CCNA Cheat Sheet: OSI Model vs. TCP/IP Model OSI Reference Model TCP/IP Model Protocol Suite

OSI Model vs.
TCP/IP Model CCNA Cheat Sheet

TCP/IP Model Protocol Suite Internetworking Essentials
OSI Reference Model
Process/Application layer
Application - Identifying and establishing the FTP - TCP file transfer service – port 20-21
General Troubleshooting
availability of intended communication partner Telnet - Terminal emulation program – port 23 Cisco Ping & Response Codes
and whether there are sufficient resources TFTP - UDP file transfer – port 69 Troubleshooting Steps
SMTP - Send email service – port 25 Router> ping 172.15.9.1
DHCP – Assigns IP addresses to hosts – ports 1. Ping 127.0.0.1 ! Success
Presentation - Data translation, encryption, 67 and 68 . Timed out waiting for reply
(Loopback)
code formatting DNS – Resolves FQDNs to IP addresses – port U Destination unreachable
2. Ping default gateway
53 | Ping process interrupted
HTTP – Foundation of data communication for
3. Ping remote device ? Unknown packet type
Session - Setting up, managing and tearing
down sessions. Keeps application’s data WWW – port 80 C Congestion-experienced
& Time to live exceeded
separate
Host-to-Host layer
Windows DOS Cisco Trace Command & Responses
Transport - Provides end-to-end TCP - Connection-oriented protocol, provides
Troubleshooting
Segment
transport services - establishes logical reliable connections (acknowledgments, flow

Commands Router> traceroute 172.15.9.1
connections between hosts. Connection- control, windowing)
oriented or connectionless data transfer. UDP - Connectionless protocol, low
· ping 127.0.0.1 * Timed out
overhead but unreliable
· !H Router received packet but did not forward it
Protocol Data Units (PDUs)
tracert
·
N Network unreachable
packet
Network - Manages logical addressing ipconfig/all P Protocol unreachable

and path determination Internet layer · arp -a U Port unreachable
IP - connectionless protocol, provides
Data Link - Provides physical network addressing and routing
InternetworkTraining.com
transmission of data, handles error IP Classes
ARP - finds MAC addresses from known IPs 13 CCNA
frame
notification, flow control and network RARP - finds IPs from known MAC
topology. Split into two sub layers (LLC addresses Games & Class Ranges
and MAC) ICMP - provides diagnostics, used by ping Puzzles Class A - 1-126 - network.node.node.node
and traceroute
Online Class B - 128-191 - network.network.node.node
Physical - Specifies electrical, Class C - 192-223 - network.network.network.node
mechanical, procedural and functional
bits
requirements for activating, maintaining Network Access

and deactivating a physical link. Private Address Ranges
Class A - 10.0.0.0 - 10.255.255.255

Class B - 172.16.0.0 - 172.31.255.255
OSI Model Mnemonics Half Duplex Ethernet shares a collision Class C - 192.168.0.0 - 192.168.255.255
Remember OSI Model Layers – All People Seem To Need Data Processing domain resulting in lower throughput
Remember OSI Model PDUs – Did Sally Pack For Bermuda? than Full Duplex Ethernet which CIDR Notation (Classless Inter-Domain Routing)
requires a point-to-point link between
Cisco 3-Layer Hierarchical Model two compatible nodes 255.0.0.0 /8
255.255.240.0 /20
Core - Backbone, common to all users, needs to be as fast as possible and 255.128.0.0 /9
Causes of LAN congestion - Broadcast 255.255.248.0 /21
fault tolerant, avoid ACL, VLAN trunking and packet filtering here. 255.192.0.0 /10
storms, too many hosts with a broadcast 255.255.252.0 /22
255.224.0.0 /11
Distribution - Routing - provides access control policies, filtering, WAN access domain, multicasting, low bandwidth, 255.255.254.0 /23
255.240.0.0 /12
and VLAN trunking bottlenecks 255.255.255.0 /24
255.248.0.0 /13
Access - Switching - User and workgroup access, segmentation 255.255.255.128 /25
255.252.0.0 /14
Collision domain - Switches/bridges 255.255.255.192 /26
255.254.0.0 /15
breakup collision domains, hubs extend 255.255.255.224 /27
Patch Cable Types 255.255.0.0 /16
them 255.255.255.240 /28
255.255.128.0 /17
Straight-through - Connect PC to hub or switch (router to switch or hub) 255.255.255.248 /29
255.255.192.0 /18
Broadcast domains - Routers and 255.255.255.252 /30
Crossover - Connect hub to hub/ switch to switch/PC to PC 255.255.224.0 /19
Rolled - Console connection for PC to router VLANs breakup broadcast domains
© Copyright 2020 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Network Devices Physical Network Topologies
Physical Layer (Layer 1) Devices
Bus Topology
These devices extend collision domains, increase traffic problems and reduce network bandwidth.
· All devices on a single wire (coaxial)
· Transceivers – Connect one media type to another e.g. Fiber to copper · A cable fault can bring network down
· Repeaters – Used to extend the reach of a network segment
· Hubs – These are multiport repeaters. Used to share a single network segment with many devices. Only one device Ring Topology
can transmit at any one time · All devices connect to each other in a circle
· A cable fault can bring network down
Data Link Layer (Layer 2) Devices · Can be configured with a second ring for
Filter traffic on the LAN by MAC (hardware) address. They break up collision domains, increase available bandwidth to redundancy
devices and reduce LAN traffic problems. · Difficult to expand network
· Bridges – Connect two network segments together and filter data between them
· Switches – These work like multiport bridges. Each connected device can transmit simultaneously unlike hubs Star Topology
· Network Interface Cards (NICs) – Allow a device to connect to the network. Contains a unique 48-bit MAC address. · Most common physical topology
· All devices connect to a central hub/switch
· Access Points – These allow devices to connect to the network wirelessly · Cable faults don’t bring the whole network down
· Easily expandable
Network Layer (Layer 3) Devices
· Requires more cabling than bus or ring
Route traffic between networks by logical network addresses. They use path determination to select the best route to a
· Hub/switch is a central point of failure
destination. They break up collision domains and broadcast domains.
· Routers – Connect different networks to one another and make routing decisions based on one or more metrics to
decide the best path Mesh Topology
· Every device is directly connected to every other
device
Network Media (Cabling) · Complete redundancy
· Uses the most cable compared to other topologies
Coaxial Cable · Expanding the network can be problematic
10Base5 (Thicknet) – Original Ethernet cabling media. Up to 500m per segment. Highly resistant to EMI. Uses physical
and logical bus topology with clients connecting using vampire clasps. Data transmission up to 10Mbps. Now obsolete. InternetworkTraining.com
10Base2 (Thinnet) – Replaced Thicknet because it was lighter and thinner and easier to work with. Up to 185m per Free Daily CCNA Practice Questions By Email
segment. Uses physical and logical bus topology with clients attaching using BNC and T connectors. Data transmission up
to 10Mbps. Now obsolete.
Logical Network Topologies
Bus (broadcast) logical topology
Twisted Pair Cable
· Most commonly used logical topology
10BaseT – Uses two-pair unshielded twisted-pair (UTP) wiring. Up to 100m per segment. Uses RJ45 connectors. Physical · Broadcasts data to all nodes on the network
star with logical bus topology. Use EIA/TIA category 3 cable. Data transmission up to 10Mbps.
100BaseTX – Uses two-pair UTP wiring. Up to 100m per segment. Uses RJ45 MII connectors. Physical star with logical
· Contention-based
bus topology. Use EIA/TIA category 5, 6 or 7 cable. Data transmission up to 100Mbps
1000BaseT – Uses four-pair UTP wiring. Up to 100m per segment. Use EIA/TIA category 5 or 5e cable. Data transmission Token (ring) logical topology
up to 1000Mbps · A token is passed from one device to the next
1000BaseCX – Uses copper twisted-pair (twinax). Maximum length 25m.
· Devices can only transmit when they have the
token
Optical Fiber · Each device checks the token to see if the data
inside is for them
100BaseFX – Uses 62.5/125-micron multimode fiber. Maximum length 412m. Uses ST or SC connectors.
1000BaseSX – Uses 62.5/50-micron multimode fiber. Maximum length 220m – 550m.
· Slower than logical bus topology
1000BaseLX – Uses 9-micron single-mode fiber. Maximum length between 3 - 10km. · No longer used
LAN Standards Carrier Sense Multiple Access Collision Avoidance Carrier Sense Multiple Access Collision Detection
(CSMA/CA) (CSMA/CD)
802.3 (Ethernet)
802.3u (Fast Ethernet) · Used in wireless networking ·
· Physical bus/star, Used in wired Ethernet networks
· Physical star, logical · Proactive algorithm · Reactive algorithm
logical bus Start
bus · High overhead Start
· Coaxial or twisted
· Twisted pair
pair
· 100 Mbps Assemble a frame
Assemble a frame
· 10 Mbps
Yes Recovered
802.3ab (Gigabit 802.3z (Gigabit
Ethernet) Ethernet) Is the
No
Wait for random
Is another device
channel idle?
· ·
back-off time
Physical star, Physical star, logical transmitting?
logical bus bus
· Twisted pair · Twisted pair, optical Yes
No
· 1000 Mbps (250 fiber, or twinax
Mbps per pair) · 1000 Mbps Transmit RTS Transmit 1st bit of
frame
802.4 (Token Bus) 802.5 (Token Ring) No
· Physical bus, · Physical ring, logical Collision Collision recovery

