Sandra Hall Mini Reference Sheet CIDR /30 /29 /28 /27 /26 /25 /24 /23 /22

/21 /20 /19 /18 /17 /16 Hosts 4 8 16 32 64 128 256 512 1024 2048 4096 8192 16384 32768 65536 Mask 252 248 240 224 192 128 0 254.0 252.0 248.0 240.0 224.0 192.0 128.0 0.0 Sub C 64 32 16 8 4 2 1 Sub B 16384 8192 4096 2048 1024 512 256 128 64 32 16 8 4 2 1

9/9/11

Troubleshooting Steps 1. Ping loopback 2. Ping NIC 3. Ping default gateway 4. Ping remote device Patch cable types Straight-through Connect PC to hub or switch; routher to switch or hub Crossover Conn hub to hub / switch to Switch / router to router / PC to PC Rolled Console connection from PC to router

Route Type

Admin Distance

Sandra Hall Mini Reference Sheet Directly Connected Network 0 Static Route 1 EIGRP 90 IGRP 100 OSPF 110 IS-IS 115 RIP (& RIPv2) 120 Unknown 255

9/9/11

Sandra Hall Mini Reference Sheet

9/9/11

Configuring Users / Passwords

The following are some key points that summarize configuring passwords on Cisco devices: Command(s)
R1>enable R1#config term R1(config)#enable password mypass R1(config)#enable secret mysecret R1>enable R1#config term R1(config)#line con 0 R1(config-line)#password conpass R1(config-line)#login R1>enable R1#config term R1(config)#line aux 0 R1(config-line)#password auxpass R1(config-line)#login R1>enable R1#config term R1(config)#line vty 0 15 R1(config-line)#password vtypass R1(config-line)#login R1>enable R1#config term R1(config)#username glen password glenpass R1(config)#line con 0 R1(config-line)#login local R1(config)#line vty 0 15 R1(config-line)#login local R1(config)#banner motd # Enter TEXT message. End with the character '#'. This device is for authorized personnel only. Please disconnect at once if you have not been given permission to access this device # R1(config)#

Result These commands are used to create an enable password and an enable secret. Remember that the enable password is stored in clear text within the configuration file while the enable secret is encrypted.

These commands are used to create a console password on the console port. Remember that after the password is set, you must specify the login command to require authentication on the port. These commands are used to create an auxiliary port password on the router. Again, notice the use of the login command after setting the password; if you forget to use it then the router will not prompt for a password on that port.

These commands are used to create a password for telnet connections that are made to the device.

These commands are used to create a username called glen with a password of glenpass. You then use the login local command on each of the console port, auxiliary port, and vty ports to require authentication with a username and password.

This command creates a message-of-the-day banner, which displays before someone logs in. This is used to give legal notice that unauthorized access is prohibited.

Configuring Interfaces
The following commands review those configuration tasks. The following commands are used to configure the name of the router with the hostname command. The name of the router appears in the prompt once it is set. Notice that the hostname is changed in global configuration mode.

Sandra Hall Mini Reference Sheet

Router>enable Router#config term Router(config)#hostname R2

9/9/11

The following commands are used to configure the FastEthernet port on the router. Notice that the interface is referenced with the slot/port syntax on the interface command. The IP address is set and then the description of the interface, the speed and duplex mode are then set, and finally the port is enabled with the no shutdown command.
R2(config)#interface f0/0 R2(config-if)#ip address 25.0.0.1 255.0.0.0 R2(config-if)#description Private LAN R2(config-if)#speed 100 R2(config-if)#duplex full R2(config-if)#no shutdown

The following commands are used to configure the Serial port on the router. Notice that the interface is referenced with the slot/port syntax on the interface command. The IP address is set and then the encapsulation protocol (PPP or HDLC) is set. Because this is the DCE end of a back-to-back serial cable, the clock rate needs to be set, otherwise the service provider sets that. Finally, the interface is enabled with the no shutdown command.
R1>enable R1#config term R1(config)#interface serial 0/0 R1(config-if)#ip address 24.0.0.1 255.0.0.0 R1(config-if)#encapsulation hdlc R1(config-if)#clock rate 64000 (only set for DCE device) R1(config-if)#no shutdown

