Cisco CCNA Routing and Switching Training Notes.pdf

January 14, 2017 | Author: Faarah Adam | Category: N/A
Share Embed Donate


Short Description

Download Cisco CCNA Routing and Switching Training Notes.pdf...

Description

Andrew Crouthamel

Cisco CCNA Training Notes SOLD TO THE FINE [email protected]

Cisco CCNA Routing and Switching Training Notes 100-101 ICND1, 100-102 ICND2 200-120 CCNA Andrew Crouthamel

1

Andrew Crouthamel

Cisco CCNA Training Notes

Table of Contents Table of Contents About ShrikeCast and Andrew Crouthamel About Cisco Certification and CCNA Useful Networking Tools and Learning Resources When do I use a Network? What are Networks? The History of the Internet How the Internet is Designed How to Communicate Sizes of Networks Protocols OSI and TCP/IP Models All About Applications Common Protocols Roles of the Transport Layer TCP and UDP Protocols Internet Protocol and IPv4 Networks and Subnets Introduction to Routing IPv4 Basics IPv4 Address Types IPv4 Subnetting IPv6 Addressing Basics IPv6 Unicast and Multicast IPv6 Testing Connections Data Link Layer Basics Physical Layer Basics Network Media Topology Basics Ethernet Basics Address Resolution Protocol (ARP) Switch Basics IOS Device Basics IOS Command Basics Switch Configuration Basics Switch Security Basics Switch Port Security VLAN Basics

2

Andrew Crouthamel

Cisco CCNA Training Notes

Creating VLANs VLAN Trunks VLAN Security Layer 3 Switching Routing Basics Routing Table Basics Router-on-a-stick Configuration Static Routing Basics Static Routing Configuration Dynamic Routing Protocols Basics Distance Vector Routing Protocols RIP Configuration Open Shortest Path First (OSPF) OSPFv2 Single-Area Configuration OSPF Multi-Area Basics OSPF Multi-Area Configuration EIGRP Basics EIGRP Configuration EIGRP Metrics and DUAL EIGRP Tuning and Security Access Control Lists (ACLs) Standard IPv4 ACL Configuration Extended IPv4 ACL Configuration Dynamic Host Configuration Protocol (DHCP) DHCP Configuration Network Address Translation (NAT) NAT Configuration Spanning Tree Protocol (STP) Spanning Tree Configuration Redundancy Protocols Link Aggregation Basics Wireless Basics and Security IOS Naming Scheme IOS Licensing WAN Basics Serial Point-to-Point WAN Encapsulation PPP Configuration Frame Relay Basics Frame Relay Configuration PPPoE Configuration VPN Basics GRE Tunnel Configuration

3

Andrew Crouthamel

Cisco CCNA Training Notes

4

Syslog Basics SNMP Basics NetFlow Basics Credits

About ShrikeCast and Andrew Crouthamel ● Started in 2011 to share IT knowledge ● Shrike comes from the bird ○ Impales insect and small mammals on spikes to help it rip apart and preserve for later ● Andrew has been in IT for 10 years now ○ CCNA ○ CCNA Security ○ CCAI ○ VCP5 ○ CompTIA Security+ ○ CompTIA Network+ ○ CompTIA A+ ● Majority has been involved in networking and security ● LinkedIn: http://www.linkedin.com/in/andrewcrouthamel/

About Cisco Certification and CCNA ● Current Cisco Certification Levels ○ Entry ○ Associate ○ Professional ○ Expert ○ Architect ● Cisco Certification Tree ● Recertification policy ○ Pass one test from same level or above, all certifications update ● CCNA ○ 100-101 ICND1 (CCENT) ■ Modules 1 & 2 of Cisco Networking Academy ■ AND ○ 200-101 ICND2 (CCNA) ■ Modules 3 & 4 of Cisco Networking Academy ■ OR ○ 200-120 CCNA (ICND1 & ICND2) ■ Modules 1 & 2 & 3 & 4 of Cisco Networking Academy

Andrew Crouthamel

Cisco CCNA Training Notes

Useful Networking Tools and Learning Resources ● Wireshark - http://www.wireshark.org ● Packet Tracer http://www.cisco.com/web/learning/netacad/course_catalog/PacketTracer.html ● GNS3 - http://www.gns3.net ● PuTTY - http://www.chiark.greenend.org.uk/~sgtatham/putty/ ● KiTTY - http://kitty.9bis.net/ ● TFTP32 - http://tftpd32.jounin.net/ ● Angry IP Scanner - http://www.angryip.org/ ● Cisco Learning Network - https://learningnetwork.cisco.com/ ● GNS Labs - http://gns3vault.com/

When do I use a Network? ● World economies going global ● Instant communications across the world ○ Facebook ○ Twitter ● TV, Phone, Internet, everything uses networks ○ Smartphones ● Communications ○ Social Networks ○ News ○ Blogs ○ Internet Radio ○ Podcasts ○ Instant Messaging ○ Wikis ○ VoIP ○ eBooks (rise of Kindle and self-publishing) ● Banking ● Shopping ○ Mail order catalogs ○ Traditional stores ○ Auction sites ■ eBay ● Education revolution ○ Online classes ○ Online colleges

5

Andrew Crouthamel

Cisco CCNA Training Notes

○ Coursera & Udacity ● Business needs ○ Remote access ■ IPsec ■ SSL-VPN ○ Connections between locations ■ Site-to-site IPsec VPN ● Gaming ○ Online game matches ■ Xbox Live ■ PSN ○ Online distribution ■ Steam ○ Rise of independent developers and publishing ● Internet of Things ○ No longer PCs, everything getting connected ■ QoS important

What are Networks? ● Communication needs ○ Sender and receiver ○ Method ○ Language ○ Speed ○ Confirmation ● Quality ○ Acceptable quality needs to be determined ○ More times data is transmitted, greater chance of corruption ○ Size of data packages needs to be determined ○ Reliability is key now ● Network elements ○ Rules (Protocols) ■ HTTP/HTTPS ■ SMTP ■ POP ■ XMPP ■ OSCAR ■ SIP ■ FTP ■ Telnet ■ SSH

6

Andrew Crouthamel

Cisco CCNA Training Notes

7

○ Medium ■ Wired ■ Wireless ○ Messages ■ Segments ■ Packets ■ Frames ○ Devices ■ Switches ■ Routers ● Network symbols ● Converged Networks

The History of the Internet ● Victorian Internet ○ Telegraph (1830-40s) ○ Submarine cables (1850s-60s) ○ Gave rise to phone networks ● Began in 1950s ○ Mainframe computer connections ● Late 1960s into 1980s ○ ARPANET (Advanced Research Projects Agency Network) ■ 1969-1985 (latest 1989) ■ Project of DARPA (Defense Advanced Research Projects Agency) ■ Connected universities at first, military later ■ Military split off with MILNET in 1983 ■ E-mail, FTP, TCP/IP protocols ■ Shut down around 1985 with NSFNET introduction ● 1980s ○ CSNET (Computer Science Network) ■ 1981-1984 ■ Project of National Science Foundation ■ Used to connect institutions that could not get funding or authorization to connect directly into ARPANET ■ Rose awareness for the national network ○ NSFNET (National Science Foundation Network) ■ 1985-1995 ■ Project of National Science Foundation ■ Provide connections for researchers to supercomputers funded by NSF ■ Started with a 56Kbps backbone, upgraded to 1.5Mbps T1, then to a 45Mbps T3, OC3, OC12, OC48

Andrew Crouthamel

Cisco CCNA Training Notes

8

■ BGP protocol ■ Commercial ISPs started around this time, using the NSFNET to route traffic ● 1990s ○ Internet ■ April 30, 1995 the original NSFNET Backbone Service was decommissioned, transitioning traffic to several commercial backbone networks ● MCI ● Sprint

How the Internet is Designed ● Circuit Switching ● Packet Switching ● Tiered ISP structure ○ T1 - Tier 1 - Backbone ISPs ■ Own the cable ■ Verizon ■ Sprint ■ AT&T ○ T2 - Regional - Common ISPs ■ Lease from T1 ○ T3 - Local - More common with dial-up ■ Lease from T2 ● Convergence ○ QoS (Quality of Service) ■ Classification ■ Priorities ■ Based on traffic type, protocol ● UDP - more sensitive ○ VoIP ○ Video ● TCP - less sensitive ○ HTTP ○ FTP ● Network Security ○ Confidentiality ○ Integrity ○ Availability ● Future of Networking ○ Convergence

Andrew Crouthamel

Cisco CCNA Training Notes

9

○ Mobility ○ Security

How to Communicate ● Parts needed for communicating ○ Source ○ Encoder ○ Transmitter ○ Medium ○ Receiver ○ Decoder ○ Destination ● Segmentation ○ Breaking up data into smaller pieces ● Multiplexing ○ Having several communications on the same medium ● Components ○ Devices ■ End devices ● Generate and receive the data ■ Intermediary devices ● Help determine where data needs to go based on addresses in data ○ Media ■ Copper ■ Fiber ■ Radio ■ Each has its own encoding method ○ Services ■ Web (HTTP) ■ Files (FTP) ■ Video (H.264) ■ VoIP (SIP)

Sizes of Networks ● Terminology varies ● PAN (Personal Area Network) ● LAN (Local Area Network) ○ Homes

Andrew Crouthamel

● ● ●

● ● ● ● ●

Cisco CCNA Training Notes

○ Businesses ○ Buildings MAN (Metropolitan Area Network) WAN (Wide Area Network) ○ Connects LANs together Internet is a network of networks on a global scale ○ Called an Internetwork ○ ISP (Internet Service Provider) Intranet is a network of networks in a single organization NIC (Network Interface Card) ○ Adapter in a host device to connect to network Physical Port ○ Also known as a jack, where cable plugs into on wall Interface ○ Name of a NIC on an intermediary device Network symbols

Protocols ● ● ● ● ● ●

Protocols are rules on how to communicate Format of message How to share information Error handling Setup and termination of sessions Most are ratified by organizations such as ○ IEEE (Institute of Electrical and Electronics Engineers) ■ Usually media specifications and standards ○ IETF (Internet Engineering Task Force) ■ Usually protocols ■ RFC (Requests For Comments) ● Sometimes they are grouped into suites or stacks ● Examples ○ HTTP (Hypertext Transfer Protocol) ■ Application Protocol ○ TCP (Transmission Control Protocol) ■ Transport Protocol ○ IP (Internet Protocol) ■ Network Protocol ● Protocols work together to accomplish communications

10

Andrew Crouthamel

Cisco CCNA Training Notes

11

OSI and TCP/IP Models ● Layered approach helps protocols work together ● Protocol Models ○ TCP/IP Model ● Reference Models ○ OSI Model ● TCP/IP Model ○ IETF (Internet Engineering Task Force) ○ Application ○ Transport ○ Internet ○ Network Access ● Data goes down the model to the media, then back up the model at the receiver ● At each layer data is called a PDU (Protocol Data Unit) ● Specific layer terminology ○ Application Layer - Data ○ Transport Layer - Segment ○ Network Layer - Packet ○ Data Link - Frame ○ Physical - Bits ● Most layers encapsulate the previous layer with more data ● OSI Model ○ ISO (International Organization for Standardization) ○ 7 - Application ○ 6 - Presentation ○ 5 - Session ○ 4 - Transport ○ 3 - Network ○ 2 - Data Link ○ 1 - Physical ○ OSI Model layers are often referred to by their number ● Most layers have an addressing method ○ Transport - Ports ○ Network - Logical Addresses (IP Addresses) ○ Data Link - Physical Addresses (MAC Addresses) ● As data goes down the layers, it is encapsulated and new addresses specific to that layer are added on ● Intermediary devices read the destination addresses to determine where to send the data ● On a receiving device, as data gets to each layer, the destination address for that layer is

Andrew Crouthamel

Cisco CCNA Training Notes

12

read and the data is decapsulated from that layer ○ Decapsulated - Rip off the header ● Then data is sent to the next layer up

All About Applications ● Applications are the software and services on a computer ○ Often includes Presentation and Session layers as the TCP/IP model has ● Presentation Layer ○ Conversion of data to make it useful for layers below ○ Compression of data ○ Encryption/decryption ○ File formats are good examples of the Presentation Layer ● Session Layer ○ Creates and tears down sessions, connections from one device to another ● Application examples ○ DNS ○ HTTP ○ SMTP ○ FTP ○ Telnet ● Protocols, Applications, and Services can all be the same name ○ Telnet ○ SCP ○ TFTP ● Processes on your computer are applications ○ Some use network connections ■ taskmgr ■ netstat -an ● Protocols ○ Message types ○ Message syntax ○ Message transit methods ● Client-server model ○ Client is the one making the request ■ Good example is a personal PC running a client such as a web browser ○ Server is the one responding to requests ■ Running the services ● Also called daemons ■ Good example is a server PC running Apache ○ Servers can have client software on them ○ Peer-to-Peer Model

Andrew Crouthamel

Cisco CCNA Training Notes

13

■ One of, if not both end up running as a server and a client. ■ Can create a network Peer-to-Peer with a crossover cable

Common Protocols ● Protocols to know ○ DNS (Domain Name System) - TCP/UDP Port 53 ○ HTTP (Hypertext Transfer Protocol) - TCP Port 80 ○ HTTPS (Hypertext Transfer Protocol over SSL or Hypertext Transfer Protocol Secure) - TCP port 443 ○ SMTP (Simple Mail Transfer Protocol) - TCP Port 25 ○ POP (Post Office Protocol) - TCP Port 110 ○ Telnet - TCP Port 23 ○ SSH - TCP Port 22 ○ FTP (File Transfer Protocol) - TCP Ports 20 and 21, or 21 and random port ○ DHCP (Dynamic Host Configuration Protocol) - UDP Ports 67 and 68 ○ SMB (Server Message Block)/CIFS (Common Internet File System) - TCP Port 445 or UDP Ports 137 and 138, and TCP Ports 137 and 139 ○ TFTP (Trivial File Transfer Protocol) - UDP Port 69 ○ SNMP (Simple Network Management Protocol - UDP Ports 161 and 162 ● DNS ○ ○ ○ ○ ○ ○ ○

○ ○ ○ ○

Very old protocol but one of the most important protocols in use today Modern technologies such as VMware rely heavily on it Resolves domain names to IP addresses DNS resolution is done before data connection to server for a service is initiated Required for the World Wide Web to work nslookup Record types ■ A (IPv4) or AAAA (for IPv6) - Generic record, device IP address ■ NS - Name server record ■ CNAME - Canonical name, also known as an alias ● Often used for web servers so multiple websites can be hosted on the same IP ■ MX - Mail exchange record, only for E-mail servers Client and servers will check their host files first, then DNS cache, only then checking network servers ipconfig /displaydns ipconfig /flushdns Hierarchy system ■ Root servers - Records of top-level domain servers ● Also known as the Root Hint servers

Andrew Crouthamel

Cisco CCNA Training Notes

14

■ Top-level domain servers - Records of second-level domain servers ● .com, .org, .net, .co.uk, etc. ■ Second-level domain servers ● andrewcrouthamel.com, youtube.com, etc. ● HTTP ○ Also very old protocol ○ The World Wide Web (which runs on the Internet) is mostly run by HTTP ○ Web browsers download and interpret HTTP and other protocols and languages to display web pages ○ Transmits HTML or similar files (index.html is often hidden from the URL) ○ GET, POST, PUT message types ○ Secure version HTTPS ● SMTP/POP ○ Also very old protocols ○ Used for sending/receiving E-mail ○ Clients are known as MUA (Mail User Agent) ○ MDA (Mail Delivery Agent) is the server that actually sends the data back to the client and often stores the mailbox data ○ MTA (Mail Transfer Agent) is a mail routing server to get mail to the correct MDA ○ SMTP Commands ■ HELO - Creates connection to mail server ■ EHLO - Newer version of HELO ■ MAIL FROM - Sender address ■ RCPT TO - Recipient address ■ DATA - Message body ○ SMTP is for sending mail from a client and inter-MTA transfers ○ POP is for receiving mail to a client from a MDA ○ Secure options now, runs on other ports ● Telnet ○ Allows for CLI (Command-Line Interface) access ■ Also known as “terminal access” ■ Used to access routers, switches, servers, etc. ○ Commands and data are plaintext ○ Secure version is SSH ● SSH ○ Secure Shell ○ Provides encryption for CLI access ● FTP ○ Also very old protocol ○ Designed for sending and receiving files, HTTP later had that capability added ○ FTP is often the fastest method of transferring a file ○ Two modes ■ Active - Ports 20 and 21

Andrew Crouthamel









Cisco CCNA Training Notes

● Control on 21 ● Data on 20 ■ Passive - Ports 21 and random ● Control on 21 ● Data on random ○ Secure version is SFTP or FTPS DHCP ○ Originally BOOTP ○ Allows a client to automatically get an IP address and other information ○ Messages ■ Discover ■ Offer ■ Request ■ Acknowledge SMB/CIFS ○ Originally SMB, now CIFS ○ Microsoft protocol ○ Linux can speak it with Samba for SMB, or CIFS natively ○ Often used for file transfers and printer sharing ○ Default file transfer protocol for Windows ○ Usually slow and considered bloated ■ FTP is almost always many times faster TFTP ○ Commonly used for router or switch maintenance, transferring files or configurations to or from devices ○ TFTP32 SNMP ○ Used for retrieving and setting values on computers, networking equipment, anything ○ Writing values via SNMP is commonly considered insecure and a bad idea ○ Reading values via SNMP is very common on a timed interval for retrieving health information from a device (CPU usage, memory usage, disk usage, etc.) ○ MRTG and Zenoss

