Cisco Certified

Network Associate (CCNA)

Juan Estrella : Juan@tiaedu.com

A+, Network+, Security+, CASP, CTT+, MCSE/MCITP, CCNA, CCNP, MOS, Adobe ACE,
ITIL-F
CCNA Exam 200-120
 90 minutes Domain % of Exam
Operation of IP Data Networks 5%
 50 – 60 Questions (multiple choice
LAN Switching Technologies 20%
and drag and drop)
IP addressing (IPv4/IPv6) 5%
 3 Hands-on Simulators from below
IP Routing Technologies 20%
 Router (EIRGP/OSPF)
IP Services 10%
 NAT
Network Device Security 10%
 ACL
Troubleshooting 20%
 Switch
WAN Technologies 10%
 Passing score is about 825/1000
 Exam fee is $295 (not included in the
course)
How to be a successful student
1. Work hard. You can't be lazy if you want to be successful in school.
2. Be punctual. Develop the habit of judging time and learn how to arrive where you need to be on time.
3. Read the books. If you are having reading trouble, talk to the teacher for ways to improve your reading skills. The
teacher is not here to read you the book, they’re there to explain the contents.
4. Use common sense. Realize what the class is about, what the work is supposed to teach you, how you should
handle yourself with the other students.
5. Learn how to schedule your life and time to balance school work and other parts of your day. You can't do
everything, and going out at night, playing videogames, watching television will surely take time away from
studying or that deadline.
6. Talk to the teachers. If you show them you are honest and serious, or need help, they will usually respond well
and offer to guide you as needed. But don't think the teacher will just pity you and excuse your poor work.
7. Study throughout the course. Don't wait until days before the test to study.
8. Remember your educational goals. If you can't really think of any, talk to a career counselor and learn what kind
of education you will really need to get the salary or job you want.
9. Learn that a student and a professor make a team. Most instructors want exactly what you want: they would like
for you to learn the and pass your exam. Join forces with your instructor, they are not an enemy, you share the
same interests, the same goals - in short, you're teammates.
Day 1

 Network Basic Review

 Chapter 1: Internetworking
 Chapter 2: Ethernet Networking and Data Encapsulation
 Chapter 3: Introduction to TCP/IP
 Subnetting
 Chapter 4: Easy Subnetting
 Chapter 5: VLSMs, Summarization, and Troubleshooting TCP/IP
Day 2

 Cisco IOS Basics

 Chapter 6: Cisco’s Internetworking Operating System
 Chapter 7: Managing a Cisco Internetwork
 Chapter 16: Managing Cisco Devices
 Routing Basics
 Chapter 8: IP Routing
Day 3

 Dynamic Routing
 Chapter 9: Open Shortest Path First
 Chapter 19: Enhanced IGRP
 Chapter 20: Multi-Area OSPF
Day 4

 IPv6
 Chapter 14: Internet Protocol Version 6
 Access List
 Chapter 12: Security
 NAT
 Chapter 13: Network Address Translation
Day 5

 Switches
 Chapter 10: Layer 2 Switching
 Chapter 11: VLANs and InterVLAN Routing
 Chapter 15: Enhanced Switched Technologies
 Troubleshooting
 Chapter 17: IP Services
 Chapter 18: Troubleshooting IP, IPv6, and VLANs
 WAN
 Chapter 21: Wide Area Networks
The Open Systems Interconnection (OSI) model
Layer 7 Application Software protocols ie; http, smtp, pop3, imap, ect… Mnemonics
All People Seem To Need Data
Gets the Data ready for the application layer. Processing
Or
Layer 6 Presentation e.g., compression / decompression, encryption / Please Do Not Throw Sausage Pizza
decryption Away
Provides dialog control by allowing information of
Layer 5 Session different streams, perhaps originating from different
sources, to be properly combined or synchronized.
Handles the End-to-End communication.
Layer 4 Transport
Connection-Oriented Communication using TCP

Layer 3 Network Routing, IP addresses, Routers and Firewalls

Layer 2 Data Link Switches/Bridges, MAC addresses

Layer 1 Physical Hubs, Repeaters, Media(Cable), Bits

 Connection-Oriented Communication
• The Transport layer can provide for reliable
communication by the way of Connection-
Oriented Communication.
• For Connection-Oriented communication to
occur that has to be a three-way handshake.
• Once two host preform the three-way
handshake Connection-Oriented
communication provides these features.
• Flow control: prevents one host from
overflowing the buffers of the other.
• Windowing: controls how much
information goes from one host to the
other.
• Acknowledgments: guarantees that the
data sent is received.
Ethernet Network
Collision Domain: One host can transmit Broadcast Domain: A network segment where one address
data at a time exist to communicate to all host

One broadcast domain

Each connection on a switch creates a separate collision domain.

S1 S2
Hub Hub

One collision domain

One broadcast domain by default
Ethernet Networks
Internetwork: routers create broadcast domain boundaries because it will not pass the broadcast from one
broadcast domain to another.

R1

S1 S2

Two broadcast domains. How many collision domains do you see?

CSMA/CD
CSMA/CD is built-in to hubs and is responsible for A B C D
responding to network collisions.
When CSMA/CD senses a collision it sends out a jam
signal that instructs all host on the collision domain to stop
transmitting. The jam signal also includes a random A B C D
number letting the host know when it can transmit again.

