Professional Documents
Culture Documents
tracert
·
N Network unreachable
packet
InternetworkTraining.com
transmission of data, handles error IP Classes
ARP - finds MAC addresses from known IPs 13 CCNA
frame
notification, flow control and network RARP - finds IPs from known MAC
topology. Split into two sub layers (LLC addresses Games & Class Ranges
and MAC) ICMP - provides diagnostics, used by ping Puzzles Class A - 1-126 - network.node.node.node
and traceroute
Online Class B - 128-191 - network.network.node.node
Physical - Specifies electrical, Class C - 192-223 - network.network.network.node
mechanical, procedural and functional
bits
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Network Devices Physical Network Topologies
Physical Layer (Layer 1) Devices
Bus Topology
These devices extend collision domains, increase traffic problems and reduce network bandwidth.
· All devices on a single wire (coaxial)
· Transceivers – Connect one media type to another e.g. Fiber to copper · A cable fault can bring network down
· Repeaters – Used to extend the reach of a network segment
· Hubs – These are multiport repeaters. Used to share a single network segment with many devices. Only one device Ring Topology
can transmit at any one time · All devices connect to each other in a circle
· A cable fault can bring network down
Data Link Layer (Layer 2) Devices · Can be configured with a second ring for
Filter traffic on the LAN by MAC (hardware) address. They break up collision domains, increase available bandwidth to redundancy
devices and reduce LAN traffic problems. · Difficult to expand network
· Bridges – Connect two network segments together and filter data between them
· Switches – These work like multiport bridges. Each connected device can transmit simultaneously unlike hubs Star Topology
· Network Interface Cards (NICs) – Allow a device to connect to the network. Contains a unique 48-bit MAC address. · Most common physical topology
· All devices connect to a central hub/switch
· Access Points – These allow devices to connect to the network wirelessly · Cable faults don’t bring the whole network down
· Easily expandable
Network Layer (Layer 3) Devices
· Requires more cabling than bus or ring
Route traffic between networks by logical network addresses. They use path determination to select the best route to a
· Hub/switch is a central point of failure
destination. They break up collision domains and broadcast domains.
· Routers – Connect different networks to one another and make routing decisions based on one or more metrics to
decide the best path Mesh Topology
· Every device is directly connected to every other
device
Network Media (Cabling) · Complete redundancy
· Uses the most cable compared to other topologies
Coaxial Cable · Expanding the network can be problematic
10Base5 (Thicknet) – Original Ethernet cabling media. Up to 500m per segment. Highly resistant to EMI. Uses physical
and logical bus topology with clients connecting using vampire clasps. Data transmission up to 10Mbps. Now obsolete. InternetworkTraining.com
10Base2 (Thinnet) – Replaced Thicknet because it was lighter and thinner and easier to work with. Up to 185m per Free Daily CCNA Practice Questions By Email
segment. Uses physical and logical bus topology with clients attaching using BNC and T connectors. Data transmission up
to 10Mbps. Now obsolete.
Logical Network Topologies
Bus (broadcast) logical topology
Twisted Pair Cable
· Most commonly used logical topology
10BaseT – Uses two-pair unshielded twisted-pair (UTP) wiring. Up to 100m per segment. Uses RJ45 connectors. Physical · Broadcasts data to all nodes on the network
star with logical bus topology. Use EIA/TIA category 3 cable. Data transmission up to 10Mbps.
100BaseTX – Uses two-pair UTP wiring. Up to 100m per segment. Uses RJ45 MII connectors. Physical star with logical
· Contention-based
bus topology. Use EIA/TIA category 5, 6 or 7 cable. Data transmission up to 100Mbps
1000BaseT – Uses four-pair UTP wiring. Up to 100m per segment. Use EIA/TIA category 5 or 5e cable. Data transmission Token (ring) logical topology
up to 1000Mbps · A token is passed from one device to the next
1000BaseCX – Uses copper twisted-pair (twinax). Maximum length 25m.
· Devices can only transmit when they have the
token
Optical Fiber · Each device checks the token to see if the data
inside is for them
100BaseFX – Uses 62.5/125-micron multimode fiber. Maximum length 412m. Uses ST or SC connectors.
1000BaseSX – Uses 62.5/50-micron multimode fiber. Maximum length 220m – 550m.