Roles of the Transport Layer ● ● ● ●

15

Provides segmentation and control of data Reassembles data at receiving end Identifies applications and services based on port number After being sent from above layers, data is broken up into PDUs called segments ○ This is done to enable multiplexing and increase transmission reliability ● Establishes sessions using stateful communication protocols such as TCP

Andrew Crouthamel

Cisco CCNA Training Notes

● ● ● ● ● ●

16

Provides reliable delivery using protocols such as TCP Can re arrange data into proper order if received out of order Flow control TCP good for reliability, but slower data transmissions (HTTP, FTP, etc.) UDP good for unreliable, but faster data transmissions (VoIP, DNS, etc.) With TCP, it can track incoming data, keep note on what it received, acknowledge those receipts and force retransmission of missed segments ● Clients often generate a random port number per application when communicating to a server, so returning data can be routed to the correct application ○ Web browsers are a good example, each window or tab has its own randomly generated port number ● Port Numbers ○ Assigned by IANA (Internet Assigned Numbers Authority) ○ Well Known Ports - 0-1023 ■ Most common applications and services are in here ■ Doom 666 ○ Registered Ports - 1024-49151 ■ Other common services and games ■ Sometimes used as dynamic ports on a client ○ Dynamic/Private Ports - 49152-65535 ■ Also known as ephemeral ports ■ Free-for-all ■ Commonly used as dynamic ports on a client ● DNS uses UDP and TCP ○ UDP for requests and responses ○ TCP for zone transfers between servers

TCP and UDP Protocols ● Connection oriented communications ● TCP provides reliability to communications with an added overhead ● Options field ○ URG - Urgent ○ ACK - Acknowledgement ○ PSH - Push ○ RST - Reset connection ○ SYN - Synchronize sequence numbers ○ FIN - Finish connection ● Three-way handshake ○ SYN ○ SYN/ACK ○ ACK

Andrew Crouthamel

Cisco CCNA Training Notes

17

● Four-way session teardown ○ FIN ○ ACK ○ FIN ○ ACK ● Reassembly ○ Packets can take various routes to get to destination ○ Sometimes they arrive out of order ○ Acknowledgement numbers during data transmission reflect how many bytes were sent ○ Acknowledgements usually happen after several packets are sent ○ If segment never received, will often harass the sender for missing segment, called FRR (Fast Retransmit and Recovery) ■ Otherwise, it waits until a timeout for the acknowledgement to determine that a segment was missed ● Flow control ○ Window size is the amount of bytes sent before and Acknowledgement is sent ○ Window size can be adjusted on the fly if there are bottlenecks at one side ○ If both sides support SACK (Selective Acknowledgements), which is common, only the missing segment is retransmitted ■ Otherwise, the entire window size will be retransmitted ● UDP ○ Connectionless communications ○ UDP provides unreliable communications without much overhead ○ No reassembly if received out of order, segments are passed up the layers as-is ○ Lost or damaged segments are not re sent ○ Sometimes the above two are handled via software to provide pseudo-TCP functionality with UDP

Internet Protocol and IPv4 ● Layer 3 provides ○ Addressing ○ Encapsulation ○ Routing ○ Decapsulation ● Layer 3 Protocols ○ IPv4 (Internet Protocol version 4) ○ IPv6 (Internet Protocol version 6) ○ IPX (Novell Internetwork Packet Exchange) ○ AppleTalk ● Properties

Andrew Crouthamel

Cisco CCNA Training Notes

18

○ Connectionless - Relies on Layer 4 ○ Best Effort - Relies on Layer 4 ○ Media Independent - Relies on Layer 2 ● MTU is a Layer 2 setting which gets passed up to Layer 3 so it can determine how large packets need to be ○ If a router or other device receives a packet that is too large it usually will fragment ● Takes Layer 4 segment and header, then encapsulates IP header onto it ● IPv4 Header ○ Source Address ■ 32-bit binary number assigned to source NIC ○ Destination Address ■ 32-bit binary number assigned to destination NIC ○ TTL (Time-to-Live) ■ 8-bit binary value that defines how many “hops” the packet can take before being dropped ● Starts high, counts down to 0 ○ ToS (Type-of-Service) ■ 8-bit binary value used for Quality of Service ○ Protocol ■ 8-bit binary value used to define the Layer 4 protocol in use ● 01 - ICMP ● 06 - TCP ● 17 - UDP ○ Fragment Offset ■ If a packet is fragmented, the offset is used to determine how to reconstruct the data

Networks and Subnets ● Many sizes and design options to choose from for your networks ● Networks can be broken down by ○ Location ○ Department ○ Collaboration ● Reasons for networks and subnetting ○ Logical separation ○ Security ○ Broadcast traffic reduction ○ Address management ● IP addresses are broken into Network and Host portions ○ The subnet mask (also known as bit mask) determines where the separation occurs

Andrew Crouthamel

Cisco CCNA Training Notes

19

Introduction to Routing ● Gateways and routing are required to communicate between networks ○ Any devices on the same network can communicate without the need for a router ● Routers read the IP addresses in the header to determine where traffic needs to go when routing between networks ● Default gateways are the escape point for a network, each device should have only one configured ○ ipconfig or ipconfig /all ● Routes determine who to send traffic to for a certain network ○ End devices can have static routes added ■ route print, route add, route delete ○ Intermediary devices such as routers have either static or dynamic routes in them ○ Routes have three basic parts ■ Destination network ■ Next-hop or Exit interface ■ Metric ○ Many routers have a Default Route, which is the same as a Default Gateway, also known as the Gateway of Last Resort ■ Often shows 0.0.0.0/0 for destiantion network ○ If there is no route match and no Default Route, packets are discarded ● Routing process (for every packet) ○ Decapsulate (rip off) Layer 2 ○ Read the destination IP in the Layer 3 header ○ Check routing table ○ Encapsulate Layer 2 ● Routing protocols allow routers to share route information ○ They add dynamic routes into the routing table ○ Routing protocols learned in CCNA ■ RIP (Routing Information Protocol) ■ EIGRP (Enhanced Interior Gateway Routing Protocol) ■ OSPF (Open Shortest Path First) ● Routes that are manually entered by an administrator are known as static routes

IPv4 Basics ● 32-bit address ● Notated in dotted decimal format ○ Four groups of 8 bits, converted to decimal, with a dot between each ○ 11000000101010000000000100000001 turns into

Andrew Crouthamel

● ● ●



Cisco CCNA Training Notes

20

11000000.10101000.00000001.00000001 which turns into 192.168.1.1 ○ Each 8-bit group is called an octet Often the network and host separation happens as one of the end of an octet Every 8 bits is also called a byte Binary to Decimal Conversion ○ Uses positional notation ■ 128 64 32 16 8 4 2 1 ■ 1 1 0 0 0 0 0 0 ■ = 192; add up the positions ■ Binary is a base 2 numbering system so bits can only be on or off, 1 or 0 ○ Do binary to decimal conversion for each octet of an IP address to get dotted decimal notation Decimal to Binary Conversion ○ Same positional notation system as above but in reverse ○ Similar to long division from grade school ■ Does 128 fit into 192? Yes, 1 ■ Does 64 fit into 64? Yes, 1 ■ Does 0 fit into 0? No, 0 ○ Do decimal to binary conversion for each octet of an IP address to get binary notation

IPv4 Address Types ● Network Address ○ First IP of a network, reserved and cannot be used by a host ○ Common way to refer to a network by “name” ● Broadcast Address ○ Last IP of a network, reserved and cannot be used by a host ○ All hosts respond to traffic on this IP ● Host Address ● Network Prefixes ○ Prefix length is the number of bits in the network portion of the address ○ When converted to decimal, it gives you a subnet mask. ○ Important for subnetting and Classless Inter-Domain Routing (CIDR, pronounced see-dur) ○ Common to refer to a network combining the Network Address and Prefix, ex. “It’s the 10.1.0.0 /26 network” ● Calculating Addresses ○ Number of prefix bits starts from the left and is called the network bits ○ The remaining bits on the right side are called the host bits ○ All 0’s on the host bits is the network address ○ All 1’s on the host bits is the broadcast address

Andrew Crouthamel

Cisco CCNA Training Notes

21

○ All remaining bits in-between are the usable addresses ○ Show example of IP address in binary with network/host division ● Packet Types ○ Unicast - one to one ○ Multicast - one to many ■ Basic functionality is to be sent to all machines, works like a limited broadcast, but only certain machines listen and respond. If you need to send multicast over VLANS/subnets, you will need to specially retransmit the traffic in your router (Bonjour has this problem) ■ Some situations have multicast clients register with a server or switch, so traffic only goes to specific computers, like a bunch of unicasts ○ Broadcast - one to all ■ Limited broadcast - 255.255.255.255 - Does not get forwarded by routers ■ Directed broadcast - 192.168.1.255 - Gets forwarded by routers ● IP Ranges ○ Host Addresses - 0.0.0.0 to 223.255.255.255 ■ RFC - 790 ○ Multicast Addresses - 224.0.0.0 to 239.255.255.255 ■ RFC - 1700 ○ Experimental Addresses - 240.0.0.0 to 255.255.255.254 ■ RFC - 1700, 3330 ■ Not routable ○ Private Addresses - 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 ■ RFC - 1918 ■ Not routable on the Internet ■ NAT - Network Address Translation, allows you to “hide” many private IPs behind a public IP, as well as translate between different IP subnets if needed ○ Public Addresses - The remaining IPs from the Host Addresses, minus the Private Addresses ● Special IPv4 Addresses ○ Default route - 0.0.0.0 ■ Catch-all for traffic, used as the route pointing to your “default gateway” or “gateway of last resort” ■ The reasoning for this will make more sense when we get into subnetting and the ANDing process ■ Not routable ○ Loopback - 127.0.0.1 ■ Sends traffic to your own IP stack on the host you run it from, used to test the driver/NIC (Network Interface Card) ■ Not routable ○ Link-Local - 169.254.0.0 to 169.254.255.255 ■ Automatically self-assigned to a host when no DHCP (Dynamic Host

Andrew Crouthamel

Cisco CCNA Training Notes

22

Configuration Protocol) server is found ■ Also called the APIPA (Automatic Private IP Addressing) address ■ Not routable ○ TEST-NET Address - 192.0.2.0 to 192.0.2.255 ■ Set aside for teaching purposes

IPv4 Subnetting ● Used to have Classful Networking - Subnet was based on first octet and there was no Network Address Translation (NAT), everyone used “Public IPs”. ○ Class A ■ First octet 1-127 ■ /8 - 255.0.0.0 ■ 128 nets, 16,777,214 hosts per net ○ Class B ■ First octet 128-191 ■ /16 - 255.255.0.0 ■ 16,384 nets, 65,534 hosts per net ○ Class C ■ First octet 192-223 ■ /24 - 255.255.255.0 ■ 2,097,150 nets, 254 hosts per net ○ Class D (multicast) ■ First octet 224-239 ○ Class E (reserved) ■ First octet 240-255 ● Now use classless subnetting to make smaller networks, NAT, VLSM, etc ● Good for logical or physical dividing of a network to simplify management and security ○ Access Control Lists (ACLs) ● Router (or Layer 3 switching) needed to communicate between subnets ● You have network bits and host bits in an address ● Prefix and subnet mask are same thing ○ Prefix refers to number of network bits ○ Subnet mask is dotted decimal conversion of the prefix ● Subnets are created by “borrowing” from the host bits ● Based on powers of two, so one bit borrowed, two subnets created, 2 buts, four subnets, etc ● Parts of a subnet ○ Network address ■ All host bits set to 0 ○ First host address ■ All host bits set to 0 except last host bit set to 1

Andrew Crouthamel

Cisco CCNA Training Notes

23

○ Last host address ■ All host bits set to 1 except last host bit set to 0 ○ Broadcast address ■ All host bits set to 1 ● Formulas ○ Number of subnets - 2^n (n = number of network bits) ■ n can also be number of bits borrowed to determine number of subnets created from existing network ○ Number of hosts - 2^n (n = number of host bits) ■ Includes network and broadcast address ○ Number of valid hosts - 2^n-2 (n = number of host bits) ■ Hosts cannot use network and broadcast addresses ● Basic steps ○ Write binary placeholders down ○ Mark out the 1 and 0 bits for the network portion of an IP ○ Draw a vertical line after the last prefix bit ○ Count from 0 upwards by the placeholder to the left of the line ○ One can use these basic steps to either determine network address of an IP/prefix, or create properly sized subnets by counting up by the chosen placeholder ● Variable Length Subnet Masks (VLSM) ○ Same idea as classless subnetting, but you can subnet a subnet ○ Good for organization of IP schemes in large environments ○ Efficient, no wasting of IP space due to subnets that are too large and reduced broadcast issues

IPv6 Addressing Basics ● Designed to solve IPv4 exhaustion ● 128-bit addressing ● Hexadecimal notation ○ Hex digits are 0-9 and A-F for 16 possible bits ○ Sets of 4 hex digits in 8 places ■ Separated by colons : ○ 4 hex digits = 16 binary digits ○ Leading zeros 0000:0000:000 can be truncated ○ One section of zeros can be truncated with two colons ■ 1234:0000:0000:0000:4321 ■ 1234::4321 ● Header simplified ● No dotted decimal subnet mask, only notated with prefix length ○ 1234:000:000:4321/64

Andrew Crouthamel

Cisco CCNA Training Notes

24

● Unicast ○ Uniquely identifies an interface on an IPv6 device. ○ Global unicast ■ Globally unique, routable addresses ■ Static or DHCP ○ Link-local ■ Unique only on same subnet, not routable ■ Used to communicate on same subnet ■ Used for routing protocol communication and default gateway address ○ Loopback ■ Same as IPv4 loopback, to test the TCP/IP stack and NIC ■ Cannot be assigned to an interface ■ All zeros except last bit is 1 ● ::1/128 or ::1 ○ Unspecified address ■ Used as a source address when device does not yet have a permanent address or the source is irrelevant ■ Cannot be assigned to an interface ■ All zeros ● ::/128 or :: ○ Unique local ■ Similar to IPv4 RFC 1918 addresses ■ Used for local addressing at a location ■ Not routable to the global IPv6 ■ FC00::/7 to FDFF::/7 ■ Not recommended by the IETF to be used like IPv4 NAT/PAT ○ IPv4 embedded ■ Used for transition from IPv4 to IPv6 ● Multicast ○ Send to multiple destinations ● Anycast ○ A unicast address assigned to multiple devices ○ Packets sent to the anycast address are routed to the nearest device ● IPv6 Subnetting ○ Not done to conserve IPs but only for logical organization reasons ○ Can look cleaner since you can just count up in hexadecimal in the Subnet ID ■ 2001:0DB8:ACAD:0000::/64 ■ 2001:0DB8:ACAD:0001::/64 ■ 2001:0DB8:ACAD:0002::/64 ○ Can also borrow from the Interface ID like in IPv4, when borrowing host bits

Andrew Crouthamel

Cisco CCNA Training Notes

25

IPv6 Unicast and Multicast ● Global Unicast Addresses ○ Has three parts: ■ Global routing prefix ■ Subnet ID ■ Interface ID ○ Global Routing Prefix ■ Network portion of the address assigned by the provider. ■ Currently /48s are assigned to all individuals and companies ○ Subnet ID ■ Used by organizations ○ Interface ID ■ Same as the host portion of an IPv4 address ○ Configuration ■ Usually can use ipv6 instead of ip to configure ■ ex. ipv6 address 2001:db8:abcd:1::1/64 ○ Can be provided dynamically ■ Stateless Address Autoconfiguration (SLAAC) ■ DHCPv6 ● Stateless Address Autoconfiguration (SLAAC) ○ Retrieve prefix, prefix length, and default gateway from an IPv6 router without DHCPv6 ○ Uses Router Advertisement (RA) messages (ICMPv6) ○ RAs are periodically sent to all IPv6 devices from routers ■ Every 200 seconds by default to the all-nodes multicast group ○ IPv6 devices do not have to wait for the RA messages ■ Can send a Router Solicitation (RS) message using the all-routers multicast group address ■ Router will then respond with a router advertisement ○ To enable a router for IPv6 routing “ipv6 unicast-routing” must be entered in global configuration ○ RA message will describe how to configure ■ SLAAC only ● Device will use the prefix, prefix-length, and default gateway address from the RA ■ SLAAC and DHCPv6 ● Device will use the prefix, prefix-length, and default gateway address from the RA and obtain other parameters such as DNS servers from DHCPv6 ■ DHCPv6 only

