Ccna R&S

CCNA_DAY_1:
Router is about WAN.

Switch is about LAN.
PCs between the two different LANs are communicating via the Router.
PCs within the LAN are communicating directly.
Share the data to your friend via the internet[ISP(Internet Service Provider]].
IP phones are used within the LAN for communication.(collaboration/previously
voice)
VoIP[Voice over IP] depends on the internet speed.
100 Employees cannot exists in a single LAN.
Divide 100 Employees into LAN-1(25),LAN-2(25),LAN-3(25),LAN-4(25).
Switches are used indide the LAN.
Routers are used outside the LAN[means WAN].
Finally all the Routers are connected.
Two different LANs are connected via the ISP.
ISP handles more traffic with the high end routers.
Servers with the range 200GB-1TB RAM is required in the security space.
------------------------------------------------
Router----------------------------------------------
CCNA_DAY_2:
Router:
L3 device.
Router deals with the IP address.
Router maintains the database as a routing table.
Routers are used on the WAN side(Betwenn 2 different networks).
Router deals with the Broadcast Domains.
No.of.Broadcast Domains = No.of.Active Ports.
Inside end points(pc's,laptop's)

These end points are internally connected via the switch.
Node(Don't use the word PC,Computer,printer,use only the word Node)
----------------------------------------------------------
Terms:
Unicast--------------------------------->One to one communication.
Broadcasting---------------------------->One to all.
Multicasting---------------------------->One to more than one,but not to all.
Anycast(type of unicast)(part of ipv6)-->Distance is a parameter.
----------------------------------------------------------
Broadcast Domain:
CCNA classroom(Network a)-(Trainer Amit)-Single Broadcast Domain(Limited
Boadcasting Area).
CCNP classroom(Network b)-(Trainer Puneeth)-Single Broadcast Domain.
CCIE classroom(Network c)-(Trainer Sushil)-Single Broadcast Domain.
By default,there is no communication between the two different Broadcast Domains.
Collision Domain:
When two devices are trying to exchange the data at the same time(collision
happens).
collision happens between the two devices due to half-duplex within the same
broadcast domain.
----------------------------------------------------------
Full-duplex:
If device A and device B are connected by a single cable.
Virtually,there are two different ways in opposite directions.
At present,Networking industry is using full duplex,no half duplex.
In full duplex,there is less possibilities for collision.
Full duplex Example :mobile phone.
By default,Full duplex is enabled.
Half duplex:
Only one person can communicate at the same time(not two persons at the same time).
Half duplex Example:Walky talky.
----------------------------------------------------------
Hub:
L1 device.
Dumb device.
Single Broadcast Domain.
Single Collision Domain.
Collision between the two devices causes entire system to gets shut down.
Hub is a centralized device.
Troubleshooting is easy in the network.
PC1 is connected with all the PCs without any centralized device(Mesh
Topology).
Troubleshooting at the Physical Layer is very complex.
-----------------------------------------------------------------------------------
-----
Name---------->Amit(Name doesn't change).
Employee ID--->125(Employee Id changes).
Addresses types:
1.IP address[also known as Logical address][Eg:Employee Id].
2.MAC address[also known as Physical address][Eg:Name].
1.IP address[Employee Id]:

IP address changes.
IP address is divided into two parts.

a).IPv4.
b).IPv6.
Example:mobile number.
Router always uses IP address as a parameter.
2.MAC address[Name]:
MAC address cannot change.
Example:Home address.
Both IP address and MAC address are used to transfer the data from one device to an
other device.
Switch always uses MAC address as a parameter.
----------------------------------------------------------
Switch:
L2 device.
Intelligent device.
Router deals with the MAC-address.
Single Broadcast Domain.
No.of.Broadcast Domains=No.of.Vlans.
No.of.Collision Domains=No.of.Active Ports.
Full-duplex.
Single Broadcast Domain is divided into Sub Broadcast Domains at the same time with
the VLANs.
Switch has 24 ports.

All the 24 ports are the part of the Default VLAN[Native VLAN].
Nexus switch has 3000 ports.
Collision between the two PCs will not impact the entire system to gets shut down.
-----------------------------------------------------------------------------------
--
OSI Model(7 Layers):
Example:IBM device suits only with the IBM device during 1970's.
IBM device will not suits with the HP device.
IEEE introduced an OSI Model.
Layer7->Application Layer[Top Layer].

Layer6->Presentation Layer.
Layer5->Session Layer.
Layer4->Transport Layer.
Layer3->Network Layer.
Layer2->Data link Layer.
Layer1->Physical Layer[Bottom Layer].
----------------------------------------------------------
Switch-------------------------------------------------------------
CCNA_DAY_3:
Switch:
By default,Single Broadcast Domain.
No.of.Collision Domains = No.of.Active Ports.
By default,Native Vlan.
All the 24 ports are the part of the Native Vlan(Vlan1).
Example:
IT department(VLAN 10)(Single Broadcast Domain).
VLAN 10(Single Broadcast Domain) consists of 4 PCs.
PC-1 sends a packet via the switch to the PC-2,not with the PC-3,PC-4 in a Single
Broadcast Domain.
Switch broadcasts that packet to the PC-2,PC-3,PC-4.
MAC address is the only solution within the same VLAN 10[Single Broadcast Domain].
Switch deals with the MAC address.
Switch maintains a database[MAC address Table/CAM Table].
4 PCs MAC addresses are connected with the Switch.
PC-1 sends a packet to the switch.

Switch checks the interface belongs to the VLAN 10.
Switch checks the destination MAC address and its respective interface exists in
its MAC address table.
Switch uses the two terms for differentiation.
1.VLAN.
2.MAC address.
Scenario-1:
If MAC address table is already updated(Unicasting from the 2nd time).
Scenario-2:
If MAC address table is not already updated.
Once the MAC address table gets updated for the 1st time broadcasting.
Unicasting from the 2nd time.
Scenario-2 steps:
Step-1:Switch checks its interface.
Step-2:Switch checks the packet source MAC address(MAC address table updation).
Step-3:Switch checks the packet destination MAC address.
Switch broadcasts the packet for the first time.
PC-2 received the packet successfully.
Now,PC-2 reply reaches to the switch.
Again,switch checks its interface.
Switch updates its MAC address table.
Switch checks the source MAC address in its MAC address table.
2nd time,Switch checks the destination MAC address in its MAC address table.
2nd time,direct Uni-casting happens.
----------------------------------------------------------
Broadcasting in Router-Broadcasting(one to all).
Router maintains a database(Routing Table).
----------------------------------------------------------
Intentional Broadcasting in the switch-Flooding(one to all).
Un-intentional Broadcasting in the switch-Unknown Unicasting.

Unknown Unicasting MAC address table is not updated.
Switch is not aware about the destination MAC address.
Use the Flooding in ARP/GARP/DHCP-
Switch product family:

1.Catalyst Switch-EP/SEC/COLLABORATION.
2.Nexus Switch-DATA CENTER.
RJ-45 connector is used for the Fast-ethernet cable,Ethernet cable.

SPF connector is used for the Fibre optic cable.
Fibre optic cable(10 GbpS) speed is faster than the Fast ethernet cable(1 GbpS)
speed.
-----------------------------------------------------------------------------------
------
CCNA_DAY_4:
Transmission and Reception of the traffic is possible from the Router.
Transmission and Reception of the traffic is not possible through the Router.
-----------------------------------------------------------------------------
Unknown Unicasting:
Steps during the packet transfer towards the switch interface:
1).Switch checks its interfaces,in which the packet[SIP,DIP,SMAC,DMAC] is
receiving.
2).Switch checks the source MAC address.
3).Switch checks the Destination MAC address.
Now,CAM Table[or MAC Table] gets updated.

The packet gets broadcasted for the first time on all the Active interfaces.
----------------------------------------------------------------------------
Two methods to update the MAC address Table:
1).Static method.
2).Dynamic method.
1).Static method:
Static entry never expires,until the manual deletion of the entry.
2).Dynamic method:
Dynamic entry expires after 300 seconds[5 minutes].
Different MAC address Tables has different timer.
By default,MAC address table has a 300 seconds timer[5 minutes].
After 300 seconds[5 minutes],timer gets expired,dynamic entries would be flushed
out from the MAC address Table.
During successfull reply,again timer gets updated to 300 seconds.
Manual manipulation of the timer is possible.
----------------------------------------------------------
IP Addressing:
There are two types of IP addresses:
1).Logical ip address.
2).Physical ip address.
Two options in Logical ip address:

a).IPv4.
b).IPv6.
a).IPv4 address:
Consider IPv4 as a container.
Container contains billions of IP addresses.
Container size is 32-bits[4 bytes].
[2^32=4,29,49,67,296 Crores][4.29 billion IPaddresses] is the total no.of.IPv4 ip

addresses in the IPv4 container.
IPv4 address has 4 octates:

octate1-8 bits.
octate2-8 bits.
octate3-8 bits.
octate4-8 bits.
---------------
Total-32 bits.
---------------
All the 4 different octates are seperated by a dot[Don't say as a Point/Decimal].
Conversion:
a).Conversion of Binary to Decimal:
Minimum Binary value[00000000]/Octat->Sum=0[Minimum Decimal value]/Octat.
Maximum Binary value[11111111]/Octat->Sum=255[Maximum Decimal value]/octat.
Octat1:0-255[256].
Octat2:0-255[256].
Octat3:0-255[256].
Octat4:0-255[256].
Formula for conversion:[128+64+32+16+8+4+2+1=255]

[2^7] [2^6] [2^5] [2^4] [2^3] [2^2] [2^1] [2^0]
[128] [64] [32] [16] [8] [4] [2] [1]
b).Conversion of Decimal to Binary.

Start from Left to Right by using the formula.
Numbering concept:
Bits->Individual 0[1 bit] means ON-Bit and Individual 1[1 bit] means OFF Bit.
Bytes[or octate]->Bytes is a combination of 8 bits[1 byte or 1 octate].
Binary numbers:[Eg:01010101].
Hexadecimal numbers.
b).IPv6 address:
Consider IPv6 as a container.
Container contains millions of IP addresses.
Container size is 128-bits[16 bytes].
3.4028236692093E38 is the total no.of.IPv6 ip addresses in the IPv6 container.
----------------------------------------------------------
MAC address Table size is 48-bits[6 bytes].
----------------------------------------------------------
IPv4 address has 4 octates.
Consider Octate 1 as a Container.
Octate1 always starts from 0[Minimum value] and ends with 255[Maximum value].
Octate1[Container] is divided into 5 classes:

Range[Reserved[Pre-defined] by IEEE Organisation]
1).class A[0-127][class A is divided into 128 different parts].
2).class B[128-191][class B is divided into 64 different parts].
3).class C[192-223][class C is divided into 32 different parts].
4).class D[224-239][class D is divided into 16 different parts].
5).class E[240-255][class E is divided into 16 different parts].
256-Out of range.
class A example:1.1.1.1
class B example:128.1.1.1
class C example:192.1.1.1
class D example:224.1.1.1
class E example:240.1.1.1
Devices cannot read the IP address directly.

Subnet mask is used by the device to read the IP address.
class A,class B,class C are reserved for the humans.

class D is reserved for the multicast IP address.
class E is reserved for the research and development organisations like ISRO,NASA.
class A Subnet mask:255.0.0.0

class B Subnet mask:255.255.0.0
class C Subnet mask:255.255.255.0
IP address cannot be assigned without defining the subnet mask.

---------------------------------------------
Two types of classes:
1).Classfull.
2).Classless.
1).Classfull:
Eg:150.0.0.0/23
Network and the '/'value is from the same class.
This is Classfull.
Class A Class B Class C

/8 /16 /24
/9 /17 /25
/10 /18 /26
/11 /19 /27
/12 /20 /28
/13 /21 /29
/14 /22 /30
/15 /23 /31
/32
2).Classless:
Eg:150.0.0.0/25
Network is from the class B,but '/' value is from the class C.
This is known as Classless.
----------------------------------------------------------
1).Classfull:
Host bit:
Host bit is always represented with '0'.
We can change the host bit from 0 to 1.
Network bit:
Network bit is always represented with '1'.
We cannot change the Network bit from 1 to 0.
Class A subnet mask:

[Octate1] [Octate2] [Octate3] [Octate4]
Decimal number 255 . 0 . 0 . 0
Equivalent Binary number 11111111 00000000 00000000 00000000/8
Network part Host part Host part Host part
'/8'means 8 network bits[11111111].

'/8'->Slash value.
Slash value always defines Network bits not Host bits.
Total bits-32 bits.

Network bits-8 bits.
Host bits-24 bits[Network bits-Total bits].
Class B subnet mask:

Decimal number 255 . 255 . 0 . 0
Network part Network part Host part Host part
'/16'means 16 network bits[11111111 . 11111111].
Total bits-32 bits.

Class C subnet mask:

Decimal number 255 . 255 . 255 . 0
Network part Network part Network part Host part
'/24'means 24 network bits[11111111 . 11111111 . 11111111].
Total bits-32 bits.

---------------------------------------------------------
Class A Network:10.0.0.0/8[11th container in the class A]
Minimum possibility:[Octate1] [Octate2] [Octate3] [Octate4]
[0-255] [0-255] [0-255] [0-255]
10 . 0 . 0 . 0
Network Host part Host part Host part
part
Maximum possibility:[Octate1] [Octate2] [Octate3] [Octate4]
[0-255] [0-255] [0-255] [0-255]
10 . 255 . 255 . 255
Network Host part Host part Host part
part
Find out the class to which the IP address belongs?

Octate1 is used to identify the given IP address belongs from which particular
class.
----------------------------------------------------------
Network:10.0.0.0/8[Range:10.0.0.0 to 10.255.255.255]
First IP address:10.0.0.0
Last IP address:10.255.255.255
In between the 10.0.0.0[First IP address] and the 10.255.255.255[Last IP
address],more than 10 million IP address exists.
----------------------------------------------------------
CCNA_DAY_5:
Example for comparision:
School building -> Floors -> Rooms -> Students.
IPv4 -> Class A[0-127] -> Networks -> IP address/Hosts.
Class B[128-191]
Class C[192-223]
Class D[224-239]
Class E[240-255]
Total no.of.rooms on 1st floor.

Total no.of Students in a class.
Total studentson 1st floor.
Total no.of networks in class A.

Total no.of host[IP address] in a network.
Total no.of host in class A.
----------------------------------------------------------
Assume,IPv4[Container] has 1000 IP addresses.
1000 IP addresses are divided into 5 parts[Classes],so [1000/5].
Assume,class A[container] contains a part of 256 IP addresses.
Class A has 128 networks[0-127=128 networks].
So,256 IP addresses are further divided into 128 parts[256/128=2 IP addresses].
So,2 IP addresses in a network.
class A subnet mask-255.0.0.0/8

No.of network bits-8.
No.of host bits-24.
Total no.of networks in class A=2^(N-1).

=2^(8-1)
=2^7
=128 networks.
Total no.of hosts[IP addresses] in a network=2^H

=2^24
=1,67,77,216 hosts[IP addresses].
Total no.of valid hosts[IP addresses] in a network=2^H-2

=2^24-2
=1,67,77,216-2
=1,67,77,214 valid hosts[IP
addresses].
Total no.of hosts[IP addresses] in class A=[Total no.of networks in class A] *

[Total no.of hosts in a network]
=128 networks * 1,67,77,216 hosts.
=2147483648 hosts[IP addresses].
Note:
N represents Network bits.
H represents Host bits.
----------------------------------------------------------
class B subnet mask-255.255.0.0/16
No.of host bits-16.
Total no.of networks in class B=2^(N-2).

=2^(16-2)
=2^14
=16,384 networks.

=2^16
=65,536 hosts[IP addresses].

=2^16-2
=65,536-2
=65,534 valid hosts[IP addresses].
Total no.of hosts[IP addresses] in class B=[Total no.of networks in class A] *

=16,384 networks * 65,536 hosts.
=1,07,37,41,824 hosts[IP addresses].
Note:
----------------------------------------------------------
class C subnet mask-255.255.255.0/24
No.of host bits-8.
Total no.of networks in class C=2^(N-3).

=2^(24-3)
=2^21
=20,97,152 networks.

=2^8
=256 hosts[IP addresses].

=2^8-2
=256-2
=254 valid hosts[IP addresses].
Total no.of hosts[IP addresses] in class C=[Total no.of networks in class A] *

=20,97,152 networks * 256 hosts.
=53,68,70,912 hosts[IP addresses].
Note:
-------------------------------------------------------------
Class No.of Networks No.of Hosts[IP adresses] in a network
A 128 1,67,77,216
B 16,384 65,536
C 20,97,152 256
According to class,No.of Networks are increasing.

