255.255.255.0 ip nat inside source list 1 pool amos overload int f0/1 ip nat inside int s0/0/1 ip add176.0.0.1 255.255.255.0 ip nat outside access-list 1 permit 10.0.0.0 0.0.0.255

Page 22

CCNA Revision Notes By C. T. Amos

WIRELESS
802.11 Wireless Standard

1 ) 802.11b
2.4GHz, DSSS (Direct Sequence Spread Spectrum). 3 non overlapping channels, About 25 users per cell, Up 350 feet (105m) at 1Mbps & 11Mbps at 150 feet (45m),

2 ) 802.11g
2.4GHz DSSS & OFDM (Orthogonal Frequency Division Multiplexing) 3 non overlapping channels About 20 users per cell Up to 300 feet at 6 Mbps

3) 802.11a(h)
Tech has lower market penetration 5GHz OFDM 802.11h has up to 23 non overlapping channels & 802.11a has 12.. 15 users per cell Up to 200 feet at 6Mbps

802.11h Features:
TPC (Transmit Power Control) Alters power watts to change cell range and has been used by Cellular companies for some time. DFS (Dynamic Frequency Selection) Avoids radar in order to eliminate interference coz radar uses the 2.4GHz range as well, & so does Bluetooth & Microwaves.

4 ) 802.11n
Latest Wireless technology 2.4GHz & 5GHz MIMO (Multiple Input Multiple Output) Uses 4 antennas, 2 for receiving and 2 for sending. Can also have up to 8 antennas. Up to 250Mbps maximum link speed.

Page 23

CCNA Revision Notes By C. T. Amos

Features:
ESS (Extended Service Set) Has 2 or more BSS with the same SSID. o The AP has its own BSSID, usually its MAC address. SSID Service Set ID BSID Basis Service Set ID IBSS (Independent Basic Service Set) An ad hoc connection mode that allows computers to connect directly to each other without the use of an Access Point. Usually for SOHOs. Infrastructure Mode (Either BSS or ESS) Requires at least 1 access mode. BSA (Basic Service Area) Contains 1 cell & 1 Access Point. ESA (Extended Service Area) Has more than 1 cell & each cell has a different channel. o It should have at least 10-15% overlap & 15-50% for Voice.

Wireless Security:
WFP Wireless Encryption Protocol or Wired Equivalent Privacy. Uses the RC4 encryption algorithm. WPA Wi-Fi Protection Access. Uses a 128 bit key. o WPA Enterprise Uses a Radius Server o WPA Personal Also known as WPA-PSK ()Pre Shared Key. Does not use a server. WPA2 Uses AES-CCMP encryption.

Cisco Unified Wireless Solution:

Requires APs & a Cisco WLAN Controller in order 2function. The APs here all have 2 be in the same SSID.

Page 24

CCNA Revision Notes By C. T. Amos

IPv6
Has 4 times more possible IP addresses 128 bits long 64 bits for the add, 16 for the Subnet mask, & 48 for the global prefix. No Broadcasts. Anycast Multiple computers with the same IP add,when an anycast packet is sent it will be delivered to the closest computer.

Mixed IPv4 & IPv6 Network 0:0:0:0:0:0:192.168.0.1 Auto Configuration: A device assigns itself a globally or locally unique IP add by 1st looking at the router and then converting its own MAC add. For example: Router MAC add 0060.d673.1987 Append with FFFE

conf t ipv6 unicast-routing Enables IPv6 int f0/1 ipv6 add 2001:db8:3c4d:1::/64 eui-64 - This allows the router to use its MAC add & pad it 2mak the interface ID.

DHCPv6
IPv6 dhcp pool cisco Domain-name amos.com

Int f0/1 Ipv6 dhcp server cisco

ARP is now ICMPv6 neighbor discovery.

Page 25

CCNA Revision Notes By C. T. Amos

Routing Protocols
RIP
ripng ipv6 router rip 1 - The 1 is the process ID or tag. int f0/1 ipv6 router rip 1 enable - Now enabled in interface mode.