CTS Received? Yes
logical ring ring detected? algorithm
· Coaxial · Twisted pair
· 4 Mbps · 4 or 16 Mbps Yes Transmit next
bit of frame No
Transmit Data
No Transmission
EIA/TIA 568A and 568B Standards Finished?
End
Straight-through cable - Use 568B pinouts on Yes
both ends of a cable End
Crossover cable – Use 568A on one end and InternetworkTraining.com
568B on the other end of a cable
Switch Functions Collisions with CSMA/CD
Remembering colours for 568B: 1.) Switches learn MAC addresses When a collision is detected:
“Only Good Boys Get Brownies” 2.) Switches make forwarding/filtering decisions 1.) A jam signal is sent by the hosts trying to send.
Orange, Green, Blue, Green, Brown 3.) Switches perform loop avoidance 2.) All hosts stop transmitting.
3.) All hosts run backoff algorithm to decide a random time to
568A pinouts reverse the orange and green pair. Catalyst Switch Boot Sequence + Operation attempt to retransmit.
1.) POST (error indicated with amber SYST LED). Switch Modes
2.) Load IOS from Flash.
3.) Configuration file copied from NVRAM to RAM. Cut through – Forwards the frame straight after the
4.) Floods all frames it receives out all ports (CAM table destination address has been read. Very fast, but can forward
empty). frames with errors.
5.) Begins to populate CAM table (port address table) as it
learns which devices are attached to its ports. Store and forward – Reads the entire frame prior to
6.) Before forwarding a frame it will check the CAM table, if an forwarding. Performs error an check, but adds latency to
entry exists for the destination address it will forward the transmission. Most new switches use this mode because it
frame out of the port that the destination is connected. If no can cater for hosts running at different speeds.
entry exists it will flood the frame out of all ports.
7.) Will always flood multicast and broadcast messages, Fragment Free – Forwards the frame after reading the first
unicast message are filtered. 64 bytes to avoid forwarding frames with errors.
Switch IOS Commands VLANS
· Offers increased security, ease administration and relocation
Switch(config)#interface fastEthernet 0/3 - Enters interface configuration mode · Breaks up broadcast domains
for fa0/3 · VLANS work at layer 2 and 3 of OSI model
Switch(config)#switchport mode access - Assigns the port to access mode · Communication between VLANs uses layer 3 routing
Switch(config)#switchport port-security - Enables port security on the port · VLAN1 is the management VLAN. All switch ports belong to VLAN1 by default.
Switch(config)#switchport port-security maximum 1 - Specifies the maximum VLAN1 cannot be renamed and should only be used for admin.
hosts that can connect to the port
Switch(config)#switchport port-security mac-address sticky - Specifies that
the first host to connect will 'stick' to the port
Switch(config)#switchport port-security violation shutdown - Specifies what
will happen if a port violation occurs
Static VLANs - Statically assign ports to a VLAN.
Switch#show port-security - Shows a summary of the ports and security on Dynamic VLANs - Ports that can automatically determine their VLAN assignments
those ports based on MAC addresses.
Frame Tagging – Used so switches can identify which VLAN frames belong to.
Switch#show port-security address - Shows the secure MAC address table ISL (Inter-Switch Link) - Cisco's Proprietary frame tagging format. Only compatible
with Cisco switches and routers.
Switch#show mac-address-table - Displays the MAC address table IEEE 802.1Q – Non-proprietary frame tagging standard.
Access Link - Only part of one VLAN (native VLAN of the port), any devices
Switch#show port-security interface fastEthernet 0/3 - Shows the port security attached to an access link are unaware of VLAN membership.
settings for interface fa0/3 Trunk Links - Trunks can carry multiple VLANS. Used to transport VLANS between
routers.
VLAN Trunking Protocol (VTP) InternetworkTraining.com

Free Cisco CCNA Practice Tests
VTP is used to manage VLANs across an internetwork. Providing tracking,
monitoring and reporting of VLANs including Adding, deleting VLANs. Configuring/Verifying VLANs
Requires a VTP server. All switches need to be in the same VTP domain to share
info.
Switch(config)#show vlan - Display current VLANs
Switch(config)#vlan 10 - Create a VLAN with the number 10
Switch(config)#name sales - Give the VLAN a name “sales”
VTP Modes Switch(config-if)#switchport access vlan 10 - Assign an interface to VLAN 10
Server – Default mode for Catalyst switches. Advertises changes to VTP domain. Switch(config)#vtp domain CCNA - Set the VTP domain to “CCNA”
Creates, deletes VLANs. VLAN configs stored in NVRAM Switch(config)#vtp mode server - Set the switch VTP mode to server
Client – learns about and pass along VTP information received from VTP server. Switch(config)#vtp mode client - Set the switch VTP mode to client
Transparent – Not Participating in VTP domain. Forwards VTP adverts, but Switch(config-if)#switchport mode trunk - Set a switch interface to trunk mode
doesn’t share its VLAN database. Used to allow remote switches to receive VTP
Switch#show vtp status - View the VTP status on a switch
information via a switch (transparent) that isn’t participating.
Switch#show vlan brief - Display basic VLAN information
The Routing Process Routing Protocols
1. The Router verifies the frame was intended for the
port on which it was received and checks the frame for Routing Protocol RIP RIPv2 IGRP EIGRP OSPF BGP
errors.
2. The Router removes the frame header and trailer and Type Distance Vector Distance Vector Distance Vector Hybrid Link State Path Vector
compares the destination IP address in the packet to the
routing table. Bellman-Ford Bellman-Ford Bellman-Ford DUAL Dijkstra Best Path
Algorithm
3. If the address does not match an entry, the router
discards the packet. If it matches an entry it forwards the 200 int
Admin Distance 120 120 100 90/170(external) 110
packet to the appropriate interface for delivery. 20 ext
4. The router encapsulates the packet inside a frame on
the interface and applies the next hop hardware Metric Hop Count Hop Count Bandwidth, delay Bandwidth, delay Bandwidth
Path
address. (load, reliability) (load, reliability) attributes
IP Routing Supported Routed IP IP IP IP, IPv6, IPX, IP, IPv6