No.of IP addresses are decreasing.
Important note:
No.of Networks are inversely proportional to the No.of Hosts[IP adresses] in a
network.
----------------------------------------------------------
class A subnet mask -255.0.0.0/8
N H H H
0.0.0.0/8-Invalid
1.0.0.0/8[1.0.0.0.0/8 network has 1,67,77,216 IP addresses]
2.0.0.0/8[1.0.0.0.0/8 network has 1,67,77,216 IP addresses]
.
.
.
.
127.0.0.0/8->Loopback network[Reserved].
Loopback is used for the self-checking.
we can assign 1,67,77,216 IP addresses in a single network.

otherwise no.of networks will gets changed.
0.0.0.0/8[Invalid network] is used in Network-id concepts.
class A:
Network:1.0.0.0/8
N H H H
No.of Hosts[IP adresses] in a network:1,67,77,216.
Always starts an IP address assignment from right to left.
Octate 4:
1.0.0.0[1st IP address]
1.0.0.1
1.0.0.2
.
.
.
1.0.0.255
Now,octate 4 is full[0-255].
Maximum 255 IP address can be assigned in a single octate.
we have 1,67,77,216 IP addresses.
we have assigned 255 IP addresses.
255 ip addresses can be assigned in the next octate.
we can change the IP addresses in 3 octates.
Octate 3:
1.0.1.0
1.0.1.1
1.0.1.2
1.0.1.3
.
.
.
1.0.1.255
1.0.2.0
1.0.2.1
1.0.2.2
1.0.2.3
.
.
.
.
1.0.2.255
Obviously after sometime octate3 would become 1.0.255.255
Octate 2:
1.1.0.0
1.1.0.1
.
.
.
1.1.0.255
.
.
.
1.1.1.0
Octate1 cannot be changed,because octate1 contains network bits.
Overall:
First IP address[Reserved] in class A:1.0.0.0
.
.
.
Last IP address[Reserved] in class A:1.255.255.255
1,67,77,216 IP addresses exists in between 1.0.0.0 - 1.255.255.255.

Valid IP addresses=1,67,77,216 - 2
=1,67,77,214 valid IP addresses.
First IP address is reserved for the Network-id.

Last IP address is reserved for the broadcast-id.
1,67,77,214 valid IP addresses can be assigned in the single network.
----------------------------------------------------------
Class A Task:
10.0.0.0/8
10.0.0.0[Network-id]
10.0.0.1[First valid IP address]
.
.
.
10.255.255.254[Last valid IP address]
10.255.255.255[Broadcast IP address]
Eg:
10.0.0.0/8 and 10.1.0.0/8 belongs to the same network.
Because,Network parts are same.
----------------------------------------------------------
Class B:
class B subnet mask-255.255.0.0/16
150.0.0.0/16
N N H H
we have 16,384 networks in class B.
Eg:
150.0.0.0/16 and 150.1.0.0/16 belongs to the different network.
Because,Network parts are different.
150.0.0.0/16[150.0.0.0/16 network has 65,536 IP addresses]

150.1.0.0/16[150.1.0.0/16 network has 65,536 IP addresses]
65,534 valid IP addresses can be assigned in the single network.

----------------------------------------------------------
150.0.0.0/16
150.0.0.0[Network-id]
150.0.0.1[First valid IP address]
.
.
.
150.0.0.254[Last valid IP address]
150.0.0.255[Broadcast IP address]
Obviously after sometime octate 4 would become 150.0.0.255
150.0.1.0
150.0.1.1
.
.
.
150.0.1.254
150.0.1.255
150.0.1.255
.
.
.
150.0.255.255
N N H H

Overall:
150.0.0.0/16:
150.0.0.0[Network id]
.
.
.
150.0.255.255[Broadcast id]
----------------------------------
Task:
160.0.0.0/16:
----------------------------------------------------------
Class C:
class C subnet mask-255.255.255.0/24
200.0.0.0/24
N N N H
200.1.0.0/24
N H H H
200.0.1.0/24
N H H H
200.0.0.0/24,200.1.0.0/24,200.0.1.0/24 Belongs to the different networks.

Because,Network parts are different.
200.0.0.0/24[200.0.0.0/24 network has 256 IP addresses]

200.0.0.0/24
N N N H
200.0.0.0/24[Network id]
200.0.0.1/24
200.0.0.2/24
.
.
.
200.0.0.255[Broadcast id].
----------------------------------------------------------
Tasks:
192.168.0.0/24:
N N N H
192.168.0.0/24[Network id]
N N N H
.
.
.
192.168.0.255/24[Broadcast id]
N N N H
172.168.0.0/16:
N N H H
172.168.0.0/16[Network id]
N N H H
.
.
.
192.168.255.255/16[Broadcast id]
N N H H
201.0.0.0/24:
N N N H
201.0.0.0/24[Network id]
N N N H
.
.
.
201.0.0.255/24[Broadcast id]
N N N H
111.0.0.0/8:
N N N H
111.0.0.0/8[Network id]
N H H H
.
.
.
111.255.255.255/24[Broadcast id]
N H H H
----------------------------------------------------------
3 routers are connected in a series.
we cannot transfer the broadcast traffic from one network to an other network.
By default,no communication between the two broadcast domains.
Communication can be established between the two broadcast domains by using the
static routing,default routing,dynamic routing protocols only for the unicast
traffic,multicast traffic not for the broadcast traffic.
Router is not capable to transfer the broadcast traffic from one interface to an
other interface.
----------------------------------------------------------
CCNA_DAY_6:
Subnetting:
Vlan is used to divide a single broadcast domain into a small broadcast domains.
Note:
Public IP address-Paid.
Private IP address-Unpaid.
Consider Network A has 100 devices.

Purchase 120 public IP addresses from the ISP[Airtel].
Class A has 128 networks.
Total no.of hosts[IP addresses] in class A=1,67,77,216 IP addresses.
11.0.0.0/8[11.0.0.0/8 network has 1,67,77,216 IP addresses] is one of the 128
networks.
ISP[Airtel] charges based on no.of IP addresses.
ISP[Airtel] will not charges based on no.of networks.
ISP[Airtel] charges 1000 rupees for an IP address in a month.

For 1,67,77,216 IP addresses= 1,67,77,216 * 1000
=1,677,72,16,000 rupees in a month.
Purchase 120 public IP addresses out of from the 1,67,77,216 IP addresses

ISP[Airtel].
Disadvantages:
1).Cost increases.
2).Wastage of IP addresses is high[1,67,77,216-120=1,67,77,096 IP addresses].
Solution: Subnetting.
Subnetting advantages:
1).Cost deccreases.
2).Wastage of IP addresses is less.
Subnetting general definition:

Division of a big network into a small subnetworks.
Subnetting technical definition:

The conversion of a host bit into a network bit.

11.0.0.0/8[11.0.0.0/8 is one of the big networks with 1,67,77,216 IP addresses out

of the 128 networks].
Requirement is o nly 120 public IP addresses out of 1,67,77,216.

we need IP addresses in a small networks.
Let us consider,divide a big network[11.0.0.0/8] into 5 subnetworks.
Before subnetting,1,67,77,216 hosts[IP addresses] in a big network.
After subnetting,only 3,355,443.2 hosts[IP addresses] in a subnetwork.
After subnetting,no.of subnetworks[5] increases,no.of hosts[3,355,443.2] in a
subnetwork decreases.
Subnetworks:
Formula:2^N
2^1=2 subnetworks.
2^2=4 subnetworks.
2^3=8 subnetworks.
Note:
N-no.of network bits.
Obviously,no.of network bits increases,no.of subnetworks also increases.

So,no.of network bits is directly proportional to the no.of subnetworks.
Hosts:
Formula:2^H.
2^7=128[IP addresses].
2^3=8 hosts[IP addresses].
Note:
H-no.of host bits.
Obviously,no.of host bits decreases,no.of hosts also decreases.

So,no.of host bits is directly proportional to the no.of hosts.
----------------------------------------------------------
Class C subnetting:[Focus on host part not on network part].
Eg:200.1.1.0/25
class C subnetmask=255.255.255.0.
no.of.network bits=24.
no.of.host bits=8.
Step-1:[class C subnetmask conversion]

11111111.11111111.11111111.00000000/24[24 is the no.of network bits]
Step-2:[class C subnetting][Subnetting is the conversion of the host bits into the

network bits from left to right of the octate 4].
Step-3:[class C new-subnet mask]

255.255.255.128/25
Step-4:[Block size]
Blocksize=256[Total no.of hosts[IP addresses] in a network] - New subnet mask
=256-128
=128.
Step-5:[Total no.of sub-networks]

Formula:2^N.
2^1=2 sub-networks.
Note:
N-New network bits.
Step-6:[Total no.of valid hosts[IP addresses] in a sub-network]

Total no.of hosts[IP addresses] in a sub-network=128.
Formula:2^H-2.
=2^7-2
=128-2.
=126 valid hosts.
Note:
H-New host bits.
Blocksize of subnetwork-1 is used to find out the Network id of the subnetwork-2.

Subnetting is happening in the octate 4 of the subnetwork-1.
Add 200.1.1.0/25[subnetwork-1's network id's octate 4] with the subnetwork-1's
blocksize[128],results the subnetwork-2 network id 200.1.1.128/25.
200.1.1.127/25 automatically becomes the subnetwork-1's broadcast id.
200.1.1.255/25 is the broadcast id of the subnetwork-2.
First valid host[IP address] of A.1 =200.1.1.1/25

Last valid host[IP address] of A.1 =200.1.1.126/25
Note:
Total hosts[IP addresses] for '/24'-256.
Total hosts[IP addresses] for '/32'-0[Because,No host bits].
----------------------------------------------------------
Eg:200.0.0.0/26
no.of.host bits=8.



255.255.255.192/26
Step-4:[Block size]
=256-192
=64.

Formula:2^N.
2^2=4 sub-networks.
Note:
N-New network bits.

Formula:2^H-2.
=2^6-2
=64-2.
=62 valid hosts.
Note:
H-New host bits.

Subnetwork-1:
Network id-200.0.0.0/26
Broadcast id-200.0.0.63/26
Subnetwork-2:
Network id-200.0.0.64/26
Subnetwork-3:
Network id-200.0.0.128/26
Subnetwork-4:
Network id-200.0.0.192/26
----------------------------------------------------------
Question:
200.0.0.137-?
1).Find out the '/'value.
/26.
2).200.0.0.137/26 belongs to which network?
3).network-id and broadcast id for the 200.0.0.137/26?

network-id for the 200.0.0.137/26 is 200.0.0.128/26.
Broadcast id for the 200.0.0.137/26 is 200.0.0.191/26
4).what is the first valid IP address of the 4th subnetwork?

200.0.0.193/26 is the first valid IP address of the 4th subnetwork.
----------------------------------------------------------
Eg:200.0.0.0/27
no.of.host bits=8.



255.255.255.224/27
Step-4:[Block size]
=256-224
=32.

Formula:2^N.
2^3=8 sub-networks.
Note:
N-New network bits.

Formula:2^H-2.
=2^5-2
=32-2.
=30 valid hosts.
Note:
H-New host bits.

Subnetwork-1:
Network id-200.0.0.0/27
Subnetwork-2:
Network id-200.0.0.32/27
Subnetwork-3:
Network id-200.0.0.64/27
Subnetwork-4:
Network id-200.0.0.96/27
Subnetwork-5:
Network id-200.0.0.128/27
Subnetwork-6:
Network id-200.0.0.160/27
Subnetwork-7:
Network id-200.0.0.192/27
Subnetwork-8:
Network id-200.0.0.224/27
----------------------------------------------------------
Note:
Total hosts[IP addresses] for '/24'-256[Valid hosts-254].
Requirement is:
1).120 IP addresses.
'/25'[128-2=126 valid IP hosts] is feasible for the 120 IP addresses.
2).130 IP addresses.
'/24'[256-2=254 valid IP hosts] is only feasible for the 130 IP addresses.
3).10 IP addresses.
4).2 IP addresses.

because,'/31'[2-2=0 valid IP hosts] is not feasible for the 2 IP addresses.
----------------------------------------------------------
Remaining tasks:
1).200.0.0.0/28
2).200.0.0.0/29
3).200.0.0.0/30
4).200.0.0.0/31-Task not required.
5).200.0.0.0/32-Task not required.
----------------------------------------------------------
Class B subnetting:[Focus on host part not on network part].
Eg:150.0.0.0/16
Total hosts[IP addresses] in a network=65,536 IP addresses.

Total valid hosts[IP addresses] in a network=65,536 - 2 IP addresses.
=65,534 IP addresses.
class B subnetmask=255.255.0.0.
no.of.host bits=16.
Step-1:[class B subnetmask conversion]

Step-2:[class B subnetting][Subnetting is the conversion of the host bits into the

Step-3:[class B new-subnet mask]

255.255.128.0/17
Step-4:[Block size]
=256-128
=128.

Formula:2^N.
2^1=2 sub-networks.
Note:
N-New network bits.

Formula:2^H-2.
=2^15-2
=32,768-2.
=32,766 valid hosts.
-------------------------
Cross check:
32,768 * 2=65,536 hosts[IP addresses].
-------------------------
Note:
H-New host bits.


----------------------------------------------------------
Class B Tasks:
/18
/19
/20
/21
/22
/23
----------------------------------------------------------
Class A subnetting:
subnetmask-
11111111.00000000.00000000.00000000
11111111.10000000.00000000.00000000
-----------------------------------
Class A subnetting:[Focus on host part not on network part].
Eg:10.1.1.0/9
Total hosts[IP addresses] in a network=1,67,77,216 IP addresses.

Total valid hosts[IP addresses] in a network=1,67,77,216 - 2 IP addresses.
=1,67,77,214 IP addresses.
class A subnetmask=255.0.0.0.
no.of.host bits=24.
Step-1:[class A subnetmask conversion]

Step-2:[class A subnetting][Subnetting is the conversion of the host bits into the

Step-3:[class A new-subnet mask]

255.128.0.0/9
Step-4:[Block size]
=256-128
=128.

Formula:2^N.
2^1=2 sub-networks.
Note:
N-New network bits.

Formula:2^H-2.
=2^23-2
=1,67,77,216-2.
=1,67,77,214 valid hosts.
-------------------------
Cross check:
83,88,608 * 2=1,67,77,216 hosts[IP addresses].
-------------------------
Note:
H-New host bits.


----------------------------------------------------------
CCNA_DAY_7:
2).Classless:
Requirement is:
1).Purchase 100 IP addresses from the ISP[Airtel].
Eg:
11.0.0.0/8[Classfull]
11.0.0.0/16[Classless]
Always check the host first.

Exact requirement is 100 IP addresses.
'/24' has 256 total hosts[valid hosts-254].
Note:
Choose '/'value according to our requirement[100 IP addresses].

irrespective of the networks belongs to class A,class B,class C that doesn't
matter.
[or]
Choose '/'value,irrespective of the networks belongs to class A,class B,class C
that doesn't matter.
So,'/25'is the best option for the 11.0.0.0/25.

ISP provides 11.0.0.0/25.
subnet mask-255.255.255.128/25
blocksize=256-128=128.
Subnetwork-1:
Network id-11.0.0.0/25
Use 100 IP addresses out of the 126 IP addresses.
Use remaining 26 IP addresses in the future.
This concept is known as classless.
Classless exists in the corporate.

Classfull doesn't exists in the corporate.
Because classfull has so many IP addresses in class A and in class B.
class C has maximum hosts of 256['/24'].
class A and class B is not possible in a single network.
No one can afford that.
Subnetwork-2:
Network id-11.0.0.128/25
Broadcast id=11.0.0.255/25
Two types of IP addresses:

1).Public IP address[Paid].
2).Private IP address[Free].
Fixed private IP addresses range:

class A-10.0.0.0->10.255.255.255
N H H H N H H H
class B-172.16.0.0->172.31.255.255
N N H H N N H H
class C-192.168.0.0->192.168.255.255
N N N H N N N H
Except all these private IP addresses,remaining all are the public IP addresses.
Public IP address is used to access the internet.