EIGRPv6
ipv6 router eigrp 10 no shut int f0/1 ipv6 eigrp 10

OSPFv3
ipv6 router ospf 1 router-id 1.1.1.1 Every router has 2b assigned a router id. int f0/1 ipv6 ospf 1 area 0

Migration Strategies
Dual Stacking Uses both IPv4 & IPv6 6 to 4 Tunneling Traversing through an IPv4 Network NAT-PT (Protocol Translation)

A ) Dual Stacking
ipv6 unicast-routing int f0/1 ipv6 add 2001:db8:3c4d:1::/64 eui-64 ip add 10.0.0.1 255.255.255.0

B ) 6 to 4 Tunneling
Router 1 (Has 2b a Dual Stack Router) int tunnel 0 ipv6 add 2001:db8:1:1::1/64 tunnel source 10.0.0.1 tunnel destination 10.0.1.1 tunnel mode ipv6ip
Page 26

CCNA Revision Notes By C. T. Amos

Router 2 (Has 2b a Dual Stack Router)

int tunnel 0 ipv6 add 2001:db8:2:2::1/64 tunnel source 10.0.1.1 tunnel destination 10.0.0.1 tunnel mode ipv6ip It is best to encapsulate these packets in UDP coz NAT on the IPv4 network will blast away the tunnel info.

C ) NAT-PT
Instead of local to global address translation, we have IPv4 to IPv6, IPv6 t0 IPv4, etc. Uses Static NAT, Dynamic NAT, & NAPT-PT. NAPT-PT (Network Address Port Translation Port Translation) Maps multiple IPv6 adds to 1 IPv4 add.

Reserved IPv6 Addresses

Loopback address - ::1 Link local This is like a private IPv4 add but cant be routed even within the organization. Unique local Like the link local but can be routed within the organization but not the internet. Multicast All these adds begin with FF Unicast Global Unicast Just like a normal routable public IPv4 address.

Page 27

CCNA Revision Notes By C. T. Amos

WANs
Usually involves an SP (Service Provider).

WAN Terms:
CPE Customer Premises Equipment. Owned by subscriber. Demarcation Point Where the SPs equipment end a& the CPE begins, usually with a CSU/DSU. Local Loop This connects the demarcation point 2the closest switching office called the CO (Central Office). CO Connects the customers network to the providers switching network. Also called POP (Point of Presence). Toll Network Trunk line or collection of switches & facilities owned by the ISP.

WAN Connection Types:

1. Leased line Point to Point Synchronous serial dedication lines. Fast & up to 45Mbps. Uses HDLC & PPP. 2. Circuit Switched ISDN & Dial Up. Asynchronous & uses a Bri Interface. 3. Packet Switched Synchronous. Allows many companies to share bandwicth cost. Uses Frame Relay & X.25. ISDN Intergrated Services Digital Network HDLC High-Level Data Link Control. Has no protocol info in the header & therefore is proprietary. Also has no authentication. PPP Can run on synchronous (e.g. ISDN) & Asynchronous (e.g. Dial Up) links. Has protocol info in the header. Allows: Authentication Compression Call back Error detection Multilink support
Page 28

CCNA Revision Notes By C. T. Amos

PPPoE a PPP frame encapsulated in an Ethernet frame. Has lower MTU size than Ethernet & if firewall is not properly configured this can cause a great deal of problems. PPPoA PPP over ATM CABLE Also be called HFC (Hybrid Fibre-Coaxial) DSL Digital Subscriber Line. Deployed at the last mile or local loop, between the CPE & DSLAM (DSL Access Multiplexer) which has connections to other clients as well. ADSL uses ATM. MPLS Multiprotocol Label Switching. Imposes labels to packets & makes forwarding packets faster through the service providers network since theres no routing decisions made based on the IP adds. MPLS is WAN tech that operates at layer 3 & therefore has more capabilities than other WAN technologies, e.g. it can assign different priority levels to packets from SP clients. ATM Uses cells instead of packets. An ATM Switch is called a DSLAM.

Types of Connectors
V.35 Used to connect to a CSU/DSU EIA/TIA 332 EIA/TIA 449 EIA 530

PPP
Uses LCP (Link Control Protocol) to establish sessions, & NCP (Network Control Protocol) for multiple layer 3 protocols. LCP does authentication using PAP or CHAP. Allows callback but both the client & remote router have 2b configured for it 1st. PAP Password Authentication Protocol. Authenticates only once, when the session is created, & the password is sent in clear text. CHAP Challenge Handshake Authentication Protocol. More secure, checks periodically that the devices communicating are the correct ones. int s0/0/1 encapsulation ppp
Page 29

CCNA Revision Notes By C. T. Amos ppp authentication chap pap PAP will act as backup exit hostname router1 username router2 password amos username has 2b the hostname of the other communication router / device.

