Concepts in IP Addressing value, that would be R block size for the new (SSH) over IP to the device being

(SSH) over IP to the device being managed.
Using the command login on the vty lines addresses can connect. In addition, you can Create separate broadcast domains in a
IP is a Layer 3 media-independent connection- subnets, which would be 10.0, 10.32, 10.64, Serial ports are slower connections (compared requires the user to provide a password set timeouts for inactive sessions on the vty switch, increasing the number of broadcast
less protocol. Every device that is connected to 10.96, and so on. to Ethernet) that can be used for WAN when connecting via Telnet. That password is lines. domains.
the network must have a unique IP address. An The number of host that can be created use the connections. configured on the vty lines. A remote AAA server may be used to control Span multiple switches using trunks.
IP address has two major parts: the network and formula 2Host bits 2. If we have a network of Flash is a storage location that keeps the To configure a password on all five Telnet lines, the authentication, instead of using a local Allow logical grouping of users by function.
the host portions. 10.0.0.0/28, that leaves four host bits, so we IOS image. NVRAM is a storage location that you use configuration commands similar to the username configured on the router.
holds the startup configuration. RAM holds the VLAN configuration steps:

The CCNA Cram Sheet

Domain Name System (DNS) is used to map would have a possibility of 24 2 = 14 hosts on following: Banner messages with legal warnings may
any network that had a /28 mask. current running configuration. The initial startup 1. The VLAN must be created.
friendly names to the actual IP addresses asso- Router(config)#line vty 0 4 also be set up on the router, via the banner
file in NVRAM is called startup config. The 2. The desired ports must be added to the new
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ciated with those names. Subnetting is a process of moving the mask to
configuration that is running in RAM is called Router(config-line)#password cisco
command.
VLAN.
This Cram Sheet contains key facts about the ICND1 exam. Review this information as the last IPv4 uses a 32-bit number represented as four the right. Port security is a feature used on Layer
running config.
thing you do before you enter the testing center, paying special attention to those areas in which octets separated by periods, called dotted- IPv6 uses several types of addresses, including Router(config-line)#login 2 switch interfaces to control the number Routing between VLANs requires a router or
1. POST (power-on self-test): Device finds hardware
you think that you need the most review. You can transfer any of these facts from your head decimal. IPv6 uses 128-bit numbers represented global unicast (which ranges from 2000 through of MAC addresses associated with that a Layer 3 switch.
and performs hardware-checking routines.
onto a blank sheet of paper immediately before you begin the exam. in eight groups of four hexadecimal characters 3FFF), link local unicast addresses (which begin interface. When enabled, this feature allows
2. Locate IOS. Configuring SSH Trunks carry traffic from multiple VLANs over
each, separated by colons. Both IPv4 and IPv6 with FE80) and multicast addresses (which begin a maximum of one MAC address to be
Networking Fundamentals 3. Load IOS. To configure SSH on your router or switch, you a single connection (crossover cable). The
use a mask to identify how many bits going from with FF). Transition strategies include tunnel- associated with this interface. A violation of
4. Locate configuration (startup config). need the following elements: VLAN ID is tagged using IEEE 802.1Q.
Physical components for a network include hosts, connections, switches, and routers. Physical left to right are being used to identify the net- ing, dual stacking, and protocol translation. An this policy results in a shutdown of the port
topology describes the layout of the physical components. A logical topology communicates work. Bits not used to identify the network are anycast address is similar to unicast except that 5. Load configuration (running config). A hostname by default. To verify port security details, use Spanning Tree Protocol (STP) provides a
how the data flows through the network. used to identify hosts on that specific network. anycast packets will go to the one host that is A domain name the command show port-security. loop-free topology. STP does the following:
The configuration register is a four-character An RSA key Elects a root bridge (lowest bridge ID)
A local-area network (LAN) is a geographically close in proximity, high-speed network. A wide- A default gateway is required to send a packet closest as determined by the routing protocol
metric. IPv6 never broadcasts; it multicasts
hexadecimal value that can be changed to
A username and password for local authentication Switch Operations and Configuration Elects a root port for each nonroot bridge/switch
area network (WAN) is a network that is using third-party services (such as an service provider) out of a local network. manipulate how the router behaves at boot. The The most common physical media used for (best cost, then lowest bridge ID)
to connect devices over large geographic areas. A WAN is a collection of LANs connected over a instead.