A B C D

Collision

A B C D

Jam Jam Jam Jam Jam Jam Jam Jam

Duplexing

 Half-duplex
 One way communication. While you’re sending you CAN’T receive,
while you’re receiving you CAN’T send.
 Full-duplex
 Two way communication. Sending and receiving are done
simultaneously.
 Troubleshooting duplexing
 When duplexing is mismatched it’ll result in inconsistent networking
not total failure.
Ethernet Cabling

 Straight-through
 Used to connect unlike devices, hub to routers, computers to
switches.
 Crossover
 Used to connect like devices, hub to hub, router to router, hub to
switch.
 Rolled
 Used to console to a router or switch
Data encapsulation

Application

Upper-layer data Presentation

Session

TCP header Upper-layer data Transport segment

IP header Data Network packet

MAC LLC Data FCS Data Link frame

0101110101001000010 Physical bits

Subnetting

 Subnetting is when we take one Classful network and make it

into many smaller Sub-networks.
 Benefits of Subnetting
 Minimize Broadcasting
 Optimized network performance
 Simplified management
 Security
Subnet Chart

CIDR BLOCK MASK # OF SUBNETS When you add a bit to the CIDR you half the
Block.
/24 256 255.255.255.0 1
When you add a bit to the CIDR you double the
/25 128 255.255.255.128 2 number of Subnets.

/26 64 255.255.255.192 4

/27 32 255.255.255.224 8

/28 16 255.255.255.240 16

/29 8 255.255.255.248 32

/30 4 255.255.255.252 64
 # OF SUBNETS # OF SUBNETS # OF SUBNETS
CIDR BLOCK MASK
CLASS C CLASS B CLASS A
/8 16,777,216 255.0.0.0 1
/9 8,388,608 255.128.0.0 2
/10 4,194,304 255.192.0.0 4
/11 2,097,152 255.224.0.0 8
/12 1,048,576 255.240.0.0 16
/13 524,288 255.248.0.0 32
/14 262,144 255.252.0.0 64
/15 131,072 255.254.0.0 128
/16 65,536 255.255.0.0 1 256
/17 32,768 255.255.128.0 2 512
/18 16,384 255.255.192.0 4 1,024
/19 8,192 255.255.224.0 8 2,048
/20 4,096 255.255.240.0 16 4,096
/21 2,048 255.255.248.0 32 8,192
/22 1,024 255.255.252.0 64 16,384
/23 512 255.255.254.0 128 32,768
/24 256 255.255.255.0 1 256 65,536
/25 128 255.255.255.128 2 512 131,072
/26 64 255.255.255.192 4 1,024 262,144
/27 32 255.255.255.224 8 2,048 524,288
/28 16 255.255.255.240 16 4,096 1,048,576
/29 8 255.255.255.248 32 8,192 2,097,152
/30 4 255.255.255.252 64 16,384 4,194,304
IOS Basics

 Every Cisco router and switch runs a version of the Cisco IOS.
 Cisco IOS is a Command Line (CLI) based operating system.
 You can access the IOS by various Access Lines
 Console Line
 Auxiliary Line
 Telnet/SSH Line
Access Lines

 Console Line is reserved for physical access

 You connect to it using a Rolled cable which has a DB9 on one end
and a RJ45 on the other.
 Auxiliary Line is usually reserved for Modem access
 You usually connect a serial dial-in modem to access your
equipment when there’s no chance of Telnet/SSH access or if
physical access is not possible/feasible.
 Telnet/SSH is you main access
 Once configured you use your Telnet/SSH client to gain access
Router Modes

 Once you log-in to your router there are different modes

which have access to different commands.
 User EXEC is the first mode you’ll see
 This mode does not let you change anything in the router and can
only be used for simple diagnostics
 Privileged EXEC is the next escalation
 This mode allows you to see more than User mode but also lets
you save your configurations
 Global configuration is the last level of escalation
 This mode is where you configure most features on the router
Exercise 1 – Basic Configurations
1. Change Hostname
2. Protect privileged mode with a secret
3. Protect Access lines
1. Console line
2. Auxiliary line
3. VTY lines (telnet/ssh)
4. Enable password encryption
5. Set-up a MOTD banner
6. Configure any 3 interfaces with any IP addresses
7. Verify all your configurations in the running configurations
8. Save your configurations
9. Verify your saved configurations in the start-up configurations
10. Erase your configurations
11. Verify that your configurations are erased
Basic IOS Commands
Enter privileged mode
router> enable

Exit privileged mode

router# disable

Enter global configuration mode

router# configure terminal

Exit global configuration mode

router(config)# exit

Set a hostname
router(config)# hostname <hostname>

Set a banner
router(config)# banner <type> <delimiter>

Save your current configurations

router# copy running‐config startup‐config
Basic IOS Commands continued..
Protect privilege with a password
router(config)# enable password <password>

Protect privilege with a secret

router(config)# enable secret <secret>

Encrypt all passwords

router(config)# service password‐encryption

Enter a line
router(config)# line <line name> <line number>

Enter an interface
router(config)# interface <interface name> <interface number>

Set an IP address
router(config‐if)# ip address <ip address> <subnet mask>
Basic IOS Show Commands
Show your current configurations
router# show running‐config

Show your saved configurations

router# show startup‐config

Show interface detailed information

router# show interface

Show interface layer 3 details

router# show ip interface

Show interface basic information

router# show ip interface brief

Show last 10 commands

router# show history

Show device version information

router# show version
Router Components

 Your router has different components which allows it to preform all its
functions
 ROM (Read only memory)
 Bootstrap
 Instructs the router on how to load the IOS
 POST (Power On Self Test)
 Displays information about your router
 Mini-IOS
 Configure how the router boots and a troubleshooting environment when IOS won’t load or
to do a password reset
 ROMMON
 ROM Monitor, the prompt you see when you’re in the Mini-IOS
 Configuration Register
 A memory address that controls how the router boots
Router Components

 Flash
 Cisco IOS (Internetwork Operating System)
 The actual file that contains your operating system, usually a “.bin” file
 RAM
 Running Configurations
 The configurations the router is currently using
 NVRAM
 Startup Configurations
 The configurations that loads when the router is turned on or reboots
Backing up IOS and Configurations

 To backup your configurations

 copy running‐config tftp or copy startup‐config tftp
 To backup your IOS
 copy flash tftp
 To Restore your configurations
 copy tftp running‐config or copy tftp startup‐config
 To restore or upgrade your IOS
 copy tftp flash
Exercise 2 – Password Reset

