CCNA Revision Notes – By C. T. Amos
BASICS
OSI
7 – Application
6 – Presentation
5 – Session
4 – Transport
Protocols
FTP, Telnet, etc
HTML
Devices
3 – Network
2 – Data Link
1 - Physical
IP, IPv6,
Router
PPP, Frame-Relay, etc NICs, Switch
Repeater, Hub
TCP, UDP
802.11 – Wireless
RSTP = 802.1w
802.5
– Token Ring
STP = 802.1d
802.ab – 1G Ethernet (1000 BASE-SX), uses CSMA/CD
802.3z – 1G Ethernet (1000 BASE-T), uses CSMA,CD
802.3u – 100MB Ethernet (100 BASE-TX)
802.3ae – 10G Ethernet, approved in 2002.
Private IP Addresses:
10.0.0.0
172.16.0.0
192.168.0.0
10.255.255.255
172.31.255.255
192.168.255.255
Common Protocol Ports:
RIP – UDP 521
TFTP - 69
SSh - 22
Telnet – 23
FTP – 20 & 21 on
TCP
SMTP – 25
POP3 – 110
DNS – 53 on both
TCP & UDP
Page 1
CCNA Revision Notes – By C. T. Amos
Password Recovery
Boot Process
Default Sequence for
Loading an OS
Default Sequence for
Loading the
Configuration File.
Ø NVRAM
Ø Reboot Router
Ø POST
Ø Flash
Ø CTRL + Break
– To interrupt
boot process.
Ø Locate IOS
using
bootstrap.
Ø TFTP Server
Ø TFTP Server
Ø Setup Dialog
Ø confreg
0x2142
Ø Load IOS
Ø ROM (mini
IOS or
Bootloader or
RXBoot)
Ø reset
Ø Load
Configuration
file into
running
config.
Runt – A packet size smaller than the medium’s minimum packet size. Usually anything less
than 64kb. Can be caused by collisions, faulty NICs, duplex mismatch, and 802.1q & ISL
mismatch.
Troubleshooting Steps:
1. Ping loopback/diagnostics IP address – 127.0.0.1
2. Ping local PC IP address – Shows TCP/IP stack is properly installed.
3. Ping Default Gateway
4. Ping remote server.
Page 2
CCNA Revision Notes – By C. T. Amos
CISCO IOS
Router Modes
Ø User exec mode – Router>
Ø Privileged exec mode – Router#
Ø Global Configuration mode – Router(config)#
Ø Specific Configuration mode – e.g. Router(config-if)#
Ø Setup mode – Would you like to enter the initial configuration dialog? [yes,no]:
Banner Types
Ø MOTD Banner
Ø Login Banner
Ø Prompt time-out Banner
Line Configurations:
Auxiliary, Console, Telnet
line con 0
password amos
login
exec-timeout 0 – prevents the console from timing out
logging synchronous – stops annoying console messages from popping up and disrupting the
configs you’re trying to type
terminal monitor – Allows you 2view the debug output of or router you are telnetted into.
Secure Shell (SSh) – Alternative to Telnet. Sends encrypted keys.
config t
username amos password ccna
hostname cisco
ip domain-name amos.com
crypto key generate rsa general-keys modulus 1024 – (Can be from 360 to 2048. RSA is an
encryption algorithm).
ip ssh time-out 60 – Makes the ssh connection timeout after 60 secs of being idle.
ip ssh authentication-retries 2 – Allow on 2 incorrect password entry attempts
line vty 0 15
transport input ssh – This restricts telnet access to ssh only
login local – Causes a prompt for a username and password in the local database.
Page 3
CCNA Revision Notes – By C. T. Amos
Router Name and Password
hostname cisco
enable password/secret amos
service password-encryption – encrypts passwords entered b4 & after this command.
Pipe
sh run | begin interface –Means show the running config beginning with info on interfaces.
sh ip route | include 192.168.3.32 – Find this IP in the routing table
sh run | redirect – Can be used to redirect output to a URL.
Setting DCE Clock Rate:
int s0/0/1
clock rate 64000
do sh controllers
Bandwidth / Port speed
Int f0/1
Speed 100 – limit port operation to 100Mbps
Copying and Erasing
copy run start or copy stat run
copy run tftp 10.1.1.1
copy start tftp 10.1.1.1
copy tftp run or copy tftp start
sh run or sh start
erase start
Other Commands
ping 10.1.1.1 – or, for an Extended PING just type ping followed by the return key and you can
determine the following PING variables:
a. Datagram size,
b. Timeout value,
c. Protocol,
d. Source IP address
e. traceroute 10.1.1.1
telnet 10.1.1.1 (or just 10.1.1.1 – automatically understood 2b a telnet command).
a. sh sessions – Allows you to see all the multiple telnet connections open
b. ctrl + shift + 6… + x.- Returns to current router
c. resume 2, or 3 etc– Resumes connection to one of open sessions.
d. Disconnect 2, or 3 etc
sh processes – This command shows CPU utilization to determine if the device will be able to
handle the debug command for instance.
