1. Welcome to ICND1!

2. Big Picture- Network Administration and Engineering

3. Big Picture- Understanding Cisco Certification
4. Big Picture - Building a Cisco Lab

5. Network Fundamentals- Switches and Routers

Network switch:
Central connection point for devices
stackwise: combine switches together, merges them into one.

Hub: generates and repeats network signals, receive a signal and trasmmit to all
port except the one from it cames
Bridge: learn and filter MAC.
Layer 2 switch.
Layer 3 Switch: routing capabilities.
MAC: Media Access Control 12 DIGIT ADDRESS hexadecimal (a-f)

MAC Address table / CAM table:

Routers
Contains networks.
Moves data between networks, connects ddissimilar networks.
Router: blocks all broadcast traffic.
Allows everithing and denys by exception
WAP and Controller
Lower the frequency longer range, less bandwith.
2.4 OR 5 GHZ spectrums.
2.4 broadcast further, 3 clean channels 1, 5 & 11.
5, more concentrated signals.

Controllers: manage the AP, automatic configurations.

Firewall / IPS
blocks or allows traffic from moving between networks.
Does not have serial port.
denys everithyng and allows by exception.
Transparent: inspect traffic.
Routed mode: divides the network
Stateful filtering: sets the security zones, higher the number more secure, means
by defual allows traffic from a higher security zone to a lower one, not the
opposite.
wan, LOWER SECURITY, LAN, higher security.

IPS (intrusion prevention system)

Monitor unusual network behaviors, traffic and connections, signatures.

8. Network Fundamentals - Speed, Data Size, and Diagrams

Byte: 8 bits = 1 byte.
Bits
Byte storage MB.
bits: speed mb.

Etherchannel: bundle multiple links (UP TO 8) in a device to increase data

transfer.
Switches: CSMA/CD
Detects a collision
WAP: CSMA/CA
Tokeng ring technology, time slots to transmit.
9. Network Fundamentals- Cabling
Network cable, phisical layer.
MDF: Main distribution facilitie.
IDF

Ethernet: 100 meters.

CAT 5, 6, 7: refers to how tightly and twister are the cables.
STP, UTP. Shielded and unshielded twisted pair.

How are the pinouts

Straight Through
Used to connect different devices. Flip Receive Rx and Transmit Tx pins.

Crossover:
Used to connect same devices. Pins are alligned Tx-Rx.
Auto MDIX: ability to sets the pins Tx and Rx to match automatically.

Rollover:
Console port: port to configure the device. Pins are rolled 1-8, 2-7, 3-6, 4-5, 5-
4, 6-3, 7-2, 8-1.

Fiber optic
Multimode: 500 meters
Singlemode: (glass core).

10. Network Fundamentals- Stars, Mesh, and Hybrid

How devices are connected.
Mesh: Alls sites are directly connected.
Star: Hub and spoke, all devices connected to a central device.

11. IP Fundamentals- IP Communication Types

Can pass a router:

Unicast: one to one
Multicast: One to many
(IPV6 only)Anycast: one to closest

Cannot pass the router

Broadcast: one to all
DHCP
ARP

12. IP Fundamentals - Defining a Network (Part 1)

What is a network ?
devices grouped together that have the same network idenfier defined by a
mask
Classful address (mask)
Class A mask 255.0.0.0
Class B mask 255.255.0.0
Class C mask 255.255.255.0

GW: permit the host reach beyond networks.

First and last address cannot be used.
13. IP Fundamentals - Public and Private Addressing (Part 2)
Public and Private
Private addresses. (RFC1918). Are not able to route the Internet.
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

Public address: are able to route on the Internet.

NAT: Network address translation

Translate private address into public.
Ability to overload a public IP address.

14. IP Fundamentals -Gluing IP Communication Together (Part 3)

The need of Two Addresses.
MAC source and destination
IP Source and destination
ARP: Address resolution protocol, IP to MAC.
5 Minutes CAM remember.

