CCNA Short Notes PDF

Andrew Crouthamel Cisco CCNA Training Notes 1
SOLD TO THE FINE

abdimayah@gmail.com
Cisco
CCNA Routing and Switching
Training Notes
100-101 ICND1, 100-102 ICND2
200-120 CCNA
Andrew Crouthamel
Table of Contents
Table of Contents
About ShrikeCast and Andrew Crouthamel
About Cisco Certification and CCNA
Useful Networking Tools and Learning Resources
When do I use a Network?
What are Networks?
The History of the Internet
How the Internet is Designed
How to Communicate
Sizes of Networks
Protocols
OSI and TCP/IP Models
All About Applications
Common Protocols
Roles of the Transport Layer
TCP and UDP Protocols
Internet Protocol and IPv4
Networks and Subnets
Introduction to Routing
IPv4 Basics
IPv4 Address Types
IPv4 Subnetting
IPv6 Addressing Basics
IPv6 Unicast and Multicast
IPv6 Testing Connections
Data Link Layer Basics
Physical Layer Basics
Network Media
Topology Basics
Ethernet Basics
Address Resolution Protocol (ARP)
Switch Basics
IOS Device Basics
IOS Command Basics
Switch Configuration Basics
Switch Security Basics
Switch Port Security
VLAN Basics
Creating VLANs
VLAN Trunks
VLAN Security
Layer 3 Switching
Routing Basics
Routing Table Basics
Router-on-a-stick Configuration
Static Routing Basics
Static Routing Configuration
Dynamic Routing Protocols Basics
Distance Vector Routing Protocols
RIP Configuration
Open Shortest Path First (OSPF)
OSPFv2 Single-Area Configuration
OSPF Multi-Area Basics
OSPF Multi-Area Configuration
EIGRP Basics
EIGRP Configuration
EIGRP Metrics and DUAL
EIGRP Tuning and Security
Access Control Lists (ACLs)
Standard IPv4 ACL Configuration
Extended IPv4 ACL Configuration
Dynamic Host Configuration Protocol (DHCP)
DHCP Configuration
Network Address Translation (NAT)
NAT Configuration
Spanning Tree Protocol (STP)
Spanning Tree Configuration
Redundancy Protocols
Link Aggregation Basics
Wireless Basics and Security
IOS Naming Scheme
IOS Licensing
WAN Basics
Serial Point-to-Point
WAN Encapsulation
PPP Configuration
Frame Relay Basics
Frame Relay Configuration
PPPoE Configuration
VPN Basics
GRE Tunnel Configuration
Syslog Basics
SNMP Basics
NetFlow Basics
Credits
About ShrikeCast and Andrew Crouthamel

Started in 2011 to share IT knowledge
Shrike comes from the bird
Impales insect and small mammals on spikes to help it rip apart and preserve for
later
Andrew has been in IT for 10 years now
CCNA
CCNA Security
CCAI
VCP5
CompTIA Security+
CompTIA Network+
CompTIA A+
Majority has been involved in networking and security
LinkedIn: http://www.linkedin.com/in/andrewcrouthamel/
About Cisco Certification and CCNA

Current Cisco Certification Levels
Entry
Associate
Professional
Expert
Architect
Cisco Certification Tree
Recertification policy
Pass one test from same level or above, all certifications update
CCNA
100-101 ICND1 (CCENT)
Modules 1 & 2 of Cisco Networking Academy
AND
200-101 ICND2 (CCNA)
Modules 3 & 4 of Cisco Networking Academy
OR
200-120 CCNA (ICND1 & ICND2)
Modules 1 & 2 & 3 & 4 of Cisco Networking Academy
Useful Networking Tools and Learning Resources

Wireshark - http://www.wireshark.org
Packet Tracer -
http://www.cisco.com/web/learning/netacad/course_catalog/PacketTracer.html
GNS3 - http://www.gns3.net
PuTTY - http://www.chiark.greenend.org.uk/~sgtatham/putty/
KiTTY - http://kitty.9bis.net/
TFTP32 - http://tftpd32.jounin.net/
Angry IP Scanner - http://www.angryip.org/
Cisco Learning Network - https://learningnetwork.cisco.com/
GNS Labs - http://gns3vault.com/
When do I use a Network?

World economies going global
Instant communications across the world
Facebook
Twitter
TV, Phone, Internet, everything uses networks
Smartphones
Communications
Social Networks
News
Blogs
Internet Radio
Podcasts
Instant Messaging
Wikis
VoIP
eBooks (rise of Kindle and self-publishing)
Banking
Shopping
Mail order catalogs
Traditional stores
Auction sites
eBay
Education revolution
Online classes
Online colleges
Coursera & Udacity

Business needs
Remote access
IPsec
SSL-VPN
Connections between locations
Site-to-site IPsec VPN
Gaming
Online game matches
Xbox Live
PSN
Online distribution
Steam
Rise of independent developers and publishing
Internet of Things
No longer PCs, everything getting connected
QoS important
What are Networks?

Communication needs
Sender and receiver
Method
Language
Speed
Confirmation
Quality
Acceptable quality needs to be determined
More times data is transmitted, greater chance of corruption
Size of data packages needs to be determined
Reliability is key now
Network elements
Rules (Protocols)
HTTP/HTTPS
SMTP
POP
XMPP
OSCAR
SIP
FTP
Telnet
SSH
Medium
Wired
Wireless
Messages
Segments
Packets
Frames
Devices
Switches
Routers
Network symbols
Converged Networks
The History of the Internet

Victorian Internet
Telegraph (1830-40s)
Submarine cables (1850s-60s)
Gave rise to phone networks
Began in 1950s
Mainframe computer connections
Late 1960s into 1980s
ARPANET (Advanced Research Projects Agency Network)
1969-1985 (latest 1989)
Project of DARPA (Defense Advanced Research Projects Agency)
Connected universities at first, military later
Military split off with MILNET in 1983
E-mail, FTP, TCP/IP protocols
Shut down around 1985 with NSFNET introduction
1980s
CSNET (Computer Science Network)
1981-1984
Project of National Science Foundation
Used to connect institutions that could not get funding or authorization to
connect directly into ARPANET
Rose awareness for the national network
NSFNET (National Science Foundation Network)
1985-1995
Project of National Science Foundation
Provide connections for researchers to supercomputers funded by NSF
Started with a 56Kbps backbone, upgraded to 1.5Mbps T1, then to a
45Mbps T3, OC3, OC12, OC48
BGP protocol
Commercial ISPs started around this time, using the NSFNET to route
traffic
1990s
Internet
April 30, 1995 the original NSFNET Backbone Service was
decommissioned, transitioning traffic to several commercial backbone
networks
MCI
Sprint
How the Internet is Designed

Circuit Switching
Packet Switching
Tiered ISP structure
T1 - Tier 1 - Backbone ISPs
Own the cable
Verizon
Sprint
AT&T
T2 - Regional - Common ISPs
Lease from T1
T3 - Local - More common with dial-up
Lease from T2
Convergence
QoS (Quality of Service)
Classification
Priorities
Based on traffic type, protocol
UDP - more sensitive
VoIP
Video
TCP - less sensitive
HTTP
FTP
Network Security
Confidentiality
Integrity
Availability
Future of Networking
Convergence
Mobility
Security
How to Communicate
Parts needed for communicating
Source
Encoder
Transmitter
Medium
Receiver
Decoder
Destination
Segmentation
Breaking up data into smaller pieces
Multiplexing
Having several communications on the same medium
Components
Devices
End devices
Generate and receive the data
Intermediary devices
Help determine where data needs to go based on addresses in
data
Media
Copper
Fiber
Radio
Each has its own encoding method
Services
Web (HTTP)
Files (FTP)
Video (H.264)
VoIP (SIP)
Sizes of Networks
Terminology varies
PAN (Personal Area Network)
LAN (Local Area Network)
Homes
Businesses
Buildings
MAN (Metropolitan Area Network)
WAN (Wide Area Network)
Connects LANs together
Internet is a network of networks on a global scale
Called an Internetwork
ISP (Internet Service Provider)
Intranet is a network of networks in a single organization
NIC (Network Interface Card)
Adapter in a host device to connect to network
Physical Port
Also known as a jack, where cable plugs into on wall
Interface
Name of a NIC on an intermediary device
Network symbols
Protocols
Protocols are rules on how to communicate
Format of message
How to share information
Error handling
Setup and termination of sessions
Most are ratified by organizations such as
IEEE (Institute of Electrical and Electronics Engineers)
Usually media specifications and standards
IETF (Internet Engineering Task Force)
Usually protocols
RFC (Requests For Comments)
Sometimes they are grouped into suites or stacks
Examples
HTTP (Hypertext Transfer Protocol)
Application Protocol
TCP (Transmission Control Protocol)
Transport Protocol
IP (Internet Protocol)
Network Protocol
Protocols work together to accomplish communications
OSI and TCP/IP Models

Layered approach helps protocols work together
Protocol Models
TCP/IP Model
Reference Models
OSI Model
TCP/IP Model
IETF (Internet Engineering Task Force)
Application
Transport
Internet
Network Access
Data goes down the model to the media, then back up the model at the receiver
At each layer data is called a PDU (Protocol Data Unit)
Specific layer terminology
Application Layer - Data
Transport Layer - Segment
Network Layer - Packet
Data Link - Frame
Physical - Bits
Most layers encapsulate the previous layer with more data
OSI Model
ISO (International Organization for Standardization)
7 - Application
6 - Presentation
5 - Session
4 - Transport
3 - Network
2 - Data Link
1 - Physical
OSI Model layers are often referred to by their number
Most layers have an addressing method
Transport - Ports
Network - Logical Addresses (IP Addresses)
Data Link - Physical Addresses (MAC Addresses)
As data goes down the layers, it is encapsulated and new addresses specific to that
layer are added on
Intermediary devices read the destination addresses to determine where to send the
data
On a receiving device, as data gets to each layer, the destination address for that layer is
read and the data is decapsulated from that layer

Decapsulated - Rip off the header
Then data is sent to the next layer up
All About Applications

Applications are the software and services on a computer
Often includes Presentation and Session layers as the TCP/IP model has
Presentation Layer
Conversion of data to make it useful for layers below
Compression of data
Encryption/decryption
File formats are good examples of the Presentation Layer
Session Layer
Creates and tears down sessions, connections from one device to another
Application examples
DNS
HTTP
SMTP
FTP
Telnet
Protocols, Applications, and Services can all be the same name
Telnet
SCP
TFTP
Processes on your computer are applications
Some use network connections
taskmgr
netstat -an
Protocols
Message types
Message syntax
Message transit methods
Client-server model
Client is the one making the request
Good example is a personal PC running a client such as a web browser
Server is the one responding to requests
Running the services
Also called daemons
Good example is a server PC running Apache
Servers can have client software on them
Peer-to-Peer Model
One of, if not both end up running as a server and a client.

Can create a network Peer-to-Peer with a crossover cable
Common Protocols
Protocols to know
DNS (Domain Name System) - TCP/UDP Port 53
HTTP (Hypertext Transfer Protocol) - TCP Port 80
HTTPS (Hypertext Transfer Protocol over SSL or Hypertext Transfer Protocol
Secure) - TCP port 443
SMTP (Simple Mail Transfer Protocol) - TCP Port 25
POP (Post Office Protocol) - TCP Port 110
Telnet - TCP Port 23
SSH - TCP Port 22
FTP (File Transfer Protocol) - TCP Ports 20 and 21, or 21 and random port
DHCP (Dynamic Host Configuration Protocol) - UDP Ports 67 and 68
SMB (Server Message Block)/CIFS (Common Internet File System) - TCP Port
445 or UDP Ports 137 and 138, and TCP Ports 137 and 139
TFTP (Trivial File Transfer Protocol) - UDP Port 69
SNMP (Simple Network Management Protocol - UDP Ports 161 and 162
DNS
Very old protocol but one of the most important protocols in use today
Modern technologies such as VMware rely heavily on it
Resolves domain names to IP addresses
DNS resolution is done before data connection to server for a service is initiated
Required for the World Wide Web to work
nslookup
Record types
A (IPv4) or AAAA (for IPv6) - Generic record, device IP address
NS - Name server record
CNAME - Canonical name, also known as an alias
Often used for web servers so multiple websites can be hosted on
the same IP
MX - Mail exchange record, only for E-mail servers
Client and servers will check their host files first, then DNS cache, only then
checking network servers
ipconfig /displaydns
ipconfig /flushdns
Hierarchy system
Root servers - Records of top-level domain servers
Also known as the Root Hint servers
Top-level domain servers - Records of second-level domain servers

.com, .org, .net, .co.uk, etc.
Second-level domain servers
andrewcrouthamel.com, youtube.com, etc.
HTTP
Also very old protocol
The World Wide Web (which runs on the Internet) is mostly run by HTTP
Web browsers download and interpret HTTP and other protocols and languages
to display web pages
Transmits HTML or similar files (index.html is often hidden from the URL)
GET, POST, PUT message types
Secure version HTTPS
SMTP/POP
Also very old protocols
Used for sending/receiving E-mail
Clients are known as MUA (Mail User Agent)
MDA (Mail Delivery Agent) is the server that actually sends the data back to the
client and often stores the mailbox data
MTA (Mail Transfer Agent) is a mail routing server to get mail to the correct MDA
SMTP Commands
HELO - Creates connection to mail server
EHLO - Newer version of HELO
MAIL FROM - Sender address
RCPT TO - Recipient address
DATA - Message body
SMTP is for sending mail from a client and inter-MTA transfers
POP is for receiving mail to a client from a MDA
Secure options now, runs on other ports
Telnet
Allows for CLI (Command-Line Interface) access
Also known as terminal access
Used to access routers, switches, servers, etc.
Commands and data are plaintext
Secure version is SSH
SSH
Secure Shell
Provides encryption for CLI access
FTP
Also very old protocol
Designed for sending and receiving files, HTTP later had that capability added
FTP is often the fastest method of transferring a file
Two modes
Active - Ports 20 and 21
Control on 21
Data on 20
Passive - Ports 21 and random
Control on 21
Data on random
Secure version is SFTP or FTPS
DHCP
Originally BOOTP
Allows a client to automatically get an IP address and other information
Messages
Discover
Offer
Request
Acknowledge
SMB/CIFS
Originally SMB, now CIFS
Microsoft protocol
Linux can speak it with Samba for SMB, or CIFS natively
Often used for file transfers and printer sharing
Default file transfer protocol for Windows
Usually slow and considered bloated
FTP is almost always many times faster
TFTP
Commonly used for router or switch maintenance, transferring files or
configurations to or from devices
TFTP32
SNMP
Used for retrieving and setting values on computers, networking equipment,
anything
Writing values via SNMP is commonly considered insecure and a bad idea
Reading values via SNMP is very common on a timed interval for retrieving health
information from a device (CPU usage, memory usage, disk usage, etc.)
MRTG and Zenoss
Roles of the Transport Layer

Provides segmentation and control of data
Reassembles data at receiving end
Identifies applications and services based on port number
After being sent from above layers, data is broken up into PDUs called segments
This is done to enable multiplexing and increase transmission reliability
Establishes sessions using stateful communication protocols such as TCP
Provides reliable delivery using protocols such as TCP