Page 4
CCNA Revision Notes – By C. T. Amos
sh ip int
sh ip int br
sh protocols
Configuration Register: (0x2102 = Default)
config-register 0x2142 - means ignore NVRAM contents and is used 4password recovery.
reload
Backing up and Restoring the IOS
copy flash tftp
copy tftp flash
CDP – Cisco Discovery Protocol
sh cdp neighbor
sh cdp nei detail
int f0/1
cdp enable
no cdp run
Resolving Hostnames Manually:
ip host router2 10.1.1.1
Resolving Hostnames Dynamically:
ip domain-lookup
ip name-server 10.1.1.2 – The DNS Server.
ip domain-name amos.com
Static Routing
Default Routing (for Stub Networks)
Ip route 0.0.0.0 0.0.0.0 192.168.0.10 (next hop or exit interface, s0/0/1 etc)
Ip classless
Gateway of Last Resort:
ip route 0.0.0.0 0.0.0.0 196.24.31.8
Or
ip route 0.0.0.0 0.0.0.0 s0/0/0
Or
ip default-network 196.24.31.0
public ip add of Gateway connected to ISP
Page 5
CCNA Revision Notes – By C. T. Amos
Routing Protocols:
Route Source
Connected Interface
Static Route
EIGRP
IGRP
OSPF
RIP
External EIGRP
Unknown
Administrative
Distance
0
1
90
100
110
120
170
255 – never used
Ø Distance Vector Routing Protocols – RIP & IGRP (Send & receive routing info to
directly connected routers periodically).
Ø Link state – OSPF & IS-IS. (Send and receive routing info 2 all routers in the
Autonomous System (AS), have 3 tables in the routing table.)
Ø Hybrid – EIGRP
Solutions to Routing Loops (Counting 2Infinity)
1. Maximum hop count, e.g. not more than 15 for RIP.
2. Split horizon – A router cannot advertise a path back 2the router from which it received
that data.
3. Route Poisoning – A router continues 2advertize an unavailable network but will assign
2it a metric hop count of 16 (unreachable).
4. Hold down – Prevents updates from happening too quickly when an unavailable route
comes up again or vice versa coz this slows down the network. Useful in wireless
networks.
RIP Timers
1. Route update timer – Self explanatory and occurs every 30s.
2. Route invalid Timer – a router waits 180s b4 specifying a route as invalid.
Page 6
CCNA Revision Notes – By C. T. Amos
3. Hold down timer – 180s
4. Route flush Timer – 240s. The time between a route becoming invalid & the time it is
removed from the routing table.
RIPv2 uses multicast 224.0.0.9
IGRP
1. Maximum hop count of 255 (100 by default).
2. Uses a composite metric of bandwidth and delay by default but can also use MTU,
reliability & load.
3. Updates every 90secs.
EIGRP
Uses multicast 224.0.0.10.
All routing protocols are able to provide Load Balancing for equal cost paths. But only IGRP &
EIGRP can load balance unequal cost paths (using the variance command).
1. Fastest convergence time of all the routing protocols.
2. Uses bandwidth and delay (cumulative line delay) as metric. Can also use load,
reliability, & MTU size.
3. Supports VLSM (Variable Length Subnet Masks) & CIDR (Cisco Inter Domain
Routing.)
4. Supports discontiguous networks – using the no auto-summary command.
5. Supports IPv6 using Protocol-Dependent Modules (PDMs).
6. Classless
7. Efficient neighbor discovery – Uses Hellos & Acknowledgements.
Page 7
CCNA Revision Notes – By C. T. Amos
8. Communication via RTP (Reliable Transport Protocol)
9. Best path selection using DUAL (Diffusing Update Algorythm)
Features:
Ø Feasible Distance – Best path/metric to a destination.
Ø Neighbor Table – Each PDM has its neighbor table.
Ø Topology Table
Ø Feasible Successor – Backup route stored in the Topology table. EIGRP has 6 feasible
successors by default.
Ø Successor – Best route. Stored in the Routing table and backed up by the feasible
successor.
EIGRP is able to redistribute manually and automatically.
EIGRP Tables:
Neighborship Table
Topology Table
Routing Table
Configuration Examples:
router eigrp 10
passive-interface s0/0/1 – preventing EIGRP from sending routing info out particular interfaces.
no auto summary – required for discontiguous networks. Also necessary so the specific networks
can be advertized, not just the 172.16.0.0/16 summary.
Redistribution: So EIGRP and another routing protocol such as RIP can communicate.