Andrew Crouthamel

Cisco CCNA Training Notes

26

● Device will not use information in the RA message, but obtain all parameters from DHCPv6 ● DHCPv6 ○ Similar to DHCP in IPv4 ○ In the ICMPv6 RA ■ Option 1 specifies using SLAAC only ■ Option 2 specifies using SLAAC and DHCPv6 ■ Option 3 specifies using DHCPv6 only ○ With SLAAC only or SLAAC with DHCPv6, the client must determine its own Interface ID using EUI-64 or generating a random number ● EUI-64 ○ Extended Unique Identifier (EUI) ○ Users the 48-bit Ethernet MAC address from the client and inserts 16 bits into the middle to create the Interface ID. ■ 16-bits = FFFE ■ 24-bit OUI + 16-bit FFFE + 24-bit Device Identifier ● Dynamic Link-Local Addresses ○ Created using FE80::/10 prefix and the Interface ID ● Static Link-Local Addresses ○ ex. ipv6 address link-local-address 2001:db8:abcd:1::1/64 ● Verifying IPv6 Configuration ○ show interface ○ show ipv6 interface brief ○ show ipv6 route ● Multicast Addresses ○ Have the prefix FF00::/8 ○ Assigned multicast ■ Reserved addresses for group of devices ■ Used with specific protocols ■ FF02::1 - All-nodes multicast group ● All IPv6 devices join this group ● Acts like broadcast for IPv4 ● RA messages go to this group ■ FF02::2 All-routers multicast group ● All IPv6 routers join this group ● Acts like broadcast for IPv4 ● RS messages go to this group ● Solicited Node Multicast ○ Matches only the last 24 bits of the IPv6 global unicast address ○ FF02:0:0:0:0:FF00::/104 plus the last 24 bits of the IPv6 unicast address

Andrew Crouthamel

Cisco CCNA Training Notes

27

IPv6 Testing Connections ● ICMP ○ Often used for testing ○ ICMPv4 Destination Unreachable ■ 0 - network unreachable ■ 1 - host unreachable ■ 2 - protocol unreachable ■ 3 - port unreachable ○ ICMPv6 has similar Destination Unreachable messages ○ ICMPv4 Time Exceeded ■ Packet cannot be forwarded because TTL reached 0 ■ When a router receives and decrements the TTL to 0, it discards and sends Time Exceeded to the source host ○ ICMPv6 is similar, it sends Time Exceeded but does not have TTL, it uses the hop limit field ○ ICMPv4 Redirect Message ■ Notifies the host that a better route is available for a destination ○ ICMPv6 has the same message ○ ICMPv6 has four new protocols ■ Part of the Neighbor Discovery Protocol (ND/NDP) ● Router Solicitation ● Router Advertisement ● Neighbor Solicitation ● Neighbor Advertisement ■ Router Solicitation ● When a host uses SLAAC, the host will send an RS message ■ Router Advertisement ● Sent by a router in response to an RS, providing parameters for a host ■ Neighbor Solicitation and Neighbor Advertisement ● Used for address resolution and Duplicate Address Detection (DAD) ● Similar to ARP, address resolution is used to determine MAC of a destination ○ NS will be sent to the solicited node address ○ NA will be sent in response with MAC address ● To perform DAD ○ A device will send an NS with its own IP as the targeted address ○ If another device has it, it will send an NA in response

Andrew Crouthamel

Cisco CCNA Training Notes

28

● Testing Commands ○ Ping ■ Local loopback to test TCP/IP stack of device ● IPv4 - 127.0.0.1 ● IPv6 - ::1 ■ Test connectivity to other devices ● Either local (LAN) or external (WAN) ○ Traceroute ■ Uses the TTL of IPv4 and the hop limit of IPv6 to map the route a packet will take ■ TTL/hop limit will start at 1 ● First router will decrement and send a Time Exceeded ■ TTL/hop limit will then be set to 2 ● First router will decrement to 1, pass it on ● Second router will decrement to 0, send a Time Exceeded ■ Process repeats until destination is reached ■ Traceroute application records this data and presents it as a printout to the user

Data Link Layer Basics ● ● ● ●

TCP/IP network access layer is the same as OSI Layers 1 and 2 Packages packets into frames Does media access control and error detection Two sublayers ○ Logical Link Control (LLC) ■ Identifies which protocol is used for the frame ■ Places identifier into the frame ○ Media Access Control (MAC) ■ Provides data link layer addressing ■ Delimiting of data according to physical signaling needs of medium to be transmitted across ● Can change for each link between each device from source to destination ○ ex. Fiber -> Ethernet -> Frame Relay -> Wi-Fi ○ Encapsulates and de-encapsulates each hop ● Generally standardized and defined by a number of organizations, unlike higher level which is mostly by IETF ○ Institute of Electrical and Electronics Engineers (IEEE) ○ International Telecommunication Union (ITU) ○ International Organization for Standardization (ISO) ○ American National Standards Institute (ANSI) ● Header

Andrew Crouthamel

● ●









Cisco CCNA Training Notes

29

○ Control information in beginning of PDU ○ Fields ■ Start Frame ● Indicates beginning of frame ■ Source and Destination Address ● Indicates source and destination devices ■ Type ● Indicates upper layer service ■ Priority/Quality of Service ● Indicates a particular service level ■ Logical connection control ■ Physical link control ■ Flow control ■ Congestion control Data ○ IP header, transport layer header, application data Trailer ○ Control information for error detection at end of PDU ○ Transmitting device creates a cyclic redundancy check (CRC) and places it in the Frame Check Sequence (FCS) field ○ Receiving device calculates its own CRC and checks the FCS field if configured to do so ■ Drops frame if CRC is different Media Access Control ○ Topology ■ How the connections between devices is to operate ○ Media Sharing ■ How the devices share the media, what rules to follow Address ○ Only used on media link between two communicating devices ○ Specific to one interface on one device ■ Has to be unique Common protocols ○ Ethernet ○ Point-to-Point Protocol (PPP) ○ 802.11 Wireless ○ High-Level Data Link Control (HDLC) ○ Frame Relay Ethernet Frame ○ Most common LAN protocol ○ IEEE 802.2 and 802.3 ○ Supports 10Mbps, 100Mbps, 1Gbps, and 10Gbps ○ Uses CSMA/CD as the media access method

Andrew Crouthamel

Cisco CCNA Training Notes

30

○ Uses Ethernet MAC address, 48 bit hexadecimal identifier ● Point-to-Point Protocol (PPP) ○ Used to deliver between two nodes ○ Used on many Serial WAN connections ○ Defined in RFCs, not IEEE standards ○ Uses logical connections between nodes to separate them from physical architecture ● 802.11 Wireless ○ Uses same 802.2 LLC and 48-bit addressing scheme as other 802 LANs ○ Uses CSMA/CA as the media access method ■ Slightly slower by design, than CSMA/CD for Ethernet ■ Uses a random backoff timer for all nodes wishing to transmit ● When airwaves become clear, nodes wait random amount of time before transmitting, hopefully preventing a collision ● This is because collision detection is not reliable on wireless

Physical Layer Basics ● ● ● ● ● ● ● ●





All communications need some sort of physical connection Can be wired, using electrical pulses with a cable of various specifications Can be wireless, using radio waves of various of specifications Wired is the backbone of almost all networks ○ Requires switches to provide user connectivity Wireless is now very common ○ Requires Wireless Access Points (WAP) to support devices Many homes receive a home router from their ISP which will include wired and wireless functionality Network Interface Cards (NICs) connect a device to a network ○ Can be wired or wireless, supporting a variety of specifications Defines how to encode and transmit the bits of data from the upper layers over a specified media type ○ Data is segmented by the transport layer, placed into packets by the network layer, encapsulated as frames by the data link layer, then further encoded and transmitted in certain patterns by the physical layer Three basic network media ○ Copper cable ■ Electrical pulses ○ Fiber-optic cable ■ Patterns of light ○ Wireless ■ Patterns for radio waves Many organization define physical layer standards

Andrew Crouthamel

● ●



● ●







Cisco CCNA Training Notes

31

○ International Organization for Standardization (ISO) ○ Telecommunications Industry Association/Electronic Industries Association (TIA/EIA) ○ International Telecommunication Union (ITU) ○ American National Standards Institute (ANSI) ○ Institute of Electrical and Electronics Engineers (IEEE) ○ Federal Communication Commission (FCC) ○ European Telecommunications Standards Institute (ESTI) ○ Regional and local standards groups Comprised of physical components, hardware devices, media Data is taken and encoded into a defined pattern or code ○ Allows data to be more efficiently transmitted, less bits can be used to represent a larger amount of bits ■ Think compression, like ZIP files ○ Manchester encoding ■ A 0 is a high to low voltage transition ■ A 1 is a low to high voltage transition ■ Used by older versions of Ethernet ○ Non-Return to Zero (NRZ) ■ Either zero or one, no neutral position ■ A 0 and 1 represented by different specific voltages ■ Common encoding ○ Faster transmission methods use more advanced encoding methods, such as 4B/5B or 8B/10B Asynchronous transmission ○ Transmitted without an associated clock signal, time spacing may be arbitrary ○ Requires start and stop flags Synchronous transmission ○ Transmitted with an associated clock signal Modulation ○ Frequency Modulation (FM) ○ Amplitude Modulation (AM) ○ Pulse-Coded Modulation (PCM) Bandwidth is the capacity of a medium to transmit data ○ Measured in bits per second ■ Kbps, Mbps or kb/s, Mb/s ○ Maximum bandwidth differs based upon physical media type Throughput ○ Measure of the transfer of bits over a medium during a period of time ○ Factors such as amount of traffic, type of traffic, latency affect throughput ○ Different protocols will have different throughputs on the same medium (and such, same bandwidth capability) Goodput

Andrew Crouthamel

Cisco CCNA Training Notes

32

○ Throughput minus traffic overhead

Network Media ● Copper Cabling ○ Transmitted as electrical pulses ○ Interference ■ Electromagnetic Interference (EMI) ● Fluorescent lights ■ Radio Frequency Interference (RFI) ● Microwaves ■ Crosstalk ● Wires picking up electrical signals of adjacent neighbors ■ Use of twisted pairs and shielding combat interference ■ Separation of wires from EMI/RFI sources ○ Unshielded Twisted-Pair (UTP) ■ Four pairs of color-coded wires ○ Shielded Twisted-Pair (STP) ■ Same as UTP but with wire mesh or foil ● One option is to have foil or wire mesh surrounding the bundle of pairs ● Second option is to have foil or wire mesh surrounding each twisted pair and entire bundle of pairs ○ Coaxial Cable ■ Single copper conductor in center ■ Conductor surrounded by flexible plastic insulation ■ Plastic insulation surrounded by copper mesh ■ Copper mesh surrounded by a jacket ● UTP Cabling ○ Four pairs of color-coded wires twisted together and in a flexible plastic sheath ○ Cat 5 ○ Cat 5e ○ Cat 6 ○ Cat 6a ○ RJ-45 connection ○ Types of UTP ■ Straight-through ● Most common, used for connecting most devices, such as host to switch ■ Crossover ● Used to connect similar devices together, such as host to host or switch to switch

Andrew Crouthamel

Cisco CCNA Training Notes

33

● Often no longer needed, with Auto-MDIX functionality ■ Rollover ● Cisco cable used for console connection ● Fiber Optic Cabling ○ Made of glass fiber ○ Flexible but fragile, cannot bend sharp corners ○ Immune to EMI and RFI ○ Uses ■ Backbone of larger networks ■ Fiber-to-the-home ■ Long distances ■ Underwater ○ Composition ■ Core - Glass fiber ■ Cladding - Glass surrounding core and acts as a mirror ■ Jacket - PVC protection ○ Light pulses generated by two devices ■ Lasers ■ Light Emitting Diodes (LEDs) ○ Single-Mode fiber (SMF) ■ Uses laser ■ Often used for long distance runs ○ Multi-Mode fiber (MMF) ■ Uses LED ■ More economical, used for shorter distances ○ Connectors ■ Straight-Tip (ST) ● Older connector used with multimode ■ Subscriber Connector (SC) ● Very popular, supports both fiber types ■ Lucent Connector (LC) ● Gaining popularity, supports both fiber types ■ Many other types that are falling out of favor or now obsolete ○ Troubleshooting ■ Misalignment ■ End gap ■ End finish ● Wireless Media ○ Coverage is highly dependant on frequency used and material of walls and floors ○ Interference can be an issue as many devices operate on 2.4 Ghz ○ Security is an issue due to all transmissions being out in the open, not restrained to a cable ■ Encryption now helps solve some of this problem

Andrew Crouthamel

Cisco CCNA Training Notes

34

○ IEEE Standards ■ 802.11 ● WLAN technology, known as Wi-Fi, has many variants (a/b/g/n/ac) ■ 802.15 ● WPAN technology, known as Bluetooth ■ 802.16 ● Worldwide Interoperability for Microwave Access (WiMAX) ■ Each have their strengths and weaknesses ○ Wireless Access Points (APs) ■ Provides access for wireless devices, a pure AP does not provide DHCP, routing, firewall, or other features. ○ Wireless NIC adapters ■ Provides wireless functionality to devices ○ Wi-Fi Standards ■ IEEE 802.11a ● 5 GHz ● 54 Mb/s ■ IEEE 802.11b ● 2.4 GHz ● 11 Mb/s ■ IEEE 802.11g ● 2.4 GHz ● 54 Mb/s ■ IEEE 802.11n ● 2.4 or 5 GHz ● 100-600 Mb/s ■ IEEE 802.11ac ● 2.4 and 5 GHz ● 250 Mb/s and 1.3 Gb/s ■ IEEE 802.11ad (WiGig) ● 2.4 GHz, 5 GHz, and 60 GHz ● 7 Gb/s

Topology Basics ● Different Data Link protocols have different topologies ● Physical Topology ○ How devices physically are connected ● Logical Topology ○ How a network transfers frames from one device to the next ● WAN Topologies ○ Point-to-Point

Andrew Crouthamel

Cisco CCNA Training Notes

35

■ Physical could be one cable interconnecting devices ■ Logical is similarly one connection between devices, but could span physical connections ○ Hub and Spoke ■ ○ Mesh ● LAN Topologies ○ Star - Modern Ethernet ○ Extended Star - Modern Ethernet ○ Bus - Legacy Ethernet ○ Ring - Token Ring, Fiber Distributed Data Interface (FDDI) ● Duplex ○ Half - One side talks at a time as the other listens ○ Full - Both sides can talk at the same time and listen at the same time ○ 10/100 offered Half/Full, meaning when enabled for Full they were really 20/200 ○ Gigabit is Full only ● Media Access Control methods ○ Contention-based access ■ All nodes compete for the use but have a method in place to deal with collisions (most modern networks) ■ Carrier sense multiple access with collision detection (CSMA/CD) ● Monitors for signal on the wire, when clear transmit is acceptable. If a collision of multiple transmits is detected, all devices stop and wait a random amount of time to retransmit. ● Switching in modern networks eliminates the need for CSMA/CD due to the collision domain being limited between host and intermediary device ● Ethernet ■ Carrier sense multiple access with collision avoidance (CSMA/CA) ● Monitors for signal in the air, when clear transmit is acceptable. ● WiFi ○ Controlled access ■ Each node has a slot of time to use ● Token Ring ● Fiber Distributed Data Interface (FDDI)

Ethernet Basics ● Most common LAN technology now ● Operates on Data Link layer ● Supports many speeds ○ 10 Mb/s

Andrew Crouthamel



● ● ● ● ● ●

● ● ● ● ●

Cisco CCNA Training Notes

36

○ 100 Mb/s ○ 1000 Mb/s (1 Gb/s) ○ 10,000 Mb/s (10 Gb/s) ○ 40,000 Mb/s (40 Gb/s) ○ 100,000 Mb/s (100 Gb/s) Two sublayers ○ LLC ■ Handles communication between upper and lower layers ■ Takes IP packet and adds control information ■ Implemented in software ○ MAC ■ IEEE 802.3 ■ Data encapsulation ● Frame delimiting in beginning ● Addressing with MAC address ○ 48 bits, 24 bit vendor code assigned by IEEE, 24 bit generated by vendor “burned into” NIC ○ Must be unique ○ Formatted with dashes, colons, or decimals ● Error detection with CRC in trailer ■ Media access control ● Placement and removal of frames onto the media ■ Implemented in hardware DIX Ethernet standard now referred to as Ethernet II, the most common frame Minimum frame size is 64 bytes Maximum frame size is 1518 bytes Less than 64 bytes is a collision fragment or runt frame and is discarded IEEE 802.3ac extended maximum size to 1522 bytes to allow for VLANs Ethernet frame fields ○ Preamble ○ Start Frame Delimiter ○ Destination MAC Address ○ Source MAC Address ○ Length ○ Data ○ Frame Check Sequence (FCS) Uses Hexadecimal system, base 16 Cisco uses XXXX.XXXX.XXXX, many other operating systems use XX:XX:XX:XX:XX:XX or XX-XX-XX-XX-XX-XX Used on Layer 2 Unicast address is the unique address of the destination or source NIC Broadcast address is all F’s ○ FF-FF-FF-FF-FF-FF

Andrew Crouthamel

Cisco CCNA Training Notes

37

● Multicast addresses start with 01-00-5E ● Devices will have both MAC (Layer 2, physical) and IP (Layer 3, logical) addresses ○ IP can change, MAC does not (usually)

Address Resolution Protocol (ARP) ● Address Resolution Protocol (ARP) helps a node determine the MAC address of the next device it needs to send to on the Ethernet link. ● ARP has requests and replies ● Resolves IPv4 addresses to MAC addresses ● Maintains a table of mappings ● There is also a Reverse ARP ● Commands ○ On a Cisco router: show ip arp ○ On Windows 7: arp -a - Shows all ARP entries ○ On Windows 7: netsh interface ip delete arpcache - Deletes all ARP entries ● Causes some overhead due to broadcast functionality ○ Switches reduce broadcast traffic if configured for VLANs ● Can easily spoof ARP replies, called ARP poisoning