Can re arrange data into proper order if received out of order
Flow control
TCP good for reliability, but slower data transmissions (HTTP, FTP, etc.)
UDP good for unreliable, but faster data transmissions (VoIP, DNS, etc.)
With TCP, it can track incoming data, keep note on what it received, acknowledge those
receipts and force retransmission of missed segments
Clients often generate a random port number per application when communicating to a
server, so returning data can be routed to the correct application
Web browsers are a good example, each window or tab has its own randomly
generated port number
Port Numbers
Assigned by IANA (Internet Assigned Numbers Authority)
Well Known Ports - 0-1023
Most common applications and services are in here
Doom 666
Registered Ports - 1024-49151
Other common services and games
Sometimes used as dynamic ports on a client
Dynamic/Private Ports - 49152-65535
Also known as ephemeral ports
Free-for-all
Commonly used as dynamic ports on a client
DNS uses UDP and TCP
UDP for requests and responses
TCP for zone transfers between servers
TCP and UDP Protocols

Connection oriented communications
TCP provides reliability to communications with an added overhead
Options field
URG - Urgent
ACK - Acknowledgement
PSH - Push
RST - Reset connection
SYN - Synchronize sequence numbers
FIN - Finish connection
Three-way handshake
SYN
SYN/ACK
ACK
Four-way session teardown

FIN
ACK
FIN
ACK
Reassembly
Packets can take various routes to get to destination
Sometimes they arrive out of order
Acknowledgement numbers during data transmission reflect how many bytes
were sent
Acknowledgements usually happen after several packets are sent
If segment never received, will often harass the sender for missing segment,
called FRR (Fast Retransmit and Recovery)
Otherwise, it waits until a timeout for the acknowledgement to determine
that a segment was missed
Flow control
Window size is the amount of bytes sent before and Acknowledgement is sent
Window size can be adjusted on the fly if there are bottlenecks at one side
If both sides support SACK (Selective Acknowledgements), which is common,
only the missing segment is retransmitted
Otherwise, the entire window size will be retransmitted
UDP
Connectionless communications
UDP provides unreliable communications without much overhead
No reassembly if received out of order, segments are passed up the layers as-is
Lost or damaged segments are not re sent
Sometimes the above two are handled via software to provide pseudo-TCP
functionality with UDP
Internet Protocol and IPv4

Layer 3 provides
Addressing
Encapsulation
Routing
Decapsulation
Layer 3 Protocols
IPv4 (Internet Protocol version 4)
IPv6 (Internet Protocol version 6)
IPX (Novell Internetwork Packet Exchange)
AppleTalk
Properties
Connectionless - Relies on Layer 4

Best Effort - Relies on Layer 4
Media Independent - Relies on Layer 2
MTU is a Layer 2 setting which gets passed up to Layer 3 so it can determine how large
packets need to be
If a router or other device receives a packet that is too large it usually will fragment
Takes Layer 4 segment and header, then encapsulates IP header onto it
IPv4 Header
Source Address
32-bit binary number assigned to source NIC
Destination Address
32-bit binary number assigned to destination NIC
TTL (Time-to-Live)
8-bit binary value that defines how many hops the packet can take before
being dropped
Starts high, counts down to 0
ToS (Type-of-Service)
8-bit binary value used for Quality of Service
Protocol
8-bit binary value used to define the Layer 4 protocol in use
01 - ICMP
06 - TCP
17 - UDP
Fragment Offset
If a packet is fragmented, the offset is used to determine how to
reconstruct the data
Networks and Subnets

Many sizes and design options to choose from for your networks
Networks can be broken down by
Location
Department
Collaboration
Reasons for networks and subnetting
Logical separation
Security
Broadcast traffic reduction
Address management
IP addresses are broken into Network and Host portions
The subnet mask (also known as bit mask) determines where the separation
occurs
Introduction to Routing
Gateways and routing are required to communicate between networks
Any devices on the same network can communicate without the need for a router
Routers read the IP addresses in the header to determine where traffic needs to go when
routing between networks
Default gateways are the escape point for a network, each device should have only one
configured
ipconfig or ipconfig /all
Routes determine who to send traffic to for a certain network
End devices can have static routes added
route print, route add, route delete
Intermediary devices such as routers have either static or dynamic routes in them
Routes have three basic parts
Destination network
Next-hop or Exit interface
Metric
Many routers have a Default Route, which is the same as a Default Gateway, also
known as the Gateway of Last Resort
Often shows 0.0.0.0/0 for destiantion network
If there is no route match and no Default Route, packets are discarded
Routing process (for every packet)
Decapsulate (rip off) Layer 2
Read the destination IP in the Layer 3 header
Check routing table
Encapsulate Layer 2
Routing protocols allow routers to share route information
They add dynamic routes into the routing table
Routing protocols learned in CCNA
RIP (Routing Information Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol)
OSPF (Open Shortest Path First)
Routes that are manually entered by an administrator are known as static routes
IPv4 Basics
32-bit address
Notated in dotted decimal format
Four groups of 8 bits, converted to decimal, with a dot between each
11000000101010000000000100000001 turns into
11000000.10101000.00000001.00000001 which turns into 192.168.1.1

Each 8-bit group is called an octet
Often the network and host separation happens as one of the end of an octet
Every 8 bits is also called a byte
Binary to Decimal Conversion
Uses positional notation
128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0
= 192; add up the positions
Binary is a base 2 numbering system so bits can only be on or off, 1 or 0
Do binary to decimal conversion for each octet of an IP address to get dotted
decimal notation
Decimal to Binary Conversion
Same positional notation system as above but in reverse
Similar to long division from grade school
Does 128 fit into 192? Yes, 1
Does 64 fit into 64? Yes, 1
Does 0 fit into 0? No, 0
Do decimal to binary conversion for each octet of an IP address to get binary
notation
IPv4 Address Types

Network Address
First IP of a network, reserved and cannot be used by a host
Common way to refer to a network by name
Broadcast Address
Last IP of a network, reserved and cannot be used by a host
All hosts respond to traffic on this IP
Host Address
Network Prefixes
Prefix length is the number of bits in the network portion of the address
When converted to decimal, it gives you a subnet mask.
Important for subnetting and Classless Inter-Domain Routing (CIDR, pronounced
see-dur)
Common to refer to a network combining the Network Address and Prefix, ex. Its
the 10.1.0.0 /26 network
Calculating Addresses
Number of prefix bits starts from the left and is called the network bits
The remaining bits on the right side are called the host bits
All 0s on the host bits is the network address
All 1s on the host bits is the broadcast address
All remaining bits in-between are the usable addresses

Show example of IP address in binary with network/host division
Packet Types
Unicast - one to one
Multicast - one to many
Basic functionality is to be sent to all machines, works like a limited
broadcast, but only certain machines listen and respond. If you need to
send multicast over VLANS/subnets, you will need to specially retransmit
the traffic in your router (Bonjour has this problem)
Some situations have multicast clients register with a server or switch, so
traffic only goes to specific computers, like a bunch of unicasts
Broadcast - one to all
Limited broadcast - 255.255.255.255 - Does not get forwarded by routers
Directed broadcast - 192.168.1.255 - Gets forwarded by routers
IP Ranges
Host Addresses - 0.0.0.0 to 223.255.255.255
RFC - 790
Multicast Addresses - 224.0.0.0 to 239.255.255.255
RFC - 1700
Experimental Addresses - 240.0.0.0 to 255.255.255.254
RFC - 1700, 3330
Not routable
Private Addresses - 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12
RFC - 1918
Not routable on the Internet
NAT - Network Address Translation, allows you to hide many private IPs
behind a public IP, as well as translate between different IP subnets if
needed
Public Addresses - The remaining IPs from the Host Addresses, minus the
Private Addresses
Special IPv4 Addresses
Default route - 0.0.0.0
Catch-all for traffic, used as the route pointing to your default gateway or
gateway of last resort
The reasoning for this will make more sense when we get into subnetting
and the ANDing process
Not routable
Loopback - 127.0.0.1
Sends traffic to your own IP stack on the host you run it from, used to test
the driver/NIC (Network Interface Card)
Not routable
Link-Local - 169.254.0.0 to 169.254.255.255
Automatically self-assigned to a host when no DHCP (Dynamic Host
Configuration Protocol) server is found

Also called the APIPA (Automatic Private IP Addressing) address
Not routable
TEST-NET Address - 192.0.2.0 to 192.0.2.255
Set aside for teaching purposes
IPv4 Subnetting
Used to have Classful Networking - Subnet was based on first octet and there was no
Network Address Translation (NAT), everyone used Public IPs.
Class A
First octet 1-127
/8 - 255.0.0.0
128 nets, 16,777,214 hosts per net
Class B
First octet 128-191
/16 - 255.255.0.0
16,384 nets, 65,534 hosts per net
Class C
First octet 192-223
/24 - 255.255.255.0
2,097,150 nets, 254 hosts per net
Class D (multicast)
First octet 224-239
Class E (reserved)
First octet 240-255
Now use classless subnetting to make smaller networks, NAT, VLSM, etc
Good for logical or physical dividing of a network to simplify management and security
Router (or Layer 3 switching) needed to communicate between subnets
You have network bits and host bits in an address
Prefix and subnet mask are same thing
Prefix refers to number of network bits
Subnet mask is dotted decimal conversion of the prefix
Subnets are created by borrowing from the host bits
Based on powers of two, so one bit borrowed, two subnets created, 2 buts, four subnets,
etc
Parts of a subnet
Network address
All host bits set to 0
First host address
All host bits set to 0 except last host bit set to 1
Last host address

All host bits set to 1 except last host bit set to 0
Broadcast address
All host bits set to 1
Formulas
Number of subnets - 2^n (n = number of network bits)
n can also be number of bits borrowed to determine number of subnets
created from existing network
Number of hosts - 2^n (n = number of host bits)
Includes network and broadcast address
Number of valid hosts - 2^n-2 (n = number of host bits)
Hosts cannot use network and broadcast addresses
Basic steps
Write binary placeholders down
Mark out the 1 and 0 bits for the network portion of an IP
Draw a vertical line after the last prefix bit
Count from 0 upwards by the placeholder to the left of the line
One can use these basic steps to either determine network address of an
IP/prefix, or create properly sized subnets by counting up by the chosen
placeholder
Variable Length Subnet Masks (VLSM)
Same idea as classless subnetting, but you can subnet a subnet
Good for organization of IP schemes in large environments
Efficient, no wasting of IP space due to subnets that are too large and reduced
broadcast issues
IPv6 Addressing Basics

Designed to solve IPv4 exhaustion
128-bit addressing
Hexadecimal notation
Hex digits are 0-9 and A-F for 16 possible bits
Sets of 4 hex digits in 8 places
Separated by colons :
4 hex digits = 16 binary digits
Leading zeros 0000:0000:000 can be truncated
One section of zeros can be truncated with two colons
1234:0000:0000:0000:4321
1234::4321
Header simplified
No dotted decimal subnet mask, only notated with prefix length
1234:000:000:4321/64
Unicast
Uniquely identifies an interface on an IPv6 device.
Global unicast
Globally unique, routable addresses
Static or DHCP
Link-local
Unique only on same subnet, not routable
Used to communicate on same subnet
Used for routing protocol communication and default gateway address
Loopback
Same as IPv4 loopback, to test the TCP/IP stack and NIC
Cannot be assigned to an interface
All zeros except last bit is 1
::1/128 or ::1
Unspecified address
Used as a source address when device does not yet have a permanent
address or the source is irrelevant
Cannot be assigned to an interface
All zeros
::/128 or ::
Unique local
Similar to IPv4 RFC 1918 addresses
Used for local addressing at a location
Not routable to the global IPv6
FC00::/7 to FDFF::/7
Not recommended by the IETF to be used like IPv4 NAT/PAT
IPv4 embedded
Used for transition from IPv4 to IPv6
Multicast
Send to multiple destinations
Anycast
A unicast address assigned to multiple devices
Packets sent to the anycast address are routed to the nearest device
IPv6 Subnetting
Not done to conserve IPs but only for logical organization reasons
Can look cleaner since you can just count up in hexadecimal in the Subnet ID
2001:0DB8:ACAD:0000::/64
2001:0DB8:ACAD:0001::/64
2001:0DB8:ACAD:0002::/64
Can also borrow from the Interface ID like in IPv4, when borrowing host bits
IPv6 Unicast and Multicast

Global Unicast Addresses
Has three parts:
Global routing prefix
Subnet ID
Interface ID
Global Routing Prefix
Network portion of the address assigned by the provider.
Currently /48s are assigned to all individuals and companies
Subnet ID
Used by organizations
Interface ID
Same as the host portion of an IPv4 address
Configuration
Usually can use ipv6 instead of ip to configure
ex. ipv6 address 2001:db8:abcd:1::1/64
Can be provided dynamically
Stateless Address Autoconfiguration (SLAAC)
DHCPv6
Stateless Address Autoconfiguration (SLAAC)
Retrieve prefix, prefix length, and default gateway from an IPv6 router without
DHCPv6
Uses Router Advertisement (RA) messages (ICMPv6)
RAs are periodically sent to all IPv6 devices from routers
Every 200 seconds by default to the all-nodes multicast group
IPv6 devices do not have to wait for the RA messages
Can send a Router Solicitation (RS) message using the all-routers
multicast group address
Router will then respond with a router advertisement
To enable a router for IPv6 routing ipv6 unicast-routing must be entered in
global configuration
RA message will describe how to configure
SLAAC only
Device will use the prefix, prefix-length, and default gateway
address from the RA
SLAAC and DHCPv6
Device will use the prefix, prefix-length, and default gateway
address from the RA and obtain other parameters such as DNS
servers from DHCPv6
DHCPv6 only
Device will not use information in the RA message, but obtain all
parameters from DHCPv6
DHCPv6
Similar to DHCP in IPv4
In the ICMPv6 RA
Option 1 specifies using SLAAC only
Option 2 specifies using SLAAC and DHCPv6
Option 3 specifies using DHCPv6 only
With SLAAC only or SLAAC with DHCPv6, the client must determine its own
Interface ID using EUI-64 or generating a random number
EUI-64
Extended Unique Identifier (EUI)
Users the 48-bit Ethernet MAC address from the client and inserts 16 bits into the
middle to create the Interface ID.
16-bits = FFFE
24-bit OUI + 16-bit FFFE + 24-bit Device Identifier
Dynamic Link-Local Addresses
Created using FE80::/10 prefix and the Interface ID
Static Link-Local Addresses
ex. ipv6 address link-local-address 2001:db8:abcd:1::1/64
Verifying IPv6 Configuration
show interface
show ipv6 interface brief
show ipv6 route
Multicast Addresses
Have the prefix FF00::/8
Assigned multicast
Reserved addresses for group of devices
Used with specific protocols
FF02::1 - All-nodes multicast group
All IPv6 devices join this group
Acts like broadcast for IPv4
RA messages go to this group
FF02::2 All-routers multicast group
All IPv6 routers join this group
Acts like broadcast for IPv4
RS messages go to this group
Solicited Node Multicast
Matches only the last 24 bits of the IPv6 global unicast address
FF02:0:0:0:0:FF00::/104 plus the last 24 bits of the IPv6 unicast address
IPv6 Testing Connections

