Ccna 200 - 125

CCNA
(200 - 125)
Page 1 of 91
ATN Education copy rights @ 2018
CCNA
(200 - 125)
Contents
CISCO DEVICE SYMBOLS ....................................................................................................................... 6
CISCO System History ............................................................................................................................. 7
CISCO Career Certification ...................................................................................................................... 7
The Network ................................................................................................................................................. 7
Network Devices ................................................................................................................................... 8
Collision Domain ...................................................................................................................................... 9
Broadcast Domain ..................................................................................................................................... 9
Types of Networks .................................................................................................................................. 10
LAN (Local Area Network) ................................................................................................................ 10
WAN (Wide Area Network) ............................................................................................................... 10
MAN (Metropolitan Area Network) ................................................................................................... 10
TAN (Tiny Area Network) ................................................................................................................. 10
CAN (Campus Area Network) ............................................................................................................ 10
SAN (Storage Area Network) ............................................................................................................. 10
PAN (Personal Area Network) ........................................................................................................... 10
HAN (Home Area Network) ............................................................................................................... 10
Telecommunications methods ................................................................................................................ 11
Addressing method ................................................................................................................................. 11
Internet Protocol (IP) Addressing ........................................................................................................... 12
Versions of IP address......................................................................................................................... 12
IP Types .................................................................................................................................................. 13
IP Ranges ................................................................................................................................................ 13
IP Scopes................................................................................................................................................. 14
MAC Address (Media Access Control) .................................................................................................. 14
Subnetting ............................................................................................................................................... 15
Converting decimal into binary........................................................................................................... 15
Subnet Mask........................................................................................................................................ 16
Router Booting Process........................................................................................................................... 18
Basic Command-line Interface................................................................................................................ 19
Troubleshooting and Show commands ................................................................................................... 20
Secure CISCO Router and Switch .......................................................................................................... 21
Cisco Discovery Protocol (CDP) ............................................................................................................ 22
Page 2 of 91
CCNA
(200 - 125)
Link Layer Discovery protocol (LLDP) /IEEE 802.1AB .......................................... 23

Trivially File Transfer Protocol (TFTP) .................................................................... 23
Cabling .................................................................................................................................................... 24
Network Technician Tool kits ................................................................................................................ 25
Network Reference model .......................................................................................................................... 26
Open System Interconnecting ................................................................................................................. 27
Protocol data unit (PDUs) ................................................................................................................... 27
Switching ................................................................................................................................................ 33
Address Resolution Protocol (ARP) ................................................................................................... 34
Spanning-Tree Protocol (STP) ................................................................................................................ 35
How to STP works? ............................................................................................................................ 35
STP port cost ....................................................................................................................................... 35
Bridge Protocol Data Unit (BPDU) .................................................................................................... 37
STP port stages ................................................................................................................................... 37
Verifying spanning-tree ...................................................................................................................... 37
Spanning-tree port fast ........................................................................................................................ 38
Uplink fast ........................................................................................................................................... 38
Backbone fast ...................................................................................................................................... 39
RSTP ....................................................................................................................................................... 40
VLAN ..................................................................................................................................................... 41
TYPES of VLANs .............................................................................................................................. 42
TRUNKING ............................................................................................................................................ 43
INTER-VLAN Routing....................................................................................................................... 44
Inter VLAN Routing with MLS (Multilayer- switch)......................................................................... 45
VTP (Virtual Trunking Protocol) ........................................................................................................ 46
Ether channel .......................................................................................................................................... 48
PORT SECURITY .................................................................................................................................. 49
Routing.................................................................................................................................................... 51
Interior Gateway Protocol (IGB) ........................................................................................................ 52
Exterior Gateway Protocol (EGP)....................................................................................................... 52
Static route .......................................................................................................................................... 53
Default route ....................................................................................................................................... 54
Dynamic routing protocol ................................................................................................................... 54
RIP (Routing Information Protocol) ................................................................................................... 55
Page 3 of 91
CCNA
(200 - 125)
EIGRP (Enhanced Interior Gateway Routing Protocol) ........................................ 57

OSPF (Open Shortest Path First) ........................................................................... 59
OSPF in Broadcast system .................................................................................................................. 63
ACCESS CONTROL LIST .................................................................................................................... 64
NAT & PAT............................................................................................................................................ 65
NAT (Network Address Translation) ................................................................................................. 65
PAT (Port address Translation)........................................................................................................... 67
IPV6 ........................................................................................................................................................ 68
Shorting IPV6 address ........................................................................................................................ 68
Types of IPV6 address ........................................................................................................................ 69
IPV6 Routing ...................................................................................................................................... 70
IPV6 routing types .............................................................................................................................. 70
Static & default routing ....................................................................................................................... 70
RIPng .................................................................................................................................................. 71
F H R P ................................................................................................................................................... 73
DHCP (Dynamic Host Configuration Protocol) ..................................................................................... 74
DHCP process ..................................................................................................................................... 75
SPAN (Switchport Analyzer).................................................................................................................. 75
Quality of services (QOS) ....................................................................................................................... 76
WAN ....................................................................................................................................................... 78
............................................................................................................................................................ 78
Leased line .......................................................................................................................................... 79
Packet switched ................................................................................................................................... 79
Virtual circuit ...................................................................................................................................... 79
Frame Relay Topologies ..................................................................................................................... 80
Modern WAN Connection .................................................................................................................. 81
Metro Ethernet Client.......................................................................................................................... 82
Virtual Private Network (VPN) .............................................................................................................. 82
VPN Types .......................................................................................................................................... 82
Data Confidentiality ............................................................................................................................ 83
Data Integrity ...................................................................................................................................... 83
Data Origin Authentication ................................................................................................................. 83
VSAT (Very Small Aperture Terminal) ............................................................................................. 83
How VSAT work .................................................................................................................................... 83
Page 4 of 91
CCNA
(200 - 125)
Option to Connect an Internet .................................................................................... 83

Dial – Up Internet Access ...................................................................................... 83
DSL (Digital Subscriber Line) ............................................................................................................ 83
Cable ....................................................................................................................................................... 84
Internet connection using cable........................................................................................................... 84
VPN over Internet ............................................................................................................................... 84
DMVPN (Dynamic Multipoint VPN) ................................................................................................. 85
IPsec VPN ............................................................................................................................................... 86
VPN Example ..................................................................................................................................... 86
What is IPsec? ..................................................................................................................................... 86
VPN types ........................................................................................................................................... 87
Monitoring .............................................................................................................................................. 88
SYS log ............................................................................................................................................... 88
SNMP (simple network management protocol) .................................................................................. 88
AAA (authentication authorization accounting) ..................................................................................... 89
External authentication with using AAA ............................................................................................ 89
AAA .................................................................................................................................................... 89
Server based AAA authentication ....................................................................................................... 89
Local vs Sever based authentication ....................................................................................................... 90
Local authentication ............................................................................................................................ 90
Sever based authentication .................................................................................................................. 90
Layer 2 security........................................................................................................................................... 91
Page 5 of 91
CCNA
(200 - 125)
CISCO DEVICE SYMBOLS
Page 6 of 91
CCNA
(200 - 125)
CISCO System History

➢ CISCO Systems was founded in December 1984 by Leonard Bosack,
who was in charge of the Stanford University computer science department computers,
and Sandy Lerner, who managed the Graduate School of Business computers.
➢ CISCO is a Vendor company.
CISCO Career Certification

➢ CISCO Systems also sponsors a line of IT professional certifications for CISCO’s products.
There are five levels of certification: Entry (CCENT), Associate (CCNA / CCDA), Professional
(CCNP / CCDP), Expert (CCIE / CCDE), and recently Architect (CCAr). These certifications are
available in different paths such as, Routing & Switching, Design, Network Security, Service
Provider, Service Provider Operations, Storage Networking, Collaboration, Datacenter, Voice and
Wireless.
The Network
What is Network?
➢ Network is an interconnection between two or more computers or devices for the purpose
of sharing resources.
Resources
Hardware Software Information
Page 7 of 91
CCNA
(200 - 125)
Network Devices
▪ Network Devices are the components that are used to interconnect
multiple computing devices to form a network, in order to share files or resources.
Repeater
o An electronic device that receives incoming electrical or wireless or optical signals that
are weak or lower in strength and retransmits it at a higher level or higher power. The
physical layer of the OSI model (Layer 1).
Hub
o It is a device which is used to connect multiple computers in order to create a single LAN
network. A hub has 4, 8, 12, 24, 48 ports. This is belongs to physical layer of the OSI
model (Layer 1).
Bridge
o It is a device which is used to connect to different computing device and also used to
divide a large network into small segments. This is belongs to Data Link layer of the OSI
reference model (Layer 2).
Switch
o A network switch generally contains more intelligence. Switches are capable of
inspecting data packets as they are received by determining the source and destination
devices of each packet, and forwarding them appropriately. By delivering messages only
to the connected device intended. Switch operates at the Data Link layer of the OSI
model (Layer 2).
Router
o Routers are used to connect two or more networks together. Routers have sophisticated
routing table which can determine the best route to get information from one network to
another. Routers are used to create separate broadcast domains. Routers belongs to the
Network Layer of the OSI model (Layer 3).
Page 8 of 91
CCNA
(200 - 125)
Comparison between Hub, Switch and Router)
HUB SWITCH ROUTER
Single collision domain Each port has a collision domain Each port has a collision domain
Single broadcast domain Single broadcast domain Each port has a broadcast domain
Unmanageable Manageable and unmanageable Manageable and unmanageable
No security In – built security In – built security
Collision Domain
• A collision domain is a set of interfaces for which a frame is sent by one interface could
result in a collision with a frame sent by any other interfaces in the same collision
domain.
Broadcast Domain
• A broadcast domain is a set of interfaces for which a broadcast frame is sent by one
interface and it’s received by all other interfaces in the same broadcast domain.
Page 9 of 91
CCNA
(200 - 125)
Types of Networks
LAN (Local Area Network)
• LAN is a network which is implemented in a single geographical location.
WAN (Wide Area Network)