15. IP Fundamentals - IP Protocols and TCP

TCP: Transmission Control Protocol
Reliable network communication
Creates a session to communicate.
TCP 3-WAY HANDSHAKE
TCP SYN
TCP SYN/ACK
TCP ACK

TCP Sliding Windwos (Windowing)

start sending small pieces of data and increases

UDP (User datagram protocol)

Unreliable network communication
used most of the times real time communication.

ICMP (Internet Control Message Protocol)

16. IP Fundamentals - Completing the End-to-End Story

ff.ff.ff.ff.ff.ff: broadcast mac address
Ports numbers: keeps order straigth in wich session go
80: HTTP
443: HTTPS
25: SMTP (email)
100: POP3 (email clients)
23: Telnet
22: SSH

Ports below 1024 are well know ports.

17. IP Fundamentals Tools You Can't Live Without

ping: test connectivity between devices ICMP protocol.
arp: resolves IP into MAC
telnet: manage devices TCP PORT 23, clear text. allows to see if a port is open.
nslookup: troubleshoot dns, verify the right name translates into ip address.
ipconfig: verify TCP/IPv4-v6 configuration.
18. Core Network Models - Cisco Three-Tier Architecture
Access Layer:
Distribution Layer:
Core Layer:

Collapsed core (2 tier model):

distribution + core
access core

19. Cisco Network Models Introduction to OSI (Speaking OSI)

Please do not trow sauce pizza away.

20. Cisco Network Models Practical OSI Communication

Application:
Presentation: HTML, JPEG, MP3, ENCRYPTION, how data is presented.
Session: Starts, manage and ends the session running.
------------------------------------------------------
Transport: *Pick Protocol(TCP/UDP). *Pick Port.
Network: IP address (end to end)
Data link: MAC Addreess (hop to hop)
Physical:

Encapsulation: pass the packet routh the OSI layers.

Frame format
FCS-DATA-TCP/UDP-SCRIPDESTIP-SRCMACDESTMAC
FCS, CRC: Frame check sequence.

21. Cisco Network Models The TCP-IP Model

Application Layer
Transport Layer
Internet Layer
Network Access Layer

22. Cisco Network Models Encapsulation, Frame Format, and Wireshark

23. IOS Fundamentals Defining the Purpose of IOS

IOS: CISCO DEVICES OS.
#privileged mode
(config)# global configurataion mode.
How to get to the IOS
Console port
Telnet
SSH.

24. IOS Fundamentals Enabling a Console Port Connection

console port: used to manage the device even without IP.
console cable / rollover cable.

25. IOS Fundamentals IOS Modes and Navigation

hostname> user mode

enable: takes from user mode to privileged mode.

hostname# privileged mode

disable: takes from privileged to user mode
configure terminal: takes from privileged mode to global configuration.
question mark (?): displays commands available in the mode.

hostname(config)# global configuration mode.

focus on global settings for the device.
able to access subconfigurations mode.

exit: go back one level at a time.

end: drop back all l eves at a time to privileged mode.
ctrl + z: drop back all leves at a time to privileged mode.

show ip interface brief: shows all the interfaces that are on a router.

no: negates a configuration command.

26. IOS Fundamentals Context Sensitive Help and Keyboard Shortcuts

Boot proccess
POST: Power on self check.
IOS LOAD: Takes the IOS and decompressed.
?: provides all the commands in the given context.
logging syncronouhs:
Tab key: finishes a partially typed command.
up arrow: scrolls up the commands used.
Down arrow: scrolls down the commands used.

CTRL + SHIT + 6: ABORT COMMAND.

no ip domain-lookup: disables the ip translates lookup.
show history: shows the command history typed on the device for the current
session.
ctrl a: takes to the begining of the line
ctrl e: takes to the end of the line.