long distance (farther than the LAN could provide). IPV4 ADDRESS CLASS AND RANGE default value is 0x2102. Sample SSH Configuration Ethernet networks is twisted pair. Fiber-optic Elects a designated port for each segment
IPv6 address compression:
Class High-Order Bits First Octet Range The characters 0x indicate that the characters Switch>enable cabling allows for transmission at higher Blocks ports (on nonroot switches) to prevent
WAN technologies include dedicated leased lines, which are a dedicated point-to-point connec- Given the address 2010:0000:BBBB:000C that follow are in hexadecimal. This makes it data rates over longer distances.
A 0 1126 Layer 2 loops
tion that can use Point-to-Point Protocol (PPP) or High-Level Data Link Control (HDLC). Packet- :D000:0000:0000:0001, the following address clear whether the value is two thousand one Switch#config t
switched connections share the bandwidth with other logical circuits, such as with Frame Relay. B 10 128191 Ethernet physical addressing = MAC STP cost for 100M is 19; the cost for 1G is 4.
representations are possible: hundred and two or, as in this case, two one Switch(config)#hostname Branch_2960
C 110 192223 addresses. 12 hexadecimal digits.
High-speed LANs typically use Ethernet in full duplex, using switches that operate at Layer 2. Drop leading 0s: zero two hexadecimal. STP port roles are as follows:
Routers operate logically at Layer 3. D 1110 224239 Branch_2960(config)#ip domain-name PC to switch/hub = Straight-through cable.
Root port: Port forwarding toward the root
2010:0:BBBB:C:D000:0:0:1 The fourth character in the configuration register
E 11110 240255 ExamCram.net Hub-hub, switch-switch, PC-PC, router- bridge.
is known as the boot field. Changing the value
Network Models Compress contiguous all-0 groups with :: once
router, PC-router directly (no switch/hub):
per address. for this character will have the following effects: Branch_2960(config)#crypto key Designated port/forwarding: Port forwarding
OSI MODEL IPV4 ADDRESS CLASS AND DEFAULT MASKS generate rsa Use crossover cable. away from the root bridge. (All ports on the root
2010:0:BBBB:C:D000::1 0x2100 = Always boot to ROMmon.
Class Default Mask Switches, bridges, and routers segment are designated.)
Layer Name Protocols and Devices PDU Name 0x2102 through 0x210F = Load the first valid IOS in Branch_2960(config)#username admin
Valid hex characters in an IPv6 address are 0F. a network. Hubs and repeaters extend a Nondesignated/discarding port: Blocking/
A 255.0.0.0 flash. password ciscocisco
7 Application FTP, Telnet, TFTP, SMTP, SNMP, DNS, HTTP Data IPv6 can use an EUI-64 method to create the network. discarding frames of data.
