CCNA Boot Camp 3
advertisement
CCNA Boot Camp
Contents
Contents .......................................................................................................................................... 1
OSI Model ........................................................................................................................................ 6
Encapsulation Process ..................................................................................................................... 7
Booting Cisco Routers...................................................................................................................... 8
Command Modes ............................................................................................................................ 8
Passwords ........................................................................................................................................ 8
Configure device password.......................................................................................................... 8
Configure telnet password .......................................................................................................... 9
Console Password........................................................................................................................ 9
Configure SSH .............................................................................................................................. 9
Resetting a Cisco Device .................................................................................................................. 9
When you have access ................................................................................................................ 9
When you don’t have access (Password Recovery) .................................................................. 10
Switching ....................................................................................................................................... 10
Switching Modes ....................................................................................................................... 10
Switch Configuration Process/Order ......................................................................................... 10
VLANS ........................................................................................................................................ 10
Adding a VLAN ....................................................................................................................... 10
Adding a Switchport to a VLAN ............................................................................................. 11
Verifying VLANs ..................................................................................................................... 11
VLAN Trunking Protocol – VTP (802.1q or ISL) ...................................................................... 11
802.1q Trunking................................................................................................................. 11
Page 1
Confguring 802.1q trunking............................................................................................... 11
Verifying Trunking ............................................................................................................. 11
DTP Switch Port Modes ............................................................................................................. 12
Spanning Tree Protocol – STP (802.1d) ..................................................................................... 12
STP Operations ...................................................................................................................... 12
STP Operation ........................................................................................................................ 12
Root Bridge Election .................................................................................................................. 13
STP Port States ...................................................................................................................... 13
Port Roles .............................................................................................................................. 13
Verifying STP .......................................................................................................................... 14
Confguring 802.1q trunking................................................................................................... 14
Verifying Trunking ............................................................................................................. 14
PortFast ..................................................................................................................................... 14
Configuring PortFast .............................................................................................................. 14
PVST – Per VLAN Spanning Tree ................................................................................................ 15
Configuring Root Bridges for PVST ........................................................................................ 15
Verifying PVST........................................................................................................................ 15
Rapid Spanning Tree Protocol – RSTP (802.1w) ........................................................................ 15
Port Roles .............................................................................................................................. 15
PConfiguring RSTP ................................................................................................................. 15
VTP - VLAN Trunking Protocol ................................................................................................... 15
VTP Modes............................................................................................................................. 15
VTP Operation ....................................................................................................................... 15
Configure VTP ........................................................................................................................ 15
Verifying VTP ......................................................................................................................... 15
Page 2
Port Security .............................................................................................................................. 16
Configure Port Security ......................................................................................................... 16
Routing Protocols .......................................................................................................................... 17
Administrative Distances ........................................................................................................... 17
Route Types ............................................................................................................................... 18
General Show commands.......................................................................................................... 18
Static Routes .............................................................................................................................. 19
Configure Static Route ........................................................................................................... 19
Configure RIP (Routing Information Protocol) .......................................................................... 20
Configure RIP (Routing Information Protocol) version 2........................................................... 20
RIP .............................................................................................................................................. 19
RIPv1 vs. RIPv2 ....................................................................................................................... 19
RIPv2 Authentication ............................................................................................................. 20
Verifying RIP .......................................................................................................................... 21
Default Routing.......................................................................................................................... 19
Summarizing Routes .................................................................................................................. 19
Turning off Auto Summarization ........................................................................................... 19
OSPF and EIGRP Tables .............................................................................................................. 23
Configure EIGRP (Enhanced Interior Gateway Routing Protocol) ............................................. 21
EIGRP Show commands ......................................................................................................... 21
OSPF........................................................................................................................................... 22
OSPF Router ID ...................................................................................................................... 22
Configure OSPF (Open Shortest Path First) ........................................................................... 23
OSPF Show commands .......................................................................................................... 23
Access Lists .................................................................................................................................... 23
Page 3
Creating a Standard Access List ................................................................................................. 24
Create the access list ............................................................................................................. 24
Apply the ACL to an interface ................................................................................................ 24
Creating an extended access list ............................................................................................... 24
Verifying Access Lists ................................................................................................................. 25
Router on a Stick ........................................................................................................................... 25
Configuring Router on a Stick .................................................................................................... 25
NAT/PAT ........................................................................................................................................ 26
Static NAT .................................................................................................................................. 26
Dynamic NAT ............................................................................................................................. 26
PAT............................................................................................................................................. 27
NAT Verification ........................................................................................................................ 27
Additional NAT Commands ....................................................................................................... 27
IPv6 ................................................................................................................................................ 28
IPv6 Address Formats ................................................................................................................ 28
Types of Addresses .................................................................................................................... 28
IPv4 to IPv6 Transition ............................................................................................................... 29
IPv6 Routing Multicast Groups .................................................................................................. 29
PPP and CHAP ................................................................................................................................ 30
DHCP .............................................................................................................................................. 30
Configure DHCP ......................................................................................................................... 30
Verify DHCP ............................................................................................................................... 30
Wireless ......................................................................................................................................... 30
WAN Technologies ........................................................................................................................ 31
Frame Relay ............................................................................................................................... 31
Page 4
Encapsulation Types .............................................................................................................. 31
Local Management Interface ................................................................................................ 31
LMI Types........................................................................................................................... 31
Configuring frame-relay ........................................................................................................ 31
Verifying Frame Relay............................................................................................................ 32
Keyboard Shortcuts ....................................................................................................................... 32
TCP/UDP Common Ports ............................................................................................................... 34
References / Citations ................................................................................................................... 37
Page 5
OSI Model
The TCP/IP protocols are layered, and are generally represented as having four layers
with the relationships shown below.