27. IOS Fundamentals IOS Navigation Lab

28. IOS Fundamentals The File System of Cisco IOS

POST: POWER ON SELF TEST (ROM)

Inside the device

RAM: decompress the IOS and runs it, is volatile.
running config runs in ram.
NVRAM: non volatile ram, saves the configuration.
startup config resides here.
FLASH: Contains the IOS.
hostname# show flash
Saving configuration: copy running config startup config merge the configurations.

Factory reset CISCO DEVICE.

hostname# write erase (deletes de NVRAM, startup config)
hostname# reload

*brackets into command is the default.

#show running config(ram)

#show startup config (nvram)

Outsite the device

 TFTPD
HTTP
OTHERS

29. IOS Fundamentals Configuration Management

hostname(config)#enable secret password: command to create a password for
privileged exec mode
command secret: encrypts the password.
enable password: creates a priviled exec mode clear text password.
hostname# copy running-config tftp
copy the configuration to a tftp server.

30. IOS Fundamentals The Best Base Configuration Ever

>enable
#configure terminal
#hostname
config#banner motd * DO NOT ACCESS THIS DEVICE *

line console 0
password [password]
logging syncrhonous: repaint what it was typing.
login (requires login to this device)

line vty 0 15 (lines used for telnet and ssh access)

if telnet or ssh without sest a password: login required but no password set,
disconnect.
password [password]
logging syncrhonous: repaint what it was typing.
login [default config]

interface fastEternet 0/0

ip address x.x.x.x x.x.x.x or ip address dhcp
on a router by default all interfaces are down.
on a switch all interfaces are up by default.
status administratively down: fix it with no shutdown
status: physical layer
Protocol: datalink layer.

everytime you are in privileged mode and you misstype something it trys to telnet
the device.
no ip domain-lookup

service password encryption: very week (type 7), encrypts clear text password.

PROTECT THE TRANSITION FROM USER MODE TO PRIVILEGED

enable secret (type 5) [password], hashing encryption, prefered.
enable password [password]

31. IOS Fundamentals Preparing a Device for Remote Management

delete flas:vlan.dat: deletes the vlan database file.
#show vlan, vlan, name, status, ports.
#show ip interface brief
#line vty 0 15
#password [password]
#login

32. IOS Fundamentals Enabling SSH on a Cisco Device

ssh is an username and password protocol

1.hostname [configure hostname]

2.ip domain-name [domain] [configure domain name]
3.crypto key generate rsa: [generate the crypto key]
4.transport input ssh [enables ssh at lines vty]
5.username (user) password (password) creates username and password clear text.
username (user) secret (password) creates username and password encrypted.
6. login local

show users: shows the users connected to the device.

clear line vty: closes the vty session.

33. IOS Fundamentals Understanding Interface Syntax

#show ip interface brief
ip address
status: represents the physical layer, up down, administratively down(shutted
down).
protocol: represents the data link, is receiving a signal.

Cisco Interface syntax.

<Type><blade><module><port>

34. IOS Fundamentals Lab

35. Switching Fundamentals How Network Switches Work

Switches provide connectivity to all devices,
learn mac address CAM table 5 min.
forward traffic between devices
one broadcas many collision domain.
unkown mac adresses flood out all port except the one it receive it on.
CSMA/CD
CSMA/CA
every port on a switch is a collision domain.

36. Switching Fundamentals Finding Network Devices

37. Switching Fundamentals Configuring the Switch Management IP Address

vlan: creates virtual networks, default vlan 1.
vlan needs at least one active ports to be up, if doesnt have active port it will
be administratively down.
swtich managent vlan: used to managed the switch remotely.

38. Switching Fundamentals Speed and Duplex

Ethernet 10 Mbps
Fast Ethernet 100Mbps
Gigabit Ethernet 1000Mbps

auto duplex - auto speed: will try to negotiate with the other side.
half duplex: you can sed or receive at a time.
full duplex: you can sed and receive.