B 255.255.0.0 The command-line interface has two primary
6 Presentation ASCII, .jpg, .doc Data host ID, starting with information from the MAC Branch_2960(config)#line vty 0 4 STP types are as follows:
C 255.255.255.0 modes: user mode and privileged mode. Switches increase the number of collision
5 Session Establishment and teardown of logical sessions Data address being used by the interface. When in privileged mode, we can then enter Branch_2960(config-line)#login domains. Do not segment broadcast 802.1D: Traditional STP
4 Transport TCP: Connection oriented, reliable Segment The command ipv6 unicast-routing is off by configuration mode, as well as submodes, for domains. Routers, Layer 3 switches, and
IPV4 PRIVATE IP ADDRESS RANGES PVST+: Ciscos enhancements to STP, allowing
UDP: Connectionless, unreliable, uses upper layer protocols default, and must be enabled for a router to for- configuration. Branch_2960(config-line)#login local VLANs segment broadcast domains. separate STP for each VLAN
3 Network IP, routing and path determination, logical addressing Packet Class Range
ward the IPv6 packets of network devices. Context-sensitive help can be invoked by using A switch is a multiport bridge. Switches 802.1w: Rapid Spanning Tree, converges faster
A 10.0.0.0 to 10.255.255.255 Branch_2960(config-line)#transport
Routers IPv6 uses Neighbor Discovery Protocol (NDP) to the question mark (?). and uses features from Ciscos enhancements
B 172.16.0.0 to 172.31.255.255 input ssh forward frames using hardware application-
2 Data Link Ethernet, Frame Relay, PPP, HDLC, MAC addresses Frame determine Layer 2 addresses (replaces Address specific integrated circuits (ASIC), making Rapid PVST+: Rapid Spanning Tree, with sup-
The running configuration is stored in RAM as
Switches C 192.168.0.0 to 192.168.255.255
Resolution Protocol [ARP]). Autoconfiguration Branch_2960(config-line)#exit them faster than bridges. Dedicated port for separate STP for each VLAN
running config, and the startup configuration is
1 Physical Bits transmitted on media Bits allows you to obtain, via plug-and-play, an IP saved in NVRAM as startup config. In global configuration mode, you can use the bandwidth per port. The bridge ID is combination of priority, the
Subnetting allows you to create additional sub-
Hubs, repeaters address without using a DHCP server. command ip ssh version 2. Multiple versions Bridges and switches learn MACs by reading extended system ID (VLAN number), and the
nets. Variable-length subnet masking (VLSM) Commonly used commands include show
allows you to use different mask lengths so as The IP stacks for IPv4 and IPv6 are completely version, show interface, show ip interface of SSH are available, with Version 2 being the source MAC of each frame. base MAC address of the switch.
to not waste IP addresses. separate from each other, as are the routing brief, and show running-config. more secure than Version 1. The command Half duplex: Shared collision domain and Priority can be changed to a lower value to
TCP AND UDP
protocols for each of the stacks. Cisco Discovery Protocol (CDP) is a proprietary show ip ssh verifies that SSH is configured. lower throughput. cause a switch to become the root.
Know the following protocols and port numbers: To create IP subnets, you take (starting on the
IPv6 OSPFv3 doesnt use network statements. It (Cisco only) data-link (Layer 2) protocol. It is The command show ssh shows current SSH
left) what used to be host IP bits and allocate Full duplex: Point-to-point and higher PortFast can reduce the time for a port to
TCP UDP uses interface commands to enable each inter- enabled by default, but can be disabled globally connections to the router or switch.
them for subnetwork addressing. The number throughput. Allows both ends to transmit move to a forwarding state.
FTP 20, 21 DNS 53 of bits that you allocate above and beyond face for OSPF. Static IPv6 routes can be created via the no cdp run command. To learn remote You can the use of a username and password simultaneously. BPDU Guard can protect a port from seeing
Telnet 23 DHCP 67, 68 the default control how many subnets you can using the command ipv6 route. device Layer 3 address, hardware platform, and for access via Telnet or SSH by using the
To remotely manage a switch, you need bridge protocol data units (BPDUs), by shut-
SMTP 25 TFTP 69 create. The formula is two to the power of the IOS version, use show cdp neighbor or show command login local on the vty line. The
Working with Cisco Equipment cdp entry command. username required must be configured on the an IP address, subnet mask, and default ting down the port if BPDUs are seen.
DNS 53 NTP 123 number of bits that you take. For example, if we
The console port on a router or switch can router as well as in global configuration mode gateway. The switch must be reachable on a
HTTP 80 SNMP 161 start with a 10.0.0.0/8 network and we use 3 Securing Your Cisco Devices
be used to initially configure the device. when using login local. port in its management VLAN.
POP 110 additional bits to make it 10.0.0.0/11, we could
Ethernet ports are high-speed interfaces used You can use Telnet/SSH to remotely manage VLANs logically divide a switch into multiple,
NNTP 119 create 23 = 8 new subnets. Because the least You may use an access control list (ACL) and
to forward traffic, and can also be used to a Cisco device after it has IP addresses independent networks at Layer 2.
HTTPS 443 significant bit of the new mask falls on the 32 apply it to the vty lines to control which source
allow management traffic such as Secure Shell configured on it and interfaces enabled.