#
OSI Model
TCP/IP
Model
Protocols and
Apps
PDU
Devices
used in
layer
Purpose
7
Appication
Application
SMTP,
HTTP, FTP,
Telnet
Data
6
Presentatio
n
GIF, JPEG,
TIFF, ASCII
5
Session
NetBIOS
4
Transport
Transport
TCP, UDP
Segments
3
Network
Internet
IP, ICMP, ARP,
DHCP
Packets
Routers,
NICs
2
Data Link
Network
Ethernet, PPP,
Access Layer ADSL, Frame
Relay
Frames
Switches, Creation of frames
Bridges,
for data
MAC
transmission
1
Physical
Bits
Hubs,
Repeater
s, Cables
Interface between
network and
application software
PCs,
servers
Data formats,
encryption
Starting and ending
conversations
between endpoints
CSMA/CD,
RJ45, 802.3,
V.35
Page 6
Flow control,
connection between
endpoints.
Logical addressing,
routing, path
determination
Definition of Media,
electrical
connectors, voltages
Encapsulation Process
Application
Presentation
Data
Session
Transport
Network
Data Link
Physical
Frame Header
TCP Header
Data
IP Header
TCP Header
Data
IP Header
TCP Header
Data
Frame Check
Sequence
1010100010101011011010101010101010110010110010101
Page 7
Booting Cisco Routers
Upon initial start up, Cisco routers perform the following sequence:
1.
(POST) Power on self test
2.
Loads and runs bootstrap code from ROM
3.
Finds and loads IOS or other software
4.
Find and loads the configuration file from NVRAM into running config.
5.
If no config file is found in NVRAM then it looks in Flash, TFTP, and then ROM.
Command Modes
Cisco IOS has three command modes, each with access to different command sets:
User mode>—This is the first mode a user has access to after logging into the
router. The user mode can be identified by the > prompt following the router
name. This mode allows the user to execute only the basic commands, such as
those that show the system's status. The system cannot be configured or restarted
from this mode.
Privileged mode or Enable Mode#—This mode allows users to view the system
configuration, restart the system, and enter configuration mode. It also allows all
the commands that are available in user mode. Privileged mode can be identified
by the # prompt following the router name. The user mode enable command tells
IOS that the user wants to enter privileged mode. If an enable password or enable
secret password has been set, the user needs to enter the correct password or secret to be granted access to privileged mode. An enable secret password uses
stronger encryption when it is stored in the configuration and, therefore, is safer.
Privileged mode allows the user to do anything on the router, so it should be used
with caution. To exit privileged mode, the user executes the disable command.
Configuration mode(config)#—This mode allows users to modify the running
system configuration. To enter configuration mode, enter the command configure
terminal from privileged mode. Configuration mode has various submodes, starting with global configuration mode, which can be identified by the (config)#
prompt following the router name. As the configuration mode submodes change
depending on what is being configured, the words inside the parentheses change.
For example, when you enter interface configuration submode, the prompt changes to (config-if)# following the router name. To exit configuration mode, the user
can enter end or press Ctrl-Z.
Passwords
Configure device password
Config#enable password {password}
Page 8
or
Config# enable secret {password}
*encrypted but can been seen while setting the password. Easily crackable.