• WAN is a network which is implemented among two or more geographical location.
MAN (Metropolitan Area Network)

• A WAN implemented in a city by using fiber optic cables can be identified as MAN.
TAN (Tiny Area Network)
• A LAN implemented by using maximum number of FIVE computers can be identified as
TAN.
CAN (Campus Area Network)
• A WAN is implemented among universities or schools or military campus is called as
CAN.
SAN (Storage Area Network)
• A WAN’s backup network
PAN (Personal Area Network)
• Between home PC’s & Phones.
HAN (Home Area Network)
• Networking between Home PC’s & other devices. (Intelligent Homes)
Page 10 of 91
CCNA
(200 - 125)
Telecommunications methods
➢ Duplex / Full Duplex

▪ Communication in both directions simultaneously.
E.g. Telephone Calls
➢ Half Duplex
▪ Communication in both directions, but one direction at a time.
E.g. Walkie-Talkie
➢ Simplex
▪ Communication in one direction only.
E.g. a Radio Broadcast
Addressing method
➢ Unicast
▪ Communication between a sender and a receiver.
➢ Multicast
▪ Communication between a sender and selected group of receivers.
➢ Broadcast
▪ Communication between a sender and all receivers in a network.
Page 11 of 91
CCNA
(200 - 125)
Internet Protocol (IP) Addressing

Versions of IP address
I. IPv4
II. IPv6 (Brief CCNA)
IPv4
o An IP address (Internet Protocol) is a binary number that uniquely identifies computer and
other devices on a TCP/IP address can be private for use on a local area network (LAN)-
or public-for use on the internet or other wide area network (WAN).
o - IP addresses can be determined the statically-assigned to a computer by a system
administrator or dynamically assigned by DHCP (Dynamic Host Configuration Protocol).
o - Two IP addressing standards are in use today. The IPv4 standard is most familiar to
people and supported everywhere on the network, but the newer IPv6 standard is gradually
replacing it. IPv4 addresses consist of 4bytes (32bits), while IPv6 are 16bytes (128bits)
long.
Page 12 of 91
CCNA
(200 - 125)
IP Types
➢ Static IP
o Manually assign IP address in the TCP/IP Properties Page.

TCP: - Transmission Control Protocol
IP: - Internet Protocol
➢ Dynamic IP
o Automatically assign IP address by the DHCP server or Operating System.

o Will be automatically changed.
➢ APIPA
o Automatic Private IP Address.

o Which is given by the Operating System.
o Usually will be class B range.
o NID – 169.254 HID – 169.254.x.x
Example – 169.254.230.12
IP Ranges
➢ Public Range
o Used in the internet / WAN connections for registered networks.
o Have to buy from an ISP.
➢ Private Range
o Used in the intranet / LAN connections for unregistered networks.
o No need to buy from an ISP.
o Can be assign by the network admin or DHCP server.
Page 13 of 91
CCNA
(200 - 125)
IP Scopes
1.0.0.0 - 126.255.255.255
Class A 10.0.0.0 - 10.255.255.255
Loopback / Stack testing
127.0.0.0 -- 127.255.255.255
Class B 128.0.0.0 - 191.255.255.255
172.16.0.0 - 172.31.255.255
Class C 192.0.0.0 - 223.255.255.255
192.168.0.0 - 192.168.255.255
*Class D : Reserved for Multicast

224.0.0.0 to 239.255.255.255
*Class E : Reserved for Experimental purpose

240.0.0.0 to 255.255.255.255
MAC Address (Media Access Control)
o This is a hardware address which is burned-in to the Network Interface Card. This
address cannot be changed. (MAC is a Physical address)
o First 24bits called as OUI; Last 24bits called as NIC

o OUI – Organizationally Unique Identifier
o NIC – Network Interface Controller
o Size – 48bits.
o Format - Hexadecimal.
Page 14 of 91
CCNA
(200 - 125)
Subnetting
We use subnetting to reduce IP wastages. Subnetting is all about taking the default
mask of the IP and extending it. (Extending – Increasing the network bits and decreasing the host bits.)
Classes Assignable IP address

Class A 16, 777,214 (224 – 2)
Class B 65 ,534 (216 – 2)
Class C 254 (28 – 2)
On a WAN link,
192.168.1.0/24
192.168.1.1 192.168.1.2
*Wasted IP Address range: - 192.168.1.3 to 192.168.3.254
Converting decimal into binary
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1
192
168
1
1
Page 15 of 91
CCNA
(200 - 125)
Subnet Mask
Classful Classless
*Fixed Length Subnet Mask *Variable Length Subnet Mask
(FLSM) (VLSM)
*Class full *Classless
-Class A -Class A
Prefix /8
Subnet Mask 255.0.0.0 Prefix /9 to /15
-Class B -Class B
Prefix /16
-Class C -Class C
Prefix /24
Example Prefix
/3 /30
/5 /34
/11
/13
/15
/21
/25
/27
Page 16 of 91
CCNA
(200 - 125)
Variable length Subnet mask
• Network bits cannot be changed but host bit can be changed.
➢ Find subnet mask

o Add the network bits.
➢ Find network address
o All host bits are “0”
➢ Find first address
o All host bits are “0” except last one is “1”
➢ Find last address
o All host bits are “1” except last one is “0”
➢ Find broadcast address
o All host bits are “1”
➢ Number of Host
o 2h – 2 (“h” - Host Bits)
➢ Number of sub networks
o 2n (“n” - Network Bits)
*192.168.1.0 /24
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1
1 1 0 0 0 0 0 0 Subnet mask :
Network address :
Frist address :
Last address :
Broadcast address :
No .of Host bits :
No .of network bits :
Page 17 of 91
CCNA
(200 - 125)
Router Booting Process
Step 01 – The router performs a power-on-self-test (POST) to discover the hardware components and
verify that all components are working properly.
Step 02 – The router copies a bootstrap program from ROM into RAM and runs the bootstrap program.
Step 03 – The bootstrap program decides which IOS image to load into RAM loads that IOS. After
loading the IOS image, the bootstrap program hands over control of router hardware to newly loaded IOS.
Step 04 – After the bootstrap program loaded to IOS, Now IOS find the configuration file (Typically the
startup-config file in the NVRAM) and load it into RAM as the running-config.
Page 18 of 91
CCNA
(200 - 125)
Basic Command-line Interface
Basic modes
➢ User mode: hostname>
Hostname> enable
➢ Privilege mode: hostname#
Hostname# configure terminal
➢ Global configuration mode: hostname(config)#
Basic configuration
Hostname configuration
Hostname (config) #Hostname (any name)
Banner configuration
Hostname (config) #banner motd $ welcome $
Router Configuration
G.M # Interface GigEthernet 0/0
#IP address 192.168.1.1 255.255.255.0
#No shutdown
Switch configuration
G.M #Interface VLAN 1
#IP address 192.168.1.2 255.255.255.0
#No shutdown
Page 19 of 91
CCNA
(200 - 125)
Troubleshooting and Show commands

▪ Check the IOS version and the device information
Hostname #Show version
▪ Check the Flash memory

Hostname #Show flash
▪ Check the RAM (Example Output…)

Hostname #Show running-config
▪ Check the NVRAM (Example Output…)

Hostname #Show startup-config
▪ Check the Address Resolution Protocol (ARP) table

Hostname #Show IP ARP
Hostname #Show ARP
▪ Check the Media Access Control (MAC) table (Switch)

Hostname #Show mac address-table
Hostname #Show mac address-table
▪ Check the Routing table (Router)

Hostname #Show IP ARP
▪ Set the clock in Router
Router #Clock set 11:00:00 01 Jan 2018
Page 20 of 91
CCNA
(200 - 125)
Secure CISCO Router and Switch

▪ Configure a line console password
Router (config) #Line console 0
Router (config-line) #Password cisco
Router (config-line) #login
▪ Configuring enable password and enable secret

Enable Password: - Router (config) #Enable password cisco
Enable Secret: - Router (config) #Enable secret cisco123
▪ Configure a terminal connection to the router

Router (config) #Line vty 0 4
Router (config-line) #Password cisco
▪ Configure an auxiliary password

Router (config) #line aux 0
Router (config-line) #password cisco
Page 21 of 91
CCNA
(200 - 125)
Cisco Discovery Protocol (CDP)
The Cisco Discovery Protocol is a proprietary Data Link Layer and Network Layer protocol developed by
Cisco Systems. It is used to share information about other directly connected Cisco equipment, such as
the operating system version and IP address. CDP can also be used for On-Demand Routing, which is a
method of including routing information in CDP announcements so that dynamic routing protocols do not
need to be used in simple networks.
o Global CDP information: Sending CDP packets every 60 seconds
Sending a hold time value of 180 seconds
CISCO
CISCO CISCO
CDP show commands

Hostname #Show CDP
Hostname #Show CDP neighbors
Hostname #show CDP entry *
Hostname #show CDP neighbors detail
Enable and disable CDP

Hostname (config) #CDP run
Hostname (config) #No CDP run
CDP timers and version

Hostname (config) #CDP timer 50
Hostname (config) #CDP hold time 120
Hostname (config) #CDP advertise-v2
Page 22 of 91
CCNA
(200 - 125)
Link Layer Discovery protocol (LLDP) /IEEE 802.1AB
o An industry Standard protocol that allows network devices supporting Link layer
discovery protocol (that are layer 2 adjacent) to dynamically discover one or other.
CISCO
NON-CISCO NON-CISCO
Trivially File Transfer Protocol (TFTP)
The Trivially File Transfer Protocol (TFTP) is an internet software utility for transferring files that is the
simpler to use than the file Transfer protocol (FTP) but less capable.it is use where user authentication
and directory visibility are not required. TFTP uses the user datagram protocol (UDP) rather than the
transmission control protocol (TCP) TFTP is described formally in request for comment (RFC) 1350.
TFTP Command
▪ Save file from RAM to TFTP
Hostname #Copy running-config tftp:
▪ Save file from NVRAM to TFTP

Hostname #Copy startup-config tftp:
▪ Save file from FLASH to TFTP

Hostname #Copy flash: tftp:
▪ Upload file from TFTP to RAM

Hostname #Copy tftp: running-config
▪ Upload file from TFTP to NVRAM

Hostname #Copy tftp: startup-config
▪ Upload file from TFTP to FLASH

Hostname #Copy tftp: flash:
▪ Save file from RAM to NVRAM

Hostname #Copy running-config startup-config
Page 23 of 91
CCNA
(200 - 125)
Cabling
Transmission media
WIRED WIRELESS
*Coaxial
-Thin *Infrared
-Thick *Bluetooth
*Twisted Pair *Wi-Fi
-Shielded Twisted Pair
-Unshielded Twisted *Wi-Max
pair
*Fiber Optic
-Single mode Fiber
-Multi mode Fiber
Network Devices
MAC NON_MAC
*N I C *Hub
*Router *Bridge
*Network Printer *Switch
Page 24 of 91
CCNA
(200 - 125)
Network Technician Tool kits
➢ Crimping Tool
➢ Cable Tester
➢ Punch down tool
➢ RJ-45 Connectors
➢ UTP-cable
STRIGHT THROUGH CABLE CROSSOVER CABLE ROLLOVER CABLE
(mac to non-mac) (mac-mac/non-mac-non-mac) (console)
White orange - white orange White Orange - white Green White orange - Brown
Orange - Orange Orange - Green Orange - White brown
White green - White green White Green - White Orange White Green - Green
Blue - Blue Blue - Blue Blue - White Blue
White Blue - white Blue White Blue - White Blue White Blue - Blue
Green - Green Green - Orange Green - White green
White Brown - white brown White Brown - White Brown White Brown - Orange
Brown - Brown Brown – Brown Brown - White Orange
Page 25 of 91
CCNA
(200 - 125)
Network Reference model
*Open System Interconnection (OSI model)

-Theoretical model
-Has 7 Architectural layer
-Protocol independent standard
*Transmission Control Protocol / Internet Protocol (TCP / IP)
-Model around which internet is developed
-Has 4 Architectural layers
-Protocols depended standard
Application
Presentation Application
Session
Transport Transport
Network
Network
Data link
Physical Network interface
Page 26 of 91
CCNA
(200 - 125)
Open System Interconnecting

-Developed by the International Organization for Standardization and
introduced around 1980.
-It’s a layered architecture (consists of 7 layers) which defines and explains how the
communication happens in between 2 or more network devices within the organization or internet
each layer defines a set of functions in data communication.
Application
Presentation Software layer
Session
Transport
Network hardware layer
Data link
Physical
Protocol data unit (PDUs)

-The names given to data of different layer of the OSI model.
Transport - Segments
Network - Packets
Data link - Frames
Physical - Bits
Page 27 of 91
CCNA
(200 - 125)
APPLICATION LAYER (Layer 7)

-Providing an interface for the users to interact with application services or networking
services. (Ex. Web server)
-Identification of services is done using port numbers port is a logical communication
channel port number is a 16 bits identifier.
Total no port = 0 - 65,535
Reserved port =1 - 1023
Unreserved port= 1024 - 65,535
Services Port Number

HTTP 80
FTP 21
SMTP 25
TELNET 23
TFTP 69
PRESENTATION LAYER (Layer 6)

-Responsible for defining a standard format for the data.
-Encoding, Decoding
Ex. ACSII, EBCDIC (text)
JPG, GIF, TIFF (Graphic)
MIDI, WAV (voice)
MPEG, DAT, AVI (video)
-Encryption: Decryption
Ex. DES, 3-DES, AES
-Compression: Decompression
Ex. Predictor, stacker, MPPC
SESSION LAYER (layer 5)
-It’s responsible for establishing, maintaining and terminating the session.
-It deals with session or interconnecting between the applications session ID is used to
identify a session or interaction. (Ex. RPC, SQC, NFS)
APPLICATION LAYER
PROTOCOL inside TCP / IP
Application
Presentation Application
Session
Page 28 of 91
CCNA
(200 - 125)
▪ Application Layer
• Provides and Interface between software running on a computer and the network itself. Example
for this layer.
HTTP : Hypertext Transfer protocol
TELNET : Telecommunication Transfer Protocol
FTP : File Transfer Protocol
TFTP : Trivial file Transfer Protocol
SMTP : Simple Mail Transfer Protocol
SNMP : Simple Network Management protocol
DHCP : Dynamic Host Configuration Protocol
DNS : Domain Name System
❖ HTTP : Allows to access webpage

: http://www.google.com
❖ FTP : It allows you to transfer files from one machine to another.
: It also allows access to both directories and files.
: It uses TCP for data transfer and ends slow but reliable.
❖ TELNET : Telnet is use for terminal immolation. Its allows user sitting on a remote
machine
To access the resource of another machine.
❖ SMTP : Allows you to send and receive emails messages.
❖ TFTP : This is stripped down version of FTP.
: It has no directory browsing abilities.
: It can only send & receive.
: It uses UDP for data transfer & hence faster but not reliable.
❖ SNMP : enable a center management of network. Its works with TCP/IP.
: using SNMP an administrator can watch the entire network.
: It uses UDP for transportation of the data.
❖ DHCP : Dynamically assigns IP address to hosts.
: Also provide DNs and Gateway information if needed.
❖ DNS : DNS resolves FQDN with IP address.
: DNS allows you to use a domain name to specify & IP address.
: It maintains a database for IP address and hostnames.
Page 29 of 91
CCNA
(200 - 125)
TRANSPORT LAYER (Layer 4)

-Responsible for End-to-end transportation of data between the application.
-The major functions describe at the transport layer are……
01. Identifying Service
02. Multiplexing and De-multiplexing
03. Segmentation
04. Sequencing and Reassembling
05. Error connection
06. Flow control
(01) Identifying Service
o Services are identified at this layer with the help of port numbers.
o The major protocols which takes care of data transportation at transport layers are………
▪ TCP
▪ UDP
TCP UDP
* Transmission Control Protocol * User Datagram protocol
* Connection oriented * Connection less
* Reliable communication (with ACK’S) * Unreliable communication (no ACK’S)
* Slower data Transportation * Faster data transportation
* Protocol number is 6 * Protocol number is 17
Ex. HTTP, FTP, SMTP Ex. DNS, DHCP, TFTP
(02). Multiplexing and De-multiplexing
Page 30 of 91
CCNA
(200 - 125)
(03). Flow control
NETWORK LAYER (layer 3)

- Its responsible for end-to-end transportation of data across multiple networks.
- Logical addressing and path determination (routing) are described at this layer.
- The protocols work at network layers are…….
▪ Routed protocols and Routing Protocols.
Routed Protocols
- Routed protocols acts as data carries and defines logical addressing.
Ex. IP, IPX, APPLE Talk…etc.
Routing Protocols
-Routing protocols perform path determination (routing).
-Devices work at network layer are router, Multilayer switch.
Ex. RIP, EIGRP, OSPF, BGP...etc.
DATA LINK LAYER (layer 2)

-Its responsible for end-to-end delivery of data between the devices on a LAN network
segment.
-Data link layer comprises of two sub layers.
-It deals with hardware addresses (MAC address)
-It also provides ERROR DETECATION using CRC (Cycle Redundancy Check) and
FRAMING (Encapsulation).
-Derives works at data link layer are switches
Page 31 of 91
CCNA
(200 - 125)
PHYSICAL LAYER (layer 1)

-It deals with physical transmission of binary data on the given media. (Ex. copper, Fiber,
wireless)
-It also deals with electrical, mechanical and functional specification of the devices
media.
COPPER : Electrical signals of different voltages.
FIBER : Light pluses of different wave length.
WIRELESS : Radio frequency waves.
Application (Data) Application
Presentation (Data) Presentation
Session (Data) Session
Transport (Segment) Transport
Network (Packet) Network
Data Link (Frame) Data Link
Physical (Bits) Physical
L/ H Data S/H IP / H L/ H L/ H Data S/H IP / H L/ H
Page 32 of 91
CCNA
(200 - 125)
Switching
• Address Learning
• Forward and Filtering
• Loop Avoidance
Address Learning
-Layer 2 switches and bridges remember the source MAC address of each frame
received on an interface, and enter this information into a MAC-table called a
forward and filter table.
Forward and Filtering

-When a frame is received on an interface, the switches looks at the destination
MAC address and finds the exit interface in the MAC-table the frame is only
forwarded out this specified destination port.
SW1
Port MAC address
Fa 0/1 AAAA
Fa 0/2 BBBB
SW2 Fa 0/3 DDDD
EEEE
Fa 0/4 CCCC
Port MAC address
Fa 0/1 AAAA
BBBB
CCCC
Fa 0/2 DDDD
Fa 0/3 EEEE
Page 33 of 91
CCNA
(200 - 125)
Address Resolution Protocol (ARP)

-To communicate between 2 host, we need a MAC address if you wish to send
data through 10.1.1.3 the ARP will drop the MAC address of the devices which are connected
and it will have updated it to database from the destination MAC will be figure out the data will
be send.
Source IP Destination IP Source MAC Destination Data

MAC
10.1.1.1 10.1.1.3 AAAA (…………)
?
Loop Avoidance
-If multiple connection between switches are created for redundancy purposes, network loops can
occur, spanning-tree protocol (STP) is used to stop network loops while still permitting
redundancy.
Bridging Loops
*Redundant link between switches provide redundancy also possibility to
create loops when switches do broadcast
*Broadcast storm
*MAC table instability
*multiple frame transmission
*Bridging loops
Bridging loops solution?

SPANNING-TREE
PROTOCOL
Page 34 of 91
CCNA
(200 - 125)
Spanning-Tree Protocol (STP)

-STP stops the loop which occurs when you have multiple links
between switches.
-STP avoids broadcast storms, multiple frame copies for database and MAC-table
instability.
-STP is open standard protocol (IEEE 802.1D)
-STP is enable by default on all cisco switches.
How to STP works?

- Selecting the root bridge
* The bridge with the best bridge ID (lowest)
* Bridge ID= priority, MAC address of the switch.
* Out of all the switches in the network one is selected.
- As a root bridge that becomes the circle point in the network
- Every LAN will have only one root bridge for all remain switches will be considering as
non-root bridges.
Selecting the root port
- Shortest path to the root bridge
- Every non-root bridge looks the best way to go to root bridge
- Least cost (speed)
- The lowest forwarding switch ID (priority + MAC))
- Lowest forwarding physical port number.
- Every non-root bridge there is only one root port.
STP port cost

Link speed / Load Port cost
width
10 MBPS 100
100 MBPS 19
1 GBPS 4
10 GBPS 2
Selecting designated port

-Least cost
-Least local switch ID
-Lowest local physical port number
Page 35 of 91
CCNA
(200 - 125)
-One designated port is selected per segment
Page 36 of 91
CCNA
(200 - 125)
Selecting block port

-All non-root and non-designated port are block port.
Bridge Protocol Data Unit (BPDU)

- All switches exchange information through what is called as bridge protocol data unit
- Hello = BPDUs are sent every 2 seconds
- Max age (Dead) = 20 seconds
- Forward delay (listing +learning time= 15 second)
- A BPDUs contains information regarding ports switches port priority and address.
STP port stages

- Blocking 20 seconds / no limits
- Listening 15 se
- Learning 15 sec
- Forwarding no limits
- Disable no limits
Verifying spanning-tree
PM #Show spanning-tree
P.M #Show spanning-tree vlan (VLAN ID)
PM #Show spanning-tree root
Page 37 of 91
CCNA
(200 - 125)
Spanning-tree port fast

- Cisco – proprietary enhancement to spanning-tree
- Helps speed up network convergence on access ports
- Port causes port to enter the spanning tree forwarding state immediately, by passing (skipping)
the listening and learning states.
NOTE : Port fast should be used only when connecting a single end station to a switch port.
: If you enable port fast on a port connected to another networking devices, such as a switch, it
can create network loops.
PORT FAST CONGIGURATION

Port by port
GM #Interface range …….. ……….
#Spanning-tree port fast
Globally
GM #Spanning-tree port fast default
Uplink fast
- Uplink fast is for speeding convergence when a direct link failure on an uplink switch
face.
- When uplink fast is enable it is enable for the entire switch.
Listening : 15 sec
Learning : 15 sec
Forwarding : 20 sec
1 sec
GM #Spanning-tree uplink fast

*This command is not allowed on root bridge switch when uplink fast is configure the bridge
priority is changed to 49152. So that this switch will not root be selected as a root.
Page 38 of 91
CCNA
(200 - 125)
Backbone fast
-Backbone fast can reduce the maximum convergence delay only from 15 to 30
second.
GM #Spanning-tree backbone fast

PM #Show spanning-tree
BPDU GUARD
- BPDU guard prevents loops if another switch is attached to a port fast (access) port.
- When BPDU guard is enable on an interface it is put into an error disable state (basically
shutdown) if a BPDU received on that interface.
- It can be enable at ether config mode effects all (Port fast interface) or at interface mode.
- Port fast does not need to be enable for it to be configure at a specific interface.
GM #Spanning-tree portfast bpdu guard default
PM #Spanning-tree bpdu guard enable
BPDU filter
GM #Spanning-tree portfast bpdu filter default
- If a port fast interface received any BPDUs it is taken out of port fast status.
- The interface still sends some BPDU at the link up.
- If a BPDU is received the interface losses its port fast status
- BPDU filtering is disable
*IM #Spanning-tree bpdu filter enable
- The interface doesn’t send any BPDU + ignores the received one.
- The port is not shutdown this basically disable STP on the interface.
Page 39 of 91
CCNA
(200 - 125)
RSTP
* IEEE 802.1W is a standard way of speeding STP convergence.
* Inbuilt features of port fast, uplink fast, backbone fast path calculation remains same as STP.
RSTP port states
Comparison between 802.1D & 802.1W
STP port steps RSTP port steps
Disable Discarding
Blocking Discarding
Listing Discarding
Learning learning
Forwarding forwarding
Discarding : frames are dropped, no addresses are learned (link down/blocking/during sync)
Learning : frames are dropped, but addresses are learned
Forwarding : frame is forwarded.
RSTP port roles

1. Root port
- The best path to root (same as STP)
2. Designation port
- Same role as with STP
3. Alternate port
- A backup to the root path.
- Less desirable path to the root.
- Operates in discarding state
- Same as uplink fast (legacy).
4. Backup port
- A backup to the designated port
- The backup port applies only when a single switch has to links to the segment
(collision domain).
- To have two links to the same collision domain, the switch must be attached to
a hub.
- Multiple links attached to the network segment.
- Actives if primary designated frames.
5. disable port
- Not used in the spanning-tree.
6. Edge port
- Connected only to an end user.
- Equivalent to port fast in STP.
- Maintain edge status as long as no BPDU received (with BPDU filter).
Page 40 of 91
CCNA
(200 - 125)
BPDU different in STP

- In regular STP, BPDU are originated by the root and relayed by each switch.
- In RSTP, each switch originates BPDUs, Whether or not it receives a BPDU on its root port.
- Previously is done by Rapid previously on catalyst switches Hello =2 sec, dead = 6 sec.
RSTP configure
Point-to-Point
GM` #Spanning-0tree mode Rapid-PVST
VLAN
- Divides a single broadcast into multiple broadcast domain.
- A layer 2 security.
- VLAN 1 is the default.
- VLAN can be created from 2 – 1002.
- Can be configured on a manageable switch only.
Benefits for VLAN
- Limit the number of broadcast.
- Better performance.
- Security.
Page 41 of 91
CCNA
(200 - 125)
TYPES of VLANs
- Static VLAN.
- Dynamically VLAN.
Static VLAN
- Static VLANs are based on port number.
- Need to manually assign a port on a switch through a VLAN.
- One port can be a member of only one VLAN.
VLAN config
GM #vlan ………………………
#Name …………………….
Assign port to vlan
GM #Interface ….. ………….
#Switchport mode access
#Switchport access vlan ………..
GM #Interface range ……….. ……….
#Switchport access vlan ………….
Dynamic VLAN
- Dynamically VLANs are based on the MAC address of a pc.
- Switch automatically assign the port to a VLAN.
- Each port can be a member of multiple VLANs.
- For dynamic VLAN configuration, a software called VMPS. (VLAN member policy server) is
needed.
Page 42 of 91
CCNA
(200 - 125)
TRUNKING
- A single VLAN can span over multiple switches.
Types of links / ports
▪ Access link
- Connecting to end devices.
- Port of one VLAN.
▪ Trunk links
- Does not belong to any VLAN.
- Carries multiple VLAN traffic.
- Link between 2 switches.
Frame Tagging
- In order to make sure that same VLAN users on different switches communicate with each other
there is a method of tagging happens on trunk links.
- Tag is added before a frame is send and removed once it is received on trunk link.
- Frame tagging happens only on the trunk links.
Trunking protocols
I S L (Inter Switch Link) IEEE 802.1Q

- It’s a cisco proprietary. - Open standard.
- It adds 30 bytes of tag. - Only 4-byte tag will be added to original frame.
- Maximum 1000 VLANs. - Maximum 4096 VLANs.
Trunk configuration
*Switch 2950 & below (option 1) *Switch 3550-above (option 2)
G.M #Interface Fastethernet 0/0 G.M #Interface fastethernet 0/0
#switchport mode trunk #Switchport trunk encapsulation dot1q
#Switchport mode trunk
VLAN = Broadcast Domain = Subnet
Page 43 of 91
CCNA
(200 - 125)
INTER-VLAN Routing
- Packets in one VLAN cannot across another VLAN.
- To transfer packets between vlan you must use layer 3 devices.
- Router must have a physical or logical connection to each VLAN so that it can forward packets
Between them.
- Inter-VLAN routing can be performed by on external router that connects to each of the VLANs
on switch.
Inter-vlan methods
- Ligancy method (spate physical gateway on a router).
- Router on a stick.
- Using multilayer switch (layer 3).
Inter-VLAN routing using a router (router on a stick)
Router configuration
G.M #Interface fastethernet 0/0
#No shutdown
#Encapsulation dot1q (vlan ID)
#IP address 192.168.1.1 255.255.255.0
Page 44 of 91
CCNA
(200 - 125)
Inter VLAN Routing with MLS (Multilayer- switch)
G.M #IP routing
Extended vlan
- Cisco refers to be vlan between 1025 – 4096 on extended range vlan.
- Cisco catalyst switches support extended range VLANs under the following, VTP cannot be
used for vlan management (VTP must be configured in transparent mode or it will be off)
Voice vlan
-a vlan that be configured on a cisco catalyst switch for the purpose of carrying voice packets to
End from IP phones.
#Switchport voice vlan (vlan ID)
Default vlan configuration
- The voice vlan feature is disabled by default.
- You should configure voice vlan on switch access port.
- The voice vlan should be present and be active on the switch for the IP phone to connect the
communication on the voice vlan.
-The port fast feature is automatically enabled when voice vlan is configured.
- Use PM #Show vlan command to see whether the vlan is present.
Page 45 of 91
CCNA
(200 - 125)
Native vlan
- If a packet is received on a dot1q link that doesn’t have vlan tag it is assured
that it belongs to native vlan.
- Default NATIVE vlan s is VLANs.

#Switchport mode trunk
#Switchport trunk native vlan (vlan ID)
Native vlan best properties

- Best practice to configure the native vlan ID to vlan 666 to 999 and to ensure that this vlan is
not used anywhere in the network.
- No ports should be assigned to the native vlan.
- And attack a who attacks to use the vlan. Hopping attack will end up in a dead vlan that has no
cost to leverage.
VTP (Virtual Trunking Protocol)

- VTP is a cisco propriety protocol used to share configure with multiple switches to maintain
consistency to out that network.
- VTP manage the addition, dedication and remaining of vlans across the network from a center
point of control.
- Information will be pass only if switches connected with fastethernet or higher ports.
- Also, must be trunk link.
- Switches should be configured with same domain.
Page 46 of 91
CCNA
(200 - 125)
VTP Trunking protocol

▪ VTP requirement to transfer data
- Same VTP domain
- Trunk links
- Password
VTP mode Description
1. SERVER * Can be used to create, modify and delete vlans
file.
* Updates its vlan data base based on received
advertisement.
* Forward received VTP massage.
* Can originate advertisement
2. CLIENT
* Can’t be used to create modify and delete vlans
file.
* Updates its vlan data base based on received
advertisement.
* Can originate VTP advertisement
3. TRANSPERENT * Can be used to create modify and delete vlans

file.
* Doesn’t updates its vlan data base based on
received advertisement.
* Doesn’t originate VTP advertisement
Configuration revision number

-VTP advertise via VTP including a version after switches vlan database, which gets increment
by one for any changes mode to the vlan database.
VTP configuration
GM #vtp mode (server/transparent/client)
GM #vtp domain ccna
GM #vtp password CISCO123
GM #vtp version 2
Show commands
PM #Show vtp status
PM #Show vtp password
Page 47 of 91
CCNA
(200 - 125)
Ether channel
- Used to aggregate bandwidth between multiple L2 & L3 interfaces.
- Ether channel increases bandwidth for provides redundancy by aggregating individual links
between switches.
- Ether channel load balance traffic over all the links in the bundling.
- Up to 8 links can be used to combine into one logical link.
- Ether chancel can be configured as layer 2 or layer 3.
- Port channel is the logical instance of the physical interfaces.
Ether channel mode
- Ether channel can be dynamically configured between switches using two protocols.
*PAgP (port aggregation protocol) – cisco propriety
*LACP (link aggregation control protocol) –open standard
Guidelines for Ether channel configuration
- Interfaces in the channel do not have to be physically next to each other or on the same module.
- All ports must be on same speed for duplex.
- All port in the bundle should be enabled.
- None of the bundle ports can be a spam port.
- Assign an IP address to the logical port channel interface not the physical ones. (if using a
layer3 ether channel).
- Put all bundle ports in the same vlan or make them all trunks.
- If they are trunks they must all carry he same vlans and use the same Trunking mode.
- The configuration you apply to the port channel interface a effects the entire Ether channel.
-the configuration you apply to a physical interface effects only that interface.
PAgP port Negotiation
PAgP ON AUTO DESIRABLE
ON √ × ×
AUTO × × √
DESIRABLE × √ √
LACP port Negotiation

LACP ON PASSIVE ACTIVE
ON √ × ×
PASSIVE × × √
Page 48 of 91
CCNA
(200 - 125)
ACTIVE × √ √
Ether channel configuration
Fa 0/11 Fa 0/11
Fa 0/12 Fa 0/12
GM #Interface range fastethernet 0/11-12

#Channel-group (group-no) mode (on/auto/desirable/passive/active)
Verification
PM #Show etherchannel
PORT SECURITY
- It means blocking unknown person login to the switch by default the MAC address will be
dynamically appear on your database which can stop by on your port-security.
- There 3 violations are,
1. Shutdown : It put the port into error –disable state.
2. Restrict : Ignores all the traffic interface and count the violation.
3. Protect : Ignores all the traffic interface and doesn’t count the violation.
Port-security configuration Switch MAC-address use sticky

GM #Interface fastethernet 0/0
#Switchport port-security
#Switchport port-security maximum (number)
#Switchport port-security mac-address _ _ _ _ _ _ _ _ _ _
#Switchport port-security violation (restrict/protect/shutdown)
P.M #Show port-security
Page 49 of 91
CCNA
(200 - 125)
Page 50 of 91
CCNA
(200 - 125)
Routing
-Forwarding of packets from one network to another network.
Routing
IGP EGP
Static default dynamically

-MANNUAL -R I P
-NET.ADMIN -IGRP
-MOST SECURE -OSPF
-DELAY to CONFIG -IS – IS
-RISKY -EIGRP
IGP : Interior Gateway Protocol

EGP : Exterior Gateway Protocol
BGP : Border Gateway Protocol
RIP : Routing Information Protocol
IGRP : Interior Gateway Routing Protocol
OSPF : Open shortest path First
IS-IS : Intermediate system Intermediate system
EIGRP : Enhanced Interior Gateway Routing Protocol
Dynamic
Classful Classless
-R I P -R I P V2
-I G R P -EIGRP
-IS – IS
-OSPF
Page 51 of 91
CCNA
(200 - 125)
Interior Gateway Protocol (IGB)
- It’s used to exchange routing information with routers in the same autonomous system.
Exterior Gateway Protocol (EGP)
- Its used to communicate between different autonomous systems.
Administrative distance
Router Source Administrative Distance

Directly connected 0
Static 1
EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
External EIGRP 170
Internal BGP 200
Unknown 25
Page 52 of 91
CCNA
(200 - 125)
Static route
Advantages are
▪ IP configure by administrative.
▪ It is secured and fast.
▪ No band with usage.
▪ No much CPU process.
Disadvantages are
▪ Administrative has to understand the whole network before implementing.
▪ If one route is down in a network.
▪ If can’t be implemented to a usage network.
▪ The administrative has to reconfigure all the router in the network.
GM #Interface serial 0/0/0

#IP address 10.1.1.1 255.255.255.0
#Clock rate 64000 (only DCE port)
#Bandwidth 64
#No shutdown
GM #IP default-gateway (router-IP)
Static Configuration
GM #IP route (designated network) (subnet mask) (next hop IP)

PM #Show controller serial 0/0/0
Page 53 of 91
CCNA
(200 - 125)
Default route
➢ A default routing protocol its configure for unknown
destination
GM #IP route (destination network) (subnet mask) (next hop IP)
Dynamic routing protocol
▪ Advantages of dynamic over static.

▪ Works with advertisement of directly connected network.
▪ No need to know the destination.
▪ Update the tropology changes dynamically.
▪ Administrative work is reduced.
▪ Used for large organization.
▪ Neighbor router exchange routing information and build the routing table automatically.
Distance vector Link state vector Hybrid vector

 Works with Bellman  Works with Dijkstra’s  Works with Dual
ford's algorithm. algorithm. algorithm.
 Periodic update.  Link state update and  Incremented
 Full routing tables are incremented update. update.
exchange.  Missing router are  Missing router are
 Full class routing exchange. exchange.
protocol.  Class less routing  Class less routing
 Update are through protocol. protocol.
broadcast.  Updates are through multi  Updates are
 Less overhead. caste. through multi
 Easy to configure.  More overhead. caste.
 Difficult to configure.  Less overhead.
 Easy to configure.
Page 54 of 91
CCNA
(200 - 125)
RIP (Routing Information Protocol)
RIP V1 RIP V2
 Open standard.  Open standard.
 Class full routing protocol.  Class less routing protocol.
 Updates are broadcast via  Uses multi caste address of 224.0.0.9
255.255.255.255  Metric hop count.
 Metric hop count.  Maximum hop count 15.
 Maximum hop count 15.
Advantages of RIP
▪ Used for small organization.
▪ Exchange interior routing table for every 30 seconds.
▪ No authentication.
▪ Supports authentication.
Disadvantages of RIP
▪ Bandwidth utilization is very high has broadcast for every 30 seconds.
▪ Works only on hop count not considering bandwidth.
▪ Not scalable on hop count is only 15.
▪ Slow convergence.
GM #Router rip
#Network _ _ _ _ _ _ _ _
#Version 2
Page 55 of 91
CCNA
(200 - 125)
Page 56 of 91
CCNA
(200 - 125)
EIGRP (Enhanced Interior Gateway Routing Protocol)

➢ Advance distance vector. (Hybrid Protocol)
➢ Standard protocol.
➢ Class less routing protocol.
➢ Include all features of IGRP.
➢ Maximum hop count is 255. (Default by 100)
➢ Administrative distance is 90.
➢ Flexible network design.
➢ Multi caste and unique caste instant of broadcast address.
➢ 100% Loop free class less routing.
➢ Easy configuration for the LANs and WANs.
A B
224.0.0.10 (hello)
ACK 224.0.0.10 (Hello)
Updates
Updates
Best port
Best port
EIGRP table
1. Neighbor table
▪ Contains distance directly connected neighbors.
2. Topology table
▪ List of all the best routs learn from each neighbor.
3. Routing table
▪ The best route for destination.
➢ Update are through multicast 224.0.0.10
➢ Hello packets are send every 5 seconds.
➢ Convergence rate is fast.
➢ Supports IP, IPX and apple talk protocol.
➢ Supports equal cost and un equal cost load balancing.
➢ It was dual (Diffusing update algorithm).
Page 57 of 91
CCNA
(200 - 125)
EIGRB metric EIGRB packets

1. Bandwidth - Allows (every 5 seconds, Dead in 15
seconds)
2. Delay - Updates quarries replay acknowledgement.
3. Load
4. Maximum transmission units
5. Reliability
K values
K1 :1
K2 :0
K3 :1
K4 :0
K5 :0
Dual (diffusing update algorithm)

Total cost from local router to destination
Cost from local router to AD of net hop router plus cost between the local router and the
next hop router
Flexible distance
A calculation made by EIGRB to determine the best loop minimize free port to network
Advertise distance
Cost from the next hop router to the destination
EIGRB also free calculate the second-best route is stratified the flexibility
Neighbor AD FD
R2 100 1100
R3 100 600
Successor a route : The primary route to a network based on the having the lowest flexible distance
of all route in the EIGRP topology table.
Feasible successor a route : A backup a route to a network based on the route having the second
lowest feasible distance in the EIGRP topology table
*the feasible condition must be met.
Page 58 of 91
CCNA
(200 - 125)
Feasible condition : Before a route can become a feasible successor a route its
advertised distance has to be lower than the disable distance of the
successor route.
GM #Router eigrp (autonomous no)

#Network _ _ _ _ _ _ _
#No auto-summary
OSPF (Open Shortest Path First)

➢ Its open standard protocol.
➢ It’s a link state protocol.
➢ It was Dijkstra’s algorithm.
➢ It has hop count unlimited
➢ Metric calculation cost.
➢ Administrative distance is 110.
➢ It’s a classless routing protocol.
➢ Its supports VLANs and CIDR.
➢ Its support only equal cost load balancing.
➢ Introducing concept area to fast management and the control traffic.
➢ Updates are sends true multicast address.
➢ Fast convergence.
➢ Send “hello” packets every 10 sec.
➢ Dead time equals “hello” into 4.
➢ Incremental updates.
Neighbors process adjacency
- Neighbors are routers that, address on the same network links exchange hello massages.
Hello
224.0.0.5
Hello
224.0.0.5
- Adjacency are routers that, are neighbors have exchange link state update(LSUs) and data description (DD)
DD
DD
Page 59 of 91
LSUs
LSUs
CCNA
(200 - 125)
Hello I'm 30.0.0.1 and I see no one 2 way

state
I'm 30.0.0.2 and I see 10.0.0.1 Hell
o
DD I'll start exchange became I have router ID 1.1.1.1
Exterad state
I'll start exchange became I have highest router ID 2.2.2.2
Summary D B D Exchange
Summary D B D state
DD
Thanks for Information LS
LS
Ack Ack
I need the complete entry for 40.0.0.0, 50.0.0.0
LS
Request Here is entry for 40.0.0.0, 50.0.0.0 loading
LS
Request state
I need the complete entry for 10.0.0.0, 20.0.0.0 LS
Request
Here is entry for 10.0.0.0, 20.0.0.0
LS
Update Thanks for Information
LS state
Ack
Router ID.
- It’s the name of the router can configure manually using router ID command.
- The highest IP address of the active physical interface of the routers router ID.
- If logical interface configures the highest ip address of the logical interface is router ID
OSPF process.
- To become a neighbor hello, are, subnet mask and authentication should be match.
OSPF table
1. Neighbor table
- It also known as adjacency table.
- Conations list of directly connected router (neighbors).
Page 60 of 91
CCNA
(200 - 125)
2. Database table
- Typically refer to as LSDB (link state database).
- Contains information about all the possible router to the networks with the area.
3. Routing table
- Contain list of best ports of each destination.
Page 61 of 91
CCNA
(200 - 125)
OSPF AREA
- All the routers maintain same database
- Any changes import all the routers
- Area is logical grouping of router
- Minimize the size of database
- Restrict any changes within that areas (not flood outside areas)
- Routers within the same area participation in algorithms.
- OSPF avoids Hierarchical networks deigns with multiple different areas.
RULES
- Must have one area called as area “zero-0” (its backbone area)
- All the area must connect to area zer0
- At least one area border router should be there.
- Interface of the both routers facing must be in the same area.
Advantage of OSPF
- Open standard
- No hop count limitation
- Loop free
- Fast convergence
Disadvantages of OSPF
- Complex designs
- Consumes more CPU discovers
- Supports only equal cost balancing
- Support only IP protocol does not work on IPvX and Appletalk.
Single Area OSPF
Page 62 of 91
CCNA
(200 - 125)
Multi Area OSPF

OSPF in Broadcast system
Backup
update
10.0.0.0 update
Designation router and backup router designation election (DR-BDR)

- Highest router ID
- Highest router priority (default 1)
OSPF packets types
- Hello
- Database description =DD
- Link state request =LSR
- Link state updates =LSU
- Link state acknowledgement=LS Ack
LSA Packets types
1. LSA type one : Router LSA (directly connected router)
2. LSA type two : Network LSA (DE & BDR process)
3. LSA type three : Summary LSA (ABR summary router)
4. LSA type four : Summary ASBR LSA
5. LSA type five : Autonomous System External LSA
6. LSA type six : Multicast OSPF LSA (not support & not used)
7. LSA type seven : Not saw stubby area LSA
8. LAS type eight : External Attribute LSA for BGP
Page 63 of 91
CCNA
(200 - 125)
GM #Router ospf (autonomous no)

#Network (network address) (wildcard mask) area (area no)
How to get wildcard mask?

255.255.255.255
255.255.255.0
0. 0. 0. 255
ACCESS CONTROL LIST

- ACL is a set of rules which will allowed or deny is specific traffic moving through the router.
- It is layer 3 security which control the flow of the traffic from one router to another
- It’s also called as packet filtering firewall.
Types of ACL
Number Named
Standard Extended Standard Extended

STANDARD ACL EXTENDARD ACL
*The access-list number range is 1-99 * The access-list number range is 100-199
*Can block a network, host and subnet *Can allowed or deny a network, host and services
*All services are block *Selected services can be block implemented
*Implemented close to the destination closes to the source
*Filtering is done based on only sources IP *Filtering is done based on source IP, destination
addresses IP, and protocol and port number.
Page 64 of 91
CCNA
(200 - 125)
ACL RULES
- Works in sequential order.
- All deny statement should be given first.
- There should be at least on permit statement.
- Can have one access list per interface per direction.
- To access list per interface one in “inbound” direction and one in “outbound” direction.
- Any time a new earlier added to the access list. If will be replace of the bottom of the list (using
a text editor for access list is highly suggested)
- You can’t remove one line from on access list
NAT & PAT

NAT (Network Address Translation)
- NAT is the method of translation of private IP address into public IP address.
- In order to communicate with interface, we must have registered public IP address.
Address translation was originality develop to solve to problems
*To handle a shortage of IPv4 address
*High network address in secure
Private IP range
Class A : 10.0.0.0 – 10.255.255.255
Class B : 172.16.0.0 – 172.31.255.255
Class C : 192.168.0.0 – 192.168.255.255
Types of NAT
* Static NAT
* Dynamic NAT
* PAT – NAT
Page 65 of 91
CCNA
(200 - 125)
Static NAT
- One to one mapping done manually.
- For every private IP needs on register IP address.
Static (ISP) GM #IP route (public network) (subnet mask) (next hop IP)
Default (R1) GM #IP route (any network) (any subnet) (next hop IP)
G.M #IP nat inside source static (private range) (public range)
R1 configuration
#IP nat inside
#IP nat outside
Page 66 of 91
CCNA
(200 - 125)
PAT (Port address Translation)
GM #Access-list (ACL no) permit (network address) (wildcard mask)

GM #IP nat pool (name) (start IP) (end IP) netmask (subnet mask)
GM #IP nat source list (ACL no) pool (pool name) overload
R1 configuration
#IP nat inside
#IP nat outside
Page 67 of 91
CCNA
(200 - 125)
IPV6
* Layer address space.

* No more need for NAT.
* Aggregation based address hierarchy.
* No more broadcast.
* Stateless auto configuration.
* Build in support for mobile IP & IPsec security.
* Rich translation.
* Easy IP address remembering.
* Capability to have multiple address per interface.
Shorting IPV6 address
Page 68 of 91
CCNA
(200 - 125)
Types of IPV6 address

1. Unicast
2. Multicast
3. Any cast
UNICAST
Global unicast
Global unicast by IANA
- Like public IP (routable)
- Starts with 2000: :/3
- The first bit 001 assign by IPNA
Local unicast
- Like private IP (routable)
- Starts with FC 00: :/7
- There not routable in the IPv6 internet
- Start with ip the FC 00 in the first two number.
Link local
- Default IPV6 address on every IPV6 enable interface (non-routable)
- Routers do not forward packets with link local address
MULTICAST
- In IPV6 multicast address will be starting with FF00:: /18
ANYCAST
- An anycast address is an address that is assign to a set of interfaces that typically belong to
different nodes.
- Similar to multicast, identify multiple interfaces but sends to only one which ever it finds first.
- Unique local & global unicast address can be used as any cast
#IPv6 address (ipv6 – prefix/ prefix length any cast)
Page 69 of 91
CCNA
(200 - 125)
Assign IPv6
*static configures (manual)
#IPv6 address FC00:11:11:11::1 /64
*auto configure
- State full (via DHCP)
- Stateless (devices get IPv6 address by including the MAC address)
IPV6 Routing
- IPv6 user the same type of routing protocols as IPV4
- With some slight modification to account for specific requirement of IPv6
IPV6 routing types

- Static :
- RIPng :
- IS-IS :
- OSPF v3 :
- MP-BGP :
- EIGRP :
CISCO IOS support all of this
- IPv6 routing has to be enable before using any routing process as by default IPV6 routing is
disable for IPv6.
-to enable IPv6 routing
GM #IPv6 unicast-routing
Static & default routing