EtherChannel combines multiple physical interfaces, to make them appear as a single logical You can use the command show ip route to In general, place more specific statements at more routers are connected to the same logical interface serial 0 could use the following commands on the IOS The commands for troubleshooting IPv6
interface, allowing spanning to forward across that logical interface and not waste potential see the routing table. the top of the ACL and more general statements subnet over the Frame Relay network. router acting as a DHCP server: show ip dhcp OSPFv3 are similar, using the command ipv6 in
ip nat outsid)
bandwidth. An EtherChannel has built-in redundancy with multiple interfaces. EtherChannel Routing between VLANs can be done through at the bottom. ACLs are processed from top to pool, show ip dhcp binding, show ip dhcp place of ip for many of the commands.
Virtual private networks (VPNs) have two major
can be negotiated using the Cisco proprietary Port Aggregation Protocol (PAgP) or the IEEE an external router using the router-on-a- bottom and stop when a match occurs. conflict.
categories: site to site and remote access. Network Time Protocol (NTP) provides time You can use the show spanning-tree command
standard Link Aggregation Control Protocol (LACP). Static EtherChannel can also be config- stick concept, or can be done internally by a WANs They allow communications over untrusted synchronization between network devices. NTP When troubleshooting OSPF, verify that you can to validate the following:
ured manually. Cisco PAgP options are Auto and Desirable. LACPs options are Active and multilayer switch that will do the Layer 3 routing networks (such as the Internet) and provide may be used to synchronize the time on the reach the neighbor with a ping to verify Layers Root bridge ID
Passive. The following table shows the results of EtherChannel negotiations: between the subnets that are associated with WANs are networks that operate beyond the
confidentiality through encryption, data integrity local router or switch with an NTP server. The 13, and then use show ip protocols or show State of ports (root port, designated port, blocking
each of the VLANs. When using a router to small geographic scope of a LAN. WANs
through hashing, and user verification through commands show ntp associations and show ip ospf int brief to verify that the interfaces are port)
Method First Switch Second Switch Result route between VLANs, using router on a stick, connect two or more LANs together. WANs can
authentication. VPNs can be implemented ntp status can verify the state of the NTP. enabled for OSPF and show ip ospf interface Mode of STP being used (802.1w versus 802.1D)
PAgP Desirable Desirable Success the switch is configured as a trunk link, and the use a Channel Service Unit/Data Service Unit
using IPsec or Secure Shell (SSL). The Cisco to see the details such as timers. The command
router is configured with subinterfaces. (CSU/DSU) in combination with serial interfaces, To provide fault-tolerant default gateways, a first
PAgP Desirable Auto Success AnyConnect VPN client supports both. show ip ospf neighbor shows current OSPF
or a CSU/DSU could be built in to an interface. hop redundancy protocol (FHRP) may be used.
PAgP Auto Auto Failure neighbors.
Visualizing Data Flows Customer routers act Data Terminal Equipment Generic routing encapsulation (GRE) is a These include the following:
LACP Active Active Success (DTE), and the service provider connections tunneling protocol. A logical GRE tunnel could You can verify the routing table on a router by
To communicate on an IP network, the Virtual Router Redundancy Protocol (VRRP): Open
LACP Active Passive Success computer needs to use an IP address. Name to the customer are Data Circuit-Terminating be created on top of another network (such using the show ip route command. For IPv6,
standard
LACP Passive Passive Failure resolution is done through DNS. For devices to Equipment (DCE), providing clocking. WAN as the Internet). The tunnel could be protected the command is show ipv6 route. To verify the
Hot Standby Router Protocol (HSRP): Cisco
communicate on their own local network, they options include digital subscriber line (DSL), by IPsec. GRE uses protocol 47. It can be details of routing protocols such as OSPF and
proprietary
cable, Ethernet, and fiber connectivity to a used to send traffic that would normally not EIGRP, use show ip protocols.