1. Interrupt the boot

2. Change the configuration register to 0x2142
3. Reboot
4. Go to privileged mode
5. Copy the startup-config to your running-config
6. Change your passwords
7. Change the configuration register to 0x2102
8. Save your startup-config
Cisco Discovery Protocol (CDP)

 CDP allows you to see other directly connected cisco devices.

 show cdp: shows cdp configurations
 show cdp neighbors: shows you which cisco devices are directly connected to you
 show cdp neighbors detail: shows you details about the directly connected devices
 Static Routes

The “ip route” command is used to set a static route. It has 5 parameters but only the first 3 are
required.
 destination network: the network address of the network you need to route to
 mask: the subnet mask of the destination network
 next hop/exit interface: the ip address of your neighbor’s interface that leads to the destination
network or your routers interface that leads to the destination network
 administrative distance: a metric that lets you set the priority of the route, lower number is better
 permanent: keeps the route in the routing table even if the next hop is not available

ip route [destination] [mask] [next_hop] [administrative_distance] [permanent]

ip route 192.168.50.0 255.255.255.0 192.168.51.1 150 permanent

Static Routing Example

s0/0
s0/0
192.168.50.1/24
192.168.50.2/24

R1
R2
f0/0 f0/0
192.168.100.1/24 192.168.200.1/24

R1 CLI

R1(config)# ip route 192.168.200.0 255.255.255.0 192.168.50.2

R2 CLI

R2(config)# ip route 192.168.100.0 255.255.255.0 192.168.50.1
Static Routing Example with exit interfaces

s0/0
s1/1
192.168.50.1/24
192.168.50.2/24

R1
R2
f0/0 f0/0
192.168.100.1/24 192.168.200.1/24

R1 CLI

R1(config)# ip route 192.168.200.0 255.255.255.0 s0/0

R2 CLI

R2(config)# ip route 192.168.100.0 255.255.255.0 s1/1
Default Route

The default route is used when the router does NOT have a route in the routing table to a
destination network. It is also known as “the gateway of last resort”. You set the default route just
like a static route.

ip route 0.0.0.0 0.0.0.0 192.168.50.1
or
ip route 0.0.0.0 0.0.0.0 s0/0
Routing Protocol Categories

 There are two categories of routing protocols; Exterior

Gateway protocols(EGP) and Interior Gateway protocols (IGP)
 IGP: protocols are used to route a single autonomous system
(AS)
 EGP: protocols are used to route between multiple
autonomous systems
Interior Gateway protocol types

 There are two types of routing protocols; Link-state and

Distance-vector.
 Distance-vector is hops based and take the path with the
fewest amounts of hops.
 Link-state is bandwidth based and take the path with the
fastest link
Distance-vector

1GB 1GB
1GB

R3
R1 R4
R2

100MB 1GB
R1 needs to get a packet to R5

It’ll take the path with the fewest amount of hops

R5
Link-state

1GB 1GB
1GB

R3
R1 R4
R2

100MB 1GB
R1 needs to get a packet to R5

It’ll take the path with the fastest link

R5
 Routing Protocols

Protocol Type Metric AD Multicast Convergence Summarization Algorithm

RIPv1 DV Hop count 120 No Slow None Bellman-Ford
RIPv2 DV Hop count 120 Yes Slow Auto & Manual Bellman-Ford
OSPF LS Bandwidth 110 Yes Fast Manual Dijkstra
Combination of
Advanced Diffusing Update
EIGRP bandwidth, hops 90 Yes Fast Auto & Manual
DV Algorithm (DUAL)
and delay
 RIPv2

s0/0 s0/0
192.168.50.1/24 192.168.50.2/24

R1
R2
f0/0 f0/0
192.168.100.1/24 192.168.200.1/24

R1 CLI
R1(config)# router rip
R1(config‐router)# network 192.168.50.0
R1(config‐router)# network 192.168.100.0
R1(config‐router)# version 2
R2 CLI
R2(config)# router rip
R2(config‐router)# network 192.168.50.0
R2(config‐router)# network 192.168.200.0
R2(config‐router)# version 2
Verify RIP

show ip route
show ip protocols
Open Shortest Path First (OSPF)

 OSPF is a link-state routing protocol which works by using the Dijkstra algorithm to
build it’s routing table.
 Main features of OSPF
 Hierarchical network design using areas
 Efficient routing table updates
 Fast convergence
 Supports VLSM/CIDR
 No hop count limit
 Open standard works on any enterprise class router
OSPF Terminology

 Link: refers to a network or router interface.

 Adjacency: is the relationship formed between two OSPF routers that allows them
to exchange routing table updates.
 Router ID: is an IP address used to identify the router in an OSPF network. It can
be set by using the router‐id command or can be determined by the highest IP
address on the loopback interface, if the loopback is not set then it’s the highest
IP on a physical interface.
OSPF Terminology continued.

 Designated router: is determined by the priority set on the router (highest number
wins). If the priority matches then the Router-id is the tie breaker (highest Router-
id wins). The designated router(DR) forms adjacencies to all routers so it can send
and receive all routing table updates.
 Backup Designated router: is there as a backup for the DR. It receives all routing
table updates but does NOT send them out.
 Hello Protocol: used to discover other OSPF routers and maintains the adjacency
between them.
 Link State Advertisement: is an OSPF data packet that sends out link-state and
routing information. Only routers that form an adjacency can exchange link state
advertisements (LSA)
OSPF Terminology continued..