Configuring Network Services

This section reviews popular commands used when configuring a Cisco device for name resolution, DHCP services, and NAT. You'll need to know these . The following commands configure the hostname table on a router and display the entries in the hostname table:
NY-R1>enable NY-R1#config term NY-R1(config)#ip host BOS-R1 24.0.0.2

To verify that the entry has been added:

NY-R1(config)#exit NY-R1#show hosts

The following commands enable DNS lookups and specify the DNS server of 23.0.0.200 to send DNS queries to. The domain name is also set to gleneclarke.com.
NY-R1>enable NY-R1#config term NY-R1(config)#ip domain-lookup NY-R1(config)#ip name-server 23.0.0.200 NY-R1(config)#ip domain-name gleneclarke.com

Sandra Hall Mini Reference Sheet 9/9/11 The following commands configure your router as a DHCP server by setting an address pool (range of addresses to give out) and setting up excluded addresses that are not to be given out. The lease time is set to 7 days in this example.
NY-R1(config)#ip dhcp pool NY_Network NY-R1(dhcp-config)#network 23.0.0.0 255.0.0.0 NY-R1(dhcp-config)#default-router 23.0.0.1 NY-R1(dhcp-config)#dns-server 23.0.0.200 NY-R1(dhcp-config)#lease 7 0 0 NY-R1(dhcp-config)#exit NY-R1(config)#ip dhcp excluded-address 23.0.0.1 23.0.0.15

The following commands configure NAT overload services on a router called NY-R1. In this example, a list of source addresses is created in access list #1, which is then used as the inside source list. The FastEthernet 0/0 port is the overloaded public address port that all inside addresses get translated to.
NY-R1(config)#Access-list 1 permit 10.0.0.0 0.255.255.255 NY-R1(config)#ip nat inside source list 1 interface FastEthernet 0/0 overload NY-R1(config)#interface FastEthernet0/0 NY-R1(config-if)#ip nat outside NY-R1(config-if)#interface FastEthernet0/1 NY-R1(config-if)#ip nat inside

Basic Switch Commands to Remember

This section outlines some of the popular commands you use on a Cisco switch . Most of the basic router commands, such as setting passwords and banners, work on the switch. Command(s) Switch#show mac-address-table Switch>enable Switch#config term Switch(config)#hostname NYSW1 NY-SW1(config)# NY-SW1>enable NY-SW1#config term NY-SW1(config)#interface vlan1 NY-SW1(config-if)#ip address 23.0.0.25 255.0.0.0 NY-SW1(config-if)#no shutdown NY-SW1(config-if)#exit NY-SW1(config)#ip defaultgateway 23.0.0.1 Switch>enable Switch#config term Switch(config)#interface f0/5 Switch(config-if)#speed 100 Switch(config-if)#duplex full Result Used to display the MAC address table on the switch.

Used to change the hostname on the switch.

Configures the switch for an IP address so that you can remotely connect to the switch and manage it. Also notice that the default gateway is set. If you do not set the default gateway, you will be unable to manage the switch from a different network.

These commands are used to manually configure a port for 100 Mbps, full duplex, and assigns a description to the port. The port is then enabled with the no shutdown command.

Sandra Hall Mini Reference Sheet 9/9/11 Switch(config-if)#description Web Server Switch(config-if)#no shutdown Switch(config-if)#shutdown Disables the port. SW1>enable SW1#config term SW1(config)#interface f0/6 SW1(config-if)#switchport mode access This group of commands configures port security on port #6. Port security is a SW1(config-if)#switchport port- way to limit which systems can connect to a switch. This code example uses a security "sticky" MAC address that tells the switch to configure the port for whatever SW1(config-if)#switchport port- MAC uses the port first. It then sets the maximum number of MACs for the security mac-address sticky port to 1 and shuts down the port if there is a violation. SW1(config-if)#switchport portsecurity maximum 1 SW1(config-if)#switchport portsecurity violation shutdown show port-security address Show the MAC addresses that have been configured for each port. show port-security interface f0/6 Show the configuration of port security on port 6. Switch>enable Switch#vlan database Switch(vlan)#vlan 2 name Executives Configures a VLAN named Executives in the VLAN database. VLAN 2 added: Name: Executives Switch(vlan)#exit Switch#show vlan Display a list of VLANs. Switch(config)#interface range f0/6 - 9 Place ports 69 in the newly created VLAN 2. Switch(config-ifrange)#switchport access vlan 2

