640-607

640-607

CCNA 3.0

Version 1

www.testking.com -1-

640-607

CCNA FOUNDATIONS .................................................................................................. 4 OSI Model....................................................................................................................... 4 Upper Layer .................................................................................................................... 5 Lower Layers .................................................................................................................. 5 Data Link Layer Tasks.................................................................................................... 6 Network Layer Tasks...................................................................................................... 7 Transport Layer Tasks .................................................................................................... 8 LAN Physical Layer Implementations............................................................................ 8 CISCO DEVICE BASICS.............................................................................................. 10 Command Modes .......................................................................................................... 10 Basis Switch Commands............................................................................................... 11 Switch Configuration using the Command Line .......................................................... 11 Basic Router Information.............................................................................................. 12 Common CLI Error Messages ...................................................................................... 12 Basic Router Commands............................................................................................... 13 Advance Router Configuration ..................................................................................... 14 OBTAINING NETWORK INFORMATION .............................................................. 16 CDP............................................................................................................................... 16 CDP Related Commands .............................................................................................. 16 Telnet Application ........................................................................................................ 17 Router Basics ................................................................................................................ 18 Router components ....................................................................................................... 18 CATALYST 1900 SWITCH .......................................................................................... 21 Functions....................................................................................................................... 21 Frame Decisions............................................................................................................ 21 Avoiding Loops ............................................................................................................ 21 Spanning Tree Protocol................................................................................................. 22 Spanning Tree Path Cost............................................................................................... 23 Spanning Tree Protocol elections ................................................................................. 23 Spanning Tree States..................................................................................................... 24 How Frame Are Sent .................................................................................................... 24 Switch communication.................................................................................................. 25 Catalyst 1900 Switch Configuration............................................................................. 25 Configuration commands.............................................................................................. 26 Virtual LANs ................................................................................................................ 27 TCP/IP ............................................................................................................................. 28 TCP Connection Establishment .................................................................................... 29 Windowing.................................................................................................................... 29 TCP/IP Internet Layer................................................................................................... 29 ICMP............................................................................................................................. 30 IP Addressing Basics .................................................................................................... 30 www.testking.com -2-

640-607 Address Classes ............................................................................................................ 31 Broadcast....................................................................................................................... 32 Subnetting ..................................................................................................................... 33 Configuring IP Addresses ............................................................................................. 35 ROUTING 101 ................................................................................................................ 36 Route Selection ............................................................................................................. 36 Routing Protocols.......................................................................................................... 37 Administrative Distance................................................................................................ 37 Routing Protocol Classes .............................................................................................. 37 RIP ................................................................................................................................ 40 IGRP ............................................................................................................................. 40 ACCESS LISTS .............................................................................................................. 42 Access List Types ......................................................................................................... 42 Access List Guidelines.................................................................................................. 42 Standard IP Access List ................................................................................................ 43 Extended IP Access Lists.............................................................................................. 45 Verifying and Monitoring Access Lists........................................................................ 46 NOVELL INTERNETWORK PACKET EXCHANGE (IPX) PROTOCOL SUITE ........................................................................................................................................... 47 IPX ................................................................................................................................ 47 Encapsulation Types ..................................................................................................... 48 CISCO AND WIDE AREA NETWORK (WAN) ........................................................ 50 WAN Connection Types............................................................................................... 50 WAN Layer 2 Encapsulation ........................................................................................ 50 HDLC............................................................................................................................ 51 PPP................................................................................................................................ 51 ISDN ............................................................................................................................. 52 FRAME RELAY............................................................................................................. 54 LMI ............................................................................................................................... 54 Subinterface Connection Types .................................................................................... 55 Obtain Frame Relay Information .................................................................................. 56 LABS ................................................................................................................................ 57 Lab 1 – Configure a name and passwords for a router ................................................. 57 Lab 2 – Configuring Router Interfaces ......................................................................... 59 Lab 3 – Configuring Static Routes................................................................................ 61 Lab 4 – Configuring RIP and Restoring Configuration................................................ 62 Lab 5 – Configuring IGRP............................................................................................ 63 Lab 6 – Access List....................................................................................................... 64

www.testking.com -3-

Enables engineers to specialize the design and development of modular elements.640-607 CCNA Foundations OSI Model One of the keys to understanding Cisco is the OSI model. and It provides standards for plug and play and multivendor integration. and internetworking schemes. devices.com -4- . Some of the advantages of the OSI model include: • • • It allows for the breaking down of complex operation into simple elements.testking. The OSI model permits people to understand how internetwork works and it serves as a guideline or framework for creating and implementing network standards. The OSI reference model has 7 layers: Application Appliction (Upper) Layers Presentation Session Transport Layer Network Layer Data Flow Layers Data Link Layer Presentation Layer Media Access Control (MAC) Sublayer Logical Link Control (LLC) Sublayer To assist in remembering the OSI model layers in the proper area you might want to try either of the following sentences: All Application People Presentation Seem Session To Transport Need Network Data Data Link Processing Physical www.

Upper Layer Upper Layers – The upper layers of the OSI model deal with user interface. through internetwork devices. data formatting.testking. Presentation layer – determines how data is presented and special processing such as encryption.640-607 Or from the bottom of the OSI model to the top Please Do Not Throw Sausage Pizza Away. Physical – responsible to move bits between devices and specifies voltage. provided access to media using MAC addresses. and error detection. For the each of the lower four layers the unit are as follows: Transport Network Data Link Physical Segment Packet Frame Bits www.com -5- . to desired end station. managing and terminating communications sessions between presentation layers. Encapsulation The method of passing data down the stack and adding headers and trailers is called encapsulation. Session Layer – controls the establishment the establishing. Lower Layers The four lower layers are in charge of how data is transferred across a physical wire. and finally to the application on the other side. Specifically these layers do the following: Transport – provides for both reliable and unreliable delivery and error correction before retransmit. wire speed and pin-out cables. and application access. Specifically these layers do the following: Application Layer – this is where the user/applications access the network. Network – provides logical addressing which device us for path destinations Data Link – Combines bits into bytes and bytes into frames.

If the destination is on another segment it is forwarded to the proper segment. If the destination is not known to the bridge then the bridge will flood the frame. Logical Link Control (LLC) Sublayer (802. flood or copy the frame onto another segment.testking. This can also be called the Organizationally Unique Identifier (OUI). 3. When a bridge hears a frame on the network it must decide to filter. The MAC address is a 48-bit address expressed as 12 hexadecimal digits. if the frame is from the same segment then it is blocked from going onto segments. Broadcast Domains is a group of devices in the network that receive one another’s broadcast messages.com -6- . it is sent to all other segment other than the originating one. the result is a collision of the two signals. That is. That is. Each segment is a collision domain. This is decided as follows: 1. Media Access Control (MAC) Sublayer (802. 2.2) – This sublayer is responsible for logically identifying different protocol types and then encapsulating them in the order to be transmitted across the network.3) – This sublayers is responsible for how the data is transported over the physical wire. The first 24 bits or 6 hexadecimal digits of the MAC address contain a manufacturer identification or vendor code. The last 24 bits or 6 hexadecimal are administered by each vendor and often represents the interface serial number. In order to provide this functions the IEEE data link layer is defined into two sublayers: 1. 2. Data Link Layer Tasks The data link layer provides network traffic with information on where it is to go and what it is to do once it gets there. This is the part of the data link layer that communicates downward to the physical layer. Bridged/switched networks have the following characteristics: 1. The data link layer has two types of devices: bridges and Layer 2 switches. If the destination in on the same segment it is filtered. www.640-607 Collision vs Broadcast Domains Collision domain is a group of devices connected to the same physical media such that if two devices access the media at the same time. Layer 2 switching is hardware-based bridging.

These options. In switched environment. A logical address associated with the source and destination stations. Routers strip Layer 2 frames and forward packets based on Layer 3 destination address. All devices connected to the same bridge/switch are part of the same broadcast domain. thus allowing the primary pathway to be shared. Network Layer Tasks The network layer defines how to transport traffic between devices that are not locally attached in the same broadcast domain. Router do not forward Layer 2 broadcast or multicast frames.testking. Routers work at the network level. controlled via access lists. Routers attempt to determine the optimal path through a routed network based on routing algorithms. can be applied to inbound or outbound packets. All segments must use the same data link layer implementation: Ethernet and all Token Ring. The logical network address consists of two parts: one part to identify the network and the other to uniquely identify the host.com -7- . A path through the network to reach the desired destination. Routers can be used to deploy quality of service parameters for specified types of network traffic. 3. 2. therefore. • • • www. Routers provide connectivity between different virtual LANs (VLANs) in a switched environment. Routers can be configured to perform both bridging and routing functions. routers can limit or secure network traffic based on identifiable attributes within each packet. The router performs the following tasks: • • • • • Routers identify networks and provide connectivity. Routers map a single Layer 3 logical address to a single network device. 4.640-607 2. In order for this to occur the following is required: 1. and each device can send frames at the same time. there can be one device per segment.

640-607

Transport Layer Tasks
For two devices to communicate within a network a connection or session must be established. The transport layer defines the guidelines for the connection between the two devices. The transport layer define the following functions: • Allows end stations to assemble and disassemble multiple upper-layer segments into the same transport layer data stream. This is accomplished by assigning upper-layer application identifiers. Allows applications to request reliable data transport between communicating and systems. This is done through a connection-oriented relationship between the communicating end systems to accomplish the following: o Ensure the segments delivered will be acknowledged back to the sender. o Provide for retransmission of any segments that are not acknowledged. o Put segments back into their correct sequence order at the receiving station. o Provide congestion avoidance and control.