 Neighborship database: list of all OSPF routers

 Topological database: list of all OSPF paths (routes)
 OSPF Area: grouping of routers
 Broadcast (multi-access) / Nonbroadcast multi-access: These types of
networks require a DR and a BDR
 Point-to-Point / Point-to-multipoint: Do NOT require the use of a DR or
BDR
 OSPF (Single Area)
s0/0 s0/0
192.168.50.1/24 192.168.50.2/24

R1
R2
f0/0 f0/0
192.168.100.1/24 192.168.200.1/24

R1 CLI
R1(config)# router ospf 1
R1(config‐router)# router‐id 1.1.1.1
R1(config‐router)# network 192.168.50.0 0.0.0.255 area 0
R1(config‐router)# network 192.168.100.0 0.0.0.255 area 0
R1(config‐router)# passive‐interface f0/0
R2 CLI
R2(config)# router ospf 1
R2(config‐router)# router‐id 2.2.2.2
R2(config‐router)# network 192.168.50.0 0.0.0.255 area 0
R2(config‐router)# network 192.168.200.0 0.0.0.255 area 0
R2(config‐router)# passive‐interface f0/0
OSPF configuration commands
Enter OSPF configurations
router(config)# router ospf <process‐id>

Set router-id
router(config‐router)# router‐id <actual router‐id to be set>

Set network advertisement

router(config‐router)# network <network address> <wildcard mask> area <area number>

Set interface to passive

router(config‐router)# passive‐interface <interface name> <interface number>
OSPF verification commands
Show OSPF configurations, like router ID, area information, SPF stats, LSA timers
router# show ip ospf

Show the Link ID of all routers and which neighbor is advertising that router to you.
router# show ip ospf database

Show your OSPF neighbors

router# show ip ospf neighbors

Show each interfaces Interface IP, Area, Process ID, Router ID, Network type, Cost, Priority, DR/BDR election, and timers.
router# show ip ospf interface

Show OSPF configurations you have set, Process ID, Router ID, Network advertisements.
router# show ip protocols
 Single Area OSPF

Problems with single Area OSPF

• When a link goes up or down the routers will
then do an LSA flood which will send updates
to all the routers in that area.
• It’ll also cause high CPU and Memory
overhead.

Area 0
 Multi-Area OSPF

Backbone Router: any router which is in area 0 Area 0

Area Border Router (ABR): a router that has interfaces Different network
in more than one area.
Autonomous system boundary router (ASBR): is a ASBR
router with at least one interface connected to an
external network or different AS. ABR ABR
Internal Router: a router with all it’s links in one area

Area 1 Area 2
 OSPF (Multi-Area)

s0/0 s0/1
192.168.50.1/24 area 0 192.168.51.1/24

s0/0 s0/1
192.168.50.2/24 R1 192.168.51.2/24

R2 R3
f0/0 f0/0 f0/0
192.168.100.1/24 area 1 192.168.250.1/24 area 2 192.168.200.1/24

R2 CLI
R1 CLI R2(config)# router ospf 1
R1(config)# router ospf 1 R2(config‐router)# router‐id 2.2.2.2
R1(config‐router)# router‐id 1.1.1.1 R2(config‐router)# network 192.168.50.0 0.0.0.255 area 0
R1(config‐router)# network 192.168.50.0 0.0.0.255 area 0 R2(config‐router)# network 192.168.100.0 0.0.0.255 area 1
R1(config‐router)# network 192.168.51.0 0.0.0.255 area 0 R2(config‐router)# passive‐interface f0/0
R1(config‐router)# network 192.168.250.0 0.0.0.255 area 0
R3 CLI
R1(config‐router)# passive‐interface f0/0 R3(config)# router ospf 1
R3(config‐router)# router‐id 3.3.3.3
R3(config‐router)# network 192.168.51.0 0.0.0.255 area 0
R3(config‐router)# network 192.168.200.0 0.0.0.255 area 2
R3(config‐router)# passive‐interface f0/0
Enhanced IGRP (EIGRP)

 EIGRP is an advanced distance vector routing protocol.

 Main features of EIGRP
 Supports IPv4 and IPv6
 Supports VLSM/CIDR
 Supports summaries and discontiguous networks
 Efficient neighbor discovery: these 3 things must happen so you can become neighbors
 Hello or ACK is received
 AS numbers have to match
 Identical metrics (K values)
 Communicates via the Reliable Transport Protocol (RTP)
 Route is selected via the Diffusing Update algorithm (DUAL)
EIGRP Terminology

 Feasible distance (FD): metric given to a route by DUAL. Route with the lowest FD
is considered the best route.
 Reported/Advertised Distance: Metric given to a route by your neighbor
 Successor: is the best route to a given network. Successors show up in your
routing table.
 Feasible Successor: any route that is not the best route. EIGRP can store up to 16
feasible successors.
 Neighbor table: List of directly connected EIGRP routers
 Topology table: List of all EIGRP Feasible Successor and Successor
 Split Horizon: the router will not send out a routing table update out the same
interface it was received from
 EIGRP

s0/0 s0/0
192.168.50.1/24 192.168.50.2/24

R1
R2
f0/0 f0/0
192.168.100.1/24 192.168.200.1/24

R1 CLI
R1(config)# router eigrp 10
R1(config‐router)# network 192.168.50.0
R1(config‐router)# network 192.168.100.0
R1(config‐router)# passive‐interface f0/0
R2 CLI
R2(config)# router eigrp 10
R2(config‐router)# network 192.168.50.0
R2(config‐router)# network 192.168.200.0
R2(config‐router)# passive‐interface f0/0
EIGRP configuration commands
Enter EIGRP configurations
router(config)# router eigrp <autonomous system number>

Set network advertisement

router(config‐router)# network <network address>

Disable auto-summary
router(config‐router)# no auto‐summary

Set interface to passive

router(config‐router)# passive‐interface <interface name> <interface number>

Set maximum number of feasible successors, default is 4

router(config‐router)# maximum‐path <number between 1 – 16>

Set maximum number of hops, default is 100

router(config‐router)# maximum‐hops <number between 1 – 255>
EIGRP verification commands
Show all EIGRP paths, includes Successors and Feasible Successors
router# show ip eigrp topology