Protocols AppleTalk IP, IPv6
MAC addresses are only used on the local LAN. If a
frame needs to pass through a router the frame (layer 2 VLSM Support NO YES NO YES YES CIDR
PDU) will change but the packet (layer 3 PDU) is never
changed throughout its journey. The frame carries the Classful Classless Classful Classless Classless Classless
Classless/
packet to either a host on the LAN or a routers interface
only.
Classful
Broadcast updates Multicast updates Cisco proprietary Cisco proprietary
Routing vs. Routed Protocols Other
every 30 secs Every 30 secs
Routing Protocols learn about the internetwork in IP Routing Table

which they are connected and maintain a routing table to Interfaces
enable them to route packets. Router# show ip route
Examples are RIP, OSPF, IGRP, EIGRP.
All interfaces are shutdown by default until the
no shutdown command is issued on each Codes: I - IGRP derived, R - RIP derived, O - OSPF derived,
Routed Protocols are logical network addressing C - connected, S - static, E - EGP derived, B - BGP derived,
schemes used to transmit user data through an interface.
* - candidate default route, IA - OSPF inter area route,
internetwork. i - IS-IS derived, ia - IS-IS, U - per-user static route,
Examples are IP, IPv6. o - on-demand routing, M - mobile, P - periodic downloaded static route,
D - EIGRP, EX - EIGRP external, E1 - OSPF external type 1 route,
InternetworkTraining.com E2 - OSPF external type 2 route, N1 - OSPF NSSA external type 1 route,
N2 - OSPF NSSA external type 2 route
Use Our Online Cisco IOS Simulator
Gateway of last resort is 10.119.254.240 to network 10.140.0.0
Passive Interfaces O E2 172.150.0.0 [160/5] via 10.119.254.6, 0:01:00, Ethernet2
E 172.17.10.0 [200/128] via 10.119.254.244, 0:02:22, Ethernet2
Configuring an interface as a passive interface will disable EIGRP from sending and processing received O E2 172.70.132.0 [160/5] via 10.119.254.6, 0:00:59, Ethernet2
hello’s on the specified interface. When used with OSPF a passive interface does not send or process O E2 10.130.0.0 [160/5] via 10.119.254.6, 0:00:59, Ethernet2
received hello’s thus not forming a neighbor relationship or advertising routes. By default passive interface is E 172.30.0.0 [200/128] via 10.119.254.244, 0:02:22, Ethernet2
disabled on an interface. E 10.129.0.0 [200/129] via 10.119.254.240, 0:02:22, Ethernet2
E 172.80.129.0 [200/128] via 10.119.254.244, 0:02:22, Ethernet2
router#config terminal E 10.10.0.0 [200/128] via 10.119.254.244, 0:02:22, Ethernet2
router(config)#router eigrp 10 E 172.60.139.0 [200/129] via 10.119.254.240, 0:02:23, Ethernet2
router(config-router)#passive interface serial 0 E 172.90.208.0 [200/128] via 10.119.254.244, 0:02:22, Ethernet2
First Hop Redundancy Protocol (FHRP)
A First Hop Redundancy Protocol (FHRP) is a protocol designed to protect the default gateway by
allowing two or more routers to provide backup for the default gateway address. In the event of failure Configuring Router Interfaces
of the active router, the backup router will take over the address.
Router#config terminal - Enter global configuration mode
The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that increases the Router(config)#interface s0/0 - Configure the serial 0/0 interface
availability and reliability of routing paths via automatic default gateway selections on an IP Router(config-if)#ip address 13.0.0.1 255.0.0.0 - Assign an IP address
subnetwork. It is described in IETF publication RFC 5798, which is an open standard. and subnet mask to an interface
Router(config-if)#clock rate 64000 - Configure a clock rate on a DCE
Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol used to establish a
fault-tolerant default gateway.
interface
Router(config-if)#no shutdown - Bring up the interface
Configuring/Verifying OSPFv2
Configure OSPF with a process ID, other routers do not need to be configured with the same
process ID. It is used to name the instance of the OSPF database on the router.
An OSPF area is a group of contiguous routers and networks. OSPF Facts
Router#config t · Classless routing protocol
Router(config)#router ospf 20 · Uses IP protocol 89
Router(config-if)#ip ospf priority 10 - Set the priority which will determine the designated · OSPF uses cost as a metric
OSPF router · Uses Dijkstras Shortest Path First algorithm (SPF)
Router(config-if)#ip ospf cost 25 - Manually set the OSPF link cost · Router ID is the highest IP address
Router(config)#router ospf 10 - Enable OSPF routing protocol using a process ID of 10 · Backbone area is area 0
Router(config-router)#network 172.16.1.0 0.0.0.255 area 0 - Advertise a network using · All non backbone areas must connect directly to area 0
OSPF and assign it to area 0
· Areas can be numbered from 0 to 65535
Router(config-router)#default-information originate - Allow default routes to be
· Multicasts on 224.0.0.5
propagated
Router#show ip ospf neighbor - View the OSPF neighbors

Router#show ip ospf - View general information about the OSPF routing processes
Router#show ip ospf interface - View the OSPF protocol information for the interfaces on OSPF Costs
the router
Router#show ip ospf interface loopback1 - View the OSPF protocol information for the WAN Type_______________________________________ Cost__
loopback1 interface ATM, Fast Ethernet, Gigabit Ethernet, FDDI 1
HSSI (45Mbps) 2
16 Mbps Token Ring 6
show ip ospf - Displays OSPF info for all OSPF processes 10 Mbps Ethernet 10
running on the router 4 Mbps Token Ring 25
T1 (1.544 Mbps) 64
DS-0 (64k) 1562
show ip ospf database - Displays info on the number of OSPF routers in the autonomous 56k 1785
system
show ip ospf neighbor - Displays OSPF neighbours including info regarding their state
show ip ospf interface - Displays OSFP interface info
WAN Facts
Internal Router Components
· Router interfaces are defaulted to Date Terminal Equipment devices (DTE)
Bootstrap - stored in ROM - Brings up router on boot, loads IOS
· Cisco routers have HDLC set as their default serial encapsulation (note: Cisco’s HDLC is
POST - checks router hardware and interfaces on start-up
proprietary)
ROM monitor - Used for testing, troubleshooting
· Default frame relay encapsulation on Cisco routers is Cisco’s Frame Relay encapsulation
Mini-IOS - Small IOS in ROM, used for maintenance
(Only use when connecting to Cisco frame relay switches)
RAM - Holds routing tables, running config, ARP cache
· Data Communication Equipment (DCE) provides the clocking to the router
ROM - Holds POST, bootstrap and Mini-IOS
Flash - Stores IOS
NVRAM - Stores configuration and config register
Config register - Controls how router boots up Configuring NAT (Network Address Translation)
Router(config-if)#ip nat inside - Associate an interface as being inside a network
Router(config-if)#ip nat outside - Associate an interface as being outside a network
Router(config)#ip nat inside source static 192.168.0.1 68.10.150.1 - Configure a static NAT mapping from
the inside local IP address 192.168.0.1 to the inside global IP 68.10.150.1
Router Boot Sequence
Router(config)#no ip nat inside source static 192.168.0.1 68.10.150.1 - Remove the static NAT mapping
1.) POST created earlier
2.) Load IOS from Flash
3.) startup-config copied from NVRAM to RAM Router(config)#ip access-list standard NAT_ADDRESSES - Create a standard named ACL
(If no valid startup-config found it goes to setup mode) Router(config-std-nacl)#permit 192.168.0.1 0.0.0.0 - Permit the IP address 192.168.0.1
Router(config)#ip nat inside source list NAT_ADDRESSES interface serial0 overload - Create an
overloaded NAT mapping using the access control list called NAT_ADDRESSES and assign it to the inside
global interface.
InternetworkTraining.com Router#show ip nat translations - View the NAT translations table to view static and dynamic mappings
Free Cisco CCNA Practice Tests Router#show ip nat statistics - View the NAT statistics
Restore/Backup/Upgrade a Cisco IOS Image

Configuration Register Settings
Router#copy flash tftp - Backup an IOS image to a TFTP server
Router#copy tftp flash – Upgrade or restore an IOS image from a TFTP server
0x2100 – Boot to ROM monitor mode Router#copy running-config startup-config – Save router configuration
0x2102 (Default) – Loads Cisco IOS from Flash and config from NVRAM Router#erase startup-config – Erase router configuration in NVRAM
0x2101 (0x101) – Loads IOS from ROM
0x2142 – Ignore NVRAM contents, used in Password recovery procedure. Router
loads into setup mode Configure/verify NTP (Network Time Protocol)
R2#configure terminal
R2(config)#ntp server 10.117.12.1
R2(config)#end
R2#show ntp associations

Changing and Verifying Configuration Register
address ref clock st when poll reach delay offset disp
*~10.117.12.1 127.127.7.1 3 58 64 7 5.1 -0.93 3875.2
Router(config)#config-register 0x2101 - Change Configuration Register
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
Router#show version – Displays basic system configuration including IOS R2#show clock
version and config register 00:05:18.467 UTC Wed Jul 31 2013
Connecting to a Router via HyperTerminal
IOS Keyboard Shortcuts
1.) Use a rollover cable from PC COM port to console port of Router EXEC Modes
router
2.) Start HyperTerminal Up Arrow Displays your previous commands. (history) Setup mode – Step-by-step configuration dialog
3.) Set bitrate to 9600 and flow control to None TAB Key Completes a partially typed CLI commands. Router> - User EXEC mode for basic monitoring commands
CTRL+Z Takes you back to Privileged EXEC Mode. Router# - Privileged EXEC mode, access to all other router
CTRL+A Places the cursor at the beginning of a line. commands
CTRL+E Places the cursor at the end of a line. Router(config)# - Global configuration mode
Telnet or SSH Command Line Interface CTRL+R Redisplays the current command line. Router(config-if)# - Interface configuration mode
CTRL+W Erases a word (behind the cursor). Router(config-router)# - Routing engine configuration mode
· Telnet is unencrypted, not recommended for remote
CTRL+U Erases an entire line. Router(config-line)# - Line level (vty, tty, async)
connections.
· SSH (Secure Shell) provides a secure remote command configuration mode
line interface (CLI)
· The router IOS needs to support DES or 3DES encryption
for SSH to work.
Setting Passwords
Privileged Passwords
CCNA Video Bootcamp

Setting Hostname, Description
& IP Address Router(config)#enable password nik – set unencrypted password, viewable in config file
Router#config terminal Router(config)#enable secret nik – set encrypted password (overrides enable password)
Router(config)#hostname London
London(config)#banner motd # Telnet Passwords
Welcome to Router London
# Router(config)#line vty 0 4
London(config)#int Ethernet 0 Router(config-line)#password nik
London(config-if)#ip address 1.1.1.1 255.255.0.0 Router(config-line)#login
London(config-if)#no shutdown
London(config-if)#description Accounts LAN Console Password
London#show int e0 – Shows whether the interface is Router(config)#line console 0

shutdown, IP address, send/receive statistics, encapsulation, Router(config-line)# password nik
MAC address. Router(config-line)# login
Disabling Telnet and SSH