#show running-config interface (interface)

#show interface (interface)

(config)#interface (interface)
(config-if)#speed 100
(config-if)#duplex full
39. Switching Day-to-Day Understanding Port Security

limit the numer of mac address on each port.

limit what mac address can access the port
STATIC
STICKY (learn mac addresses)

Three response types:

Protect: will not allow the mac address pass trough, DONT SHUT DOWN THE PORT
Restrict:will not allow the mac address pass trough, logs the violation, DONT SHUT
DOWN THE PORT
Shutdown (default): Shutdown the port

40. Switching Day-to-Day Configuring Port Security

(config-if)#interface (interface)
(config-if)#switchport port-security

(config-if)#switchport port-security mac address (static]sticky)

*sticky learn mac address.

*shutdown is by default: disables the port ERR-DISABLED.

maximun 1 mac address is default.

#show port-security interface (interface)

41. Switching Day-to-Day Handling - The Network is SLOW!

42. Switching Day-to-Day Key Interface Counters

#show interface (interface): used to verify interface statistics.

Key performance counters:

speed/duplex
5 minute output rates
input errors
crc
collisions
late collisions
interface resets

runts: packet to small, drop.

giants: how bit a packet is, drop.
throttles:
input errors: packet is bad when is received by a switch.
crc: FCS checksum at the end of the frame to make sure the messages keeps intact.
collisions: indicates duplex missmatch, ocur within first 32 bytes of the frame.
late collisions: ocur after a 32 bytes, too long cable (100 meter)(too many devices
between)

*every port on a switch is a collision domain.

43. Switching VLANs The Concept that Changed the Networking World

*every interface of a router is a network (introduces a subnet)

VLAN (VIRTUAL LOCAL AREA NETWORK)
create multiple broadcast domain.
 creates multiple subnets/networks.
segment and isolates traffic.
extended between switches, stopped at router.
trunk ports (configured by default to carry vlans)
How we can route between vlan?

44. Switching VLANs Routing Between VLANs

ROAS (Router on the stick)
Trunk port (tagged interface)
implent sub interfaces: split a physical interface into logical subinterfaces

Layer 3 switching.
ASIC: Hardware able to do routing.
ip routing must be enabled.

45. Switching VLANs Trunking VLANs to Other Switches

tagging done with 802.1Q Protocol (ISL)
access ports
untagged, only can access one vlan.

How to configure trunk

DTP is enabled by default.
Manual: (TRUNK/ NONEGOTIATE)
Dynamic: (Dinaymic auto / dynamic desirable)
Auto: listening, passive mode. auto auto does not form a port.
Desirable: i want to be a trunk

#switchport nonegotiate
Turns down DTP.

what is the native vlan ?

designed for trunks port that receives untagged traffic.
all utagged traffic in a trunk will end in the native vlan.

46. Switching VLANs The Weird and Scary World of VTP

VTP (VLAN TRUNKING PROTOCOL, NOT A TRUNKING PROTOCOL): to replicate vlan between
switches. Runs over trunks port.
replicates VLAN.
VTP rev #: keeps track database revision.
vtp domain: domain to identify, has to match in all switches.
#show vtp status: to see what vtp is running on the switch.
VTP1:
VTP2: support token ring networks.
Configuration revision: database number.
Operating mode:
Client: switches cant modify vlan database just receive it.
Server: have the ability to modify the vlan database. (default)
Transparent: turn vtp off, VTP advertisment passtrough, wont block.

VTP pruning increases available bandwidth by restricting flooded traffic to those

trunk links that the traffic must use to access the appropriate network devices. By
default, VTP pruning is disabled.

47. Switching VLANs Configuring and Testing VLANs

#show vlan
shows what vlans exist on the switch and what ports are part of them.
#show interfaces (interface) switchport

#switchport mode access

#switchport access vlan (vlanid)

48. Switching VLANs Configuring Trunking and VTP

** vtp (v1-2)allows just configure vlans up to 1005
#show interface (interface) switchport
switchport:
Administrative mode: is what you configured as the port
Operational mode: how the port is acting.