Page 8
CCNA Revision Notes – By C. T. Amos
Changing bandwidth & Delay for EIGRP:
router eigrp 10
bandwidth 128560
delay 300000
EIGRP Commands.
sh ip route eigrp
sh ip eigrp topology
debug eigrp pockets
debug ip notification – Only has data if there is a problem with the network
sh ip eigrp nei
H Address Interface
I 10.1.1.2
S0/0/1
Hold
14
Uptime SRTT RTO Q Seq
00:14:10 1
200 0 81
Page 9
CCNA Revision Notes – By C. T. Amos
OSPF – (Open Standard)
Uses multicast address 224.0.0.5 and sends data via Hello packets and LSAs.
Supports Authentication.
Max OSPF priority = 255
Default OSPF priority = 1
Least OSPF priority = 0
1. Uses the Dijkstra algorithm
2. Open standards
3. Fast convergence
4. Supports VLSM / CIDR
5. Uses Automomous Systems & Areas
6. Allows scalability
7. Unlimited hop count
8. Multicast route propagation on change
Features:
Ø ASBR – Autonomous System Border Router - Connects 1 OSPF AS to another.
Ø ABR – Area Border Router – Connects a router to a backbone router or Area 0.
Ø Link – A router interface.
Ø Router ID (RID) – Highest IP address of all interfaces on a router, or the highest
loopback IP add if the router has one.
Ø Designated Router (DR) – The router elected to receive and disseminate routing info to
other routers on a network.
Page
10
CCNA Revision Notes – By C. T. Amos
Ø BDR – Backup Designated Router.
Ø Broadcast / Multi-access Networks – e.g. Ethernet. The DR & BDR are elected on
these networks.
Ø Non-Broadcast Multi-access Networks (NBMA) – e.g. Frame Relay, X25, & ATM.
Also elect a DR and BDR.
Ø Point-to-Multipoint – No DR & BDR elected.
Ø Point-to-Point – Here 2 routers can be directly connected either physically or virtually
using Frame Relay circuits.
OSPF uses Wildcards.
OSPF uses the cost metric, & it’s accumulated over all the exit interfaces to a given destination.
10N = 100Mbps = a Cost of 1.
10Mbps = a Cost of 10
64Kbps = 1563
Process ID
OSPF commands:
network 10.0.0.0 0.0.255.255 area 2 – This wild card means from 10.0.0.0 to 10.0.255.255
sh ip ospf – Gives the RID & Area number.
sh ip ospf database – shows the RIDs of all the routers in the AS.
sh ip ospf int f0/1 – shows the IP add, RID, Process ID, Cost, Network type, DR/BDR.
sh ip ospf nei
sh ip protocols
debug ip ospf packet
debug ip ospf hello
debug ip ospf adj
Page
11
CCNA Revision Notes – By C. T. Amos
DR & BDR Election Process:
Setting Loopback Addresses
Then reload router
The loopback add will be the RID but will not override the router-id command:
router ospf 1
router-id 10.1.2.23
Setting Priority:
int f0/1
ip ospf priority 2
Configuring Summary Routes
router ospf 1
network 192.168.10.64 0.0.0.3 area 1
network 192.168.10.68 0.0.0.3 area 1
area 1 range 192.168.10.64 255.255.255.224
This will summarize all networks from Area 1 as one entry of 192.168.10.64/27.
Page
12
CCNA Revision Notes – By C. T. Amos
SWITCHING
Switching works through the use of ASIC (Application Specific Integrated Circuits).
Switch Characteristics
1. Address Learning – When MAC addresses are learned, they’re placed in a MAC
Forward/Filter Table.
2. Forward Filter
3. Loop Avoidance
Features:
Ø STP – Uses the Spanning Tree Algorithm (STA)
Ø Root Bridge – The Bridge/Switch with the lowest Bridge ID
Ø Bridge ID – Combination of MAC add plus priority
Ø Non-Root Bridge
Ø BPDU – Bridge Protocol Data Units. Messages sent to & from each switch containing
STP info.
Ø Root Port – The port directly connected to the root bridge.
Ø Designated Port – Forwarding port. Has lowest cost on a switch.
Ø Blocked Port – Will not forward frames but will listen. Used 2prevent loops.
Spanning Tree States:
Ø Blocking – Prevents loops. Listens for BPDUs.
Ø Listening – Prepares to forward frames, listens for BPDUs.
Ø Learning – Populates the MAC Add Table
Ø Forwarding – Forwards frames if it’s a root port, learns MAC addresses.
Page
13
CCNA Revision Notes – By C. T. Amos
Ø Disabled – Does not participate in STP but receives BPDUs.
Forward Delay – Period of time from listening state to learning state, 15s by default.
Switch Configuration Commands:
sh mac-address table
sh port-security int f0/1
ip default gateway 10.1.1.1 – Assigns a default gateway to a switch in order to access the switch
remotely.
spanning-tree vlan 1 priority 4096
int range fastethernet 0/1 – 12
Security
sp portfast
sp bpdu guard enable – Guards against creating loops if a switch is connected to this port.
sp bpdu filter enable – Prevents port from receiving BPDU packets.
sp portfast default – Enables portfast on all access ports.