Troubleshooting Commands
When problems arise on Cisco devices, there are a number of show commands you can use to help identify what the problem is. The following table lists popular show commands: Command(s) show running-config show startup-config show ip interface brief show interfaces show interface serial 0/0 show ip route show hosts Result Displays the running configuration stored in VRAM. Displays the startup configuration stored in NVRAM. Shows a summary of the interfaces and their status. Displays detailed information about each interface. Displays detailed information about a specific interface. Displays the routing table. Displays the host name table.

Sandra Hall Mini Reference Sheet 9/9/11 show controller Displays whether the serial interface is a DCE or DTE device. serial0/1 show ip protocols Displays what routing protocols are loaded. Displays basic information about neighboring devices such as name, type of device, and show cdp neighbors model. show cdp neighbors Displays detailed information about neighboring devices such as name, type of device, detail model, and IP address.

Tip To Remember Subnetting

February 17, 2010 11:32 am

Got this off another site but its useful here also: To remember the subnetting tables all you have to do is start with 4 and double it until you get to 16384 Write them downward on a sheet of paper and when you are done just subtract 2 from each number. ie: 4=2 8=6 16 = 14 32 = 30 64 = 62 once you have done that all you need to do is reverse the order of all the numbers going back up the sheet: subnets hosts 2 62 6 30 14 14 30 6 62 2 See how the numbers flip flop between each column? My example is for class C but it works for class B just the same. Once you have the subnet/host numbers written out, just remember the following numbers .192, .224, .240, .248, .252 class C:

Sandra Hall Mini Reference Sheet

9/9/11

sub hosts .192 /26 2 62 .224 /27 6 30 .240 /28 14 14 .248 /29 30 6 .252 /30 62 2 The numbers with a slash (ie /26) are just short hand ways of writing out subnets. They can be really confusing if you are trying to learn subnetting for the first time. Just rember that ip addresses are made up of 32 bit addresses, or /32. These 32 bit addresses are broken down into class A,B, and C. class B are from /18 to /30 and class C go from /26 to /30. The reason the numbers dont go up to /32 are because it goes against the rules of subnetting (according to Cisco), I dont have any other reason why. You need to memorize this stuff!!! When I went to work I jotted notes all over my desk and tool boxes just so I would see it all the time. Here is the class B example: (1). start with 4 and double it till 16384: 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384. (2). subtract 2 from each number: 2, 6, 14, 30, 62, 126, 254, 510, 1022, 2046, 4094, 8190, 16382. (3). write them downward on a sheet of paper and then write them back up in reverse order: 2 16384 6 8190 14 4094 30 2046 62 1022 126 510 254 254 510 126 1022 62 2046 30 4094 14 8190 6 16382 2

Sandra Hall Mini Reference Sheet

9/9/11

(4) Finally you just have to add the net number to your list Rember these numbers: .192.0 (/1) .224.0 (/19) .240.0 (/20) .248.0 (/21) .252.0 (/22) .254.0(/23) .255.0 (/24) .255.128 (/25) .255.192 (/26) .255.224 (/27) .255.240 (/28) .255.248 (/29) .255.252. (/30)

CCNA4.com - Free CCNA Training & Resources Frame Relay: Things to remember 1. Customers only pay for the bandwidth they purchase, no overages. 2. When encapsulation frame-relay command is issued on an interface, the router will learn all the DLCIs associated with that interface via LMI updates. Then once an IP address is configured on the same interface, InARP request will be sent out on all the learned DLCIs. If the other end is also configured with an IP address, it will reply with its own IP address. 3. Any DLCIs learned with LMI that are not associated with a subinterface are assumed to be used by the physical interface. 4. PVC status can be active, inactive, deleted. 5. Encapsulation types are Cisco (default), IETF; e.g. encapsulation frame-relay ietf / frame-relay interface-dlci 101 ietf / frame-relay map ip 10.0.0.1 101 ietf. 6. LMI types are Cisco (default), ANSI, q933a; e.g. frame-relay lmi-type ansi / framerelay lmi-type q933a. 7. DCE (Frame Relay Switch) always generates LMI. 8. The ANSI T1.617 Annex D LMI and the ITU Q.933 Annex A LMI are equivalent, use DLCI 0 for LMI flows whereas the Cisco LMI uses DLCI 1023. 9. By default, the LMI messages flow every 10 seconds. Every sixth message carries a full Status message, which includes more complete status information about each VC. A router considers its interface to have failed if the router ceases to receive LMI messages from the switch for a number (default 3) of keepalive intervals (default 10 seconds). 10. FR LMI can be disabled by using the no keepalive command while using back-toback frame-relay. 11. Interestingly, the no frame-relay inverse-arp / no frame-relay inverse-arp ip 101only stops the InARP request, but it doesnt stop the reply to the InARP request. As a result if one side is configured with no frame-relay inverse-arp and also if there is no static mappings at that side, still it will learn layer 3 to layer 2 mappings while replying to InARP from the other side. 12. no frame-relay inverse-arp command in physical interface is not inherited by the subinterfaces.

Sandra Hall Mini Reference Sheet

9/9/11

13. In multipoint frame-relay configuration, an IP address can be reached if (1) the destination IP address is in the routing table with a valid next-hop and (2) a frame-relay mapping is available for that IP address. With InARP, multipoint/physical interface can't ping its own IP address. A static mapping of its own DLCI to its own IP is required to work around this issue. 14. In point-to-point frame-relay configuration, InARP is disabled by default. And also if both routers use point-to-point subinterfaces, neither would have to be configured with a frame-relay map command, due to the use this VC to reach all addresses in this subnet logic. Thats why it can also ping its own IP address. 15. Point-to-point subinterfaces can only have one DLCI assigned to it. 16. Only point-to-point subinterfaces can be unnumbered. 17. Two IP addresses from the same subnet can be configured on two different subinterfaces. It is usually configured on the hub router. 18. frame-relay interface-dlci 101 command does not enable layer 3 to layer 2 resolution. Instead, it simply assigns the DLCI to the interface. 19. Frame-relay static mapping overrides dynamic mapping. 20. For PPPoFR, the virtual-template interface should be configured first, then the virtualtemplate should be bound to frame-relay DLCI with frame-relay interface-dlci XXX ppp Virtual-TemplateX command. This will eliminate lots of issues. 21. In PPPoFR, hardware compression and fancy queueing algorithms, such as weighted fair queueing, custom queueing, and priority queueing, are not applied to virtual access interfaces. 22. There is no CDP by default on a frame-relay interface with the exception of point-topoint subinterface, have to enable it on physical or logical interface separately. 23. By default, IP split horizon is turned off on frame-relay physical interfaces, but not on the subinterfaces. 24. When an interface is configured to do static mapping, there may be some 0.0.0.0 IP addresses mappings due to previous the InARP configuration. We need to use clear frame-relay inverse-arp or we have to reload the router after saving the configuration. 25. A point-to-point subinterface can not be reassigned the same subinterface number to be used for multipoint subinterface without first rebooting the router. Instead, a different subinterface number can be used to work around this issue. 26. A physical interface is always in up/up state as long as LMIs are received, DLCIs may not be up in this case. But to be in an up/up state, the subinterface must receive LMIs and at least one of the assigned DLCIs must be up also. 27. The line protocol status of frame-relay physical interface doesnt depend on the PVC status. So if the backup interface command is configured on a frame-relay physical

Sandra Hall Mini Reference Sheet

9/9/11

interface, the change of PVC status will not trigger the backup interface to come up. A GRE tunnel (with keepalive) can be used to solve this issue. 28. End-to-end keepalive doesnt change the status (up/down) of the physical interface; it can only change the status of subinterfaces. By Zakir Ahmed Khan CCNA4.com - Free CCNA Training & Resources