Switch Basics ● Most devices now are connected to a switch instead of a hub or in-line as was the case many years ago ● Ethernet is a logical bus topology usually deployed in a star or extended star physical topology ● Switch types ○ Fixed ■ Cannot add new features, boards, ports, etc. Only upgradable through software if managed ■ Unmanaged and managed versions ■ Some models are stackable with special cables, or fiber cables ○ Modular ■ Has a main chassis with board slots ■ Choice of management consoles, ports, firewall features, etc. ● Individual ports can be sometimes swapped out for different types ○ Called Switch Form-Factor Pluggable (SFP) Modules ● Operation ○ Use MAC addresses to decide what ports to send traffic to ○ Builds a MAC address table as it learns what traffic is coming from which ports ○ If no destination port is in MAC table, switch forwards the frame on all ports

Andrew Crouthamel

● ●





Cisco CCNA Training Notes

38

except originating port ○ Responding device gets recorded into MAC table for future use ○ If there is another switch downstream on one port, all responding MAC addresses get recorded to the MAC table for that port Switches can automatically negotiate speed, duplex, and MDIX settings (on newer ones) ○ Can also manually set these values for each port on a managed switch Medium Dependent Interface (MDI/MDIX) ○ mdix auto ○ MDI/MDIX refers to how the transmit/receive wires are arranged on on a port of a internetworking device ■ Transmit on one side connects to receive on the other ○ MDI for hosts and routers, MDIX for switches ○ Auto-MDIX in newer switches now detects and swaps a port to MDI/MDIX as needed Forwarding methods ○ Store-and-forward ■ Switch receives the whole frame, runs a Cyclic Redundancy Check (CRC) and then forwards if valid ■ Slower ○ Cut-through ■ Reads the destination MAC and then forwards right away, no buffering of full frame or error checking ■ Faster ■ Variants ● Fast-forward ○ Reads the destination MAC and then forwards right away, no buffering of full frame or error checking ● Fragment-free ○ Stores the first 64 bytes of the frame before forwarding. ○ Faster than store-and-forward, slower than fast-forward, but catches most errors and collisions without a CRC. Memory Buffering ○ Port-based ■ A queue for each port ■ Can cause delay for other frames on other ports ○ Shared ■ A common queue for all ports ■ Dynamically allocated memory per port ■ Allows for larger frames to be transmitted

IOS Device Basics

Andrew Crouthamel

Cisco CCNA Training Notes

39

● Cisco’s Internetwork Operating System (IOS) is the term for the Operating System software installed on most Cisco products ● Stored on flash, non-volatile ● Loaded into RAM on boot ● Connecting to IOS ○ Console - Looks like an RJ-45 ethernet connection but blue ■ Bits per sec: 9600 ■ Data bits: 8 ■ Parity: none ■ Stop bits: 1 ■ Flow control: none ○ Telnet ○ SSH ○ AUX - Older modem connection method ● Privilege modes - Different looking prompt for each ○ User executive (User EXEC) ■ Limited, basic show commands ■ Router> ○ Privileged executive (Privileged EXEC) ■ Similar to “root” on Linux, can show anything and access global configuration mode ■ Use enable to enter mode ■ Use disable to leave mode ■ Router# ○ Global configuration mode ■ Needs do preceding commands from the executive modes, such as do show run ■ Can access submodes for configuration of interfaces and such ■ Use configure terminal or config t to enter mode ■ Command exit takes you out of a config submode one level, end takes you back to Privileged EXEC ■ Router(config)# ● Commands are similar to those in other OS ○ command arguments ○ show running-config ○ description ISP Connection ● You can use Tab key to auto-complete commands ○ show run becomes show running-config ● You can use the question mark to get a list of compatible commands or arguments ○ sh? displays show ○ show? displays running-config, startup-config ● CLI will display problems with command, use of Tab and question mark help reduce problems

Andrew Crouthamel

Cisco CCNA Training Notes

40

● Up and Down arrows cycle through last entered commands ● Simple command examples ○ show running-config ○ show startup-config ○ show interfaces ○ show ip interfaces brief ○ show version ● Spacebar or Enter can be used at the --More-- prompt. Enter will scroll one line, space bar a full page

IOS Command Basics ● Choose a naming convention for hostnames ● Hostname configuration commands ○ enable ○ config t ○ hostname MySwitch ● Passwords ○ Enable password ■ Access to privileged EXEC mode, non-encrypted or poorly encrypted in config ■ enable password MyPassword ■ service password-encryption ● Hides password from onlookers in config but can easily be decrypted ○ Enable secret ■ Access to privileged EXEC mode, encrypted in config ■ enable secret MyPassword ○ Console password ■ Access to console ■ line console 0 ■ password MyPassword ■ login ○ VTY password ■ Access over Telnet/SSH ■ line vty 0 15 ■ password MyPassword ■ login ● Banners ○ banner motd # message # ■ Shown to all connections ○ banner login # message #

Andrew Crouthamel

Cisco CCNA Training Notes

41

■ Shown to only services that have login defined ● Saving ○ copy running-config startup-config ○ write memory ● reload ● erase ○ For NVRAM ● delete vlan.dat ○ For flash memory ● One can use TFTP to copy IOS files from flash to a server ● show flash ● copy flash: tftp: ● c1900-universalk9-mz.SPA.152-4.M3.bin ● 192.168.1.100 ● Selecting a new IOS file to boot from ○ boot system flash0://c1900-universalk9-mz.SPA.152-4.M3.bin

Switch Configuration Basics ● Boot sequence ○ Power-On Self-Test (POST) from ROM ○ Loads boot loader from ROM ○ Starts the CPU ○ Initializes flash ○ Loads the IOS from flash and continues booting the OS ● Can recover from a forgotten password or system crash with boot loader ○ Connect a PC to the console port ○ Restart switch ○ Within 15 seconds press and hold the Mode button while the System LED is flashing green ○ Continue to hold Mode until the System LED turns amber and then solid green ○ Release the Mode button ○ The console will display “switch:” as the prompt ● LEDs ○ System LED - Power up/down ○ Redundant Power System (RPS) LED - Power up/down ○ Port Status LED - Link up/down, amber means blocked ○ Port Duplex LED - Green is full duplex, off is half ○ Port Speed LED - Green is 100 Mbps, blinking green is 1 Gigabit, off is 10 Mbps ○ Power of Ethernet (PoE) LED - Power up/down ● VLAN 1 is default management VLAN ○ Recommended to change it, but do not remove VLAN 1 completely

Andrew Crouthamel

Cisco CCNA Training Notes

42

● To manage a switch, a Switch Virtual Interface (SVI) must be configured ○ This is essentially an interface/IP for a specific VLAN ● SVI configuration ○ vlan 99 ○ name Management ○ interface f0/1 ○ switchport access vlan 99 ○ interface vlan 99 ○ ip address 192.168.99.1 255.255.255.0 ○ no shutdown ○ ip default-gateway 192.168.1.1 ● Speed and duplex configuration ○ interface f0/1 ○ duplex auto ○ speed auto ● MDIX configuration ○ interface f0/1 ○ mdix auto ● show interfaces - Shows detailed information on interface configuration

Switch Security Basics ● Secure Shell (SSH) ○ Encrypts shell access ○ SSH uses TCP port 22 ○ Telnet uses TCP port 23 ○ Recommended remote access method ● SSH Configuration ○ show ip ssh - Will display result if device has cryptographic features enabled ○ ip domain-name mydomain.com ○ crypto key generate rsa ○ username UserLogin password UserPassword ○ line vty 0 15 ○ transport input ssh ○ login local ● Common Security Attacks ○ MAC Address Flooding ■ Generating thousands of MAC addresses and sending them out onto the wire, causing a switch to learn too many and causing a CAM table overflow ■ This crashes the switch or puts it into fail-open mode ● Fail-open mode makes the switch act like a hub, flooding all

Andrew Crouthamel

Cisco CCNA Training Notes

43

frames everywhere, so attacker can capture whatever they want ■ Can be mitigated with port security options ○ DHCP Spoofing ■ Attacker floods DHCP server with requests, using up all available leases ■ Attacker then sets up their own DHCP server to provide leases to clients, usually with a different DNS server, default gateway set to the attack computer, redirecting all traffic through it for capture ■ Can be mitigated with DHCP snooping and port security options ○ CDP ■ CDP is enabled on all ports by default ■ Provides useful information to an attacker capturing data on their access port ■ Can be mitigated by disabling CDP or disabling it on access ports ● Best Practices ○ Use secure communications methods ○ Encrypt passwords in configuration file ○ Control physical access to devices ○ Shut down unused ports ○ Use port security features ○ Use Access Control Lists (ACLs) ● Security Tools ○ nmap ○ Nessus ○ Metasploit ○ Brute force crackers ○ Kali (BackTrack) Linux distro

Switch Port Security ● Disable unused ports ○ shutdown ○ Can use interface-range command to apply to many ports at once ● DHCP snooping tells the switch what ports can respond to DHCP requests ○ ip dhcp snooping - Enables globally ○ ip dhcp snooping vlan - Enables specific VLAN ○ ip dhcp snooping trust - On specific interfaces ● Port security ○ switchport mode access - Remove it from a dynamic port status ○ Static MAC security - Only configured MAC address is allowed ■ switchport port-security mac-address ○ Dynamic MAC security - Learned during operation, stored in address table ○ Sticky MAC security - Learned during operation, stored in address table and

Andrew Crouthamel

Cisco CCNA Training Notes

44

running config ■ switchport port-security mac-address sticky ■ switchport port-security maximum 2 ○ Port Security Violation Modes ■ Protect - Once the limit of MAC addresses is reached, unknown source addresses are dropped until MACs are removed or limit is raised. No violation notification ■ Restrict - Same as Protect but with violation notification ■ Shutdown - This is the default mode. Immediately shuts down a port when an unknown MAC is seen. Violation notification ■ switchport port-security violation ○ show port-security ○ show interface - Displays err-disabled status ○ show port-security interface - Displays secure-shutdown status ● Network Time Protocol (NTP) ○ Retrieves time information from local or remote servers ○ Common to use domain controllers or other servers on a domain to ensure all are synchronized ○ pool.ntp.org or more specific sub-pools such as us.pool.ntp.org also commonly used ○ ntp server - Use specified server for time data ○ ntp master - Allow device to be queried for time data ○ show ntp associations - Display peers connected ○ show ntp status - Display NTP information

VLAN Basics ● ● ● ● ●

Virtual LANs, or VLANs segment your network on the Layer 2 boundary Often used to segment based on logical business group or type of device ACLs can be used to limit access between VLANs improving security Performance is improved by reducing broadcast domains VLAN types ○ Data - Most common VLAN, for PCs, servers, and other data devices ○ Voice - Used for VoIP phones, often paired with a Data VLAN on an access port for a workstation ■ Often configured with a special command, different from defining a trunk, although operation is essentially the same ○ Management - Used for remote administration of internetwork devices ○ Default - All ports are member of VLAN 1, the default VLAN upon initialization ○ Native - On an 802.1Q trunk port, untagged traffic is put onto this VLAN, by default this is VLAN 1 ■ Each trunk link can have a different native VLAN ID

Andrew Crouthamel

Cisco CCNA Training Notes

45

● show vlan or show vlan brief ● VLAN Trunks ○ Standard is IEEE 802.1Q ○ Trunks allow multiple VLANs to be transmitted across one link, usually between internetwork devices such as switches ○ Links with workstation PCs and VoIP phones are special trunks with a Data and Voice VLAN on them ○ Without VLANs each port would need to be a different LAN when connecting between switches and thus highly inefficient ● 802.1Q ○ New 4-byte VLAN tag is inserted into original Ethernet frame header ○ Fields ■ Type - 0x8100 for Ethernet ■ User priority - QoS value ■ Canonical Format Identifier (CFI) - 1-bit for Token Ring over Ethernet ■ VLAN ID (VID) - 12-bits which identifies the VLAN number, 4096 VLAN IDs are supported ○ A new FCS is created after 802.1Q information is inserted

Creating VLANs ● Standard Range VLANs are numbered from 1 to 1005 ○ 1002 to 1005 reserved for Token Ring and FDDI ○ VLAN 1 and 1002 to 1005 are automatically created ○ VLANs are in vlan.dat on the flash memory card ■ Must be manually deleted when resetting device to factory defaults ● Extended Range VLANs are numbered from 1006 to 4094 ○ Not written to vlan.dat ○ Not learned through VTP ● VLAN Trunking Protocol (VTP) helps with VLAN management ○ Cisco proprietary ○ GARP VLAN Registration Protocol (GVRP) is the standard alternative for other brands ● vlan ○ name ● interface f0/1 ○ switchport mode access ○ switchport access vlan ● Deleting VLANs ○ no vlan ● show vlan brief ● show interfaces vlan

Andrew Crouthamel

Cisco CCNA Training Notes

46

VLAN Trunks ● VLAN Trunks allow multiple VLANs on one link ○ Otherwise each VLAN would need a separate physical link for uplinks ● interface f0/1 ○ switchport mode trunk ○ switchport trunk native vlan 99 ● show interfaces f0/1 switchport ● Dynamic Trunking Protocol (DTP) ○ Allows nodes to negotiate trunk status ○ Cisco proprietary ○ Considered insecure ○ Auto ■ switchport mode dynamic auto ■ Allows interface to become a trunk ■ Neighbor must be in desirable or trunk mode ■ Considered the passive mode ■ Default mode for all interface ○ Desirable ■ switchport mode dynamic desirable ■ Interface actively tries to become a trunk ■ Neighbor must be in desirable, auto, or trunk mode ■ Considered the active mode ■ Default mode on old devices ○ switchport nonegotiate ■ Prevents interface from using DTP ○ show dtp interface ● Show commands ○ show interfaces trunk

VLAN Security ● Attackers can spoof being a switch and turn their link into a trunk if it is configured for Auto mode ○ Allows them to access other VLANs ● Double-tagging ○ Injecting a frame with two VLAN tags ○ Outer tag is same as native VLAN, inner is is victim VLAN ○ Switch reads native VLAN, sends it out to other switches ○ Second switch reads victim VLAN and floods it to destination

Andrew Crouthamel

Cisco CCNA Training Notes

47

● Best to separate management from user traffic ○ Use a separate, unique management VLAN ● Change the native VLAN to something other than the default, 1 ● Do not use DTP, set all ports to access or trunk mode ● Define which VLANs are allowed on the trunk ○ switchport trunk allowed vlan ● Define which VLANs are to be pruned via VTP

Layer 3 Switching ● Switches operate at Layer 2 ● Layer 3 switching is another term for routing essentially, but very quickly at wire speeds ● Preferred method for traversing VLANs in networks ○ Dedicated routers are now mostly just for WAN links and specialized connections ● Cisco switches use Cisco Express Forwarding (CEF) ● Layer 3 interfaces ○ Switch Virtual Interface (SVI) - For VLANs ○ Routed Port - Physical port configured as a router port ○ Layer 3 EtherChannel - Several ports acting as one ● Configuration ○ Create a port dedicated to a single subnet ■ interface f0/1 ■ no switchport ■ ip address 192.168.10.1 255.255.255.0 ■ no shutdown ○ Create a VLAN interface ■ interface vlan 10 ■ ip address 192.168.10.1 255.255.255.0 ■ no shutdown

Routing Basics ● Routing is a process that determines the best path for traffic to take from one network to another ● Allows communication between buildings, across great distances, between VLANs, etc. ● Routers are similar to computers, they have similar hardware, just specialized on function ● Default gateways are used on nodes to offer a destination for unknown packets ○ Without default gateways each node would need to know the destination for everything ● Nodes can be configured with an IP either statically or dynamically

Andrew Crouthamel

Cisco CCNA Training Notes

48

● Routers work by reading the destination IP address of a packet and referencing the routing table, sending the packet to the destination interface ● Steps ○ PC puts source and destination IP into packet header ○ PC looks in ARP cache for MAC of L2 destination ○ PC does an ARP request if not there ○ PC puts source and destination MAC into frame header ○ PC sends to router ○ Router reads destination MAC, matches it to the interface ○ Router reads destination IP address ○ Router looks in route table for a match ○ Router checks ARP cache for MAC of next hop destination ○ Router performs an ARP request if not in ARP cache ○ Router rebuilds frame header ○ Router sends to next hop ● Router makes decisions based on best path ○ Directly connected networks first ○ Remote networks second ○ Default gateway last ○ Dynamic routing protocols are also prioritized based on trust ■ EIGRP ■ OSPF ■ RIP ● Two paths to same network can be load balanced if cost is the same ● Multiple dynamic routing protocols can be configured and in use, different protocols have different Administrative Distances (AD), lower is better ○ Directly connected is 0 ○ Static route is 1 ○ EIGRP is 90 ○ OSPF is 110 ○ RIP is 120 ● Route table contains entries of ○ Directly connected networks ○ Remote networks ■ Static route ■ Dynamic route ● Route table entries ○ Route source ○ Destination network ○ Administrative distance ○ Metric ○ Next-hop ○ Route timestamp

Andrew Crouthamel

Cisco CCNA Training Notes

49

○ Outgoing interface ● Directly connected interfaces must be no shutdown to show

Routing Table Basics ● Route table sections ○ Route source - Uses letters to designate where it was learned from ○ Destination network ○ Administrative distance ○ Metric ○ Next hop ○ Route timestamp ○ Outgoing interface ● Kinds of routes ○ Ultimate route - Contains a next-hop IP or exit interface ○ Level 1 route - Equal or less than the classful mask of the network ○ Level 1 parent route - Subnetted level 1 route, heading entry for smaller subnets ○ Level 2 child routes - Subnet of a classful network address ● When searching for a route, matches from top down and stops at the first match ○ If it matches a level 1 ultimate route, traffic is forwarded ○ If it matches a level 1 parent route, it searches the level 2 child routes and traffic is forwarded on a subsequent match ○ If it matches a level 1 parent route but not a level 2 child route, traffic is dropped ○ If it matches nothing in the route table, traffic is dropped