Rapid Spanning Tree Protocol (RSTP)
spanning-tree mode rapid-pvst
STP standard = 802.1w
RSTP std = 802.1d
EtherChannel:
Ø For bundling multiple links into 1.
Ø The multiple connections to devices can be used simultaneously, thus increasing
bandwidth.
Page
14
CCNA Revision Notes – By C. T. Amos
Ø Redundancy is still present.
int port-channel 1
int range f0/1 – 2
switchport mode trunk – Creates a trunk port used between switches.
switchport nonegotiate – Prevents switches from auto detecting the type of link.
channel-group 1 mode desirable
Static Mac Address
config t
mac-address-table static aaaa.bbbb.cccc vlan 1 int f0/1
How to make a Switch the Root Bridge:
1. Reduce priority
2. spanning-tree vlan 1 root primary
Ø Works only if all switches have same priority.
Ø Will have 2b configured for the Vlan.
VLANS
A Vlan is a logical segmentation of a network. It is a broadcast domain and a router is therefore
required for inter Vlan communication.
Features:
Ø Static Vlans – Self explanatory
Ø Dynamic Vlans – This requires a database of MAC & IP addresses and info about which
Vlan they belong to. Requires VMPS to function.
Ø VMPS – VLAN Management Policy Server. Maps MAC addresses to Vlans.
Ø Access Port – Belongs one particular Vlan and does not look at source addresses.
Ø Trunk Port
a. Belongs to all Vlans and carries Vlan info.
b. Can use DTP (Dynamic Trunking Port) for negotiation of port mode.
Page
15
CCNA Revision Notes – By C. T. Amos
c. Vlan traffic is multiplexed over a trunk port.
Ø Frame Tagging – A frame is tagged with info about the Vlan it’s destined to.
Ø PVID – Default Port Vlan ID. Identifier that passes through native Vlan or Vlan 1, on the
trunk port.
VLAN Identification Methods:
1. ISL – Inter-Switch Link. Cisco proprietary protocol used for fast gigabit Ethernet only.
2. IEEE 802.1q – International standard. Adds a header to the frame with Vlan info.
3. VTP
a.
b.
c.
d.
Vlan Trunking Protocol
Offers Vlan trunking over mixed networks e.g. Ethernet & ATM, etc.
Dynamically reports additions of extra Vlans.
Learns normal range Vlans (1-1005) but no Extended Vlans (1006 - 4094).
VTP Modes
Ø VTP Server – Creates, edits, and deletes VTP database info. Save database in NVRAM.
Ø VTP Client – Updates and forwards updates but does not save them.
Ø VTP Transparent Mode – No new Vlan updates are saved. Forwards updates but does
not look at them or save them in its database.
vtp mode server
vtp domain amos
vtp password cisco
VTP Pruning – Means Vlan X broadcast is not sent to switch without Vlan X on it. Vlans 1 to
1001 can be pruned:
int f0/1
switchport trunk pruning vlan 3 – 4
Do sh int trunk
This command configured on one switch will
automatically b enabled on the entire network.
Page
16
CCNA Revision Notes – By C. T. Amos
Assigning Vlans
conf t
vlan 2
name marketing
do sh vlan
Assiging Ports
int f0/1
switchport mode access
switchport access vlan 3
Trunking
int f0/1
switchport trunk
encapsulation dot1q (or isl)
switchport mode trunk
Blocking & Allowing certain Vlans on a trunk Port
int f0/1
switchport trunk allowed remove vlan 4 – 12
no switchport trunk allowed vlan – Allows all Vlans.
To change Native VLAN from VLAN 1 (for security purposes)
switchport trunk native vlan 3
Creating Sub Interfaces & Assigning Subnets to a Router
VLAN3
VLAN2
On the Switch:
Int f0/1
Switchport mode trunk
Switchport trunk encapsulation dot1q
On the Router:
int f0/1.2
encapsulation dot1q 2
ip add 10.1.1.1 255.255.255.0
int f0/1.3
encapsulation dot1q 3
ip add 10.1.2.1 255.255.255.0
Page
17
CCNA Revision Notes – By C. T. Amos
SECURITY:
a. Cisco IOS Firewall
b. Access Lists (ACLs)
c. NAT
A ) Features of the Cisco IOS Firewall
1. Intrusion Detection – References 102 intrusion detection signatures.
2. Firewall Voice Traversal – Support SIP (Session Initiation Protocol).
3. ICMP – Filtering ping & traceroute packets etc.
4. Authentication Proxy – Requires authentication from users b4 granting them access to
network resources. Profiles are kept on a RADIUS or TACACS Server.