Configure telnet password
Config# line vty 0 4
*On a switch it would be: Config# line vty 0 15
Config#password cisco
Config# login
Console Password
Config# line console 0
Config# password {password}
Config# login
Configure SSH
(config)#ip domain-name {your domain}
(config)#cryto key generate rsa
How many bits in the modulus [512]: {bit value}
(config)#
*Apr 26 02:25:09.915: %SSH-5-ENABLED: SSH 1.99 has been enabled
(config)# ip ssh version 2
Apply to your VTY lines
SW1(config)#line vty 0 4
SW1(config-line)#login local
SW1(config-line)#transport input telnet ssh
Verify SSH
PC>ssh –v 2 –l {username} {ip address of router/switch}
PC>telnet {ip address}
Resetting a Cisco Device
When you have access
>enable
Page 9
#erase startup-config
#reload
When you don’t have access (Password Recovery)
Enter Rommon mode
Change config register to 2102
Switching
Switching Modes
Store and forward
Entire frame coped to buffer before transmission. Detects any frame errors and discards
them. Was the original switching method.
Cut-through
Fragment free
Examines the headers
Fast-forward
Just uses the source and destination addresses
Switch Configuration Process/Order
1. General Items
a. Hostnames, enable secret password, clock settings
2. Device Access
a. Console, aux, telnet, ssh
3. Interfaces
a. Loopback, lan, vlans, tunnels
4. Routing Protocols / Advance features
VLANS
Adding a VLAN
#config t
#vlan {vlan name}
#name {desired vlan name}
***optional
Page
10
Adding a Switchport to a VLAN
#interface {interface number}
#switchport mode access
# switchport acess vlan {vlan number}
#switchport voice vlan {vlan number}
***for VOIP phone in a VOIP network
Verifying VLANs
#show vlan brief
#show int {interface number} switchport
VLAN Trunking Protocol – VTP (802.1q or ISL)
802.1q Trunking
VTP Modes
Server, client, transparent
Confguring 802.1q trunking
#interface {interface number you wish to trunk}
#switchport mode trunk
#switchport trunk native vlan {vlan number}
Verifying Trunking
#Sho int {int number} switchport
Page
11
DTP Switch Port Modes
Definitions:
On = Trunking is forced on
Desirable = Causes the port to actively attempt to become a trunk link
Auto = Port is willing to convert. Neighbor must be set to on or desirable. Passive mode.
IOS Commands:
On = Switchport mode trunk, switchport trunk encapsulation {encapsulation type}
Desirable = Switchport mode dynamic desirable
Auto = Switchport mode dynamic auto
Port 2 Setting
Dynamic Trunk Protocol
Settings
Port 1
Setting
Access
Trunk/On
Dynamic Auto
Dynamic
Desirable
Access
Access
Access
Access
Access
Trunk/On
Access
Trunk
Trunk
Trunk
Dynamic Auto
Access
Trunk
Access
Trunk
Dynamic
Desirable
Access
Trunk
Trunk
Trunk
Spanning Tree Protocol – STP (802.1d)
Layer 2 loop prevention mechanism.
STP Operations
Bridge IDs
o MAC + Priority
o The lower the bridge priority, the more desirable it is.
o Priority value range 0 – 61440 in increments of 4096.
Cost – Port Bandwidth
o Lower cost means better connection
STP Operation
Elects a root bridge per broadcast domain
Selects a root port per non-root bridge
Selects one designated port
block user traffic on nondesignated ports
Page
12
Root Bridge Election
STP root bridge election is awarded to the switch with the lowest Bridge ID. When two switches
have the same value, priority is given to the switch with the lowest MAC address. All ports on
the root bridge then become designated ports in a forwarding state. A switch that has redundant
connectivity to the root bridge must put one of its interfaces into a blocking state to prevent a
switching loop.
32768 is the default bridge priority.
STP Port States
Blocking, Listening, Learning, Forwarding
Port Roles
Root – The port that is closest to the root bridge in terms of path cost.
Designated – A port is designated if it can send the best BPDU on the segment to which it is
connected.
Alternate – An alternate port receives more useful BPDUs from another bridge and is a port
blocked.
Page
13
Backup – A backup port receives more useful BPDUs from the same bridge it is on and is a port
blocked.
Verifying STP
#show spanning-tree
***Shows Bridge and Port roles.
Confguring 802.1q trunking
#interface {interface number you wish to trunk}
#switchport mode trunk
#switchport trunk native vlan {vlan number}
Verifying Trunking
#Sho int {int number} switchport
PortFast
Used to converge switchports with end devices faster.
Configuring PortFast
#int {int number}
#spanning-tree portfast
Page
14
PVST – Per VLAN Spanning Tree
Used to configure spanning-tree on a per vlan basis. You mught want to do this to keep traffic
closer to the major segment of your vlan.
Configuring Root Bridges for PVST
#spanning-tree vlan {vlan number} root primay
#spanning-tree vlan {vlan number} root secondary
Verifying PVST
#show spanning-tree vlan {vlan number}
Rapid Spanning Tree Protocol – RSTP (802.1w)
Speeding up the process of STP. The alternate designated port moves to a forwarding state during a link failure rather than holding a reelection.