Show EIGRP packet count, how many packets that are sent and received.
router# show ip eigrp traffic

Show your EIGRP directly connected neighbors

router# show ip eigrp neighbors

Show which interfaces are routing with EIGRP

router# show ip eigrp interface

Show EIGRP configurations, AS number, Summarizations, Network advertisements, and K values

router# show ip protocols
Internet Protocol Version 6 (IPv6)

 IPv6 Benefits
 More addresses: address is 128 bits long which leads to us having 3.4 x
1038 number of addresses.
 IPSec: is built in as a standard which should lead to better security
practices.
 Multicast Based: No broadcast!
 No Broadcast: IPv6 eliminates broadcast and replaces it with “Anycast”.
 Plug-n-Play: an IPv6 LAN can be configured without the need of a DHCP
server.
 Auto-configuration: an interface can be assigned an IPv6 address just by
being given the prefix
IPv6 Addressing

2001:0db8:3c4d:0012:0000:0000:1234:56ab
Global prefix Subnet-ID Interface ID

64 bits 64 bits

 IPv6 addresses are 128 bits

 8 fields separated by colons
 16 bits per field
 The first 64 bits are made up of the Global prefix and Subnet-ID and is referred to
as the Subnet prefix.
 The last 64 bits are reserved for the Interface ID
IPv6 Shortened Expression

Original

• 2001:0db8:3c4d:0012:0000:0000:1234:56ab

Drop the leading zeros in a group

• 2001:db8:3c4d:12:0000:0000:1234:56ab

Note 4 zeros with a single zero

• 2001:db8:3c4d:12:0:0:1234:56ab

Drop groups of 4 zeros and note them with a ::

• 2001:db8:3c4d:12::1234:56ab
IPv6 Manual Addressing

 Just like IPv4 you have to assign an IP address to your

interface, but with IPv6 you have a few options.
 First option is the manual approach.
R1(config)# int f0/0
R1(config‐if)# ipv6 address 2001:db8:3c4d:1:0260:d6ff:fe73:1987/64

 You can also just enable the Link-local address like this
R1(config)# int f0/0
R1(config‐if)# ipv6 enable

 To verify you can use one of these commands

R1# show ipv6 interface
R1# show ipv6 interface brief
IPv6 Autoconfiguration

 With IPv6 you now that the ability to have the router fill-in the
interface-ID portion of the address.
R1(config)# int f0/0
R1(config‐if)# ipv6 address 2001:db8:3c4d:1::/64 eui‐64

 The interface will know have an IPv6 address that looks like this.
R1# show ipv6 interface brief
R1# FastEthernet0/0            [up/up]
fe80::230:a3ff:fe4d:d701
2001:db8:3c4d:1:230:a3ff:fe4d:d701
IPv6 Autoconfiguration explained

 EUI-64 uses the routers MAC address and pads it to generate the interface-id.
 Since the MAC address is only 48 bits and the interface-id is 64 bits it’ll add FFFE
after the first 3 bytes of the MAC address. (3 bytes equals 6 characters)
 It also then flips the 7th bit of the MAC address which is why 902B become 922B.
MAC Address

902B.34A4.E25A
3 bytes 3 bytes
EUI-64 padding

922B:34FF:FEA4:E25A
3 bytes 3 bytes
 IPv6 Autoconfiguration explained..
Original MAC EUI-64 7th bit flipped Original MAC EUI-64 7th bit flipped
8 4 2 1 8 4 2 1 8 4 2 1 8 4 2 1
1 0 0 1 9 1 0 0 1 9 1 1 1 1 F 1 1 1 1 F
0 0 0 0 0 0 0 1 0 2 1 1 1 1 F 1 1 0 1 D
0 0 1 0 2 0 0 1 0 2 0 1 1 1 7 0 1 1 1 7
1 0 1 1 B 1 0 1 1 B 1 1 0 0 C 1 1 0 0 C
0 0 1 1 3 0 0 1 1 3 0 1 1 0 6 0 1 1 0 6
0 1 0 0 4 0 1 0 0 4 1 0 1 0 A 1 0 1 0 A
1 0 1 0 A 1 0 1 0 A 1 1 1 1 F 1 1 1 1 F
0 1 0 0 4 0 1 0 0 4 1 1 1 1 F 1 1 1 1 F
1 1 1 0 E 1 1 1 0 E 0 0 1 1 3 0 0 1 1 3
0 0 1 0 2 0 0 1 0 2 0 1 0 1 5 0 1 0 1 5
0 1 0 1 5 0 1 0 1 5 0 0 0 1 1 0 0 0 1 1
1 0 1 0 A 1 0 1 0 A 1 1 0 1 D 1 1 0 1 D
IPv6 Autoconfiguration explained..

 We only need to look at the first 8 bits of the MAC address when trying to figure
out how it’s configured
Mac Address Binary First 8 bits
902B.34A4.E25A 1001 0000 0010 1011 0011 0100 1010 0100 1110 0010 0101 1010 1001 0000

First 8 bits Hexadecimal 7th bit flipped Hexadecimal

10010000 90 1001 0010 92

 Essential you can just look at the 2nd character in the MAC address, break it out
into binary and flip the 3rd bit.
Mac Address 2nd in hex 2nd in bin Flip 3rd bit 2nd in hex
0C0C.DEDE.1234 C 1100 1110 E
0F2B.B2B2.ABCD F 1111 1101 D
F8EE.1212.5826 8 1000 1010 A
IPv6 Address Types

 Unicast: One to one, packet is sent to a single interface.