Basic Routing use ARP to discover the Layer 2 addresses of Gateway Load Balancing Protocol (GLBP): Cisco
the local devices they want to communicate provider. be supported over the transport network. For If a client can ping based on IP address, but not
Routers enable communication between Router(config)#ip route 192.168.1.0 proprietary
255.255.255.0 10.1.1.1 with. When communicating with a remote example, IPv6 could be carried in a GRE tunnel based on a name, a DNS failure could be the
networks. The primary function of a router is WAN Layer 2 protocols include PPP, HDLC, HSRP uses a single router to forward traffic for a
device, a local computer uses ARP to discover as it is being sent over an IPv4 network. cause. The client command of nslookup could
to determine which path to use and to then Frame Relay, DSL, PPPoE/A, Ethernet, and single subnet, at any given time.
the Layer 2 address of its default gateway. ARP be used to validate a reachable DNS server.
forward packets. The default route syntax, using a default next ATM. IP Services
entries may be cached to avoid having to use GLBP can load balance the traffic of a single
Interior gateway protocols (IGPs) (such hop of 192.168.1.1, is as follows: WAN connection options include dedicated, IP addresses can be delivered via Dynamic For troubleshooting serial interfaces, the
ARP time. subnet across multiple forwarders (routers)
as Open Shortest Path First [OSPF] and Router(config)#ip route 0.0.0.0 circuit switched, or packet-switched. Host Configuration Protocol (DHCP). DHCP can following commands prove useful:
Routers look at Layer 3 destination addresses, running GLBP.
Enhanced Interior Gateway Routing Protocol 0.0.0.0 192.168.1.1 The default encapsulation on the Cisco serial include information about the DNS server that show controllers: Validate the type of cable
and based on their routing tables forward Both use a virtual IP address that the clients can connected and validate that clocking is being
[EIGRP]) are routing protocols in the same interface is Ciscos proprietary HDLC. should be used, in addition to a default gateway
packets to the next logical hop in the path learn via DHCP to use a default gateway. received from the DCE
domain, and exterior gateway protocols Link-state routing protocols send updates for the client to use.
toward that destination. If you are using PPP, authentication options show interface: Verify that interfaces are up at
(EGPs) (such as Border Gateway Protocol containing the state of their own links to include Password Authentication Protocol If no DHCP server is present on a local network, Troubleshooting
[BGP]) is a routing protocol that is used Access Lists Layer 1 and Layer 2
all other routers on the network. Examples (PAP) and Challenge Handshake Authentication a router could be configured as a DHCP relay Troubleshooting tools include ping, telnet,
between different entities/companies. are OSPF and Intermediate System-to- debug ppp authentication: See whether the PPP
An access control list is a method to identify Protocol (CHAP). that could forward the DHCP requests to a tracert, and show commands to verify authentication is passing or failing
A router uses the longest match in its routing Intermediate System (IS-IS). They calculate specific traffic. One use of an ACL is to filter DHCP server. the status of interface, the contents or
the paths to each destination from the traffic at an interface. ACLs are processed in PPP uses Link Control Protocol (LCP) to ping: Validate that the other side can be reached
table to make a forwarding decision. If Network Address Translation can be configured routing tables, and the current ability to
topological database and place the best of a top-down fashion and may be applied to negotiate a connection between the two ends of
multiple routes exist for the same network, on a one-to-one mapping (NAT), or a one to communicate with local or remote IP devices. On Frame Relay, you can use the command
them into the routing table. an interface inbound or outbound from the a PPP connection.
the router uses the one with the lowest many mapping (PAT, Port Address Translation). A duplex mismatch could cause performance show frame-relay lmi to verify the LMI between
administrative distance. When there are Route summarization/aggregation/ perspective of the interface it is applied to. For CHAP authentication, the remote device degradation. the router and the Frame Relay switch. The
must have a corresponding username entry for NAT maps an IP address to a different address.
multiple routes to the same network and supernetting represents several networks/ Implicit deny any at end: Every access list must show frame-relay map command shows the
Static: ip nat inside source static [inside ip] One method of troubleshooting involves using
they have the same administrative distance, subnets as one larger network address, by have at least one permit; otherwise, it denies all the local router with a matching password. current mappings being used by the router,
[outside ip] the OSI model to determine at which point the
the metric or cost (lower being better) is shortening the subnet mask to include only traffic. Frame Relay is a connection-oriented packet- and show frame-relay pvc shows the PVCs
Inside local: A private IP address assigned to a host network is no longer functioning.
used. the in-common bits from all the networks. switching service. provided by the switch.