Private IP address is not used to access the internet.
-----------------------------------------------------------
Use the '/'value according to the requirements.
'/24' to '/30' value is used in the corporates[99.9%].
Classless exists in the corporate.
----------------------------------------------------------
Amit sir's Important Note:
Concentrate on classless '/24' to '30' value for interviews.
Concentrate only on octate 4.
So,cram from '/24' to '/30'values.
----------------------------------------------------------
Classfull:
Eg:10.0.0.0/8[Total hosts=1,67,77,216 hosts].
Classless:
Eg:10.0.0.0/30[Total hosts=4-2=2 hosts].
----------------------------------------------------------
Classless Task:
10.0.0.10/30[Network from class A,'/30' is from class C]
Blocksize:4.
Add blocksize[4] in the octate 4.
10.0.0.0/30
+
4
-----
10.0.0.4/30
+
4
------
10.0.0.8/30
+
4
------
10.0.0.12/30
So,network id is 10.0.0.8/30
broadcast id is 10.0.0.11/30
----------------------------------------------------------
Classless Task:
Blocksize:32.
10.0.0.0/27
+
32
-----
10.0.0.32/27
+
32
------
10.0.0.64/27
+
32
------
10.0.0.96/27
+
32
-------
128
----------------------------------------------------------
Classless Task:
150.1.1.235/28[Network from class B,'/28' is from class C]
Blocksize:16.
150.1.1.0/28
+
16
-----
150.1.1.16/28
+
16
------
150.1.1.32/28
+
16
------
150.1.1.48/28
+
16
-------
150.1.1.64/28
+
16
-------
150.1.1.80/28
+
16
-------
150.1.1.96/28
+
16
-------
150.1.1.112/28
+
16
-------
150.1.1.128/28
+
16
-------
150.1.1.144/28
+
16
-------
150.1.1.160/28
+
16
-------
150.1.1.176/28
+
16
-------
150.1.1.192/28
+
16
-------
150.1.1.208/28
+
16
-------
150.1.1.224/28
+
16
-------
150.1.1.240/28
+
16
-------
150.1.1.256/28
----------------------------------------------------------
Classless Task:
200.0.0.177/25[Network from class C,'/25' is from class C]
subnet mask:255.255.255.128/25[11111111.11111111.11111111.10000000]
Blocksize=256-128.
=128.
200.0.0.0/25
+
128
-----
200.0.0.128/25
+
128
-----
200.0.0.255/25
----------------------------------------------------------
Classless Task:
Blocksize:64.
10.0.0.0/26
+
64
-----
10.0.0.64/26
+
64
------
10.0.0.128/26
----------------------------------------------------------
Classless Task:
Blocksize:4.
11.0.0.0/30
+
4
-----
11.0.0.4/30
+
4
------
11.0.0.8/30
+
4
------
11.0.0.12/30
.
.
.
11.0.0.135/30
----------------------------------------------------------
FLSM and VLSM:
FLSM[Fixed Length Subnet Mask].
VLSM[Variable Length Subnet Mask].
Always use VLSM not FLSM.

----------------------------------------------------------
Amit sir's Important note:
Corporate uses the combination of the Classless with VLSM.
----------------------------------------------------------
1).FLSM[Fixed Length Subnet Mask]:
Setup 4 seperate small networks in a company by internally dividing the same IP
address 11.0.0.0/24.
Sales team =100 employees[100 PCS].
HR team =6 employees[6 PCS].
Admin team =30 employees[30 PCS].
IT team =10 employees[10 PCS].
---------------------------------------
Total =146 employees.
---------------------------------------
Network admin requires 146 Public IP addresses for the individual employees to
access the internet.
ISP delivers 11.0.0.0/24[Classless].
'/25'cannot be used,because total valid hosts[IP addresses] for '/25' is 126.
----------------------------------------------------------
11.0.0.0/24[Single BCD].
Assign IP address from the same network[11.0.0.0/24] within the company.
Requirement:
Internally divide the network 11.0.0.0/24 into 4 parts within the company.
First always check for the team requires the highest no.of hosts[IP addresses].
Sales team[subnetwork-1]:
11.0.0.0/24[valid hosts=254]:
Network id-11.0.0.0/24
Now,Internally divide the network 11.0.0.0/24 into 4 seperate parts.
'/25' is the best '/'value for the 100 IP addresses.

Use 11.0.0.0/25[126 valid hosts].
Blocksize=256-128.
=128.
11.0.0.0/25[Sales team network]

11.0.0.0 to 11.0.0.127[valid hosts:11.0.0.1 to 11.0.0.126]
According to FLSM,
use same subnetmask[255.255.255.128/25] for all the teams.
11.0.0.128 to 11.0.0.255[valid hosts=126].

11.0.0.128 to 11.0.0.255=126-6[HR team]=120 valid IP addresses remaining.
According to FLSM,these 120 IP addresses must be used within the HR department

only.
Remaining 120 IP addresses cannot be used for any other departments.
we have purchased total 254 IP addresses from the ISP.
we have used all the 254 IP addresses.
Still 2 more departments are exists.
we need to purchase one more network 12.0.0.0/24 from the ISP.
and only '/24'.
we have to use the same '/'value for all the teams.
Eg: IPs wastage

Sales team[/25] =100 employees[100 PCS][126-100=26 IP addresses].
HR team[/25] =6 employees[6 PCS] [126-6=120 IP addresses].
Admin team[/25] =30 employees[30 PCS] [126-10=116 IP addresses].
IT team[/25] =10 employees[10 PCS] [126-30=96 IP addresses].
-----------------------------------------------------------------
Total IPs require=147 IP/employees. Total IPs wastage=358 IPs
-----------------------------------------------------------------
Problem:
Network Admin cannot be able to divide the IP addresses within the campus.
division is the only reason for purchasing the two
networks[11.0.0.0/24,12.0.0.0/24].
So,FLSM is not a feasible concept.
Corporates are not using FLSM due to IP division problems.
For FLSM,use the same '/'value for all the teams.
---------------------------------------------------------
2).VLSM[Variable Length Subnet Mask]:
---------------------------------------
Total =146 employees.
---------------------------------------
First always check for the team which requires the highest no.of hosts[IP
addresses].
Sales team:[First highest no.of hosts requirement]

11.0.0.0/24
'/25'-255.255.255.128
Blocksize=256-128.
=128.
network id-11.0.0.0/25
broadcast id-11.0.0.127/25
IP wastage=126-100
=26.
Admin team:[Second highest no.of hosts requirement]

11.0.0.0/24
'/27'-255.255.255.224
Blocksize=256-224.
=32.
network id-11.0.0.128/27
IP wastage=30-30
=0.
IT team:[Third highest no.of hosts requirement]

11.0.0.0/24
'/28'-255.255.255.240
Blocksize=256-240.
=16.
network id-11.0.0.160/28
IP wastage=14-10
=4.
HR team:[Fourth highest no.of hosts requirement]

11.0.0.0/24
'/29'-255.255.255.248
Blocksize=256-248.
=8.
network id-11.0.0.176/29
IP wastage=6-6
=0.
Buffer Zone:[Fifth highest no.of hosts requirement]

11.0.0.0/24
11.0.0.184 to 11.0.0.255 is used for the future teams.
----------------------------------------------------------
Comparision between the FLSM and the VLSM:11.0.0.0/24[Classless]
VLSM FLSM
Sales team 11.0.0.0/25 11.0.0.0/25
HR team 11.0.0.176/29 11.0.0.128/25
IT team 11.0.0.160/28 12.0.0.0/25
Admin team 11.0.0.128/27 12.0.0.128/25
Always two things in the corporate:

1).Classless.
2).VLSM.
----------------------------------------------------------
Best website for subnetting:9tut.com
Amit sir's Important note:

Keep focus always on class C '/'values like /24,/25,/26,/27,/28,/29,/30.
----------------------------------------------------------
VLSM Task:
---------------------------------------
Total IPs required=50+8=58 IPs.
---------------------------------------
First always check for the team requires the highest no.of hosts[IP addresses].
Sales team:[First highest no.of hosts requirement]

11.0.0.0/24
'/27'-255.255.255.224
Blocksize=256-224.
=32.
network id-11.0.0.0/27
IP wastage=30-30
=0.
IT team:[Second highest no.of hosts requirement]

11.0.0.0/24
'/28'-255.255.240
Blocksize=256-240.
=16.
network id-11.0.0.32/28
IP wastage=16-12
=4.
Admin team:[Third highest no.of hosts requirement]

11.0.0.0/24
'/28'-255.255.255.248
Blocksize=256-248
=8.
network id-11.0.0.48/29
IP wastage=8-6
=2.
HR team:[Fourth highest no.of hosts requirement]

11.0.0.0/24
'/30'-255.255.255.252
Blocksize=256-252
=4.
network id-11.0.0.56/29
IP wastage=4-2
=2.
Buffer Zone:[Fifth highest no.of hosts requirement]
11.0.0.0/24
11.0.0.60 to 11.0.0.63 is used for the future teams.
----------------------------------------------------------
Tasks:
3 Examples on FLSM.
3 Examples on VLSM.
Keep '/'value between '/24' to '/30'.
Task:
Types of cables.
----------------------------------------------------------
CCNA_DAY_8:
OSI[Open System Interconnection model]:
OSI is an IEEE standard.
In 1960's,IBM devices are not able to communicate with the dell devices.
7 layers in OSI:[Down to Up]

Application Layer--->[Layer7].
Presentation Layer-->[Layer6].
Session Layer------->[Layer5].
Transport Layer----->[Layer4].
Network Layer------->[Layer3].
Datalink Layer------>[Layer2].
Physical Layer------>[Layer1].
Now,every vendor is following OSI standard[Comman standard].
1).Physical Layer:
Physical layer is about physical connections.
Cables[Wired] used in industry:

Symbol Speed
a).serial cable.------------------------->s 0/0 4 Mbps.
b).Ethernet cable.----------------------->e 0/0 10 Mbps.
c).Fast Ethernet cable.------------------>f 0/0 100 Mbps.
d).Fiber optics[Gigabit Ethernet cable].->g 0/0 1 Gbps.
f 0[slot.no[NIC]]/0[port no].
NIC-Network Interface Card.

Slot Example:slots in laptop.
Slot.no.1/NIC.no.1 contains f0/0,f0/1,f0/2,f0/3,f0/4.

Slot.no.2/NIC.no.2 contains f1/0,f1/1,f1/2,f1/3,f1/4.
Data transfers in the form of bits[Eg:01010101] via the physical cables.
Physical layer uses Hub as a device.
----------------------------------------------------------
2).Data Link Layer:
Data Link Layer always deals with the MAC address[Switch].
Data Link Layer uses Switch as a device.
Switch has two families:

1).Catalyst.
2).Nexus.
Catalyst is used in Routing and Switching.
Data Link Layer is divided into two sublayers:

1).LLC[Logical Link Control] Layer[LLC Layer contains the information about the
Routed protocols[IPv4 or IPv6]].
Ethernet type is one of the fields in the Mac Header:
IPv4-0x0800.
IPv6-0x08dd.
2).MAC Layer[MAC Layer contains the information about the MAC address[source
mac,destination mac] information].
----------------------------------------------------------
3).Network Layer:
Network Layer is about IP address.
Network layer has two protocols:

1).Routed protocols[IPv4 and IPv6].
2).Routing protocols[RIP/EIGRP/OSPF].
Network layer uses Router as a device.
Protocol type is one of the fields in the IP Header.

Protocol.no.
TCP 06
UDP 17
Consider TCP as one container with Container.no.06.

Consider UDP as one container with Container.no.17.
TCP Container has different services.

Protocol.no.
TCP 06
Port.no
1).Telnet-->23.
2).SSH----->22.
3).HTTP---->80.
4).HTTPS--->443.
5).FTP----->20,21.
UDP Container has different services.

Protocol.no.
UDP 17
Port.no.
1).DHCP--->67,68.
2).DNS---->53.
These protocols are enough for the fresher level.
SIP[-] is from Collaboration.
GDOI[848] is from security[VPN].
ISKMP[500] is from security[VPN].
----------------------------------
Interview perspective:
TCP:
1).Telnet.
2).SSH.
3).HTTP.
4).HTTPS.
5).FTP.
6).DNS[DNS is a part of TCP also].
UDP:
1).DHCP.
2).DNS.
----------------------------------------------------------
4).Transport Layer:
Transport Layer has two protocols:
1).TCP[Train].
2).UDP[Flight/Bus/Car/Bike/Bicycle/Walk].
TCP[Trasport medium] and UDP[Trasport medium] are used to transfer the data from
PC1 to PC2.
TCP [or] UDP depends on the Data Type.
TCP and UDP has port.no concept.
port.no is divide into two parts:

1).Source port.
2).Destination port.
----------------------------------------------------------
5).Session Layer:
Personal Computer has Google Chrome.
Purchase order confirmation gets only on the Amazon website[same tab] not on the
Netflix website.
------------------------------------------------
NSE3 Certificate.
Fortinet[NSE Institute]
Fortinet's Network Security Expert Certification.
NSE3 Network Security Associate.
-------------------------------------------------
Application layer,presentation layer,session layer are software based.
Programmer is responsible for Application layer,presentation layer,session layer.
Network engineer is responsible for Physical layer,Datalink layer,Network
layer,Transport layer are physical based.
Upper layers:
1).Application layer.
2).Presentation layer.
3).Session layer.
Lower layers:
1).Physical layer
2).Datalink layer
3).Network layer
4).Transport layer
Always discuss about the Lower layers.
Example:1
Session layer maintains all the different applications/tabs at the same time on the
Google Chrome.
Session layer able to manage all these applications via the Transport layer.
Session layer always works on behalf of the port.no.
Session Layer uses Transport Layer concept.
Example:2
Online exam time is 2 hours.
After 2 hours,window would be closed.
Example:3
Online Banking.
webpage is idle for the last 1 minute.
Automatically,webpage would be closed.
Session would be expired automatically.
Timer would be already set by developers.
----------------------------------------------------------
6).Presentation Layer:
Open a Networkershome website on the mobile phone/tab/Laptop.
Encryption and Decryption happens always on the presentation layer.
----------------------------------------------------------
7).Application Layer:
Different protocols in the application layer:
1).Http.
2).Https.
3).Telnet.
4).FTP.
5).SMTP.
6).BGP.
7).SSH.
Browser[Google Chrome,Microsoft edge,Mozilla Firefox,Internet Explorer] is an

application.
Putty is an application for telnet,SSH,Raw,Remote login,Serial.
Routing protocols are divided into two parts:

1).eBGP[Exterior Border Gateway Protocols].
2).iBGP[Interior Border Gateway Protocols].
1).eBGP[Exterior Border Gateway Protocols] protocols:

WAN Side[ISP Side].
2).iBGP[Interior Border Gateway Protocols] protocols:

RIP.
OSPF is used within the organisation.
EIGRP is used within the organisation.
----------------------------------------------------------
Encapsulation:Data travels from L7 to L1.
Data[Hi]->http header->[L6,L5 are software based]->TCP Header[SP-Random,DP-443]->IP
Header[SIP-10.1.1.1,DIP-10.1.1.2]->MAC Header[SMAC-A,DMAC-B]->Bits[01010101].
L7 [Presentation,Session Layer] L4 [Fixed for Https]
L3 L2 L1
[Application Layer] [Transport Layer]
[Network Layer] [Datalink Layer] [Physical Layer]
Decapsulation:Data travels from L1 to L7.

Bits[01010101]->MAC Header[SMAC-A,DMAC-B]->IP Header[SIP-10.1.1.1,DIP-10.1.1.2]-
>TCP Header[SP-Random,DP-443]->[L6,L5 are software based]->http header->Data[Hi]
L1 L2 L3 L4
[Presentation,Session Layer]L7
[Physical Layer][Datalink Layer] [Network Layer]
[Transport Layer] [Application Layer]
Ethernet type-0x0800 Protocol type-0x08dd
During Decapsulation every lower layer has basic informations about the upper
layer.
i.e.,
L1 has some basic informations about L2 present in the form of bits.
L2 has some basic informations about L3 about Routed protocol[IPv4 or IPv6].
L3 has some basic informations about L4 about Protocols[TCP or UDP].
----------------------------------------------------------
CCNA_DAY_9:
what is the use of the session layer?
Types of routed protocols?
How many bits in MAC address?
How many bits in IPv6 address?
How many bytes in MAC address?
----------------------------------------------------------
Difference between TCP and UDP:
TCP UDP
1).Connection establishment No connection establishment.
2).Flow control. No flow control.
3).Congestion control. No congestion control.
4).Acknowledgement. No acknowledgement.
5).Error Correction by retransmitting of data. No error checking and correction.
6).Ordered delivery. No ordered delivery.
7).Reliable delivery. Unreliable delivery.
8).Applications: Applications:
.HTTP. .DNS[Usually].
.FTP. .DHCP.
.SMTP. .RTP[Real-Time Protocol].
.Telnet. .VoIP.
.MSN messenger.
----------------------------------------------------------
Transmission Control Protocol[TCP]:[00:09:35]
1).Connection-Oriented Communication.
2).Flow Control.
UDP Example:
Book the ticket and then inform to your friend.
TCP Example:
Inform the friend and then book the ticket.
3-way handshake process happens before the data transfer from Node A to Node B.
UDP transfers the data directly without any 3-way handshake process.
UDP does not support 3-way handshake process.
3-way handshake process:[Initiate the connection]

Scenario1:[Responder is not free]
Initiator Responder
->syn(1)
<-Negative-Ack(1).
Scenario2:[Responder is free]
Initiator Responder
->syn(1)
<-syn(2)+Ack(1).
->Ack(2).
<->
Connection Established.
Data Transfer.
Data is in the form of the packet.