-Syntax for routing static & default routing is similar in IPv6 when compared with IPV4
- Static route configuration
GM# IPv6 route (destination network) (next hop IP address/exiting interface serial)
- Default route configuration
GM #IPv6 route (destination network) (next hop IP address/exiting interface serial)
Page 70 of 91
CCNA
(200 - 125)
RIPng
- Same as IPv4
- Distance vector is hop radiator
- Updated features of IPv6
*users ipv6 for transport
*ipv6 prefix, next hop ipv6 address
*user the multicast group FF 02: 9 for RIP updates
*updates are sent on UDP port 521
RIPng configuration
GM #IPv6 router rip (process ID)
GM #Interface (interface type) (no)
#IPv6 rip (process ID) enable
PM #Show ipv6 protocols
Page 71 of 91
CCNA
(200 - 125)
OSPF V3
OSPF V3 configuration
GM #IPv6 router ospf (process ID)
#Router-id (router ID)
GM #Interface (types) (ID)
#IPv6 ospf (process ID) area (area no)
PM #Show ipv6 ospf neighbor
EIGRP V3
GM #Interface loopback (no)
#IP address (IP) (mask)
GM #IPv6 router eigrp (autonomous system)
#No shutdown
#eigrp router-id (ID) - default take optional
GM #Interface (types) (no)
#IPv6 (protocol) (autonomous system)
PM #Show ipv6 eigrp neighbor
PM #Show ipv6 route
Page 72 of 91
CCNA
(200 - 125)
FHRP
*our first hop router was suddenly down FHRP helps to connect a router to
redundancy and get back easier.
HSRP : Hot Standby Router protocol
VRRP : Virtual Router Redundancy Protocol
GLBP : gateway load Balancing protocol
Protocol Features HSRP VRRP GLBP

1. Scope Cisco propriety IEEE standard Cisco propriety
2. Load balancing No No Yes
3. Multicast ADDRESS V1-224.0.0.2

V2-224.0.0.102 V2-224.0.0.18 V2-224.0.0.102
4. Transport port no UDP 1985 UDP 112 UDP 3222
5. Group
Mac address 0000.0C07.ACxx 0000.5E00.01xx 0007.B4xx.xxxx
6. IPv6 support Yes No Yes
7. Election Active router Master Router Active Virtual

(highest priority by default (highest priority by default 100 (gateway by default 100 highest
100 highest IP address) highest IP address) priority highest IP address)
HELLO 3sec Advertisement 1sec HELLO 3sec

8. Timers
HOLD 10sec Master down time HOLD 10sec
9. Preempt
By default, preempt it By default, preempt is on By default, preempt it
disable if active router in VRRP if active router disable if active router is
is down & up again is down & up again it will down & up again
preempted should be automatically become a preempted should be
configured to become master router. configured to become an
an active router again active router again
One active router One active router Up to 1-24 virtual router

10. Router role One stand by router One or more backup router (GLBP group)
One or more listen router One active virtual gateway
(AVG)
Up to 4 active virtual forwarder
(AVF)
Page 73 of 91
CCNA
(200 - 125)
HSRP configuration
GM #Interface (type) (no)

#Stand-by (group no) Ip (IP address)
#Stand-by (group no) permit
#Stand-by (group no) priority ( )
DHCP (Dynamic Host Configuration Protocol)

- Allows a server to dynamically distribute IP addresses and configuration information to clients.
1. IP address
2. Subnet mask
3. Default gateway
4. DNS server
Advantages are,
* Centrality network clients
* Easy a IP address management
* Reduced network administrative
* Large network support.
Definition DHCP : Perfect method of letting IPv6 address to host on large network reduced the
work or network support staff and virtually eliminates entry errors.
Page 74 of 91
CCNA
(200 - 125)
DHCP process
DHCP discover (IP address Request)
client DHCP Offer (IP address offer)
DHCP Request (Ip address selection) DHCP server
DHCP Ack (IP address acknowledgement)
DHCP configuration
R1 configuration
GM #Interface fast Ethernet 0/0
#IP address (IP address) (subnet mask)
#No shutdown
GM #IP dhcp pool (name)
#Network (network address) (subnet)
#Default-router (IP address)
#dns-server (IP address)
#dns-server (IP address)
GM #IP dhcp excluded-address (IP address)
#IP dhcp excluded-address (IP address)
#IP dhcp excluded-address (IP address)
R2 configuration
#IP address dhcp
#No shutdown
PM #Show IP interface brief
SPAN (Switchport Analyzer)

- CISCO catalyst switches support a method of directly all traffic from a source port or source
VLAN to a single port.
Page 75 of 91
CCNA
(200 - 125)
Quality of services (QOS)

- QOS means converged network quality issues.
Converged traffic characters
* Consistent small packet voice flow completes with busty data flow
* Critical traffic must be prioritized
* Voice and video are time sensitive
* Brief out areas are not accepted
QOS tool
➢ Lack of bandwidth
* Maximum available bandwidth equals the bandwidth of the slowest lack.
* Multiple flow is complete for the same bandwidth resulting in much less bandwidth being
available to one single application.
* A lack in bandwidth can have performance impact on network applications.
➢ Packet loss
* Tail drops occur when the output quarry is full
* Tail drops are common and happen when a link is cogeneses
Eg:
Telephone call
-“I cannot understand you your voice is breaking down”
Tele conference
-“the picture is very jerky voice is not synchronize”
Publishing company
-“the file is corrupt”
➢ Delay
 Processing delay
-The limits its takes for a router to take the packets from and input interface,
examination and put it into the output quarry of the output interface.
 Queuing delay
-The time a packet resides in the output queue of a router.
 Serialization delay
-The time it takes to place bits on the wire.
 Propagation delay
-The time it takes for the packet to cross the link from one end to the other.
➢ Jitter
* Packets from the source will reach the destination with different delays
* Jitter is generally cost by congregation in the IP network
* The congregation can occur either at the router interfaces or in a provider or carry a network. If
the circuit as not been provision correctly.
Page 76 of 91
CCNA
(200 - 125)
QOS mechanism
* Clarification : Supported by a class oriented QOS mechanism.
* Marking : Used to packets based on clarification
* Conjunction management : Used to priorities the permission of the packets with a queuing
mechanism on each interface.
* Conjunction avoidance : Used to drop packets easily to avoid conjunction later in the
network
* Policing : Used to enforce a rate limit by dropping or marking down
packets.
* Shaping : Used to enforce a rate limit by delaying packets using buffers.
Page 77 of 91
CCNA
(200 - 125)
WAN
WAN Connection Types

1. Leased line
2. Circuit switched
3. Packet switched
Page 78 of 91
CCNA
(200 - 125)
Leased line
• Permanent connection for the destination.
• Used for short or long distance.
• Bandwidth is fixed.
• Available 24/7
• Uses analog circuit.
• Always same port is used for destination.
• Chargers are fixed whether used or not.
Packet switched
• Uses existing service provider to provide connectivity.
• Cost effective solution for leased line.
Leased line VS Frame relay
• Number of interfaces
• Cost
• Ease of management
Virtual circuit
▪ Connections in Frame Relay are provided by Virtual Circuit.
▪ Multiple logical connections on same physical connection.
DLCI (Data Link Connection Identifier)
▪ Identifier virtual circuit.
▪ Range (16-1007) given by service provider.
▪ Local DLCI maps with remote IP access.
▪ Manual or Automatic mapping.
LMI (Local Management Interface)
▪ Keep alive message used between router and frame relay switch for checking the connectivity.
LMI Types
▪ Cisco (default)
▪ ANSI
▪ Q933.A
Frame Relay Network Types
• Point to Point
• Point to Multipoint
SLA (Service Level Agreement)
▪ An agreement between a service provider and their customers describe in the level of service the
provider guaranties for a specific connection.
CIR (Committed Information Rate)
▪ A bandwidth amounts a service provider guaranties to be available on a certain percentage of the
time on a customer virtual circuit.
Page 79 of 91
CCNA
(200 - 125)
Frame Relay Point to Point Configuration
GM #Interface serial (serial no)
#No shutdown
#IP address (IP address) (subnet)
#Encapsulation frame-relay
FRS configuration
GM #Frame-relay switching
#Interface serial (serial no)
#No shutdown
#Frame-relay interface-type (DCE)
#Frame-relay (DLCI no0 (interface type)
Frame Relay Topologies
Page 80 of 91
CCNA
(200 - 125)
Point to Multipoint Configuration
GM #Interface serial (serial no)
#No shutdown
#IP address (IP) (Subnet)
FRS configuration
Modern WAN Connection

• MPLS (Multiprotocol Label Switching)
• Metro Ethernet
• Virtual Private Network (VPN)
• DSL
• Cable
• VSAT
Page 81 of 91
CCNA
(200 - 125)
Metro Ethernet Client

• Initially ethernet was only restrict to LAN.
• Used fiber standard support for a long distance.
• Over count both speed and distance.
• Service provider standard use in ethernet in WAN.
-Support high speed up to 100Mbps or Gbps. (Frame Relay up to 44Mbps)

-Customer end users ethernet interfaces (Increase of service)
Device use are Metro Ethernet Switches ‘
▪ ME 3400
▪ ME 3800 x
▪ ME 4900
Virtual Private Network (VPN)

▪ Provide connection between two or more private networks across a public network such as the
internet.
▪ A VPN connection access the internet is similar to a wide area network (WAN) between in the
sites
▪ Need to have registered public IP to identify VPN connection over internet.
▪ Cost effective.
VPN Types
Side to Side VPN
• Allow a company to connect its remote sites to the co-operate backbone securely internet.
Remote Access VPN
• Allow remote users like telecommunicates to securely access to cooperate network where ever
and whenever they need to
Security on VPN
• VPN users IPsec to provide secure communication over internet.
IPsec is an industry wide standard suite of protocol and algorithm.
Allow for secure data transmission over an IP based network.
Page 82 of 91
CCNA
(200 - 125)
Data Confidentiality
o Ensure no one see the information (uses strong encryption algorithm)
Data Integrity
o Ensure that the data has not been altered during transmission (uses hashing algorithms)
Data Origin Authentication

o Authenticate in source in the IP set packet send.
VSAT (Very Small Aperture Terminal)

• All the private WAN services discussed so far in this chapter happen to use some kind of cabling.
• The location that needs a WAN connection are in place where known service provider offering a
WAN connection.
• Island where the population is too small to justifies expensive under water cabling or maybe the
terrain does not allow for cables to be run.
How VSAT work