#show vtp status

shows vtp status, configuration revision, vtp version

switchport trunk allowed vlans (vlans)

indicates what vlans are allowed to pass acrross the trunk.

49. Switch Troubleshooting Where to Look

Errdisable scenario.
#show ip interface brief
#show running-config
#show interfaces (interface)
#show interface status
#shutdown
#no shutdown

Slowness scenario
#show ip interface brief
#show interfaces (interface)
#show interfaces status
#clear counters interface (interface)
hardcode speed.
hardcode duplex.

Vlan mismatch scenario

#show interfaces (interface) switchport
#switchport trunk allow vlan add

50. Switch Troubleshooting Where to Look

by default all router interfaces are shuted down by default.
#show ip route
shows the routing tables.
Configuration of the default route
#ip route 0.0.0.0 0.0.0.0 (exit interface)
s*: asterisk defines cadidate default.

51. Routing Fundamentals Using Static Routes

#show ip route

How to configure static route.

#ip route (network)(mask)(next hop ip| exit interface)

With serial cable one site have to set the clock rate.
DCE: isp
DTE: me
#clock rate (rate) b/s
*routers only knows directly connected networks by default.

#show controllers.

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

If the gateway or last resort is not set packets will be discarded.

Floating static route

a static route configured with HIGHER ADMIMNISTRATIVE DISTANCE. Provides
redundancy.

Administrivative distance(FIRST NUMBER): how beliable is that route.

10.5.1.0/24 [10/0] via 10.5.5.1

*The more specific the route is, the better.

52. Routing Fundamentals Routing Between VLANs

ROAS (router on the stick)
create multiple subinterfaces(virtual).
*recommended the sub interface match the vlan.
encapsulation dot1q must be enabled.
*MUST MATCH THE VLAN.
some switches
#switchport trunk encapsulation dot1q.
#switchport nonegotiate

#show arp

Router
Create subinterfaces
#interface gigabit 0/0/0.10
#ip address x.x.x.x x.x.x.x
#encapsulation dot1q (encapsulation id)
MUST MATCH THE VLAN.

Turn on the physical interface.

Switch
Configure the port as trunk, if needed enable encapsulation dot1q
#switchport mode trunk
#switchport trunk encapsulation dot1q

53. Routing Fundamentals L3 Switching

To enable routing on L3 Switches
#ip routing

SVI must be configured (switch virtual interface)

#interface vlan (vlan id)
#ip address x.x.x.x x.x.x.x
*at least 1 port must be enabled on that SVI to active it

For telnet and SSH lines vty must have configured a password.
For telnet and SSH privileged exec mode must have configured a password.

54. Routing Fundamentals DHCP in a Routed World

BROADCAST BASED CENTRAL IP DISTRIBUTION.
DHCP from a network device, SAME NETWORK.
DHCP from a central DHCP server.
DHCP request are broadcast, router stops it.
DHCP relay must be configured, so the router convert the broadcast to an
unicast.

55. Routing Fundamentals Configuring DHCP

APIPA
if clients cant reach the DHCP server, 169.254 range.
#hostname
#ip dhcp pool (POOLNAME)
#ip dhcp excluded-address (x.x.x.x-x.x.x.x)
#network (network)(mask)
#default-router (router ip)
#dns-server (x.x.x.x x.x.x.x)

#show ip dhcp binding

*shows lease expiraton, client id (mac), ip leased.

How to configure DHCP relay.

TURNS DHCP BROADCAST REQUEST INTO AN UNICAST, configured in the interface
that face the broadcast.
#ip helper-address (host ip.)

56. Routing Protocols What are Routing Protocols

by default router just know about directly connected networks
Distance Vector
only know what the neigbor tells it.
RIP, EIGRP, BGP.
memory procesor eficient.
loop prevention mechanism needed.