 Global Unicast Addresses: publicly routable addresses, they start at
2000::/3
 Unique Local Addresses: non-publicly routable addresses, they start at
FC00::/7
 Link-local addresses: replacement for Automatic Private IP Addresses
(APIPA), a host is assigned a Link-local address anytime they fail to
receive a DHCPv6 address. They start at FE80::/10
 Multicast: One to many, packet is sent to many interfaces. They
begin at FF00::/8
 Anycast: One to nearest, packet is sent to the nearest interface in
terms of routing distance. Replaces broadcast from IPv4.
IPv6 Protocols

 DHCPv6: Same as it was for IPv4 but now IPv6 compatible

 ICMPv6: Same as it was for IPv4 but now IPv6 compatible
 NDP: Neighbor Discovery Protocol
 Determines the MAC address of neighbors
 Router solicitation (RS) FF02::2
 Router advertisements (RA) FF02::1
 Neighbor solicitation (NS)
 Neighbor advertisement (NA)
 Duplicate address detection (DAD)
IPv6 Routing Protocols

 RIPng: Same as RIPv2 except IPv6 compatible

 OSPFv3: Same as OSPFv2 except IPv6 compatible
 EIGRPv6: Same as EIGRPv6 except IPv6 compatible
IPv6 Migrating Technique

 Dual-Stacking: Each router interface has an IPv4 and IPv6

address.
 6to4 Tunnel: The router is configured to tunnel IPv6 traffic to
an IPv4 network and vice-versa.
 NAT-PT: The router translates a IPv6 address to an IPv4
address.
IPv6 Static Routing Example
s0/0
s0/0
FC00:3:3:1::/64
FC00:3:3:1::/64

R1
R2

f0/0 f0/0
FC00:3:3:2::/64 FC00:3:3:3::/64
 IPv6 Static Routing Example
s0/0
s0/0
FC00:3:3:1:201:97FF:FE08:1C01/64
FC00:3:3:1:240:BFF:FE48:3401/64

R1
R2

f0/0 f0/0
FC00:3:3:2:2D0:58FF:FE94:BA01/64 FC00:3:3:3:201:63FF:FE08:B701/64

R1 CLI
R1(config)# ipv6 unicast‐routing
R1(config)# ipv6 route FC00:3:3:3::/64 FC00:3:3:1:240:BFF:FE48:3401

R2 CLI
R2(config)# ipv6 unicast‐routing
R2(config)# ipv6 route FC00:3:3:2::/64 FC00:3:3:1:201:97FF:FE08:1C01
 IPv6 OSPFv3 Routing Example
s0/0
2000:3:3:1:201:97FF:FE08:1C01/64
R1
f0/0
2000:3:3:2:2D0:58FF:FE94:BA01
R1 CLI
R1(config)# ipv6 unicast‐routing
R1(config)# ipv6 router ospf 1
R1(config‐rtr)# router‐id 1.1.1.1
R1(config)# int f0/0
R1(config‐if)# ipv6 ospf 1 area 0
R1(config)# int s0/0
R1(config‐if)# ipv6 ospf 1 area 0
s0/0
2000:3:3:1:240:BFF:FE48:3401
R2
f0/0
2000:3:3:3:201:63FF:FE08:B701
R2 CLI
R1(config)# ipv6 unicast‐routing
R2(config)# ipv6 router ospf 1
R2(config‐rtr)# router‐id 2.2.2.2
R2(config)# int f0/0
R2(config‐if)# ipv6 ospf 1 area 0
R2(config)# int s0/0
R2(config‐if)# ipv6 ospf 1 area 0
 IPv6 EIGRPv6 Routing Example
s0/0
2000:3:3:1:201:97FF:FE08:1C01/64
R1
f0/0
2000:3:3:2:2D0:58FF:FE94:BA01
R1 CLI
R1(config)# ipv6 router eigrp 10
R1(config‐rtr)# no shutdown
R1(config‐rtr)# router‐id 1.1.1.1
R1(config)# int f0/0
R1(config‐if)# ipv6 eigrp 10
R1(config)# int s0/0
R1(config‐if)# ipv6 eigrp 10
s0/0
2000:3:3:1:240:BFF:FE48:3401
R2
f0/0
2000:3:3:3:201:63FF:FE08:B701
R2 CLI
R2(config)# ipv6 router eigrp 10
R2(config‐rtr)# no shutdown
R2(config‐rtr)# router‐id 2.2.2.2
R2(config)# int f0/0
R2(config‐if)# ipv6 eigrp 10 
R2(config)# int s0/0
R2(config‐if)# ipv6 eigrp 10
Security

 Access List: is a list of rules that can control the flow of

packets that are coming in or out of an interface.
 The rules are applied in the order that they are listed. So if a packet
gets passed line 1 then line 2 is tested if there’s no match
 Once a packet matches a line in the list no other rules will apply
 If there is no rule that can be applied to a packet then it’s discarded.
This is because of the “implicit deny” rule.
Access List Types

 Standard Access List

 Can only filter packets based off the source IP address
 Best if used to deny or permit packets from an entire network, subnet, or host
 Extended Access List
 Can filter packets based off the these conditions
 IP address: source or destination
 Network Protocol: IP, TCP, UDP
 Application Port: Port numbers like 23 for telnet or 80 for http
 Named Access List
 Can either be a “Standard Named Access List” or and “Extended Named Access
List.
 The main difference is that a Named Access List is referred to by a “Name”
instead of by a number
Inbound vs Outbound

 When you write any Access List it then must be applied to the Inbound or
Outbound direction of an interface.
s0/0 s0/0
192.168.50.1/24 192.168.50.2/24

R1
R2

f0/0 f0/0
192.168.100.1/24 192.168.200.1/24

Sales Finance

 When Sales wants to reach Finance this is the flow of the packets.
 Sales enters the f0/0 of R1 and exits the s0/0 of R1 then enters R2 on s0/0 and
exits f0/0 of R2 to enter Finance.
Access List guidelines

 An interface can only have one inbound list and one outbound list
 You put more specific rules at the top of your list
 New rules are always added to the bottom of the list
 You can not remove one line from an access list
 Unless your access list end with a permit any the rule of
implicit deny will discard the packet
 You create the access list then apply to the interface, if you do
not apply it to anything then it will not filter any packets
 Access list will not filter traffic that originates from the router
 Place Standard Access list as close to the destination as possible
 Place Extended Access list as close to the source as possible
 ACL Exercise

R1 R2

You are always R1 in this example.