MTU[Maximum Transmission Unit]:
Single packet's maximum[1460 bytes] data transfer capacity from Node A to Node B.
Headers-40 bytes.
By default,MTU size is 1500 bytes.
TCP supports Acknowledgement number,Sequence number,Re-transmission.

UDP does not supports Acknowledgement number,Sequence number,Re-transmission.
----------------------------------------------------------
100 packets to be transmitted from the Initiator to the Responder.
->Data-1(1).
<-Ack-1(1).
->Data-2(2).
<-Ack-2(2).
Initiator maintains a database of the Acknowledgement's sequence numbers received
from the responder.
Respondor maintains a database of the Data's sequence numbers received from the
Initiator.
->Data-3(3)->Data-3 losts inbetween due to some network issue.
->Data-4(4).
<-Ack-4(4).
.
.
.
.
<-Re-transmission(Responder requests the Initiator to resend the Data-3)
->Data-3(3) Re-transmitted.
<-Ack-3(3).
Both the Initiator's database(Acknowledgement sequence number) and the Responder's
database(Sequence sequence number) gets updated.
TCP supports Re-transmission.

UDP[Eg:Live streaming of Cricket match] does not supports Re-transmission.
Finally,Data gets transfered from Node A to Node B.
----------------------------------------------------------
4-way handshake process:[Terminate the connection]
Initiator Responder
->FIN(1) .
<-ACK(1).
<-FIN(2).
->ACK(2).
Note:
FIN->Finish.
----------------------------------------------------------
Let us consider,100 crore[1 billion] packets to be transmitted.
Initiator expects 1 billion Acknowledgements.
1 billion Acknowledgements are a huge traffic.
3-way handshake process and 4-way handshake process is fine in small level.
1 billion Acknowledgements are a disadvantage at large scale.
Windowing is the solution.
Manually set the windowing size as 1000 packets.
Responder sends an Acknowledgement for every 1000 packets.
If any one of the packets is missing from the Initiator side.
Re-transmission(Responder requests the Initiator to resend the Data-6).
->Data-6(6) Re-transmitted.
Now,Responder sends 1 Acknowledgement.
----------------------------------------------------------
Amit Sir's suggestion for the CCIE Security Guys:
First finish atleast 70% to 80% of the Training.
After CCIE security,we will get a chance to work in SOC Profile.
----------------------------------------------------------
2).Flow Control:
Take three routers and connect in series like R1[Source]->R2[Buffer]-
>R3[Destination].
Transfer the data from the Source[R1] to the Destination[R3].
R1 to R2 has Fibre optics cable[Data speed:1024Mbps[1Gbps]].
R2 to R3 has Ethernet cable[Data speed:10 Mbps].
Bottleneck service.
R2 has buffer.
Two types of buffer in routers:

1).Software buffer.
2).Hardware buffer.
Data speed mismatch.

R2 receives and stores the data in the buffer.
After sometime,R2's buffer gets full.

But,R2 is receiving the data continuously from R1.
Now,R2's buffer starts to drop the packets continuously[Buffer overflow].
Wastage of Bandwidth.
TCP supports the Flow control.

UDP does not supports the Flow control.
UDP Applications:
1).Streaming media.
2).Real-time multiplayer games.
3).Voice over IP.
The types of flow control:

1).Buffering.
2).Windowing.
3).Congestion Avoidance.
UDP is faster as compared to TCP.

----------------------------------------------------------
Router components:
1).RAM.
2).NV- RAM.
3).ROM.
4).Flash.
1).RAM[Volatile]:
RAM is a temporary memory.
Configurations presents in RAM are known as running configurations
Running configurations are stored in the RAM.
Router deletes all the configurations during the rebooting.
Running configurations are temporary.
2).NVRAM[Non-Volatile RAM]:
NVRAM is a permanent memory.
Save the running configurations in NV-RAM.
Configurations presents in RAM are known as startup-configurations.
Startup-configurations are permanent.
Commands to save the running configurations from RAM to NV-RAM:

1).#write
2).#copy running-configuration startup-configuration.
3).ROM:
ROM is a permanent memory.
Mini-OS for the back-up.
4).Flash:
Flash is a permanent memory.
Flash keeps all the iOS images[iOS versions-12.x,15.x,16.x].
iOS is the OS of the router.
Flash memory is removable.
---------------------------------------------------------
TFTP server:
TFTP server is used to install the iOS on the router.
TFTP server is a software.
Connect the laptop with the router's interface via the Fastethernet cable.
Push the iOS image into the router's Flash memory with the help of the TFTP server.
TFTP server is used to download the iOS image from the Router.
TFTP server is used to upload the iOS image into the Router.
----------------------------------------------------------
Case:
Router1 with iOS image.
Router2 without iOS image.
Take the iOS image backup from the Router1's Flash memory to the TFTP server.
then upload the iOS image from the TFTP server to the Router2.
----------------------------------------------------------
Boot sequence:
1).Router try to find iOS image in the flash memory.
2).Load the iOS image from the router's Flash memory into the TFTP server.
3).Router try to find out startup configuration in NV-RAM.
4).Router loads that startup configuration into the RAM.
5).Router asks to enter the username and password.
----------------------------------------------------------
Config-register:
The total boot sequence presents in the ROM.
Config-register[Hardware] is an instructor for the router boot sequence.
Config-register is a hardware,which presents in the motherboard.
Config-register value is0x2102.
Config-register plays very important role in router and in switch.
POST[Post power-on selftest] process happens before the boot sequence.

Subnetting:Atleast 10.1.1.0/24 for POST concept.
----------------------------------------------------------
CCNA_DAY_10:
Commands to check the reacheability:
1).ping.
2).Remote Access:
Two options to access the devices:
1).Physical connection[Console cable].
2).Remote Access[Remote Access is used to access any remote devices in the delhi
branch from the bangalore branch].
Remote Access has two options to access the remote devives in the CCNA Level:
1).Telnet.
2).SSH.
Telnet is not secure.

Telnet uses TCP protocol.
TCP[Protocol.no.]-06.
TCP[Port.no.]-23.
SSH is secured.
In corporates,100% SSH is used for the remote access.
Remote Access has other options to access the remote devices:

1).GUI.
2).Web browsers.
3).Putty.
Two types of port numbers:

1).Well-known port numbers[Range:0-1023].
2).Random port numbers[Range:1024-65,535].
Total range of port numbers:65,536[16-bits]=0-65,535.

8080 is the part of random port numbers.
----------------------------------------------------------
Step-by-step process after Power-on the routers[R1 and R2]:
Step1:post[Power on self test]:
Power on self test is the self test of the physical hardwares.
Step2:Bootstrap/Boot sequence:
1).Router try to find iOS image in the flash memory.
2).Load the iOS image from the router's Flash memory into the TFTP server.
3).Router try to find out startup configuration in NV-RAM.
4).Router loads that startup configuration into the RAM.
5).Router asks to enter the username and password.
Manually connect the R1 and R2 via the cable[FastEthernet/Ethernet/Fibreoptics].
Step3:Auto negotiation:
1).FLP[First Link Pulse].
FLP checks the speed.
2).Duplex:
a).Full duplex.
b).Half duplex.
By default,Full duplex on all the cisco devices.
Possibility:
Manually Full duplex can be changed to Half duplex.
Note:
Half duplex always works with half duplex.
Full duplex always works with full duplex.
Half duplex does not works with full duplex.
Full duplex does not works with half duplex.
----------------------------------------------------------
GARP[Gratuitous ARP]:
GARP is a L3 protocol.
Source IP address and the Destination IP address are always same.
Router can automatically detect the IP address is Unique [or] not by using the GARP
in the same network.
Routers/L3 switches/Firewalls/FTD/FMC/ISE/Stealthwatch/WSA/ESA/Wireless controller
Access points/Mobile phones.
----------------------------------------------------------
4).Assign IP address:
Once IP address assigned on the router.
Immediately GARP is used to find out the unique IP address.
----------------------------------------------------------
Packet Format:
Source IP address[10.1.1.1].
Destination IP address[10.1.1.1].
Source MAC address[A].
Destination MAC address[FFFF[Broadcast IP address]].
Switch always deals with the MAC address.

MAC address is 48-bits.
MAC address table timer is 300 seconds[500 seconds].
Switch maintains a MAC address table.
Broadcasting by the switch is known as Flooding.
If there is no reply within 0.37 milliseconds.
Then,10.1.1.1 would becomes a permanent IP address.
----------------------------------------------------------
Router maintains MAC address entries in a database is known as ARP Cache.
ARP cache is about MAC address.
Self MAC address.
Destination MAC address.
Telnet-TCP.
ssh-TCP.
DNS-TCP/UDP.
DHCP-UDP.
PING-ICMP[Protocol.no.1].
ICMP does not supports any port.nos.

ICMP supports two things:
1).Type.
2).Code.
ICMP is divided into two parts:

Type[Reserved] Code[Reserved]
Echo Request 8 0
Echo Reply 0 0
Ping is divided into two parts:

1).Echo Request.
2).Echo Reply.
----------------------------------------------------------
Packet1:Echo Request:
Destination MAC address[ ? ]->is updated to as [B] after ARP reply.
Type[8].
Code[0].
ARP is used to find out the destination MAC address.

ARP is divided into two parts:
1).ARP Request.
2).ARP Reply.
ARP Request is always Broadcast.
ARP Reply is always Unicast.
ARP is L2 protocol.
ICMP is L3 protocol.
TCP is L4 protocol.
Echo Request packet is put-on hold for sometime.
Packet2:ARP Request[Broadcast packet].

Destination MAC address[FFFF[Broadcast IP address]].
Packet3:ARP Reply[Unicast packet].

Source MAC address[B].
Destination MAC address[A].
Router always identifies ARP Request and ARP Reply on behalf of the Ethernet Type.
Now,the Destination MAC address field in the Echo Request gets updated as B.
Packet4:Echo Reply:
Source MAC address[B].
Destination MAC address[A].
Type[0].
Code[0].
Always 5 Echo Requests in the Cisco devices.

Always 5 Echo Reply in the Cisco devices.
Packets Reaches:!!!!!
Packets Drops:.....
----------------------------------------------------------
5).PING:
1).Echo Request[On-Hold].
2).Echo Reply.
----------------------------------------------------------
6).ARP:
ARP is divided into two parts:
1).ARP Request.
2).ARP Reply.
----------------------------------------------------------
7).PING[Packet Internet Group]:
1).Echo Request.
2).Echo Reply.
Now,Remote Access is possible via the Telnet,ssh.

----------------------------------------------------------
CCNA_DAY_11:
VLAN[Virtual Private Network]:
Vlan definition:
Division of a big BCD into small BCDs.
Use Catalyst switch for the entire CCNA course.
By default,Single BCD in the catalyst switch.
Collision Domains=No.of.Active ports.
By default,24 ports in the catalyst switch.

By default,Vlan 1["1" is known as Vlan-ID] in the catalyst switch.
All the interfaces are the part of the Vlan 1[Default Vlan or Native Vlan].
First time,Switch performs Un-known Unicasting.
Second time,Unicasting.
Native Vlan disadvantages:

By deafult,All the PCs can communicate to each an other.
Solution:
Vlan is required to seperate the domains[Eg:Domain1->HR,Domain2->IT,Domain3-
>Sales].
3 Vlans for 3 Domains:

ID Name
Vlan 10 HR
Vlan 20 IT
Vlan 30 Sales
Vlan IDs:10,20,30.
Specific range of Vlan IDs:[0-4095].
Bits in IPv4:32 bits.

Bits in IPv6:128 bits.
Bits in MAC:48 bits.
Bits in Port:16 bits.
Bits in Vlan:12 bits[Total no.of.bits:4096].

Always starts with "0" and ends with "4095".
Vlan 0 is reserved for VMware.

Vlan 4095 is reserved Apple Talk[IP address only for apple devices].
Usuable range is 0-4095.
Two types of Vlans:

1).Standard Vlan.
2).Extended Vlan.
Standard Vlan range:1-1005[VTP Version 2].

Extended Vlan range:1006-4094[VTP Version 3].
Standard Vlan range:1-1005[VTP Version 2]:

Vlan 1:Native Vlan.
Native Vlan cannot be deleted/edited.
Native Vlan can be modified.
Vlan 1002,Vlan 1003,Vlan 1004,Vlan 1005:Reserved for Token ring and FDDI[Fiber
distributed data interface].
At present,Token ring and FDDI are not using in the corporates.
Usuable standard Vlan range:[2-1001].
By default,Vlan 1,Vlan 1002,Vlan 1003,Vlan 1004,Vlan 1005 are reserved.
----------------------------------------------------------
Step1:Create 3 Vlans for 3 Domains:
ID Name
Vlan 10 HR[Domain1]
Vlan 20 IT[Domain2]
Vlan 30 Sales[Domain3]
Step2:
Option!:Assign sequence interfaces into the same Vlan one by one by 2 methods:
1).Static method[Switch's interface based method]->CCNA.
2).Dynamic method[End Router's MAC address based method]->CCNP.
Solution for the static method:Dynamic method.

Dynamic method:MAC address binding always in the corporates.
[or]
Option2:Range options.
interface range f0/1...f0/10
----------------------------------------------------------
Lab:
Use c3725 router series.
Use c7200 router series.
CAM table gets updated first time during the IP address assignment.
Switch1 is connected with the Switch2 via the cable.

----------------------------------------------------------
CCNA_DAY_12:
Trunking:
Port modes:
1).Access mode.
2).Trunk mode.
1).Access port:
Only one Vlan[Either Vlan 10 or Vlan 20] traffic can be allowed at a time from one
interface.
By default,Enable access port on all the interfaces by using some specific
commands.
2).Trunk port:
All Vlan[Vlan 10 + Vlan 20] traffics can be allowed at a time from one interface.
Manually configure the trunk port.
Enable Vlan 10.

Enable Vlan 20.
By default,communication between the devices within the same Vlan is possible[Intra

Vlan communication is possible].
Because,all the devices are the part of the same broadcast domain.
By default,communication between the devices of the two different Vlans is not
possible[Inter Vlan communication is not possible].
Inter Vlan Routing[IVR] concept is used to establish the communication between the
devices of the two different Vlans[Vlan 10,Vlan 20].
----------------------------------------------------------
Switch1 is connected with the Switch2.
Solution1:
Trunk port is configured to allow all Vlan Traffics can be allowed at a time from
one interface to an other interface.
Solution2:
Add interface 7 into Vlan 10[Now,Interface 7 becomes the part of the Vlan 10].
Two methods to configure the trunk:
1).Static method[Configure manually].
2).Dynamic method[Dynamic Trunking Protocol].
Enable Trunk port on Switch1's interface.

Auto-negotiation happens between the switch1 and switch2.
Automatically,switch2's interface becomes Trunk port.
1).Static method[Configure manually]:
Tagging on Trunk port:

Once Trunk port gets configured manually.
By default,Tagging gets enabled on Switch1.
Tagging is not required on the access port.
Switch1 performs Tagging on the traffic.
Tag[Eg:Vlan 10] presents in-front of the traffic.
Switch2 performs Un-Tagging.
During reply,switch2 performs Taggging on the traffic.

switch1 performs Un-Tagging on the traffic.
Two protocols are used for Tagging and Un-Tagging:

1).ISL[Cisco Inter-Switch Link].
2).802.1q.
Difference between ISL[Cisco Inter-Switch Link] and 802.1q

ISL[Cisco Inter-Switch Link] 802.1q
1).Cisco proprietary. Open standard.
2).ISL Header size is 802.1q Header size is 4-bytes[32-bits].
30 bytes[240-bits]. 4-bytes[32-bits].
ISL Tagging protocol works only in-between the cisco switch.