Link state
maintain a map of the network system.
OSPF, ISIS.
resource consuming
loop free.

57. Routing Protocols Pick Your Flavor!

RIP V1(120): Broadcast based. everry 30 seconds complete route update, past 90
(down).
metric: how the routing protocol find the best path.
RIP: METRIC IS HOP COUNT.
OSPF(110): METRIC BANDWITH.

EIGRP (90)
UNEQUAL COST PATH LOAD BALANCING.

58. Routing Fundamentals Understanding RIPv2

Differences between v1 and v2.
v2 must be enabled.
sends advertisments with the entire routing table.
R1 sends a broadcast 255.255.255.255.
R2 multicast,
R1 CLASSFUL
R2 CLASSLESS.

#router rip
#version 2
# network x.x.x.x
tells what networks to advertise.
what interfaces send advertisments out of
59. Routing Protocols Configuring RIPv2
#router rip
#version 2
#network (x.x.x.x)
#show ip protocols

metric: how good is the route.

different class of network apply auto summatization

To disable it use:
#no auto-summary
Same metric causes equaly load balance.

60. IPv4 Subnetting Why are We Doing This

4 octect byte address.
Class A 1 - 127
Class B 128 - 191
Class C 192 - 223

ip address defines end to end destination

mac address defines hop to hop destination

the subnet mask defines the network.

61. IPv4 Subnetting Binary Conversion

128 64 32 16 8 4 2 1

62. IPv4 Subnetting Subnetting Based on Network Requirements

first ip represents the network
last represents the broadcast.
1. determine the number of networks and convert to binary.
2. reserves bits in subnet mask.
one equals the network cero equals the host.
more network bits less host bits
how many bits takes to determine the network NEEDED?
are we networks or hosts?
 increment: last network bit converted to decimal.

USE THE INCREMENT TO FIND NETWORK RANGES.

NETWORK RANGE - 2 = USABLE IP.

2 to the power of bits = network or host usable, host -2.

starts couting at zero.

63. IPv4 Subnetting Subnetting Based on Host Requirements

how many host per network.
1. Determine the number of host per network and convert to binary.
2. Reserve the bits in the mask and find increment.
3. increase the octect where the increment is located.
YOU CAN BE SAFE
NETWORK DECREASE 1
HOST INCREASE 1

64. IPv4 Subnetting Reverse Engineering a Subnet Problem

Identify wrong subnet.
Identify wrong ip assigment.
Find network identifier
Find the network broadcast
**THE INCREMENT IS LAST NETWORK BIT CONVERTED IN DECIMAL
**FIRST AND LAST IP ON THE NETWORK CANT BE USED
FIRTS IDENTIFIES THE NETWORK
LAST IDENTIFIEIS THE BROADCAST.

65. IPv4 Subnetting Variable Length Subnet Mask (VLSM)

Variable length subnet mask
Classless
fit network enviroment most efficient way.
*begin with larger subnet first.
what i am saving host or networks ?
**FIRST AND LAST IP ON THE NETWORK CANT BE USED
FIRTS IDENTIFIES THE NETWORK
LAST IDENTIFIEIS THE BROADCAST.

66. Access Lists Understanding Standard Access Control Lists

a list of permit and deny statments.

access controllers
NAT
quality of service
demand dial routing
policy routing
route filtering

**

STANDAR ACCESS LIST CONFIGURATION

#access-list (ID) permit|deny
**based on source

WILDCARD: REVERSE OF THE SUBNET MASK.

zeros are relevant.
ones are irrelevant.
#show access-list

List is read from top to bottom, stops at first match.

implicit deny at the botom
applied inbound / outbound
**perspective of being the router.

Types of access list.

Standard (1-99)
matches based on source address.
lower cpu

Extended (100-199)
matches on source|destination address, protocol, souce|destination port
number
higher cpu

Reflexive
allows return trafic for internal request.