5. DoS – Detection and prevention of Denial of Service attacks.
6. Stateful IOS Firewall Inspection Engine – Gives users access only to a particular
application. Also called CBAC (Context Based Access Control).
B ) Traffic Filtering Techniques:
Ø Time based Access Lists.
Ø Peer router authentication.
Ø Policy based multi-interface support.
Standard Access Lists – Only make decisions based on source IP add.
Extended Access Lists – Evaluates many other fields in layer 3 & 4 headers.
There is an implicit deny at the end of every access list.
Access List Rules:
Ø Rule 1 – Place IP std access lists as close to the destination as possible
Ø Rule 2 – Place Extended ACLs as close 2the source as possible.
Page
18
CCNA Revision Notes – By C. T. Amos
Ø Rule 3 – One ACL per interface pr protocol per direction
Rules For Regulating ACLs For Traffic From The Internet To The LAN
Ø Rule 1 - Deny entry from any addresses from the internal network
Ø Rule 2 - Deny any local host addresses (127.0.0.0/8)
Ø Rule 3 – Deny any reserved private addresses
Ø Rule 4 – Deny any multicast IP add range (224.0.0.0/4)
ACL Numbers :
Ø 0 -99 = Standard
Ø 100 – 199 = Extended
Ø 1300 – 1999 = Expanded std
Ø 2000 – 2699 = Expanded extended
Configuration Examples:
access-list 10 deny any – similar to access-list 10 deny 0.0.0.0 255.255.255.255
access-list 10 deny 10.1.1.1 – Denies a single IP address
access-list 10 deny 10.1.1.0 0.0.3.255 – Using wildcards
access-list 10 permit any – Required because of the implicit deny.
int f0/1
ip access group 10 out
sh access-list 10
sh ip access-list
sh ip int
Extended ACLs
Page
19
CCNA Revision Notes – By C. T. Amos
Limiting Telnet Access
Access-list 10 permit 10.0.0.1
Access-list 10 permit 10.0.1.1
Line vty 0 5
Access-class 10 in
If port 23 or telnet traffic is blocked with an extended ACL from host A to network X, all telnet
traffic from network X to host A will automatically be blocked as well.
Advanced ACLs:
Ø Named ACLs
Ø Switch Port ACLs
Ø Time-Based ACLs
Named ACLs:
conf t
ip access-list standard BlockFinance
deny 10.0.0.8 0.0.0.7
permit any
exit
int f0/1
ip access-group BlockFinance out
Switch Port ACLs:
deny any host aaaa.bbbb.cccc
permit any any
exit
int f0.1
mac access-group Amos_List in
do sh mac access-group
Time-Based ACLs:
conf t
time-range no-http
periodic weekend 06:00 to 12:00
exit
Page
20
CCNA Revision Notes – By C. T. Amos
time-range tcp-yes
periodic weekend 06:00 to 12:00
exit
ip access-list extended time
deny tcp any any eq www time-range no-http
permit tcp any any time-range tcp-yes
int f0/1
ip access-group time in
do sh time range
Remark:
ip access-list extended no_telnet
remark deny all of sales from telnetting to marketing
deny tcp 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255 eq 23
permit any any
NAT
Static NAT
Dynamic NAT
Overloading (PAT)
NAT IP Addresses:
Inside local
Outside Local
Inside Global
Outside Global
sh ip nat translation
debug ip nat
netwmask 255.255.255.0 = prefix-length 24
Static Nat Configuration
ip nat inside source static 10.0.0.1 176.0.0.1
int f0/1
ip nat inside
int s0/0/1
ip nat outside
Page
21
CCNA Revision Notes – By C. T. Amos
Removing NAT from a router
clear ip nat translation * - This command removes only dynamic entries.
ip nat translation max-entries – Limits the number of IP adds that will be mapped onto 1 global
IP add.
Dynamic NAT:
ip nat pool amos 176.0.0.2 176.0.0.254 netmask 255.255.255.0
ip nat inside source list 1 pool amos
int f0/1
ip add 10.0.0.1 255.255.255.0
ip nat inside
int s0/0/1
ip add 176.0.0.1 255.255.255.0
ip nat outside
access-list 1 permit 10.0.0.0 0.0.0.255
PAT (NAT Overload) - Mapping of multiple IP adds to a single IP add using different
ports.
ip nat pool amos 176.0.0.1 176.0.0.1 netmask 255.255.255.0
ip nat inside source list 1 pool amos overload
int f0/1
ip nat inside
int s0/0/1
ip add176.0.0.1 255.255.255.0
ip nat outside
access-list 1 permit 10.0.0.0 0.0.0.255
Page
22
CCNA Revision Notes – By C. T. Amos
WIRELESS
802.11 – Wireless Standard
1 ) 802.11b
Ø
Ø
Ø
Ø
Ø
2.4GHz,
DSSS (Direct Sequence Spread Spectrum).