Configure Static and Default Routes
Router(config)#line vty 0 4
Router(config)#ip route 13.0.0.0 255.0.0.0 s0 - Create a static route to 13.0.0.0/8 network via Serial Router(config-line)#transport input none
0 interface
Router(config)#ip route 0.0.0.0 0.0.0.0 null0 - Create a default route and send all default traffic to Disabling Telnet and enabling SSH
the 'bit bucket'
Router(config)#ip domain-name internetworktraining.com
Router(config)#crypto key generate rsa
Router#show ip protocols - View routing protocol information on the router
Router(config)#username yourusername secret supersecretpassword
Router#show ip route - View the contents of the routing table. Router(config)#line vty 0 4
Router#show interface s0/0 - Show details about the interface s0/0 (Serial 0/0) Router(config-line)#transport input ssh
Router(config-line)#login local
Network Address Translation (NAT) Configure Standard IP ACLs
Router(config)#access-list 50 deny host 172.17.30.10 - deny
NAT is most often used to hide an entire address Access Control Lists (ACL) any packets from host 172.17.30.10
space, usually a private network, behind a single public
IP address space, thereby conserving valuable IPv4 Router(config)#access-list 50 deny 172.18.30.0 0.0.0.255 –
Access Control Lists are sets of filter statements
addresses which are in short supply. NAT is sometimes deny any host that matches the first three octets
used to:
called IP Masquerading or Network Masquerading.
Router(config)#access-list 50 permit any – Without this last
Types of NAT · Prioritise traffic statement any traffic not denied in the previous statements will
· Restrict or reduce routing updates be implicitly denied!
Static NAT – one-to-one mapping between local and · Provide basic security
global addresses · Block types of traffic Apply standard ACL 50 to Ethernet 0 interface outbound.
Dynamic NAT – map unregistered IP addresses to a
global address from a pool of registered IP addresses Standard ACLs - Don’t distinguish between type Router(config)#int e0
of traffic, just filter based on source IP address. Router(config-if)#ip access-group 50 out
Overloading – maps multiple unregistered IP
addresses to a single globally registered IP address. Place them as close to destination as possible.
Most popular form of NAT (known as Port Address Extended ACLs – Used to filter traffic based on
source IP, destination IP, protocol and port Configure Extended IP ACLs
Translation)
number. Place as close to source of traffic as Router(config)#access-list 100 deny tcp any host
possible. 172.16.30.5 eq 21 – Deny access from any host trying to FTP to
172.16.30.5
NAT Terms · Only one ACL can be assigned per interface
per protocol per direction Router(config)#access-list 100 permit ip any any – Permit all
Inside local - inside source address before translation · ACLs are more efficient on outbound port other traffic
· If a packet does not match any ACL tests then
Outside local - destination host before translation Apply extended ACL 100 to Ethernet 0 interface outbound.
it will be implicitly denied unless your list ends
with permit any Router(config)#int e0
Inside global - inside host after translation · Once a packet matches an ACL statement no Router(config-if)#ip access-group 100 out
other checks are made, it is permitted
Outside global - outside destination host after · If an ACL is created but not applied it won’t
translation Verify ACLs
filter anything
To view access list statements
CEF (Cisco Express Forwarding) show access-list – Displays the ACLs and their contents
on a router
show access-list 100 – Displays the contents of ACL 100
Cisco proprietary protocol layer 3 switching technology To determine what interfaces have ACL applied use
used to enhance the overall network performance. It the following commands:
reduces the overhead and delays introduced by other
routing techniques. show ip interface – Displays which interfaces have ACL
CEF uses an adjacency table to maintain switching ACL Number Ranges applied
information avoiding the need for ARP requests. IP standard access list - 1-99 and 1300-1999
CEF currently supports Ethernet, Frame Relay, ATM, show running-config – Access list statements and the
PPP, FDDI, tunnels, and Cisco HDLC. IP extended access list - 100-199 and 2000-2699 interface they are applied is displayed when you view the
configuration file
Dynamic Host Configuration Protocol (DHCP)
DNS (Domain Name System)
· An Application layer protocol used to automatically assign IP addresses from a
given pool of addresses to devices within the network DNS is an Application layer protocol used resolve (convert) a domain name to an IP
· Routers and servers can be DHCP servers address. An IP address can be associated with one or more fully qualified domain names
· The scope is the pool of IP addresses a DHCP server can assign (FQDN).
· The lease is the amount of time a client is allowed to use the IP address
· Printers, switches, servers and certain other devices need static IP addresses A DNS Request
and those addresses should be excluded from the DHCP scope A client sends a domain name to a local resolver. The resolver queries name servers up to the root
· Clients use a broadcast message to locate a DHCP server therefore a DHCP server until if finds one that holds the record for the requested domain name. The name server then
server is required on each broadcast domain responds to the resolver with the IP address. The resolver then sends the IP address back to the
· When there is more than one DHCP server on a network segment, a client will client.
begin the DHCP process with the first DHCP server that responds Clients, resolvers and name servers have a DNS cache to store results so that if another client
requests the same domain name it will be a much quicker process.
DHCP Lease Process

1.) DHCP Discover – Client requests an IP address
DNS Record Types
· SOA – Start of Authority – Defines the server that owns the zone records
2.) DHCP Offer – DHCP server responds with a lease proposal
3.) DHCP Request – Client asks for an IP address · NS – Name Server – Holds all the DNS records for the namespace
4.) DHCP Ack – DHCP server grants release · A – Maps an IP address to a domain name
· MX – Mail Exchanger – Defines the server that handles email traffic
· CNAME – Canonical Name – Specifies that the domain name is an alias of another
Configuring/Verifying DHCP on a router Configuring IP Access Lists

R1# configure terminal
Router(config)#ip access-list extended BLOCK_TELNET_TFTP - Configure an extended named
R1(config)# service dhcp - Enable DHCP service
access control list called BLOCK_TELNET_TFTP
R1(config)# ip dhcp pool NET-POOL - Create a DHCP pool
R1(dhcp-config)# network 192.168.1.0 255.255.255.0
Router(config-ext-nacl)#deny tcp any any eq telnet - Deny all telnet packets from any source with
R1(dhcp-config)# default-router 192.168.1.1 - Define parameters for clients
any destination
R1(dhcp-config)# dns-server 192.168.1.5 195.170.0.1
R1(dhcp-config)# domain-name internetworktraining.com
Router(config-ext-nacl)#deny udp any host 172.16.0.2 eq tftp - Deny any TFTP traffic from any
R1(dhcp-config)# lease 7
host with the destination 172.16.0.2
R1(dhcp-config)# exit
R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.5
Router(config-ext-nacl)#permit ip any any - Permit any IP traffic
R1(config)# ip dhcp excluded-address 192.168.1.10
Router(config-if)#ip access-group BLOCK_TELNET_TFTP out - Assign a named access control
The 'domain-name' and 'lease' are optional. By default, the lease time is one day.
list called BLOCK_TELNET_TFTP to an outbound interface
R1# show ip dhcp binding
Router(config)#ip access-list standard 10 - Configure a standard access control list and assign it
Bindings from all pools not associated with VRF:
the number 10
IP address Client-ID/ Lease expiration Type Hardware address/User name
192.168.1.6 0100.1e7a.c409 Jan 19 2009 03:06 PM Automatic
Router(config-std-nacl)#deny host 192.168.0.2 - Deny all traffic from host 192.168.0.2
192.168.1.7 0100.1e7a.c3c1 Jan 19 2009 09:00 PM Automatic
192.168.1.8 0100.1ebe.923b Jan 19 2009 02:25 PM Automatic
Router(config-std-nacl)#permit any - Permit any traffic
192.168.1.9 0100.1b53.5ccc Jan 19 2009 02:03 PM Automatic
192.168.1.11 0100.1e7a.261d Jan 19 2009 07:52 PM Automatic
Router(config-if)#ip access-group 10 out - Assign a numbered access control list 10 to an
outbound interface
Free Cisco CCNA Flash Cards
Stateless Autoconfiguration
Internet Protocol Version 6 (IPv6)
Online CCNA Video Bootcamp