802.1q Tagging protocol works in between the two different vendors.
----------------------------------------------------------
MTU[Maximum Transmission Unit]
By default,MTU size is 1500 bytes.
MTU size can be stretched upto 1520 bytes.
Add the ISL Tagging protocol[Vlan 10] on MTU[MTU size:1500 bytes].
Total MTU size becomes 1500+30=1530 bytes.
1530 bytes>1500 bytes.
This MTU is known as Jumbo Frame.
Interface 7 drops the Jumbo Frame.
Solution is Fragmentation.
Fragmentation divides the MTU into 2 parts[1530 bytes/2=765 bytes].
Fragmentation options:
Option1:Dismantle the MTU at the source and merge again in the Destination.
Option2:Entire MTU must be transfered from source to destination without any

fragmentation.
So,Add 802.1q[4 bytes] Tagging protocol.
1500+4=1504 bytes.
1504<1520 bytes.
Now a days,99.9% cisco switches support 802.1q Tagging protocol not ISL Tagging
protocol.
So,802.1q Tagging protocol is better than ISL Tagging protocol.
----------------------------------------------------------
Website:
DTP on omnisecu.com
DTP Modes:
1).Dynamic-Desirable
2).Dynamic-Auto
3).Trunk
4).Access
Switchport Mode Dynamic-Desirable Dynamic-Auto Trunk Access
Dynamic Desirable Trunk Trunk Trunk Access

Dynamic Auto Trunk Access Trunk Access
Trunk Trunk Trunk Trunk Access
Access Access Access Access Access
? means context help.
DTP is pre-configured and pre-enabled in all the cisco switches.
On Trunk port,By default,Standard Vlans[1-1005] is allowed.

By default,Dynamic desirable mode on all the switches.
----------------------------------------------------------
CCNA_DAY_13:
VTP[Vlan Trunking Protocol]:
Different Floors with Different no.of devices[or Employees] in a Vlan.
Configure Vlans:
Vlan ID
HR 10
SALES 20
IT 30
MGMT 40
VTP Protocol is used to replicate the Vlans[HR,SALES,IT,MGMT] automatically from

the server[switch 1] to all the clients[switch 2 to 20].
VTP contains server and client.
Configure VTP.
Manually define the same domain name[as CCIE] on all the switches.
Manually define the same version[as v2] on all the switches.
All the switches are the part of the same Vlan.
Manually allocate 1 switch[Switch1] as a server and remaining switches[2...20] as a
client.
1 server is possible in a single BCD.
N-1 clients are possible in a single BCD.
Note:
N-Total no.of.switches.
VTP has 2 versions:

1).VTP Version 2.
2).VTP Version 3.
VTP Version 2 always supports the Standard Vlan.
VTP Version 3 supports standard Vlan and extended Vlans.
VTP has 3 modes:

1).Server mode.
2).Client mode.
3).Transparent mode.
The VLAN Trunking Protocol(VTP) is a very useful protocol to create,manage and

maintain a large network with many interconnected switches.
The VLAN Trunking Protocol(VTP) can manage the addition,deletion and renaming of
VLANs from a central point without manual intervention and VLAN Trunk Protocol(VTP)
thus reduces network administration in a switched network.
Server Client
VLAN creation possible. Not possible.
VLAN deletion possible. Not possible.
VLAN modification possible. Not possible.
Interface Assignment:
According to Interface requirements,Local Admin assigns the interfaces into the
respective Vlans.
VTP messages are required to replicate the Vlan[HR,SALES,IT,MGMT] automatically

from the server[switch 1] to all the clients[switch 2 to 20].
VTP has 3 messages:

1).Summary advertisement[Summary advertisement message is a periodic message for
every 300 seconds[5 minutes]].
2).Subset advertisement[Subset advertisement message is used by the VLAN during
creation/deletion/modifications by the server].
3).Client advertisement[Client advertisement message is used by the new client].
Server generates Summary advertisement and Subset advertisement.

Client cannot generate Summary advertisement and Subset advertisement.
Client can only replicate Summary advertisement and Subset advertisement.
Client can generates only Client advertisement message.
Subset advertisement message contains:

1).VTP domain name.
2).VTP Version.
3).Vlan Informations[Vlan Id,Vlan Name].
4).Revision.No.
Revision.No:
Revision.No=No.of. Vlan informations modifications in the Subset advertisement
message.
By default,server and client has Revision.No.1.
Revision.No. should be same on the server and the client.
Transparent mode[Transparent switch]:

Transparent mode is used to create Vlans on the particular client from the server.
Transparent mode just pass the Vlan information to the next client without updating
in its database table.
Manually modifications can be done on the Transparent switch.
No impact by the server on the Transparent switch.
But,Transparent switch is the part of the sequence.
[N-Total no.of.clients-1] is the no.of.Transparent switches.

N-Total no.of.switches.
----------------------------------------------------------
VTP has 3 modes:
1).Server mode.
2).Client mode.
3).Transparent mode.
1).Server mode:
VLAN Trunking Protocol(VTP) server mode is the default VTP mode for all catalyst
switches.
At least one server is required in a VTP domain to propogate VLAN information
within the VTP domain.
We can create,add,or delete VLANs of a VTP domain in a switch which is in VTP
server mode and change VLAN information in a VTP server.
The changes made in as switch in server mode are advertised to the entire VTP
domain.
2).Client Mode:
VLAN Trunking Protocol(VTP) client mode switches listen to VTP advertisements from
other switches and modify their VLAN configurations accordingly.
A network switch in VTP client mode requires a server switch to inform it about the
VLAN changes.
We cannot create,add,or delete VLANs in a VTP client.
3).Transparent Mode:
VLAN Trunking Protocol(VTP) transparent switches do not participate in the VTP
domain,but VTP transparent mode switches can receive and forward VTP advertisements
through the configured trunk links.
3 types of VLAN Trunking Protocol(VTP) advertisement messages are:

Client advertisement request:
A client advertisement request message is a VTP message which a client generates
fro VLAN information to a server.
servers respond with both summary and subset advertisements.
Command:
vtp mode server/client
vtp domain ccie
vtp version 2
----------------------------------------------------------
CCNA_DAY_14:[3 Switches]
STP[Spanning Tree Protocol]:
By default,STP is enabled on the switch interface.
STP is the most important protocol in switching.
STP is required to avoid the Layer 2 Loop.
Block port help us to avoid Layer 2 Loop.
Data cannot be Transmitted/Received on the block port.
Layer 2 Loop:
Vlan-1.
BCD-1.
Data transfer from PC1[switch1] to PC2[switch3].
----------------------------------------------------------
Selection process:
Two types of Bridges[swithes]:
1).Root Bridge[RB].
2).Non Root Bridge[NRB].
Only one Root Bridge[NR] is possible in a network.

N-1 Non Root Bridges[NRBs] are possible in a network.
Note:
N-Total no.of.Bridges[Switches].
Root Switch is a main switch in a network.
All communications happens via the Root switch.
Election happens between the switches to select the Root Bridge[RB].
Election time between the switches is 30 seconds.
Root Bridge[RB] election parameters :[Bridge ID=Switch priority+Switch MAC address]

Parameter1:Bridge ID
Parameter2:Switch priority
Parameter3:Switch MAC address
Switch MAC addresses:

MAC address
Switch-1 A--------->10[Hexadecimal value]
Switch-2 B--------->20[Hexadecimal value]
Switch-3 C--------->30[Hexadecimal value]
By default,switch priority is 32,768[Switch priority range:[0-

65,535=65,536/2=32,768]].
Switch priority is 16-bits.
Switch MAC addresses is 48-bits.
Total no.of.bits=64 bits[8-bytes].
Bridge ID is 64-bits[8-bytes].
BPDU[Bridge Protocol Data Unit]message is used by the bridges[Switches] to exchange

their Bridge ID between each others for the election process.
BPDU contains the bridge ID.
Fixed BPDU mac address:01:80:c2:00:00:00
Eg:
3 bridges in a network.
Only one Root Bridge[NR] is possible in a network.
2[3-1] Non Root Bridges[NRBs] are possible in a network.
Step1:Select the Root Bridge(Bridge ID=Switch priority+Switch MAC address)

Bridge is a smaller version of the switches.
Switch-1 compares its bridge ID with switch-2 and switch-3.
Switch-1,switch-2,switch-3 switch priority are TIE.
MAC address is always the best tie breaker.
Switch-1 MAC address is lower as compared to the switch-2 and switch-3 MAC address.
Now,switch-1 becomes the Root bridge[RB].
Switch-2 and Switch-3 becomes the Non-Root Bridge[NRB].
Manually reduce the switch-2 priority by 4096 to make it as a Root bridge.
Increment/Decrement is always by [+/- 4096].
Step2:Select the Best Path.

a).Select the Root Port[RP].
b).Select the Designated Port[DP].
c).Select the Block Port[also known as Non-Designated Port/Alternative port]
STP is used to find the best path.

Alternate port provides Redundancy in the network.
Alternate port is about the backup port.
Port Roles:
1).Root port.
2).Designated port.
3).Non designated port/Alternate port/Block port.
1).Root port:
Best exit interface is always known as Root port.
Root port present always in the Non Root Bridges[NRB].
1NRB=1RP.
Root port election parameters:

1).Lowest path cost always depends on the speed not on the destination.
Path cost is inverseley propoprtional to the speed.
Pathcost:
Bandwidth Cost
10 Gbps 2
1 Gbps 4
100 Mbps[Fastethernety] 19
10 Mbps[Ethernet] 100
2).Lowest sender bridge ID.

3).Lowest sender port priority.
4).Lowest sender port ID.
Data transfer happens always via the Root Bridge.

Direct data transfer is not possible between the end devices.
2).Designated port selection:

Segmentation concept is used to find out the Designated port.
Segment=Designated Port+Root Port/Alternate port.
Interface-1 Interface-2
Segmentation is the combination of the two directly connected interfaces.
Two possibile combinations in the segment:

1).Designated Port+Root Port.
2).Designated Port+Alternate port.
Use bridge ID to find out the Designated port.
Now,switch2 becomes the Designated Port.
Important note:
Designated Port and Root Port are always in the forwarding state.
Alternate Port is always in the Block state.
Data transmission/reception is possible in the forwarding state.

Data transmission/reception is not possible in the Block state/Alternate Port.
Root Port and Block port is not possible in the Root Bridge.
Only Designated Port is possible on the Root Bridge.
Port states:
1).Disable state[Manually shutdown the interface][Red colour].
2).Blocking state[Interface is in disable state by STP][Amber].
3).Listening state[Root bridge election process][Amber].
4).Learning state[Root bridge election process][Amber].
5).Forwarding state[Final state][Green].
Data transfer happens only in the Forwarding state not in other states.
----------------------------------------------------------
CCNA_DAY_15:[Two switches]
Root port election parameters:[Continuation....]

2).Lowest sender Bridge ID[32,768+A(10)].
3).Lowest sender Port Priority[128].
4).Lowest sender Port ID[f0/0].
7 Switches:
Use segmentationconcept.
STP is used to find out the best path in the switches.

Routing protocols are used to find out the best path in the routers.
STP is always from the NRB to the RB.

Direct device connection is not possible with the Root Bridge.
Direct device connection is possible with the Non Root Bridge.
Etherchannel[Physically many cables,but virtually single cable] is not a part of

CCNA syllabus.
Alternate Port:
Data transmission/reception is not possible in the Alternate Port.
BPDU transmission/reception is possible in the Alternate Port.
Configure High Availability[also known as R edundancy/Back-up] in case Root Bridge

goes down.
Port states:
1).Listening state[15 seconds].
2).Learning state[15 seconds].
3).Forwarding state[15 seconds].
Root ID:
Bridge ID of the Root Bridge.
Root ID[Global ID] is same on all the switches/Bridges.
Root ID size= 6 bytes + 2 bytes =8 bytes[64-bits].
Switch MAC address Switch priority
Bridge ID:
Local ID[NRB] of that particular switch.
Bridge ID size= 6 bytes + 2 bytes =8 bytes[64-bits].
Switch MAC address Switch priority
----------------------------------------------------------
Switch#Show spanning tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID: Priority :32,769
Address :0030:F288.D38B
This bridge is the root.
Hello Time :2 seconds.
Max Age :20 seconds[Timer].
Forward Delay :15 seconds[Listening State].
Forward Delay:
Total Forward delay=30 seconds[15*2=30 seconds].
Because,Listening state=15 seconds.
Learning state=15 seconds.
Max Age:
Max Age Timer is 20 seconds.
If Timer exceeds 20 seconds.
Alternate port does not receives any BPDUs.
Then Alternate port becomes the Designated port.
Actual switch priority=32,768+1[Vlan ID]=32,769.

No.of.STP=No.of.Vlans.
STP modes:
1).CST[Common Spanning Tree].
2).PVST[Per Vlan Spanning Tree].
3).PVST+.
Protocols:
1).STP.
2).RSTP.
3).MSTP.
Portfast:
STP is used to avoid the L2 loop between the switches.
STP is only required between the Switches[Because,switch is an L2 device].
STP is not required between the End device and the Switch.
Listening state[15 seconds] and Learning state[15 seconds] is not required between
the End device and the Switch.
Command:
spanning-tree portfast
portfast feature is used to skip the Listening and Learning state in the End
devices.
Listening state[15 seconds]and Learning state[15 seconds] is not required between
the End device and the Switch.
In industry practice,
Let us consider,Switch has 24 ports.
By default,2 ports are used in between the switches out of 24 ports.
Configure spanning-tree portfast command in the remaining 22 ports,which are
connected with the End devices.
[or]
Portfast:
Enable an interface to move directly to Forwarding on link up.
---------------------------------------------------------
Core switch:
The switch,which is connected with the Internet.
BPDU Guard:
Configure BPDU Guard feature in the remaining 22 ports,which are connected with the
End devices.
BPDU with better Bridge ID as compared to existing bridge ID is known as Superior
BPDU.
BPDU Guard feature protect the internal network from the superior BPDUs.
Error disable state.
Command:
spannig-tree bpduguard enable
[or]
Don't accept BPDUs on this interface.
----------------------------------------------------------
BPDU Filter:
BPDUs for every 2 seconds are only required between the Switches[Because,switch is
an L2 device].
BPDUs for every 2 seconds are not required between the End device and the Switch.
Configure BPDU Filter on the Root Bridge to stop the BPDUs for every 2 seconds
towards the End devices.
[or]
Don't send BPDUs on this interface.
----------------------------------------------------------
CCNA_DAY_16:
Routing Protocols:
Routing is always used on the WAN side.
In Routers:
N no.of.Interfaces = N no.of.Networks.
Routing methods:
1).Static method.
2).Dynamic method.
3).Default method.
Dynamic method is divided into two parts:

1).IGP[Interior Gateway Protocol].
2).EGP[Exterior Gateway Protocol].
IGP[Interior Gateway Protocol] is divided into 3 parts:

1).Distance vector protocol[RIP].
2).Link state protocol[OSPF].
3).Hybrid protocol[EIGRP].
EGP[Exterior Gateway Protocol] has BGP.

BGP is divided into two parts:
1).I-BGP.
2).E-BGP.
Overall:
1).Distance vector protocol[RIP].
2).Link state protocol[OSPF].
3).Hybrid protocol[EIGRP].
4).IGRP[Interior Gateway Routing Protocol].
5).IS-IS[Intermediate system-Intermediate system Protocol].
6).BGP[I-BGP,E-BGP].
Router uses the Routing protocol to decide the best path.

According to CCNA syllabus,Static,Default,Dynamic[only OSPF].
RIP is already obselete.
----------------------------------------------------------
Amit sirs advice:CCNA_DAY_17 Vedio:[00:09:10 or 01:33:30]
Out of RIP,OSPF,EIGRP,IGRP,IS-IS,BGP.
Only finish the BGP properly,Like STP in the switching.
Easily,we can get 8-10 LPA type of package in the market.
BGP is the most important protocol out of RIP,OSPF,EIGRP.
Mostly,Be an expert with the EGP[BGP].
EGP is the most important than IGP.
But,without IGP,we cannot study EGP.
----------------------------------------------------------
1).Static Routing:
3 different options in the static method:

a).Satic method with the Next hop.
b).Static method with the Exit interface.
c).Static method with the combinations of the [Exit interface+Next hop].
According to CCNA syllabus,only Next hop.
Gateway/Default gateway is known as the Next hop.
Next hop must be from the same network.
Routing Table[Router's Brain]:

Router maintains network information[Eg:10.1.1.0/30 f0/0] in the routing table as
well as ARP Cache.
ARP Cache maintains the MAC address entry[Eg:10.1.1.1-A f0/0].
ARP Cache timer is 4 hours.
Route Lookup in the Routing Table:

Step-1:[Normal Route Lookup]
11.1.1.0/29 via 10.1.1.2
Step-2:[Recursive Route Lookup]
10.1.1.0/30-f0/0.
Recursive Route Lookup is the biggest disadvantage.
CPU utilization of the Router increases.
3 Types of Traffics in the Router:

1).To the Traffic.
2).From the Traffic.
3).Through the Traffic.
-----------------------------------------------
Amit Sir:
All the CLI commands presents in the Lab Manual.
-----------------------------------------------
Static Route Syntax:
ip route [Destination Network ID] [Subnet mask] [Next hop]
----------------------------------------------------------
CCNA_DAY_17:
Static Routing with Exit Interface:
Next hop-Recursive Route Lookup.