· Slower than logical bus topology
1000BaseLX – Uses 9-micron single-mode fiber. Maximum length between 3 - 10km. · No longer used
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
LAN Standards Carrier Sense Multiple Access Collision Avoidance Carrier Sense Multiple Access Collision Detection
(CSMA/CA) (CSMA/CD)
802.3 (Ethernet)
802.3u (Fast Ethernet) · Used in wireless networking ·
· Physical bus/star, Used in wired Ethernet networks
· Physical star, logical · Proactive algorithm · Reactive algorithm
logical bus Start
bus · High overhead Start
· Coaxial or twisted
· Twisted pair
pair
· 100 Mbps Assemble a frame
Assemble a frame
· 10 Mbps
Yes Recovered
802.3ab (Gigabit 802.3z (Gigabit
Ethernet) Ethernet) Is the
No
Wait for random
Is another device
channel idle?
· ·
back-off time
Physical star, Physical star, logical transmitting?
logical bus bus
· Twisted pair · Twisted pair, optical Yes
No
· 1000 Mbps (250 fiber, or twinax
Mbps per pair) · 1000 Mbps Transmit RTS Transmit 1st bit of
frame
Transmit Data
No Transmission
EIA/TIA 568A and 568B Standards Finished?
End
Straight-through cable - Use 568B pinouts on Yes
both ends of a cable End
Crossover cable – Use 568A on one end and InternetworkTraining.com
568B on the other end of a cable
Switch Functions Collisions with CSMA/CD
Remembering colours for 568B: 1.) Switches learn MAC addresses When a collision is detected:
“Only Good Boys Get Brownies” 2.) Switches make forwarding/filtering decisions 1.) A jam signal is sent by the hosts trying to send.
Orange, Green, Blue, Green, Brown 3.) Switches perform loop avoidance 2.) All hosts stop transmitting.
3.) All hosts run backoff algorithm to decide a random time to
568A pinouts reverse the orange and green pair. Catalyst Switch Boot Sequence + Operation attempt to retransmit.
1.) POST (error indicated with amber SYST LED). Switch Modes
2.) Load IOS from Flash.
3.) Configuration file copied from NVRAM to RAM. Cut through – Forwards the frame straight after the
4.) Floods all frames it receives out all ports (CAM table destination address has been read. Very fast, but can forward
empty). frames with errors.
5.) Begins to populate CAM table (port address table) as it
learns which devices are attached to its ports. Store and forward – Reads the entire frame prior to
6.) Before forwarding a frame it will check the CAM table, if an forwarding. Performs error an check, but adds latency to
entry exists for the destination address it will forward the transmission. Most new switches use this mode because it
frame out of the port that the destination is connected. If no can cater for hosts running at different speeds.
entry exists it will flood the frame out of all ports.
7.) Will always flood multicast and broadcast messages, Fragment Free – Forwards the frame after reading the first
unicast message are filtered. 64 bytes to avoid forwarding frames with errors.
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Switch IOS Commands VLANS
· Offers increased security, ease administration and relocation
Switch(config)#interface fastEthernet 0/3 - Enters interface configuration mode · Breaks up broadcast domains
for fa0/3 · VLANS work at layer 2 and 3 of OSI model
Switch(config)#switchport mode access - Assigns the port to access mode · Communication between VLANs uses layer 3 routing
Switch(config)#switchport port-security - Enables port security on the port · VLAN1 is the management VLAN. All switch ports belong to VLAN1 by default.
Switch(config)#switchport port-security maximum 1 - Specifies the maximum VLAN1 cannot be renamed and should only be used for admin.
hosts that can connect to the port
Switch(config)#switchport port-security mac-address sticky - Specifies that
the first host to connect will 'stick' to the port
Switch(config)#switchport port-security violation shutdown - Specifies what
will happen if a port violation occurs
Static VLANs - Statically assign ports to a VLAN.
Switch#show port-security - Shows a summary of the ports and security on Dynamic VLANs - Ports that can automatically determine their VLAN assignments
those ports based on MAC addresses.
Frame Tagging – Used so switches can identify which VLAN frames belong to.
Switch#show port-security address - Shows the secure MAC address table ISL (Inter-Switch Link) - Cisco's Proprietary frame tagging format. Only compatible
with Cisco switches and routers.
Switch#show mac-address-table - Displays the MAC address table IEEE 802.1Q – Non-proprietary frame tagging standard.
Access Link - Only part of one VLAN (native VLAN of the port), any devices
Switch#show port-security interface fastEthernet 0/3 - Shows the port security attached to an access link are unaware of VLAN membership.
settings for interface fa0/3 Trunk Links - Trunks can carry multiple VLANS. Used to transport VLANS between
routers.