Allows devices on a network to give themselves a link-local unicast address.
The device needs to first learn the prefix information from the router and then append its own
physical MAC address to form the interface ID.
The world needs to migrate to IPv6 from the current IPv4 protocol
because the we are rapidly exhausting the number of available public Configuring and Verifying Syslog
IP addresses. IPv6 has 3.4 x 10^38 possible addresses.
Syslog is a standard for data logging to a central repository. Messages are labelled with a
IPv6 addresses are 128 bits long compared to 32 bits for IPv4 severity level (one of: Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug).
addresses. They are normally written with hexadecimal digits and
colon separators such as 2004:db8:75a3::8a2e:380:7334 Router#config terminal
They are composed of two logical parts: a 64-bit network prefix, and a Router(config)#logging 192.168.0.30 - Specifies the syslog server - Instructs the
64-bit host part. system to timestamp syslog messages
Router(config)#service timestamps log datetime localtime show-timezone msec
Link-local addresses – Network addresses which are intended for Router(config)#logging facility local3 - Specifies the facility level used by the syslog
communications only within one segment of a LAN. messages
Router(config)#logging trap warning - Specifies the severity level to be logged.
Unique local addresses – Used for routing within sites that are not Router(config)#end
connected to the Internet. They are not routable in the global IPv6
Internet. Similar to IPv4 private addresses. Router#show logging
Syslog logging: enabled (51 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 79000 messages logged
Monitor logging: level debugging, 0 messages logged
Configuring IPv6 Buffer logging: disabled
Trap logging: level warnings, 80000 message lines logged
Logging to 192.168.0.30, 57000 message lines logged
Router(config)#interface FastEthernet 0/0 - Configure the fast Ethernet 0/0
interface
CCNA video tutorials, labs, games and exam prep center
Router(config-if)#ipv6 address
2001:cdba:0000:0000:0000:0000:0000:0001/64 - Assign an IPv6 address to ● Over 10½ hours of high quality CCNA video lessons that cover the whole CCNA
an interface syllabus ready to watch online
● Videos include 30 lab walkthroughs to help you grasp the key configuration techniques
Router(config-if)#ipv6 enable - Enable IPv6 addressing on an interface ● Printable workbooks accompany each lesson to help reinforce the knowledge you’ll
without specifying the IPv6 address learn
with pop quizzes, fill in the blanks and a handy list of commands covered in each video
Router(config)#show ipv6 interface brief - Show the IPv6 addresses for all ● Complete printable IOS configurations for you to recreate in your own lab
interfaces ● 13 interactive games to make learning networking fun
● Master subnetting with our Subnetting Made Easy eBook
Router#show int fa0/0 | inc bia - Show the interface fast Ethernet 0/0 burned ● Practice IOS configurations on our online simulator
in address (bia) ● Get ready for the exam with over 650 practice questions on every CCNA topic
● And over 300 flash cards to help you recall important facts and commands
Router>ping 2001:cdba::2 - Ping an IPv6 address ● Plus download our popular CCNA cheat sheet to help you cram for the exam
Virtual Private Networks (VPN)
VPNs allow for the creation of private networks across the Internet. They allow remote users to connect to corporate networks securely over the Internet (Remote access
VPN) as well as allowing companies to connect remote offices without requiring dedicated WAN connections (Site-to-site VPN).
High-Level Data-Link Control (HDLC)
HDLC is a point-to-point protocol used on leased-lines. No authentication can be used. HDLC is an ISO-standard, but Cisco’s HDLC format is not compatible with other
implementations. This is the default encapsulation for serial interfaces on Cisco routers.
Single vs Dual-Homed WAN
Single-homed - A single link to ISP. Link failure results in loss of connectivity.

Dual-homed – Connected with two links to the same ISP, either by single router or two edge routers. Provides resiliency, primary and backup link, or load sharing between
the two links.
Multi-homed – Connected to two or more ISPs, either by single router or two edge routers. Provides persistent connectivity in event of ISP outage, load sharing
between ISPs.
Cloud Types
Private Cloud
Public Cloud Hybrid Cloud
· Privately shared virtualized resources
· Publicly shared virtualized resources · Combination of Public and Private cloud
· Cluster of dedicated customers
· Supports multiple customers · Some resources use Public cloud while others
· Connectivity over internet, fiber and private network
· Connectivity over the internet use Private cloud
· Suited for secured confidential data and systems
Cloud Computing Stack
SaaS (Software as a Service) PaaS (Platform as a Service)

IaaS (Infrastructure as a Service)
Hosted apps that are only accessed only via the Hosted development platform for deploying SaaS
Pay for use of IT resources of owning them
Internet Apps
Quality of Service (QoS) QoS Shaping vs Policing
· Prioritize traffic e.g. Voice Shaping

· Manage and avoid network congestion
· Control bandwidth usage · Buffers exceeding traffic
· Use to match bandwidth with WAN link
Classifications · Outbound only
· QoS Markings - DSCP (Differentiated Services Code Point) at the Network Layer, COS (Class of Policing
Service) at the Data Link Layer
· Protocols - NBAR (Network Based Application Recognition) · Drops exceeding traffic
· Access-Lists - Source/Destination IP addresses, Source/Destination ports (Numbered, named, · Use to limit specific type of traffic stealing bandwidth
standard, extended) · Inbound or outbound
Treatment
802.1X
· Queuing and scheduling - Stores during congestion, forwarding based on QoS markings/priority
· Shaping - Traffic delayed to slow forwarding to shape limit · An IEEE standard for controlling layer 2 access
· Policing - Drops traffic to conform to policed rate · Ability to permit or deny network access based on the
· Marking - Sets QoS values to prioritize traffic types device or identity of the end user
EAPOL RADIUS
AAA (Authentication, Authorization, Accounting) Authentication

Supplicant Authenticator
Server
AAA protocols RADIUS and TACACS+ provides centralized authentication to avoiding having to
maintain access policies on separate devices.
· The Supplicant is the end user.
· Authentication verifies the identity of a user. · The Authenticator is the access layer switch, which will
· Authorization allows a user to access resources based on roles or permissions/privileges. grant or deny access.
· Accounting/Auditing allows for logging usage. · The Authentication server validates the credentials
supplied by the supplicant and determines what access to
TACACS+ is a Cisco proprietary version of TACACS, whereas RADIUS is an open standard. give the end user.
RADIUS combines both Authentication and Authorization whereas TACACS+ separates out the
Authorization functionality. EAP (Extensible Authentication Protocol) is the message
format and framework used by 802.1X that provides a way of
the supplicant and the authenticator to negotiate an
authentication method.
Common Application Impact on Network Resources EALoL (EAP over LAN) is an encapsulation defined by
VoIP and Video conferencing - Requires QoS to prioritize traffic and avoid jitter.
802.1X allowing for the transport of EAP from the supplicant to
Video - Required lots of bandwidth the authenticator over a LAN.
SaaS (Software as a Service) Applications - These require always on reliable internet connections (e.g. Point-of-
Sale software, email, financial trading) RADIUS is the de facto standard for communication between
the authenticator (switch) and the authentication server.
Troubleshooting Guide
Troubleshooting Interface Problems
Always use a methodical and systematic approach to troubleshooting networks. Troubleshooting in the exam is
easier because they can't simulate broken cables or damaged connectors etc.
Here are the steps you need to troubleshoot in Cisco exams. Start at layer 1 and work your way up the OSI model as
Serial0/0 is up, line protocol is up - The interface is
you troubleshoot.
functioning correctly.
Layer 1
Serial0/0 is down, line protocol is down - This message
Establish the state of your interfaces with show ip interface brief. If necessary issue the no shutdown command to usually represents a physical interface problem. The cable
bring them up. may be disconnected. This can also occur if this interface is
connected to another router whose interface has been
Ensure that there is a clock rate on the DCE interface (use the show controllers serial X command to check what shutdown.
type of cable is attached (X represents the serial interface number).
Serial0/0 is up, line protocol is down - The Physical layer
Layer 2
connectivity is not the issue. The line protocol being down is
Ensure that the correct encapsulation type is set on each interface. For example, HDLC, PPP etc. Check using the either a clocking issue (keepalives) or a mismatch of the
show interface serial X command). Change the encapsulation type in the configuration mode. frame types being used on connected devices.
Layer 3 Serial0/0 is administratively down, line protocol is down -