Port Roles
PConfiguring RSTP
Config#spanning-tree mode rapid-pvst
VTP - VLAN Trunking Protocol
VTP Modes
Server
Client
Transparent
VTP Operation
VTP advertisements are sent as multicast frames
VTP servers and clients are synchronized to the latest revision number
VTP advertisements are sent every 5 minutes to when there is a change
Configure VTP
#vtp domain {domain name}
#vtp version {version number}
Verifying VTP
#sho vtp status
switch1#sho vtp status
Page
15
VTP Version
:2
Configuration Revision
:4
Maximum VLANs supported locally : 1005
Number of existing VLANs
:9
VTP Operating Mode
: Server
VTP Domain Name
: MyVTPDomain
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0xE7 0x11 0x34 0x28 0x69 0x47 0x98 0xC4
Configuration last modified by 0.0.0.0 at 3-1-93 00:05:25
Local updater ID is 192.168.2.201 on interface Vl1 (lowest numbered VLAN interface found)
Port Security
Configure Port Security
(config)#intface {int number}
(config-if)#switchport mode access
(config-if)#switchport port-security maximum 1
(config-if)#switchport port-security mac-address sticky
(config-if)#switchport port-security violation shutdown
Verify Port Security
show port-sec int {interface number}
show port-security address
Page
16
Routing Protocols
A router is used to move traffic between networks.
Administrative Distances
You can see the types of routes configured by the command:
Config# sho ip route
Route Source
Default AD
Connected Interface
0
Static Route
1
EIGRP
90
IGRP
100
OSPF
110
RIP
120
External EIGRP
170
Unknown
255 (This route will never be used)
Page
17
Route Types
Code
Desciption
I
Interior Gateway Routing Protocol (IGRP)
derived route
R
Routing Gateway Protocol(RIP) derived route
O
Open Shortest Path First (OSPF) derived route
C
Directly connected route
S
Static Route
E
Exterior Gateway Protocol(EGP) derived route
B
Border Gateway Protocol(BGP) derived route
D
Enhanced Interior Gateway Protocol (EIGRP)
derived route
EX
EIGRP exterior route
i
IS-IS derived route
ia
IS-IS route
M
Mobile route
P
Periodic downloaded static route
U
Per-user static route
o
On-demand routing route
Multicast Addresses
OSPF Hellos
224.0.0.5
OSPF Routing Info to DRs
224.0.0.6
RIPv2 Routing Updates
224.0.0.9
EIGRP Routing Updates
224.0.0.10
Page
18
General Show commands
Router# show route
Shows the routing table with known networks and their route types.
Router# Show ip int brief (shows interface up/down status)
Router# Show controllers (shows DCE)
Summarizing Routes
Routes are manually summarized to minimize network summary advertisements to only the
network you are using.
Turning off Auto Summarization
#no auto-summary
Static Routes
Configure Static Route
#ip route {network addr} {subnet mask} {ip of next hop}
or
#ip route {network addr} {subnet mask} {interface to route out of}
Default Routing
Setting the default route is the same as setting a static route ONLY when dynamic routing is not
in use.
Router(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.1
Router(config)# ip route source_address source_mask destination_address
Use default routing to send packets with a remote destination network not in the routing table to the next-hop router
Router(config)# ip classless (Enable classless features, allowing different subnet sizes)
RIP
Update interval every 30 seconds.
RIPv1 vs. RIPv2
Page
19
RIPv1
RIPv2
Classful
Classless
Broadcast based
Uses multicast 224.0.0.9
No support for VLSM
Supports VLSM networks
No authentication
Allows for MD5 authentication
Broadcast
Multicast
No support for discontinuous networks
Support for discontiguous networks
Configure RIP (Routing Information Protocol)
Router(config)#router rip
Router(config)#router protocol
Router(config-router)#network 192.168.2.0
Router(config-router)#network network_address
Router(config-router)#network 192.168.3.0
Router(config-router)#network additional_network_address
(configure additional networks if needed)
Router(config-router)#distance 150
Router(config-router)#distance admin_distance_value
(changes the default administrative distance from 120 to 150. This is optional)
Router(config-router)#passive-interface s0/0 (preventing S0/0 from fully participating in a
routing process)
Configure RIP (Routing Information Protocol) version 2
Router# config t
Router(config)#router rip
Router(config-router)#network 192.168.2.0
Router(config-router)#network 192.168.3.0
Router(config-router)#no auto-summary
Optional: Turns off route summarization to support discontiguous subnets and VLSM.
Page
20
Router(config-router)#version 2
Router(config-router)#distance 150
Router(config-router)#distance distance_value
(changes the administrative distance from 120 to 150. This is optional)
Router(config-router)#passive-interface s0/0 (preventing S0/0 from fully participating in a
routing process. This is optional.)