3 non overlapping channels,
About 25 users per cell,
Up 350 feet (105m) at 1Mbps & 11Mbps at 150 feet (45m),
2 ) 802.11g
Ø
Ø
Ø
Ø
Ø
2.4GHz
DSSS & OFDM (Orthogonal Frequency Division Multiplexing)
3 non overlapping channels
About 20 users per cell
Up to 300 feet at 6 Mbps
3) 802.11a(h)
Ø
Ø
Ø
Ø
Ø
Ø
Tech has lower market penetration
5GHz
OFDM
802.11h has up to 23 non overlapping channels & 802.11a has 12..
15 users per cell
Up to 200 feet at 6Mbps
802.11h Features:
Ø TPC (Transmit Power Control) – Alters power watts to change cell range and has been
used by Cellular companies for some time.
Ø DFS (Dynamic Frequency Selection) – Avoids radar in order to eliminate interference
coz radar uses the 2.4GHz range as well, & so does Bluetooth & Microwaves.
4 ) 802.11n
Ø Latest Wireless technology
Ø 2.4GHz & 5GHz
Ø MIMO (Multiple Input Multiple Output) – Uses 4 antennas, 2 for receiving and 2 for
sending. Can also have up to 8 antennas.
Ø Up to 250Mbps maximum link speed.
Page
23
CCNA Revision Notes – By C. T. Amos
Features:
Ø
Ø ESS (Extended Service Set) – Has 2 or more BSS with the same SSID.
o The AP has its own BSSID, usually it’s MAC address.
Ø SSID – Service Set ID
Ø BSID – Basis Service Set ID
Ø IBSS (Independent Basic Service Set) – An ad hoc connection mode that allows
computers to connect directly to each other without the use of an Access Point. Usually
for SOHOs.
Ø Infrastructure Mode (Either BSS or ESS) – Requires at least 1 access mode.
Ø BSA (Basic Service Area) – Contains 1 cell & 1 Access Point.
Ø ESA (Extended Service Area) – Has more than 1 cell & each cell has a different
channel.
o It should have at least 10-15% overlap & 15-50% for Voice.
Wireless Security:
Ø WFP – Wireless Encryption Protocol or Wired Equivalent Privacy. Uses the RC4
encryption algorithm.
Ø WPA – Wi-Fi Protection Access. Uses a 128 bit key.
o WPA Enterprise – Uses a Radius Server
o WPA Personal – Also known as WPA-PSK ()Pre Shared Key. Does not use a
server.
Ø WPA2 – Uses AES-CCMP encryption.
Cisco Unified Wireless Solution:
Requires APs & a Cisco WLAN Controller in order 2function. The APs here all have 2 be in the
same SSID.
Page
24
CCNA Revision Notes – By C. T. Amos
IPv6
Ø
Ø
Ø
Ø
Has 4 times more possible IP addresses
128 bits long – 64 bits for the add, 16 for the Subnet mask, & 48 for the global prefix.
No Broadcasts.
Anycast – Multiple computers with the same IP add,when an anycast packet is sent it will
be delivered to the closest computer.
Mixed IPv4 & IPv6 Network – 0:0:0:0:0:0:192.168.0.1
Auto Configuration: A device assigns itself a globally or locally unique IP add by 1st looking at
the router and then converting its own MAC add. For example:
Router MAC add – 0060.d673.1987
Append with FFFE
conf t
ipv6 unicast-routing – Enables IPv6
int f0/1
ipv6 add 2001:db8:3c4d:1::/64 eui-64 - This allows the router to use its MAC add & pad it
2mak the interface ID.
DHCPv6
IPv6 dhcp pool cisco
Domain-name amos.com
Int f0/1
Ipv6 dhcp server cisco
ARP is now ICMPv6 neighbor discovery.
Page
25
CCNA Revision Notes – By C. T. Amos
Routing Protocols
RIP
ripng
ipv6 router rip 1 - The 1 is the process ID or tag.
int f0/1
ipv6 router rip 1 enable - Now enabled in interface mode.
EIGRPv6
ipv6 router eigrp 10
no shut
int f0/1
ipv6 eigrp 10
OSPFv3
ipv6 router ospf 1
router-id 1.1.1.1 – Every router has 2b assigned a router id.
int f0/1
ipv6 ospf 1 area 0
Migration Strategies
Ø Dual Stacking – Uses both IPv4 & IPv6
Ø 6 to 4 Tunneling – Traversing through an IPv4 Network
Ø NAT-PT (Protocol Translation)
A ) Dual Stacking
ipv6 unicast-routing
int f0/1
ipv6 add 2001:db8:3c4d:1::/64 eui-64
ip add 10.0.0.1 255.255.255.0
B ) 6 to 4 Tunneling
Router 1 (Has 2b a Dual Stack Router)
int tunnel 0
ipv6 add 2001:db8:1:1::1/64
tunnel source 10.0.0.1
tunnel destination 10.0.1.1
tunnel mode ipv6ip
Page
26
CCNA Revision Notes – By C. T. Amos
Router 2 (Has 2b a Dual Stack Router)
int tunnel 0
ipv6 add 2001:db8:2:2::1/64
tunnel source 10.0.1.1
tunnel destination 10.0.0.1
tunnel mode ipv6ip
It is best to encapsulate these packets in UDP coz NAT on the IPv4 network will blast away the
tunnel info.