Server – Default mode for Catalyst switches. Advertises changes to VTP domain. Switch(config)#vtp domain CCNA - Set the VTP domain to “CCNA”
Creates, deletes VLANs. VLAN configs stored in NVRAM Switch(config)#vtp mode server - Set the switch VTP mode to server
Client – learns about and pass along VTP information received from VTP server. Switch(config)#vtp mode client - Set the switch VTP mode to client
Transparent – Not Participating in VTP domain. Forwards VTP adverts, but Switch(config-if)#switchport mode trunk - Set a switch interface to trunk mode
doesn’t share its VLAN database. Used to allow remote switches to receive VTP
Switch#show vtp status - View the VTP status on a switch
information via a switch (transparent) that isn’t participating.
Switch#show vlan brief - Display basic VLAN information
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
The Routing Process Routing Protocols
1. The Router verifies the frame was intended for the
port on which it was received and checks the frame for Routing Protocol RIP RIPv2 IGRP EIGRP OSPF BGP
errors.
2. The Router removes the frame header and trailer and Type Distance Vector Distance Vector Distance Vector Hybrid Link State Path Vector
compares the destination IP address in the packet to the
routing table. Bellman-Ford Bellman-Ford Bellman-Ford DUAL Dijkstra Best Path
Algorithm
3. If the address does not match an entry, the router
discards the packet. If it matches an entry it forwards the 200 int
Admin Distance 120 120 100 90/170(external) 110
packet to the appropriate interface for delivery. 20 ext
4. The router encapsulates the packet inside a frame on
the interface and applies the next hop hardware Metric Hop Count Hop Count Bandwidth, delay Bandwidth, delay Bandwidth
Path
address. (load, reliability) (load, reliability) attributes
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
First Hop Redundancy Protocol (FHRP)
A First Hop Redundancy Protocol (FHRP) is a protocol designed to protect the default gateway by
allowing two or more routers to provide backup for the default gateway address. In the event of failure Configuring Router Interfaces
of the active router, the backup router will take over the address.
Router#config terminal - Enter global configuration mode
The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that increases the Router(config)#interface s0/0 - Configure the serial 0/0 interface
availability and reliability of routing paths via automatic default gateway selections on an IP Router(config-if)#ip address 13.0.0.1 255.0.0.0 - Assign an IP address
subnetwork. It is described in IETF publication RFC 5798, which is an open standard. and subnet mask to an interface
Router(config-if)#clock rate 64000 - Configure a clock rate on a DCE
Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol used to establish a
fault-tolerant default gateway.
interface
Router(config-if)#no shutdown - Bring up the interface
Configuring/Verifying OSPFv2
Configure OSPF with a process ID, other routers do not need to be configured with the same
process ID. It is used to name the instance of the OSPF database on the router.
An OSPF area is a group of contiguous routers and networks. OSPF Facts
Router#config t · Classless routing protocol
Router(config)#router ospf 20 · Uses IP protocol 89
Router(config-if)#ip ospf priority 10 - Set the priority which will determine the designated · OSPF uses cost as a metric
OSPF router · Uses Dijkstras Shortest Path First algorithm (SPF)
Router(config-if)#ip ospf cost 25 - Manually set the OSPF link cost · Router ID is the highest IP address
Router(config)#router ospf 10 - Enable OSPF routing protocol using a process ID of 10 · Backbone area is area 0
Router(config-router)#network 172.16.1.0 0.0.0.255 area 0 - Advertise a network using · All non backbone areas must connect directly to area 0
OSPF and assign it to area 0
· Areas can be numbered from 0 to 65535
Router(config-router)#default-information originate - Allow default routes to be
· Multicasts on 224.0.0.5
propagated
show ip ospf neighbor - Displays OSPF neighbours including info regarding their state
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
WAN Facts
Internal Router Components
· Router interfaces are defaulted to Date Terminal Equipment devices (DTE)
Bootstrap - stored in ROM - Brings up router on boot, loads IOS
· Cisco routers have HDLC set as their default serial encapsulation (note: Cisco’s HDLC is
POST - checks router hardware and interfaces on start-up
proprietary)
ROM monitor - Used for testing, troubleshooting
· Default frame relay encapsulation on Cisco routers is Cisco’s Frame Relay encapsulation
Mini-IOS - Small IOS in ROM, used for maintenance
(Only use when connecting to Cisco frame relay switches)
RAM - Holds routing tables, running config, ARP cache
· Data Communication Equipment (DCE) provides the clocking to the router
ROM - Holds POST, bootstrap and Mini-IOS
Flash - Stores IOS
NVRAM - Stores configuration and config register
Config register - Controls how router boots up Configuring NAT (Network Address Translation)
Router(config-if)#ip nat inside - Associate an interface as being inside a network
Router(config-if)#ip nat outside - Associate an interface as being outside a network
Router(config)#ip nat inside source static 192.168.0.1 68.10.150.1 - Configure a static NAT mapping from
the inside local IP address 192.168.0.1 to the inside global IP 68.10.150.1
Router Boot Sequence
Router(config)#no ip nat inside source static 192.168.0.1 68.10.150.1 - Remove the static NAT mapping
1.) POST created earlier
2.) Load IOS from Flash
3.) startup-config copied from NVRAM to RAM Router(config)#ip access-list standard NAT_ADDRESSES - Create a standard named ACL
(If no valid startup-config found it goes to setup mode) Router(config-std-nacl)#permit 192.168.0.1 0.0.0.0 - Permit the IP address 192.168.0.1
Router(config)#ip nat inside source list NAT_ADDRESSES interface serial0 overload - Create an
overloaded NAT mapping using the access control list called NAT_ADDRESSES and assign it to the inside
global interface.
InternetworkTraining.com Router#show ip nat translations - View the NAT translations table to view static and dynamic mappings
Free Cisco CCNA Practice Tests Router#show ip nat statistics - View the NAT statistics
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Connecting to a Router via HyperTerminal
IOS Keyboard Shortcuts
1.) Use a rollover cable from PC COM port to console port of Router EXEC Modes
router
2.) Start HyperTerminal Up Arrow Displays your previous commands. (history) Setup mode – Step-by-step configuration dialog
3.) Set bitrate to 9600 and flow control to None TAB Key Completes a partially typed CLI commands. Router> - User EXEC mode for basic monitoring commands
CTRL+Z Takes you back to Privileged EXEC Mode. Router# - Privileged EXEC mode, access to all other router
CTRL+A Places the cursor at the beginning of a line. commands
CTRL+E Places the cursor at the end of a line. Router(config)# - Global configuration mode
Telnet or SSH Command Line Interface CTRL+R Redisplays the current command line. Router(config-if)# - Interface configuration mode
CTRL+W Erases a word (behind the cursor). Router(config-router)# - Routing engine configuration mode
· Telnet is unencrypted, not recommended for remote
CTRL+U Erases an entire line. Router(config-line)# - Line level (vty, tty, async)
connections.
· SSH (Secure Shell) provides a secure remote command configuration mode
line interface (CLI)
· The router IOS needs to support DES or 3DES encryption
for SSH to work.
Setting Passwords
InternetworkTraining.com
Privileged Passwords
Router#config terminal Router(config)#enable secret nik – set encrypted password (overrides enable password)
Router(config)#hostname London
London(config)#banner motd # Telnet Passwords
Welcome to Router London
# Router(config)#line vty 0 4
London(config)#int Ethernet 0 Router(config-line)#password nik
London(config-if)#ip address 1.1.1.1 255.255.0.0 Router(config-line)#login
London(config-if)#no shutdown
London(config-if)#description Accounts LAN Console Password
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Network Address Translation (NAT) Configure Standard IP ACLs
Router(config)#access-list 50 deny host 172.17.30.10 - deny
NAT is most often used to hide an entire address Access Control Lists (ACL) any packets from host 172.17.30.10
space, usually a private network, behind a single public
IP address space, thereby conserving valuable IPv4 Router(config)#access-list 50 deny 172.18.30.0 0.0.0.255 –
Access Control Lists are sets of filter statements
addresses which are in short supply. NAT is sometimes deny any host that matches the first three octets
used to:
called IP Masquerading or Network Masquerading.
Router(config)#access-list 50 permit any – Without this last
Types of NAT · Prioritise traffic statement any traffic not denied in the previous statements will
· Restrict or reduce routing updates be implicitly denied!
Static NAT – one-to-one mapping between local and · Provide basic security
global addresses · Block types of traffic Apply standard ACL 50 to Ethernet 0 interface outbound.
Dynamic NAT – map unregistered IP addresses to a
global address from a pool of registered IP addresses Standard ACLs - Don’t distinguish between type Router(config)#int e0
of traffic, just filter based on source IP address. Router(config-if)#ip access-group 50 out
Overloading – maps multiple unregistered IP
addresses to a single globally registered IP address. Place them as close to destination as possible.
Most popular form of NAT (known as Port Address Extended ACLs – Used to filter traffic based on
source IP, destination IP, protocol and port Configure Extended IP ACLs
Translation)
number. Place as close to source of traffic as Router(config)#access-list 100 deny tcp any host
possible. 172.16.30.5 eq 21 – Deny access from any host trying to FTP to
172.16.30.5
NAT Terms · Only one ACL can be assigned per interface
per protocol per direction Router(config)#access-list 100 permit ip any any – Permit all
Inside local - inside source address before translation · ACLs are more efficient on outbound port other traffic
· If a packet does not match any ACL tests then
Outside local - destination host before translation Apply extended ACL 100 to Ethernet 0 interface outbound.
it will be implicitly denied unless your list ends
with permit any Router(config)#int e0
Inside global - inside host after translation · Once a packet matches an ACL statement no Router(config-if)#ip access-group 100 out
other checks are made, it is permitted
Outside global - outside destination host after · If an ACL is created but not applied it won’t
translation Verify ACLs
filter anything
To view access list statements
CEF (Cisco Express Forwarding) show access-list – Displays the ACLs and their contents
on a router
Cisco proprietary protocol layer 3 switching technology To determine what interfaces have ACL applied use
used to enhance the overall network performance. It the following commands:
reduces the overhead and delays introduced by other
routing techniques. show ip interface – Displays which interfaces have ACL
CEF uses an adjacency table to maintain switching ACL Number Ranges applied
information avoiding the need for ARP requests. IP standard access list - 1-99 and 1300-1999
CEF currently supports Ethernet, Frame Relay, ATM, show running-config – Access list statements and the
PPP, FDDI, tunnels, and Cisco HDLC. IP extended access list - 100-199 and 2000-2699 interface they are applied is displayed when you view the
configuration file
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Dynamic Host Configuration Protocol (DHCP)
DNS (Domain Name System)
· An Application layer protocol used to automatically assign IP addresses from a
given pool of addresses to devices within the network DNS is an Application layer protocol used resolve (convert) a domain name to an IP
· Routers and servers can be DHCP servers address. An IP address can be associated with one or more fully qualified domain names
· The scope is the pool of IP addresses a DHCP server can assign (FQDN).
· The lease is the amount of time a client is allowed to use the IP address
· Printers, switches, servers and certain other devices need static IP addresses A DNS Request
and those addresses should be excluded from the DHCP scope A client sends a domain name to a local resolver. The resolver queries name servers up to the root
· Clients use a broadcast message to locate a DHCP server therefore a DHCP server until if finds one that holds the record for the requested domain name. The name server then
server is required on each broadcast domain responds to the resolver with the IP address. The resolver then sends the IP address back to the
· When there is more than one DHCP server on a network segment, a client will client.
begin the DHCP process with the first DHCP server that responds Clients, resolvers and name servers have a DNS cache to store results so that if another client
requests the same domain name it will be a much quicker process.
InternetworkTraining.com
The device needs to first learn the prefix information from the router and then append its own
physical MAC address to form the interface ID.
The world needs to migrate to IPv6 from the current IPv4 protocol
because the we are rapidly exhausting the number of available public Configuring and Verifying Syslog
IP addresses. IPv6 has 3.4 x 10^38 possible addresses.
Syslog is a standard for data logging to a central repository. Messages are labelled with a
IPv6 addresses are 128 bits long compared to 32 bits for IPv4 severity level (one of: Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug).
addresses. They are normally written with hexadecimal digits and
colon separators such as 2004:db8:75a3::8a2e:380:7334 Router#config terminal
They are composed of two logical parts: a 64-bit network prefix, and a Router(config)#logging 192.168.0.30 - Specifies the syslog server - Instructs the
64-bit host part. system to timestamp syslog messages
Router(config)#service timestamps log datetime localtime show-timezone msec
Link-local addresses – Network addresses which are intended for Router(config)#logging facility local3 - Specifies the facility level used by the syslog
communications only within one segment of a LAN. messages
Router(config)#logging trap warning - Specifies the severity level to be logged.
Unique local addresses – Used for routing within sites that are not Router(config)#end
connected to the Internet. They are not routable in the global IPv6
Internet. Similar to IPv4 private addresses. Router#show logging
Syslog logging: enabled (51 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 79000 messages logged
Monitor logging: level debugging, 0 messages logged
Configuring IPv6 Buffer logging: disabled
Trap logging: level warnings, 80000 message lines logged
Logging to 192.168.0.30, 57000 message lines logged
Router(config)#interface FastEthernet 0/0 - Configure the fast Ethernet 0/0
interface
CCNA video tutorials, labs, games and exam prep center
Router(config-if)#ipv6 address
2001:cdba:0000:0000:0000:0000:0000:0001/64 - Assign an IPv6 address to ● Over 10½ hours of high quality CCNA video lessons that cover the whole CCNA
an interface syllabus ready to watch online
● Videos include 30 lab walkthroughs to help you grasp the key configuration techniques
Router(config-if)#ipv6 enable - Enable IPv6 addressing on an interface ● Printable workbooks accompany each lesson to help reinforce the knowledge you’ll
without specifying the IPv6 address learn
with pop quizzes, fill in the blanks and a handy list of commands covered in each video
Router(config)#show ipv6 interface brief - Show the IPv6 addresses for all ● Complete printable IOS configurations for you to recreate in your own lab
interfaces ● 13 interactive games to make learning networking fun
● Master subnetting with our Subnetting Made Easy eBook
Router#show int fa0/0 | inc bia - Show the interface fast Ethernet 0/0 burned ● Practice IOS configurations on our online simulator
in address (bia) ● Get ready for the exam with over 650 practice questions on every CCNA topic
● And over 300 flash cards to help you recall important facts and commands
Router>ping 2001:cdba::2 - Ping an IPv6 address ● Plus download our popular CCNA cheat sheet to help you cram for the exam
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Virtual Private Networks (VPN)
VPNs allow for the creation of private networks across the Internet. They allow remote users to connect to corporate networks securely over the Internet (Remote access
VPN) as well as allowing companies to connect remote offices without requiring dedicated WAN connections (Site-to-site VPN).
HDLC is a point-to-point protocol used on leased-lines. No authentication can be used. HDLC is an ISO-standard, but Cisco’s HDLC format is not compatible with other
implementations. This is the default encapsulation for serial interfaces on Cisco routers.
Cloud Types
Private Cloud
Public Cloud Hybrid Cloud
· Privately shared virtualized resources
· Publicly shared virtualized resources · Combination of Public and Private cloud
· Cluster of dedicated customers
· Supports multiple customers · Some resources use Public cloud while others
· Connectivity over internet, fiber and private network
· Connectivity over the internet use Private cloud
· Suited for secured confidential data and systems
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Quality of Service (QoS) QoS Shaping vs Policing
· QoS Markings - DSCP (Differentiated Services Code Point) at the Network Layer, COS (Class of Policing
Service) at the Data Link Layer
· Protocols - NBAR (Network Based Application Recognition) · Drops exceeding traffic
· Access-Lists - Source/Destination IP addresses, Source/Destination ports (Numbered, named, · Use to limit specific type of traffic stealing bandwidth
standard, extended) · Inbound or outbound
Treatment
802.1X
· Queuing and scheduling - Stores during congestion, forwarding based on QoS markings/priority
· Shaping - Traffic delayed to slow forwarding to shape limit · An IEEE standard for controlling layer 2 access
· Policing - Drops traffic to conform to policed rate · Ability to permit or deny network access based on the
· Marking - Sets QoS values to prioritize traffic types device or identity of the end user
EAPOL RADIUS
Here are the steps you need to troubleshoot in Cisco exams. Start at layer 1 and work your way up the OSI model as
Serial0/0 is up, line protocol is up - The interface is
you troubleshoot.
functioning correctly.
Layer 1
Serial0/0 is down, line protocol is down - This message
Establish the state of your interfaces with show ip interface brief. If necessary issue the no shutdown command to usually represents a physical interface problem. The cable
bring them up. may be disconnected. This can also occur if this interface is
connected to another router whose interface has been
Ensure that there is a clock rate on the DCE interface (use the show controllers serial X command to check what shutdown.
type of cable is attached (X represents the serial interface number).
Serial0/0 is up, line protocol is down - The Physical layer
Layer 2
connectivity is not the issue. The line protocol being down is
Ensure that the correct encapsulation type is set on each interface. For example, HDLC, PPP etc. Check using the either a clocking issue (keepalives) or a mismatch of the
show interface serial X command). Change the encapsulation type in the configuration mode. frame types being used on connected devices.
Make sure the correct networks are being advertized by the routing protocol. Issue the show ip protocols command
to check.
And finally, make sure you can ping directly connected interfaces prior to applying your access lists and routing
Cisco Discovery Protocol (CDP)
protocols.
CDP is a proprietary Cisco protocol to help administrators
document and troubleshoot the network, it only lets you see
General Troubleshooting Commands info about directly connected (neighbour) devices.
13 CCNA Games & Puzzles
Cisco Ping & Response Codes
Troubleshooting Steps Device(config)#cdp timer – How often CDP packets are
Router> ping 172.15.9.1
! Success
transmitted out active interfaces. Default CDP timer = 90
1. Ping 127.0.0.1
. Timed out waiting for reply seconds.
(Loopback)
U Destination unreachable
2. Ping default gateway InternetworkTraining.com
3. Ping remote device
| Ping process interrupted Device(config)#cdp holdtime – How long a device will hold
? Unknown packet type
C Congestion-experienced
CDP packets received from neighbour devices. Default CDP
& Time to live exceeded holdtime = 180 seconds.
Windows DOS Cisco Trace Command & Responses Interfaces Device#show cdp neighbors – Shows info about directly
Troubleshooting
Router> traceroute 172.15.9.1
connected devices: deviceID, local interface, holdtime,
Commands All interfaces are shutdown by capability, platform and remote interface (portID)
· ping 127.0.0.1 * Timed out default until the no shutdown
· tracert
!H Router received packet but did not forward it command is issued on each Device#show cdp neighbor detail – Same output as show
·
N Network unreachable
ipconfig/all interface. cdp neighbors plus IOS version and IP address
P Protocol unreachable
· arp -a U Port unreachable
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
The Spanning Tree Protocol (STP) Spanning Tree States
· Prevents switching loops (loops cause broadcast storms) Blocking – No frames forwarded, BPDUs heard (Prevents looped
· Allows redundant links paths)
· Resilient to topology changes Listening - No frames forwarded, listening for frames
· STA (Spanning Tree Algorithm) - Used to calculate loop-free path Learning - No frames forwarded, learning addresses (MAC table
· BPDUs (Bridge Protocol Data Units) are sent and received by switches in the network every populated)
2 seconds (default) to determine spanning tree topology Forwarding - Frames forwarded, learning addresses (MAC table
populated)
Disabled - No frames forwarded, no BPDUs heard
InternetworkTraining.com
RSTP (Rapid Spanning Tree Protocol) Free CCNA Labs – Online Cisco Simulator
RSTP (802.1w) was designed to provide faster convergence after a topology change. The original
spanning tree takes up to 50 seconds to converge to a stable network whereas RSTP takes 2 seconds.
RSTP was designed to be backwards-compatible with standard STP. Standard IEEE 802.1D-2004
PVSTP (Per-VLAN Spanning Tree Protocol)
incorporates RSTP and makes the original STP standard obsolete. Most implementations of RSTP use
PVSTP is a Cisco proprietary version of Rapid Spanning Tree Protocol.
PVST+, Per VLAN Spanning Tree+.
It creates a spanning tree for each VLAN.
PVST works only with ISL tagging whereas PVST+ standard that is compatible
To enable RSTP for each VLAN in our switched network use the following command:
with 802.1Q encapsulation.
PVST+ is now the default on Cisco switches as ISL is no longer supported.
Switch(config)#spanning-tree mode rapid-pvst
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
EtherChannel
Verifying Switch Operation
EtherChannel is a grouping of several physical links to create a single logical port trunk, it
provides increased bandwidth, load balancing, and fault tolerance. switch(config)#show spanning-tree – Displays priority, root bridge,
Up to eight ports can be grouped in the same logical link, switches see an EtherChannel spanning tree protocol
port as a single port.
switch#show mac address-table – Displays the switches content
addressable memory (CAM) table which it uses to make forwarding decisions
InternetworkTraining.com
CCNA Video Training – Learn the CCNA at Home
APIC-EM
Configure SW1 for EtherChannel Configure EtherChannel on SW2 Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is
Cisco's SDN solution which uses REST APIs. The APIC-EM is the brains
SW1#config terminal SW2#config terminal behind the network and enforces network policies for the entire infrastructure
SW1(config)#interface fastEthernet 0/12 SW2(config)#interface fastEthernet 0/12 through automation. This allows the entire network to be treated as a system.
SW1(config-if)#channel-group 1 mode on SW2(config-if)#channel-group 1 mode on APIC-EM runs on any x86 platform as software or as dedicated appliance.
SW1(config-if)#exit SW2(config-if)#exit
SW1(config)#interface fastEthernet 0/11 SW2(config)#interface fastEthernet 0/11
SW1(config-if)#channel-group 1 mode on SW2(config-if)#channel-group 1 mode on Northbound API - Allows for 3rd party SDN via RESTful APIs
SW2(config-if)#switchport mode trunk SW2(config-if)#switchport mode trunk
SW1(config-if)#exit SW2(config-if)#exit Southbound API - Communicates with network infrastructure
Modular switches offer flexibility, they come in different chassis sizes and allow you to
install various modular expansion cards to increase the number of ports.
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
WLAN Standards
WLANS
Operate in two modes:
802.11a
· Adhoc – To connect directly to another device
· 5GHz spectrum using OFDM · Infrastructure – To connect to the network via an access point (AP)
· Maximum data rate 54Mbps
· up to 23 non-overlapping Channels Service sets:
· Short range – Stay within 20m/75ft to get highest data rate · Service Set Identifier (SSID) – A unique 32-character text identifier for the service set. The
SSID is usually sent out by the AP periodically to enable clients to find it (SSID Beacon)
· Basic Service Set (BSS) – Uses a single AP to create a WLAN (Use a unique SSID)
· Extended Service Set (ESS) – Uses more than one AP, generally overlapping to allow
roaming (All AP within an ESS use the same SSID)
802.11b
· When overlapping access points ensure you use non-overlapping channels to ensure they don’t
· 2.4GHz spectrum using DSSS interfere with one another
· Maximum data rate 11Mbps · At 2.4GHz channels 1, 6 and 11 do not overlap. At 5GHz there are 12 non-overlapping
· 3 non-overlapping channels channels
· Stay within 45m/150ft to get highest data rate · Data transmission rates drop the further you get from the Access Point
· Use Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
· Access Points that operate in mixed mode (802.11b/g) tend to slow down the WLAN
· WLANs suffer from interference which degrades the throughput, can be caused by:
802.11g · Other radio waves
· Obstacles in the way of the signal such as walls, ceilings, floors
· 2.4GHz spectrum using OFDM
· Maximum data rate 54Mbps
· 3 non-overlapping channels
· (backward compatible with 802.11b)
· Stay within 30m/100ft to get highest data rate
Wireless Equivalent Privacy (WEP) – Original IEEE security standard. Offers weak authentication and
encryption. Easily cracked by a hacker. Should not be used anymore. SSID cloaking which stops the SSID
beacon from being broadcast and MAC filtering where used to make WEP more secure.
802.11n
Wi-Fi Protected Access (WPA) – Created by Wi-Fi Alliance as a multivendor WLAN security standard. Uses
· 2.4GHz or 5GHz spectrum using OFDM dynamic key exchange using Temporal Key Integrity Protocol (TKIP). Greatly improved security compared to
· Theoretical maximum data rate 300Mbps WEP. Allows for user authentication using IEEE 802.1X. Due to the Wi-Fi Alliance WPA-certified system
wireless NICs and access points of different vendors should interoperate without problems.
· 3 non-overlapping channels at 2.4GHz or 12 non-
overlapping channels at 5GHz IEEE 802.11i (WPA-2) – IEEE ratified 802.11i in 2005. Not backward compatible with WPA. Uses Advanced
· Uses multiple antennas (MIMO – Multiple-Input Multiple- Encryption Standard (AES) which provides better encryption than WPA. Wi-Fi Alliance refer to 802.11i as
Output technology to increase throughput) WPA-2.
· Long range – High data rates up to 90m/300ft
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
InternetworkTraining.com
Free Cisco CCNA Practice Tests
REST – REpresentational State Transfer
Configuration Management Tools
REST is a software architectural style for creating APIs (Application
Programming Interfaces). Configuration management tools like Chef, Ansible and Puppet are used to automate the
RESTful APIs use HTTP requests to access data in a resource. repetitive tasks of provisioning of app environments on existing server instances. This involves
You connect to the API via an endpoint (URL) and you send scripting the installation of packages, scripts, config files and starting services.
requests using an HTTP verb. The API service will then return a
response. Configuration orchestration tools like Terraform are different, they provision the servers
Most REST APIs use JSON or XML as the message format. themselves but leave the configuration of those servers to other configuration management tools.
Configuration management tools and configuration orchestration tools are often defined as
Infrastructure as Code (IaC).
REST HTTP VERBS
GET – Retrieve items from a resource Depending on the tool, they may use two types of language (procedural or declarative) :
POST – Create a new item in a resource
PUT – Replace an existing item in a resource Procedural style – Step-by-step instructions
PATCH – Update an existing item in a resource Declarative style – Desired end state
DELETE – Delete an existing item in a resource
Benefits:
Portability – Install devices where it is hard to get power. For example, wireless access points, IP
cameras can be positioned to achieve the perfect signal coverage or view point.
Cost Savings – Cost savings can be significant for large scale deployments of wireless access
points or IP cameras, as you can avoid installing power outlets at each location.
Simplicity – You only need to run Ethernet cables to the end devices, which reduces cable clutter.
Easy Maintenance – Moving end-devices is much easier as you aren’t constrained to power outlet
locations. You can also remotely restart the end-devices, so you don’t need to physically access
the device to reset them.
Safer – Since you don’t need to install A/C power outlets for end-devices.
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.