67. Access Lists Configuring Standard Control Lists

Standard ACL block just by source.
Apply IN | OUT
Applied them as close to the destination as possible.

Configure STANDAR ACL

#access-list 10 permit|deny (host ip)(wildcard)
as standar access list are based in source you can use:
#access-list 10 permit|deny host (host ip)

**REMEMBER there is an implicit deny.

add a permite to avoid the implicit deny if now everything will
be blocked.
#permit any
or
#permit 0.0.0.0 0.0.0.0

wildcard: inverse of subnet mask zeros are relevants.

To apply standard access list this must be configured on inbound|

outbound interface.
**THINK AS THE ROUTER.
#interface (interface)
#ip access-group (access-list ID) in|out

If numbered with standard Access-list is used then remember rules can’t

be deleted. If one of the rule is deleted then the whole access-list will be
deleted.

If named with standard Access-list is used then you have the

flexibility to delete a rule from access-list.

Standard access-list uses the range 1-99 and extended range 1300-1999.
in standar ACL the whole network or subnet is blocked.

ONE ACL PER DIRECTION PER INTERFACE.

to find wildcard mask of subnets substract from 255.255.255.255 the subnet mask.

68. Network Address Translation Technology Overview

PAT ALLOWS TO OVERLOAD A SINGLE PUBLIC ADDRESS

PUBLIC+PORT = SOCKET.

STEPS TO CONFIGURE NAT OVERLOAD

1. create ACL to indentify address to be translated.
**NAT CANNOT BE CONFIGURE WITHOUT THIS.
2. identify the inside and outside interface.
3. Define NAT operations on cisco router.
STEP 1
#access-list 10 permit 192.168.1.0 0.0.0.255
STEP 2
#ip nat inside (apply on inside interface)
#ip nat outside (apply on outside interface)
STEP 3
#ip nat inside source list (acl id) interface (exit if) overload

overload is the keyword that allows to use PAT

#show ip nat statistics

Total translations: 0 (0 static, 0 dynamic, 0 extended)

Outside Interfaces: GigabitEthernet0/0/0
Inside Interfaces: GigabitEthernet0/0/1
Hits: 12 Misses: 12
Expired translations: 12
Dynamic mappings:

#show ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 200.1.1.1:33 192.168.1.3:33 200.1.1.2:33 200.1.1.2:33
icmp 200.1.1.1:34 192.168.1.3:34 200.1.1.2:34 200.1.1.2:34
icmp 200.1.1.1:35 192.168.1.3:35 200.1.1.2:35 200.1.1.2:35
icmp 200.1.1.1:36 192.168.1.3:36 200.1.1.2:36 200.1.1.2:36

inside local: who originated the request.

inside global: who translated the request.
outside global:
outside local:

70. Network Address Translation Configuring Static NAT

regularly used public network to internal network
always is two ways

ip nat inside source static (inside local ip) (outside global)

inside local: internal private to translated
outside global (global ip to translate)
#ip nat inside source static tcp (inside local ip) (local tcp port) (inside global
address) (global port)
#ip nat inside source static tcp (isnide global)(local port) (inside global)
(global port )
71. IPv6 Welcome to the New Addressing World
ipsec everywhere
mobility
simpler header.

ipv4 32 bit
ipv6 128 bit
8 groups 4 hexa characters (0 to 9 )(A to F)
2001:0db8:85a3:0000:0000:8a2e:0370:7334

HOW TO SHORTEN
ELIMINATE CONSECUTIVE ZEROS WITH :: (ONLY ONCE)
2001:0db8:85a3:0000:0000:8a2e:0370:7334
2001:0db8:85a3::8a2e:0370:7334

DROP LEADING ZEROS

2001:0db8:85a3::8a2e:0370:7334
2001:db8:85a3::8a2e:370:7334

72. IPv6 New Communication and Address Types

Unicast: one to one
Multicast: one to many
Anycast: one to closest
broadcast: DONT EXIST.