Router-on-a-stick Configuration ● On the switch create a trunk interface ○ int fa0/1 ○ switchport mode trunk ○ switchport trunk native vlan 99 ● On the router create subinterfaces on the same trunk interface with the respective subnets for the associated VLAN it will route ○ Match the subinterface number with the VLAN number to make life easy ○ int fa0/0 ○ no shut ○ int fa0/0.2 ○ encap dot1q 2 ○ ip address 192.168.2.1 255.255.255.0 ○ int fa0/0.3 ○ encap dot1q 3

Andrew Crouthamel

Cisco CCNA Training Notes

50

○ ip address 192.168.3.1 255.255.255.0 ○ int fa0/0.99 ○ encap dot1q 99 native ● Show commands ○ show interfaces f0/1 switchport ○ show interface ○ show ip interface ○ show run

Static Routing Basics ● Routers know of routes via static or dynamic routes ● Pros ○ Static routes are not advertised to other routes unless specifically configured to do so ○ Static routes are more secure due to administrator intervention needed to input them ● Cons ○ Static routes are difficult to manage due to the mentioned administrator intervention ○ Failover abilities are limited ○ Does not scale well with large networks ○ Human error causes many issues ● Types of static routes ○ Standard ■ Normal static route used for subnets ○ Default ■ Matches all packets (0.0.0.0/0) ■ Also known as Gateway of Last Resort ○ Summary ■ Can be used to match multiple subnets if networks are contiguous and use the same next hop ○ Floating ■ A route with a higher administrative distance than the normal route ■ Takes over for the “more trusted” route with a lower AD if the link fails ■ Manual method of failover routes

Static Routing Configuration ● ip route ● ip route 192.168.10.0 255.255.255.0 172.16.0.1 f0/1

Andrew Crouthamel

Cisco CCNA Training Notes

51

● Exit interface may be used exclusively on point to point connections ● On multiple access networks such as Ethernet, next hop IP is required and exit interface is not required ○ Providing the exit interface is recommended for performance ○ A router must do an additional lookup to determine the exit interface if not provided ● Default route is same as a standard route but with 0.0.0.0 as the destination ● ip route 0.0.0.0 0.0.0.0 172.16.0.1 f0/1 ● IPv6 equivalent of 0.0.0.0 is ::/0 ● Floating statics can be configured by appending a high AD value to the end of a static route ● Summary routes ○ Allows one route to match for multiple subnets that are contiguous ○ Often called supernetting ○ Summarizing steps ■ Write out the subnets in question in binary ■ Find the number of bits starting from the left side of each subnet that are the same for all subnets ■ This will be the new prefix or subnet mask ■ Perform the ANDing process of one network against the new prefix to determine the new network ID ■ Enter a static route for this new summary network ● Show commands ○ ping ○ traceroute ○ show ip route ○ show ip interface brief ○ show cdp neighbors detail ○ show run ○ Make sure interfaces are no shutdown

Dynamic Routing Protocols Basics ● Dynamic routing protocols have been around for many decades ● One of the first was Routing Information Protocol (RIP) which was still taught in CCNA up to the last revision ○ Dates back to 1980’s ○ RIPv1 was classful ○ RIPv2 was classless ● Other protocols have been developed to provide faster/better routing decisions and failover capabilities ○ Open Shortest Path First (OSPF) ○ Intermediate System-to-Intermediate System (IS-IS)

Andrew Crouthamel









Cisco CCNA Training Notes

52

○ Interior Gateway Routing Protocol (IGRP) - Cisco proprietary, deprecated ○ Enhanced IGRP (EIGRP) - Cisco proprietary Routing protocols provide ○ Discovery of networks ○ Automatic route updating ○ Best path determination ○ Failover and load balancing ○ Ease of administration for new networks or changes ○ Reduction of human error RIP operation steps ○ Upon boot router adds directly connected networks to route table ○ Sends an update out all configured interfaces with known connected networks in its route table ○ Receives an update from a neighbor router about other networks and adds that to the routing table with a metric of 1 ○ Repeats process between other routers during each periodic update, slowly converging their routing tables Routing protocols are in different classifications ○ Legacy ■ RIPv1 - Classful ■ IGRP - Classful ○ Distance Vector ■ Based on number of “hops” or routers, a network is away ■ Usually slower convergence ■ Sends periodic updates of entire route table ■ RIPv2 - Classless ■ EIGRP - Classless ○ Link-State ■ Gathers information on all connections in the network and builds an internal map. Also uses many variables such as link speed to help determine best path ■ Usually faster convergence ■ Sends up/down link updates only when changes occur ■ OSPF - Classless ■ IS-IS - Classless ○ Path-Vector ■ BGP - Classless Most are interior gateway protocols, BGP is the exception

Distance Vector Routing Protocols ● Distance vector protocols are not aware of the entire network topology like link-state

Andrew Crouthamel

● ● ● ● ●

● ●

Cisco CCNA Training Notes

53

protocols They share updates of their full routing tables to each other every so many seconds ○ RIP is 30 by default Older protocols such as RIPv1 broadcast the updates Newer protocols such as RIPv2 and EIGRP use multicast RIP uses the Bellman-Ford algorithm RIP includes the following features ○ Updates sent every 30 seconds to a multicast address (224.0.0.9) ○ Hop count is used as the metric for routes ○ Hop of 15 is the maximum, when packets exceed that they drop from the network to prevent looping floods IGRP and EIGRP use the Diffusing Update Algorithm (DUAL) EIGRP includes the following features ○ Bounded triggered updates ■ Does not send periodic updates like RIP, only when needed and only to the neighbors that need to know ○ Hello keepalive ○ Topology table ■ Saves backup paths for failures ○ Fast convergence ■ Due to topology table, backup routes are inserted immediately when needed ○ Layer 3 independence ■ Can support IPv4, IPv6, IPX, AppleTalk

RIP Configuration ● ● ● ● ● ●

Configuration is rather simple router rip version 2 - Always enable unless you’re in 1990 no auto-summary - Can often cause problems with mixed RFC 1918 networks network 192.168.10.0 - You define the local networks that are to be shared via RIP It is recommended for performance and security that passive-interface is used on interfaces that do not connect to a router ○ By default, RIP sends updates out all interfaces that have RIP enabled (via the network command) ● Default gateway information can be distributed with default-information originate

Open Shortest Path First (OSPF) ● Uses the Shortest Path First (SPF) algorithm

Andrew Crouthamel

● ● ● ● ● ●











Cisco CCNA Training Notes

54

Much more complex but more feature-rich Uses a calculation of link cost based on a variety of variables to determine best path Open standard from the IETF, dates back to the late 1980s OSPFv2 is used for IPv4, OSPFv3 is used for IPv6 Classless, efficient, fast, very scalable, supports security Databases ○ Adjacency database - Neighbors ○ Link-state database (LSB) - Topology table ○ Forwarding database - Populates routing table Packets ○ Hello - Establish and maintain adjacency with neighbor ■ Every 10 seconds usually, 30 on Frame Relay ■ Sent to 224.0.0.5 or FF02::5 multicast address ■ Includes a dead timer to remove neighbors after certain time if no hello packet is received ○ Database description - Contains short list of LSDB used for checking against local LSDB ○ Link-state request - Request more information on an entry ○ Link-state update - Reply to LSR and to announce new information ○ Link-state acknowledgement - Acknowledges an LSU Operation steps ○ Router learns about directly connected networks ○ Exchange hello packets with neighbors ○ Build a Link-State Packet (LSP) with information on each link ○ Flood the LSP to neighbors ○ Routers collect the LSPs from neighbors and construct a topology map ○ They then run their SPF algorithm and create an SPF Tree, which is used to populate the routing table Areas ○ Single-area - All routers are in one area and communicate to each other ○ Multiarea - Routers are in different Autonomous Systems (AS), only routers in one AS communicate to each other. Routers bordering the different AS offer connectivity between them States ○ Down ○ Init ○ Two-Way ○ ExStart ○ Exchange ○ Loading ○ Full Designated Routers (DR) and Backup Designated Routers (BDR) are used as central data repositories instead of having all routers share all data with each other and flood the

Andrew Crouthamel

Cisco CCNA Training Notes

55

network ○ Used on multi-access networks ○ Highest interface priority or highest router ID or IPv4 address wins ○ Election only occurs on initial network boot

OSPFv2 Single-Area Configuration ● router ospf ● Process ID is local to the router, can be any number from 1 to 65535. Usually 1 unless running multiple OSPFs to share between AS’ ● Router IDs uniquely identify an OSPF router and allow it to participate in Designated Router election ○ During initial boot of an OSPF network (if all routers turned on at once) highest ID becomes DR, second highest is BDR ○ router-id - Any 32 bit number written as an IPv4 address ○ If no router-id is specified, highest IPv4 address of any loopbacks is chosen ○ If no loopbacks are present, highest IPv4 address of any interface ○ See comment earlier about using loopbacks for management access, it is also highly useful for this purpose ● Within the ospf configuration prompt use a similar command as RIP and EIGRP to define networks to share ○ network 192.168.10.0 0.0.0.255 area 0 ○ Second IP is a wildcard mask, an “inverse” of the subnet mask, but can be configured in other ways to do more powerful matches ● passive-interface is also used as with RIP ● OSPF link cost is calculated by default with ○ Reference bandwidth / interface bandwidth ○ Reference bandwidth by default is 100,000,000 ○ 100,000,000 bps / interface bandwidth in bps ○ Due to the use of 100 Mbps as the reference, both 100 Mbps and 1 Gbps (as well as higher speeds) both have a cost of 1 ■ This is due to OSPF rounding up to the next integer of a calculated cost ○ Reference bandwidth can be changed with auto-cost reference-bandwidth 1000 to support 1 Gbps links for example, as the command value is expressed in Mbps ○ Interfaces have default bandwidth values, such as 1.544 Mbps for serial ■ This may not be optimal due to the many different bandwidth available, especially for WAN links ■ Make sure to set bandwidth values for all interfaces instead of using the defaults ○ You can also set the cost manually with ip ospf cost ● Change the OSPF priority

Andrew Crouthamel













Cisco CCNA Training Notes

56

○ ip ospf priority 255 Default static route ○ ip route 0.0.0.0 0.0.0.0 192.168.1.1 fa0/1 or ipv6 route ::/0 ○ default-information originate Modifying intervals ○ ip ospf hello-interval 5 ○ ip ospf dead-interval 10 Supports three types of authentication ○ Null - No password ○ Simple password - Plaintext password sent over the network ○ MD5 - Generates a hash that is sent ○ OSPFv3 does not have any authentication built-in, it relies on native IPv6 capabilities (IPsec) ■ ipv6 ospf authentication ipsec spi Configure MD5 Authentication ○ ip ospf message-digest-key 1 md5 MyPassword ○ area 0 authentication message-digest ○ Can also be applied in an interface instead of globally Show commands ○ show ip ospf neighbor ○ show ip protocols ○ show ip ospf ○ show ip ospf interface brief ○ show ip ospf interface ○ show ip route ospf ○ clear ip ospf 1 process ○ IPv6 commands essentially the same but have ipv6 in them OSPFv3 uses IPv6 Link-Local addresses ■ Best to manually configure so they are easier to remember ○ ipv6 router ospf 1 - Basically the same as IPv4 ○ Show commands are the same but with ipv6

OSPF Multi-Area Basics ● Previous examples have shown all routers in one area, a “Single-Area” OSPF instance ● Multi-Area help reduce processing and memory overhead for large environments with large routing tables ● Advantages ○ Smaller routing table ○ Less link-state update overhead (fewer LSA’s exchanged) ○ Lower frequency of SPF calculations ● Two areas

Andrew Crouthamel



● ● ●

Cisco CCNA Training Notes

57

○ Backbone (Transit) Area - Routers or switches involved in fast transit of IP packets from one place to the next, similar to the Distribution or Core layer for switch hierarchy ○ Regular (Non-backbone) Area - End users network, must talk to a Backbone area to get to other Regular areas Router types ○ Internal router - All interfaces in the same area ○ Backbone router - Usually area 0 ○ Area Border Router (ABR) - Connects to multiple areas ○ Autonomous System Boundary Router (ASBR) - Connects to an external network of some kind, a non-OSPF network LSAs act as database records and provide network details 11 types of LSAs, the first five are required for Multi-Area OSPF LSA Types ○ Type 1 ■ Router link entries ■ Flooded within the area they originated ○ Type 2 ■ Contains router ID and IP address of the DR and all routers on the segment ■ Created for every multiaccess network in the area ■ Flooded within the area they originated ○ Type 3 ■ Collective data from type 1 LSAs ■ Created for every network learned ■ Flooded from one area to another ■ Used to advertise networks from other areas ○ Type 4 ■ Generated by an ABR when an ASBR exists within an area ■ Advertises external networks into a routing domain ○ Type 5 ■ Describes routes to networks outside of the OSPF AS ■ Generated by the ASBR ■ Flooded to everyone in the AS

OSPF Multi-Area Configuration ● Demo of multiarea config ● Route summarization ○ Useful for limiting number of Type 3 LSAs flooded onto backbone, for example ○ What would be 50 Type 3 LSAs to be flooded for 50 networks, can be reduced to one or two advertisements to be flooded

Andrew Crouthamel

Cisco CCNA Training Notes

58

○ Can only be configured on ABRs or ASBRs ○ Either interarea or external route summarization ■ Interarea route summarization ● Occurs on ABRs ● Does not apply to external routes ● area 0 range 10.0.0.0 255.0.0.0 ■ External route summarization ● Occurs on ASBRs ● Does not apply to internal routes

EIGRP Basics ● Released in 1992 as a Cisco proprietary protocol ● Basic functionality has now been released as an IETF standard ● Uses Diffuse Update Algorithm (DUAL) ○ Guarantees loop-free and backup paths ○ Stores all backup paths ready to use ● Establishes neighbor adjacencies like OSPF ● Reliable Transport Protocol (RTP) used to deliver EIGRP packets ○ Unique to EIGRP ○ Offers reliable and unreliable transit ■ Cannot use UDP/TCP due to protocol independence ■ Update packet is sent reliably ■ Hello packet is sent unreliably ○ Unicast and Multicast ■ 224.0.0.10 ■ FF02::A ○ Updates ■ Does not send periodic updates ■ Partial - Link up or down ■ Bounded - Term for partial updates sent to only routers that need it ○ Load balancing ■ Equal or unequal cost ○ Can route many different protocols via Protocol-Dependent Modules (PDMs) ■ IPv4 ■ IPv6 ■ IPX ■ AppleTalk ○ Authentication supported ● Router ID ○ Used by both IPv4 and IPv6 ○ Used for identification of originating router during redistribution of external routes

Andrew Crouthamel











Cisco CCNA Training Notes

59

○ Uses defined router-id, highest loopback, or highest interface as Router ID Hello packets ○ Unreliable delivery ○ Multicast Update packets ○ Reliable delivery ○ Unicast or multicast Acknowledgment packets ○ Unreliable delivery ○ Unicast Query packets ○ Reliable delivery ○ Unicast or multicast Reply packets ○ Reliable delivery ○ Unicast

EIGRP Configuration ● IPv4 ○ router eigrp 1 ○ eigrp router-id 10.0.0.1 ○ network 192.168.1.0 0.0.0.255 - Can omit the wildcard mask, but then uses classful address, I prefer being specific ○ passive-interface fa0/1 - Same as other protocols, prevent EIGRP from sending packets out interfaces where no routers are ○ no auto-summary ○ show ip eigrp neighbors ○ show ip protocols ○ show ip route ● IPv6 ○ ipv6 unicast-routing ○ int fa0/1 ○ ipv6 address FE80::1 link-local ○ ipv6 router eigrp 1 ○ eigrp router-id 10.0.0.1 ○ passive-interface fa0/5 ○ show ipv6 eigrp neighbors ○ show ipv6 protocols ○ show ipv6 route ● Default routes ○ redistribute static

Andrew Crouthamel

Cisco CCNA Training Notes

60

● Show commands ○ IPv4 ■ show ip eigrp neighbors ■ show ip route ■ show ip protocols ■ show ip interface brief ■ show ip eigrp interfaces ○ IPv6 ■ show ipv6 eigrp neighbors ■ show ipv6 route ■ show ipv6 protocols ■ show ipv6 interface brief ■ show ipv6 eigrp interfaces

EIGRP Metrics and DUAL ● Bandwidth ○ Default ○ Kilobits per second ○ Set your bandwidth values on your interfaces! Don’t let it use the defaults! ■ conf t ■ int fa0/1 ■ bandwidth 1536 ○ Uses slowest bandwidth in a path ○ Takes 10,000,000 and divides by lowest interface bandwidth, rounded down ● Delay ○ Default ○ Microseconds ○ Sum of all delays in a path ○ Divides sum of all delays by 10 ● Reliability ○ Optional ○ Not recommended due to frequent topology changes ○ Fraction of 255 (255/255 is 100% reliability) ● Load ○ Optional ○ Not recommended due to frequent topology changes ○ Fraction of 255 (255/255 is full saturation) ● Metrics are K1 to K5, K1 and K3 represent bandwidth and delay, K2 represents load, and K4 and K5 represent reliability ○ 1 = on, 0 = off ○ K1 and K3 are set to 1, K2, K4 and K5 are set to 0