ICMP
Often used for testing
ICMPv4 Destination Unreachable
0 - network unreachable
1 - host unreachable
2 - protocol unreachable
3 - port unreachable
ICMPv6 has similar Destination Unreachable messages
ICMPv4 Time Exceeded
Packet cannot be forwarded because TTL reached 0
When a router receives and decrements the TTL to 0, it discards and
sends Time Exceeded to the source host
ICMPv6 is similar, it sends Time Exceeded but does not have TTL, it uses the
hop limit field
ICMPv4 Redirect Message
Notifies the host that a better route is available for a destination
ICMPv6 has the same message
ICMPv6 has four new protocols
Part of the Neighbor Discovery Protocol (ND/NDP)
Router Solicitation
Router Advertisement
Neighbor Solicitation
Neighbor Advertisement
Router Solicitation
When a host uses SLAAC, the host will send an RS message
Router Advertisement
Sent by a router in response to an RS, providing parameters for a
host
Neighbor Solicitation and Neighbor Advertisement
Used for address resolution and Duplicate Address Detection
(DAD)
Similar to ARP, address resolution is used to determine MAC of a
destination
NS will be sent to the solicited node address
NA will be sent in response with MAC address
To perform DAD
A device will send an NS with its own IP as the targeted
address
If another device has it, it will send an NA in response
Testing Commands
Ping
Local loopback to test TCP/IP stack of device
IPv4 - 127.0.0.1
IPv6 - ::1
Test connectivity to other devices
Either local (LAN) or external (WAN)
Traceroute
Uses the TTL of IPv4 and the hop limit of IPv6 to map the route a packet
will take
TTL/hop limit will start at 1
First router will decrement and send a Time Exceeded
TTL/hop limit will then be set to 2
First router will decrement to 1, pass it on
Second router will decrement to 0, send a Time Exceeded
Process repeats until destination is reached
Traceroute application records this data and presents it as a printout to
the user
Data Link Layer Basics

TCP/IP network access layer is the same as OSI Layers 1 and 2
Packages packets into frames
Does media access control and error detection
Two sublayers
Logical Link Control (LLC)
Identifies which protocol is used for the frame
Places identifier into the frame
Media Access Control (MAC)
Provides data link layer addressing
Delimiting of data according to physical signaling needs of medium to be
transmitted across
Can change for each link between each device from source to destination
ex. Fiber -> Ethernet -> Frame Relay -> Wi-Fi
Encapsulates and de-encapsulates each hop
Generally standardized and defined by a number of organizations, unlike higher level
which is mostly by IETF
Institute of Electrical and Electronics Engineers (IEEE)
International Telecommunication Union (ITU)
International Organization for Standardization (ISO)
American National Standards Institute (ANSI)
Header
Control information in beginning of PDU

Fields
Start Frame
Indicates beginning of frame
Source and Destination Address
Indicates source and destination devices
Type
Indicates upper layer service
Priority/Quality of Service
Indicates a particular service level
Logical connection control
Physical link control
Flow control
Congestion control
Data
IP header, transport layer header, application data
Trailer
Control information for error detection at end of PDU
Transmitting device creates a cyclic redundancy check (CRC) and places it in the
Frame Check Sequence (FCS) field
Receiving device calculates its own CRC and checks the FCS field if configured
to do so
Drops frame if CRC is different
Media Access Control
Topology
How the connections between devices is to operate
Media Sharing
How the devices share the media, what rules to follow
Address
Only used on media link between two communicating devices
Specific to one interface on one device
Has to be unique
Common protocols
Ethernet
Point-to-Point Protocol (PPP)
802.11 Wireless
High-Level Data Link Control (HDLC)
Frame Relay
Ethernet Frame
Most common LAN protocol
IEEE 802.2 and 802.3
Supports 10Mbps, 100Mbps, 1Gbps, and 10Gbps
Uses CSMA/CD as the media access method
Uses Ethernet MAC address, 48 bit hexadecimal identifier

Point-to-Point Protocol (PPP)
Used to deliver between two nodes
Used on many Serial WAN connections
Defined in RFCs, not IEEE standards
Uses logical connections between nodes to separate them from physical
architecture
802.11 Wireless
Uses same 802.2 LLC and 48-bit addressing scheme as other 802 LANs
Uses CSMA/CA as the media access method
Slightly slower by design, than CSMA/CD for Ethernet
Uses a random backoff timer for all nodes wishing to transmit
When airwaves become clear, nodes wait random amount of time
before transmitting, hopefully preventing a collision
This is because collision detection is not reliable on wireless
Physical Layer Basics

All communications need some sort of physical connection
Can be wired, using electrical pulses with a cable of various specifications
Can be wireless, using radio waves of various of specifications
Wired is the backbone of almost all networks
Requires switches to provide user connectivity
Wireless is now very common
Requires Wireless Access Points (WAP) to support devices
Many homes receive a home router from their ISP which will include wired and wireless
functionality
Network Interface Cards (NICs) connect a device to a network
Can be wired or wireless, supporting a variety of specifications
Defines how to encode and transmit the bits of data from the upper layers over a
specified media type
Data is segmented by the transport layer, placed into packets by the network
layer, encapsulated as frames by the data link layer, then further encoded and
transmitted in certain patterns by the physical layer
Three basic network media
Copper cable
Electrical pulses
Fiber-optic cable
Patterns of light
Wireless
Patterns for radio waves
Many organization define physical layer standards
International Organization for Standardization (ISO)

Telecommunications Industry Association/Electronic Industries Association
(TIA/EIA)
International Telecommunication Union (ITU)
American National Standards Institute (ANSI)
Institute of Electrical and Electronics Engineers (IEEE)
Federal Communication Commission (FCC)
European Telecommunications Standards Institute (ESTI)
Regional and local standards groups
Comprised of physical components, hardware devices, media
Data is taken and encoded into a defined pattern or code
Allows data to be more efficiently transmitted, less bits can be used to represent
a larger amount of bits
Think compression, like ZIP files
Manchester encoding
A 0 is a high to low voltage transition
A 1 is a low to high voltage transition
Used by older versions of Ethernet
Non-Return to Zero (NRZ)
Either zero or one, no neutral position
A 0 and 1 represented by different specific voltages
Common encoding
Faster transmission methods use more advanced encoding methods, such as
4B/5B or 8B/10B
Asynchronous transmission
Transmitted without an associated clock signal, time spacing may be arbitrary
Requires start and stop flags
Synchronous transmission
Transmitted with an associated clock signal
Modulation
Frequency Modulation (FM)
Amplitude Modulation (AM)
Pulse-Coded Modulation (PCM)
Bandwidth is the capacity of a medium to transmit data
Measured in bits per second
Kbps, Mbps or kb/s, Mb/s
Maximum bandwidth differs based upon physical media type
Throughput
Measure of the transfer of bits over a medium during a period of time
Factors such as amount of traffic, type of traffic, latency affect throughput
Different protocols will have different throughputs on the same medium (and
such, same bandwidth capability)
Goodput
Throughput minus traffic overhead
Network Media
Copper Cabling
Transmitted as electrical pulses
Interference
Electromagnetic Interference (EMI)
Fluorescent lights
Radio Frequency Interference (RFI)
Microwaves
Crosstalk
Wires picking up electrical signals of adjacent neighbors
Use of twisted pairs and shielding combat interference
Separation of wires from EMI/RFI sources
Unshielded Twisted-Pair (UTP)
Four pairs of color-coded wires
Shielded Twisted-Pair (STP)
Same as UTP but with wire mesh or foil
One option is to have foil or wire mesh surrounding the bundle of
pairs
Second option is to have foil or wire mesh surrounding each
twisted pair and entire bundle of pairs
Coaxial Cable
Single copper conductor in center
Conductor surrounded by flexible plastic insulation
Plastic insulation surrounded by copper mesh
Copper mesh surrounded by a jacket
UTP Cabling
Four pairs of color-coded wires twisted together and in a flexible plastic sheath
Cat 5
Cat 5e
Cat 6
Cat 6a
RJ-45 connection
Types of UTP
Straight-through
Most common, used for connecting most devices, such as host to
switch
Crossover
Used to connect similar devices together, such as host to host or
switch to switch
Often no longer needed, with Auto-MDIX functionality

Rollover
Cisco cable used for console connection
Fiber Optic Cabling
Made of glass fiber
Flexible but fragile, cannot bend sharp corners
Immune to EMI and RFI
Uses
Backbone of larger networks
Fiber-to-the-home
Long distances
Underwater
Composition
Core - Glass fiber
Cladding - Glass surrounding core and acts as a mirror
Jacket - PVC protection
Light pulses generated by two devices
Lasers
Light Emitting Diodes (LEDs)
Single-Mode fiber (SMF)
Uses laser
Often used for long distance runs
Multi-Mode fiber (MMF)
Uses LED
More economical, used for shorter distances
Connectors
Straight-Tip (ST)
Older connector used with multimode
Subscriber Connector (SC)
Very popular, supports both fiber types
Lucent Connector (LC)
Gaining popularity, supports both fiber types
Many other types that are falling out of favor or now obsolete
Troubleshooting
Misalignment
End gap
End finish
Wireless Media
Coverage is highly dependant on frequency used and material of walls and floors
Interference can be an issue as many devices operate on 2.4 Ghz
Security is an issue due to all transmissions being out in the open, not restrained
to a cable
Encryption now helps solve some of this problem
IEEE Standards
802.11
WLAN technology, known as Wi-Fi, has many variants (a/b/g/n/ac)
802.15
WPAN technology, known as Bluetooth
802.16
Worldwide Interoperability for Microwave Access (WiMAX)
Each have their strengths and weaknesses
Wireless Access Points (APs)
Provides access for wireless devices, a pure AP does not provide DHCP,
routing, firewall, or other features.
Wireless NIC adapters
Provides wireless functionality to devices
Wi-Fi Standards
IEEE 802.11a
5 GHz
54 Mb/s
IEEE 802.11b
2.4 GHz
11 Mb/s
IEEE 802.11g
2.4 GHz
54 Mb/s
IEEE 802.11n
2.4 or 5 GHz
100-600 Mb/s
IEEE 802.11ac
2.4 and 5 GHz
250 Mb/s and 1.3 Gb/s
IEEE 802.11ad (WiGig)
2.4 GHz, 5 GHz, and 60 GHz
7 Gb/s
Topology Basics
Different Data Link protocols have different topologies
Physical Topology
How devices physically are connected
Logical Topology
How a network transfers frames from one device to the next
WAN Topologies
Point-to-Point
Physical could be one cable interconnecting devices

Logical is similarly one connection between devices, but could span
physical connections
Hub and Spoke

Mesh
LAN Topologies
Star - Modern Ethernet
Extended Star - Modern Ethernet
Bus - Legacy Ethernet
Ring - Token Ring, Fiber Distributed Data Interface (FDDI)
Duplex
Half - One side talks at a time as the other listens
Full - Both sides can talk at the same time and listen at the same time
10/100 offered Half/Full, meaning when enabled for Full they were really 20/200
Gigabit is Full only
Media Access Control methods
Contention-based access
All nodes compete for the use but have a method in place to deal with
collisions (most modern networks)
Carrier sense multiple access with collision detection (CSMA/CD)
Monitors for signal on the wire, when clear transmit is acceptable.
If a collision of multiple transmits is detected, all devices stop and
wait a random amount of time to retransmit.
Switching in modern networks eliminates the need for CSMA/CD
due to the collision domain being limited between host and
intermediary device
Ethernet
Carrier sense multiple access with collision avoidance (CSMA/CA)
Monitors for signal in the air, when clear transmit is acceptable.
WiFi
Controlled access
Each node has a slot of time to use
Token Ring
Fiber Distributed Data Interface (FDDI)
Ethernet Basics
Most common LAN technology now
Operates on Data Link layer
Supports many speeds
10 Mb/s
100 Mb/s
1000 Mb/s (1 Gb/s)
10,000 Mb/s (10 Gb/s)
40,000 Mb/s (40 Gb/s)
100,000 Mb/s (100 Gb/s)
Two sublayers
LLC
Handles communication between upper and lower layers
Takes IP packet and adds control information
Implemented in software
MAC
IEEE 802.3
Data encapsulation
Frame delimiting in beginning
Addressing with MAC address
48 bits, 24 bit vendor code assigned by IEEE, 24 bit
generated by vendor burned into NIC
Must be unique
Formatted with dashes, colons, or decimals
Error detection with CRC in trailer
Media access control
Placement and removal of frames onto the media
Implemented in hardware
DIX Ethernet standard now referred to as Ethernet II, the most common frame
Minimum frame size is 64 bytes
Maximum frame size is 1518 bytes
Less than 64 bytes is a collision fragment or runt frame and is discarded
IEEE 802.3ac extended maximum size to 1522 bytes to allow for VLANs
Ethernet frame fields
Preamble
Start Frame Delimiter
Destination MAC Address
Source MAC Address
Length
Data
Frame Check Sequence (FCS)
Uses Hexadecimal system, base 16
Cisco uses XXXX.XXXX.XXXX, many other operating systems use XX:XX:XX:XX:XX:XX or
XX-XX-XX-XX-XX-XX
Used on Layer 2
Unicast address is the unique address of the destination or source NIC
Broadcast address is all Fs
FF-FF-FF-FF-FF-FF
Multicast addresses start with 01-00-5E

Devices will have both MAC (Layer 2, physical) and IP (Layer 3, logical) addresses
IP can change, MAC does not (usually)
Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) helps a node determine the MAC address of the next
device it needs to send to on the Ethernet link.
ARP has requests and replies
Resolves IPv4 addresses to MAC addresses
Maintains a table of mappings
There is also a Reverse ARP
Commands
On a Cisco router: show ip arp
On Windows 7: arp -a - Shows all ARP entries
On Windows 7: netsh interface ip delete arpcache - Deletes all ARP entries
Causes some overhead due to broadcast functionality
Switches reduce broadcast traffic if configured for VLANs
Can easily spoof ARP replies, called ARP poisoning
Switch Basics
Most devices now are connected to a switch instead of a hub or in-line as was the case
many years ago
Ethernet is a logical bus topology usually deployed in a star or extended star physical
topology
Switch types
Fixed
Cannot add new features, boards, ports, etc. Only upgradable through
software if managed
Unmanaged and managed versions
Some models are stackable with special cables, or fiber cables
Modular
Has a main chassis with board slots
Choice of management consoles, ports, firewall features, etc.
Individual ports can be sometimes swapped out for different types
Called Switch Form-Factor Pluggable (SFP) Modules
Operation
Use MAC addresses to decide what ports to send traffic to
Builds a MAC address table as it learns what traffic is coming from which ports
If no destination port is in MAC table, switch forwards the frame on all ports
except originating port

Responding device gets recorded into MAC table for future use
If there is another switch downstream on one port, all responding MAC addresses
get recorded to the MAC table for that port
Switches can automatically negotiate speed, duplex, and MDIX settings (on newer ones)
Can also manually set these values for each port on a managed switch
Medium Dependent Interface (MDI/MDIX)
mdix auto
MDI/MDIX refers to how the transmit/receive wires are arranged on on a port of a
internetworking device
Transmit on one side connects to receive on the other
MDI for hosts and routers, MDIX for switches
Auto-MDIX in newer switches now detects and swaps a port to MDI/MDIX as
needed
Forwarding methods
Store-and-forward
Switch receives the whole frame, runs a Cyclic Redundancy Check
(CRC) and then forwards if valid
Slower
Cut-through
Reads the destination MAC and then forwards right away, no buffering of
full frame or error checking
Faster
Variants
Fast-forward
Reads the destination MAC and then forwards right away,
no buffering of full frame or error checking
Fragment-free
Stores the first 64 bytes of the frame before forwarding.
Faster than store-and-forward, slower than fast-forward,
but catches most errors and collisions without a CRC.
Memory Buffering
Port-based
A queue for each port
Can cause delay for other frames on other ports
Shared
A common queue for all ports
Dynamically allocated memory per port
Allows for larger frames to be transmitted
IOS Device Basics