C ) NAT-PT
Instead of local to global address translation, we have IPv4 to IPv6, IPv6 t0 IPv4, etc.
Uses Static NAT, Dynamic NAT, & NAPT-PT.
NAPT-PT (Network Address Port Translation – Port Translation) – Maps multiple IPv6 adds to
1 IPv4 add.
Reserved IPv6 Addresses
Ø Loopback address - ::1
Ø Link local – This is like a private IPv4 add but can’t be routed even within the
organization.
Ø Unique local – Like the link local but can be routed within the organization but not the
internet.
Ø Multicast – All these adds begin with FF
Ø Unicast
Ø Global Unicast – Just like a normal routable public IPv4 address.
Page
27
CCNA Revision Notes – By C. T. Amos
WANs
Usually involves an SP (Service Provider).
WAN Terms:
Ø CPE – Customer Premises Equipment. Owned by subscriber.
Ø Demarcation Point – Where the SPs equipment end a& the CPE begins, usually with a
CSU/DSU.
Ø Local Loop – This connects the demarcation point 2the closest switching office called
the CO (Central Office).
Ø CO – Connects the customers network to the provider’s switching network. Also called
POP (Point of Presence).
Ø Toll Network – Trunk line or collection of switches & facilities owned by the ISP.
WAN Connection Types:
1. Leased line – Point to Point Synchronous serial dedication lines. Fast & up to 45Mbps.
Uses HDLC & PPP.
2. Circuit Switched – ISDN & Dial Up. Asynchronous & uses a Bri Interface.
3. Packet Switched – Synchronous. Allows many companies to share bandwicth cost. Uses
Frame Relay & X.25.
ISDN – Intergrated Services Digital Network
HDLC – High-Level Data Link Control. Has no protocol info in the header & therefore is
proprietary. Also has no authentication.
PPP – Can run on synchronous (e.g. ISDN) & Asynchronous (e.g. Dial Up) links. Has protocol
info in the header. Allows:
Ø Authentication
Ø Compression
Ø Call back
Ø Error detection
Ø Multilink support
Page
28
CCNA Revision Notes – By C. T. Amos
PPPoE – a PPP frame encapsulated in an Ethernet frame. Has lower MTU size than Ethernet &
if firewall is not properly configured this can cause a great deal of problems.
PPPoA – PPP over ATM
CABLE – Also be called HFC (Hybrid Fibre-Coaxial)
DSL – Digital Subscriber Line. Deployed at the last mile or local loop, between the CPE &
DSLAM (DSL Access Multiplexer) which has connections to other clients as well. ADSL uses
ATM.
MPLS – Multiprotocol Label Switching. Imposes labels to packets & makes forwarding packets
faster through the service provider’s network since there’s no routing decisions made based on
the IP adds. MPLS is WAN tech that operates at layer 3 & therefore has more capabilities than
other WAN technologies, e.g. it can assign different priority levels to packets from SP clients.
ATM – Uses cells instead of packets. An ATM Switch is called a DSLAM.
Types of Connectors
Ø
Ø
Ø
Ø
V.35 – Used to connect to a CSU/DSU
EIA/TIA 332
EIA/TIA 449
EIA – 530
PPP
Ø Uses LCP (Link Control Protocol) to establish sessions, & NCP (Network Control
Protocol) for multiple layer 3 protocols.
Ø LCP does authentication using PAP or CHAP.
Ø Allows callback but both the client & remote router have 2b configured for it 1st.
PAP – Password Authentication Protocol. Authenticates only once, when the session is created,
& the password is sent in clear text.
CHAP – Challenge Handshake Authentication Protocol. More secure, checks periodically that
the devices communicating are the correct ones.
int s0/0/1
encapsulation ppp
Page
29
CCNA Revision Notes – By C. T. Amos
ppp authentication chap pap – PAP will act as backup
exit
hostname router1
username router2 password amos – username has 2b the hostname of the other communication
router / device.
PPPoE
int f0/1
pppoe enable group global
pppoe-client dial-pool-number 1
int dialer 0
ip add negotiated – Logical interface
ip add negotiatied – Instruction to use DHCP
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname amos
pp chap password cisco
Frame Relay
Access Rate – The max speed of the link. Can be 1.54Mbps.