• Create a Standard ACL to block the entire Sales network from going to Finance network except for host Jay. All other traffic should be allowed.
• Write an Extended ACL to block the entire Engineering network from going to the web server on host WebSrv1 except for host Sally. All other traffic
should be allowed.
• TEST: Check from each host to see if they can reach the appropriate destinations defined above.
Network Address Translation (NAT)

 NAT translates one IP address to another IP address

 Advantages
 Conserve public IP addresses
 Eliminates address overlap events
 Makes it easier to connect to the internet
 Eliminates address renumbering if your network changes
 Disadvantages
 Translation introduces switching path delays
 Cause loss of end-to-end IP traceability
 Certain applications will not function with NAT enabled
 Static NAT
 Translates One to One
s0/0
64.10.10.1/24

R1

f0/0
192.168.100.1/24

Web Server
192.168.100.10/24

R1 CLI
R1(config)# ip nat inside source static 192.168.100.10 64.10.10.10
R1(config)# int f0/0
R1(config‐if)# ip nat inside
R1(config)# int s0/0/0
R1(config‐if)# ip nat outside
Dynamic NAT
 Translates Many to Many
s0/0
79.10.10.1/24

R1

f0/0
192.168.100.1/24

200 Host

R1 CLI
R1(config)# ip nat pool TIA 79.10.10.2 79.10.10.250 netmask 255.255.255.0
R1(config)# access‐list 1 permit 192.168.100.0 0.0.0.255
R1(config)# ip nat inside source list 1 pool TIA
R1(config)# int f0/0
R1(config‐if)# ip nat inside
R1(config)# int s0/0
R1(config‐if)# ip nat outside
Overloading (PAT/PNAT)
 Translates Many to One
s0/0
24.1.10.1/24

R1

f0/0
192.168.100.1/24

200 Host

R1 CLI
R1(config)# ip nat pool MEGAPATH 24.1.10.1 24.1.10.1 netmask 255.255.255.0
R1(config)# access‐list 2 permit 192.168.100.0 0.0.0.255
R1(config)# ip nat inside source list 2 pool MEGAPATH overload
R1(config)# int f0/0
R1(config‐if)# ip nat inside
R1(config)# int s0/0
R1(config‐if)# ip nat outside
NAT Names

 Translates Many to One Outside Global s0/0

s0/0 Inside Global 74.125.228.65/24
64.10.10.1/24
R1
f0/0
192.168.100.1/24

Bob
Web Server
192.168.1.10/24
192.168.100.10/24
Inside Local Outside Local

Inside Local Inside Global Outside Global Outside Local

NAT Lab
s0/0 s0/1
74.20.99.10/24 64.55.10.1/24

R1
f0/0
192.168.100.1/24

Mail Server
192.168.100.10/24

Create a Static NAT rule to translate the mail server to the IP address of 64.55.10.2

Create a Dynamic NAT rule with the pool called “Verizon” and range of IPs 64.55.10.3 – 64.55.10.254
Allow the Sales network to use this pool

Create an Overload (PNAT) rule to overload the pool called “Timewarner” with the IP 74.20.99.10
Allow the Sales network to use this pool
Switches

 Three Switch Functions at Layer 2

 Address learning
 Switches learn MAC addresses and store them in the CAM
(Content Addressable Memory)
 Forward/Filter decisions
 Switches use the CAM table to decided whether to Forward a
frame or Filter it.
 Loop avoidance: (STP) Spanning Tree Protocol is used to avoid
causing a loop in your network.
Switch Address Learning
Address learning: switches learn the source MAC addresses of a frame and store it in
a Content Addressable Memory (CAM) filter table also referred to as a MAC address
table.

CAM/MAC forward/filter table

Fa0/0: 0000.8c01.000A Step 2
Fa0/0 Fa0/3
Step 1 Fa0/1 Fa0/2 Fa0/1: 0000.8c01.000B Step 4
3 4 3 3 Fa0/2:
Fa0/3:

A B C D
Switch Forward/Filter Decision
Forward/Filter decisions: when a frame is received it’s compared to the MAC address
table, when a match is found it’s then forwarded out that interface. If there is no
match then the frame is flooded.
Hub Switch

S1

Bob Sally
HEY JOHN! John
Spanning Tree Protocol

 Spanning Tree Protocol (STP) achieves its primary objective of

preventing network loops on layer 2 network bridges or switches by
monitoring the network to track all links and shut down the redundant
ones.
 STP uses the spanning-tree algorithm (STA) to first create a topology
database and then search out and disable redundant links.
 With STP running, frames will be forwarded on only premium, STP-
chosen links.
Spanning Tree Protocol Terms

 Root bridge: is responsible for telling all the other switches which ports to
use. The switch with the lowest priority will become the Root bridge. If
priorities match the switch with the lowest MAC address will become the
Root bridge.
 Non-root bridges: all switches that are not the root bridge.
 BPDU: is how switches exchange information.
 Bridge ID: is how STP identifies a switch on the network. It’s based off the
priority set on the switch plus the VLAN-ID. The switch with the lowest
bridge ID becomes the Root bridge.
 Port cost: is used to determine the best path to the Root bridge. The higher
the bandwidth the lower the cost.
 Path cost: when there are multiple links between a switch and the Root
bridge a switch will calculate the cost of the path based off the port cost.
Spanning Tree Protocol Ports

 Root port: port with the lowest cost leading to the root bridge and
used to forward frames to the root bridge.
 Designated port: is a port that has the lowest cost leading to certain
network segment and is allowed to forward frames.
 Non-designated port: is a port with a higher cost than a designated
port. This port is marked as a blocked port.
 Forwarding port: is a port that is forwarding frames. It’s either a Root
port or a Designated port.
 Blocked port: will not forward frames but will still listen to BPDUs from
it’s neighbors.
Spanning Tree Ports

1Gb S1 1Gb

100Mb 100Mb

S5 S2

100Mb 100Mb 100Mb 100Mb

S6 S7 S3 S4

100Mb 100Mb

Host B
Host A
Spanning Tree Protocol Port States

 Disabled: port is administratively down.