No Recursive Route Lookup during the Next hop.
Exit interface-Proxy ARP.

No Recursive Route Lookup during the Proxy ARP.
Proxy ARP[Exit interface concept]:CCNP topic.

Proxy ARP Eg:Class Attendance.
Instead of Durga[Absent],Raghu[Present] says present during the attendance session.
Next hop+Proxy ARP is always the best method.
By default,All these Dynamic Routing Protocols[RIP,EIGRP,OSPF,BGP]uses the

combination [Next hop+Proxy ARP].
No Recursive Route Lookup+No Recursive Route Lookup during the combination [Next
hop+Proxy ARP].
Important note:
ARP is always possible within the same network.
ARP is not possible between the two different networks.
Reason:
R1 has generated the ARP request[ARP request is always Broadcast].
R2 won't allow Broadcasting.
R2 allows Unicasting [or] Multicasting.
But,R1 ARP cache has entry like[10.1.1.1,10.1.1.2,11.1.1.3].
10.1.1.1[MAC accress:A],10.1.1.2[MAC accress:B]->Same network.
11.1.1.3[MAC accress:B]->Another network.
10.1.1.2[MAC accress:B] and 11.1.1.3[MAC accress:B] has the same MAC address.
This concept is known as the Proxy ARP.
By default,Proxy ARP is enabled on R2.

Proxy ARP is pre-configured only in the Cisco devices not in the other vendors.
Manually enable the Proxy ARP in the other vendors.
Two disadvantages:
1).Recursive Route Lookup[No Proxy ARP].
2).Proxy ARP[No Recursive Route Lookup].
----------------------------------------------------------
Static Routing with Exit Interface+Next hop:
Syntax:
ip route [Destination Network ID] [Subnetmask] [Exit interface]+[Next hop]
Static Routing with Exit Interface+Next hop is the best option as compared to the
Next hop and the Exit interface.
Because there is No Proxy ARP and No Recursive Route Lookup.
----------------------------------------------------------
2).Default Routing:
Syntax:
ip route 0.0.0.0 0.0.0.0 [Next hop]
[Destination Network ID] [Subnetmask]
Access the Internet via the Laptop.

Internet means different networks[Facebook server,Instagram server,Linkedin
server,etc...][Different servers].
we are paying and accessing the data from the different servers.
we need reacheability upto those servers.
Router connected with the Internet[ISP] is known as an Edge router.

Internet is all about Outside [or] WAN.
Internal network is all about Inside [or] LAN.
By default,99.9% Default route presents on the Edge router in the outside

direction.
Now,user can access any server.
In default Routing,Use only Next hop and Exit Interface+Next hop.

Don't use Exit Interface.
3 different options in the default method:

a).Default method with the Next hop.
b).Default method with the Exit interface.
c).Default method with the combinations of the [Exit interface+Next hop].
----------------------------------------------------------
CCNA+DAY_18:
OSPF[Part-1]:
OSPF belons to Dynamic Routing Protocol.
Static means Manual.
Dynamic means Automatic.
Automatically,the new router would update its IP address to all the existing
routers.
Automatically,all the existing routers would share their own informations[IP
address,etc..] to the new router.
90% OSPF is used in the corporates.
----------------------------------------------------------
RIP is already obselete before 8 years.
RIP is not the part of the corporate.
EIGRP is not the part of the syllabus.
RIP is the combination of the [Distance Vector Protocol+Link State Protocol].
RIP gives the Direction+Distance.
Distance Vector Protocol:

Vector is the combination of the [Direction+Distance].
Routing protocol is used to find out the best path.
----------------------------------------------------------
OSPF is a Link State Protocol.
OSPF Eg:
Google Map gives proper road map.
Automatically,OSPF calculates and find the best path to reach the destination.
90% cases,OSPF is used in the corporates.
Steps to find out the Best Path:

Step-1:Use Highest Prefix Length.
Step-2:Use Lowest AD value.
Step-3:Use Lowest Metric Value.
Step-4:Use Load Balancing.
1).Use the Highest Prefix Length:

Eg:10.1.1.0/24
10.1.1.0-->Prefix.
/24------->Prefix Length.
Case:
If all the Prefix Length are same,then Tie breakrer.
Solution is use the Lowest AD value Routing Protocol.
2).Use the Lowest AD value Routing Protocol:

Administrative Distance value[AD value] is the feature used by the routers to
select the best path.
when there are 2 or more different paths to the same destination from two different
routing protocols[Eg:EIGRP-90,OSPF-110,RIP-120].
Administrative Distance defines the reliability of a routing protocol.
According to the interfaces also,we can configure the routing protocols.

More than 1 routing protocols can be configured at the same time on a single
router.
Reserved AD values[Fixed]:
1).Connected-0[Lowest AD value].
2).Static-1
3).EIGRP-90
4).OSPF-110
5).RIP-120
Case:
If all the Reserved AD values are same,then Tie breakrer.
Solution is use the Lowest Metric value.
3).Use the Lowest Metric Value:

RIP------>Hop Count.
EIGRP---->KS Values.
OSPF----->Cost.
OSPF uses the formula to find out the Cost value:

OSPF cost=Reference bandwidth[10^8]/Actual interface bandwidth.
OSPF cost=10^8/Actual interface bandwidth.

=10^8/1000 Mbps.
=10^5 Mbps.
So,use the Gigabit Ethernet for the lowest cost value.
3 Actual interfaces bandwidth from the same Router:

1).Ethernet[Speed:10 Mbps].
2).Fastethernet[Speed:100 Mbps].
3).Gigabit Ethernet[Speed:1000 Mbps].
Hop Count means,in the RIP,i.e.,No.of.routers in between the source and trhe
destination.
KS Values are further divided into 5 parts.
4).Load Balancing:
1).Equal cost Load Balancing.
2).Un-equal cost Load Balancing.
By default,Load Balancing is enabled.

Load Balancing can be modified.
Above discussed steps are used by any Dynamic Routing Protocols to find out the
best path.
If the source has more than 1 path from the same source to the destination.
----------------------------------------------------------
Area:
OSPF always works on Area based concept.
Area ID.
Area ID size is 16-bits and 32-bits.
Two types of Area:

1).Intra Area[Same Area].
2).Inter Area[Different Areas].
First form the neighbourship between all the Intra Area Routers.
Configure OSPF between all the Intra Area Routers to exchange the network
informations.
By default,Intra area communication is possible.
By default,Inter area communication is not possible.
Backbone Area[Specific Area] is reserved for the inter area communication.
Area 0[Backbone Area ID].
There is no direct communication between the Inter Area Routers[R1,R2,R3,R4,R5].
Backbone Area is a Gateway to the different Areas.
Every different areas should be connected with the Backbone Area.
Neighbourship:
Existing router establishes a neighbourship with the new router to exchange the
network informations.
If there is no neighbourship,then there is no communication.
Neighbours are always directly connected.
Router has the Neighbourship table.
Aunti's model:
Aunti's model exists in all the Dynamic Routing Protocols.
Aunti's model means sharing a new information to the only to the immediate
neighbours.
Split Horizon Rule:

By default,Split Horizon Rule is enabled on all the routers.
Split Horizon Rule is used to avoid the shared new information back to the sender.
ABR[Area Border Router]:

The router connected with the backbone Area[Area 0].
Problem in Area 10:

If 10 new networks gets added in the Area 20.
Then,Area 20 will updates the Area 0.
Then,Area 0 will updates the ABR.
Now,ABR updates to all the routers in the Area 10.
Now,Looping problem arises between all the routers in the Area 10.
Split Horizon Rule does not works on Updates.
Solution to avoid the Looping in Area 10 is:

1).Designated Router[DR][Eg:Trainer].
2).Backup Designated Router[BDR][Eg:Class Representative].
3).Designated Router Others[DRO][Remaining Students].
1 Designated Router in a single Area[Eg:Area 10].

1 Backup Designated Router in a single Area[Eg:Area 10].
N-2 Designated Router Others in a single Area[Eg:Area 10].
----------------------------------------------------------
1).Designated Router selection[DR selection]:
Designated Router is the main router in the OSPF process.
1).Highest Priority.
2).Highest Router ID.
2).Border Designated Router selection[BDR selection]:

1).Second Highest Priority.
2).Second Highest Router ID.
Router Priority Range is 0-255.

By default,Router Priority is 1.
Router ID[Eg:Adhaar Card Number].
Router ID selection:
1).Manually configure the Router ID on the router by using the command.
2).Automatically,Router selects the Router ID.
Automatic has 2 options:

1).Select the Virtual interface highest IP address as the Router ID.
2).Select the physical interface highest IP address as the Router ID.
If ABR receives the new network infromations from the Area 0.

ABR would update the new network infromations to the Designated Router[DR] and to
the Border Designated Router[BDR].
Only Designated Router would update the new infromations to all the Designated
Router Other's.
If Designated Router is down,then the Border Designated Router acts as a Designated
Router.
Now,Designated Router becomes the Designated Router Other.
By this,we can avoid the Looping.
Designated Router Other's doesn't has the capability to update all its neighbours.
----------------------------------------------------------
CCNA_DAY_19:
OSPF[Part-2]:
Loopback[or Virtual Interface]:

Loopback interfaces are used only for the Testing [or] Training purposes in the
corporates.
Router ID selection:
1).Manually configure the Router ID on the router by using the command
[router-id 0.0.0.1].
2).Automatically,Router selects the Router ID with the following two things.
a).Physical interface highest IP address[70.1.1.1].
b).Virtual interface highest IP address[1.1.1.1/24].
Command to create virtual interface:
int loopback 0
ip address 1.1.1.1 255.255.255.0
exit
By default,Virtual interfaces are always in the up state.

No shutdown command is required.
------------------------------------------------------------
Lab:[Remind me:OSPF-part-2,00:17:39][Amit sir has bgp notes]
Command to check the ARP Table:

show arp.
Command to check the Routing Table:

show arp.
Configure OSPF to form the neighbourship between the two routers by using the Hello
packet.
Hello packet contains:
a).Area ID[Must Match].
b).Network Type[Match].
c).Hello Timer[Match].
d).Dead Timer[Match].
e).Priority[0-255].
f).Authentication[Match].
g).Area Type[Match].
h).Stub Flag[Match].
i).SIP.
j).DIP.
k).SMAC.
l).DMAC.
a).Area ID[Must Match]:

Area ID should be same on the routers for the Intra zone communication.
Hello Timer generates Hello packet for every 10 seconds.

Dead Timer-40 seconds[4 packets].
Manually,Hello Timer and Dead Timer can be changed.
Hello Timer and Dead Timer should be same on the both sides to form the
neigbourship.
Router Priority range->0-255.

----------------------------------------------------------
CCNP parts:
Authentication.
Area Type.
Stub Flag.
----------------------------------------------------------
SIP[10.1.1.1]R1 ip address.
DIP[224.0.0.5]->Reserved OSPF multicast ip address.
SMAC[c2:01:2c:50:00:00]->R1 MAC address.
DMAC[01:00:5e:00:00:05]->Reserved OSPF multicast mac address.
Because,R1 MAC address is c2:01:2c:50:00:00

R2 MAC address is c2:02:1f:20:00:00
Reserved OSPF multicast ip address:

224.0.0.5
224.0.0.6
Multicast ip address:
In every protocols,we have different messages like Hello message,Update
message,Keepalive message.
All these messages are multicast ip address.
Hello packet is always multicast.
Reserved OSPF multicast mac address:

01:00:5e:00:00:05
----------------------------------------------------------
Command to configure ospf:
config t
router ospf 1[process id]
network [network-id] [wildcardmask] [area id].
Eg:
Command:
network 10.1.1.0 0.0.0.255 area 10
R2 uses network command to share the new informations with the R1.
Subnet mask:255.255.255.0
'0'->Octate is Empty.
'255'->Octate is Full.
Wildcardmask:Reverse of the Subnetmask.

Wildcard mask:0.0.0.255
'0'->Octate is Full.
'255'->Octate is Empty.
Important Note:
Use always Wildcard mask for the ACL,BGP,EIGRP,OSPF.
Command to check the running dynamic protocol:

show ip protocols.
Command to check the neighbourship:

show ip ospf neighbours.
Filter command to show specific protocol out of all the protocols:

show ip route [dynamic protocol name]
Command to show all the configured commands:

show run | section ospf
Command to Turn-on Debugging:

debug ip packet
Command to Turn-off Debugging:

u all
Command to ping from the virtual interface:

ping [ip-address] source [ip address]
| |
Destination ip address Virtual interface ip address
----------------------------------------------------------
CCNA_DAY_20:
FHRP[First Hop Redundany Protocol]:
FHRP is a type of HA[Redundancy/Backup] in the network.
FHRP works for the device and the LAN interface not for the WAN interface.
If outside WAN interface gets down,FHRP will not work.
If outside WAN interface gets down,Track concept would works for the WAN interface.
So,
FHRP is for the device[Router] and the inside LAN interface.
Track is for the outside WAN interface.
Track is not a part of the CCNA.
Scenarios:
Scenario-1:Router Inside LAN interface gets down.
Scenario-2:Router itself gets down.
Scenario-3:Router Outside WAN interface gets down.
Edge device:
The device which is connected with the ISP.
From where we are getting the internet.
FHRP:
Backup/Redundancy concept is known as High Availability[HA].
FHRP is divided into 3 parts:
1).HSRP[Hot Standby Router Protocol].
2).VRRP[Virtual Router Redundancy Protocol].
3).GLBP[Gateway Load Balancing Protocol].
VRRPand GLBP are Multivendors[Open Standard].
1).HSRP[Hot Standby Router Protocol].

HSRP is the Cisco proprietary.
HSRP works only on the cisco devices.
Enable HSRP on R1 and R2.
HSRP has Virtual ip address and Virtual mac address.
Configure the Virtual ip address on the R1[Active state] and R2[Standby state].
Virtual ip address should be from the same network.
Physical ip address is not used.
Two types of states:

1).Active state.
2).Standby state.
R1---------------->Active state.
R2[Backup Router]->Standby state.
If R1 gets down:
R1---------------->Down state.
R2[Backup Router]->Active state.
Virtual ip address presents only in the Router,which is in the Active state.

Virtual ip address becomes the virtual gateway for all the End devices which are
connected with the switch.
Physical gateway is not required.
Load Balancing:
Keep R1 and R2 in the Active state.
Load balancing is used to equally divide the traffic between R1 and R2 at the same
time.
HSRP does not supports the Load Balancing.

VRRP supports the Load Balancing.
By default,Load Balancing feature disabled in the VRRP.
Manually enable the Load Balancing feature in the VRRP.
Maximum upto 2 routers can be used in HSRP and VRRP.
By default,Load Balancing feature is Enabled in the GLBP.

Maximum upto 5 routers can be used in GLBP.
----------------------------------------------------------
Access Control List[ACL]:
ACL is a type of the security guard.
ACL is used to allow the traffic and deny the traffic.
ACL is based on the conditions.
Two types of Access Control Lists:

1).Standard Access Control List.
2).Extended Access Control List.
Only Source ip address[or source network] condition[or Filter] should be used in

the Standard Access Control List.
Destination does not matter for the Standard Access Control List.
Following conditions[or Filters] can be used in the Extended Access List.

Source ip address[or source network]
Destinatio ip address[or Destination network]
Any protocol.no.
Any port.no.
Extended Access List is more flexible than the Standard Access List.
Port.no assignment:
1).Source Port Number:
Source Port Number is always the Random Port Number.
Source Port Numbers Range:1024 - 65,535.
2).Known Port Number:
Known Port Numbers Range is 0 - 1023.
Time based Extended ACL.

Rules are configured via the commands.
Rules Eg:
Dip.
Dip.
Protocol.no.
Port.no.
Action.
1).Standard Access Control List Range:1 - 99.