Andrew Crouthamel

Cisco CCNA Training Notes

61

● show ip protocols - Shows k values ● Configuration ○ config t ○ router eigrp 1 ○ metric weights tos k1 k2 k3 k4 k5 ● show interfaces - Shows metric values of an interface ● DUAL ○ Diffusing Update Algorithm (DUAL) determines the best loop-free path and backup paths ○ Terms ■ Successor ● Neighboring router that is used for forwarding packets ■ Feasible Successor (FS) ● Neighboring router that has a loop-free backup path to the same network as the Successor and satisfies the Feasibility Condition (FC) ■ Feasible Distance (FD) ● The lowest calculated metric to reach the destination network ■ Reported Distance (RD) or Advertised Distance (AD) ● The total metric to a destination network ■ Feasible Condition or Feasibility Condition (FC) ● Condition is met when a neighbors Reported Distance (RD) to a network is less than the local routers feasible distance ○ Decision process is done by the DUAL Finite State MAchine (FSM) ○ show ip eigrp topology ○ show ip eigrp topology all-links

EIGRP Tuning and Security ● Tuning ○ EIGRP only uses 50 percent of a link's bandwidth for EIGRP packets ○ int fa0/1 ○ ip bandwidth-percent eigrp 1 75 ○ ipv6 bandwidth-percent eigrp 1 75 ○ ip hello-interval eigrp 1 2 ○ ip hold-time eigrp 1 65535 ○ ipv6 hello-interval eigrp 1 2 ○ ipv6 hold-time eigrp 1 65535 ○ Change number of load balancing paths used ■ router eigrp 1 ■ maximum-paths 4 ● Security

Andrew Crouthamel

○ ○ ○ ○ ○ ○ ○ ○ ○ ○

Cisco CCNA Training Notes

62

Uses MD5 authentication to ensure routing information is correct conf t key chain MyKeys key 0 key-string MyPassword int fa0/1 ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 MyKeys ipv6 authentication mode eigrp 1 md5 ipv6 authentication key-chain eigrp 1 MyKeys

Access Control Lists (ACLs) ● ● ● ● ●

● ● ● ●



● ● ● ● ●



Similar idea to a “firewall rule” Restricts access in a variety of ways, depending on type of ACL Can be implemented on routers or Layer 3 switches Improves security by assisting in restricting traffic in addition to VLAN segmentation Uses rules to inspect TCP/UDP traffic and act upon what it finds in the header ○ Usually source and/or destination IP and/or port ○ Fancier devices can do Layer 7 inspection now Can be applied to inbound or outbound traffic on every interface Always have an implied “deny any” at the end of the list Matches first entry Types ○ Standard - Only looks at source IP ○ Extended - Looks at source and/or destination IP, source and/or destination port, protocol type, additional options Both Standard and Extended can use either name or number to identify them ○ For numbers, usually use ○ Standard - 1–99 and 1300–1999 ○ Extended - 100–199 and 2000–2699 Place standard ACLs nearest the destination you want to control Place extended ACLs nearest the source you want to control Entries in an ACL are called Access Control Entries (ACE) ACEs use wildcard masks like OSPF, except IPv6 which uses prefix-length Wildcard masks ○ 0 bit - Match the bit value in the address ○ 1 bit - Ignore the bit value in the address ○ host can be used instead of 0.0.0.0 ○ any can be used instead of 255.255.255.255 To improve performance, keep ACEs as minimal as possible, try to match as much as possible with one entry

Andrew Crouthamel

● IPv6 ○ ○ ○ ○ ○

Cisco CCNA Training Notes

63

Named ACLs only, same as IPv4 Extended ACL No wildcard masks, only prefix ipv6 traffic-filter - Command used to apply to an interface ipv6 access-list myaclname show ipv6 interface

Standard IPv4 ACL Configuration ● Creating a numbered Standard ACL ○ access-list 1 deny 192.168.1.100 ○ access-list 1 permit 192.168.1.0 0.0.0.255 ● Applying to an interface ○ interface fa0/1 ○ ip access-group 1 out ● Creating a named Standard ACL ○ ip access-list standard myaclname ● Comments ○ access-list 1 remark some comments about the acl ○ Allows easy identification ● ACLs can be edited by copy/paste into a text editor, or sequence numbers for Named ACLs ○ show access-lists 1 ○ ip access-lists standard ○ no 10 ○ 10 deny host 192.168.1.100 ● show ip interface ● show access-lists

Extended IPv4 ACL Configuration ● Creating a numbered Extended ACL ○ access-list 100 deny tcp 192.168.1.100 0.0.0.0 any eq 80 ○ access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80 ● Applying to an interface ○ interface fa0/1 ○ ip access-group 100 out ● Creating a named Extended ACL ○ ip access-list extended myaclname ● Comments ○ access-list 100 remark some comments about the acl

Andrew Crouthamel

Cisco CCNA Training Notes

64

○ Allows easy identification ● ACLs can be edited by copy/paste into a text editor, or sequence numbers for Named ACLs ○ show access-lists 100 ○ ip access-lists extended ○ no 10 ○ 10 deny host tcp 192.168.1.100 any eq 80 ● show ip interface ● show access-lists

Dynamic Host Configuration Protocol (DHCP) ● Dynamic Host Configuration Protocol (DHCP) ● Assigns IP addresses and other IP options automatically to nodes ● Allocation methods ○ Manual - “Reservations”, only one specific IP is given to the client ○ Automatic - Permanently assigns an IP to a client from a pool ○ Dynamic - Assigns or “leases” an IP to a client for a period of time ■ The most common method ● DHCP Steps ○ DHCPDISCOVER - Client broadcasts for a DHCP server ○ DHCPOFFER - DHCP server responds with an IP to the client ○ DHCPREQUEST - Client acknowledges receipt and repeats IP to server, also used for renewals ■ Renewals happen at half the lease expiration timeframe ○ DHCPACK - Server acknowledges receipt and repeats IP to client ● DHCPv6 specifics ○ Stateless Address Autoconfiguration (SLAAC) or DHCP ○ SLAAC can allow a client to get an IP without a DHCP server ○ Operation ■ Client sends Router Solicitation (RS) to router ■ Router sends Router Advertisement (RA) with prefix to client ■ Client creates its own IPv6 address with that basic information ● Either with EUI-64 or randomly generated

DHCP Configuration ● Most other networking products have you define a range to use for the IP pool, Cisco has you define exclusions first, then it uses the rest of the subnet ● First exclude addresses and ranges you do not want in the pool ● Next configure your pool

Andrew Crouthamel

● ● ● ● ● ● ● ● ● ● ● ●

Cisco CCNA Training Notes

65

Last add DHCP options to the pool ip dhcp pool mypoolname network 192.168.1.0 255.255.255.0 default router 192.168.1.1 dns-server 192.168.1.1 domain-name mydomain.com show run | section dhcp show ip dhcp binding show ip dhcp server statistics ip helper-address - Send DHCP requests to a different server not on the subnet ip address dhcp - Make interface a DHCP client on the router or switch Show commands ○ show ip dhcp conflict ○ show interface ○ show ip interface ○ show run

Network Address Translation (NAT) ● Network Address Translation (NAT) helps solve the issue with IPv4 address exhaustion ○ Before RFC 1918, everyone used “public” addresses ○ It was determined in the 1990’s that we would soon run out of IPv4 addresses, which has now happened ○ NAT provides several “private” ranges of IP addresses that can only be used internally ○ Traffic is then translated to a”public” IP when accessing the internet ○ This also provides for some minimal security in that your internal addresses are hidden and non routable on the internet ● Types of addresses ○ Inside local - Internal address of the client being translated ○ Inside global - The address of the destination ○ Outside local - The address of the destination as seen from the inside network ○ Outside global - The address of the destination as seen from the outside network ● Types of NAT ○ Static - One-to-one translation, common for servers accessing the Internet ○ Dynamic - Many-to-many or many-to-one translation, common for DHCP clients accessing the Internet ○ Port Address Translation (PAT) - Also known as NAT overloading, this translates the port when a port is already in use, commonly used with Dynamic NAT for DHCP clients ● IPv6 ○ You would think that with 340 trillion trillion trillion addresses, IPv6 wouldn’t need

Andrew Crouthamel

Cisco CCNA Training Notes

66

NAT, but it does have an implementation of it ■ 340,000,000,000,000,000,000,000,000,000,000,000,000 ■ Originally it was supposed to not have any NAT, but added later ○ Unique Local Addresses (ULA) ■ RFC 4193 ■ Meant to provide local-only communications, but not to solve any IP address space issues ■ FC00::/7 ■ Known as “local IPv6 addresses” NOT “IPv6 link-local addresses” ● Can’t wait to start having those troubleshooting conversations, do you? ■ Non routable on the Internet ○ NAT64 allows for IPv6 devices to talk to IPv4 devices via NAT ■ Beyond scope of CCNA

NAT Configuration ● Static NAT ○ static (inside,outside) 4.2.2.2 192.168.1.99 netmask 255.255.255.255 ○ show ip nat translations ○ show ip nat statistics ○ clear ip nat statistics ● Dynamic NAT ○ int fa0/0 ○ ip nat inside ○ int fa0/1 ○ ip nat outside ○ ip nat pool mypoolname 192.168.1.10 192.168.1.254 netmask 255.255.255.0 ○ access-list 1 permit 192.168.1.0 0.0.0.255 ○ ip nat inside source list 1 pool mypoolname ○ show ip nat translations ○ show ip nat statistics ○ clear ip nat statistics ○ clear ip nat translation * ● PAT ○ ip nat pool mypoolname 192.168.1.10 192.168.1.254 netmask 255.255.255.0 ○ access-list 1 permit 192.168.1.0 0.0.0.255 ○ ip nat inside source list 1 pool mypoolname overload ○ show ip nat translations ○ show ip nat statistics ○ clear ip nat statistics ○ clear ip nat translation *

Andrew Crouthamel

Cisco CCNA Training Notes

67

● Port Forwarding ○ Allows access to your internal network (or hopefully DMZ) from the public internet or other untrusted network via one or more ports. ■ Public address is translated via a static NAT to internal address, for only one or more define ports ○ Inside interface for LAN needs ■ ip nat inside ○ Outside interface for WAN needs ■ ip nat outside ○ You can also change the port from inside to outside ■ Useful for when running multiple similar servers off one IP, such as webservers ○ ip nat inside source static tcp 192.168.1.99 1234 4.2.2.2 4321 ● Show commands ○ show ip nat translations ○ show ip nat statistics ○ clear and debug ○ debug ip nat detailed

Spanning Tree Protocol (STP) ● Building a network that is fault tolerant and redundant causes other problems ● Redundant links cause loops in the network ○ Ethernet has no TTL field like IP, frames loop forever causing processing and sometimes bandwidth to overload ○ Can also cause broadcast storms, quickly taking down a network ○ Can also receive duplicate unicast frames at a device ● Spanning Tree Protocol and other protocols have been developed to combat this issue ● Spanning Tree works by negotiating a port to “disable” (blocking) if a loop is detected ○ This disability is temporary and can be lifted if the primary link fails ● There are actually multiple versions of STP such as MSTP, RSTP, etc. ● Root and backup root bridges are elected upon initial boot of the network ○ STP enabled switches exchange STP BPDU’s ○ Root bridge has the lowest Bridge ID, backup root is second lowest Bridge ID ○ Bridge ID is determined by priority value, lowest MAC, and extended system ID of switch ● Then Spanning Tree Algorithm on each non-root switch calculates shortest path to the root ○ All roads lead to root ○ STA considers both path and port costs (speed) ○ Lowest calculated path cost wins ○ Ports are then assigned roles

Andrew Crouthamel

Cisco CCNA Training Notes

68

■ Root - Closest to the root bridge ■ Designated - All non-root ports. The root bridge has all designated ports ■ Alternate and backup - Ports that are put in blocking mode to prevent a loop. Only one end of a link is blocked ■ Disabled - Port is shut down ● Port costs ○ 10 Gbps = 2 ○ 1 Gbps = 4 ○ 100 Mbps = 19 ○ 10 Mbps = 100 ○ Can override port costs with spanning-tree cost # on an interface ● Path cost ○ Sum of all port costs from switch to root bridge ○ Lowest path is preferred and becomes root port ● Re-election ○ All switches assume they are root bridge upon boot ○ Switches continually send BPDU’s every 2 seconds ○ If a switch with a lower MAC is inserted into a network it can cause a reconfiguration and may cause some dropped frames as links are changed ● Forcing a root bridge ○ Default is Bridge Priority is 32768 ○ Set Bridge Priority to 0 ● Extended System ID ○ Used for VLAN information ○ Can have a different root bridge for each VLAN ● Spanning Tree Flavors ○ STP ■ Original version, does not support VLAN instances ■ Replaced with RSTP ■ Very slow response to an failure, 30-50 seconds ○ PVST+ ■ Cisco proprietary, adds VLAN instance capabilities to STP ■ Supports PortFast, UplinkFast, BackboneFast, BPDU Guard, BPDU Filter, Root Guard, Loop Guard ○ 802.1D-2004 ■ Update of STP, includes 802.1w ○ Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w) ■ Improvement over STP to provide faster convergence ■ Replaced STP ■ Preferred standard protocol ■ Uses Edge Ports to designate ports that will never be connected to other switches (access ports) ● Same as PortFast

Andrew Crouthamel

Cisco CCNA Training Notes

69

● Immediately transition to forwarding state ■ Link Types ● Point-to-Point ○ Direct connection to another switch, full duplex ● Shared ○ Connection to a hub, half duplex ○ Rapid PVST+ ■ Cisco proprietary, adds VLAN instance capabilities to RSTP ■ Supports PortFast, BPDU Guard, BPDU Filter, Root Guard, Loop Guard ■ Preferred Cisco proprietary protocol ○ Multiple Spanning Tree Protocol (MSTP) ■ IEEE standard based on Cisco proprietary MISTP ■ Multiple VLANs on one STP instance ■ Supports PortFast, BPDU Guard, BPDU Filter, Root Guard, Loop Guard ○ Common port states ■ Blocking - Starts out blocked ■ Listening - Listens for the path to root ■ Learning - Learns MAC addresses to start frame forwarding ■ Forwarding - Normal operation ■ Disabled - Administratively disabled, shut down

Spanning Tree Configuration ● spanning-tree vlan 1 ● Changing Bridge ID ○ spanning-tree vlan 1 root primary ○ spanning-tree vlan 1 root secondary ○ spanning-tree vlan 1 priority 24576 ○ spanning-tree vlan 1 priority 24576 ● PortFast ○ Transitions port to forwarding immediately, same as an RSTP Edge Port ○ Used for access ports that do not connect to switches ○ spanning-tree portfast - Interface config option ○ spanning-tree portfast default - Global config option, enables on all ports that are not trunks ● BPDU Guard ○ spanning-tree bpduguard enable - Interface config option ○ spanning-tree bpduguard default - Global config option, enables on all ports that are not trunks ● Show commands ○ show spanning-tree active ○ show spanning-tree

Andrew Crouthamel

Cisco CCNA Training Notes

70

● Rapid PVST+ ○ spanning-tree mode rapid-pvst ● Show commands ○ show cdp neighbors ○ show spanning-tree ○ show spanning-tree vlan 1

Redundancy Protocols ● End devices cannot be configured with more than one default gateway ● When that gateway fails, connectivity is lost ● STP helps deal with switching failures, but if the router handling IP traffic for a subnet fails, connectivity still is lost ● Solution is to have hot standby devices that automatically take over for a failed device ● Variety of hardware redundancy protocols ○ Hot Standby Router Protocol (HSRP) ■ Cisco proprietary, allows for an active/backup designation ○ HSRP for IPv6 ■ Cisco proprietary for IPv6, allows for an active/backup designation ○ Virtual Router Redundancy Protocol version 2 (VRRPv2) ■ Standard protocol that offers similar functionality to HSRP ○ VRRPv3 ■ Same as VRRPv2 but provides IPV6 as well as IPv4, supported by multiple vendors and is more scalable than VRRPv2 ○ Gateway Load Balancing Protocol (GLBP) ■ Cisco proprietary, allows for active/backup and load balancing ○ GLBP for IPv6 ■ Cisco proprietary for IPv6, allows for an active/backup designation and load balancing ○ ICMP Router Discovery Protocol (IRDP) ■ RFC 1256, legacy protocol ● show standby - Show HSRP state ● show glbp - Show GLBP state

Link Aggregation Basics ● Faster speed requirements traditionally were met with increased port speed and cable specifications ● While still true, costs may be reduced by using link aggregation ● Link aggregation provides the ability to “bundle” ports together into groups (Link Aggregation Group, LAG) and add their bandwidth together essentially