LAN Physical Layer Implementations
Cabling exist at the Physical Layer of the OSI model. The CCNA exam focus on the Ethernet as the physical and data link connections. The term Ethernet refers to a family of LAN implementations. The three major categories are: 1. Ethernet (DIX) and IEEE 802.3 – this operates at 10 Mbps over coaxial cable, UTP and fiber. 2. 100 Mbps Ethernet (IEEE 802.3u) – this is also known as the Fast Ethernet that operates over UTP or fiber. 3. 1000 Mbps Ethernet – this is known as the Gigabit Ethernet that operates at 1000 Mbps over fiber.

www.testking.com -8-

640-607 Ethernet Cabling Specifications Cable 10Base5 10BaseT 100BaseTX 100BaseFX Coax Thick Cat 3,4,5 UTP, 2 pair Cat 5 UTP, 2 pair Multimode fiber Maximum Segment Length 500 meters 100 meters 100 meters 400 meters Topology Bus Star Star Point-to-point Connector AUI RJ-45 RJ-45 Duplex media interface connector (MIC) ST

www.testking.com -9-

640-607

Cisco Device Basics
When a switch or a router is first started 3 operations occur: Step 1: The power on self-test (POST) is performed. The device finds hardware and performs hardware checking routines. Step 2: After the hardware is confirmed functional, the start up routine is performed. The switch/router looks for and loads the operating system software. Step 3: After the operating system is loaded, the device will find and apply configuration settings that are required for network operations.

Command Modes
Cisco IOS software uses a command-line interface as its traditional console environment. There is two default access levels: user EXEC level and privileged EXEC level. The user EXEC level allows user access to a limited number of basic monitoring commands. Privileged EXEC level provides access to all router commands. This can be passwordprotected to allow only authorized users to configure or maintain the router. When a device is in EXEC mode, this is represented by the > symbol. The following represents this: hostname> More commands are accessible from the privilege EXEC mode, to change the device to this mode you would issue the enable command. The switch or router prompt will change to he following: hostname# To return to the user EXEC mode you will need to type disable.

www.testking.com -10-

This command enables you to determine the switch’s current operating system which is imperative for troubleshooting. www. You can use the following commands/key strokes to navigate the buffer Up-arrow button/Ctrl-p – Last (previous) command recall Down-arrow / Ctrl-n – More recent command to buffer Switch>show history – Shows commands buffer contents show version – this command displays information about software version.testking. the names and locations of configuration files.this command shows the current IP configuration of the switch. This command can be useful when configuring and troubleshooting the switch. Switch Configuration using the Command Line You must switch from the priviledge EXEC mode to the global configuration mode in order change the parameters of the switch.this command shows the statistics of all of the switch’s interfaces that are configured. switch# conf term switch(config)# To configure an interface you must be in the interface configuration mode.com -11- . show ip . and the boot images. switch# interface e0/1 switch(config-if)# To change the name of the switch you do the following: switch(config)# hostname testking testking(config)# Please note the name change is immediate. system hardware. show interface . You use the interface command to do this.640-607 Basis Switch Commands history – This command will provide you with a list of the contents of the switch’s substitution buffer.

Include a space before the ?.testking. There are two levels of modes: User mode – often used to check the status of the router Privileged mode – used to change the routers configuration. Common CLI Error Messages Error % Ambiguous command: “show con” Reason for error You did not enter enough characters for your switch to recognize the command. This provides a list of commands that begin with a particular character sequence. Reason for error www.com -12- . use the ? in the place of a keyword or argument.0 Basic Router Information When a router is first turned on it will check its NVRAM (nonvolatile random access memory) for a router configuration.640-607 You will also need to configure the ip address of the switch this achieved as follows: testking(config)# ip address 10. If one is not found then the operating system starts a question driven initial configuration. For command syntax help. You will be provided with a choice of keywords that you can enter Error % Imcomplete command.11 255. Cisco IOS CLI on Cisco routers offers context sentsitive word help and command syntax help: For word help.255.5. use the question mark (?) following one or more characters. Solution Reenter the command followed by a question mark (?) with no space between the command and the question mark. To change the configuration of the router you will need to do so in the configuration mode.5. This is known as the system configuration dialog or setup dialog.255.

the router’s hardware. Deletes everything to the left of the cursor. Command Line Editing Key Sequence Ctrl-a Ctrl-e Ctrl-f Ctrl-b Esc-f Esc-b Ctrl-d Ctrl-k Ctrl-x Ctrl-w Ctrl-u Ctrl-r Backspace Tab Description Moves the cursors to the beginning of the line. When you are in the command line there are a number of shortcuts or hot keys you can use. the names and location of the configuration files and the boot images. Deletes everything to the right of the cursor. Removes one character to the left of the cursor.com -13- . $ Invalid input detected at ‘^” marker Reason for error The command was entered incorrectly. Completes a partially entered command if enough characters have been entered to make it unambiguous. Deletes a word. Deletes a line. Moves the cursors backward one character Moves the cursors forward one word Moves the cursors backward one word Deletes a single character. Basic Router Commands show version – this commands displays the configuration of the software version. Solution Reenter the command followed by a question mark (?) with no space between the command and the question mark. Refreshes the command line and everything typed up to this point. Solution Enter a question mark (?) to display all the commands that are available in this command mode. The caret (^) marks the place of the error.640-607 You did not enter enough of the keywords or values required.testking. Moves the cursors forward one character. www. Moves the cursors to the end of the line.

testking. Advance Router Configuration To make complex and specific configurations for a router you can use the Command Line.. copy running-configuration startup-configuration – this command will copy the current configuration in the RAM to the NVRAM (backup configuration). The prompt for this mode is: router(config-subif)# Line – This mode is used to configure a terminal line. Some of the of more popular of these specifc configuration modes are: Interface – this allows you to enter commands that are responsible to configure operations on each interface. This is the file that is used to configure the router during startup. To access these specific configuration modes you must first be in the global configuration mode.com -14- . To change the name of the router you would use the hostname command.640-607 show running-configuration – this commands is used to display the configuration that is being used by the IOS and that is located in the RAM. If you want to totally exit configuration mode you should enter end or Ctrl-z. This command will return you to the global configuration mode. These actions will return you to the priviledge EXEC prompt. An example follows: router(config)#hostname testking testking(config)# www. The prompt for this mode is: router(config-line)# Router – This command is used to configure an IP routing protocol. This is achieved by entering the configure terminal command. The prompt for this mode is: router(config-if)# Subinterface – this provide support (and configuration) of multiple virtual interfaces on a physical interface. show startup-configuration – this commands displays the backup configuration that is located in the NVRAM. The prompt for this mode is: router(config-router)# To exit one of these specific mode you can use the exit command.

testking. An example follows: testking(config)#banner motd * Information Department You must be authorized to use this system! * In order to secure your router you can use passwords.640-607 To add a Message of the Day you would use the banner motd command. An example of both commands follows: testking(config)#enable password washington testking(config)#enable secret boston www. To configure a login password for console terminal you would do the following to set the password as england: testking(config)#line console 0 testking(config-line)#login testking(config-line)#password england To set a password for an incoming Telnet session you would do the following: testking(config)#line vty 0 4 testking(onfig-line)#password london To further secure your router you can provide an enable password. To encrypt the enable password you would need to use the enable secret command. These passwords restricts access to privilege EXEC mode. Passwords can be used for both the priviledge EXEC mode and on individual lines. Space and a delimiting character would follow this command. All passwords are case sensitive.com -15- .

The following information will be displayed for each port: • • • • • • Neighbor device ID Local Interface The hold time in seconds Neighbor device capability code Hardware platform of the neighbor Neighbor’s remote port ID www. CDP is used to manage Cisco devices.640-607 Obtaining Network Information CDP The Cisco Discovery Protocol (CDP) discovers and shows information about directly connected devices. To disable CDP on an interface you would use the no cdp enable command.testking. There will be times that you may want/need to disable it. To disable CDP at the device level you would issue the no cdp run command at the global configuration mode. CDP starts by default when a Cisco device starts. An address for each supported protocol. This is done is ASCII such as ethernet0. In general. Port identifier. show cdp neighbours – this command displays the CDP information for each directly connected device. CDP Related Commands As stated before CDP is enabled by default on Cisco devices. CDP provides the following information for each CDP neighbor device: • • • • • • Device name and if there is one a domain name. Devices that support CDP can communicate with each other even if they are running different protocols (TCP/IP and AppleTalk for example) as CDP runs at the data link layer. This protocol gathers information from directly connected devices (no matter which protocol they are running) and provides administrators with summary of protocol and address information. Hardware platform.com -16- . That is names of the local and remote ports. Capability lists. To re-enable CDP on an interface you would use the cdp enable command. Two of the reasons for disabling it would be to prevent CDP information from reaching non-CDP devices and to conserve bandwidth. Version information.

640-607 To obtain additional information you can use either the show cdp neighbours detail command or show cdp entry * command. To obtain information about remote devices you will need to use the Telnet application. show cdp interface . Telnet Application CDP only provides information about directly connected devices. show cdp entry command will display the following information: • • • • • • • Neighbor device ID Layer 3 protocol information The device’s platform The device’s capabilities The local interface type and outgoing remote port ID The hold time value in seconds OIS type and version show cdp traffic – this command displays the number of CDP packets sent and received and the number of errors. All you need to do is enter the IP address. For a Catalyst switch you will need to enter the telnet command followed by the IP address of the remote device. www.this command displays the configuration information and the interface status of the local device. This will allow you to verify Telnet connectivity. This commands displays the following for each device: • • • • • Host name IP address Byte count Amount of time the device has been idle Connection name assigned to the session show user – this command displays whether the console port is active. Local connections are represented by con and remote connections are represented vty.testking.com -17- . show sessions – this command shows a list of devices that you are connected to. with the IP address or IP alias of the originating host. and to list all all active Telnet sessions. On a router there is no need to use neither telnet nor connect to establish a Telnet session.

If you want to disconnect one single session you can use the disconnect sessionnumber (where sessionnumber will be the actual session number) command.640-607 Ctrl-Shift-6. resume sessionnumber (where sessionnumber will be the actual session number) – this command will resume a specific Telnet session. The ping command verifies connectivity and traceroute will show the route that packets travel. You will need to use the show user command to determine which users are on the device.testking. You can use the show sessions command to determine the required session number. Other useful TCP/IP tools that you can use are the ping command and the traceroute command. To can end a Telnet session you can use the following commands: exit or logout EXEC command while on the remote device to log out of the console session.Find the configuration Step 6 – Load the configuration Step 7 – Run Router components Routers have the following components: www.com -18- . disconnect EXEC command while on the local device to end the Telnet session. If there was more than one session before only the last active session will be resumed. Router Basics Booting Sequence of a router Step 1 – POST Step 2 – Load and run bootstrap code Step 3 – Find the IOS software Step 4 – Load the IOS software Step 5 . This will provide you with the lines that need to be disconnected. clear line – this command will close a Telnet session from a foreign host. followed by x will suspend the Telnet connection resume – this command will resume one session. all together.

Contains microcode for basic functions to start and maintain the router Flash memory – the primary use is to contain the IOS software image NVRAM – this stores the configuration Configuration Register – this controls how the router boots up. js – j means that this is an enterprise image and s shows an extended capabilities. copy running-configuration tftp – this will copy the running configuration to a tftp server. copy running-configuration startup-configuration – this command will move the running configuration to the startup-configuration (NVRAM). This will store a copy of the configuration on a location other than the device.testking.640-607 • • • • • • RAM – contains the software and data structures that allow the router to function. To obtain information about your router memory and image file you can use the show flash command. c2500 shows the platform that the image runs. copy startup-configuration running-configuration – this command will move the startup configuration (NVRAM) to the running-configuration (RAM). This command can provide the following: • • • • Total amount of memory on the router Memory available System image file name The size of the file in Flash The name of the Cisco image file contains different parts. An example is c2500-js1_120-3.bin. This can be done to save changes to the configuration. As previously stated the Flash memory contains the IOS image. www.com -19- . Interfaces ROM microcode contains: • • • • Bootstrap code POST code ROM monitor “Partial” IOS show version – this command will be display the configuration register value. ROM – read only memory.

bin – means that this is a binary executable file.testking.640-607 1 – means the file is not compressed and can be moved. . copy tftp flash – this command will download a new image from a network server to the Flash memory.com -20- . 120-3 – represents the version number of the image. www.

This redundant design can cause many problems. This process is referred to as flooding. The switch keeps a MAC address table used to track the locality of devices connected to the switch. An Ethernet switch discovers addresses and functions like a transparent bridge. When a frame is received the switch will consult its MAC database to establish through which port the device can be reached. • Frame Decisions When a switch receives a frame that is its MAC table. This can eliminate single points of failure that would cause a failure of the entire network.testking.640-607 Catalyst 1900 Switch Functions This is a Layer 2 device that provides the following functions (bridges provide the same functionality): • • • The devices learn the MAC address for all devices attached to each of its ports. It then employs that table to determine which packet should be forwarded to other segments. The frame is only sent to that port. These addresses are stored in a MAC database. When a switch receives a multicast frame or a broadcast frame it is sent to all other ports. Avoiding Loops Switched and bridge networks are designed with redundant links and devices. the frame will only be sent to the port that is associated with that MAC. These broadcasts www. The possible problems are: • Without some form of loop avoidance there is a distinct possibility that each switch will flood the network with broadcasts continuously.com -21- . If your network design includes loops to provide for redundancy it is the switch’s responsibility to keep the network from coming down but if the Spanning Tree Protocol is configured then backup paths will be allowed.

testking.com -22- . Database instability results when multiple copies of a frame arrive one different ports of a switch. www. Broadcast storms are eliminated through a loop avoidance solution would prevent one of the interfaces from transmitting or receiving during normal operations. When the topology changes. The Catalyst 1900 switch uses the IEEE 820. It is a bridge-to-bridge protocol. This will be discussed in greater detail. A port in a forwarding state can both receive and transmit frames. Loop avoidance can address each of these problems. This can be achieved through using the Spanning Tree. This is the main reason for the Spanning Tree Protocol. This is achieved as soon as device finds a loop in the network topology it will block one or more of the redundant ports. This will be discussed in greater detail. This can be eliminated through a loop avoidance solution would prevent one of the interfaces from transmitting or receiving during normal operations. This could cause unrecoverable errors. MAC address table could become instable as it receives of the same frame being received on different ports. The Spanning Tree Protocol provides a loop free environment by doing the following: Electing a root bridge – each broadcast domain will have only one root bridge. This can be achieved through using the Spanning Tree. A large complex bridged or switched network with multiple switches can cause multiple loops to occur in the switched network. Spanning Tree Protocol DEC developed the Spanning Tree Protocol. Maintaining a loop-free network is the purpose of the Spanning Tree Protocol. The Spanning Tree Protocol is ever vigilant and is constantly looking for failures and new additions to the network.1d specification.640-607 can lead a broadcast storm that can cause a waste of bandwidth and severely impacts network and host performance. • • Many copies of nonbroadcast frames may delivered to the destination device. IEEE revised this protocol as the 820. All of the ports of the root bridge are called designated ports and are in a forwarding state. Spanning Tree Protocol will make the required changes to the ports to avoid total loss connectivity or the establishment of new loops. A loop avoidance mechanism is required to eliminate this.1d specification.

Blocking – all ports on the segment that are not designated.640-607 Each nonroot bridge will have on root port – the root port is the one with lowest cost path to the root bridge. Root port – the port(s) with the lowest-cost path to the root. www. As these ports are in the forwarding state they are responsible for forwarding the traffic of the segment. Designated port – all ports on the root bridge are designated ports. As a result it cannot forward traffic. Spanning Tree path cost is an accumulated cost based on bandwidth. This ID most often contain 2 bytes for priority and 6 bytes that contain the MAC address of the device. Spanning Tree Path Cost Link Speed Cost (Reviswed IEEE Specs) 2 4 19 100 Cost (Old IEEE Specs) 1 1 10 100 10 Gbps 1 Gbps 100 Mbps 10 Mbps The Catalyst Switch 1900 use the old calculations whereas other Catalyst switches . Devices running the Spanning Tree Protocol exchange Bridge Protocol Data Unit (BPDU). use the revised calculations Spanning Tree Protocol elections Root bridge – the switch with the lowest bridge ID. On other devices the designated port is the one that has the lowest cost and then the lower bridge ID. such as 2900XL. Forwarding – all designated ports and root ports are in the forwarding state.testking. Nondesignated ports are in a blocking state so as to break a loop in the topology. These root ports are in the forwarding state.com -23- . If the cost is the same then it is the port with the lowest port number. On each segment there is one designated port – once again the designated port is selected on the bridge that has the lowest path cost to the root bridge. BPDU are multicast message are sent by default is sent every 2 seconds that contain configuration information including the bridge ID.

testking. and then the frame is forwarded. the CRC (cyclic redundancy check) is done. Cut-through – this mode only checks the destination address (DA) and then begins to forward the frame. filters are applied.com -24- • . Finally the port begin receiving and sending frames once it moves into the forwarding state. These port still receive BPDUs. The default Spanning Tree timers are as follows: Timer Hello Time Forward Delay Max age Default 2 seconds 30 seconds 20 seconds How Frame Are Sent Switches have three operating modes to address frame switching: • Store and Forward – in this mode the switch must first receive all of the frame prior to forwarding it. When a change is sensed ports temporarily change to the listening and learning states.640-607 Spanning Tree States Spanning tree has the following states: • • • • Blocking Listening Learning Forwarding These states are moved through by Spanning Tree to maintain a loop free topology. The delay for this mode is the same no matter the size of the frame. The move to this state to ensure if the transitions it they will not create a loop. Next the port will populate its MAC address table in the learning state but will not forward frames. Ports move to the listening state. Normally a port is either a blocking state or a forwarding state. All ports start in the blocked state. If an error is discovered the frame is dropped. Latency for this mode is dependent on the size of frame. The problem with this mode is that it will forward a frame with an error or a collision frame. The time it takes for a device to transition between the listening to learning and learning to forwarding is called forward delay. The source and destination destinations are read. The default time to move from the blocking state to the forwarding state is 50 seconds. This can often reduce the latency from input to output port. www.

Therefore you effectively double the wires initial bandwidth. This arrangement is collision free. Using the IOS command-line interface (CLI).com -25- . Catalyst 1900 Switch Configuration This type of switch can be configured three different ways: • • • Using the consol port via a menu-driven interface.0. In this way collisions can be fiilterd out as they usually occur within the first 64 bytes. This mode is prone to collisions as one line is used for both receiving and sending transmissions. Each full duplex connection only uses one port.640-607 • Fragment-free – this mode (also referred to as modified cut-through) reads the first 64 bytes of the forwarding frame. As the CCNA exam deals with the use of the CLI so will this study guide. Switch communication Half-duplex transmission mode implements Ethernet carrier sense multiple access collisions detect (CMSA/CD). A good parallel is a one lane bridge over a river where cars in one direction must wait for the cars coming the other way are done before moving. The Catalyst 1900 default mode is fragment free switching. Web-based Visual Switch Manager (VSM). This is achieved by using point-to-point Ethernet and Fast Ethernet connections.testking.0.0 CDP – Enabled Switching mode – fragment-free 100BaseT port – auto detect duplex mode Spanning Tree – Enabled Console password – none www. Full-duplex Ethernet significantly increase bandwidth are separate circuits (of a twisted pair) are used to transmit and receive frames. The default configuration settings of the Catalyst Switch is as follows: IP address – 0.

copy nvram tftp – this command will upload the running configuration to a TFTP server. This is default option for 10 Mbps TX ports. To configure the duplex mode of an interface you would do the following: switch(config)# interface e0/1 switch(config-if)#duplex {auto|full|full-full-control|half} auto – sets the duplex mode to autonegotiation.5.640-607 Configuration commands config term – this command will put the switch into the global configuration mode.testking. www. To configure the default gateway you would do the following: switch(config)# ip default-gateway {ip address} IP address is the IP address of the default gateway such as 10. copy tftp nvram – downloads the configuration file from the TFTP server.3. show version – user EXEC command to display basic information about hardware and the IOS software version. half – set the mode to half duplex mode. full-flow-control – sets the mode to full-duplex with flow control. For example: switch# conf term switch(config)# To configure a specific interface (port) you would do the following: switch(config)# interface e0/1 switch(config-if)# To configure the IP address and subnet mask on the switch you would do the following: switch(config)# ip address {address} {mask} Where address is the IP address and mask is the subnet mask. Also included is memory information and uptime. full – sets the mode to full-duplex.5. This is the default for 100 Mbps TX ports.com -26- .

ISL provides VLAN capabilities while maintaining full wire-speed performance over Fast Ethernet links in full. Controlled Broadcast activity .You can restrict the number of users in a VLAN and also prevent another user from joining a VLAN without prior approval from the VLAN network management application. Likewise users in the same physical location can be on different VLANs.Existing hubs can be plugged into a switch port and assigned a VLAN of their own. Each port on the Switch can belong to a VLAN.testking. This segregates all users on the hub to one VLAN. Ports that do not belong to that VLAN do not share these broadcasts thus improving the overall performance of the network. It operates in a point to point environment. Ports in a VLAN share broadcasts. show spantree – this command will display the Spanning Tree Protocol configuration status of the switch.or half-duplex mode. VLANs provide the following benefits: • Reduced administration costs from solving problems associated with moves and changes .com -27- . This offers segmentation based on logical constraints.640-607 Virtual LANs A VLAN (Virtual Local Area Network) is a switched network that is logically segmented by communities of interest without regard to the physical location of users. • • • • Inter-Switch Links (ISL) is a Cisco proprietary protocol used to interconnect switches and to maintain VLAN information as traffic goes between switches. Leveraging of existing hub investments . Layer 3 routing provides communications between VLANs. www. In other words users can be in totally different physical locations and still be on the same VLAN.VLANs can be centrally administrated.As users physically move they just have to be re-patched and enabled into their existing VLAN Workgroup and network security .Broadcasts are only propagated within the VLAN. VLANs remove the physical constraints of workgroup communications. Centralized administration control .

com -28- .testking. www.640-607 TCP/IP Another important concept for someone preparing for the CCNA exam is the Transmission Control Protocol/Internet Protocol (TCP/IP) stack. UDP – User Datagram Protocol is connectionless and unacknowledged protocol. The TCP/IP model compares to the OSI model as follows: OSI Model Application Presentation Session Transport Layer Network Layer Data Link Layer Presentation Layer Transport Layer Internet Layer Data Link Layer Presentation Layer Application TCP/IP Model The TCP/IP application layer enables the following operations: Email Network Management File Transfer Name Management Remote login At the transport layer the following two protocols operate: TCP – connection orientated protocol/ reliable protocol. In particular Layer 3 and Layer 4.

com -29- . 2. If the window size is set to zero it means the buffer of the receiving device is full and cannot receive any more data. The most common ports used are: Port 21 23 25 53 69 161 520 Application FTP Telnet SMTP DNS TFTP SNMP RIP TCP UDP TCP Connection Establishment For TCP to establish a connection a three-way handshake must occur. Each acknowledgement contains how many bytes the receiving device can receive. TCP window size can change during the duration of the connection. Device 1 sends it SYN to Device 2.640-607 TCP and UDP both use ports to pass information to the application layers. That is. Communication is established. the devices involved in the communication must exchange initial sequence numbers (ISN) and a control bit called SYN (synchronize). TCP/IP Internet Layer The following protocols operate at the Internet Layer of TCP/IP model: www. from the sending device. 3. Windowing TCP controls the flow of data with windowing.testking. The receiving device reports how many octets it is prepare to receive. Device 1 ACK Device 2 SYN and sets ACK and SYN bit. The sending device will not send additional data until an acknowledgement has a window bigger than zero. a window. Device 2 ACK Device 1 SYN and sends it own SYN. There are three steps to establishment of communication: 1.

ICMP ICMP messages are passed in IP datagram and are implemented to send error and control messages. The ICMP messages include: • • • • • • • • • • • • • Address request Address Reply Destination Unreachable Echo Echo Reply Information Request Information Reply Parameter Problem Redirect Subnet Mask Request Time Exceeded Timestamp Timestamp Reply IP Addressing Basics A host or node is a computer or device on a TCP/IP network. Every TCP/IP node is uniquely identified by its IP address. 3. rather route to a destination is.640-607 1. Internet Protocol (IP) – is a connectionless protocol that provides for a best effort delivery of datagrams. An IP address consists of a network ID and a host ID. The content of the datagram is not a concern. If two different hosts belong to the same network. The two hosts will have different host ID's and can communicate with each other locally www. This is used when a device does not know its own IP address when it comes onto a network.testking. 2. Internet Control Message Protocol (ICMP) – provides control and messaging capabilities. they have the same network ID. Reverse Address Resolution Protocol (RARP) – determines the source network address (IP address for example) when source data link layer address (MAC Address) is known. 4.com -30- . Address Resolution Protocol (ARP) – determines the data link layer address (MAC address) of the destination device for known destination IP address.

We write the 32 bits into four 8-bit numbers (octets) separated by a periods. 00000010 (IP address in binary form) To convert the IP address from binary to decimal form. 00001010 = 8 + 2 = 10 00011110 = 16 + 8 + 4 + 2 = 30 00000010 = 2 So in decimal form. we convert each of the four 8-bit numbers in each octet according to the following table: Decimal Value Octet Value 128 x 64 x 32 x 16 x 8 x 4 x 2 x 1 x So the first octet in the above binary number would be translated as: Decimal Value Octet Value 128 1 64 1 32 0 16 0 8 0 4 0 2 0 1 1 Everywhere a 1 appears in the table. They must communicate with each other remotely through a router or default gateway.testking. they belong to different segments on the network.30. 00001010 . The following Address Class table illustrates how you can determine to which class and address belongs. 2 Address Classes An IP address consists of two parts.com -31- . For Example: 11000001 .640-607 without going through a router. the above IP address is: 193. The decimal notation of the very first octet can distinguish classes. www. where each bit is either a 0 or 1.10. If two hosts have different network ID's. The Class of the address determines which part is the network address and which part is the host address. the decimal value in that column is added to determine the decimal value of the entire octet. one identifying the network and one identifying the host. There are 5 different address classes. 00011110 . Or 128 + 64 + 1 = 193 Using the same table to translate the other three octets would give us the following result. An IP address consists of 32 binary bits.

255.testking.0.0 24 255.3.1.16 network the address would be 172.0 D 224.0.0. If you want to send a broadcast to the third subnet of the 172.255 Please note 127 is reserved for local testing.0.640-607 Class Range of Network Numbers A 1.0 to 126.0.0.204 is as follows: Network number 172.0. If you are required to determine how many hosts are available for given IP address you can use the following formula: 2N – 2 (where N is the number of bits are in the host portion) For example: 172.0.255.122. Directed broadcasts have 1 in the host portion of the address.255. The two parts of IP address of 172.0.204 (the remaining 16 bits).0.255.0.0 B 128.0.0.255 E 240.0. www.255. 216 – 2 = 65534 available host address.0. Broadcast Cisco IOS software support three types of broadcasts: Flooding Directed broadcasts All subnet broadcast Flooded broadcast are considered local and are represented by 255.255.16.0.16 network the address would be 172.16 (first 16 bits) and Host number is 122.0 to 223.255.255.16.16.128. To send a broadcast to all the subnets of 172. Network Bits Default Subnet Mask 8 255.255.0 Multicast Research The local loopback is 127.0.com -32- .0 C 192.255.255.0 16 255.0 to 247. Directed broadcast are sent to a particular network and are allowed to transit by a router.255.0.0. As a result 16 bits remain for host.255.0 to 239.0.0 to 191.255.0 As this is a Class B address the first 16 bits are used for the network.255.

16. 172 172.2. Write the 32 bit subnet mask in binary just below it.16.1 . Since the last octet of the subnet mask is 0.16.30. For example.16.2.30.com -33- . places all 1s in the remaining free spaces until you reach the last free space. On the right side of the line on the next row.193.30. the broadcast address. By looking at the above table we can see Class C addresses all have a default subnet mask of 255. to right of the line. This will be subnet mask. There is usually a question or two on exams that will require this process.0).255.255.10.191 172. Draw a vertical line just after the last contiguous subnet mask 1. Place a 0 in that freed space. This will be your first usable address. which leaves us with 254 possible hosts (193. We know this because in a Class C address. the first usable address and the last usable address.10. place all 1s until you reach 32 bit boundary. Convert the bottom four rows to dotted-decimal. Place a 1 in that freed space. place all 0s for the remaining free spaces (to the right of the line).190 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 10101100 11111111 8 10101100 10101100 10101100 10101100 16 00010000 11111111 00010000 00010000 00010000 00010000 2 00000010 11111111 00000010 00000010 00000010 00000010 160 3 10100000 11000000 10000000 10111111 10000001 10111110 1 2 4 5 6 7 Write the 32 bit address in binary notation.255.0. Subnetting Subnetting is the process used to divide the total available IP addressed (hosts) for your Network into smaller subnetworks (subnets). This will be the broadcast address.128 9 172. This will be your first usable address. the Network ID we used in the discussion above (193.10.30.193. only the last octet is available for host IDs (0000000 . On the right side of the line on the next row. Since 0 is used to identify the whole network and 255 is reserved for broadcasts.2.11111111) or (0-255).0 .254).160 255.10.640-607 If you are provided with an IP address and a subnet mask address you can determine the subnet address.testking.255. places all 0s in the remaining free spaces until you reach the last free space. This network would consist of 256 possible IP addresses (193.2. Suppose we wanted to divide those 254 addresses up into 6 smaller subnets.16.255). it means that the Host IDs have not been subdivided into smaller www.2. In the next row.10.30. In arrow just below.192 172.129 172. Copy down all the bits you wrote in Step 1 for the bit fields of the left of the line in all four lines. Using what is referred to as a Subnet Mask can do this.

224 255.0 255.255.255.240.255.240 255. if we choose to divide our network into a few smaller segments (subnets).255.com -34- .255.255. Class B Subnet Table Number of Bits 2 3 4 5 6 7 8 9 10 11 12 13 14 Class C Subnet Table Number of Bits 2 3 4 5 6 Subnet Mask 255. However.255.0 255.255.192 255.255.255. www.255.192.255.224 255.248 255.0 255.255.128 255. If you are asked to determine subnet masks.testking.255.252.255.0 255. then we would change the default subnet mask by replacing the last octet with one of the valid subnet masks.255. number of hosts and number of subnets you can either use the charts provided above or you can use the method illustrated previously in this guide (converting address and subnet mask to binary).0 255.255.255.255.255.240 255.224.252 Number of Subnets 2 6 14 30 62 126 254 510 1022 2046 4094 8190 16382 Number of Hosts 16382 8190 4094 2046 1022 510 254 126 62 30 14 6 2 Whenever you are asked to determine subnet masks. For some situations will be required to memorize these charts so that you can reproduce them.255.640-607 subnets.255.255.255.248 255.192 255.254.252 Number of Subnets 2 6 14 30 62 Number of Hosts 62 30 14 6 2 Subnet Mask 255.255.255.255.255.0 255. number of subnets and the number of host you can refer to the charts below.0 255.255.248.255.

Router To establish a logical address on a router interface you would use the ip address command.would be the IP address of the device which is the default gateway. www.com -35- . For example: router(config-if)#ip address {ip-address} {subnet-mask} The {ip-address} {subnet-mask} parameters are the same as they are for a switch. To establish a default gateway for your switch you would us the ip default command.testking. For example: Switch(config)#ip address {ip address} {subnet-mask} {ip address} – would be the dotted decimal number.640-607 Configuring IP Addresses Switches To configure a 1900 switch with an IP address you would use the ip address command. For example: switch(config)#ip default-gateway {ip-address} {ip-address} . {subnet-mask} – would be subnet mask related to the IP address.

0. Static routes – These are routes that an administrator manually enters into the router.1.255.0.is the destination ip address {mask} is the related subnet mask {address – is the address of the next hop rotuer interface} – is the name of the interface used to get to the destination network [distance] – you may provide an administrative distance for the route. They gather information from packets to ascertain information and to maintain their information. Whenever the network topology changes the routing protocol will update the route information.255. The ip route command parameters are: ip route {network} {mask} {address|interface} [distance] [permanent] {network} . are transport mechanisms for traffic through the use of the packets fields and www. on the other hand.2 To assign a default route to the same location you would enter the following command: router(config)#ip route 0.com -36- .1.2.0.0 172.0.2.1.0. subnet mask of 255.255.0 172.0 255.0.16.255. If a change occurs in the network topology then the administrator will need to manually change the static routes to reflect the new network topology.640-607 Routing 101 Route Selection A router has two methods that it can forward packets to a non-directly connected device: • Dynamic routes – Once a routing protocol is configured on a router it will automatically learn routes. Routed protocols.0 0.2 the command would be as follows: router(config)#ip route 172.16.testking. If you wanted to establish a static route to 172. and the next hoop router was 172. More information on administrative distance will be provided shortly [permanent] – you may use this argument to specify that the route will remain even if the router is shut down.16.2 A routing protocols are network layer protocols. • To configure a static route you would us the ip route command.16.16.

are used by the router to route the traffic. Interior Gateway Protocols (IGP) – IGP are the routing protocols inside an AS. Administrative distances can be form 0 to 255. An example of EGP is BGP (Border Gateway Protocol). The route with the lowest administrative distance will be the one used for routing. routed protocols.com -37- . Examples of IGP are RIP (Routing Information Protocol) and IGRP (Interior Gateway Routing Protocol). • Note: AS are a collection of networks under a common administrative domain. These classes of routing protocol are: • Distance Vector www. The default administrative distance are indicated in the table below: Source of Route Connected Interface Static Route address EIGRP IGRP OSPF RIP External EIGRP Unknown/Unbelievable Default Distance 0 1 90 100 110 120 170 255 Routing Protocol Classes It is generally considered that there are three classes of routing protocols.testking.640-607 formats. Routing Protocols Routing protocols have two major types: • Exterior Gateway Protocols (EGP) – These protocols are used to communicate information between autonomous systems (AS). such as TCP/IP and IPX. Administrative Distance Administrative Distances are used to determine the trustworthiness of a route of each route source. Once a routing protocol has determined the route.

16 with RIP and 256 with IGRP. The timers can been reset when: 1.com -38- .Routers ignore network update information for some period of time. Route Poisoning . 3. This allows for the routers to communicate topology changes and it also allows routers to know the topology of the network through second hand information. 2. RIP and IGRP are Distance Vector Routing Protocols.Information past out on an interface is marked as unreachable by setting the hop count to 16 for RIP Hold Down Timers . Routers send their routing table to all of their directly connected neighbors. As a result.If you learn a protocol’s route on an interface. The timer expires. topology change notification must occur router to router. Distance vector routing protocols are open to the following problems: • • Routing Loop – this can occur when the network is slow to converge from a topology change.testking. Split Horizon . Infinity is finally defined as some maximum number. inconsistent route information can occur. Another update is received indicating that the original route to the network has been restored. As with the network discovery process. These problems can be avoid with the following techniques: • • • • Defining a maximum number of hops . www. do not send information about that route back out that interface.Specify a maximum distance vector metric as infinity. When an update is received from a neighboring router. Routing table updates must occur when the network topology has changed.640-607 • • Link State Balance Hybrid Distance Vector Distance vector based routing algorithms pass periodic copies of a routing table from router to router. Counting to infinity – can cause packets to be sent around the network continuously when the required route is down. the update is compared to its own routing table. Routing tables will only be change if a route with a smaller hop count is discovered.

the first routers to find out sends LSP to all other routers on the internetwork. OSPF is a Link State Routing Protocol. Link State can be triggered by topology changes resulting in faster convergence times. Routers using a link state routing protocol have a complete understanding and view of the entire network. Link State routing protocols are more intensive in terms of power. When the topology changes. EIGRP is an example of this approach. OSPF. The Link State algorithm uses Link State Packets (LSP) to inform other routers of distant links.testking. Link state is harder to setup. memory.com -39- . IGRP requires this parameter.640-607 Link State The Link State Routing algorithm maintains a more complex table of topology information. is another problem. www. or EIGRP [keyword] – stands for a autonomous system. The differences between distance vector and link state are as follows: • • • Distance Vector gets all its information second hand or gossip whereas link state routing obtains a total topology of the internetwork. • Problems with Link State Link-state (OSPF) needs lots of processing power to rebuild the routing database (tree). Network bandwidth. Distance Vector updates topology changes every 30 seconds as default. IGRP. To configure dynamic routing protocols you use the following commands: router(config)#router {protocol}[keyword] {protocol} – RIP. and bandwidth required. Link-state info can flood the network. which causes a slow convergence time. Router(config-router)#network {network number} {network number} – specifies the directly connected network. All routers exchange LSP to build a total view of the network. Distance Vector determines the best path by counting hops. Balanced hybrid approach combines the aspect of the link state and distance vector algorithms. Links State uses a complex bandwidth analysis. All routers then re-calculate the best path to any affected route.