PPPoE
int f0/1 pppoe enable group global pppoe-client dial-pool-number 1 int dialer 0 ip add negotiated Logical interface ip add negotiatied Instruction to use DHCP ip mtu 1452 encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname amos pp chap password cisco

Frame Relay

Access Rate The max speed of the link. Can be 1.54Mbps. CIR Committed information rate. Max speed the SP will allow a client. Can be 256Kbps. The default encapsulation for Frame Relay is Cisco and this can be changed as follows: int s0/0/1

Page 30

CCNA Revision Notes By C. T. Amos encapsulation frame-relay ietf - Internet Engineering Task Force encapsulation. encapsulation frame-relay - Uses the default cisco encapsulation. PVC Permanent Virtual Circuit SVC Switched Virtual Circuit

Router B Configuration PVC int s0/0/1 encapsulation frame-relay ietf frame-relay lmi-type ansi ip add 10.0.0.1 255.255.255.0

SVC int s0/0/1 encapsulation frame-relay ietf frame-relay lmi-type ansi ip add 10.0.0.1 255.255.255.0

Other Configuration examples:

RA int s0/0/1 encapsulation frame-relay ietf int s0/0/1.1 point-to-multipoint

RB & RC Int s0/0/1.1 point-to-point etc

Page 31

CCNA Revision Notes By C. T. Amos frame-relay lmi-type ansi etc no ip split-horizons - A prevents the router from advertising a Frame Relay route back 2the router from which it received path data. Point-to-Point Subinterfaces Each subinterface has a unique DLCI & subnet. Multipoint Subinterfaces All the subinterfaces are in the same subnet but each has a unique DLCI. DLCI Data Link Connection Identifiers. Values used to identify specific virtual circuits & route traffic to the correct destination. IARP (Inverse ARP) Used to map DLCIs toIP addresses. int s0/0/1 frame-relay interface-dlci 16 LMI (Link Management Interface) Auto detected on latest Cisco IOS versions LMI messages are sent on DLCI 0 A signaling standard that communicates PVC status between communication devices & has Keep Alives, etc. Keep alives keep the PVCs up & ensure they dont shut down due to inactivity. DE Discard Eligibility. This bit is set to 1 (on) when data exceeds the CIR & the network is congested. FECN Forward Explicit Congestion Notification Listen destination DTE, the route just traversed is congested. BECN Backward Explicit Congestion Notification Listen source DTE, the network is congested. int s0/0/1 encapsulation frame-relay - Uses default of cisco not IETF. int s0/0/1.2 point-to-point frame-relay lmi-type ansi - Instead of Ansi, the default of cisco cld have been used. frame-relay interface-dlci 101

Page 32

CCNA Revision Notes By C. T. Amos Subinterfaces make it possible to have multiple virtual circuits on a single serial interface. They operate like separate physical interfaces. sh frame-relay lmi sh frame-relay pvc Shows network congestion as well as all PVCs & DLCI numbers. sh frame-relay map This shows whether IARP is able to map a remote IP add 2 its DLCI #.

VPNs
Allow creation of private networks over the internet. 3 Types of VPNs: Remote Access VPNs Site to Site VPNs (Intranet) Extranet VPNs For providing limited access to suppliers, partners, etc, e.g. connecting a Bank to SAP. The Difference between a VPN & Frame Relay is that frame relay traffic traverses a private network (the service providers network) & VPN traffic traverses a public network (Internet). A VPN can also have higher bandwidth than Frame Relay or PPP connection coz it can make use of any access to the internet e.g. 3G & DSL.

There are 2 ways to create a VPN:

1. Using tunneling 2. Using IPsec 2create authentication & encryption services between endpoints.

VPN Protocols
GRE (Generic Routing Encapsulation) - A Cisco proprietary protocol that can work with non-IP traffic. PPPT (Point to Point Tunneling Protocol) Microsoft proprietary L2TP (Layer 2 Tunneling Protocol) - Created by Microsoft & Cisco & combines the capabilities of L2F (Layer 2 Forwarding) & PPTP. IPsec Most secure. A suite of protocols & algorithms that allows for secure data transmission. Functions on Layer 3 & works only with IP based networks.

Page 33

CCNA Revision Notes By C. T. Amos

IPsec has 2 primary security Protocols:

1. AH (Authentication Header) Guarantees authenticity but offers no encryption. Includes the following: 2. ESP (Encapsulation Security Payload) Offers encryption , Provides confidentiality through the use of 3Des encryption. Anti-replay service This prevents somebody from intercepting a packet & resending it to the intended destination later. Data Origin authentication & connection integrity NBAR ( Network Based Application Recognition) - Enables you to classify certain applications as mission critical, e.g. ERP & SQL, so they have a minimum bandwidth allotted to them.

Page 34