Andrew Crouthamel















Cisco CCNA Training Notes

71

○ Also provides failover capability within the bundled link ■ If one link in a group fails, the rest will still work ○ Overrides STP blocking the duplicate links but still ensure compatibility Link aggregation options ○ Link Aggregation Control Protocol (LACP) ■ IEEE standard 802.1ax, previous version 802.1ad ○ EtherChannel (Port Aggregation Protocol, PAgP) ■ Cisco proprietary Can use between switches, or from switch to server ○ Many server NIC drivers allow for “NIC teaming” if there are multiple ports, which allows for LAG configuration to communicate with a defined LAG on a switch EtherChannel details ○ Provides full-duplex connectivity with up to 8 ports in a group ■ 800 Mbps with Fast Ethernet, 8 Gbps with Gigabit ○ Up to six EtherChannel groups ○ Packets are sent between EtherChannel ports to negotiate ■ Sent every 30 seconds ○ Ports must be configured with same speed, duplex, and VLAN settings ○ Modes ■ Similar to trunking modes (trunk, desirable, auto) ■ On - Forces channel, no PAgP packets used ■ PAgP desirable - Active sending of PAgP packets to negotiate a channel ■ PAgP auto - Passive receiving of PAgP packets to negotiate a channel LACP details ○ Modes ■ Similar to trunking modes (trunk, desirable, auto) ■ On - Forces channel, no LACP packets used ■ LACP active - Active sending of LACP packets to negotiate a channel ■ LACP passive - Passive receiving of LACP packets to negotiate a channel EtherChannel Configuration ○ interface range fa0/1-2 ○ channel-group 1 mode on LACP Configuration ○ interface range fa0/1-2 ○ channel-group 1 mode active show etherchannel

Wireless Basics and Security ● Devices needed ○ Wireless NIC ○ Wireless router (common for home use)

Andrew Crouthamel

Cisco CCNA Training Notes

72

○ Wireless Access Point (WAP), common for business use ■ Autonomous APs ● Individual APs that are configured independently ● Common for homes and small offices ■ Controller APs ● Require either a server (controller) to configure and operate, or communicate between themselves to select an AP to be the controller, or act as a “hive mind” ● Common for larger businesses and offices ○ Many business that sell AP solutions, Cisco/Meraki, Aruba, Aerohive, Netgear, SonicWALL, etc. ○ Antennas ■ Omnidirectional ● Standard “rubber duck” antenna most commercial products use ■ Directional ● Communicates in one direction, usually looks like a dish of some kind ■ Yagi ● Looks like an old TV antenna, a pseudo-triangle that points in one direction, used for long distances ● Modes ○ Ad hoc - When two devices connect directly (laptop to laptop for example) ○ Infrastructure - When devices connect to an AP ■ Basic Service Set (BSS) ● A single AP connecting all clients ● Common in homes and small offices ■ Extended Service Set (ESS) ● Multiple APs connecting clients ○ APs broadcast one or more Service Set Identification (SSID) ○ AP signal coverage overlaps to provide good quality coverage ○ APs use different channels to avoid data collisions ● Common in larger businesses and offices ● Header ○ Frame Control ■ Type of wireless frame, protocol version, power, security, etc. ○ Duration ■ The remaining duration needed to receive next frame ○ Address1 ■ MAC of receiving device ○ Address2 ■ MAC of transmitting device

Andrew Crouthamel











Cisco CCNA Training Notes

73

○ Address3 ■ Optional MAC of destination such as default gateway ○ Sequence Control ■ Sequence number and fragment number ○ Address4 ■ Only used in ad hoc mode ○ Payload ■ Data from application ○ FCS ■ CRC for Layer 2 error detection Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) ○ Similar to CSMA/CD but without collision detection since that is unreliable in wireless ○ Wifi is half-duplex Management frames ○ Used to connect to an AP ■ Discover ■ Authenticate ■ Associate ○ Association parameters ■ SSID - Network name ■ Password ■ Network mode - 802.11a/b/g/n/ac/ad ■ Security mode - WEP, WPA, WPA2 ■ Channel settings - 11 in North America, 13 in Europe Discovering a network ○ Passive client - AP sends out SSID beacon, network shows on client for selection ○ Active client - AP does not send out SSID, client must be configured with connection settings Security modes ○ Open - Anyone can connect ○ Shared key - Client must have the secret key ○ 802.1X - Username and password authentication checked against a local or remote server database, often used in large businesses Channel management methods ○ Direct-sequence spread spectrum (DSSS) ■ Spreads a signal over a larger frequency band reducing interference ■ A signal is multiplied by a known code, the receiver knows of the same code and can reconstruct the signal ■ Used by 802.11b, cordless phones, CDMA cellular, GPS ○ Frequency-hopping spread spectrum (FHSS) ■ Similar to DSSS but rapidly changes frequency channels ■ Receiving node must know which channel to listen on

Andrew Crouthamel





● ●



Cisco CCNA Training Notes

74

■ Used by walkie-talkies and 900 MHz cordless phones, Bluetooth ○ Orthogonal frequency-division multiplexing (OFDM) ■ Creates subchannels that are orthogonal to each other to allow overlapping ■ Very efficient at channel usage ■ Used by 802.11a/g/n/ac Channel selection ○ 1, 6, 11 are non-overlapping and good choices ○ Check nearby channel use though ○ Sometimes better to use 3 and 8 or similar ones “in-between” the main channels most people use ○ 802.11n can use channel bonding to turn two 20 MHz channels into one 40 MHz channel DoS attacks ○ Spoofed disconnect - Attacker sends “disassociate” commands to all clients, clients reconnect causing a lot of traffic ○ CTS flood - Attacker floods Clear to Send (CTS) frames to a bogus STA, clients wait until attacker stops sending CTS frames Rogue Access Points ○ Issue in offices, if someone brings in a home router and connects it at their desk Original mitigation techniques ○ SSID cloaking - Disable the SSID beacon, clients can still try to guess the connection ○ MAC address filtering - ACL of MAC addresses allowed on wireless network Authentication methods ○ Wired Equivalent Privacy (WEP) ■ Original 802.11 specification ■ Uses RC4 encryption ■ Can now be hacked within 5 minutes ○ Wi-Fi Protected Access (WPA) ■ Wi-Fi Alliance standard, uses WEP but with Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES) to encrypt data better ○ IEEE 802.11i/WPA2 ■ Wi-Fi Alliance calls it WPA2 ■ Uses AES for encryption ■ Suggested setting

IOS Naming Scheme ● Software release families share code and apply to certain hardware ● Software releases within a family include 12.3, 12.4, 15.0, 15.1

Andrew Crouthamel

Cisco CCNA Training Notes

75

● Bug fixes and feature additions to software releases are called IOS trains ● Software families may have two or more trains ● For example, 12.4 has two trains ○ Mainline - Always associated with a technology train (T) ○ Technology - Receives bug fixes from mainline as well as new features ○ 12.4 and 12.4T ● Number is composed of ○ Train number ○ Maintenance number ○ Rebuild number ○ 12.4(21a) ● Pre-v15 packages ○ IP Base - Entry-level package ○ IP Voice - VoIP features ○ Advanced Security - VPN features such as IPsec, firewall, IDS/IPS ○ Service Provider (SP) - SSH/SSL, ATM, MPLS, etc. ○ Enterprise Base - Appletalk, IPX, etc. ● 15.0 was released after 12.4 ○ Improved features and hardware support ○ Consolidated features ○ Simplified numbering system ● 15.0 now has new release system ○ New releases, T trains available 2 or 3 times per year ○ Extended Maintenance (EM) releases every 16 to 20 months ○ EM releases include all features and fixes of T releases ○ EM for long term maintenance schedules, T for standard maintenance schedules ● Parts of a 12.4 image name ○ Image Name ○ Feature set ○ Run location and compression ○ Train number, maintenance release number, train identifier ○ File extension ● Parts of a 15.0 image name ○ Image Name ○ Image Designation ○ Run location and compression ○ Cisco signature ○ Major release, minor release, maintenance release, rebuild numbers ○ File extension

IOS Licensing

Andrew Crouthamel

Cisco CCNA Training Notes

76

● With 15.0 feature sets are now included and unlocked with a license key ● Steps ○ Purchase license from Cisco ○ Use Cisco License Manager (CLM) or the Cisco License Registration Portal to retrieve the license file ○ Apply to router with license install Location ● show version ● show license ● Evaluation license process ○ conf t ○ license accept end user agreement ○ license boot module ModuleName technology-package PackageName ○ reload ● Backup a license ○ license save flash0: ● Uninstall a license ○ license boot module ModuleName technology-package PackageName disable ○ reload ○ license clear FeatureName ○ no license boot module ModuleName technology-package PackageName disable

WAN Basics ● WANs are owned by service providers, organizations lease a connection ● Needed to interconnect LANs ○ Can also use the public internet with a VPN tunnel ● WANs operate on layer 1 and 2 ○ Common now to get a “Metro Ethernet” connection that integrates easily with your network ● Terms ○ Customer Premises Equipment (CPE) ■ Subscriber owns equipment or leases from provider ○ Data Communications Equipment (DCE) ■ Owned by the provider, often found in the demarc ■ Puts data on the local loop ○ Data Terminal Equipment (DTE) ■ Owned by the subscriber ■ Transfers data from LAN to DCE for transfer to the WAN ○ Demarcation Point ■ Often a common closet in a building where all phone and data

Andrew Crouthamel





● ●

Cisco CCNA Training Notes

77

terminations occur for providers ■ Spot where responsibility changes hands from provider to subscriber ○ Local Loop ■ The cable that connects to the CO, often called the “last mile” ○ Central Office (CO) ■ Local service provider building that connects to the larger provider network ○ Toll network ■ All of the equipment, cabling, etc inside the providers network Equipment ○ Dialup modem ■ Legacy method, converts data into voice frequencies for transmission over phone lines ○ Access server ■ Concentrator for dialup connections ○ Broadband modem ■ Used with DSL, cable, or fiber Internet access ○ CSU/DSU ■ CSU offers termination for the digital signal ■ DSU converts the line frames into LAN frames ■ Often one device integrated into a router or similar device ○ WAN switch ■ Used by a provider ○ Router ■ Provides access to the WAN through compatible interfaces such as serial connections ○ Core router/Multilayer switch ■ Backbone router in the core of a WAN Circuit vs Packet Switching ○ Circuit ■ Legacy method, one dedicated connection would be created from point A to point B ■ If traffic was not being sent over connection, bandwidth would be wasted ■ Loss of connection could occur due to network changes and failures ○ Packet ■ All traffic shares the medium ■ Packets of data have addressing data to let internetwork devices know where to send the data ■ Lack of transmission by one location allows for more bandwidth to be used by others ■ Traffic can be rerouted due to network changes and failures Many options for WAN connectivity Private options ○ Leased Line

Andrew Crouthamel











● Public ○



○ ○

Cisco CCNA Training Notes

78

■ Been around since the 1950s ■ Dedicated line ■ Legacy method PSTN ■ Public Switched Telephone Network ■ “Dialup” ■ Legacy method ISDN ■ Integrated Services Digital Network ■ Circuit-switched method ■ 128 kbps maximum ■ Legacy method Frame Relay ■ Uses PVCs which are identified by a data-link connection identifier (DLCI) ■ Supports virtual circuits (VCs) ATM ■ Asynchronous Transfer Mode ■ Can transfer any kind of data ■ Uses cells instead of frames, 53 bytes in size ■ Needs 20 percent more bandwidth than Frame Relay due to overhead MPLS ■ Multiprotocol Label Switching (MPLS) ■ Can carry any traffic including ATM, Frame Relay, etc. ■ Labels tell a router what to do with a packet Options DSL ■ Digital Subscriber Line ■ Combines existing telephone cables into one “cable” that runs Time Division Multiplexing (TDM) to accomplish fast T3+ data rates ■ Uses a filter to allow only low frequencies to the telephone, thus allowing one to share the line for voice and data ■ Most common implementation is asynchronous (ADSL), meaning download bandwidth is different from upload speed, usually the former is greater Cable ■ Uses existing coaxial cable network ■ Shared trunk ■ Data-over-Cable Service Interface Specification (DOCSIS) ● Specifies Layer 1 and 2 Fiber ■ New infrastructure being installed by Verizon, Google, and others Satellite ■ Expensive and slow, usually a last resort or used in very remote areas

Andrew Crouthamel

Cisco CCNA Training Notes

79

○ Cellular ■ 3G/4G is now offering data rates to customers higher than previously available in rural areas, often at a similar price to their existing dial up connections ■ Dedicated wireless routers may be purchased to integrate cellular internet into an existing LAN ○ VPN ■ Virtual Private Network ■ Site-to-site and remote access options ■ Many different technologies, PPTP, L2TP, IPsec, etc. ● Service provider networks ○ Synchronous Optical Networking (SONET) or Synchronous Digital Hierarchy (SDH) ○ SONET is an American ANSI standard, SDH is a European ETSI and ITU standard ■ Essentially the same technology ● Dense Wavelength Division Multiplexing (DWDM) ○ Bidirectional ○ 80 different channels/wavelengths ○ 10 Gbps per channel ○ Used in submarine cables

Serial Point-to-Point ● Common type of WAN ● Frequently used for T1 connections ● Serial means bits are one after another, sequentially, and is the preferred method for modern technologies ○ Other technologies such as parallel printer cables transmitted many bits at once over several wires ● Standards ○ RS-232 ■ Most serial ports on a PCs ■ Both 9 and 25 pin variants ■ Used for many devices ■ Being phased out in favor of USB ○ V.35 ■ Used mostly for modems and T1 routers ○ HSSI ■ Used for T3 routers and other high speed WANs ● Time Division Multiplexing (TDM) ○ Allows for multiple communications to share one link

Andrew Crouthamel

Cisco CCNA Training Notes

80

○ Eliminated the need for wasteful circuit-switched networks ○ Implemented on the physical layer, no need for specific protocols ○ Divides the bandwidth into time slots, allocating channels to each time slot ● CPE is usually a router which is the DTE ● DCE is a device used to convert data from the DTE to a form usable on the WAN ● Bandwidth is usually broken down into Digital Signal Level Numbers (DS0, DS1, etc.) ○ DS0 is 64 kbps ■ Same bandwidth needed for an uncompressed digital phone call ○ 24 DS0’s can be bundled to get a DS1 (T1) ○ 28 DS1’s can be bundled to get a DS3 (T3) ○ etc

WAN Encapsulation ● Protocols ○ HDLC ■ Default encapsulation ○ PPP ■ Uses HDLC but includes security such as PAP and CHAP ■ Used for router-to-router or client-to-network connections ○ Serial Line Internet Protocol (SLIP) ■ Point-to-point protocol, replaced with PPP ○ X.25/Link Access Procedure, Balanced (LAPB) ■ Specifies connections between a DTE and DCE ■ Largely replaced with Frame Relay ○ Frame Relay ■ Uses Virtual Circuits (VCs) ■ Connects networks together via Layer 2 ○ ATM ■ Discussed previously, used in service providers to transfer various protocols ● HDLC ○ Developed by International Organization for Standardization (ISO) ○ ISO 13239 ○ Defines a framing method to provide flow control and error control via acknowledgements ○ Uses frame delimiter to mark beginning and end of each frame ○ Version implemented on Cisco products has additions that are Cisco proprietary, allowing multi protocol support ■ If cross vendor connection is needed, PPP is suggested ● PPP ○ Should be used when connecting to a non-Cisco vendor

Andrew Crouthamel

Cisco CCNA Training Notes

81

○ Provides ■ Framing for transporting multiple protocols ■ Link Control Protocol (LCP) for establishing the connection ■ Network Control Protocol (NCPs) for allowing multiple Layer 3 protocols ● IPv4, IPv6, AppleTalk, IPX, etc. ■ Link quality monitoring and management ■ Security through PAP and CHAP authentication ○ LCP provides ■ Packet size ■ Configuration errors ■ Link termination ■ Link failure ■ Negotiation of encapsulation formats, authentication, compression, error detection ○ Session establishment ■ Phase 1 - Establish link and negotiate configuration ■ Phase 2 - Link quality check ■ Phase 3 - NCP negotiation for Layer 3 protocol ● Configuration ○ int fa0/1 ○ encapsulation hdlc ● show interfaces serial ● show controllers

PPP Configuration ● ● ● ● ● ●

conf t int s0/0/0 encap ppp compress predictor ppp quality 80 - If quality goes under 80%, link will shutdown Multilink - Send traffic over multiple links to same destination ○ int multilink 1 ○ ip address 10.0.0.1 255.255.255.0 ○ ppp multilink ○ ppp multilink group 1 ○ int s0/0/0 ○ ppp multilink ○ ppp multilink group 1 ● show interfaces serial ● show ppp multilink ● Authentication

Andrew Crouthamel

Cisco CCNA Training Notes

82

○ PAP vs CHAP ■ PAP uses a username and password sent in plain text ■ CHAP uses a three way handshake with a shared secret for encryption ○ PAP configuration ■ Username and password configured below on one router, must be the expected username and password received from the other router ■ conf t ■ username R1 password MyPassword ■ int s0/0/0 ■ encap ppp ■ ppp authentication pap ■ ppp pap sent-username R2 password MyPassword ○ CHAP configuration ■ Username and password configured below on one router, must be the hostname and password received from the other router ■ conf t ■ username R1 password MyPassword ■ int s0/0/0 ■ encap ppp ■ ppp authentication chap ● Show commands ○ debug ppp ○ debug ppp packet ○ debug ppp authentication ○ show interfaces serial 0/0/0 ○ show controllers

Frame Relay Basics ● ● ● ● ●

Good, cheaper alternative to dedicated leased lines Uses PVCs which are identified by a data-link connection identifier (DLCI) Supports virtual circuits (VCs) Being phased out in favor of MPLS and VPN over public Internet Can be broken into smaller pieces for purchase, such as 4 kbps instead of the 64 kbps for dedicated lines ● Cheaper because providers can place multiple customers on one circuit ● Encapsulates Layer 3 protocol ● Virtual Circuits (VCs) ○ Connection between two DTEs is a VC ○ Called a VC because there is no dedicated connection, it’s a virtually switched connection like other packet-switched networks ○ Switched Virtual Circuits (SVC)