2).Extended Access Control List Range:100 - 199.
Configure Standard ACL with the 2 methods:

1).Name---->Any Name.
2).Number-->[1 - 99].
1st priority->Number.
2nd priority->Name.
Configure Extended ACL with the 2 methods:

1).Name---->Any Name.
2).Number-->[100 - 199].
ACL Activation requires the following steps:

1).Configure the rules.
2).Assign the rules on the interface to activate the ACL.
3).Configure the direction.
ACL always works on the interface.
Router has 2 types of policies on every interfaces:

1).Inbound policy.
2).Outbound policy.
ACL can be used for Inbound as well as for Outbound.
Router has 2 types of traffics on every interfaces:

1).In-gress Traffic[Receive the traffic].
2).Out-gress[e-gress] Traffic[Transmit the traffic].
----------------------------------------------------------
Use GNS3 with Wireshark for ACL.
Eve-ng.
----------------------------------------------------------
How to configure the Telnet:
Two options for the Remote access:

1).Telnet.
2).SSH.
Telnet[Port.no.23] is not secured.

SSH[Port.no.22] is secured.
By default,Telnet and SSH are disabled on the router.
Manually enable the Telnet and SSH by using the commands.
----------------------------------------------------------
Remaining:last 5 min.
#username cisco password cisco

#line vty 0 4
#transport input telnet/ssh
#login local
#exit
Console port on the devices for the physical access.

Auxillary port is a backup of the console port.
No telnet port concept.

No SSH port concept.
Virtual concept is known as Virtual Terminal.
Virtual Terminal is used for the remote access.
Vty means Virtual Terminal[Virtual Terminal is equivalent to Console port].
By default,services are disabled in the Virtual Terminal.
By default,Authentication is disabled.
Access the Username and password via two ways:

1).Local database of the Router.
2).Centralised Database for the Usernames and Passwords.
a).AAA server.
b).ISE.
c).AD.
d).LDAP.
e).SAMAL.
f).Cobernet.
Use putty software for PC.

Use the command [telnet + nexthop] for the Router.
Login means Authentication happens.
----------------------------------------------------------
CCNA_DAY_21:
ACL Lab:
According to the syllabus:Only Standard ACL,There is no Extended ACL.
3 Scenarios:
2 Users from the Network 'A' access the server in the Network 'B'.
1).Scenario.1.
2).Scenario.2.
3).Scenario.3.
Scenario.1->[Block the Host[IP address] from the network 'A' on the Network 'B'].
Deny->Specify packets to reject.

Permit->Specify packets to forward.
Remark->Access-list entry command.
Host-name[or]A.B.C.D->Address to match[Specific network][Eg:10.1.1.0/24].

Any->Any Source Host[More than one network at the same time][Eg:Default Route].
Host->A Single Host Address[Specific IP address].
Hit Count Meaning:

Configure the ACL on the Edge Router interface.
Traffic[Site 'A' or 'B'] via the ISP is hitting the Edge Router interface in the In
Direction.
Now,Hit Count increases.
CCIE Lab Exam->Only Script checking.

No Manual Checking.
ACL has basic nature:

First,ACL always checks for the deny statement,then only permit statement.
---------------------------------------------------------
Important Note:
'N' no.of.entries are possible in a single ACL.
Single ACL on a Single interface in a Single direction is possible at the same
time.
Two ACLs on a Single interface in a Single direction is not possible at the same
time.
---------------------------------------------------------
SSH:
Username has privilege level 0[Limited Access] to privilege level 15[Full Access].
---------------------------------------------------------
Scenario.2->[Block the traffic from the network 'A' towatds the Network 'B'].
Four networks exists in our Topology:

Network-1:10.1.1.0/24
Network-2:11.1.1.0/24
Network-3:12.1.1.0/24
Network-4:10.2.2.0/24
NAT is not possible without the ACL.

---------------------------------------------------------
Scenario.3->[Block all the Networks].
----
---------------------------------------------------------
Extended ACL:[Not the part of the CCNA Syllabus]
1).Scenario.1.
2).Scenario.2.
Scenario.1:[Block the Specific service][Eg:Telnet,SSH,Http,Https].
eq->Match only packets on a given port number.
TCP->Specific Protocol.
IP->All the Protocols[TCP is one of the Protocol in the IP].
Any->Any Source Host[More than one network at the same time].
Scenario.2:[Configure ACL on the Edge Router to block the Internet access for the
User-1 in the Network A'].
----------------------------------------------------------
CCNA_DAY_22:
Two types of ip addresses:
1).Private ip address[Free service].
2).Public ip address[Paid service].
Private ip address is not routable on the ISP[means users cannot access internet].
Public ip address is routable on the ISP[means users can access internet].
Different classes in ipv4:

Fixed private ip address range in class A:10.0.0.0 - 10.255.255.255
Fixed private ip address range in class B:172.16.0.0 - 172.31.255.255
Fixed private ip address range in class C:192.168.255.255
Users cannot access the internet by using the private ip address on the End
devices.
On Edge Router,Configure always Default route on the outside WAN interface.
NAT[Network Address Translation]:

Edge Router checks for the destination ip address in the packet.
Edge Router does not has the capability to identify whether the ip address is
private ip address [or] public ip address.
Because,Edge Router's task is not to identify whether the ip address is private ip
address [or] public ip address.
Configure always Default route between the [Edge Router,ISP] and [Edge
device[Eg:Facebook server],ISP].
ISP uses High-end routers.
ISP mostly deals with BGP,MPLS[Private service],IS-IS.
BGP,MPLS[Private service],IS-IS Protocols are the backbone of the ISP.
ISP[Public][Eg:BGP] versus SP[Private][Eg:MPLS].
ISP drops the Private ip address[Non-routable] during the reply from the Edge
device[Eg:Facebook server].
----------------------------------------------------------
IPv4 is used all over the world.
IEEE organisation is the distributer of the IPv4 addresses.
Public IPv4 addresses are in the range of billions.
----------------------------------------------------------
NAT-Network Address Translation.
PAT-Port Address Translation.
NAT converts the Private ip address into Public ip address and vice versa.
Always configure the NAT on the Edge device[Routers,Firewalls].
NAT is also known as Translation.
1 Public ip address can handle 65,000 Private ip addresses.
Eg:
65,000 End devices are mapped with the 1 Public ip address.
NAT has 2 categories:

1).Source NAT[Private source ip address is translated into an equivalent Public
source ip address].
[or]
Traffic from Inside to Outside.
2).Destination NAT[Private source ip address is translated into an equivalent
Public source ip address]..
[or]
Traffic from Outside to Inside.
we will learn Destination NAT in the [CCNP Security or CCNP Security] not even in
CCNP Enterprise.
Types of NAT at CCNA Level:

1).NAT[Network Address Translation].
2).PAT[Port Address Translation].
NAT itself is not a feasible solution.

PAT is the feasible solution.
98% PAT+Dynamic is used in the corporates.
Two deployment methods in the NAT:

1).Static NAT:
1 Private ip address is manually mapped with the 1 Public ip address.
2).Dynamic NAT:
a).Create the Public ip address Pool.
b).Create the Access Control List[ACL].
c).Traffic from the Internal network picks the Public ip address from the
Pool automatically.
NAT PAT
'n'no.of.Private ip addresses 65,000 Private ip addresses

= =
'n'no.of.Public ip addresses 1 Public ip address.
----------------------------------------------------------
PAT:
Same 1 Public ip address is mapped with the different Private ip addresses.
Edge router uses the source port number[Usually a Random number] to identify the
Exact user during the reply.
Source port plays very important role during the NAT and in the session layer to
keep the sessions seperate at the same time.
Overall:
1).Static NAT.
2).Dynamic NAT.
3).Static PAT.
4).Dynamic PAT.
PAT is better than NAT.
Dynamic NAT is better than Static NAT.
Theoritical discussion:NAT and PAT.

Practical:Only NAT.
PAT would be in the CCNP Enterprise.
----------------------------------------------------------
Destination NAT:
Edge router gets the Request from the Outside[WAN Side].
Server is providing a service to the user.
Hosting different services in different servers with the single ip address.
Assign the ip address with the Customized port number for each users to access the
different servers with the different Customized port numbers.
----------------------------------------------------------
CCNA_DAY_23:[01:20:00]
NAT Lab:
Static NAT Lab:
By default,NAT is always Bidirectional in the Static NAT.
By default,Destination NAT also exists.
Cisco devices always supports the Bidirectional NAT[Source NAT+Destination NAT] not
the Uni-directional NAT.
---------------------------------------------------------
Dynamic NAT Lab:
Step-1:Configure the Pool of Public IP addresses range on the Edge router.
Step-2:Configure the Source based Standard Access Control List.
Step-3:Merge[Matching] the Step-1[Range of Public IP addresses] and Step-2[Private
IP addresses].
ACL is about Wildcardmask.

---------------------------------------------------------
DHCP[Dynamic Host Configuration Protocol]:
DHCP always works within the same network not between the different networks.
Device has two options to connect with the Wi-Fi:

1).Use Username and Password.
2).Open[Free].
Automatically,Devices are getting the ip address.
Two options to assign the ip address in the Networking:

1).Static[Manually configure the IP address].
2).Dynamic[Device obtains an IP address automatically].
DHCP always follows the Server and the Client concept.

A network has 1 DHCP server[1 network=1 DHCP server].
Remaining devices acts as a Clients.
Create the Pool of Public IP addresses range[Eg:10.1.1.0/24] on the Edge
router[DHCP server].
Manually,10.1.1.1/24 Public IP address is assigned to the DHCP server.
10.1.1.1/24 Public IP address is excluded from the Pool of Public IP addresses
range.
DHCP:
UDP-17[Protocol.no].
Server-67[Port.no].
Client-68[Port.no].
DORA process happens after the DHCP configuration:

D->Discovery[Broadcast]->[DHCP client to DHCP server].
O->Offer[Broadcast]->[DHCP server to DHCP client].
R->Request[Broadcast]->[DHCP client to DHCP server].
A->Acknowledgement[Broadcast]->[DHCP server to DHCP client].
After Discover[or] Before sending the Offer,ARP[ARP Request+ARP Reply] happens to
avoid the duplicacy.
After the unique Public IP address assignment.
By default behaviour,Immediately GARP happens for once more verification.
255.255.255.255->This is Broadcast IPv4 address.
Port.no-67 would be Active only for the DHCP server not for the DHCP client.
Port.no-68 would be Active only for the DHCP client not for the DHCP server.
'O'->DHCP server offers IP address to the DHCP client.

---------------------------------------------------------
DNS[Domain Name System]:[DNS is very imnportant in the interview perspective]
UDP:
Protocol.no:17.
Port.no:53.
TCP is for the HA within the DNS.

TCP is not for the DNS.
DNS is a public server[DNS Google Server [or] Actual Google Server][8.8.8.8 and
4.2.2.2].
Eg:https://facebook.com[User can access the Facebook server over the internet].

IP address is mapped behind the URL[https://facebook.com],
[or]
IP address is already mapped with the Domain name.
Actually,15 to 16 DNS servers presents all over the world.

Exactly 4 to 5 DNS servers and are further divided into 15 to 16 DNS servers.
Private DNS server[Open DNS server] is also present in the market.

Open DNS server is a Cisco DNS server.
At present,Open DNS server is known as Umbrella[Cisco product].
Paid subscription is required to access the Umbrella.
Umbrella is a highly secured DNS server.
But,DNS Google Server is free.
DNS would resolve/convert the Domain name into an IP address.

Eg:ping www.google.com is resolved/converted into 172.217.163.196.
Domain name Eg:r1.cisco.com is mapped with the IP address.

r2.cisco.com is mapped with the IP address.
r3.cisco.com is mapped with the IP address.
Google is performing these things.

Cisco is also performing these things,but paid.
Windows server-2016 is used for the private DNS server in a network.

----------------------------------------------------------
CCNA_DAY_24:[Basics of Security]
CIA model in Security[OSI model in CCNA R&S].
C-Confidentiality.
I-Integrity.
A-Availability.
Whole security concept works on behalf of the CIA model.

https is secured.
http is not secured.
1).Confidentiality:
@$#^%$&^%&->Cipher Text[or]Encrypted Data[Non-Readable Format].
Cisco------>Clear text/Clean text/Plain text[Readable Format].
Cipher suites/protocols are used to convert the clear text into cipher text:
1).Encryption Algorithms are used for the Confidentiality like:
a).DES[Data Encryption Standard].
b).3DES[Triple DES].
c).AES[Advanced Encryption Standard].
Use Encryption Algorithms on the top of the Clear Text[Username and Password].
----------------------------------------------------------
2).Integrity:
Data should be modified only by the Authorised persons not by any Un-authorised
persons[Attackers].
Integrity can be achieved by using the following Algorithms:
a).MD5[Message Digest Algorithm 5].
b).SHA[Secure Hash Algorithms].
Sometimes,md5 is used for the Authentication as well.
Disadvantages before the addition of the Integrity:

Attacker can modifies the Data[Username and Password] in between.
Wrong Username and Password leads to the File deletion.
After the addition of the Integrity:

Use Integrity Algorithms on the top of the Clear Text[Username and Password].
--------------------------------
Google:hash calculator online.
--------------------------------
Site-A End Router performs Hashing function[md5] on the Clear Text[Username and
Password].
After Hashing function,Hash value gets generated.
According to the Headers,the Clear Text[Username and Password] is known as Payload.
FCS[Frame Check Sequence]:

End Router saves Hash value in the FCS.
Site-A and Site-B should use the same integrity algorithm[md5].

Site-B End Router performs Hashing function on the Payload.
After Hashing function,Hash value gets generated.
Site-B End Router compares the New Hash Value with the Previous Hash value,which is
saved in the FCS.
If there is any mismatch in the Hash value.
Then,Site-B End Router drops the Payload.
Hacking:
Malicious scripts to be installed on the Target device.
----------------------------------------------------------
3).Availability:
Always latest technologies should be used in the network.
NGFW provides L7 to L7 security.
Before NGFW,Device to Device Exists.
New devices in the security field:

1).NGFW.
2).ISE.
3).Stealthwatch.
4).Umbrella[Umbrella is a paid Cisco Private DNS server].
5).WSA.
6).ESA.
7).Palo Alto is providing the security to Machine Learning,Artificial
Intelligence,IoT.
8).DLP[Data Loss Prevention].
DLP[Data Loss Prevention]:

Palo Alto Firewall and WSA has In-built DLP feature.
Manually enable the DLP feature on the Palo Alto Firewall and WSA.
DLP feature blocks the Confidential Data.
----------------------------------------------------------
VPN:
Normally,Data exchange between the two sites over the ISP is not secure.
ISP->Public Network.
VPN->Private Network.
VPN is not a physical Network.
Two categories of VPN:

1).Policy Based VPN.
2).Route Based VPN.
Two types of VPN:

1).Site-to-Site VPN.
2).Remote VPN.
1).Site-to-Site VPN:
ISP[ISP acts as a road between the two sites] is required to provide the
connectivity.
Configure the VPN between the two Fixed sites [or] Static Public ip addresses.
IP security Protocols are used to protect the Site-to-Site VPN.
Tunnel is a Normal VPN,But still the Tunnel is not secured.
IPSec protocols are used to secure the Tunnel.
Site-to-Site VPN is also known as IPSec VPN.
IP sec protocol is the collection of different types of Algorithms[or Sub-
Protocols].
IP sec algorithms are:
a).MD5[Message Digest Algorithm 5].
b).DES[Data Encryption Standard].
c).DH[Diffie Helmen].
d).PKI/PSK[Public Key Infrastructure/Pre-Shared Key] for Authentication.
IP security algorithms are used to secure the VPN Tunnel.
----------------------------------------------------------
Firewall is a Security Guard.
Firewall checks for the authorisation.
NGIPS is used for the Scanning.
----------------------------------------------------------
2).Remote VPN:[Browser based VPN]
1).IP address is Fixed[Static Public ip addresses] on the server side.

2).IP address Changes[Dynamic Public ip addresses] on the client side on the daily
basis.
Remote VPN is a Normal VPN,But still the Remote VPN is not secured.
SSL protocol is used to secure the Remote VPN.
SSL protocol is the collection of different types of Algorithms[or Sub-Protocols].
SSL algorithms are:
a).SHA[Secure Hash Algorithms].
b).AES[Advanced Encryption Standard].
c).DH[Diffie Helmen].
HTTPS[S->SSL].
https://cisco.com->This is Remote VPN[Browser based VPN].
For HTTP->No VPN concept.
HTTP is just a Tunnel without any security.
Two types of Remote VPNs:

a).Client based VPN.
b).Clientless VPN.
CIA in VPN:
C-Confidentiality[about Encryption Algorithms].
I-Integrity.
A-Authentication
Two types of Authentication:

1).PKI[Public Key Infrastructure].
2).PSK[Pre-Shared Key].
Now,SSL is an old version.

TLS is an advanced version of the SSL.
TLS[Transport Layer Security] is the New version.

TLS has New versions like TLS 1.0,TLS 1.1.
Firewalls protects the Internal Networks:

1).ASA.
2).FTD.
3).FMC.
4).NGIPS.
5).WSA.
6).ESA.
7).ISE.
8).Stealthwatch.
VPN protects the confidential data during the communication.
So,
Firewalls for the Inside network.
VPN for the Outside network.
----------------Basics of Security Completed------------------------
DHCP Attacks:
1).Spoofing attack.
2).Snooping attack.
DHCP server can assign 3 things:

1).IP address.
2).Gateway.
3).DNS.
1).DHCP Spoofing Attack:[Internal Attacks]

Spoofing means Attack is done internally within the organisation by the duplicated
DHCP server[Attacker].
Duplicated DHCP Server[Attacker] can intercept the confidential data from the Main
server to the client.
Internally,the confidential data is in the clear text.
Spoofing Attack is also called as Man-in-the-Middle Attack.
2).DHCP Snooping Attack:

Snooping means Mitigation for the Spoofing
Snooping is used to protect the network.
Snooping has two interfaces:
1).Configure as a Trusted Interface[Offer message would be allowed].
2).Remaining configure as Un-Trusted Interfaces[Offer message would not be
allowed].
Un-Trusted Interfaces gets into Error disable state.
Disable has two states:

1).Disable state[Manually using the shutdown]->Eg:STP.
2).Error disable state[Eg:Bpdu Guard].
Select an interface as a Trusted Interface.

Automatically,remaining interfaces woyuld become Un-Trusted interfaces.
Then,the traffic[Offer message] would only be from the Trusted interface.
If there is any traffic from any Un-Trusted interfaces.
Interface would gets into an Error disable state.
----------------------------------------------------------
CCNA_DAY_25:
Port Security:
Attack-1:DHCP Spoofing:
Spoofing->Attack.
Snooping->Mitigation for Spoofing.
By default,DHCP Snooping is disabled.
Commands to enable DHCP Snooping for the specific Vlan and the specific Interface:
sw#ip dhcp snooping
#ip dhcp snooping vlan 1
#exit
sw#int f0/1
#ip dhcp snooping trust
#exit
----------------------------------------------------------
Attack-2:MAC address flooding:[Man-in-the-Middle Attack]
sw(config)#int f0/1
#span port
#switchprt mode access
#switchport portsecurity[Command to enable portsecurity]
#switchport portsecurity violation shutdown
#switchport portsecurity maximum 2
#switchport portsecurity mac-address sticky(Dynamic)
#exit
MAC address table is a type of Storage.

MAC address table storage capacity is limited.
Everytime Un-known Unicasting happens.
Attacker diverts the traffic by using the software to generate the different dummy
mac addresses on the same switch interface.
Switch will remove the previous entries.
Un-known unicasting happens.
DOS Attack:Single Attacker.

DDOS Attack:A group of Attackers.
----------------------------------------------------------
Mitigation Procedure:[Implement Portsecurity]
By default,Port Security is disabled on the switch.
Enable the Port security on all the interfaces.
Configure the MAC addresses limit on the switch interfaces.
MAC address table timer is 300 seconds[5 minutes].
sw(config)#int f0/1
#span port
#switchprt mode access
#switchport portsecurity[Command to enable portsecurity]
#switchport portsecurity violation shutdown
#switchport portsecurity maximum 2
#switchport portsecurity mac-address sticky(Dynamic)
#exit
Port security can be configured only on the Access Port.

Port security cannot be configured on the Trunk Port.
----------------------------------------------------------
Hacker[Attacker] uses Kali Linux[Software].
----------------------------------------------------------
Remove the PC.
Go to PC:[Static Method:Recovery from Error Disable State]
Shutdown.
No shutdown.
Static method is always better.

----------------------------------------------------------
SNRS:
1).Common Layer2[Switch] attacks:
a).Describe STP attacks.
b).Describe ARP spoofing.
c).Describe CAM table(MAC address table) overflows.
d).Describe VLAN hopping.
e).Describe DHCP spoofing.
2).Mitigation procedures:
a).Implement DHCP snooping.
b).Implement Dynamic ARP inspection.
c).Implement Portsecurity.
d).Describe BPDU guard,root guard.
e).Verify mitigation procedures.
3).VLAN security:
a).Describe the security implications of a PVLAN.
b).Describe the security implications of a native VLAN.
----------------------------------------------------------
Zero Trust Area:
Protect the devices inside the premises.
----------------------------------------------------------
Wireless:
Signal Flow:
ISP->Edge Router[and Backup Edge Router]->Switch->Access Points.
Cisco Access Points are used in the Corporates not normal ACT Fibre Modems.
Cisco Access Points generates the wireless signals for the Employees.
Cisco Access Points are more secure and very Expensive.
WLC[Wireless LAN Controller] is used to configure all the Cisco Access points.
WLC[Wireless LAN Controller] controls all the Access Points.
Access Points configurations are always via the WLC by using the Laptop.
Reacheability must exists between the WLC and Cisco Access Points.
After ip address configurations on each Cisco Access Points.
Automatically,Cisco Access Points gets registered with the WLC.
In networking,90% Web browser with https[GUI] is used for the device access.
WLC Login page opens.
Enter Username and Password.
By default,Username and password on the WLC:
Username:admin.
Password:admin.
Now,Different SSIDs can be generated from the WLC.
SSID-Service Set Identifier.
Three security protocols in the WLC:

1).WPA.
2).WPA 2.
3).WPA 3.
WPA means Wi-Fi Protected Access.
Data interface can be used as a Management interface.

But,Management interface cannot be used as a Data interface.
WLAN feature is used to configure the SSIDs.

----------------------------------------------------------
CCNA_DAY_26:
Legacy network:[Configure the routers individually by using the Laptop via console
cable/Remote access[telnet/ssh]].
Same configurations should be there on all the routers.
Routers are internally divided into three planes:

1).Control plane.
2).Data plane.
3).Management plane.
Control plane is about CPU,Memory OS,Network discovery and Mapping.

Data plane deals with the Routing Table.
Management plane deals with the Router configurations.
----------------------------------------------------------
Now a days,Centralised controller concept in tne networking:
Laptop is connected with the centralised controller.
Centralised controller is connected with all the routers.
Centralised controller exists in between the switch and the End devices.
Centralised controller has Dashboard[GUI].
Access the controller public ip address to find the list of routers.
FTD is a Cisco Firewall.

FMC is a Management center.
FMC is used to configure the FTD.
FTD cannot be directly configured.
----------------------------------------------------------
DNA Center is a hardware[Centralised device].
SD-WAN.
SD-Access[Access means LAN].
Centralised concept came because of the SDN[Software Defined Network].
DNA Center is one of the terms in the SDN.
Under sea cables[Physical].

FTD,FMC is all about physical cables.
Wireless is just for the End devices not between the network devices.
Controller Based Networking:

[3 Data planes + 3 Management planes] are connected with the single Control Plane.
----------------------------------------------------------
SDN-Architecture:
SDN Architecture is divided into 3 Layers:

1).Application layer.
2).Control layer.
3).Infrastructure layer.
Northbound interface exists between the Application layer and the Controller layer.
Controller layer[SDN Controller] deals with the Automatic background process

happens between the Application layer and the Background process.
Southbound interface exists between the Controller layer and the Infrastructure
layer.
Infrastructure layer.
Communication happens via the APIs .

----------------------------------------------------------
RESTful API[Application Programming Interface]:
REST[Representational State Transfer] is designed to take advantage of existing
protocols.
While REST can be used over nearly any protocol.
It usuallu takes advantage of HTTP when used for Web APIs.
Two softwares always uses APIs to communicate with each other.

Best example for API:[Swiggy and Zomato].
Northbound interface:
is meant for communication with upper,Application layer and would be in general
realized through REST APIs of SDN controllers.
Southbound interface:
is meant for communication with lower,Infrastructure layer of network elements and
would be in general realized through Southbound
protocols:Openflow,Netconf,Ovsdb,etc..
JSON is a type of the representational language.

----------------------------------------------------------
SD WAN:
SD WAN is used to manage the more no.of.Edge devices at the same time.
Automation on the WAN side is known as SD WAN.
Cisco SD WAN is known as VIPTELA.
V-Manage is a centralized management device.
V-Manage is one of the product in the VIPTELA.
VIPTELA Devices:
1).V-Manage.
2).V-Smart.
3).V-Bond.
4).V-Edge.
SD WAN is used to configure the thousands of Edge devices at the same time.
Convert all the Edge routers into V-Edge.
Deploy the V-edge on the Edge routers to V-edge Routers.
Latest Cisco routers has in-built V-edge features.
[or]
Purchase V-edge Routers directly from the Cisco.
Network Admin needs 3 VIPTELA devices in the Main Branch:
1).V-Manage.
2).V-Smart.
3).V-Bond[V-Bond is a type of the Authenticator].
All the 3 VIPTELA devices are Intra-connected within the Main Branch.
Now,the Main branch is connected with the ISP via the switch.
Network Admin uses V-Manage to configure all the Edge routers.
Configurations cannot be directly deployed on the Edge routers directly.
First,V-Manage pushes the configurations towards the V-Smart.
Now,V-Smart deploys the configurations on all the Edge routers.
---------------------------------------------------------
SD Access:34:40
SD Access is used to manage the entire LAN in the centralized position
SD Access is about LAN.
SD WAN is about WAN.
----------------------------------------------------------
Palo Alto is a Firewall.
Palo Alto has In-built SD WAN feature.
----------------------------------------------------------
Edge routers are replaced with the Network Automation Tools.
According to the CCNA Syllabus:
1).Ansible[Red Hat Product].
2).Puppet.
3).Chef.
Network Automation Tools is also used to configure/manage the network.

Python language is running in the back end of the Ansible tool.
Python is also one of the Network Automation Tools.
Program:
A set of instructions to perform the Task.
Software:
Software is a set of Inbuilt Libraries.
Packages[Inbuilt Libraries] are present in the Ansible tool.
Manually write program[Play Book].
Configure the task[Play] within the playbook program.
GitHub:
GitHub is an open source platform.
GitHub is providing all the Scripts.
Anyone can share their scripts in the GitHub.
Anyone can Copy,Modify and Paste the scripts from the GitHub.
Ansible Tool.
Inbuilt Modulus.
Ansible is an open source[Open source supports all the vendors].
----------------------------------------------------------
Ansible Documentation link has Cisco related Modules:
https://docs.ansible.com/ansible/2.8/modules/list_of_all_modules.html
Call these modules within the Playbook.

Push the Playbook on the Target device.
Ansible Tool always works on the Push model.

Install Ansible Tool only in the Admin PC not on the Edge devices.
Start the configurations.
Most of the corporates uses the Ansible Tool.
Puppet and Chef are always works on the Pull model.

Install Puppet and Chef on the Admin PC + Edge devices.
So,Ansible Tool is better than Puppet and Chef.

Because,No need to Install Puppet and Chef on the Edge devices.
Overall differences between the Ansible,Puppet and Chef:

Link:https://gspann.com/resources/blogs/puppet-vs-chef-vs-ansible/
Comparing Configuration Management Tools:Chef vs.Puppet vs. Ansible:
Ansible Infrastructure:
1).Hot Inventory.
2).Play Book.
3).Ansible Configuration.
4).Core Modulus.
5).Custom Modulus.
Ansible Infrastructure Flow:

Ansible Infrastructure->Command Center->Ansible Python API->Internet->Router-
>Remote servers.
All the Ansible scripts are written in the .yml language.

But,All the Inbuilt modules are in the Python Language.
All the Ansible scripts are present in the GitHub.
----------------------------------------------------------
Chef:
Chef is a configuration management technology developed on the basis of Ruby and
DSL.
Chef Workstation->Chef Server->Chef Nodes.

----------------------------------------------------------
Puppet:
Config Repository->Puppet Master[-> Catalog,<- Facts via SSL]->Puppet Agent[Node].
----------------------------------------------------------
Net{Json}:
Data Interchange Format for Networks.
Net{Json} is based on the Java language.
Net{Json} is used in between the application and the controller with the help of
the REST API.
----------------------------------------------------------
Amit Sir:Revise the below topics before attending thje CCNP Class:
TCP/IP.
OSI.
Subnetting.
----------------------------------------------------------
Important Links:
1).Controller Based Networks for Data Centres:
https://etherealmind.com/controller-based-networks-for-data-centres/
2).Understanding the SDN Architecture-SDN Control Plane & SDN Data Plane
https://www.sdxcentral.com/networking/sdn/definitions/inside-sdn-architecture/
3).Software Defined Networking (SDN) - Architecture and role of OpenFlow
https://www.howtoforge.com/tutorial/software-defined-networking-sdn-architecture-
and-role-of-openflow
4).Rest API for network Engineers.
https://networkop.co.uk/blog/2016/01/01/rest-for-neteng/
5).Comparing Configuration Management Tools: Chef vs. Puppet vs. Ansible
https://www.gspann.com/resources/blogs/puppet-vs-chef-vs-ansible/
6).Netjson
http://netjson.org/#first
7).IPV6
https://www.tutorialspoint.com/ipv6/ipv6_mobility.htm
----------------------------------------------------------
Amit Sir told Basics of Networking done.

----------------------------------------------------------
Amit sir is taking L2 Switching class as well.
8th February 2021 to 5th March 2021.
Total scheduled days:26 days.
Total classes would be taken:15 to 16 days.
----------------------------------------------------------

Ccna R&S

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ccna R&S

Uploaded by

Copyright:

Available Formats

CCNA_DAY_1:

Router is about WAN.

Inside end points(pc's,laptop's)

1.IP address[Employee Id]:

IP address is divided into two parts.

Switch has 24 ports.

Layer7->Application Layer[Top Layer].

PC-1 sends a packet to the switch.

Un-intentional Broadcasting in the switch-Unknown Unicasting.

Switch product family:

RJ-45 connector is used for the Fast-ethernet cable,Ethernet cable.

Now,CAM Table[or MAC Table] gets updated.

Two options in Logical ip address:

[2^32=4,29,49,67,296 Crores][4.29 billion IPaddresses] is the total no.of.IPv4 ip

IPv4 address has 4 octates:

Formula for conversion:[128+64+32+16+8+4+2+1=255]

b).Conversion of Decimal to Binary.

Octate1[Container] is divided into 5 classes:

Devices cannot read the IP address directly.

class A,class B,class C are reserved for the humans.

class A Subnet mask:255.0.0.0

IP address cannot be assigned without defining the subnet mask.

Class A Class B Class C

Class A subnet mask:

'/8'means 8 network bits[11111111].

Total bits-32 bits.

Class B subnet mask:

'/16'means 16 network bits[11111111 . 11111111].

Total bits-32 bits.

Class C subnet mask:

'/24'means 24 network bits[11111111 . 11111111 . 11111111].

Total bits-32 bits.

Find out the class to which the IP address belongs?

Total no.of.rooms on 1st floor.

Total no.of networks in class A.

class A subnet mask-255.0.0.0/8

Total no.of networks in class A=2^(N-1).

Total no.of hosts[IP addresses] in a network=2^H

Total no.of valid hosts[IP addresses] in a network=2^H-2

Total no.of hosts[IP addresses] in class A=[Total no.of networks in class A] *

Total no.of networks in class B=2^(N-2).

Total no.of hosts[IP addresses] in a network=2^H

Total no.of valid hosts[IP addresses] in a network=2^H-2

Total no.of hosts[IP addresses] in class B=[Total no.of networks in class A] *

Total no.of networks in class C=2^(N-3).

Total no.of hosts[IP addresses] in a network=2^H

Total no.of valid hosts[IP addresses] in a network=2^H-2

Total no.of hosts[IP addresses] in class C=[Total no.of networks in class A] *

According to class,No.of Networks are increasing.

we can assign 1,67,77,216 IP addresses in a single network.

We can change the host bit from 0 to 1.

We cannot change the Network bit from 1 to 0.

0.0.0.0/8[Invalid network] is used in Network-id concepts.

Always starts an IP address assignment from right to left.

Obviously after sometime octate3 would become 1.0.255.255

Obviously after sometime octate2 would become 1.255.255.255

Octate1 cannot be changed,because octate1 contains network bits.

1,67,77,216 IP addresses exists in between 1.0.0.0 - 1.255.255.255.

First IP address is reserved for the Network-id.

we have 16,384 networks in class B.

150.0.0.0/16[150.0.0.0/16 network has 65,536 IP addresses]

65,534 valid IP addresses can be assigned in the single network.

Obviously after sometime octate 4 would become 150.0.0.255