The interface has been manually shutdown using the
Check the IP address on each interface and don't forget to also check the subnet masks as this is a common shutdown command.
problem that arises on the exam.
Make sure the correct networks are being advertized by the routing protocol. Issue the show ip protocols command
to check.
And finally, make sure you can ping directly connected interfaces prior to applying your access lists and routing
Cisco Discovery Protocol (CDP)
protocols.
CDP is a proprietary Cisco protocol to help administrators
document and troubleshoot the network, it only lets you see
General Troubleshooting Commands info about directly connected (neighbour) devices.
13 CCNA Games & Puzzles
Cisco Ping & Response Codes
Troubleshooting Steps Device(config)#cdp timer – How often CDP packets are
Router> ping 172.15.9.1
! Success
transmitted out active interfaces. Default CDP timer = 90
1. Ping 127.0.0.1
. Timed out waiting for reply seconds.
(Loopback)
U Destination unreachable
2. Ping default gateway InternetworkTraining.com
3. Ping remote device
| Ping process interrupted Device(config)#cdp holdtime – How long a device will hold
? Unknown packet type
C Congestion-experienced
CDP packets received from neighbour devices. Default CDP
& Time to live exceeded holdtime = 180 seconds.
Windows DOS Cisco Trace Command & Responses Interfaces Device#show cdp neighbors – Shows info about directly
Troubleshooting
Router> traceroute 172.15.9.1
connected devices: deviceID, local interface, holdtime,
Commands All interfaces are shutdown by capability, platform and remote interface (portID)
· ping 127.0.0.1 * Timed out default until the no shutdown
· tracert
!H Router received packet but did not forward it command is issued on each Device#show cdp neighbor detail – Same output as show
·
N Network unreachable
ipconfig/all interface. cdp neighbors plus IOS version and IP address
P Protocol unreachable
· arp -a U Port unreachable
The Spanning Tree Protocol (STP) Spanning Tree States
· Prevents switching loops (loops cause broadcast storms) Blocking – No frames forwarded, BPDUs heard (Prevents looped
· Allows redundant links paths)
· Resilient to topology changes Listening - No frames forwarded, listening for frames
· STA (Spanning Tree Algorithm) - Used to calculate loop-free path Learning - No frames forwarded, learning addresses (MAC table
· BPDUs (Bridge Protocol Data Units) are sent and received by switches in the network every populated)
2 seconds (default) to determine spanning tree topology Forwarding - Frames forwarded, learning addresses (MAC table
populated)
Disabled - No frames forwarded, no BPDUs heard
Spanning Tree Algorithm (STA)

STA is used to calculate a loop-free path. Rapid Spanning Tree Protocol States
All switch ports are in blocking mode to begin with. It takes approx 50 seconds until frames can be Discarding – No user data is sent over the switch port
forwarded. Learning – No frames forwarded, learning addresses (MAC table
populated)
Step 1 : Elect Root Bridge - Lowest bridge priority, if there is a tie then switch with lowest bridge ID
Step 2 : Elect Root Ports - Locate redundant paths to root bridge; block all but on root. Root Path Cost is
Forwarding – Switch port is fully operational
cumulative cost of path to root bridge. Ports directly connected to Root Bridge will be root ports, otherwise
lowest root path cost used.
Step 3 : Elect Designated Ports - Single port that sends and receives traffic from a switch to and from Root
Bridge - Lowest cost path to Root Bridge. Rapid Spanning Tree Protocol Bridge Port Roles
Root – A forwarding port that is the best port from Nonroot-bridge to Root
bridge
Designated – A forwarding port for every LAN segment
Configuring STP (Spanning Tree Protocol) Alternate – An alternate path to the root bridge. This path is different than
using the root port
Switch#show spanning-tree vlan 1 - Show details about the spanning tree instance on VLAN 1 Backup – A backup/redundant path to a segment where another bridge port
Switch#show spanning-tree int fa0/10 - Show details about the spanning tree for a particular port already connects
Switch(config)#spanning-tree vlan 1 priority 4096 - Change the bridge priority on VLAN 1 Disabled – Not strictly part of STP, a network administrator can manually
Switch(config)#no spanning-tree vlan 1 - Disable spanning tree protocol disable a port
RSTP (Rapid Spanning Tree Protocol) Free CCNA Labs – Online Cisco Simulator
RSTP (802.1w) was designed to provide faster convergence after a topology change. The original
spanning tree takes up to 50 seconds to converge to a stable network whereas RSTP takes 2 seconds.
RSTP was designed to be backwards-compatible with standard STP. Standard IEEE 802.1D-2004
PVSTP (Per-VLAN Spanning Tree Protocol)
incorporates RSTP and makes the original STP standard obsolete. Most implementations of RSTP use
PVSTP is a Cisco proprietary version of Rapid Spanning Tree Protocol.
PVST+, Per VLAN Spanning Tree+.
It creates a spanning tree for each VLAN.
PVST works only with ISL tagging whereas PVST+ standard that is compatible
To enable RSTP for each VLAN in our switched network use the following command:
with 802.1Q encapsulation.
PVST+ is now the default on Cisco switches as ISL is no longer supported.
Switch(config)#spanning-tree mode rapid-pvst
EtherChannel
Verifying Switch Operation
EtherChannel is a grouping of several physical links to create a single logical port trunk, it
provides increased bandwidth, load balancing, and fault tolerance. switch(config)#show spanning-tree – Displays priority, root bridge,
Up to eight ports can be grouped in the same logical link, switches see an EtherChannel spanning tree protocol
port as a single port.
switch#show mac address-table – Displays the switches content
addressable memory (CAM) table which it uses to make forwarding decisions
CCNA Video Training – Learn the CCNA at Home
APIC-EM
Software Defined Networking (SDN) provides APIs (Application Programming

Interface) allowing multiple vendors to interact with the network infrastructure.
Configure SW1 for EtherChannel Configure EtherChannel on SW2 Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is
Cisco's SDN solution which uses REST APIs. The APIC-EM is the brains
SW1#config terminal SW2#config terminal behind the network and enforces network policies for the entire infrastructure
SW1(config)#interface fastEthernet 0/12 SW2(config)#interface fastEthernet 0/12 through automation. This allows the entire network to be treated as a system.
SW1(config-if)#channel-group 1 mode on SW2(config-if)#channel-group 1 mode on APIC-EM runs on any x86 platform as software or as dedicated appliance.
SW1(config-if)#exit SW2(config-if)#exit
SW1(config)#interface fastEthernet 0/11 SW2(config)#interface fastEthernet 0/11
SW1(config-if)#channel-group 1 mode on SW2(config-if)#channel-group 1 mode on Northbound API - Allows for 3rd party SDN via RESTful APIs
SW2(config-if)#switchport mode trunk SW2(config-if)#switchport mode trunk
SW1(config-if)#exit SW2(config-if)#exit Southbound API - Communicates with network infrastructure
SW1#show interface port-channel 1
Switch Stack & Chassis Switches
Stacked switches effectively operate as one switch.