CIR – Committed information rate. Max speed the SP will allow a client. Can be 256Kbps.
The default encapsulation for Frame Relay is Cisco and this can be changed as follows:
int s0/0/1
Page
30
CCNA Revision Notes – By C. T. Amos
encapsulation frame-relay ietf - Internet Engineering Task Force encapsulation.
encapsulation frame-relay - Uses the default cisco encapsulation.
PVC – Permanent Virtual Circuit
SVC – Switched Virtual Circuit
Router B Configuration
PVC
SVC
int s0/0/1
encapsulation frame-relay ietf
frame-relay lmi-type ansi
ip add 10.0.0.1 255.255.255.0
int s0/0/1
encapsulation frame-relay ietf
frame-relay lmi-type ansi
ip add 10.0.0.1 255.255.255.0
Other Configuration examples:
RA
int s0/0/1
encapsulation frame-relay ietf
int s0/0/1.1 point-to-multipoint
RB & RC
Int s0/0/1.1 point-to-point
etc
Page
31
CCNA Revision Notes – By C. T. Amos
frame-relay lmi-type ansi
etc
no ip split-horizons - A prevents the router from advertising a Frame Relay route back 2the
router from which it received path data.
Ø Point-to-Point Subinterfaces – Each subinterface has a unique DLCI & subnet.
Ø Multipoint Subinterfaces – All the subinterfaces are in the same subnet but each has a
unique DLCI.
Ø DLCI – Data Link Connection Identifiers. Values used to identify specific virtual circuits
& route traffic to the correct destination.
Ø IARP (Inverse ARP) – Used to map DLCIs toIP addresses.
int s0/0/1
frame-relay interface-dlci 16
LMI (Link Management Interface)
Ø Auto detected on latest Cisco IOS versions
Ø LMI messages are sent on DLCI 0
A signaling standard that communicates PVC status between communication devices & has
Keep Alives, etc. Keep alives keep the PVCs up & ensure they don’t shut down due to
inactivity.
DE – Discard Eligibility.
This bit is set to 1 (on) when data exceeds the CIR & the network is congested.
FECN – Forward Explicit Congestion Notification
“Listen destination DTE, the route just traversed is congested.”
BECN – Backward Explicit Congestion Notification
“Listen source DTE, the network is congested.”
int s0/0/1
encapsulation frame-relay - Uses default of cisco not IETF.
int s0/0/1.2 point-to-point
frame-relay lmi-type ansi - Instead of Ansi, the default of cisco cld have been used.
frame-relay interface-dlci 101
Page
32
CCNA Revision Notes – By C. T. Amos
Subinterfaces make it possible to have multiple virtual circuits on a single serial interface. They
operate like separate physical interfaces.
sh frame-relay lmi
sh frame-relay pvc – Shows network congestion as well as all PVCs & DLCI numbers.
sh frame-relay map – This shows whether IARP is able to map a remote IP add 2 it’s DLCI #.
VPNs
Allow creation of private networks over the internet.
3 Types of VPNs:
Ø Remote Access VPNs
Ø Site to Site VPNs (Intranet)
Ø Extranet VPNs – For providing limited access to suppliers, partners, etc, e.g. connecting a
Bank to SAP.
The Difference between a VPN & Frame Relay is that frame relay traffic traverses a private
network (the service provider’s network) & VPN traffic traverses a public network (Internet).
A VPN can also have higher bandwidth than Frame Relay or PPP connection coz it can make use
of any access to the internet e.g. 3G & DSL.
There are 2 ways to create a VPN:
1. Using tunneling
2. Using IPsec 2create authentication & encryption services between endpoints.
VPN Protocols
Ø GRE (Generic Routing Encapsulation) - A Cisco proprietary protocol that can work
with non-IP traffic.
Ø PPPT (Point to Point Tunneling Protocol) – Microsoft proprietary
Ø L2TP (Layer 2 Tunneling Protocol) - Created by Microsoft & Cisco & combines the
capabilities of L2F (Layer 2 Forwarding) & PPTP.
Ø IPsec – Most secure. A suite of protocols & algorithms that allows for secure data
transmission. Functions on Layer 3 & works only with IP based networks.
Page
33
CCNA Revision Notes – By C. T. Amos
IPsec has 2 primary security Protocols:
1. AH (Authentication Header) – Guarantees authenticity but offers no encryption.
Includes the following:
2. ESP (Encapsulation Security Payload)
Ø Offers encryption ,
Ø Provides confidentiality through the use of 3Des encryption.
Ø Anti-replay service –This prevents somebody from intercepting a packet &
resending it to the intended destination later.
Ø Data Origin authentication & connection integrity
NBAR ( Network Based Application Recognition) - Enables you to classify certain
applications as mission critical, e.g. ERP & SQL, so they have a minimum bandwidth allotted to
them.
Page
34