RIPv2 Authentication
Used to prevent rogue route advertisements
Configuring RIPv2 Authentication
Verifying RIP
#debug ip rip
shows updates happening on interfaces and IP addresses
EIGRP (Enhanced Interior Gateway Routing Protocol)
Configure EIGRP
Prequisites – Interfaces must be assigned IP addresses.
Router(config)#router eigrp 50
Router(config)#router {eigrp_protocol} {autonomous_system_value}
Autonomous values must be the same on any participating routers.
Router(config-router)#network 192.168.2.0
Router(config-router)#network 192.168.3.0
Router(config-router)#metric maximum-hops 255
(default is 100. Set the hop count. This is optional.)
Router(config-router)#no auto-summary
[disables summarization(classful), becomes classless]
Router(config-router)# passive-interface s0/0
(preventing S0/0 from fully participating in a routing process)
EIGRP Show commands
Router#show ip route
(displays the router routing table)
Router#show ip route eigrp
(displays only eigrp entries in the router routing table)
Page
21
Router#show ip protocols
(displays the routing protocols and interfaces used with all routing protocols configured on the
router
Router#show ip eigrp topology
(shows the topology table used with eigrp)
Router# show ip eigrp neighbor
(shows all eigrp neighbors)
Router#debug eigrp packet
(shows hello packets sent/received between adjacent routers)
Key terms
Feasible Distance – EIGRP metric to a destination network
Reported Distance – EIGRP metric to a destination network as reported by the next-hop router
Feasible Condition – Test of a valid, loop-free route, when the reported distance is less than the
feasible distance.
Successor – Valid Primary EIGRP router to a destination Network. This is the best route to a
certain network.
Feasible Successor – valid secondary EIGRP route to a destination network, useable immediately.
Backup route contained in the topology table and inserted into the routing table upon primary
(successor) failure. If there is no FS upon failure, then the DUAL algorithm will calculate a new
route.
OSPF (Open Shortest Path First)
OSPF Router ID
OSPF router ID is determined by the highest IP address on an interface at the moment OF OSPF
process startup. Can be overridden by a loopback interface and would then take the highest IP
of any active loopback interface.
Finding the RouterID
Neighbor Table – “Show ip ospf neighbor” command shows the Neighbor ID, configured Priority,
neighbor state, DR status)
Link State Database – does not contains routes but rather information on destination subnet
that the OSPF process uses to calculate path costs.
OSPF Neighbor Relationships
In order for a relationship to establish, routers must have matching subnet, hello-intervals,
dead-intervals, Area ID, Authentication(if used), stub area flag, and MTU.
Page
22
Configure OSPF
*CCNA exam concentrates only on a “single area” for OSPF.
Prerequisites:
Enable OSPF
Determine Process ID (has to be the same on each router to be configured)
Specify Network/s
Specify Area
Sample Network:
Config# router ospf 1
Config# router ospf_protocol process_id_value
Config-router# network 192.168.2.16 0.0.0.15 area 0
Config-router# network network_address wildcard_mask area_value
(specify any additional networks with wildcard mask to match subnet)
OSPF Show commands
Router#show ip route (displays the router routing table)
Router#show ip ospf (displays ospf information for one or all ospf processes running on the
router)
Router#show ip ospf database (shows the topological database used in ospf)
Router#show ip protocols (displays the routing protocols and interfaces used with all routing
protocols configured on the router, shows admin distance)
Router#show ip ospf interface (displays all the interface-related ospf information)
Router#show ip ospf neighbor (Summarized the pertinent ospf information regarding neighbors
and the adjacent state)
Router#debug ip ospf packet (shows hello packets sent/received between adjacent routers)
Router#debug ip ospf hello (shows hello packets being sent and received between on your
router. It shows more detail information than the debug ip ospf packet output)
Router#debug ip ospf adj (shows DR and BDR elections on a broadcast and nonbroadcast multiaccess network)
OSPF and EIGRP Tables
Neighbor Table, Topology Table, Routing Table.
Page
23
Access Lists
Standard Access Lists
Filtered based on source address.
Uses ID numbers 1-99 1300-1999
Should be applied on interface closest to the destination.
Extended Access Lists
Filtered based on source, destination, protocol, and port.
Uses ID numbers 100-199 2000-2699
Should be applied on interface closest to source.
Creating a Standard Access List
Create the access list
1.
Specify Denied hosts
2.
Specify Allowed hosts
#config t
(config)#access-list 10 deny 192.168.2.3
(config)#access-list 10 deny host 192.168.2.3 *Also will work
(config)#access-list 10 deny 192.168.2.3 0.0.0.0 *Also will work
(config)#access-list 10 permit any
Apply the ACL to an interface
(config)#interface s0/1
(config-if)# ip access-group 10 out
Applying ACL to console(telnet)
Config#line vty 0 4
Config-line#access-class 10 out
Creating an extended access list
Config# acces-list 100 deny tcp host 192.168.0.3 192.168.0.3 0.0.0.0 eq 20 Telnet
Config# acces-list 100 deny tcp host 192.168.0.3 192.168.0.4 0.0.0.0 eq 21 FTP
Config# acces-list 100 deny tcp host 192.168.0.3 192.168.0.5 0.0.0.0 eq 80 HTTP
config# access-list 100 permit ip any any
config# config int s0/0
Page
24
config-if#ip access-group 100 out
Verifying Access Lists
#show access-lists
Shows all access lists
#show ip access-lists
displays only the contents of all the IP ACLs.
#show ip interfaces
shows IP ACLs if they have been set on the interface
Router on a Stick
Routing between VLANs
Configuring Router on a Stick
Router#int {interface sub-interface number}
***Create a subinterface for each network
Example:
R1# configure terminal
R1(config)# interface gigabitethernet0/1
R1(config-if)# no ip address
R1(config-if)# interface gigabitethernet0/1.1
!Configures sub-interface
R1(config-subif)# encapsulation dot1q 1 native
!Sets encapsulation for vlan 1 and designates it as Native Vlan
R1(config-subif)# ip address 192.168.0.1 255.255.255.0
R1(config-subif)# interface gigabitethernet0/1.2
R1(config-subif)# encapsulation dot1q 2
!Sets encapsulation for vlan 2.
R1(config-subif)# ip address 192.168.2.1 255.255.255.0
SW1# configure terminal
SW1(config)# interface gigabitethernet 0/1
SW1(config-if)# description Trunk-to-Router
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk
SW1(config-if)# spanning-tree portfast trunk
Page
25
NAT/PAT
Static NAT
Configure Inside Interface
Config#int f0/0
Config-if#ip nat inside
Config-if# ip add 192.168.1.1 255.255.255.0
config-if#no shutdown
Configure Outside Interface
Config# int s0/0
config if# ip nat outside
config-if# ip address 201.1.1.5 255.255.255.0
config-if# no shutdown
config-if# clock rate 64000 (if required but this is normally already done)
Static Translations
Config# ip nat inside source static 192.168.1.3 201.1.1.6
config# ip nat inside source static 192.168.1.4 201.1.1.7
Save changes (Running Config)
Config# exit
#copy run start
Dynamic NAT
Configure inside interface
Config# int f0/0
config-if# ip nat inside
config-if# ip add 192.168.1.1 255.255.255.0
config-if# no shutdown
Configure outside interface
Config# int s0/1
config-if# ip nat outside
config-if# ip address 201.1.1.5 255.255.255.0
config-if# no shutdown
Create ACL for NAT Translation
Config# access-list 10 permit 192.168.1.0 0.0.0.255
Create NAT Pool with name
config# ip nat pool {NAT name} 201.1.16 201.1.1.46 netmask 255.255.255.0
Page
26
Assign ACL to NAT pool
Config# ip nat inside source list 10 pool {NAT name}
PAT
Prerequisite Information:
Public IP= 201.1.1.16
Configure inside interface (If not already configured)
Config# int f0/0
config-if# ip nat inside
config-if# ip add 192.168.1.1 255.255.255.0
config-if# no shutdown
Configure outside interface (if not already configured)
Config# int s0/1
config-if# ip nat outside
config-if# ip address 201.1.1.5 255.255.255.0
config-if# no shutdown
Create ACL for NAT Translation
Config# access-list 10 permit 192.168.1.0 0.0.0.255
Assign Access list to NAT
Config# ip nat inside source list 10 pool {NAT name} overload
assigns ACL to nat pool
Or
Config#ip nat inside source list interface {interface number} overload
assigns ACL to interface
NAT Verification
#sho ip nat translation
displays translations that have occurred.
Additional NAT Commands
#clear ip nat translation *
***clears all dynamic address translation entries
Page
27
IPv6
Address space is 128 bits long
EveryIPv6 address contains at least one loopback address.
Leading zeros in a field are optional
FF01:0000:0000:0000:0000:0000:0000:0000:0001 FF01:0:0:0:0:0:0:0:1
Successive fields of zeros can be represented as ::. This can only be done once.
FF01:0:0:0:0:0:0:0:1 FF01::1
IPv6 Address Formats
Types of Addresses
Unicast, Multicast, Anycast
Global – Starts with 2000::3 and assigned by IANA
Reserved- Used by the IETF
Loopback - ::1
Unspecified - ::
Page
28
IPv6 Address Type
Unicast
IPv6 Address Subtype
Unique Local
Link Local
Site Local
Unspecified
Loopback
Global Unicast
Notes
Not Routable
Similar to IPv4 private addresses
Not forwarded off the local
link
No longer being used
Used when host has no IP
Used for internal testing
Similar to IPv4 127.0.0.1
Used for sending Internet
traffic.
Prefix
FD00::/8
FE80::/10
FEC0::/10
::/128
::1/128
2000::/3
Multicast
Anycast
IPv4 to IPv6 Transition
Dual Stack (Most common)
A dual stack transition chooses a stack based on the destination address. Router must support
BOTH IPv4 and IPv6.
Tunneling
Manual Tunnel
o Requires dual-stack routers
6to4 tunnel
o Joins multiple isolatated ipv6 domains together
ISATAP Tunnel
o Intra-site Automatic Tunnel Protocol
Teredo Tunnel
o Dual Stack Microsoft Hosts
o Bypasses NAT. Security problem.
IPv6 Routing Multicast Groups
Routing Protocol
Multicast Group Prefix
Static
RIPng
FF02::9
OSPFv3
FF02::5
OSPFv3 All DR Routers
FF02::6
Page
29
ISIS
FFO2::8
EIGRP
FF02::a
PPP and CHAP
Verifying PPP Encapsulation
#sho interface
Verifying PPP authentication
#debug ppp authentication
Verify PPP negotiation
#debug ppp negotiation
DHCP
Configure DHCP
#ip dhcp pool {pool name}
#network {network addr} {sunet mask}
#domain-name {domain name}
#dns-server {primary dns server addr} {secondary dns addr}
#default-router {router address}
#lease {lease time value}
#ip dhcp exclude-address {starting address} {ending address}
Verify DHCP
#sho ip dhcp bindings
shows dhcp leases
Wireless
Page
30
Wireless uses CSMA/CA instead of CSMA/CD.
WAN Technologies
Dedicated
Switched
Leased Lines
Circuit
Switched
Packet
Switched
PSTN, ISDN
Frame Relay, X.25,
ATM
T1/E1
Internet
Broadband VPN
DSL Cable Broadband Wireless
Frame Relay
Encapsulation Types
Cisco, IETF
Local Management Interface
LMI Types
Cisco, ANSI, Q.933
LMI types have to match or the interface will be up down. The line protocol will be down.
Configuring frame-relay
#int {interface number}
Go to the interface you want to configure frame relay on
#ip address {ip address} {subnet mask}
assign the interface an address if not already done so
#encapsulation {frame-relay | ietf}
Set the frame relay encapsulation type. IETF is multivendor type.
#frame-relay lmi-type {ansi | cisco | q933a}
Optional for IOS 11.1 or earlier
#bandwidth 64
Configure the bandwidth for the link.
Page
31
#frame-relay inverse-arp
Enables inverse arp if it was disabled. Used to automatically map the frame relay peers where
inverse arp is supported.
#frame-relay interface-dlci {dlci number}
Used for point-to-point interfaces.
Or
#frame-relay map ip {ip address of peer} {local DLCI number} {optional: Broadcast}
Used on multipoint interfaces and routers that do not support inverse arp. The broadcast parameter is used when you want to control or allow broadcast or multicast traffic over the PVC
(Permanent virtual circuit). Broadcast parameter is necessary for routing updates to occur and is
usually configured regardless (command does not hurt to have on).
Verifying Frame Relay
#sho frame-relay map
lists the current map entries, verifies the DLCI destination address in a frame relay static configuration.
#sho frame-relay pvc {DLCI number}
displays each configured PVCs status and traffic statistics
#sho interfaces {interface}
displays frame-relay encapsulation, lmi, lmi dlci, frame relay dte or dce type.
#show frame-relay lmi
Verifies frame relay operation. Pay attention to status inquiries sent and updates received.
Should be incrementing by 1 every ten seconds.