DHCP RELAY AGENTS

FF02::1:2
ARP was replaced with NDP.(network discovery protocol)

Different type of IPV6 Addresses

multiple addresses assigned to the device. lINK LOCAL SCOPE, global
scope
LINK LOCAL: automatically generated by computer, local
communication on that network.
UNIQUE / SITE LOCAL: closest to private address.
Glocal scope address: works INTERNET.

LINK LOCAL Address (FE80)

similar to 169.254.x.x
eui-64: mechanism for a host to generates his own ipv6 link local adress.
takes 48 bit mac address.
adds rigth in the middle FFFE for last 64 bits (host portion /64
boundary.)
MICROSOFT DONT USE EUI-64
RFC 4941: PRIVACY EXTENSION IPV6 (hashes the mac)

GLOBAL Addresses(2000::/3) first 3 BITS SET TO 001

NAT 64: TRANSLATES 6 TO 4
GLOBAL PREFIX (N BITS) SUBNET ID (64-N BITS) INTERFACE ID (64 BITS)

73. IPv6 Client Addressing

GLOBAL: PUBLIC IP ADDRESSES ROUTABLE ISP. (starts with 2)

LINK LOCAL: generated automatically, most commo eui 64 takes mac and adds to
it FFFE, starts with FE80.
UNIQUE LOCAL: PRIVATE IP ADDRESS. DONT ROUTE TO INTERNET.
 Multicast
Anycast

16 bits = hextets.

#show license udi

shows product ID
show licence ID

FC00::/7 UNIQUE LOCAL

FF02::/8 Multicast
FE80::/10 LINK LOCAL
2000::/3 GLOBAL UNICAST
FF02::1 ALL NODES SAME LINK
FF02::2 ALL ROUTERS SAME LINK
FF02::9 ALL RIP SAME LINK.
ff02::1::ffxxxxxxxxx SOLICITED NODE (used ind DAD)
resolve IPV6 link local to its link layer.

HOW THE CLIENTE GET THE IPV6 ASSIGNMENT

STATIC
DHCPV6(MULTICAST POWERED)
SLACC: STATELESS ADDRESS AUTO CONFIGURATION
1. DINAMICALLY ASK ROUTER TO DISCOVER THENETWORK (WHAT NETWORK AM I
ON)
2. GENERATES THE HOST PORTION OF THE ADDRESS. (DAD)
3. THEN THIS WILL BE MY GLOBAL ADDRESS.

FF02:: REPRESNTES THE MULTICAS ADDRESS IPV6.

74. IPv6 Interface Configuration and Static Routing

#ipv6 unicast-routing
turns ipv6 routing proccess

#ipv6 address
#show ipv6 interface brief.
#show ipv6 interface
loopback interface
interface online and accesible if the router is running.

#ipv6 route x.x.x.x/64 next hop ip

#show ipv6 route

75. Device Management Logging via Syslog

date and time | sys (facility) | severity
facility: what entity generates the message
severity:
0 e emergency
1 a alert
2 c critical
3 e error
4 w waring
5 n notification
6 i informational
7 d debbuging (only debugs)
#terminal monitor
command used to see logging on ssh and telnet sessions.

#logging host x.x.x.x

create a syslog server.

76. Device Management Backing Up and Restoring the IOS and Configuration on a Cisco
Device
#verify /md5 source:filename (md5)
#license install source:filename
flahs:...

flash: stores the IOS.

bakcup to the TFTP server

copy source destination
#copy flash: tftp:
#show flash:
#squeeze flash:

running config is always a merge.

77. Device Management The Network Time Protocol (NTP)

Usable for logfiles, certificates.

Set for an ntp server
listen to ntp multicast
listen to ntp broadcast

#show clock.
#clock set

#show ntp status

#show npt associations
#clock timezone

78. Device Management Password Recovery