0.0 and 10.0 Display RIP associated information The show ip protocols command displays values associated with routing timers and network information associated with the entire routers. IGRP can maintain up to six unequal cost paths betweens a source and destination. Reliability – the reliability between source and destination. www. Delay – the cumulative interface delay on the path.testking.640-607 RIP If you want to enable RIP on a router that is directly connected to the following networks.0. More will follow on this point. determine by the exchange of keepalives. It uses a composite metric. The debug ip rip command displays RIP routing updates as they are sent and received.168.0 router(config-router)#network 10.2. As stated before IGRP uses a composite routing metric. Load – the load on a link between the source and destination based on bits per second.2.0. IGRP default hop count is 100 and its maximum hot count is 255 hops. The show ip route command displays the contents of the IP routing table.0 you would use the following commands: router(config)#router rip router(config-router)#network 192. These features are: • • • Increased scalability. It offers a number of features that other distance vector protocols do not have. Sophisticated metric.0. IGRP IGRP is an advance distance vector routing protocol. This metric includes the following parts: • • • • Bandwidth – the lowest bandwidth value in the path.168.com -40- . 192. Multiple path support.

0.640-607 • MTU – the Maximum Transfer Unit value of the path. www. In addition.0 and 10. If the router receives a packet for an unknown destination address.0. The debug ip igrp events command will display a summary of the IGRP routing information.com -41- .1. networks.testking. and network information about the entire router. The table contains a list of all known networks and subnets associated with each entry. routing timers.1. In addition you can use the traffic share command to control how traffic is distributed among IGRP load sharing routes. and administrative distances. that connects to network 192. By default a router assumes all directly connected subnets are listed in its routing table.168. which is 1 (equal sharing).0. To configure IGRP you would use the following combination of commands: router(config)#router igrp {autonomous-system} router(config-router)#network {network-number} To enable IGRP on a router. Display IGRP related information The show ip protocol command displays parameters. This can be changed with the ip classess command.168. you use the variance command to configure un-equal cost load balancing by defining the difference between the best metric and worst acceptable metric. The show ip route command displays the contents of the IP routing table.0. the packet will be dropped.0 router(config-router)#network 10. filters.0 To change the default load balance of IGRP. on autonomous system 100. By default only bandwidth and delay are used by the IGRP metric. it will also provide the autonomous system.0 the commands would be: router#config t router(config)#router igrp 100 router(config-router)#network 192. With the ip classess command configured if a packet is received for an unknown destination then the packet will be sent to the default route and not dropped.

Once the traffic is recognized it can then utilized to filter traffic to control the traffic in a network. In addition. Extended Access Lists – Extended IP access lists check for both the source and destination packet addresses.640-607 Access Lists Access list can be used to control network traffic. Specifically Access Control Lists (ACLs) are used in routers to classify traffic. • Access lists can have the following applications: Inbound access lists – packets are checked before they are process onto an outbound interface. This is the most efficient form of access list. port numbers and further factors that provide administrators more flexibility in specifying the packets to be checked. Access List Guidelines When using access lists you will need to remember the following principles when configuring them: • Only use the Cisco defined access list numbers based on the protocol and type of list you are creating. Access List Types There are two types of access lists: • Standard Access Lists – Standard IP access lists check the source address of the packets that could be routed. It will either permit or deny the packet for the entire protocol suite based on the IP address of the source device. Access lists are most often used to filter packets.testking. These filters can be used to either filter the flow in or out of a router interface. they also check for particular protocols. If the packet is accepted it will then be processed for transmission. www.com -42- . as a packet that is dropped will not be looked up in the routing table. Outbound access lists – The packet is sent to the outbound interface from the inbound interface then the accessed list is applied before the packet is routed.

To create an access list in global configuration mode use the following command: router(config)#access-list {number 1-99} {permit|deny} {source-address} {wildcardmask} {number 1-99} – number for the access list. If an access list does not have a permit statement there is an implicit deny all. An interface can have more than one access list as long as there is only on per protocol. Specific references should appear before general one as more frequent conditions should appear before the less frequent ones.com -43- . www. {permit|deny} – whether to permit or deny traffic from the IP address {source-address} – IP address for the source of the packet {wildcard-mask} – which parts of the IP address that must be read and which parts that can be ignored. There is an implicit deny at the end of every access list. Access list are implemented from the top down. If an access list is applied before it is created then all traffic is permitted.2 and later) 800 to 899 900 to 999 Name (Cisco IOS 11. Create the access list before it is applied to the interface. Traffic from the router is not filtered.testking. Access list only applies to traffic being processed through the router. • • • • Protocol IP Access List Standard Extended Named IPX Access List Standard Extended Named Number Range 1 to 99 100 to 199 Name (Cisco IOS 11.640-607 • You can only have one access list per protocol for each direction on each interface.2 and later) Standard IP Access List A standard IP access list analyses the source address of the packet and matches it against the access list.

numbered vty 0 to vty 4. These are used to Telnet to the command line interface (CLI) of a router. The following commands are used: router(config)#interface serial 0 router(config-if)#ip access-group {access-list-number}{in|out} {access-list-number} – this would be the number of the access list that you want to apply. 128 64 32 0 0 0 0 0 1 0 0 0 1 1 1 1 1 1 1 1 16 0 1 0 1 1 8 0 1 1 0 1 4 0 1 1 0 1 2 0 1 1 0 1 1 0 1 1 0 1 Meaning Check all address bits (match all) Ignore the last 6 address bits Ignore the last 4 address bits Check last 2 address bits Do not check address (ignore bits in octet) To apply the access list you will need to first identify the interface and then apply it to the interface. 1 in the wildcard mask indicates that the corresponding bit in the IP address must be ignored. Wildcard masking for IP address bits uses the numbers 1 and 0 to indicate how to treat the corresponding IP address bits: O in the wildcard mask indicates that the corresponding bit in the IP address must checked. address that can be used on a router to allow you to apply an access list to a specific IP address or a specific range of IP addresses. there are five such virtual terminal lines. if you want to apply an access to a virtual interface the commands are slightly different.com -44- .testking. 4 octet. The previous commands are the ones used to apply an access list to a physical interface. In the case for virtual terminal lines the commands are: router(config)# access-list {number 1-99} {permit|deny} {source-address} {wildcardmask} router(config)#line vty 0 4 router(config-line)#access-class {access-list-number}{in|out} www.640-607 Wildcard Mask A wildcard mask is 32 bit. A virtual interface is called virtual terminal lines (vty). By default. {in|out} – you can specify if the access list is in or out. By default it is out if it is not specified. In the chart below please find some example of wildcard masks and what the mean.

in – prevents a router from receiving Telnet sessions from the IP address in the access list.640-607 {access-list-number} – this would be the number of the access list that you want to apply. It can be IP. {source-address} {source-wildcard} – identify the IP address of the source and its wildcard mask. {port} – protocol port number.com -45- . out – prevents the router vty ports from initiating Telnet connections to addresses defined in the access list. When configuring Extended Access List you should be familiar with the common port numbers: IP Protocol FTP data FTP program Telnet SMTP TFTP DNS Well-Known Port Numbers 20 21 23 25 69 53 Then you would apply the access list with the following command: router(config-if)#ip access-group {access-list-number}{in|out} www.testking. TCP. [established] – is used for inbound TCP only. The command to create the list is: router(config)#cccess-list {number 100-199} {permit|deny} {protocol} {source-address} {source-wildcard} {destination-address} {destination-wildcard} {port} [established] [log] {protocol} – identify the protocol to be filtered. Extended IP Access Lists Configuring an extended IP access list is very similar to a standard IP access list. UDP. [log] – sends a logging message to the console. GRE or IGRP. ICMP. {destination-address} {destination -wildcard} – identify the IP address of the destination and its wildcard mask.

testking.640-607 Verifying and Monitoring Access Lists The show ip interface command displays IP interface information and indicates whether any access lists are set for a specific interface.com -46- . To display the access list for a specific protocol you would identify the protocol. The syntax for this command is as follows: router#show ip interface {interface-type} {interface-number} The show access-lists command displays the contents of all access lists. The syntax is as following: router#show {protocol} access-lists {access-list-number|name} By entering access list number or name you can view a specific access list. www.

This suite is called Novell IPX/SPX (Internet Packet Exchange/Sequenced Packet Exchange). Netware Core Protocol (NCP) to provide client to server connections and application level services. IPX IPX is a: • • Does not require an acknowledgment for each packet as it is Connectionless datagram protocol. Layer 3 protocol that defines the network layer address.testking. An example is GNS (Get Nearest Server). This includes a network. Sequenced Packet Exchange (SPX) is a Layer 4 connection orientated protocol. The node number is most often the MAC address of network interface.com -47- . Service Information Protocol (SAP) to advertise and find network services.node designator. Novell IPX addressing uses a two-part address – the network number (32 bits) and the node number (48 bits). www. Novell Netware has its own proprietary: • • • • IPX RIP to make possible exchange of routing information.640-607 Novell Internetwork Packet Exchange (IPX) Protocol Suite Cisco routers can a sloe be used within a Novell network. It is much like IP and UDP. Novell has its own proprietary protocol suite. IPX and SPX are very similar to IP and TCP.