 Blocking: port is put into blocking mode to prevent a loop. Switch
ports are in blocking by default.
 Listening: port is listening for BPDUs to make sure there are no loops.
 Learning: port goes into learning to populate the MAC address table.
 Forwarding: port is allowed to send and receive frames.
Spanning Tree Protocol Types

 IEEE 802.1d: is the original Spanning Tree Protocol which is

considered very slow.
 PVST+: Cisco’s enhanced version of 802.1d which allows for each
VLAN to have it’s own root bridge.
 IEEE 802.1w: faster version of spanning tree known as Rapid
Spanning Tree (RSTP).
 Rapid PVST+: Cisco’s enhanced version of 802.1w which allows for
each VLAN to have it’s own root bridge.
PortFast and BPDU Guard

 PortFast: you can enable PortFast on a port connected to a single

host. Once enabled the port will NOT go into blocking mode
 BPDU Guard: the port will go into shutdown if a BPDU is received. This
is wise to do on a port which has PortFast enabled.
EtherChannel
 Allows you to combine multiple physical ports into acting a one logical interface.
 The new logical interface is known as a “Port-channel” which operates at the speed of all the
physical interface which were combined.
 Duplexing, Speed, and Encapsulation type MUST be the same on all interfaces that are being put
into an EtherChannel.

1Gb

500 hosts 500 hosts

S1 S2

1Gb

500 hosts 2Gb 500 hosts

S1 S2
1Gb
VLAN

 VLANs allow you to take a switch and break it up into multiple

broadcast domains.
 Benefits
 Broadcast control
 Each VLAN is it’s own broadcast domain
 Security
 Can only communicate within your VLAN
 Flexibility and scalability
 VLAN behave as though they’re their own LAN
VLAN Ports

 Access Port: Carries traffic for one VLAN

 Voice Access Port: Carries traffic for the trusted voice VLAN
plus an access VLAN
 Trunk Port: Tags frames with a VLAN ID to allow
communication of VLANs between switches
 Frame tagging is done with ISL or IEEE 802.1q
 Inter-Switch Link (ISL): Cisco proprietary
 IEEE 802.1q: Open standard
 Routing Between VLANs

Gi0/0 Gi0/2 Gi0/0

G0/1

You can route between VLANs by using a physical Alternatively you can route between VLANs using
interface on the router matched to an access port a Router On A Stick (ROAS). It’s comprised of one
on the switch. physical interface and many sub-interfaces.
Port Security

 Port Security: allows you to control which devices and how many devices
can be connected to a switch port.
switch(config)# int f0/1
switch(config‐if)# switchport port‐security maximum 1
switch(config‐if)# switchport port‐security mac‐address sticky

Bob’s work Bob’s laptop

computer
Basic Switch Commands
Setup Native VLAN
switch(config)# int vlan1
switch(config‐if)# ip address 192.168.30.1 255.255.255.0
switch(config‐if)# no shutdown

Set Bridge Priority

switch(config)# spanning‐tree vlan 1 priority 4096
switch(config)# do show spanning‐tree

Enable Rapid Spanning Tree Protocol

switch(config)# spanning‐tree mode rapid‐pvst
switch(config)# do show spanning‐tree
Switch Port Security Commands
Configure Port Security on a single interface
switch(config)# int f0/1
switch(config‐if)# switchport mode access
switch(config‐if)# switchport port‐security maximum 2
switch(config‐if)# switchport port‐security mac‐address sticky
switch(config‐if)# switchport port‐security violation shutdown
switch(config‐if)# switchport port‐security
switch(config‐if)# do sh port‐security

Configure Port Security on a range of interfaces

switch(config)# int range f0/2 ‐ 10
switch(config‐if)# switchport mode access
switch(config‐if)# switchport port‐security maximum 2
switch(config‐if)# switchport port‐security mac‐address sticky
switch(config‐if)# switchport port‐security violation shutdown
switch(config‐if)# switchport port‐security
switch(config‐if)# do sh port‐security
Switch EtherChannel Commands
Configure EtherChannel on 3500 series switch
switch(config)# int port‐channel 1
switch(config‐if)# int range f0/23 ‐ 24
switch(config‐if)# switchport trunk encapsulation dot1q
switch(config‐if)# switchport mode trunk
switch(config‐if)# switchport nonegotiate
switch(config‐if)# channel‐group 1 mode desirable
switch(config‐if)# do sh interface etherchannel

Configure EtherChannel on 2900 series switch

switch(config)# int port‐channel 1
switch(config‐if)# int range f0/23 ‐ 24
switch(config‐if)# switchport mode trunk
switch(config‐if)# switchport nonegotiate
switch(config‐if)# channel‐group 1 mode desirable
switch(config‐if)# do sh interface etherchannel
Switch VLAN Commands
Creating VLANs
switch(config)# vlan 2
switch(config‐vlan)# name Sales
switch(config‐vlan)# exit
Assigning VLANs to a single interface
switch(config)# int f0/1
switch(config‐if)# switchport mode access
switch(config‐if)# switchport access vlan 2
Assigning VLANs to a range of interfaces
switch(config)# int range f0/2 ‐ 10
switch(config‐if)# switchport mode access
switch(config‐if)# switchport access vlan 3
Verify VLANs
switch# sh vlans