Andrew Crouthamel



● ●







Cisco CCNA Training Notes

■ Created by sending messages to the network ○ Permanent Virtual Circuits (PVCs) ■ Preconfigured by the carrier, most common ○ Defined by DLCIs ■ Defined by provider as well ■ No significance beyond the local link ■ Each side could have a different DLCI ○ Many VCs can be on one physical line Topologies ○ Star (hub and spoke) - Most common ○ Full mesh - Very expensive ○ Partial mesh - Sometimes used for large networks Uses Inverse ARP to resolve IP to DLCI Can override Inverse ARP with static mappings ○ frame-relay map … [ietf] [cisco] ■ Use ietf when connecting to other vendors Local Management Interface (LMI) ○ Keepalive to provide information about connections between DTE and DCE ○ Every 10 seconds ○ show frame-relay lmi ○ Can also do multicasting, status messages, global addressing, flow control Committed Information Rate (CIR) ○ Guaranteed bandwidth customer pays from provider ○ Providers can also allow bursting of traffic over the CIR Flow Control bit ○ Simple, does not do it per-VC ○ Forward Explicit Congestion Notification (FECN) - Towards destination ○ Backward Explicit Congestion Notification (BECN) - Towards network ○ When set to 1, it warns of congestion ○ DE bit in header can be set to 1 to identify lower priority traffic and may be discarded if necessary

Frame Relay Configuration ● ● ● ● ● ● ● ●

conf t frame-relay switching int s0/0/0 ip address 10.0.0.1 255.255.255.252 encap frame-relay [cisco] [ietf] frame-relay intf-type dce clock rate 9600 bandwidth 1536

83

Andrew Crouthamel

Cisco CCNA Training Notes

84

● ● ● ●

frame-relay interface-dlci 100 frame-relay map ip 10.0.0.2 100 [broadcast] show frame-relay map Split horizon becomes an issue when using multiple VCs with routing protocols ○ Can be solved by disabling split-horizon, or using subinterfaces ■ Same as doing so on a switch ○ interface s0/0/0.100 point-to-point ○ ip address 10.0.0.1 255.255.255.0 ○ bandwidth 1536 ○ frame-relay interface-dlci 100 ● Show commands ○ show interfaces ○ show frame-relay lmi ○ show frame-relay pvc ○ clear frame-relay inarp ○ show frame-relay map ○ debug frame-relay lmi

PPPoE Configuration ● ● ● ● ● ● ● ● ● ● ●

conf t interface dialer 1 encap ppp ip address negotiated ppp chap hostname ProviderRouter ppp chap password ProviderPassword ip mtu 1492 - Required to ensure fragmentation does not occur due to additional PPPoE header dialer pool 1 int fa0/1 pppoe enable pppoe-client dial-pool-number 1

VPN Basics ● Allow for secure remote access from the road, or between two locations ○ Remote access is usually handled through VPN software on the client and either VPN hardware or operating system as the main site ■ May be IKE/IPsec, SSL, L2TP, PPTP ○ Site-to-site is usually handled through firewall hardware, although server operating systems can do it as well

Andrew Crouthamel

Cisco CCNA Training Notes

85

■ Usually IKE/IPsec, but L2TP and PPTP also possible ● Cheap solution if looking to save money and not purchase a connection from a provider ○ May not be as reliable, no quality guarantee since it traverses public internet ● Original VPNs used Generic Routing Encapsulation (GRE) which offered no authentication or encryption ● IPsec now provides authentication and encryption of various kinds to ensure data integrity and security ○ DES, 3DES, AES 128/192/256 ○ Internet Protocol Security (IPsec) ○ Runs on Layer 3, authenticating and encrypting IP packets ■ Thus, almost all applications can be secured with IPsec ■ Can run over any Layer 2 protocol such as Ethernet, ATM, Frame Relay ○ Modular and allows for different algorithms to be used ■ MD5, SHA, DES, 3DES, AES, etc. ○ Provides ■ Confidentiality (encryption) ■ Data Integrity ■ Authentication ■ Anti-Replay Protection ○ Encryption Algorithms ■ Note: DES (56 bit) and 3DES (168 bit) are no longer considered secure, also, 512 bit and 768 bit RSA has been cracked and not recommended ● Recommended to use AES and 2048 bit RSA (if using RSA) ■ Symmetric vs Asymmetric ● Symmetric - “Shared key”, each side has same key/password ○ Decently secure, especially with AES-256, and fast ● Asymmetric - Different key for encryption and decryption ○ Considered more secure but much slower ■ IPsec uses symmetric encryption, but uses an asymmetric algorithm (Diffie-Hellman) to share keys to enable the symmetric encryption ● Many different bit levels for additional Diffie-Hellman security, more bits is more secure, but some are designed to work with certain encryption algorithms ○ Such as DH Group 5 or 14 and AES-256 ■ Advanced Encryption Standard (AES) - Uses Rijndael cipher which won a contest run by the National Institute of Standards and Technology of the United States (NIST) to replace the aging DES algorithm ● AES-128 would take about 100 billion years to crack with brute force. For comparison, the universe is about 13 billion years old. And, it re-keys every 8-24 hours usually based on configuration. So someone would have to crack that 100 billion year algorithm within 8-24 hours. And then there’s AES-256... ■ More encryption (more bits) means more security but slower

Andrew Crouthamel

Cisco CCNA Training Notes

86

encryption/decryption ● VoIP and video may not work well with VPNs offering high level of encryption ○ Data Integrity ■ Two common hashing algorithms used to ensure data integrity ● MD5 - 128 bit key, starting to be considered insecure due to work on hacking it ● SHA - SHA-1 is a 160 bit key, there are also 256, 384, and 512 bit versions ○ Authentication ■ PSK - Most common implementation, each side has a pre-shared key/password configured ■ RSA signature - Certificates may be shared with each side ○ Confidentiality ■ Authentication Header (AH) - Does not encrypt packet ■ Encapsulating Security Payload (ESP) - Encrypts packet ● IPsec - Uses UDP 500/4500 ○ Traditional method, uses client software on PC ○ Cisco offers ■ Cisco Easy VPN ● Requires Cisco VPN Client installed ● SSL - Uses TCP 443 ○ Convenient since it can get around many firewalls in hotels and such ○ Client software for PCs also seem to be less buggy ○ Industry appears to be transitioning to SSL as the preferred method due to ease of use ○ Cisco offers ■ Cisco AnyConnect Secure Mobility Client with SSL ● Requires AnyConnect client installed ■ Cisco Secure Mobility Clientless SSL VPN ● Requires a web browser

GRE Tunnel Configuration ● ● ● ● ● ● ● ●

IETF RFC 2784 Offers no authentication or encryption Can be useful for routing other protocols through a network Stateless conf t int Tunnel0 tunnel mode gre ip ip address 192.168.100.2 255.255.255.0

Andrew Crouthamel

Cisco CCNA Training Notes

87

● tunnel source 4.2.2.1 ● tunnel destination 8.8.8.8 ● Show commands ○ show ip interface brief ○ show interface tunnel ○ show ip ospf neighbor

Syslog Basics ● ● ● ●

Many systems produce log data in a standardized format IETF RFC 3164 UDP 514 Levels ○ 0 - Emergency ○ 1 - Alert ○ 2 - Critical ○ 3 - Error ○ 4 - Warning ○ 5 - Notice ○ 6 - Informational ○ 7 - Debug ● Configuration ○ conf t ○ logging 192.168.1.99 - Send syslog to server ○ logging trap 4 - Sends 0-4 level messages only ○ logging trap warning - Same as above ○ logging source-interface fa0/1 - Optional, defines which interface IP is stamped on log messages ● Timestamps ○ conf t ○ service timestamps log datetime ● Show commands ○ show logging

SNMP Basics ● Simple Network Management Protocol (SNMP) ● IETF RFC 1157, 1901-1908, 2273-2275 ● Used to retrieve metrics and settings, as well as set settings of devices ○ Setting of configurations not often used due to security concerns, even with SNMPv3 available now (which offers enhanced security)

Andrew Crouthamel

Cisco CCNA Training Notes

88

● UDP 161 for retrieval, traps sent on UDP 162 ● Uses Object Identifiers (OID) assigned by ISO which define the metrics that can be retrieved or set on a device ● Management Information Base (MIB) files are hierarchical collections of OIDs that describe the OIDs available for a device, data format, valid ranges, etc. ○ I like to think of MIBs as: MIBs are to OIDs as DNS is to IPs ● Retrieval of SNMP values are often done from an SNMP server on a schedule of X number of seconds, called “polling”, sent to the devices and requesting a variety of OID values ○ Uses UDP 161 ● SNMP Traps are sent from a device to the SNMP server when something changes, usually something like a hardware failure, enabling a new interface, unplugging a cable, etc. and usually describe just one OID change ○ Uses UDP 162 ● Versions ○ SNMPv1 ■ Old, RFC 1157 ■ Not often used anymore ■ When a server queries a device, it polls the entire tree, very wasteful ■ Uses a “community string” as a shared password to offer some form of security ■ Used mostly for “get” requests to retrieve values ○ SNMPv2c ■ RFC 1901-1908 ■ Used in most production networks ■ Queries are much more efficient, polling only OID values it needs ■ Uses a “community string” as a shared password to offer some form of security ■ Used mostly for “get” requests to retrieve values ○ SNMPv3 ■ RFC 2273-2275 ■ Becoming more popular but device support is still not complete ■ Provides authentication and encryption ■ Sees more use than 1 or 2c for “set” requests to set values ● Separate community strings can be set for “get” (ro) and “set” (rw) ● Configuration ○ snmp-server community MyPassword ro ○ snmp-server location The Location of Device ○ snmp-server contact Contact Person ○ snmp-server community MyPassword ACL - Restrict SNMP via ACL ○ snmp-server host 192.168.1.99 version 2c MyPassword - Define server to send traps to and SNMP version ○ snmp-server enable traps

Andrew Crouthamel

Cisco CCNA Training Notes

89

● Show commands ○ show snmp ○ show snmp community

NetFlow Basics ● Provides statistics on traffic flowing through a router or Layer 3 switch ○ Source/destination, port, byte counts, etc. ● Flexible NetFlow is the latest version ○ Uses Version 9 export format ■ Template-based ○ Many commands introduced with IOS 15.1 ● Netflow is unidirectional ○ Clients send/receive traffic, so one flow capture will only see one direction, one must configure two flow captures on an interface to get both directions ● Configuration ○ conf t ○ int fa0/1 ○ ip flow ingress ○ ip flow egress ○ exit ○ ip flow-export destination 192.168.1.99 2055 - Common ports are 99, 2055, 9996 ○ ip flow-export version 5 ● Show commands ○ show ip cache flow ○ show ip flow interface ○ show ip flow export

Credits ● Thank you to all my backers! ● They came from all over the world: ○ Australia ○ Austria ○ Bahrain ○ Brazil ○ Canada ○ Estonia ○ Finland

Andrew Crouthamel

○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

Cisco CCNA Training Notes

Germany Greenland Ireland Luxembourg Netherlands New Zealand Norway Peru Russian Federation Singapore Slovenia Sweden Switzerland United Kingdom United States

● Backers: ○ @TwirX ○ Aaron Newark ○ ACP ○ ACS ○ Adam Cornwell ○ Adam Kuyper ○ Adiel ○ Ajay Patel-UTSA Association of Information Systems ○ Alex Broque ○ Alex Gonzalez ○ Alex Wilkinson ○ Andrew Green ○ Andy Bradford ○ Andy Mc ○ Anthony Parker ○ Anthony Z Foster ○ Aref Mourtada ○ Arysta ○ Ashley ○ BT ○ B. Paggen ○ bakednoodle ○ Bart Fibrich ○ Ben Doyle ○ Ben Ellett ○ Ben Story

90

Andrew Crouthamel

○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

Cisco CCNA Training Notes

Betsy Nickel BigDave Bill Bradford Bill Wood Billy Bennett Blake Johnson Bob Zabaga Brandon Karis Brandon Pierce Brendan Best @ Grey Earth Brett Kuhlman Callen Trail Carlo M. Cau5tik chalberg Chase Hoffman Chris Chris Dudek Chris O'Grodnick Chris Padilla Chrisg Gibbs Christine Oei Christopher Green Christopher Thomas Cody Wilson Compupaq Computer Chip dot Biz Connor Ness Core Systems Technology Craig Arnold D Choo D.Kravchuk Dale Virgin Damian Van Dooren Dan Metzger Daniel Brown Daniel Hatke Daniel L Daniel T. Briggs Darrell Stanley Darth Vader David L David Rose

91

Andrew Crouthamel

○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

Cisco CCNA Training Notes

Deep Breath Technologies Derek "skwerl" Gray Derek Boge Derek Degenhardt Dimitry Dok Dominic Dominic A Dominic Kallas Dominic Watkins Douglas Philips Dr. Laronski Duane G. Dustin Adams dyung Ed Knudsen Eddi Hughes Electronic Production Services Elias-John Fernandez-Aubert Eric Ness Eric Rivas Espen Alexander Strømme Farrukh Bashir - FB Creations Firas Alnemer For I Am CJ Franklin Leung Fred söderberg Galen Muir GenericName21 Geoffrey Cameron George Vanburgh George Velios Gerzain Maldonado Padilla Gordon Dexter Hai D. Nguyen Henrik Lindhe Hush Ian Barker Ian Fosso Ian W Stearns Ickypoopy Imran Lone inux

92

Andrew Crouthamel

○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

Cisco CCNA Training Notes

io Networks ipSpace.net J. Cyganowski Jack Jacob W. James Gannon James Geiger James Godwin Jamey Rush Jamie MacFarlane Jamie Mitchell Jamie Piperberg Jase Jason Bob Gerschwin Samperi Jason Carpenter Jason Chen Jason Colby Jason Mills Javier Umpierrez Jay Johnson Jerad Jackson Jeremy Jethro Nederhof Jim Pacek Joe Ficocello Joe Zang Joel Anderson Joel Francois John John Bergoon John Miller John Shumway Jon Schillinger Jonathan Allen Jonathan Bucud Jonathan Gonzalez Jonathan Hazan Jonathan Tite Jordan Harder Jordan R. Villarreal Joseph Taylor Josh Connors Josh Vazquez

93

Andrew Crouthamel

○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

Cisco CCNA Training Notes

Joshua Graham Joshua M. Cowles Joshua Michael Hublar Joshua Miller Joshua R. Aulik Justin Clay Justin Kahrs Justin Los Keith Gates Ken Reinertson Kenneth J Bass Kenneth Katz Kevin Clack Kevin Low Kevin Vo Kieran Innes Kirk MacArthur kkfong Kris Amundson Kurtis Kylar Grey Kyle Reilly Kyle Root L. Nick Lee Holbrook Leron Culbreath Lester Covax Loren C Gordon Louis T. Luke Wallis LV Lynn Dixon Maikel Lodewijk [NL] Marc Tinnemeyer Marcus Daniels Marion Dominador Cravens Marlon Cook Marvin Bricker Matt Baird Matt Bloomfield Matt Byrd Matt Forman Matt Robinson

94

Andrew Crouthamel

○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

Matt Tatum Matthew Breckenridge Matthew Swinburne Matthew Wagner Melissa Bernetsky Michael Boutin Michael Edwards Michael Fletcher Michael J. Biase Michael Jacobson Michael Kahnoski MICHAEL L WALK3R Michael Lycett Michael Mayer Michael Pena Michael Richards Michael Segal Michael Stubbs Michel Fortier Miguel Carrero Mikael Ljungman Mike Kraus - Cisco MikeIT Millar Clelland Mooch Page Nathan Strebel Nathan Thorpe NETHINKS GmbH Netwurx Nicholas Boller Nicholas Robinson-Wall Nick Stadler Norm M. Zastre Oskar Andersson Patrick McGirr PatrickH Paul C. Cook Paul Fischer Paul J. Turner Pete Baldridge Peter Thorne Philipp Bieber Rafael Bianco Nacif

Cisco CCNA Training Notes

95

Andrew Crouthamel

○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

Cisco CCNA Training Notes

Ray Perkins Raymond Hernandez Reggie L. Richard Clyne Richard Hiers Rick Guyton Riffy Divine Rob Bruner Rod MacPherson Rolf Røsand Roman Belogurov Ross Parlette Ross Wilson Rudy Brunetti Rudy Giacchetti Ryan "ryanknapper" Knapper Ryan Broadfoot Ryan Heath Ryan Holder S. Bearden Sam Aschwanden Sam Girtman Schoemaker IT Scott Olson Scott Reed Sean R ShaTT Shawn Morford Si B. Sid McLaughlin Simon Wagner SJM Steffann spkujis Sriram Sriram Sridharan Stan Yamane Stan Zieg Stephen Bush Stephen W. Chen Steven Fitkin Steven M. Miano Steven Nuhn Stewart Lewis Jr

96

Andrew Crouthamel

○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

Cisco CCNA Training Notes

Syed Asad Zahoor T.J. Pile Tafsir Thiam TapIT Solutions TechFleece.com The Cabalse Group The Source Computing Group Theodore Runk Tim Kelsch Tim Miller Tim Reynolds TJ333 Tom Cannon Tom Nielsen Tony Miller Tony Testa Tuncay Sagir uebi.net Van Johnson Victor Bredholt Vidar Salte Warren T Ridings Wee Eng Hin WettestHat.com William D Lipira William Lee William Sanderson William Woodward Zafo129 Zedd Epstein zot171 ...And those who wished to be anonymous!

97

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF