Visio-CCNA-cheatsheet

advertisement
OSI Model vs. TCP/IP Model
TCP/IP Model Protocol Suite
OSI Reference Model
Application - Identifying and establishing the
availability of intended communication partner
and whether there are sufficient resources
Presentation - Data translation, encryption,
code formatting
packet
frame
bits
Protocol Data Units (PDUs)
Segmen
t
Session - Setting up, managing and tearing
down sessions. Keeps application’s data
separate
Transport - Provides end-to-end
transport services - establishes logical
connections between hosts. Connectionoriented or connectionless data transfer.
Network - Manages logical addressing
and path determination
Data Link - Provides physical
transmission of data, handles error
notification, flow control and network
topology. Split into two sub layers (LLC
and MAC)
Process/Application layer
FTP - TCP file transfer service – port 20-21
Telnet - Terminal emulation program – port
23
TFTP - UDP file transfer – port 69
SMTP - Send email service – port 25
DHCP – Assigns IP addresses to hosts –
ports 67 and 68
DNS – Resolves FQDNs to IP addresses –
port 53
Host-to-Host layer
TCP - Connection-oriented protocol, provides
reliable connections (acknowledgments, flow
control, windowing)
UDP - Connectionless protocol, low
overhead but unreliable
Internet layer
IP - connectionless protocol, provides
network addressing and routing
ARP - finds MAC addresses from known IPs
RARP - finds IPs from known MAC
addresses
ICMP - provides diagnostics, used by ping
and traceroute
Physical - Specifies electrical,
mechanical, procedural and functional
requirements for activating, maintaining
and deactivating a physical link.
Half Duplex Ethernet shares a collision domain resulting in lower throughput
than Full Duplex Ethernet which requires a point-to-point link between two
compatible nodes
Causes of LAN congestion - Broadcast storms, too many hosts with a
broadcast domain, multicasting, low bandwidth, bottlenecks
Collision domain - Switches/bridges breakup collision domains, hubs extend
them
Broadcast domains - Routers and VLANs breakup broadcast domains
Troubleshooting Steps
1. Ping loopback
2. Ping NIC
3. Ping default gateway
4. Ping remote device
Cisco IOS
Troubleshooting
Commands
ping 127.0.0.1
traceroute
Windows DOS
Troubleshooting
Commands
ping 127.0.0.1
tracert
ipconfig/all
arp -a
IP Classes
Private Address Ranges
Class A - 10.0.0.0 - 10.255.255.255
Class B - 172.16.0.0 - 172.31.255.255
Class C - 192.168.0.0 - 192.168.255.255
Network Access
Cisco 3-Layer Hierarchical Model
Core - Backbone, common to all users, needs to be as fast as possible and fault tolerant, avoid
ACL, VLAN trunking and packet filtering here.
Distribution - Routing - provides access control policies, filtering, WAN access and VLAN
trunking
Access - Switching - User and workgroup access, segmentation
Patch Cable Types
Straight-through - Connect PC to hub or switch (router to switch or hub)
Crossover - Connect hub to hub/ switch to switch/PC to PC
Rolled - Console connection for PC to router
Class Ranges
Class A - 1-126 - network.node.node.node
Class B - 128-191 - network.network.node.node
Class C - 192-223 - network.network.network.node
255.0.0.0
255.128.0.0
255.192.0.0
255.224.0.0
255.240.0.0
255.248.0.0
255.252.0.0
255.254.0.0
255.255.0.0
255.255.128.0
255.255.192.0
255.255.224.0
/8
/9
/10
/11
/12
/13
/14
/15
/16
/17
/18
/19
Subnet Mask
CIDR
Notation
(Classless
Inter-Domain
Routing)
255.255.240.0
255.255.248.0
255.255.252.0
255.255.254.0
255.255.255.0
255.255.255.128
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252
/20
/21
/22
/23
/24
/25
/26
/27
/28
/29
/30
© Copyright 2010 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Internal Router Components
Bootstrap - stored in ROM - Brings up router on boot,
loads IOS
POST - checks router hardware and interfaces on startup
ROM monitor - Used for testing, troubleshooting
Mini-IOS - Small IOS in ROM, used for maintenance
RAM - Holds routing tables, running config, ARP cache
ROM - Holds POST, bootstrap and Mini-IOS
Flash - Stores IOS
NVRAM - Stores configuration and config register
Config register - Controls how router boots up
Configuration Register Settings
Routing vs. Routed
Protocols
Routing Protocols learn
about the internetwork in
which they are connected
and maintain a routing table
to enable them to route
packets.
Examples are RIP, OSPF,
IGRP, EIGRP.
0x2100 – Boot to ROM monitor mode
0x2102 (Default) – Loads Cisco IOS from Flash and config from NVRAM
0x2101 (0x101) – Loads IOS from ROM
0x2142 – Ignore NVRAM contents, used in Password recovery procedure.
Router loads into setup mode
Changing and Verifying Configuration Register
Router(config)#config-register 0x2101 - Change Configuration Register
Router#show version – Displays basic system configuration including IOS
version and config register
Router Boot Sequence
1.) POST
2.) Load IOS from Flash
3.) startup-config copied from NVRAM to RAM
(If no valid startup-config found it goes to setup mode)
Routed Protocols are
logical network addressing
schemes used to transmit
user data through an
internetwork.
Examples are IP, IPv6.
Connecting to a Router via HyperTerminal
Restore/Backup/Upgrade a Cisco IOS Image
Router#copy flash tftp - Backup an IOS image to a TFTP server
Router#copy tftp flash – Upgrade or restore an IOS image from a TFTP server
Router#copy running-config startup-config – Save router configuration
Router#erase startup-config – Erase router configuration in NVRAM
1.) Use a rolled cable from PC COM port to console port
of router
2.) Start HyperTerminal
3.) Set bitrate to 9600 and flow control to None
Routing Protocols
Routing Protocol
Router EXEC Modes
Setup mode – Step-by-step configuration dialog
User EXEC mode - Basic monitoring commands
Privileged EXEC mode - Access to all other router
commands
Global configuration mode – System commands
Specific configuration modes – Command for specific
functions such as interfaces/routing
IP Routing
MAC addresses are only used on the local LAN. If a frame
needs to pass through a router the frame (layer 2 PDU) will
change but the packet (layer 3 PDU) is never changed
throughout its journey. The frame carries the packet to either a
host on the LAN or a routers interface only.
Type
RIP
RIPv2
Distance Vector Distance Vector
IGRP
EIGRP
OSPF
Distance Vector
Hybrid
Link State
Bellman-Ford
Bellman-Ford
Bellman-Ford
DUAL
Dijkstra
120
120
100
90/170(external)
110
Hop Count
Hop Count
Supported Routed
Protocols
IP
IP
IP
IP, IPv6, IPX,
AppleTalk
IP, IPv6
VLSM Support
NO
YES
NO
YES
YES
Classful
Classless
Classful
Classless
Classless
Broadcast updates
Multicast updates
every 30 secs
Every 30 secs
Algorithm
Admin Distance
Metric
Classless/
Classful
Other
Bandwidth, delay Bandwidth, delay
(load, reliability) (load, reliability)
Bandwidth
Cisco proprietary Cisco proprietary
© Copyright 2010 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Configuring/Verifying OSPF
Setting Hostname, Description
& IP Address
Router#config terminal
Router(config)#hostname London
London(config)#banner motd #
Welcome to Router London
#
London(config)#int Ethernet 0
London(config-if)#ip address 1.1.1.1 255.255.0.0
London(config-if)#no shutdown
London(config-if)#description Accounts LAN
London#show int e0 – Shows whether the
interface is shutdown, IP address, send/receive
statistics, encapsulation, MAC address.
Setting Passwords
Privileged Passwords
Router(config)#enable password nik – set
unencrypted password, viewable in config file
Router(config)#enable secret nik – set encrypted
password (overrides enable password)
Telnet Passwords
Router(config)#line vty 0 4
Router(config-line)#password nik
Router(config-line)#login
Configure OSPF with a process ID, other routers do not
need to be configured with the same process ID. It is used to
name the instance of the OSPF database on the router.
An OSPF area is a group of contiguous routers and
networks.
Router#config terminal
Router(config)#router rip
Router(config-router)#network 10.0.0.0
Router#config t
Router(config)#router ospf 20
Router(config-router)#network 192.168.9.0 0.0.0.255 area 0
show ip route - displays the routers routing table
show ip ospf - Displays OSPF info for all OSPF processes
running on the router
S
C
C
C
C
R
R
show ip ospf database - Displays info on the number of
OSPF routers in the autonomous system
show ip ospf neighbor - Displays OSPF neighbours including
info regarding their state
show ip ospf interface - Displays OSFP interface info
Configuring/Verifying EIGRP
Router#show ip route
10.0.0.0/24 is subnetted, 7 subnets
10.1.11.0 [150/0] via 10.1.4.1
10.1.9.0 is directly connected, Serial0/0/1
10.1.8.0 is directly connected, Serial0/0/0
10.1.4.0 is directly connected, Ethernet0
10.1.5.0 is directly connected, Ethernet1
10.1.3.0 [120/1] via 10.1.4.1, 00:00:03, Serial0/2/0
10.1.2.0 [120/1] via 10.1.4.1, 00:00:03, Serial0/2/0
Codes:
I - IGRP derived, R - RIP derived, O - OSPF derived,
C - connected, S - static, D - EIGRP, * - candidate
default route
debug ip rip - displays routing updates as they are
sent and received
Configure EIGRP with autonomous system (AS) number.
If you want routers running EIGRP to share routes they must
use the same autonomous system number.
Troubleshoot Serial Link Problems
Router#config terminal
Router(config)#router eigrp 15
Router(config-router)#network 10.0.0.0
show ip route eigrp - Displays EIGRP entries from the
routing table
Physical layer problem
Router#sh int s0/0/0
Serial0/0 is down, line protocol is down
show ip eigrp neighbors - Displays all EIGRP neighbours
Data Link layer problem
(clocking or framing Issue)
show ip eigrp topology -Displays contents of the EIGRP
topology table
Router#sh int s0/0/0
Serial0/0 is up, line protocol is down
debug ip eigrp notification - Displays EIGRP changes and
updates as they occur
Interface is shutdown
Console Password
Router(config)#line console 0
Router(config-line)# password nik
Router(config-line)# login
Configuring/Verifying RIP
debug eigrp packet - Displays 'Hello' packets sent/received
between neighbouring routers
Router#sh int s0/0/0
Serial0/0 is administratively down, line protocol is
down
© Copyright 2010 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Spanning Tree States
Cisco Discovery Protocol (CDP)
CDP is a proprietary Cisco protocol to help
administrators document and troubleshoot the
network, it only lets you see info about directly
connected (neighbour) devices.
Device(config)#cdp timer – How often CDP
packets are transmitted out active interfaces.
Default CDP timer = 90 seconds.
Device(config)#cdp holdtime – How long a
device will hold CDP packets received from
neighbour devices. Default CDP holdtime =
180 seconds.
Device#show cdp neighbors – Shows info
about directly connected devices: deviceID,
local interface, holdtime, capability, platform
and remote interface (portID)
Device#show cdp neighbor detail – Same
output as show cdp neighbors plus IOS
version and IP address
Switch Functions
1.) Switches learn MAC addresses
2.) Switches make forwarding/filtering decisions
3.) Switches perform loop avoidance
The Spanning Tree Protocol (STP)
Prevents switching loops (loops cause
broadcast storms)
Allows redundant links
Resilient to topology changes
STA (Spanning Tree Algorithm) - Used to
calculate loop-free path
BPDUs (Bridge Protocol Data Units) are sent
and received by switches in the network
every 2 seconds (default) to determine
spanning tree topology
STA is used to calculate a loop-free path.
All switch ports are in blocking mode to begin
with. It takes approx 50 seconds until frames
can be forwarded.
Step 1 : Elect Root Bridge - Lowest bridge
priority, if there is a tie then switch with lowest
bridge ID
Step 2 : Elect Root Ports - Locate redundant
paths to root bridge; block all but on root.
Root Path Cost is cumulative cost of path to
root bridge. Ports directly connected to Root
Bridge will be root ports, otherwise lowest root
path cost used.
Step 3 : Elect Designated Ports - Single port
that sends and receives traffic from a switch
to and from Root Bridge - Lowest cost path to
Root Bridge.
Verifying Switch Operation
switch(config)#show spanning-tree – Displays priority, root bridge,
spanning tree protocol
switch#show mac address-table – Displays the switches content
addressable memory (CAM) table which it uses to make forwarding
decisions
VLANS
VLAN Trunking Protocol (VTP)
Spanning Tree Algorithm (STA)
Blocking – No frames forwarded, BPDUs heard (Prevents looped
paths)
Listening - No frames forwarded, listening for frames
Learning - No frames forwarded, learning addresses (MAC table
populated)
Forwarding - Frames forwarded, learning addresses (MAC table
populated)
Disabled - No frames forwarded, no BPDUs heard
VTP is used to manage VLANs across an
internetwork. Providing tracking, monitoring and
reporting of VLANs including Adding, deleting
VLANs.
Requires a VTP server. All switches need to be
in the same VTP domain to share info.
VTP Modes
Server – Default mode for Catalyst switches.
Advertises changes to VTP domain. Creates,
deletes VLANs. VLAN configs stored in NVRAM
Client – learns about and pass along VTP
information received from VTP server.
Transparent – Not Participating in VTP domain.
Forwards VTP adverts, but doesn’t share its
VLAN database. Used to allow remote switches
to receive VTP information via a switch
(transparent) that isn’t participating.
Offers increased security, ease administration and relocation
Breaks up broadcast domains
VLANS work at layer 2 and 3 of OSI model
Communication between VLANs uses layer 3 routing
Static VLANs - Statically assign ports to a VLAN.
Dynamic VLANs - Ports that can automatically determine their
VLAN assignments based on MAC addresses.
Frame Tagging – Used so switches can identify which VLAN frames
belong to.
ISL (Inter-Switch Link) - Cisco's Proprietary frame tagging format.
Only compatible with Cisco switches and routers.
IEEE 802.1Q – Non-proprietary frame tagging standard.
Access Link - Only part of one VLAN (native VLAN of the port), any
devices attached to an access link are unaware of VLAN
membership.
Trunk Links - Trunks can carry multiple VLANS. Used to transport
VLANS between routers.
© Copyright 2010 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Network Address Translation (NAT)
NAT is most often used to hide an entire address space,
usually a private network, behind a single public IP address
space, thereby conserving valuable IPv4 addresses which are
in short supply. NAT is sometimes called IP Masquerading or
Network Masquerading.
Types of NAT
Static NAT – one-to-one mapping between local and global
addresses
Dynamic NAT – map unregistered IP addresses to a global
address from a pool of registered IP addresses
Overloading – maps multiple unregistered IP addresses to a
single globally registered IP address. Most popular form of
NAT (known as Port Address Translation)
NAT Terms
Inside local - inside source address before translation
Outside local - destination host before translation
Inside global - inside host after translation
Outside global - outside destination host after translation
Internet Protocol Version 6 (IPv6)
The world needs to migrate to IPv6 from the current IPv4
protocol because the we are rapidly exhausting the number of
available public IP addresses. IPv6 has 3.4 x 10^38 possible
addresses.
IPv6 addresses are 128 bits long compared to 32 bits for IPv4
addresses. They are normally written with hexadecimal digits
and colon separators such as 2004:db8:75a3::8a2e:380:7334
They are composed of two logical parts: a 64-bit network
prefix, and a 64-bit host part.
Link-local addresses – Network addresses which are intended
for communications only within one segment of a LAN.
Unique local addresses – Used for routing within sites that are
not connected to the Internet. They are not routable in the global
IPv6 Internet. Similar to IPv4 private addresses.
Configure Standard IP ACLs
Access Control Lists (ACL)
Access Control Lists are sets of filter
statements used to:
Prioritise traffic
Restrict or reduce routing updates
Provide basic security
Block types of traffic
Standard ACLs - Don’t distinguish between
type of traffic, just filter based on source IP
address. Place them as close to destination
as possible.
Extended ACLs – Used to filter traffic
based on source IP, destination IP, protocol
and port number. Place as close to source
of traffic as possible.
Only one ACL can be assigned per
interface per protocol per direction
ACLs are more efficient on outbound
port
If a packet does not match any ACL
tests then it will be implicitly denied
unless your list ends with permit any
Once a packet matches an ACL
statement no other checks are made, it
is permitted
If an ACL is created but not applied it
won’t filter anything
Router(config)#access-list 50 deny host 172.17.30.10 - deny
any packets from host 172.17.30.10
Router(config)#access-list 50 deny 172.18.30.0 0.0.0.255 –
deny any host that matches the first three octets
Router(config)#access-list 50 permit any – Without this last
statement any traffic not denied in the previous statements will
be implicitly denied!
Apply standard ACL 50 to Ethernet 0 interface outbound.
Router(config)#int e0
Router(config-if)#ip access-group 50 out
Configure Extended IP ACLs
Router(config)#access-list 100 deny tcp any host
172.16.30.5 eq 21 – Deny access from any host trying to FTP to
172.16.30.5
Router(config)#access-list 100 permit ip any any – Permit all
other traffic
Apply extended ACL 100 to Ethernet 0 interface outbound.
Router(config)#int e0
Router(config-if)#ip access-group 100 out
Verify ACLs
To view access list statements
show access-list – Displays the ACLs and their contents
on a router
ACL Number Ranges
IP standard access list - 1-99 and 1300-1999
IP extended access list - 100-199 and 2000-2699
show access-list 100 – Displays the contents of ACL 100
To determine what interfaces have ACL applied use
the following commands:
show ip interface – Displays which interfaces have ACL
applied
show running-config – Access list statements and the
interface they are applied is displayed when you view the
configuration file
© Copyright 2010 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Point-to-Point Protocol (PPP)
Frame Relay
Frame relay is a packet switched technology that
operates over virtual circuits, it is cheaper than a
leased line because you share bandwidth with other
customers. As a customer you are guaranteed a
certain amount of bandwidth by the service provider
which is burstable should you need extra at certain
times.
Committed Information Rate (CIR) -The average
bandwidth (kbit/s) guaranteed by an service provider
to work under normal conditions.
Cisco routers support two different Frame Relay
encapsulation types. The default is Cisco’s Frame
Relay encapsulation the other is IETF Frame Relay
encapsulation type. The IETF Frame Relay
encapsulation allows interoperability between
equipment from multiple vendors.
Switched Virtual Circuits (SVCs) – These are set
up when data needs to be transmitted and taken
down afterwards.
Permanent Virtual Circuits (PVC) – These can be
established to provide a dedicated circuit link
between two facilities. The PVC configuration is
usually preconfigured by the service provider. PVCs
are much more common than SVCs.
Data Link Control Identifiers (DLCI) – These are
assigned by the service provider and are used to
identify between different frame relay logical circuits.
Local Management Interface (LMI) - LMI provides
the status of virtual circuits. It is a signalling
standard used between routers and frame relay
switches. Your router only communicates with the
first frame relay switch it's connected to so info
about the state of the complete circuit is not known.
The latest Cisco IOS autosenses the LMI type,
otherwise the service provider will specify the
required LMI type.
PPP is a data-link layer protocol. It can provide
connection authentication, transmission encryption
privacy and compression. Use PPP if you are trying to
connect to a non-Cisco router via a serial link.
Network Control Protocol (NCP) – Used to allow
multiple routed protocols over a PPP connection
Link Control Protocol (LCP) – Used to create,
maintain and terminal the connection
High-Level Data-Link Control (HDLC) – Used to
encapsulate datagrams over serial links
High-Level Data-Link Control (HDLC)
HDLC is a point-to-point protocol used on leasedlines. No authentication can be used. HDLC is an ISOstandard, but Cisco’s HDLC format is not compatible
with other implementations. This is the default
encapsulation for serial interfaces on Cisco routers.
Verifying Frame Relay
Router#show frame pvc – Displays list of configured
PVCs and DLCI numbers, status of each PVC and
traffic stats
Router#show frame-relay lmi – Displays LMI traffic
stats exchanged between the local router and frame
relay switch. Also shows the LMI type and any LMI
errors.
Virtual Private Networks (VPN)
VPNs allow for the creation of private networks across
the Internet. They allow remote users to connect to
corporate networks securely over the Internet
(Remote access VPN) as well as allowing companies
to connect remote offices without requiring dedicated
WAN connections (Site-to-site VPN).
WAN Facts
Router interfaces are defaulted to Date Terminal
Equipment devices (DTE)
Cisco routers have HDLC set as their default serial
encapsulation (note: Cisco’s HDLC is proprietary)
Default frame relay encapsulation on Cisco routers is
Cisco’s Frame Relay encapsulation (Only use when
connecting to Cisco frame relay switches)
Data Communication Equipment (DCE) provides the
clocking to the router
WLAN Standards
802.11a
5GHz spectrum
Maximum data rate 54Mbps
up to 23 non-overlapping Channels
Short range – Stay within 20m/75ft to get highest
data rate
802.11b
2.4GHz spectrum
Maximum data rate 11Mbps
3 non-overlapping channels
Stay within 45m/150ft to get highest data rate
802.11g
2.4GHz spectrum
Maximum data rate 54Mbps
3 non-overlapping channels
(backward compatible with 802.11b)
Stay within 30m/100ft to get highest data rate
802.11n
2.4GHz or 5GHz spectrum
Theoretical maximum data rate 300Mbps
3 non-overlapping channels at 2.4GHz or 12 nonoverlapping channels at 5GHz
Uses multiple antennas (MIMO – Multiple-Input
Multiple-Output technology to increase throughput)
Long range – High data rates up to 90m/300ft
© Copyright 2010 Internetwork Training – Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.
Download