Ciscos Internetwork Operating System (IOS) is the term for the Operating System
software installed on most Cisco products
Stored on flash, non-volatile
Loaded into RAM on boot
Connecting to IOS
Console - Looks like an RJ-45 ethernet connection but blue
Bits per sec: 9600
Data bits: 8
Parity: none
Stop bits: 1
Flow control: none
Telnet
SSH
AUX - Older modem connection method
Privilege modes - Different looking prompt for each
User executive (User EXEC)
Limited, basic show commands
Router>
Privileged executive (Privileged EXEC)
Similar to root on Linux, can show anything and access global
configuration mode
Use enable to enter mode
Use disable to leave mode
Router#
Global configuration mode
Needs do preceding commands from the executive modes, such as do
show run
Can access submodes for configuration of interfaces and such
Use configure terminal or config t to enter mode
Command exit takes you out of a config submode one level, end takes
you back to Privileged EXEC
Router(config)#
Commands are similar to those in other OS
command arguments
show running-config
description ISP Connection
You can use Tab key to auto-complete commands
show run<TAB> becomes show running-config
You can use the question mark to get a list of compatible commands or arguments
sh? displays show
show? displays running-config, startup-config
CLI will display problems with command, use of Tab and question mark help reduce
problems
Up and Down arrows cycle through last entered commands

Simple command examples
show running-config
show startup-config
show interfaces
show ip interfaces brief
show version
Spacebar or Enter can be used at the --More-- prompt. Enter will scroll one line, space
bar a full page
IOS Command Basics

Choose a naming convention for hostnames
Hostname configuration commands
enable
config t
hostname MySwitch
Passwords
Enable password
Access to privileged EXEC mode, non-encrypted or poorly encrypted in
config
enable password MyPassword
service password-encryption
Hides password from onlookers in config but can easily be
decrypted
Enable secret
Access to privileged EXEC mode, encrypted in config
enable secret MyPassword
Console password
Access to console
line console 0
password MyPassword
login
VTY password
Access over Telnet/SSH
line vty 0 15
password MyPassword
login
Banners
banner motd # message #
Shown to all connections
banner login # message #
Shown to only services that have login defined

Saving
copy running-config startup-config
write memory
reload
erase <ConfigName>
For NVRAM
delete vlan.dat
For flash memory
One can use TFTP to copy IOS files from flash to a server
show flash
copy flash: tftp:
c1900-universalk9-mz.SPA.152-4.M3.bin
192.168.1.100
Selecting a new IOS file to boot from
boot system flash0://c1900-universalk9-mz.SPA.152-4.M3.bin
Switch Configuration Basics

Boot sequence
Power-On Self-Test (POST) from ROM
Loads boot loader from ROM
Starts the CPU
Initializes flash
Loads the IOS from flash and continues booting the OS
Can recover from a forgotten password or system crash with boot loader
Connect a PC to the console port
Restart switch
Within 15 seconds press and hold the Mode button while the System LED is
flashing green
Continue to hold Mode until the System LED turns amber and then solid green
Release the Mode button
The console will display switch: as the prompt
LEDs
System LED - Power up/down
Redundant Power System (RPS) LED - Power up/down
Port Status LED - Link up/down, amber means blocked
Port Duplex LED - Green is full duplex, off is half
Port Speed LED - Green is 100 Mbps, blinking green is 1 Gigabit, off is 10 Mbps
Power of Ethernet (PoE) LED - Power up/down
VLAN 1 is default management VLAN
Recommended to change it, but do not remove VLAN 1 completely
To manage a switch, a Switch Virtual Interface (SVI) must be configured

This is essentially an interface/IP for a specific VLAN
SVI configuration
vlan 99
name Management
interface f0/1
switchport access vlan 99
interface vlan 99
ip address 192.168.99.1 255.255.255.0
no shutdown
ip default-gateway 192.168.1.1
Speed and duplex configuration
interface f0/1
duplex auto
speed auto
MDIX configuration
interface f0/1
mdix auto
show interfaces - Shows detailed information on interface configuration
Switch Security Basics

Secure Shell (SSH)
Encrypts shell access
SSH uses TCP port 22
Telnet uses TCP port 23
Recommended remote access method
SSH Configuration
show ip ssh - Will display result if device has cryptographic features enabled
ip domain-name mydomain.com
crypto key generate rsa
username UserLogin password UserPassword
line vty 0 15
transport input ssh
login local
Common Security Attacks
MAC Address Flooding
Generating thousands of MAC addresses and sending them out onto the
wire, causing a switch to learn too many and causing a CAM table
overflow
This crashes the switch or puts it into fail-open mode
Fail-open mode makes the switch act like a hub, flooding all
frames everywhere, so attacker can capture whatever they want

Can be mitigated with port security options
DHCP Spoofing
Attacker floods DHCP server with requests, using up all available leases
Attacker then sets up their own DHCP server to provide leases to clients,
usually with a different DNS server, default gateway set to the attack
computer, redirecting all traffic through it for capture
Can be mitigated with DHCP snooping and port security options
CDP
CDP is enabled on all ports by default
Provides useful information to an attacker capturing data on their access
port
Can be mitigated by disabling CDP or disabling it on access ports
Best Practices
Use secure communications methods
Encrypt passwords in configuration file
Control physical access to devices
Shut down unused ports
Use port security features
Use Access Control Lists (ACLs)
Security Tools
nmap
Nessus
Metasploit
Brute force crackers
Kali (BackTrack) Linux distro
Switch Port Security

Disable unused ports
shutdown
Can use interface-range command to apply to many ports at once
DHCP snooping tells the switch what ports can respond to DHCP requests
ip dhcp snooping - Enables globally
ip dhcp snooping vlan - Enables specific VLAN
ip dhcp snooping trust - On specific interfaces
Port security
switchport mode access - Remove it from a dynamic port status
Static MAC security - Only configured MAC address is allowed
switchport port-security mac-address
Dynamic MAC security - Learned during operation, stored in address table
Sticky MAC security - Learned during operation, stored in address table and
running config
switchport port-security mac-address sticky
switchport port-security maximum 2
Port Security Violation Modes
Protect - Once the limit of MAC addresses is reached, unknown source
addresses are dropped until MACs are removed or limit is raised. No
violation notification
Restrict - Same as Protect but with violation notification
Shutdown - This is the default mode. Immediately shuts down a port when
an unknown MAC is seen. Violation notification
switchport port-security violation
show port-security
show interface - Displays err-disabled status
show port-security interface - Displays secure-shutdown status
Network Time Protocol (NTP)
Retrieves time information from local or remote servers
Common to use domain controllers or other servers on a domain to ensure all are
synchronized
pool.ntp.org or more specific sub-pools such as us.pool.ntp.org also commonly
used
ntp server - Use specified server for time data
ntp master - Allow device to be queried for time data
show ntp associations - Display peers connected
show ntp status - Display NTP information
VLAN Basics
Virtual LANs, or VLANs segment your network on the Layer 2 boundary
Often used to segment based on logical business group or type of device
ACLs can be used to limit access between VLANs improving security
Performance is improved by reducing broadcast domains
VLAN types
Data - Most common VLAN, for PCs, servers, and other data devices
Voice - Used for VoIP phones, often paired with a Data VLAN on an access port
for a workstation
Often configured with a special command, different from defining a trunk,
although operation is essentially the same
Management - Used for remote administration of internetwork devices
Default - All ports are member of VLAN 1, the default VLAN upon initialization
Native - On an 802.1Q trunk port, untagged traffic is put onto this VLAN, by default
this is VLAN 1
Each trunk link can have a different native VLAN ID
show vlan or show vlan brief

VLAN Trunks
Standard is IEEE 802.1Q
Trunks allow multiple VLANs to be transmitted across one link, usually between
internetwork devices such as switches
Links with workstation PCs and VoIP phones are special trunks with a Data and
Voice VLAN on them
Without VLANs each port would need to be a different LAN when connecting
between switches and thus highly inefficient
802.1Q
New 4-byte VLAN tag is inserted into original Ethernet frame header
Fields
Type - 0x8100 for Ethernet
User priority - QoS value
Canonical Format Identifier (CFI) - 1-bit for Token Ring over Ethernet
VLAN ID (VID) - 12-bits which identifies the VLAN number, 4096 VLAN IDs
are supported
A new FCS is created after 802.1Q information is inserted
Creating VLANs
Standard Range VLANs are numbered from 1 to 1005
1002 to 1005 reserved for Token Ring and FDDI
VLAN 1 and 1002 to 1005 are automatically created
VLANs are in vlan.dat on the flash memory card
Must be manually deleted when resetting device to factory defaults
Extended Range VLANs are numbered from 1006 to 4094
Not written to vlan.dat
Not learned through VTP
VLAN Trunking Protocol (VTP) helps with VLAN management
Cisco proprietary
GARP VLAN Registration Protocol (GVRP) is the standard alternative for other
brands
vlan <number>
name <name>
interface f0/1
switchport mode access
switchport access vlan <number>
Deleting VLANs
no vlan <number>
show vlan brief
show interfaces vlan <number>
VLAN Trunks
VLAN Trunks allow multiple VLANs on one link
Otherwise each VLAN would need a separate physical link for uplinks
interface f0/1
switchport mode trunk
switchport trunk native vlan 99
show interfaces f0/1 switchport
Dynamic Trunking Protocol (DTP)
Allows nodes to negotiate trunk status
Cisco proprietary
Considered insecure
Auto
switchport mode dynamic auto
Allows interface to become a trunk
Neighbor must be in desirable or trunk mode
Considered the passive mode
Default mode for all interface
Desirable
switchport mode dynamic desirable
Interface actively tries to become a trunk
Neighbor must be in desirable, auto, or trunk mode
Considered the active mode
Default mode on old devices
switchport nonegotiate
Prevents interface from using DTP
show dtp interface
Show commands
show interfaces trunk
VLAN Security
Attackers can spoof being a switch and turn their link into a trunk if it is configured for
Auto mode
Allows them to access other VLANs
Double-tagging
Injecting a frame with two VLAN tags
Outer tag is same as native VLAN, inner is is victim VLAN
Switch reads native VLAN, sends it out to other switches
Second switch reads victim VLAN and floods it to destination
Best to separate management from user traffic

Use a separate, unique management VLAN
Change the native VLAN to something other than the default, 1
Do not use DTP, set all ports to access or trunk mode
Define which VLANs are allowed on the trunk
switchport trunk allowed vlan <numbers>
Define which VLANs are to be pruned via VTP
Layer 3 Switching
Switches operate at Layer 2
Layer 3 switching is another term for routing essentially, but very quickly at wire speeds
Preferred method for traversing VLANs in networks
Dedicated routers are now mostly just for WAN links and specialized connections
Cisco switches use Cisco Express Forwarding (CEF)
Layer 3 interfaces
Switch Virtual Interface (SVI) - For VLANs
Routed Port - Physical port configured as a router port
Layer 3 EtherChannel - Several ports acting as one
Configuration
Create a port dedicated to a single subnet
interface f0/1
no switchport
ip address 192.168.10.1 255.255.255.0
no shutdown
Create a VLAN interface
interface vlan 10
ip address 192.168.10.1 255.255.255.0
no shutdown
Routing Basics
Routing is a process that determines the best path for traffic to take from one network to
another
Allows communication between buildings, across great distances, between VLANs, etc.
Routers are similar to computers, they have similar hardware, just specialized on
function
Default gateways are used on nodes to offer a destination for unknown packets
Without default gateways each node would need to know the destination for
everything
Nodes can be configured with an IP either statically or dynamically
Routers work by reading the destination IP address of a packet and referencing the
routing table, sending the packet to the destination interface
Steps
PC puts source and destination IP into packet header
PC looks in ARP cache for MAC of L2 destination
PC does an ARP request if not there
PC puts source and destination MAC into frame header
PC sends to router
Router reads destination MAC, matches it to the interface
Router reads destination IP address
Router looks in route table for a match
Router checks ARP cache for MAC of next hop destination
Router performs an ARP request if not in ARP cache
Router rebuilds frame header
Router sends to next hop
Router makes decisions based on best path
Directly connected networks first
Remote networks second
Default gateway last
Dynamic routing protocols are also prioritized based on trust
EIGRP
OSPF
RIP
Two paths to same network can be load balanced if cost is the same
Multiple dynamic routing protocols can be configured and in use, different protocols have
different Administrative Distances (AD), lower is better
Directly connected is 0
Static route is 1
EIGRP is 90
OSPF is 110
RIP is 120
Route table contains entries of
Directly connected networks
Remote networks
Static route
Dynamic route
Route table entries
Route source
Destination network
Administrative distance
Metric
Next-hop
Route timestamp
Outgoing interface
Directly connected interfaces must be no shutdown to show
Routing Table Basics

Route table sections
Route source - Uses letters to designate where it was learned from
Destination network
Administrative distance
Metric
Next hop
Route timestamp
Outgoing interface
Kinds of routes
Ultimate route - Contains a next-hop IP or exit interface
Level 1 route - Equal or less than the classful mask of the network
Level 1 parent route - Subnetted level 1 route, heading entry for smaller subnets
Level 2 child routes - Subnet of a classful network address
When searching for a route, matches from top down and stops at the first match
If it matches a level 1 ultimate route, traffic is forwarded
If it matches a level 1 parent route, it searches the level 2 child routes and traffic
is forwarded on a subsequent match
If it matches a level 1 parent route but not a level 2 child route, traffic is dropped
If it matches nothing in the route table, traffic is dropped
Router-on-a-stick Configuration
On the switch create a trunk interface
int fa0/1
switchport mode trunk
switchport trunk native vlan 99
On the router create subinterfaces on the same trunk interface with the respective
subnets for the associated VLAN it will route
Match the subinterface number with the VLAN number to make life easy
int fa0/0
no shut
int fa0/0.2
encap dot1q 2
ip address 192.168.2.1 255.255.255.0
int fa0/0.3
encap dot1q 3
ip address 192.168.3.1 255.255.255.0

int fa0/0.99
encap dot1q 99 native
Show commands
show interfaces f0/1 switchport
show interface
show ip interface
show run
Static Routing Basics

Routers know of routes via static or dynamic routes
Pros
Static routes are not advertised to other routes unless specifically configured to
do so
Static routes are more secure due to administrator intervention needed to input
them
Cons
Static routes are difficult to manage due to the mentioned administrator
intervention
Failover abilities are limited
Does not scale well with large networks
Human error causes many issues
Types of static routes
Standard
Normal static route used for subnets
Default
Matches all packets (0.0.0.0/0)
Also known as Gateway of Last Resort
Summary
Can be used to match multiple subnets if networks are contiguous and
use the same next hop
Floating
A route with a higher administrative distance than the normal route
Takes over for the more trusted route with a lower AD if the link fails
Manual method of failover routes
Static Routing Configuration

ip route <subnet> <subnet mask> <next hop IP> <exit interface>
ip route 192.168.10.0 255.255.255.0 172.16.0.1 f0/1
Exit interface may be used exclusively on point to point connections