Standard IP access lists filter the entire IP on the inside network The show interface command could assist us
Default administrative distances for routing Summarizing is a process of moving the protocol based on the source IP address/ A permanent virtual circuit (PVC) is a point- Commands to troubleshoot EIGRP include the
Inside global: A registered Internet address that in validating Layers 1 and 2 locally. The show
protocols are as follows: mask to the left. For instance, subnet network. Standard ACL numbers range from 1 to to-point path from the service provider. following:
represents an inside host to an outside network CDP neighbors command could validate Layer
172.16.1.0/24 and 172.16.2.0/24 could both 99. Place as close to destination as possible. Each end is identified with a local data-link 2 between a local Cisco device and another show ip eigrp neighbors
Connected interface 0 Outside global: The registered address of an
be summarized by using 172.16.0.0/22. Extended IP access lists filter based on the connection identifier (DLCI). The local DLCI Internet host directly connected Cisco device. A ping show ip int brief
Static route 1 is used in mapping the remote IP address
For OSPF, the router ID is the configured source IP address/network, destination IP Outside local: The address of the Internet host as it command could verify Layer 3 connectivity show ip eigrp interface
EIGRP internal 90 address/network, specific protocols (TCP, UDP, that is reachable via the local DLCI (called a
router ID. If no router ID is configured, the appears on the inside network to another device. You can use a telnet show ip protocols
OSPF 110 ICMP, and so on), and port number. Place as Frame Relay map). Frame Relay maps may command to verify Layer 4 and application layer
highest IP address on a loopback interface is Here is a PAT configuration example using show ip route
RIP 120 used. If there are no loopback interfaces, the close to the source as possible. Extended ACL be automatically discovered or administratively connectivity.
configured. Local Management Interface (LMI) a pool of addresses to translate to (named The commands for troubleshooting IPv6 EIGRP
router ID will be the highest IP address on numbers range from 100 to 199 and 2000 to
is a signaling standard between the local router MyPool, starting with 24.17.5.1 and ending with You can use the traceroute command to are similar, using the command ipv6 in place of
Routes can be learned from a router being any other interface. 2699.
24.17.5.14): validate the path and help to isolate a routing ip for many of the commands.
directly connected to a network, by running One access list per direction per protocol per and the service providers Frame Relay switch.
For two routers to become OSPF neighbors, access-list 1 permit 192.168.2.0 issue on the network.
a routing protocol and dynamically learning interface. LMI can use three different standards between Commands to troubleshoot OSPF include the
they must agree on the area, the network, the router and the Frame Relay switch: Cisco, 0.0.0.255 The commands show ip nat translations and
routes from another router that is running following:
the authentication and the timers. Wildcard mask: 0s match; 1s ignore the show ip nat statistics can help you determine
the same protocol, or by configuring a static ANSI, and Q.933. Frame topologies include ip nat pool MyPool 24.17.5.1 show ip ospf neighbors
To configure OSPF, we enable a process corresponding bit in the address. whether NAT is working.
route. hub and spoke, full mesh, partial mesh, and 24.17.5.14 netmask 255.255.255.240 show ip int brief
and include a network statement as shown The extended access list syntax is as follows: point to point. Frame Relay subinterfaces can The command show access-lists shows the
The following example shows the con- show ip ospf
here: be used to overcome split-horizon issues. A ip nat inside source list 1 pool contents of ACLs, and show ip interface shows
figuration of a static route to the network access-list list#[permit | deny] show ip ospf interface
Router(config)#router ospf 7 subinterface may be point to point, with only the MyPool overload whether an ACL is applied as a filtering ACL
192.168.1.0/24 using the next local hop of [protocol] [source ip] [WCmask] show ip protocols
local router and the remote router on the WAN (inbound or outbound) on an interface.
10.1.1.1:
Router(config-router)#network [dest. ip][WCmask] [operator] interface Ethernet 0 show ip route
subnet connecting them together, or it could
192.168.16.0 0.0.0.255 area 0 To troubleshoot or verify DHCP functions, you
[operand] be configured as a multipoint, where three or ip nat inside