If no node address is specified.2 Ethernet_II Ethernet_SNAP Token-Ring_SNAP Token-Ring FDDI_SNAP FDDI_802. That is: router(config)#ipx network {network} [encapsulation encapsulation-type] {network} – this would be the network number. To enable IPX routing on an interface you would us the ipx network command. The proper syntax is: router(config)#ipx routing [node] The ipx maximum-paths command enables load sharing.2 FDDI_Raw Cisco Encapsulation novell-ether (default) sap ARPA snap snap (default) sap snap (default sap novell-fddie Token Ring FDDI The ipx routing command enables IPX routing and SAP services. Standard IPX Access Lists Standard IPX access lists permit or deny packets based upon the source and destination IPX addresses. There are www. Default is 1 (no sharing) and the maximum is 512.com -48- . Media Type Ethernet IPX Encapsulation Ethernet_802. [encapsulation encapsulation-type] – this would help specify an encapsulation type (arpa. novell-fddi. The default is 1. sap and snap).3 Ethernet_802. This differs from IP where it only looks at the source address. the Cisco router uses the MAC address of the LAN interface. meaning no load sharing is enabled. An optional node address can be specified for the serial interface.testking. These equivalents are listed in the table below.640-607 Encapsulation Types IPX has its own encapsulation types but they do Cisco equivalents. novell-ether. The syntax is: router(config)#ipx maximum-paths {paths} {paths} – represents the maximum number of parallel paths to the destination.

commands are used to create and enable IPX Standard Access Lists and Extended Access Lists as are used for IP.testking. other than wildcard mask. www.com -49- .640-607 no wildcard masks with IPX and you can use either the Node Address or Network Address. To configure it you would use the following command: router(config)# access-list 810 permit 4b 5c The same.

except with a shared line.testking. WAN Layer 2 Encapsulation WAN has a number of encapsulation types that can be used. This are often used for WAN usage is only occasional. Packet switched – Packet switched is a WAN switching method that network devices share a single point-to-point link to transport data (broken down into packets) from source to destination across carrier network. Serial Line Internet Protocol (SLIP) – is the standard point-to-point serial connections for TCP/IP. provides a single connection from the customer location through the service provider to the remote company location. This line is not shared (and has a guarantee bandwidth) but they can be very expensive. as called point-to-point or dedicated connection. It works with both IP and IPX.640-607 Cisco and Wide Area Network (WAN) WANs make data connections across a broad geographic area. To provide end-to-end connectivity is done by virtual circuits (VC).com -50- • . It has built in security features such as Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). Circuit switched – A dedicated link is provided between the sender and receiver location for the duration of the communication. PPP has generally replace SLIP. www. As a result you must use line from a service provider. Point-to-Point Protocol (PPP) – this provides router-router and host-to-network connections over synchronous and asynchronous circuits. Packet switching offers service like leased line. Companies use WAN to connect various company sites to facilitate communication between distance offices. which lowers the cost. WAN Connection Types There are three general connections types that can be selected from: Leased line – a leased line. This include: • • Cisco High-Level Data Link Control (HDLC) – the default encapsulation type for point-to-point dedicated links and circuit-switched connections.

HDLC As stated earlier Cisco has its own version of HDLC.640-607 • • • X. This makes possible multiple network layer protocols to share the same serial link. Link Establishment 2. If you wanted to call your router testking you would use the following command: router(config)#hostname testking www. PPP session consists of the three stages: 1.com -51- .25. Network layer protocol phase To enable PPP authentication you will use the following commands: router(config)#hostname {name} The router must have name.25/Link Access Procedure. This is the next generation of X. Balance (LAPB) – a standard that controls connections between DTE and DCE. {name} will be the name you select for the router. Asynchronous Transfer Mode (ATM) – the international standard for cell relay in which multiple services types are conveyed in fixed-length cells. Frame Relay – is the industry standard for switched data link protocol that handles virtual circuits. PPP use Network Control Program (NCP) to encapsulate multiple protocols. To enable this use the following command: router(config-if)#encapsulation hdlc PPP PPP is a data link layer protocol with network services. As a result PPP can be broken into sublayers: data link layer and physical layer. Cisco HDLC frame includes a proprietary type field that is used to indicate protocol. Authentication Phase (optional) 3.testking.

A Basic Rate Interface (BRI) connection can also be used as a backup line in case the primary link goes down.testking. video. You would use the following command: testking(config)#username {name} password {password} Both parameters are case sensitive. ISDN has the following benefits over standard telephone connections: • • • Data transfer is faster than typical modems Call setup is faster ISDN can carry voice. The final step is to configure PPP authentication. and Services. terminology. In this case you have to set the desirability of the ISDN link to be very low. and Network Layers. and data traffic ISDN Protocols These protocols deal with ISDN issues: • • • E – Specifies ISDN on the existing telephone network. In other words only use if there is no other way. ISDN can support both data and voice simultaneously.640-607 Next you need to provide the router with the name and password that should be expected from the remote router. Q – Specifies switching and signaling. ISDN encompasses the OSI Physical. The command would be as follows: testking(config-if)#ppp authentication {chap|chap pap|pap chap|pap} ISDN Integrated Services Digital Network (ISDN) is a digital service designed to run over existing telephone networks.com -52- . ISDN networking can provide up to 128 Kbps with a PPP Multilink connection to corporate networks or the Internet. I – Specifies Concepts. Data Link. ISDN Function Groups Devices connected to the ISDN network are known as terminals and have the following types: www.

PRI is 23 B Channels and 1 D Channel in the US or 30 B Channel and 1 D Channel in Europe.640-607 • • TE1 – Terminal Equipment type 1 understands ISDN standards. The SPIDs are processed during each call setup operation. A SPID is a series of characters which can look like phone numbers. BRI is 2 64 Kbps B Channels for data and one 16 Kbps D Channel for link management and connects to NT1 for 4-wire connection. (North America Only) ISDN offers the following benefits: • • • • Full-time connectivity is spoofed on routers using DDR SOHO sites can be cheaply supported Can be used as a backup for leased lines Using modem cards can eliminate modem racking ISDN can either be Basic Rate ISDN (BRI) or Primary Rate ISDN (PRI). Occasionally when configuring ISDN you will need to configure a Service Profile ID (SPID). you must have a Terminal Adapter (TA).testking. They are as follows: • • • • R – Defines the reference point between non ISDN equipment and a TA S – Defines the reference point between user terminals and an NT2 T – Defines the reference point between NT1 and NT2 devices U – Defines the reference point between NT1 devices and Line Termination Equipment. TE2 – Terminal Equipment type 2 predates ISDN standards. www. To use a TE2. These numbers will identify your connection to the Switch at the CO. Such as a BRI Interface on a router. ISDN Reference Points ISDN uses four different reference points to define logical interfaces.com -53- .

640-607 Frame Relay Frame relay is a fast WAN protocol that operates at the Physical and Data Link layers (mostly Data Link layer) of the OSI model. routers and bridges. However. the Cisco router will try to autosense which LMI type the switch is using: router(config-if)#encapsulation frame-relay {cisco|ietf} To assign a DLCI to an interface you would type: router(config-if)#frame-relay interface-dlci {number 16-1007} To set the LMI type you enter: router(config-if)#frame-relay lmi-type {cisco|ansi|q933a} www. bad packets are discarded and the receiving station requests re-transmission of any missing frames. Frame relay encapsulation can either be Cisco (Default) or IETF. You must use Cisco encapsulation to connect two Cisco routers or IETF if a third party router is involved. the default setting for a serial DCE interface is T1. Although LMI type is configurable. DLCIs can be set to a number between 16 and 1007.078 Mbps. DTE consists of terminals. Frame relay is used between DTE and DCE devices. Frame Relay uses Permanent Virtual Circuits (PVCs). Uses Packet Switching. all of which are customer owned end node devices. The default is Cisco but there are 3 possible settings: • • • Cisco (Default) ANSI Q933a To set up frame relay on an interface just set the encapsulation to frame-relay. PC’s. Data Link Connection Identifiers (DLCI) – Used to identify the virtual circuits. Data Link Connection Identifier (DLCI) is used to identify connection. LMI Local Management Interfaces (LMI) – Provide information about the DLCI values and the status of virtual circuits. Frame Relay uses a CRC. Frame Relay configuration is done in the interface configuration mode. Frame Relay offers speeds between 56 Kbps and 2.testking.com -54- . The service provider owns DCE devices such as packet switchers.

• Committed Information Rate (CIR) – the rate.testking. in bits per second. you can use the frame-relay map command or you can use the inverse-arp function. Each interface would be on the same subnet and have a single DLCI. There are two ways to make this happen. router(config-if)#frame-relay inverse-arp {protocol} {dlci} router(config-if)#frame-relay map {protocol} {protocol address} {dlci} [broadcast] [cisco|ietf] With frame-relay you can use subinterfaces to allow multiple virtual circuits on a single serial interface and each subinterface can be treated as a separate interface. Each point-to-point connection is its own subnet and act like a leased line. This is 10 seconds by default and can be set by typing: router(config-if)#frame-relay keepalive {number of seconds} Frame Relay Maps The Frame Relay Map tells the network protocol how to get from a specific protocol and address pair to the correct DLCI. Multipoint – A single subinterface is used to establish multiple PVC connections to multiple physical interfaces on a remote router.640-607 A keepalive interval must be set to enable LMI on an interface. All participating interfaces are in the same subnet and each interface would have it’s own DLCI. It is worthwhile creating a subinterface with a number that matches the DLCI identifier. www. The “frame-relay map” command can be used to show which routers are reachable.com -55- . The subinterface acts like a NBMA network and broadcasts are subject to split horizon rules. at which the Frame Relay switch agrees to transfer data.{subinterface-number} {point-to-point|multipoint} Subinterface Connection Types You can configure subinterfaces to support the following connection types: • Point-to-point – A single subinterface is used to establish one PVC connection to another physical interface on a remote router. You use the interface s0.interface number command: router(config-if)#interface s0.

Shows LMI statistics show frame-relay map .Shows frame relay ip statistics show frame-relay lmi . The show ip route command will also show which routers are reachable. www.testking.640-607 Obtain Frame Relay Information To display Frame Relay information you could use the following: show frame-relay ip .Shows PVC Statistics Also DLCI Info show frame-relay route .com -56- .Shows map table show frame-relay pvc .Shows protocol statistics The show Interface command also shows Frame Relay information on a specific interface.Shows frame relay routes show frame-relay traffic .

. 2. To do this you will need to do the following: Router#config terminal Now you are ready to change the name of your router. You should see a prompt that looks like: Router> In order to configure parameters you will need to be the privileged EXEC mode. You will need to do the following: test_king(config)#enable password Paris test_king(config)# You know you need to backup these configuration changes to the startup configuration.640-607 Labs Lab 1 – Configure a name and passwords for a router You have been tasked to change some of the configurations on one of your company’s router. Specifically you tasks are: 1. Router>enable Router# It is now necessary to enter the global configuration mode. Restrict access to privileged EXEC mode. You will need to do the following: Router(config)#hostname test_king test_king(config)# Task 2 You now need to configure a password for the router. Therefore the first step will be to use the enable command. You will need to do the following: www. The password should be Paris.testking. Task 1 You will need to log onto your router.com -57Change the name of the router to test_king.

fg test_king(config)# Now it is time to exit the router. You will need to do the following: test_king(config)#exit test_king#disable test_king>exit www. You will need to begin with the enable secret password.640-607 test_king(config)#copy running-configuration startup-configuration test_king(config)# You have completed the tasks assigned to you. You will need to do the following: test_king(config)#enable secret Denmark test_king(config)# Now you need to save this change to the startup configuration and then copy the running configuration to TFTP server.1.1).1.com -58- . You will need to do the following: test_king(config)#copy running startup test_king(config)#copy running-config tftp Address or name of remote host []? 10. It is now time to exit the global configuration mode and the privilege EXEC mode.1 Destination filename [running-config]? test_king. You will need to log onto your router.testking.1. You return and take the following actions to start: test_king> test_king>enable Password:***** test_king#config t test_king(config)# Now it is time to configure the new secret password.1. You will need to do the following: test_king(config)#exit test_king#disable test_king>exit You report back to your supervisor and he says that he forgot to tell you that he also wanted an enable secret password (Denmark) and he wanted a copy of the most current running configuration on the TFTP server (10.

1 and for the serial interface 0 he needs the IP address 201. It is now required to enable the interface. Time to configure the serial interface.1 255.1.255.640-607 Lab 2 – Configuring Router Interfaces Day 1 of your new job has come and gone. You know a new day brings new challenges and you know you are up for it.5. You start with the Ethernet interface.5.1. You wants you to configure the interfaces on it. You would need to take the following action: test_king(config)#interface serial 0 test_king(config-if)#ip address 201.255. On the Ethernet interface 0 he would like the IP address 192. He reminds you that this is a 56K connection. You would need to take the following action: test_king(config-if)#no shutdown test_king(config-if)#exit test_king(config)# The Ethernet Interface is now configured and enabled.1. You set out to complete your two tasks.5.1 Destination filename [running-config]? test_king.11.com -59- .100.255.0 test_king(config-if)#bandwidth 56 test_king(config-if)#no shutdown test_king(config-if)#exit test_king(config)# You remember that now that you have changed the running configuration you will need to back it up to the NVRAM (startup configuration) and to the TFTPP server.255. You are feeling pretty good about how things have been going.100.0 The interface no has an IP address configured.testking. You take the following action: test_king>enable Password:******* test_king#config terminal test_king(config)#interface ethernet 0 test_king(config-if)#ip address 192.5.fg www.11. You would need to take the following action: test_king(config)#copy running startup test_king(config)#copy running-config tftp Address or name of remote host []? 10. You boss says he would like you to work on the router test_king again.1 255.

com -60- .testking.640-607 test_king(config)#exit test_king#disable test_king>exit www.

7.1 Destination filename [running-config]? test_king2.255.13.2 and 204.100.255.1.640-607 Lab 3 – Configuring Static Routes Now it is time to configure some static routes for another one of your companies routers (test_king2).com -61- .1 test_king2(config)#no ip route 204.255.13.13.100.13.fg test_king(config)#exit test_king#disable test_king>exit Your boss has changed his mind he want both static routes removed from this test_king2 and the backups to reflect this action. test_king2(config)#copy running startup test_king2(config)#copy running-config tftp Address or name of remote host []? 10.1.100.204.100.204.255. You set off to complete the necessary work.100.3 As is standard for your company you now backup the new configuration.1 and 210.3 test_king2(config)#copy running startup test_king2(config)#copy running-config tftp Address or name of remote host []? 10.1.13.204.testking.0 210.fg test_king(config)#exit test_king#disable test_king>exit www.255.1 test_king2(config)#ip route 204.7.3 respectively.204.2 255.204.255.0 210. The two destinations are 204.7.7. To reach these destinations the traffic will need to traverse 210.1 255. test_king2>enable Password:******** test_king2#config t test_king2(config)#ip route 204.204. The enable secret password for test_king2 is Sweden1a.0 210.255.1 255.7.1.100.7.1 Destination filename [running-config]? test_king2.0 210.255. You take the following actions: test_king2>enable Password:******** test_king2#config t test_king2(config)#no ip route 204.2 255.1.13.

5. test_king>enable Password:******* test_king#config terminal test_king(config)#no ip route 172.1 Destination filename [running-config]? test_king.0 test_king(config-router)#exit You decided that a change like this should definitely backup this new configuration.255.0 255. He reminds you to remove the static routes that have been configured. He turns to you to complete this task for him.255.1.0.640-607 Lab 4 – Configuring RIP and Restoring Configuration Your boss has decided to configure RIP on test_king.400 secs (97 bytes/sec) test_king# www.1 Destination filename [running-config]? test_king.fg test_king(config)#exit test_king#disable test_king>exit A month later your boss says that something has gone wrong with test_king and it needs to be restored.255.0 test_king(config)#no ip route 172.255.50. I’ll just copy startup configuration to the running configuration. You know that you will need to copy the file from the TFTP server. You need to take the following actions: test_king>enable Password:******* test_king# test_king#copy tftp running-config Address or name of remote host []? 10.testking.1.0 255.fg Accessing tftp://10. You first thought is “no problem.255.40.1.1. You have just completed removing the static routes off of test_king2 so you are confident that you can complete this task quickly.255.1.16.com -62- .0 test_king(config)#router rip test_king(config-router)#network 192.1.1 (via Ethernet): !! [OK – 487/4096 bytes] 487 bytes copied in 5.0 test_king(config)#no ip route 172.16.0 255. Your boss must be reading your mind and tells you that the startup configuration is corrupted.16.30. You need to take the following actions: test_king(config)#copy running startup test_king(config)#copy running-config tftp Address or name of remote host []? 10.

0 and 172. it’s a test network after all.0.com -63- . and belongs to autonomous system 13. tk_a1 will be advertising both 210.0.640-607 Lab 5 – Configuring IGRP A test network has been established to test possible future configurations.0.0 tk_a1(config-router)#exit tk_a1(config)#exit tk_a1#copy running-configuration startup-configuration www. You decide to use experiment with IGRP.16.204. You need to take the following actions: tk_a1>enable tk_a1#config terminal tk_a1(config)#router igrp 13 tk_a1(config-router)#network 210.0.testking.204. tk_a1 has no passwords configured.16.0 tk_a1(config-router)#network 172.0. You select tk_a1 to be configured.

7. To met these objectives you take the following actions: test_king>enable Password: ******* test_king#config t test_king(config)#access-list 103 deny icmp 204. you take the following actions: test_king#config t test_king(config)#no access-list 101 test_king(config)#exit test_king#exit test_king> The end result is no change to the running configuration.testking.7.0.2 from reaching test_king. Therefore there is no need to back it up.com -64- . www.204.2 0.204. You take the following actions and receive the following results: test_king#show access-list 103 Extended IP access list 101 deny icmp host 204.204.0. As a result.7.0 any test_king(config)#access list 103 permit ip any any test_king(config)#interface Ethernet 0/0 test_king(config)#ip access-group 101 out test_king(config)#exit You decide to confirm this access list.640-607 Lab 6 – Access List You have been tasked to prevent ICMP traffic from 204. All other IP traffic is to be permitted.2 any permit ip any any Your boss calls and tells you that he just wanted to give you some practice with access list and now wants you to remove the access list.