On multiple access networks such as Ethernet, next hop IP is required and exit interface
is not required
Providing the exit interface is recommended for performance
A router must do an additional lookup to determine the exit interface if not provided
Default route is same as a standard route but with 0.0.0.0 as the destination
ip route 0.0.0.0 0.0.0.0 172.16.0.1 f0/1
IPv6 equivalent of 0.0.0.0 is ::/0
Floating statics can be configured by appending a high AD value to the end of a static
route
Summary routes
Allows one route to match for multiple subnets that are contiguous
Often called supernetting
Summarizing steps
Write out the subnets in question in binary
Find the number of bits starting from the left side of each subnet that are
the same for all subnets
This will be the new prefix or subnet mask
Perform the ANDing process of one network against the new prefix to
determine the new network ID
Enter a static route for this new summary network
Show commands
ping
traceroute
show ip route
show ip interface brief
show cdp neighbors detail
show run
Make sure interfaces are no shutdown
Dynamic Routing Protocols Basics

Dynamic routing protocols have been around for many decades
One of the first was Routing Information Protocol (RIP) which was still taught in CCNA up
to the last revision
Dates back to 1980s
RIPv1 was classful
RIPv2 was classless
Other protocols have been developed to provide faster/better routing decisions and
failover capabilities
Intermediate System-to-Intermediate System (IS-IS)
Interior Gateway Routing Protocol (IGRP) - Cisco proprietary, deprecated

Enhanced IGRP (EIGRP) - Cisco proprietary
Routing protocols provide
Discovery of networks
Automatic route updating
Best path determination
Failover and load balancing
Ease of administration for new networks or changes
Reduction of human error
RIP operation steps
Upon boot router adds directly connected networks to route table
Sends an update out all configured interfaces with known connected networks in
its route table
Receives an update from a neighbor router about other networks and adds that to
the routing table with a metric of 1
Repeats process between other routers during each periodic update, slowly
converging their routing tables
Routing protocols are in different classifications
Legacy
RIPv1 - Classful
IGRP - Classful
Distance Vector
Based on number of hops or routers, a network is away
Usually slower convergence
Sends periodic updates of entire route table
RIPv2 - Classless
EIGRP - Classless
Link-State
Gathers information on all connections in the network and builds an
internal map. Also uses many variables such as link speed to help
determine best path
Usually faster convergence
Sends up/down link updates only when changes occur
OSPF - Classless
IS-IS - Classless
Path-Vector
BGP - Classless
Most are interior gateway protocols, BGP is the exception
Distance Vector Routing Protocols

Distance vector protocols are not aware of the entire network topology like link-state
protocols
They share updates of their full routing tables to each other every so many seconds
RIP is 30 by default
Older protocols such as RIPv1 broadcast the updates
Newer protocols such as RIPv2 and EIGRP use multicast
RIP uses the Bellman-Ford algorithm
RIP includes the following features
Updates sent every 30 seconds to a multicast address (224.0.0.9)
Hop count is used as the metric for routes
Hop of 15 is the maximum, when packets exceed that they drop from the network
to prevent looping floods
IGRP and EIGRP use the Diffusing Update Algorithm (DUAL)
EIGRP includes the following features
Bounded triggered updates
Does not send periodic updates like RIP, only when needed and only to
the neighbors that need to know
Hello keepalive
Topology table
Saves backup paths for failures
Fast convergence
Due to topology table, backup routes are inserted immediately when
needed
Layer 3 independence
Can support IPv4, IPv6, IPX, AppleTalk
RIP Configuration
Configuration is rather simple
router rip
version 2 - Always enable unless youre in 1990
no auto-summary - Can often cause problems with mixed RFC 1918 networks
network 192.168.10.0 - You define the local networks that are to be shared via RIP
It is recommended for performance and security that passive-interface is used on
interfaces that do not connect to a router
By default, RIP sends updates out all interfaces that have RIP enabled (via the
network command)
Default gateway information can be distributed with default-information originate

Uses the Shortest Path First (SPF) algorithm
Much more complex but more feature-rich

Uses a calculation of link cost based on a variety of variables to determine best path
Open standard from the IETF, dates back to the late 1980s
OSPFv2 is used for IPv4, OSPFv3 is used for IPv6
Classless, efficient, fast, very scalable, supports security
Databases
Adjacency database - Neighbors
Link-state database (LSB) - Topology table
Forwarding database - Populates routing table
Packets
Hello - Establish and maintain adjacency with neighbor
Every 10 seconds usually, 30 on Frame Relay
Sent to 224.0.0.5 or FF02::5 multicast address
Includes a dead timer to remove neighbors after certain time if no hello
packet is received
Database description - Contains short list of LSDB used for checking against
local LSDB
Link-state request - Request more information on an entry
Link-state update - Reply to LSR and to announce new information
Link-state acknowledgement - Acknowledges an LSU
Operation steps
Router learns about directly connected networks
Exchange hello packets with neighbors
Build a Link-State Packet (LSP) with information on each link
Flood the LSP to neighbors
Routers collect the LSPs from neighbors and construct a topology map
They then run their SPF algorithm and create an SPF Tree, which is used to
populate the routing table
Areas
Single-area - All routers are in one area and communicate to each other
Multiarea - Routers are in different Autonomous Systems (AS), only routers in one
AS communicate to each other. Routers bordering the different AS offer
connectivity between them
States
Down
Init
Two-Way
ExStart
Exchange
Loading
Full
Designated Routers (DR) and Backup Designated Routers (BDR) are used as central
data repositories instead of having all routers share all data with each other and flood the
network
Used on multi-access networks
Highest interface priority or highest router ID or IPv4 address wins
Election only occurs on initial network boot
OSPFv2 Single-Area Configuration

router ospf <process id>
Process ID is local to the router, can be any number from 1 to 65535. Usually 1 unless
running multiple OSPFs to share between AS
Router IDs uniquely identify an OSPF router and allow it to participate in Designated
Router election
During initial boot of an OSPF network (if all routers turned on at once) highest ID
becomes DR, second highest is BDR
router-id <id IP> - Any 32 bit number written as an IPv4 address
If no router-id is specified, highest IPv4 address of any loopbacks is chosen
If no loopbacks are present, highest IPv4 address of any interface
See comment earlier about using loopbacks for management access, it is also
highly useful for this purpose
Within the ospf configuration prompt use a similar command as RIP and EIGRP to define
networks to share
network 192.168.10.0 0.0.0.255 area 0
Second IP is a wildcard mask, an inverse of the subnet mask, but can be
configured in other ways to do more powerful matches
passive-interface is also used as with RIP
OSPF link cost is calculated by default with
Reference bandwidth / interface bandwidth
Reference bandwidth by default is 100,000,000
100,000,000 bps / interface bandwidth in bps
Due to the use of 100 Mbps as the reference, both 100 Mbps and 1 Gbps (as well
as higher speeds) both have a cost of 1
This is due to OSPF rounding up to the next integer of a calculated cost
Reference bandwidth can be changed with auto-cost reference-bandwidth
1000 to support 1 Gbps links for example, as the command value is expressed in
Mbps
Interfaces have default bandwidth values, such as 1.544 Mbps for serial
This may not be optimal due to the many different bandwidth available,
especially for WAN links
Make sure to set bandwidth values for all interfaces instead of using the
defaults
You can also set the cost manually with ip ospf cost <value>
Change the OSPF priority
ip ospf priority 255

Default static route
ip route 0.0.0.0 0.0.0.0 192.168.1.1 fa0/1 or ipv6 route ::/0
default-information originate
Modifying intervals
ip ospf hello-interval 5
ip ospf dead-interval 10
Supports three types of authentication
Null - No password
Simple password - Plaintext password sent over the network
MD5 - Generates a hash that is sent
OSPFv3 does not have any authentication built-in, it relies on native IPv6
capabilities (IPsec)
ipv6 ospf authentication ipsec spi
Configure MD5 Authentication
ip ospf message-digest-key 1 md5 MyPassword
area 0 authentication message-digest
Can also be applied in an interface instead of globally
Show commands
show ip ospf neighbor
show ip protocols
show ip ospf
show ip ospf interface brief
show ip ospf interface
show ip route ospf
clear ip ospf 1 process
IPv6 commands essentially the same but have ipv6 in them
OSPFv3 uses IPv6 Link-Local addresses
Best to manually configure so they are easier to remember
ipv6 router ospf 1 - Basically the same as IPv4
Show commands are the same but with ipv6
OSPF Multi-Area Basics

Previous examples have shown all routers in one area, a Single-Area OSPF instance
Multi-Area help reduce processing and memory overhead for large environments with
large routing tables
Advantages
Smaller routing table
Less link-state update overhead (fewer LSAs exchanged)
Lower frequency of SPF calculations
Two areas
Backbone (Transit) Area - Routers or switches involved in fast transit of IP

packets from one place to the next, similar to the Distribution or Core layer for
switch hierarchy
Regular (Non-backbone) Area - End users network, must talk to a Backbone area
to get to other Regular areas
Router types
Internal router - All interfaces in the same area
Backbone router - Usually area 0
Area Border Router (ABR) - Connects to multiple areas
Autonomous System Boundary Router (ASBR) - Connects to an external network
of some kind, a non-OSPF network
LSAs act as database records and provide network details
11 types of LSAs, the first five are required for Multi-Area OSPF
LSA Types
Type 1
Router link entries
Flooded within the area they originated
Type 2
Contains router ID and IP address of the DR and all routers on the
segment
Created for every multiaccess network in the area
Flooded within the area they originated
Type 3
Collective data from type 1 LSAs
Created for every network learned
Flooded from one area to another
Used to advertise networks from other areas
Type 4
Generated by an ABR when an ASBR exists within an area
Advertises external networks into a routing domain
Type 5
Describes routes to networks outside of the OSPF AS
Generated by the ASBR
Flooded to everyone in the AS
OSPF Multi-Area Configuration

Demo of multiarea config
Route summarization
Useful for limiting number of Type 3 LSAs flooded onto backbone, for example
What would be 50 Type 3 LSAs to be flooded for 50 networks, can be reduced to
one or two advertisements to be flooded
Can only be configured on ABRs or ASBRs

Either interarea or external route summarization
Interarea route summarization
Occurs on ABRs
Does not apply to external routes
area 0 range 10.0.0.0 255.0.0.0
External route summarization
Occurs on ASBRs
Does not apply to internal routes
EIGRP Basics
Released in 1992 as a Cisco proprietary protocol
Basic functionality has now been released as an IETF standard
Uses Diffuse Update Algorithm (DUAL)
Guarantees loop-free and backup paths
Stores all backup paths ready to use
Establishes neighbor adjacencies like OSPF
Reliable Transport Protocol (RTP) used to deliver EIGRP packets
Unique to EIGRP
Offers reliable and unreliable transit
Cannot use UDP/TCP due to protocol independence
Update packet is sent reliably
Hello packet is sent unreliably
Unicast and Multicast
224.0.0.10
FF02::A
Updates
Does not send periodic updates
Partial - Link up or down
Bounded - Term for partial updates sent to only routers that need it
Load balancing
Equal or unequal cost
Can route many different protocols via Protocol-Dependent Modules (PDMs)
IPv4
IPv6
IPX
AppleTalk
Authentication supported
Router ID
Used by both IPv4 and IPv6
Used for identification of originating router during redistribution of external routes
Uses defined router-id, highest loopback, or highest interface as Router ID

Hello packets
Unreliable delivery
Multicast
Update packets
Reliable delivery
Unicast or multicast
Acknowledgment packets
Unreliable delivery
Unicast
Query packets
Reliable delivery
Unicast or multicast
Reply packets
Reliable delivery
Unicast
EIGRP Configuration
IPv4
router eigrp 1
eigrp router-id 10.0.0.1
network 192.168.1.0 0.0.0.255 - Can omit the wildcard mask, but then uses
classful address, I prefer being specific
passive-interface fa0/1 - Same as other protocols, prevent EIGRP from sending
packets out interfaces where no routers are
no auto-summary
show ip eigrp neighbors
show ip protocols
show ip route
IPv6
ipv6 unicast-routing
int fa0/1
ipv6 address FE80::1 link-local
ipv6 router eigrp 1
eigrp router-id 10.0.0.1
passive-interface fa0/5
show ipv6 eigrp neighbors
show ipv6 protocols
show ipv6 route
Default routes
redistribute static
Show commands
IPv4
show ip eigrp neighbors
show ip route
show ip protocols
show ip eigrp interfaces
IPv6
show ipv6 eigrp neighbors
show ipv6 route
show ipv6 protocols
show ipv6 interface brief
show ipv6 eigrp interfaces
EIGRP Metrics and DUAL

Bandwidth
Default
Kilobits per second
Set your bandwidth values on your interfaces! Dont let it use the defaults!
conf t
int fa0/1
bandwidth 1536
Uses slowest bandwidth in a path
Takes 10,000,000 and divides by lowest interface bandwidth, rounded down
Delay
Default
Microseconds
Sum of all delays in a path
Divides sum of all delays by 10
Reliability
Optional
Not recommended due to frequent topology changes
Fraction of 255 (255/255 is 100% reliability)
Load
Optional
Not recommended due to frequent topology changes
Fraction of 255 (255/255 is full saturation)
Metrics are K1 to K5, K1 and K3 represent bandwidth and delay, K2 represents load, and
K4 and K5 represent reliability
1 = on, 0 = off
K1 and K3 are set to 1, K2, K4 and K5 are set to 0
show ip protocols - Shows k values

Configuration
config t
router eigrp 1
metric weights tos k1 k2 k3 k4 k5
show interfaces - Shows metric values of an interface
DUAL
Diffusing Update Algorithm (DUAL) determines the best loop-free path and
backup paths
Terms
Successor
Neighboring router that is used for forwarding packets
Feasible Successor (FS)
Neighboring router that has a loop-free backup path to the same
network as the Successor and satisfies the Feasibility Condition
(FC)
Feasible Distance (FD)
The lowest calculated metric to reach the destination network
Reported Distance (RD) or Advertised Distance (AD)
The total metric to a destination network
Feasible Condition or Feasibility Condition (FC)
Condition is met when a neighbors Reported Distance (RD) to a
network is less than the local routers feasible distance
Decision process is done by the DUAL Finite State MAchine (FSM)
show ip eigrp topology
show ip eigrp topology all-links
EIGRP Tuning and Security

Tuning
EIGRP only uses 50 percent of a link's bandwidth for EIGRP packets
int fa0/1
ip bandwidth-percent eigrp 1 75
ipv6 bandwidth-percent eigrp 1 75
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 65535
ipv6 hello-interval eigrp 1 2
ipv6 hold-time eigrp 1 65535
Change number of load balancing paths used
router eigrp 1
maximum-paths 4
Security
Uses MD5 authentication to ensure routing information is correct

conf t
key chain MyKeys
key 0
key-string MyPassword
int fa0/1
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 MyKeys
ipv6 authentication mode eigrp 1 md5
ipv6 authentication key-chain eigrp 1 MyKeys