• The VSAT dish sight outside pointed at a specific satellite and its cable to a special router
interface with the router inside the building.
• VSAT is flexible and rapidly deployable satellite communication platform which can be install
almost everywhere to deliver data, voice, video and internet access.
• It only needs to have a clear line of sight to the satellite.
Option to Connect an Internet

• Dial – up
• DSL
• Cable
Dial – Up Internet Access

• Allows one service at a time (Voice / Internet)
• Offers low speed internet access (Maximum 56Kbps)
• Unstable dial-up connection
DSL (Digital Subscriber Line)

• Traditional telephone companies to deliver high speed data and sometimes video over twisted
pair copper telephone wires.
• 20 times this speed of dial-up connection.
• DSL uses your existing phone wiring it doesn't tie up our phone line.
• DSL access multiplexer it separate voice and data traffic.
Page 83 of 91
CCNA
(200 - 125)
Cable
Internet connection using cable
• Uses the existing Cable T.V. (CATV) to send data
• Back end connectivity is build based on fiber or coaxial cable.
• Uses cable modem
• Supports high speed and longer distance compared to DSL.
VPN over Internet

GRE (Generic Routing Encapsulation)
• Allows to have virtual point to point tunnel.
• It’s used when packets need to be send from one network to another over the internet or in secure
network.
• Tunneling protocol develop by Cisco.
• Support encapsulation of a wide variety of network layer protocol inside point to point link
(Multicast & IPv6)
• A GRE tunnel is not encrypted.
• GRE tunnels are much easier to config.
GRE Lab
GRE Configuration
G.M #Interface tunnel (Tunnel no)
#IP address (IP) (subnet)
#Tunnel source (source physical interface IP)
#Tunnel destination (destination physical interface IP)
Drawbacks GRE
• Classic GRE tunnel (Point to Point)
• Manual tunnels
• Not scalable
• No encryption
• Static IP on all end points
Page 84 of 91
CCNA
(200 - 125)
DMVPN (Dynamic Multipoint VPN)

• Introducing is Cisco late 2000
• This technology has been developed to address needs for automatically created VPN tunnels
when dynamic IP addresses on the spokes are in use.
• This is pure hub & spoke topology where are all branches make communicate in each other s
• mGRE interfaces to not have a tunnel destination.
• Keep in cost low, minimizing configuration compete city an increasing flexibility
DMVPN is combination of following technologies

1. mGRE (Multipoint GRE)
2. Next Hop Resolution Protocol (NHRP)
3. Dynamic Routing Protocol (RIP, EIGRP, OSPF, BGP)
4. Dynamic IPsec encryption
mGRE (Multi-Point GRE)
• No tunnel destination
• User tunnel source and
• Tunnel can have many end points.
• Using single tunnel interface.
• The end points can be configured as GRE or mGRE
• Mapping is done by NHRP protocol
NHRP Message
1. NHRP registration request
• Spoke registration with NBMA tunnel IP to next hop server
• Required to build spoke to hub tunnel
2. NHRP resolution request
• Spoke query for NBMA & tunnel IP of another spoke
• Required to build spoke to spoke tunnel
3. NHRP re direct
• Server answer spoke data plane packet through it
• Used in DMVPN phase 3 to build spoke to spoke tunnels (needed if we have spoke to
spoke traffic)
Page 85 of 91
CCNA
(200 - 125)
IPsec VPN
VPN Example
• VPN replace dedicated point to point links with excluded point to point links that share common
infrastructure
• Customer use VPN’s primary to reduce their operational cost
Example: F.25, frame relay, ATM, GRE, DMVPN, IPsec, IPLS, L2TPV3
What is IPsec?
• Internet protocol security (IPsec) is a of protocols develop by the internet engineering task force
(IETF)
• Allows 2 or more host to communicate in secure manner by authenticating & encrypting each IP
packet of a communication session,
❖ Scale from small to very large networks
❖ Is available in cisco IOS software version 11.3(T) & later
• Included in PIX firewall version 5.0, ASA firewall
IPsec security features

• IPsec is the only standard layer 3 technology that provides,
❖ Data Confidentiality
❖ Data integrity
❖ Authentication
❖ Reply protection
Authentication
• Provides conformation about data stream origin

Data Integrity
• No-one can modify the data (Hashing algorithm)

Data Confidentiality
• Contains are not visible to third parties

• No snooping or wiretapping (using encryption)
Reply protection
• Ensuring packets received only once security service where the receiver can reject old or
duplicate packets in order to defined reply attacks
Page 86 of 91
CCNA
(200 - 125)
VPN types
Site to site VPN
• Allow a company to connect its remote sites to the co-operate backbone securely internet
Remote site VPN
• Allow remote clusters to securely access the co-operate network where ever & whenever they
need to
Page 87 of 91
CCNA
(200 - 125)
Monitoring
SYS log
-the router can use SYS log forward log message external Sys log servers 4 storage
GM #Logging (syslog server IP)
#Logging trap (security types)
PM #Show logging
SERCURITY NAMES
0 Emergency
1 Alerts
2 Critical
3 Errors
4 Warning
5 Notification
6 Information
7 Debugging
SNMP (simple network management protocol)

A protocol used to monitor configure and receive alerts form management network devices.
Manager
Information
Base
GM #SNMP – Server community (string name)

#SNMP – Server location (location)
#SNMP – Server host (SNMP manager IP) version (No) (string name)
#SNMP – Server enable traps
Page 88 of 91
CCNA
(200 - 125)
AAA (authentication authorization accounting)

Version security
1 community string
2 community string
3 encryption, authentication
External authentication with using AAA

Draw backs of local authentication
-Username and password stored locally
-No synchronized control
-More administrative task
-Not scalable
Using external server based authentication
-Username and password are stored in remote server
-Allows synchronized authentication
-Reduce administrative task
-Scalable
AAA
• Authentication : who are you?
• Authorization : which resources the user is allowed to access and witch operation the
user is allowed to performed.
• Accounting : what did you to spend it on
Server based AAA authentication

-Both RADIUS and TACACS + or client / server AAA protocol
-Authenticated username and password
-Determine if a user is allowed to connect to the client.
*TACACS+ or RADIUS protocol are used to communicate between the client & AAA security
server.
TACACS + (terminal Access Controller Access Control system-open standard)
RADIUS (Remote Authentication Dial in User Service-CISCO most secured)
Page 89 of 91
CCNA
(200 - 125)
Local vs Sever based authentication

Local authentication
* The user establishes a connection with the router.
* The router prunes the users for a username & password authentication the user using a local
database.
Sever based authentication

* The user establishes a connection with the router.
*The router prunes the users for a username & password
* The router passes the username & password to the cisco secure ACS (Access Control System)
* The cisco secured ACS authenticate the user, the user is authorized to access the router
(administrative access) or the network based on information found in the cisco secure ACS
database.
AAA (authentication configuration)

GM #AAA new-model
#AAA authentication login
GM #Line console 0
#login authentication default
Local authentication
GM #Username password
#TACAS – Server host
#TACAS – Server key (password)
Page 90 of 91
CCNA
(200 - 125)
Layer 2 security
1. Layer to attacks
• MAC table over flow attacks
• VLAN attacks
• Spoofing attacks (MAC, IP, ARP, and DHCP)
2. Rough network devices
• Wireless hub
• Wireless routers
• Access switches
• Hubs
3. Switch security
• Port security
• DHCP snooping
• IP source guard
• Dynamic ARP inspection
• Strom control
Page 91 of 91

Ccna 200 - 125

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ccna 200 - 125

Uploaded by

Copyright:

Available Formats

CCNA

Link Layer Discovery protocol (LLDP) /IEEE 802.1AB .......................................... 23

EIGRP (Enhanced Interior Gateway Routing Protocol) ........................................ 57

Option to Connect an Internet .................................................................................... 83

CISCO DEVICE SYMBOLS

CISCO System History

CISCO Career Certification

Hardware Software Information

Comparison between Hub, Switch and Router)

HUB SWITCH ROUTER

Unmanageable Manageable and unmanageable Manageable and unmanageable

No security In – built security In – built security

WAN (Wide Area Network)

MAN (Metropolitan Area Network)

➢ Duplex / Full Duplex

Internet Protocol (IP) Addressing

o Manually assign IP address in the TCP/IP Properties Page.

o Automatically assign IP address by the DHCP server or Operating System.

o Automatic Private IP Address.

*Class D : Reserved for Multicast

*Class E : Reserved for Experimental purpose

MAC Address (Media Access Control)

o First 24bits called as OUI; Last 24bits called as NIC

Classes Assignable IP address

Class B 65 ,534 (216 – 2)

Class C 254 (28 – 2)

*Wasted IP Address range: - 192.168.1.3 to 192.168.3.254

Converting decimal into binary

*Class full *Classless

Variable length Subnet mask

• Network bits cannot be changed but host bit can be changed.

➢ Find subnet mask

No .of Host bits :

No .of network bits :

Router Booting Process

Basic Command-line Interface

➢ Privilege mode: hostname#

Hostname# configure terminal

➢ Global configuration mode: hostname(config)#

#IP address 192.168.1.2 255.255.255.0

Troubleshooting and Show commands

▪ Check the Flash memory

▪ Check the RAM (Example Output…)

▪ Check the NVRAM (Example Output…)

▪ Check the Address Resolution Protocol (ARP) table

▪ Check the Media Access Control (MAC) table (Switch)

▪ Check the Routing table (Router)

Secure CISCO Router and Switch

▪ Configuring enable password and enable secret

▪ Configure a terminal connection to the router

▪ Configure an auxiliary password

Cisco Discovery Protocol (CDP)

CDP show commands

Hostname #Show CDP neighbors

Hostname #show CDP entry *

Hostname #show CDP neighbors detail

Enable and disable CDP

Hostname (config) #No CDP run

CDP timers and version

Hostname (config) #CDP hold time 120

Hostname (config) #CDP advertise-v2

Link Layer Discovery protocol (LLDP) /IEEE 802.1AB

Trivially File Transfer Protocol (TFTP)

Class full Classless