Cisco StackWise switches can be interconnected using a special cable that provides high-
bandwidth throughput between the switches.
You can interconnect up to 9 StackWise switches to the fully redundant backplan.
Modular switches offer flexibility, they come in different chassis sizes and allow you to
install various modular expansion cards to increase the number of ports.
WLAN Standards
WLANS
Operate in two modes:
802.11a
· Adhoc – To connect directly to another device
· 5GHz spectrum using OFDM · Infrastructure – To connect to the network via an access point (AP)
· Maximum data rate 54Mbps
· up to 23 non-overlapping Channels Service sets:
· Short range – Stay within 20m/75ft to get highest data rate · Service Set Identifier (SSID) – A unique 32-character text identifier for the service set. The
SSID is usually sent out by the AP periodically to enable clients to find it (SSID Beacon)
· Basic Service Set (BSS) – Uses a single AP to create a WLAN (Use a unique SSID)
· Extended Service Set (ESS) – Uses more than one AP, generally overlapping to allow
roaming (All AP within an ESS use the same SSID)
802.11b
· When overlapping access points ensure you use non-overlapping channels to ensure they don’t
· 2.4GHz spectrum using DSSS interfere with one another
· Maximum data rate 11Mbps · At 2.4GHz channels 1, 6 and 11 do not overlap. At 5GHz there are 12 non-overlapping
· 3 non-overlapping channels channels
· Stay within 45m/150ft to get highest data rate · Data transmission rates drop the further you get from the Access Point
· Use Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
· Access Points that operate in mixed mode (802.11b/g) tend to slow down the WLAN
· WLANs suffer from interference which degrades the throughput, can be caused by:
802.11g · Other radio waves
· Obstacles in the way of the signal such as walls, ceilings, floors
· 2.4GHz spectrum using OFDM
· Maximum data rate 54Mbps
· 3 non-overlapping channels
· (backward compatible with 802.11b)
· Stay within 30m/100ft to get highest data rate
Wireless Equivalent Privacy (WEP) – Original IEEE security standard. Offers weak authentication and
encryption. Easily cracked by a hacker. Should not be used anymore. SSID cloaking which stops the SSID
beacon from being broadcast and MAC filtering where used to make WEP more secure.
802.11n
Wi-Fi Protected Access (WPA) – Created by Wi-Fi Alliance as a multivendor WLAN security standard. Uses
· 2.4GHz or 5GHz spectrum using OFDM dynamic key exchange using Temporal Key Integrity Protocol (TKIP). Greatly improved security compared to
· Theoretical maximum data rate 300Mbps WEP. Allows for user authentication using IEEE 802.1X. Due to the Wi-Fi Alliance WPA-certified system
wireless NICs and access points of different vendors should interoperate without problems.
· 3 non-overlapping channels at 2.4GHz or 12 non-
overlapping channels at 5GHz IEEE 802.11i (WPA-2) – IEEE ratified 802.11i in 2005. Not backward compatible with WPA. Uses Advanced
· Uses multiple antennas (MIMO – Multiple-Input Multiple- Encryption Standard (AES) which provides better encryption than WPA. Wi-Fi Alliance refer to 802.11i as
Output technology to increase throughput) WPA-2.
· Long range – High data rates up to 90m/300ft
Free Cisco CCNA Practice Tests
REST – REpresentational State Transfer
Configuration Management Tools
REST is a software architectural style for creating APIs (Application
Programming Interfaces). Configuration management tools like Chef, Ansible and Puppet are used to automate the
RESTful APIs use HTTP requests to access data in a resource. repetitive tasks of provisioning of app environments on existing server instances. This involves
You connect to the API via an endpoint (URL) and you send scripting the installation of packages, scripts, config files and starting services.
requests using an HTTP verb. The API service will then return a
response. Configuration orchestration tools like Terraform are different, they provision the servers
Most REST APIs use JSON or XML as the message format. themselves but leave the configuration of those servers to other configuration management tools.
Configuration management tools and configuration orchestration tools are often defined as
Infrastructure as Code (IaC).
REST HTTP VERBS
GET – Retrieve items from a resource Depending on the tool, they may use two types of language (procedural or declarative) :
POST – Create a new item in a resource
PUT – Replace an existing item in a resource Procedural style – Step-by-step instructions
PATCH – Update an existing item in a resource Declarative style – Desired end state
DELETE – Delete an existing item in a resource
JSON Example PoE (Power over Ethernet)

Power over Ethernet (PoE) is a wired Ethernet technology for LANs that allows the electrical
current necessary for the operation of each device to be carried by the Ethernet data cables rather
than by power cords.
As the Ethernet cable carries both data and current together to operate devices this minimizes the
number of wires that must be strung in order to install the network. As the devices don’t need to be
located in reach of a power outlet it also allows for optimal positioning of access points, cameras
and other PoE-enabled devices.
Benefits:
Portability – Install devices where it is hard to get power. For example, wireless access points, IP
cameras can be positioned to achieve the perfect signal coverage or view point.
Cost Savings – Cost savings can be significant for large scale deployments of wireless access
points or IP cameras, as you can avoid installing power outlets at each location.
Simplicity – You only need to run Ethernet cables to the end devices, which reduces cable clutter.
Easy Maintenance – Moving end-devices is much easier as you aren’t constrained to power outlet
locations. You can also remotely restart the end-devices, so you don’t need to physically access
the device to reset them.
Safer – Since you don’t need to install A/C power outlets for end-devices.

CCNA Cheat Sheet: OSI Model vs. TCP/IP Model OSI Reference Model TCP/IP Model Protocol Suite

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNA Cheat Sheet: OSI Model vs. TCP/IP Model OSI Reference Model TCP/IP Model Protocol Suite

Uploaded by

Copyright:

Available Formats

OSI Model vs.

TCP/IP Model CCNA Cheat Sheet

transport services - establishes logical reliable connections (acknowledgments, flow

Network - Manages logical addressing ipconfig/all P Protocol unreachable

requirements for activating, maintaining Network Access

Class A - 10.0.0.0 - 10.255.255.255

802.4 (Token Bus) 802.5 (Token Ring) No

· Physical bus, · Physical ring, logical Collision Collision recovery

VLAN Trunking Protocol (VTP) InternetworkTraining.com

IP Routing Supported Routed IP IP IP IP, IPv6, IPX, IP, IPv6

Routing Protocols learn about the internetwork in IP Routing Table

Router#show ip ospf neighbor - View the OSPF neighbors

show ip ospf interface - Displays OSFP interface info

Restore/Backup/Upgrade a Cisco IOS Image

R2#show ntp associations

CCNA Video Bootcamp

London#show int e0 – Shows whether the interface is Router(config)#line console 0

Disabling Telnet and SSH

show access-list 100 – Displays the contents of ACL 100

DHCP Lease Process

Configuring/Verifying DHCP on a router Configuring IP Access Lists

Online CCNA Video Bootcamp

High-Level Data-Link Control (HDLC)

Single vs Dual-Homed WAN

Single-homed - A single link to ISP. Link failure results in loss of connectivity.

Cloud Computing Stack

SaaS (Software as a Service) PaaS (Platform as a Service)

· Prioritize traffic e.g. Voice Shaping

AAA (Authentication, Authorization, Accounting) Authentication

Layer 3 Serial0/0 is administratively down, line protocol is down -

Spanning Tree Algorithm (STA)

Software Defined Networking (SDN) provides APIs (Application Programming

SW1#show interface port-channel 1

Switch Stack & Chassis Switches

Stacked switches effectively operate as one switch.

JSON Example PoE (Power over Ethernet)

You might also like