Similar idea to a firewall rule
Restricts access in a variety of ways, depending on type of ACL
Can be implemented on routers or Layer 3 switches
Improves security by assisting in restricting traffic in addition to VLAN segmentation
Uses rules to inspect TCP/UDP traffic and act upon what it finds in the header
Usually source and/or destination IP and/or port
Fancier devices can do Layer 7 inspection now
Can be applied to inbound or outbound traffic on every interface
Always have an implied deny any at the end of the list
Matches first entry
Types
Standard - Only looks at source IP
Extended - Looks at source and/or destination IP, source and/or destination port,
protocol type, additional options
Both Standard and Extended can use either name or number to identify them
For numbers, usually use
Standard - 199 and 13001999
Extended - 100199 and 20002699
Place standard ACLs nearest the destination you want to control
Place extended ACLs nearest the source you want to control
Entries in an ACL are called Access Control Entries (ACE)
ACEs use wildcard masks like OSPF, except IPv6 which uses prefix-length
Wildcard masks
0 bit - Match the bit value in the address
1 bit - Ignore the bit value in the address
host can be used instead of 0.0.0.0
any can be used instead of 255.255.255.255
To improve performance, keep ACEs as minimal as possible, try to match as much as
possible with one entry
IPv6
Named ACLs only, same as IPv4 Extended ACL
No wildcard masks, only prefix
ipv6 traffic-filter - Command used to apply to an interface
ipv6 access-list myaclname
show ipv6 interface
Standard IPv4 ACL Configuration

Creating a numbered Standard ACL
access-list 1 deny 192.168.1.100
access-list 1 permit 192.168.1.0 0.0.0.255
Applying to an interface
interface fa0/1
ip access-group 1 out
Creating a named Standard ACL
ip access-list standard myaclname
Comments
access-list 1 remark some comments about the acl
Allows easy identification
ACLs can be edited by copy/paste into a text editor, or sequence numbers for Named
ACLs
show access-lists 1
ip access-lists standard
no 10
10 deny host 192.168.1.100
show ip interface
show access-lists
Extended IPv4 ACL Configuration

Creating a numbered Extended ACL
access-list 100 deny tcp 192.168.1.100 0.0.0.0 any eq 80
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
Applying to an interface
interface fa0/1
ip access-group 100 out
Creating a named Extended ACL
ip access-list extended myaclname
Comments
access-list 100 remark some comments about the acl
Allows easy identification

ACLs can be edited by copy/paste into a text editor, or sequence numbers for Named
ACLs
show access-lists 100
ip access-lists extended
no 10
10 deny host tcp 192.168.1.100 any eq 80
show ip interface
show access-lists

Assigns IP addresses and other IP options automatically to nodes
Allocation methods
Manual - Reservations, only one specific IP is given to the client
Automatic - Permanently assigns an IP to a client from a pool
Dynamic - Assigns or leases an IP to a client for a period of time
The most common method
DHCP Steps
DHCPDISCOVER - Client broadcasts for a DHCP server
DHCPOFFER - DHCP server responds with an IP to the client
DHCPREQUEST - Client acknowledges receipt and repeats IP to server, also
used for renewals
Renewals happen at half the lease expiration timeframe
DHCPACK - Server acknowledges receipt and repeats IP to client
DHCPv6 specifics
Stateless Address Autoconfiguration (SLAAC) or DHCP
SLAAC can allow a client to get an IP without a DHCP server
Operation
Client sends Router Solicitation (RS) to router
Router sends Router Advertisement (RA) with prefix to client
Client creates its own IPv6 address with that basic information
Either with EUI-64 or randomly generated
DHCP Configuration
Most other networking products have you define a range to use for the IP pool, Cisco has
you define exclusions first, then it uses the rest of the subnet
First exclude addresses and ranges you do not want in the pool
Next configure your pool
Last add DHCP options to the pool

ip dhcp pool mypoolname
network 192.168.1.0 255.255.255.0
default router 192.168.1.1
dns-server 192.168.1.1
domain-name mydomain.com
show run | section dhcp
show ip dhcp binding
show ip dhcp server statistics
ip helper-address - Send DHCP requests to a different server not on the subnet
ip address dhcp - Make interface a DHCP client on the router or switch
Show commands
show ip dhcp conflict
show interface
show ip interface
show run
Network Address Translation (NAT)

Network Address Translation (NAT) helps solve the issue with IPv4 address exhaustion
Before RFC 1918, everyone used public addresses
It was determined in the 1990s that we would soon run out of IPv4 addresses,
which has now happened
NAT provides several private ranges of IP addresses that can only be used
internally
Traffic is then translated to apublic IP when accessing the internet
This also provides for some minimal security in that your internal addresses are
hidden and non routable on the internet
Types of addresses
Inside local - Internal address of the client being translated
Inside global - The address of the destination
Outside local - The address of the destination as seen from the inside network
Outside global - The address of the destination as seen from the outside network
Types of NAT
Static - One-to-one translation, common for servers accessing the Internet
Dynamic - Many-to-many or many-to-one translation, common for DHCP clients
accessing the Internet
Port Address Translation (PAT) - Also known as NAT overloading, this translates
the port when a port is already in use, commonly used with Dynamic NAT for
DHCP clients
IPv6
You would think that with 340 trillion trillion trillion addresses, IPv6 wouldnt need
NAT, but it does have an implementation of it

340,000,000,000,000,000,000,000,000,000,000,000,000
Originally it was supposed to not have any NAT, but added later
Unique Local Addresses (ULA)
RFC 4193
Meant to provide local-only communications, but not to solve any IP
address space issues
FC00::/7
Known as local IPv6 addresses NOT IPv6 link-local addresses
Cant wait to start having those troubleshooting conversations, do
you?
Non routable on the Internet
NAT64 allows for IPv6 devices to talk to IPv4 devices via NAT
Beyond scope of CCNA
NAT Configuration
Static NAT
static (inside,outside) 4.2.2.2 192.168.1.99 netmask 255.255.255.255
show ip nat translations
show ip nat statistics
clear ip nat statistics
Dynamic NAT
int fa0/0
ip nat inside
int fa0/1
ip nat outside
ip nat pool mypoolname 192.168.1.10 192.168.1.254 netmask 255.255.255.0
ip nat inside source list 1 pool mypoolname
clear ip nat translation *
PAT
ip nat pool mypoolname 192.168.1.10 192.168.1.254 netmask 255.255.255.0
ip nat inside source list 1 pool mypoolname overload
clear ip nat translation *
Port Forwarding
Allows access to your internal network (or hopefully DMZ) from the public internet
or other untrusted network via one or more ports.
Public address is translated via a static NAT to internal address, for only
one or more define ports
Inside interface for LAN needs
ip nat inside
Outside interface for WAN needs
ip nat outside
You can also change the port from inside to outside
Useful for when running multiple similar servers off one IP, such as
webservers
ip nat inside source static tcp 192.168.1.99 1234 4.2.2.2 4321
Show commands
clear and debug
debug ip nat detailed
Spanning Tree Protocol (STP)

Building a network that is fault tolerant and redundant causes other problems
Redundant links cause loops in the network
Ethernet has no TTL field like IP, frames loop forever causing processing and
sometimes bandwidth to overload
Can also cause broadcast storms, quickly taking down a network
Can also receive duplicate unicast frames at a device
Spanning Tree Protocol and other protocols have been developed to combat this issue
Spanning Tree works by negotiating a port to disable (blocking) if a loop is detected
This disability is temporary and can be lifted if the primary link fails
There are actually multiple versions of STP such as MSTP, RSTP, etc.
Root and backup root bridges are elected upon initial boot of the network
STP enabled switches exchange STP BPDUs
Root bridge has the lowest Bridge ID, backup root is second lowest Bridge ID
Bridge ID is determined by priority value, lowest MAC, and extended system ID of
switch
Then Spanning Tree Algorithm on each non-root switch calculates shortest path to the
root
All roads lead to root
STA considers both path and port costs (speed)
Lowest calculated path cost wins
Ports are then assigned roles
Root - Closest to the root bridge

Designated - All non-root ports. The root bridge has all designated ports
Alternate and backup - Ports that are put in blocking mode to prevent a
loop. Only one end of a link is blocked
Disabled - Port is shut down
Port costs
10 Gbps = 2
1 Gbps = 4
100 Mbps = 19
10 Mbps = 100
Can override port costs with spanning-tree cost # on an interface
Path cost
Sum of all port costs from switch to root bridge
Lowest path is preferred and becomes root port
Re-election
All switches assume they are root bridge upon boot
Switches continually send BPDUs every 2 seconds
If a switch with a lower MAC is inserted into a network it can cause a
reconfiguration and may cause some dropped frames as links are changed
Forcing a root bridge
Default is Bridge Priority is 32768
Set Bridge Priority to 0
Extended System ID
Used for VLAN information
Can have a different root bridge for each VLAN
Spanning Tree Flavors
STP
Original version, does not support VLAN instances
Replaced with RSTP
Very slow response to an failure, 30-50 seconds
PVST+
Cisco proprietary, adds VLAN instance capabilities to STP
Supports PortFast, UplinkFast, BackboneFast, BPDU Guard, BPDU Filter,
Root Guard, Loop Guard
802.1D-2004
Update of STP, includes 802.1w
Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w)
Improvement over STP to provide faster convergence
Replaced STP
Preferred standard protocol
Uses Edge Ports to designate ports that will never be connected to other
switches (access ports)
Same as PortFast
Immediately transition to forwarding state

Link Types
Point-to-Point
Direct connection to another switch, full duplex
Shared
Connection to a hub, half duplex
Rapid PVST+
Cisco proprietary, adds VLAN instance capabilities to RSTP
Supports PortFast, BPDU Guard, BPDU Filter, Root Guard, Loop Guard
Preferred Cisco proprietary protocol
Multiple Spanning Tree Protocol (MSTP)
IEEE standard based on Cisco proprietary MISTP
Multiple VLANs on one STP instance
Supports PortFast, BPDU Guard, BPDU Filter, Root Guard, Loop Guard
Common port states
Blocking - Starts out blocked
Listening - Listens for the path to root
Learning - Learns MAC addresses to start frame forwarding
Forwarding - Normal operation
Disabled - Administratively disabled, shut down
Spanning Tree Configuration

spanning-tree vlan 1
Changing Bridge ID
spanning-tree vlan 1 root primary
spanning-tree vlan 1 root secondary
spanning-tree vlan 1 priority 24576
spanning-tree vlan 1 priority 24576
PortFast
Transitions port to forwarding immediately, same as an RSTP Edge Port
Used for access ports that do not connect to switches
spanning-tree portfast - Interface config option
spanning-tree portfast default - Global config option, enables on all ports that
are not trunks
BPDU Guard
spanning-tree bpduguard enable - Interface config option
spanning-tree bpduguard default - Global config option, enables on all ports
that are not trunks
Show commands
show spanning-tree active
show spanning-tree
Rapid PVST+
spanning-tree mode rapid-pvst
Show commands
show cdp neighbors
show spanning-tree
show spanning-tree vlan 1
Redundancy Protocols
End devices cannot be configured with more than one default gateway
When that gateway fails, connectivity is lost
STP helps deal with switching failures, but if the router handling IP traffic for a subnet
fails, connectivity still is lost
Solution is to have hot standby devices that automatically take over for a failed device
Variety of hardware redundancy protocols
Hot Standby Router Protocol (HSRP)
Cisco proprietary, allows for an active/backup designation
HSRP for IPv6
Cisco proprietary for IPv6, allows for an active/backup designation
Virtual Router Redundancy Protocol version 2 (VRRPv2)
Standard protocol that offers similar functionality to HSRP
VRRPv3
Same as VRRPv2 but provides IPV6 as well as IPv4, supported by
multiple vendors and is more scalable than VRRPv2
Gateway Load Balancing Protocol (GLBP)
Cisco proprietary, allows for active/backup and load balancing
GLBP for IPv6
Cisco proprietary for IPv6, allows for an active/backup designation and
load balancing
ICMP Router Discovery Protocol (IRDP)
RFC 1256, legacy protocol
show standby - Show HSRP state
show glbp - Show GLBP state
Link Aggregation Basics

Faster speed requirements traditionally were met with increased port speed and cable
specifications
While still true, costs may be reduced by using link aggregation
Link aggregation provides the ability to bundle ports together into groups (Link
Aggregation Group, LAG) and add their bandwidth together essentially
Also provides failover capability within the bundled link

If one link in a group fails, the rest will still work
Overrides STP blocking the duplicate links but still ensure compatibility
Link aggregation options
Link Aggregation Control Protocol (LACP)
IEEE standard 802.1ax, previous version 802.1ad
EtherChannel (Port Aggregation Protocol, PAgP)
Cisco proprietary
Can use between switches, or from switch to server
Many server NIC drivers allow for NIC teaming if there are multiple ports, which
allows for LAG configuration to communicate with a defined LAG on a switch
EtherChannel details
Provides full-duplex connectivity with up to 8 ports in a group
800 Mbps with Fast Ethernet, 8 Gbps with Gigabit
Up to six EtherChannel groups
Packets are sent between EtherChannel ports to negotiate
Sent every 30 seconds
Ports must be configured with same speed, duplex, and VLAN settings
Modes
Similar to trunking modes (trunk, desirable, auto)
On - Forces channel, no PAgP packets used
PAgP desirable - Active sending of PAgP packets to negotiate a channel
PAgP auto - Passive receiving of PAgP packets to negotiate a channel
LACP details
Modes
Similar to trunking modes (trunk, desirable, auto)
On - Forces channel, no LACP packets used
LACP active - Active sending of LACP packets to negotiate a channel
LACP passive - Passive receiving of LACP packets to negotiate a channel
EtherChannel Configuration
interface range fa0/1-2
channel-group 1 mode on
LACP Configuration
interface range fa0/1-2
channel-group 1 mode active
show etherchannel
Wireless Basics and Security

Devices needed
Wireless NIC
Wireless router (common for home use)
Wireless Access Point (WAP), common for business use

Autonomous APs
Individual APs that are configured independently
Common for homes and small offices
Controller APs
Require either a server (controller) to configure and operate, or
communicate between themselves to select an AP to be the
controller, or act as a hive mind
Common for larger businesses and offices
Many business that sell AP solutions, Cisco/Meraki, Aruba, Aerohive, Netgear,
SonicWALL, etc.
Antennas
Omnidirectional
Standard rubber duck antenna most commercial products use
Directional
Communicates in one direction, usually looks like a dish of some
kind
Yagi
Looks like an old TV antenna, a pseudo-triangle that points in one
direction, used for long distances
Modes
Ad hoc - When two devices connect directly (laptop to laptop for example)
Infrastructure - When devices connect to an AP
Basic Service Set (BSS)
A single AP connecting all clients
Common in homes and small offices
Extended Service Set (ESS)
Multiple APs connecting clients
APs broadcast one or more Service Set Identification
(SSID)
AP signal coverage overlaps to provide good quality
coverage
APs use different channels to avoid data collisions
Common in larger businesses and offices
Header
Frame Control
Type of wireless frame, protocol version, power, security, etc.
Duration
The remaining duration needed to receive next frame
Address1
MAC of receiving device
Address2
MAC of transmitting device
Address3
Optional MAC of destination such as default gateway
Sequence Control
Sequence number and fragment number
Address4
Only used in ad hoc mode
Payload
Data from application
FCS
CRC for Layer 2 error detection
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
Similar to CSMA/CD but without collision detection since that is unreliable in
wireless
Wifi is half-duplex
Management frames
Used to connect to an AP
Discover
Authenticate
Associate
Association parameters
SSID - Network name
Password
Network mode - 802.11a/b/g/n/ac/ad
Security mode - WEP, WPA, WPA2
Channel settings - 11 in North America, 13 in Europe
Discovering a network
Passive client - AP sends out SSID beacon, network shows on client for selection
Active client - AP does not send out SSID, client must be configured with
connection settings
Security modes
Open - Anyone can connect
Shared key - Client must have the secret key
802.1X - Username and password authentication checked against a local or
remote server database, often used in large businesses
Channel management methods
Direct-sequence spread spectrum (DSSS)
Spreads a signal over a larger frequency band reducing interference
A signal is multiplied by a known code, the receiver knows of the same
code and can reconstruct the signal
Used by 802.11b, cordless phones, CDMA cellular, GPS
Frequency-hopping spread spectrum (FHSS)
Similar to DSSS but rapidly changes frequency channels
Receiving node must know which channel to listen on
Used by walkie-talkies and 900 MHz cordless phones, Bluetooth

Orthogonal frequency-division multiplexing (OFDM)
Creates subchannels that are orthogonal to each other to allow
overlapping
Very efficient at channel usage
Used by 802.11a/g/n/ac
Channel selection
1, 6, 11 are non-overlapping and good choices
Check nearby channel use though
Sometimes better to use 3 and 8 or similar ones in-between the main channels
most people use
802.11n can use channel bonding to turn two 20 MHz channels into one 40 MHz
channel
DoS attacks
Spoofed disconnect - Attacker sends disassociate commands to all clients,
clients reconnect causing a lot of traffic
CTS flood - Attacker floods Clear to Send (CTS) frames to a bogus STA, clients
wait until attacker stops sending CTS frames
Rogue Access Points
Issue in offices, if someone brings in a home router and connects it at their desk
Original mitigation techniques
SSID cloaking - Disable the SSID beacon, clients can still try to guess the
connection
MAC address filtering - ACL of MAC addresses allowed on wireless network
Authentication methods
Wired Equivalent Privacy (WEP)
Original 802.11 specification
Uses RC4 encryption
Can now be hacked within 5 minutes
Wi-Fi Protected Access (WPA)
Wi-Fi Alliance standard, uses WEP but with Temporal Key Integrity
Protocol (TKIP) or Advanced Encryption Standard (AES) to encrypt data
better
IEEE 802.11i/WPA2
Wi-Fi Alliance calls it WPA2
Uses AES for encryption
Suggested setting
IOS Naming Scheme

Software release families share code and apply to certain hardware
Software releases within a family include 12.3, 12.4, 15.0, 15.1
Bug fixes and feature additions to software releases are called IOS trains
Software families may have two or more trains
For example, 12.4 has two trains
Mainline - Always associated with a technology train (T)
Technology - Receives bug fixes from mainline as well as new features
12.4 and 12.4T
Number is composed of
Train number
Maintenance number
Rebuild number
12.4(21a)
Pre-v15 packages
IP Base - Entry-level package
IP Voice - VoIP features
Advanced Security - VPN features such as IPsec, firewall, IDS/IPS
Service Provider (SP) - SSH/SSL, ATM, MPLS, etc.
Enterprise Base - Appletalk, IPX, etc.
15.0 was released after 12.4
Improved features and hardware support
Consolidated features
Simplified numbering system
15.0 now has new release system
New releases, T trains available 2 or 3 times per year
Extended Maintenance (EM) releases every 16 to 20 months
EM releases include all features and fixes of T releases
EM for long term maintenance schedules, T for standard maintenance schedules
Parts of a 12.4 image name
Image Name
Feature set
Run location and compression
Train number, maintenance release number, train identifier
File extension
Parts of a 15.0 image name
Image Name
Image Designation
Run location and compression
Cisco signature
Major release, minor release, maintenance release, rebuild numbers
File extension
IOS Licensing
With 15.0 feature sets are now included and unlocked with a license key
Steps
Purchase license from Cisco
Use Cisco License Manager (CLM) or the Cisco License Registration Portal to
retrieve the license file
Apply to router with license install Location
show version
show license
Evaluation license process
conf t
license accept end user agreement
license boot module ModuleName technology-package PackageName
reload
Backup a license
license save flash0:
Uninstall a license
license boot module ModuleName technology-package PackageName
disable
reload
license clear FeatureName
no license boot module ModuleName technology-package PackageName
disable
WAN Basics
WANs are owned by service providers, organizations lease a connection
Needed to interconnect LANs
Can also use the public internet with a VPN tunnel
WANs operate on layer 1 and 2
Common now to get a Metro Ethernet connection that integrates easily with your
network
Terms
Customer Premises Equipment (CPE)
Subscriber owns equipment or leases from provider
Data Communications Equipment (DCE)
Owned by the provider, often found in the demarc
Puts data on the local loop
Data Terminal Equipment (DTE)
Owned by the subscriber
Transfers data from LAN to DCE for transfer to the WAN
Demarcation Point
Often a common closet in a building where all phone and data
terminations occur for providers

Spot where responsibility changes hands from provider to subscriber
Local Loop
The cable that connects to the CO, often called the last mile
Central Office (CO)
Local service provider building that connects to the larger provider network
Toll network
All of the equipment, cabling, etc inside the providers network
Equipment
Dialup modem
Legacy method, converts data into voice frequencies for transmission
over phone lines
Access server
Concentrator for dialup connections
Broadband modem
Used with DSL, cable, or fiber Internet access
CSU/DSU
CSU offers termination for the digital signal
DSU converts the line frames into LAN frames
Often one device integrated into a router or similar device
WAN switch
Used by a provider
Router
Provides access to the WAN through compatible interfaces such as serial
connections
Core router/Multilayer switch
Backbone router in the core of a WAN
Circuit vs Packet Switching
Circuit
Legacy method, one dedicated connection would be created from point A
to point B
If traffic was not being sent over connection, bandwidth would be wasted
Loss of connection could occur due to network changes and failures
Packet
All traffic shares the medium
Packets of data have addressing data to let internetwork devices know
where to send the data
Lack of transmission by one location allows for more bandwidth to be
used by others
Traffic can be rerouted due to network changes and failures
Many options for WAN connectivity
Private options
Leased Line
Been around since the 1950s

Dedicated line
Legacy method
PSTN
Public Switched Telephone Network
Dialup
Legacy method
ISDN
Integrated Services Digital Network
Circuit-switched method
128 kbps maximum
Legacy method
Frame Relay
Uses PVCs which are identified by a data-link connection identifier (DLCI)
Supports virtual circuits (VCs)
ATM
Asynchronous Transfer Mode
Can transfer any kind of data
Uses cells instead of frames, 53 bytes in size
Needs 20 percent more bandwidth than Frame Relay due to overhead
MPLS
Multiprotocol Label Switching (MPLS)
Can carry any traffic including ATM, Frame Relay, etc.
Labels tell a router what to do with a packet
Public Options
DSL
Digital Subscriber Line
Combines existing telephone cables into one cable that runs Time
Division Multiplexing (TDM) to accomplish fast T3+ data rates
Uses a filter to allow only low frequencies to the telephone, thus allowing
one to share the line for voice and data
Most common implementation is asynchronous (ADSL), meaning
download bandwidth is different from upload speed, usually the former is
greater
Cable
Uses existing coaxial cable network
Shared trunk
Data-over-Cable Service Interface Specification (DOCSIS)
Specifies Layer 1 and 2
Fiber
New infrastructure being installed by Verizon, Google, and others
Satellite
Expensive and slow, usually a last resort or used in very remote areas
Cellular
3G/4G is now offering data rates to customers higher than previously
available in rural areas, often at a similar price to their existing dial up
connections
Dedicated wireless routers may be purchased to integrate cellular internet
into an existing LAN
VPN
Virtual Private Network
Site-to-site and remote access options
Many different technologies, PPTP, L2TP, IPsec, etc.
Service provider networks
Synchronous Optical Networking (SONET) or Synchronous Digital Hierarchy
(SDH)
SONET is an American ANSI standard, SDH is a European ETSI and ITU
standard
Essentially the same technology
Dense Wavelength Division Multiplexing (DWDM)
Bidirectional
80 different channels/wavelengths
10 Gbps per channel
Used in submarine cables
Serial Point-to-Point
Common type of WAN
Frequently used for T1 connections
Serial means bits are one after another, sequentially, and is the preferred method for
modern technologies
Other technologies such as parallel printer cables transmitted many bits at once
over several wires
Standards
RS-232
Most serial ports on a PCs
Both 9 and 25 pin variants
Used for many devices
Being phased out in favor of USB
V.35
Used mostly for modems and T1 routers
HSSI
Used for T3 routers and other high speed WANs
Time Division Multiplexing (TDM)
Allows for multiple communications to share one link
Eliminated the need for wasteful circuit-switched networks

Implemented on the physical layer, no need for specific protocols
Divides the bandwidth into time slots, allocating channels to each time slot
CPE is usually a router which is the DTE
DCE is a device used to convert data from the DTE to a form usable on the WAN
Bandwidth is usually broken down into Digital Signal Level Numbers (DS0, DS1, etc.)
DS0 is 64 kbps
Same bandwidth needed for an uncompressed digital phone call
24 DS0s can be bundled to get a DS1 (T1)
28 DS1s can be bundled to get a DS3 (T3)
etc
WAN Encapsulation
Protocols
HDLC
Default encapsulation
PPP
Uses HDLC but includes security such as PAP and CHAP
Used for router-to-router or client-to-network connections
Serial Line Internet Protocol (SLIP)
Point-to-point protocol, replaced with PPP
X.25/Link Access Procedure, Balanced (LAPB)
Specifies connections between a DTE and DCE
Largely replaced with Frame Relay
Frame Relay
Uses Virtual Circuits (VCs)
Connects networks together via Layer 2
ATM
Discussed previously, used in service providers to transfer various
protocols
HDLC
Developed by International Organization for Standardization (ISO)
ISO 13239
Defines a framing method to provide flow control and error control via
acknowledgements
Uses frame delimiter to mark beginning and end of each frame
Version implemented on Cisco products has additions that are Cisco proprietary,
allowing multi protocol support
If cross vendor connection is needed, PPP is suggested
PPP
Should be used when connecting to a non-Cisco vendor
Provides
Framing for transporting multiple protocols
Link Control Protocol (LCP) for establishing the connection
Network Control Protocol (NCPs) for allowing multiple Layer 3 protocols
IPv4, IPv6, AppleTalk, IPX, etc.
Link quality monitoring and management
Security through PAP and CHAP authentication
LCP provides
Packet size
Configuration errors
Link termination
Link failure
Negotiation of encapsulation formats, authentication, compression, error
detection
Session establishment
Phase 1 - Establish link and negotiate configuration
Phase 2 - Link quality check
Phase 3 - NCP negotiation for Layer 3 protocol
Configuration
int fa0/1
encapsulation hdlc
show interfaces serial
show controllers
PPP Configuration
conf t
int s0/0/0
encap ppp
compress predictor
ppp quality 80 - If quality goes under 80%, link will shutdown
Multilink - Send traffic over multiple links to same destination
int multilink 1
ip address 10.0.0.1 255.255.255.0
ppp multilink
ppp multilink group 1
int s0/0/0
ppp multilink
ppp multilink group 1
show interfaces serial
show ppp multilink
Authentication
PAP vs CHAP
PAP uses a username and password sent in plain text
CHAP uses a three way handshake with a shared secret for encryption
PAP configuration
Username and password configured below on one router, must be the
expected username and password received from the other router
conf t
username R1 password MyPassword
int s0/0/0
encap ppp
ppp authentication pap
ppp pap sent-username R2 password MyPassword
CHAP configuration
Username and password configured below on one router, must be the
hostname and password received from the other router
conf t
username R1 password MyPassword
int s0/0/0
encap ppp
ppp authentication chap
Show commands
debug ppp
debug ppp packet
debug ppp authentication
show interfaces serial 0/0/0
show controllers
Frame Relay Basics

Good, cheaper alternative to dedicated leased lines
Uses PVCs which are identified by a data-link connection identifier (DLCI)
Supports virtual circuits (VCs)
Being phased out in favor of MPLS and VPN over public Internet
Can be broken into smaller pieces for purchase, such as 4 kbps instead of the 64 kbps
for dedicated lines
Cheaper because providers can place multiple customers on one circuit
Encapsulates Layer 3 protocol
Virtual Circuits (VCs)
Connection between two DTEs is a VC
Called a VC because there is no dedicated connection, its a virtually switched
connection like other packet-switched networks
Switched Virtual Circuits (SVC)
Created by sending messages to the network

Permanent Virtual Circuits (PVCs)
Preconfigured by the carrier, most common
Defined by DLCIs
Defined by provider as well
No significance beyond the local link
Each side could have a different DLCI
Many VCs can be on one physical line
Topologies
Star (hub and spoke) - Most common
Full mesh - Very expensive
Partial mesh - Sometimes used for large networks
Uses Inverse ARP to resolve IP to DLCI
Can override Inverse ARP with static mappings
frame-relay map [ietf] [cisco]
Use ietf when connecting to other vendors
Local Management Interface (LMI)
Keepalive to provide information about connections between DTE and DCE
Every 10 seconds
show frame-relay lmi
Can also do multicasting, status messages, global addressing, flow control
Committed Information Rate (CIR)
Guaranteed bandwidth customer pays from provider
Providers can also allow bursting of traffic over the CIR
Flow Control bit
Simple, does not do it per-VC
Forward Explicit Congestion Notification (FECN) - Towards destination
Backward Explicit Congestion Notification (BECN) - Towards network
When set to 1, it warns of congestion
DE bit in header can be set to 1 to identify lower priority traffic and may be
discarded if necessary
Frame Relay Configuration

conf t
frame-relay switching
int s0/0/0
ip address 10.0.0.1 255.255.255.252
encap frame-relay [cisco] [ietf]
frame-relay intf-type dce
clock rate 9600
bandwidth 1536
frame-relay interface-dlci 100

frame-relay map ip 10.0.0.2 100 [broadcast]
show frame-relay map
Split horizon becomes an issue when using multiple VCs with routing protocols
Can be solved by disabling split-horizon, or using subinterfaces
Same as doing so on a switch
interface s0/0/0.100 point-to-point
ip address 10.0.0.1 255.255.255.0
bandwidth 1536
frame-relay interface-dlci 100
Show commands
show interfaces
show frame-relay lmi
show frame-relay pvc
clear frame-relay inarp
show frame-relay map
debug frame-relay lmi
PPPoE Configuration
conf t
interface dialer 1
encap ppp
ip address negotiated
ppp chap hostname ProviderRouter
ppp chap password ProviderPassword
ip mtu 1492 - Required to ensure fragmentation does not occur due to additional PPPoE
header
dialer pool 1
int fa0/1
pppoe enable
pppoe-client dial-pool-number 1
VPN Basics
Allow for secure remote access from the road, or between two locations
Remote access is usually handled through VPN software on the client and either
VPN hardware or operating system as the main site
May be IKE/IPsec, SSL, L2TP, PPTP
Site-to-site is usually handled through firewall hardware, although server operating
systems can do it as well
Usually IKE/IPsec, but L2TP and PPTP also possible

Cheap solution if looking to save money and not purchase a connection from a provider
May not be as reliable, no quality guarantee since it traverses public internet
Original VPNs used Generic Routing Encapsulation (GRE) which offered no
authentication or encryption
IPsec now provides authentication and encryption of various kinds to ensure data integrity
and security
DES, 3DES, AES 128/192/256
Internet Protocol Security (IPsec)
Runs on Layer 3, authenticating and encrypting IP packets
Thus, almost all applications can be secured with IPsec
Can run over any Layer 2 protocol such as Ethernet, ATM, Frame Relay
Modular and allows for different algorithms to be used
MD5, SHA, DES, 3DES, AES, etc.
Provides
Confidentiality (encryption)
Data Integrity
Authentication
Anti-Replay Protection
Encryption Algorithms
Note: DES (56 bit) and 3DES (168 bit) are no longer considered secure,
also, 512 bit and 768 bit RSA has been cracked and not recommended
Recommended to use AES and 2048 bit RSA (if using RSA)
Symmetric vs Asymmetric
Symmetric - Shared key, each side has same key/password
Decently secure, especially with AES-256, and fast
Asymmetric - Different key for encryption and decryption
Considered more secure but much slower
IPsec uses symmetric encryption, but uses an asymmetric algorithm
(Diffie-Hellman) to share keys to enable the symmetric encryption
Many different bit levels for additional Diffie-Hellman security, more
bits is more secure, but some are designed to work with certain
encryption algorithms
Such as DH Group 5 or 14 and AES-256
Advanced Encryption Standard (AES) - Uses Rijndael cipher which won a
contest run by the National Institute of Standards and Technology of the
United States (NIST) to replace the aging DES algorithm
AES-128 would take about 100 billion years to crack with brute
force. For comparison, the universe is about 13 billion years old.
And, it re-keys every 8-24 hours usually based on configuration. So
someone would have to crack that 100 billion year algorithm within
8-24 hours. And then theres AES-256...
More encryption (more bits) means more security but slower
encryption/decryption
VoIP and video may not work well with VPNs offering high level of
encryption
Data Integrity
Two common hashing algorithms used to ensure data integrity
MD5 - 128 bit key, starting to be considered insecure due to work
on hacking it
SHA - SHA-1 is a 160 bit key, there are also 256, 384, and 512 bit
versions
Authentication
PSK - Most common implementation, each side has a pre-shared
key/password configured
RSA signature - Certificates may be shared with each side
Confidentiality
Authentication Header (AH) - Does not encrypt packet
Encapsulating Security Payload (ESP) - Encrypts packet
IPsec - Uses UDP 500/4500
Traditional method, uses client software on PC
Cisco offers
Cisco Easy VPN
Requires Cisco VPN Client installed
SSL - Uses TCP 443
Convenient since it can get around many firewalls in hotels and such
Client software for PCs also seem to be less buggy
Industry appears to be transitioning to SSL as the preferred method due to ease
of use
Cisco offers
Cisco AnyConnect Secure Mobility Client with SSL
Requires AnyConnect client installed
Cisco Secure Mobility Clientless SSL VPN
Requires a web browser
GRE Tunnel Configuration

IETF RFC 2784
Offers no authentication or encryption
Can be useful for routing other protocols through a network
Stateless
conf t
int Tunnel0
tunnel mode gre ip
ip address 192.168.100.2 255.255.255.0
tunnel source 4.2.2.1

tunnel destination 8.8.8.8
Show commands
show interface tunnel
show ip ospf neighbor
Syslog Basics
Many systems produce log data in a standardized format
IETF RFC 3164
UDP 514
Levels
0 - Emergency
1 - Alert
2 - Critical
3 - Error
4 - Warning
5 - Notice
6 - Informational
7 - Debug
Configuration
conf t
logging 192.168.1.99 - Send syslog to server
logging trap 4 - Sends 0-4 level messages only
logging trap warning - Same as above
logging source-interface fa0/1 - Optional, defines which interface IP is stamped
on log messages
Timestamps
conf t
service timestamps log datetime
Show commands
show logging
SNMP Basics
Simple Network Management Protocol (SNMP)
IETF RFC 1157, 1901-1908, 2273-2275
Used to retrieve metrics and settings, as well as set settings of devices
Setting of configurations not often used due to security concerns, even with
SNMPv3 available now (which offers enhanced security)
UDP 161 for retrieval, traps sent on UDP 162

Uses Object Identifiers (OID) assigned by ISO which define the metrics that can be
retrieved or set on a device
Management Information Base (MIB) files are hierarchical collections of OIDs that
describe the OIDs available for a device, data format, valid ranges, etc.
I like to think of MIBs as: MIBs are to OIDs as DNS is to IPs
Retrieval of SNMP values are often done from an SNMP server on a schedule of X
number of seconds, called polling, sent to the devices and requesting a variety of OID
values
Uses UDP 161
SNMP Traps are sent from a device to the SNMP server when something changes,
usually something like a hardware failure, enabling a new interface, unplugging a cable,
etc. and usually describe just one OID change
Uses UDP 162
Versions
SNMPv1
Old, RFC 1157
Not often used anymore
When a server queries a device, it polls the entire tree, very wasteful
Uses a community string as a shared password to offer some form of
security
Used mostly for get requests to retrieve values
SNMPv2c
RFC 1901-1908
Used in most production networks
Queries are much more efficient, polling only OID values it needs
Uses a community string as a shared password to offer some form of
security
Used mostly for get requests to retrieve values
SNMPv3
RFC 2273-2275
Becoming more popular but device support is still not complete
Provides authentication and encryption
Sees more use than 1 or 2c for set requests to set values
Separate community strings can be set for get (ro) and set (rw)
Configuration
snmp-server community MyPassword ro
snmp-server location The Location of Device
snmp-server contact Contact Person
snmp-server community MyPassword ACL - Restrict SNMP via ACL
snmp-server host 192.168.1.99 version 2c MyPassword - Define server to
send traps to and SNMP version
snmp-server enable traps
Show commands
show snmp
show snmp community
NetFlow Basics
Provides statistics on traffic flowing through a router or Layer 3 switch
Source/destination, port, byte counts, etc.
Flexible NetFlow is the latest version
Uses Version 9 export format
Template-based
Many commands introduced with IOS 15.1
Netflow is unidirectional
Clients send/receive traffic, so one flow capture will only see one direction, one
must configure two flow captures on an interface to get both directions
Configuration
conf t
int fa0/1
ip flow ingress
ip flow egress
exit
ip flow-export destination 192.168.1.99 2055 - Common ports are 99, 2055,
9996
ip flow-export version 5
Show commands
show ip cache flow
show ip flow interface
show ip flow export
Credits
Thank you to all my backers!
They came from all over the world:

Australia
Austria
Bahrain
Brazil
Canada
Estonia
Finland
Germany
Greenland
Ireland
Luxembourg
Netherlands
New Zealand
Norway
Peru
Russian Federation
Singapore
Slovenia
Sweden
Switzerland
United Kingdom
United States
Backers:
@TwirX
Aaron Newark
ACP
ACS
Adam Cornwell
Adam Kuyper
Adiel
Ajay Patel-UTSA Association of Information Systems
Alex Broque
Alex Gonzalez
Alex Wilkinson
Andrew Green
Andy Bradford
Andy Mc
Anthony Parker
Anthony Z Foster
Aref Mourtada
Arysta
Ashley
BT
B. Paggen
bakednoodle
Bart Fibrich
Ben Doyle
Ben Ellett
Ben Story
Betsy Nickel
BigDave
Bill Bradford
Bill Wood
Billy Bennett
Blake Johnson
Bob Zabaga
Brandon Karis
Brandon Pierce
Brendan Best @ Grey Earth
Brett Kuhlman
Callen Trail
Carlo M.
Cau5tik
chalberg
Chase Hoffman
Chris
Chris Dudek
Chris O'Grodnick
Chris Padilla
Chrisg Gibbs
Christine Oei
Christopher Green
Christopher Thomas
Cody Wilson
Compupaq
Computer Chip dot Biz
Connor Ness
Core Systems Technology
Craig Arnold
D Choo
D.Kravchuk
Dale Virgin
Damian Van Dooren
Dan Metzger
Daniel Brown
Daniel Hatke
Daniel L
Daniel T. Briggs
Darrell Stanley
Darth Vader
David L
David Rose
Deep Breath Technologies

Derek "skwerl" Gray
Derek Boge
Derek Degenhardt
Dimitry
Dok
Dominic
Dominic A
Dominic Kallas
Dominic Watkins
Douglas Philips
Dr. Laronski
Duane G.
Dustin Adams
dyung
Ed Knudsen
Eddi Hughes
Electronic Production Services
Elias-John Fernandez-Aubert
Eric Ness
Eric Rivas
Espen Alexander Strmme
Farrukh Bashir - FB Creations
Firas Alnemer
For I Am CJ
Franklin Leung
Fred sderberg
Galen Muir
GenericName21
Geoffrey Cameron
George Vanburgh
George Velios
Gerzain Maldonado Padilla
Gordon Dexter
Hai D. Nguyen
Henrik Lindhe
Hush
Ian Barker
Ian Fosso
Ian W Stearns
Ickypoopy
Imran Lone
inux
io Networks
ipSpace.net
J. Cyganowski
Jack
Jacob W.
James Gannon
James Geiger
James Godwin
Jamey Rush
Jamie MacFarlane
Jamie Mitchell
Jamie Piperberg
Jase
Jason Bob Gerschwin Samperi
Jason Carpenter
Jason Chen
Jason Colby
Jason Mills
Javier Umpierrez
Jay Johnson
Jerad Jackson
Jeremy
Jethro Nederhof
Jim Pacek
Joe Ficocello
Joe Zang
Joel Anderson
Joel Francois
John
John Bergoon
John Miller
John Shumway
Jon Schillinger
Jonathan Allen
Jonathan Bucud
Jonathan Gonzalez
Jonathan Hazan
Jonathan Tite
Jordan Harder
Jordan R. Villarreal
Joseph Taylor
Josh Connors
Josh Vazquez
Joshua Graham
Joshua M. Cowles
Joshua Michael Hublar
Joshua Miller
Joshua R. Aulik
Justin Clay
Justin Kahrs
Justin Los
Keith Gates
Ken Reinertson
Kenneth J Bass
Kenneth Katz
Kevin Clack
Kevin Low
Kevin Vo
Kieran Innes
Kirk MacArthur
kkfong
Kris Amundson
Kurtis
Kylar Grey
Kyle Reilly
Kyle Root
L. Nick
Lee Holbrook
Leron Culbreath
Lester Covax
Loren C Gordon
Louis T.
Luke Wallis
LV
Lynn Dixon
Maikel Lodewijk [NL]
Marc Tinnemeyer
Marcus Daniels
Marion Dominador Cravens
Marlon Cook
Marvin Bricker
Matt Baird
Matt Bloomfield
Matt Byrd
Matt Forman
Matt Robinson
Matt Tatum
Matthew Breckenridge
Matthew Swinburne
Matthew Wagner
Melissa Bernetsky
Michael Boutin
Michael Edwards
Michael Fletcher
Michael J. Biase
Michael Jacobson
Michael Kahnoski
MICHAEL L WALK3R
Michael Lycett
Michael Mayer
Michael Pena
Michael Richards
Michael Segal
Michael Stubbs
Michel Fortier
Miguel Carrero
Mikael Ljungman
Mike Kraus - Cisco
MikeIT
Millar Clelland
Mooch Page
Nathan Strebel
Nathan Thorpe
NETHINKS GmbH
Netwurx
Nicholas Boller
Nicholas Robinson-Wall
Nick Stadler
Norm M. Zastre
Oskar Andersson
Patrick McGirr
PatrickH
Paul C. Cook
Paul Fischer
Paul J. Turner
Pete Baldridge
Peter Thorne
Philipp Bieber
Rafael Bianco Nacif
Ray Perkins
Raymond Hernandez
Reggie L.
Richard Clyne
Richard Hiers
Rick Guyton
Riffy Divine
Rob Bruner
Rod MacPherson
Rolf Rsand
Roman Belogurov
Ross Parlette
Ross Wilson
Rudy Brunetti
Rudy Giacchetti
Ryan "ryanknapper" Knapper
Ryan Broadfoot
Ryan Heath
Ryan Holder
S. Bearden
Sam Aschwanden
Sam Girtman
Schoemaker IT
Scott Olson
Scott Reed
Sean R
ShaTT
Shawn Morford
Si B.
Sid McLaughlin
Simon Wagner
SJM Steffann
spkujis
Sriram
Sriram Sridharan
Stan Yamane
Stan Zieg
Stephen Bush
Stephen W. Chen
Steven Fitkin
Steven M. Miano
Steven Nuhn
Stewart Lewis Jr
Syed Asad Zahoor

T.J. Pile
Tafsir Thiam
TapIT Solutions
TechFleece.com
The Cabalse Group
The Source Computing Group
Theodore Runk
Tim Kelsch
Tim Miller
Tim Reynolds
TJ333
Tom Cannon
Tom Nielsen
Tony Miller
Tony Testa
Tuncay Sagir
uebi.net
Van Johnson
Victor Bredholt
Vidar Salte
Warren T Ridings
Wee Eng Hin
WettestHat.com
William D Lipira
William Lee
William Sanderson
William Woodward
Zafo129
Zedd Epstein
zot171
...And those who wished to be anonymous!

CCNA Short Notes PDF

Uploaded by

Copyright:

Available Formats

CCNA Short Notes PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNA Short Notes PDF

Uploaded by

Copyright:

Available Formats

What is the purpose of the document?

What is the purpose of the document?

What topics are covered in the document?

What topics are covered in the document?

Andrew Crouthamel Cisco CCNA Training Notes 1

SOLD TO THE FINE

About ShrikeCast and Andrew Crouthamel

About Cisco Certification and CCNA

Useful Networking Tools and Learning Resources

When do I use a Network?

Coursera & Udacity

What are Networks?

The History of the Internet

How the Internet is Designed

OSI and TCP/IP Models

read and the data is decapsulated from that layer

All About Applications

One of, if not both end up running as a server and a client.

Top-level domain servers - Records of second-level domain servers

Roles of the Transport Layer

Provides reliable delivery using protocols such as TCP

TCP and UDP Protocols

Four-way session teardown

Internet Protocol and IPv4

Connectionless - Relies on Layer 4

Networks and Subnets

11000000.10101000.00000001.00000001 which turns into 192.168.1.1

IPv4 Address Types

All remaining bits in-between are the usable addresses

Configuration Protocol) server is found

Last host address

IPv6 Addressing Basics

IPv6 Unicast and Multicast

IPv6 Testing Connections

Data Link Layer Basics

Control information in beginning of PDU

Uses Ethernet MAC address, 48 bit hexadecimal identifier

Physical Layer Basics

International Organization for Standardization (ISO)

Throughput minus traffic overhead

Often no longer needed, with Auto-MDIX functionality

Physical could be one cable interconnecting devices

Multicast addresses start with 01-00-5E

Address Resolution Protocol (ARP)

except originating port

IOS Device Basics

Up and Down arrows cycle through last entered commands

IOS Command Basics

Shown to only services that have login defined

Switch Configuration Basics

To manage a switch, a Switch Virtual Interface (SVI) must be configured

Switch Security Basics

frames everywhere, so attacker can capture whatever they want

Switch Port Security

show vlan or show vlan brief

Best to separate management from user traffic

Routing Table Basics

ip address 192.168.3.1 255.255.255.0

Static Routing Basics