Keyboard Shortcuts
Keystrokes Purpose
Ctrl-B or the Left Arrow key
Move the cursor back one character
Ctrl-F or the Right Arrow key
Move the cursor forward one character
Page
32
Ctrl-A Move the cursor to the beginning of the command line
Ctrl-E Move the cursor to the end of the command line
Esc B Move the cursor back one word
Esc F Move the cursor forward one word
Page
33
TCP/UDP Common Ports
Port
Protocol Description
0
TCP
Status
0
UDP
Reserved
Official
1
TCP
TCPMUX (TCP port service Multiplexer)
Official
7
TCP
ECHO protocol
Official
7
UDP
ECHO protocol
Official
9
TCP
DISCARD protocol
Official
9
UDP
DISCARD protocol
Official
13
TCP
DAYTIME protocol
Official
13
UDP
DAYTIME Protocol
Official
17
TCP
QOTD (Quote of the Day) protocol
Official
19
TCP
CHAR GEN (Character Generator) protocol
Official
19
UDP
CHAR GEN (Character Generator) protocol
Official
20
TCP
FTP (File Transfer Protocol) - data port
Official
21
TCP
FTP - control (command) port
Official
22
TCP
SSH (Secure Shell) - used for secure logins, file transfers
(scp,sftp) and for forwarding
Official
23
TCP
Telnet protocol - Unencrypted text communications
Official
25
TCP
SMTP (Simple Mail Transfer Protocol) - used for sending emails
Official
37
TCP
TIME protocol
Official
37
UDP
TIME protocol
Official
49
UDP
TACACS protocol
Official
53
TCP
DNS (Domain Name Server)
Official
53
UDP
DNS - most commonly used
Official
67
UDP
BOOTP (BootStrap Protocol) server. Also used by DHCP (Dynamic Host
Configuration Protocol)
Official
68
UDP
BOOTP client and DHCP
Official
69
UDP
TFTP (Trivial File Transfer Protocol)
Official
70
TCP
Gopher protocol
Official
79
TCP
Finger protocol
Official
80
TCP
HTTP (Hyper Text Transfer Protocol)
Official
81
TCP
Smoothwall Web GUI default port
Unofficial
88
TCP
Kerberos - Authenticating agent
Official
109
TCP
POP2 (Post Office Protocol version 2) Email retrieval
Official
110
TCP
POP3 (Post Office Protocol version 3) Email retrieval
Official
113
TCP
ident - Old server identification system, used by IRC to identify users
Official
119
TCP
NNTP (Network News Transfer Protocol) - Used to retrieve newsgroup
messages
Official
123
UDP
NTP (Network Time Protocol) - Used for time synchronization
Official
139
TCP
NetBIOS
Official
143
TCP
IMAP4 (Internet Message Access Protocol) Used to retrieve email
Official
161
UDP
SNMP (Simple Network Management Protocol)
Official
179
TCP
BGP (Border Gateway Protocol)
Official
194
TCP
IRC (Internet Relay Chat)
Official
222
TCP
Smoothwall SSH
Unofficial
389
TCP
LDAP (Lightweight Directory Access Protocol)
Official
443
TCP
HTTPS - HTTP over SSL (encrypted transmission)
Official
445
TCP
Microsoft-DS (Active Directory, Windows shares, Sasser Worm, Agobot,
Zobot Worm)
Official
445
UDP
Microsoft-DS SMB file sharing
Official
465
TCP
SMTP over SSL - Conflict with registered Cisco protocol
Unofficial/Confilict
Page
34
514
UDP
syslog protocol - Used for system logging
Official
540
TCP
UUCP (Unix-to-Unix Copy Protocol)
Official
542
TCP
commerce (Commerce applications)
Official
542
UDP
commerce
Official
554
TCP
RTSP (Real Time Streaming Protocol)
Official
587
TCP
email message submission (SMTP) - RFC 2476
Official
591
TCP
FileMaker 6.0 Web Sharing (HTTP Alternate)
Official
636
TCP
LDAP over SSL (encrypted transmission)
Official
666
TCP
id Software's Doom Multiplayer game (number of the beast)
Official
873
TCP
rsync - File synchronization protocol
Official
901
TCP
SWAT (Samba Web Administration Tool)
Unofficial
981
TCP
SofaWare Technologies Remote HTTPS management for firewall devices
running embedded Checkpoint Firewall-1
Unofficial
993
TCP
IMAP4 over SSL (encrypted transmission)
Official
995
TCP
POP3 over SSL (encrypted transmission)
Official
1080
TCP
SOCKS proxy
Official
1099
TCP
RMI Registry
Official
1099
UDP
RMI Registry
Official
1194
UDP
OpenVPN
Official
1214
TCP
Kazaa default
Official
1223
TCP
TGP (Truly Global Protocol)
Official
1337
TCP
WASTE Encrypted File Sharing Program
Unofficial/Conflict
1352
TCP
IBM Lotus Notes/Domino RCP
Official
1387
TCP
Computer Aided Design Software Inc LM
Official
1387
UDP
Computer Aided Design Software Inc LM
Official
1414
TCP
IBM MQSeries
Official
1433
TCP
Microsoft SQL database system
Official
1434
TCP
Microsoft SQL Monitor
Official
1434
UDP
Microsoft SQL Monitor
Official
1494
TCP
Citrix MetaFrame ICA Client
Official
1521
TCP
Oracle database default listener - Conflict with registered use: nCube
License Manager
Unofficial/Conflict
1547
TCP
Laplink
Official
1547
UDP
Laplink
Official
1718
TCP/UDP H.323 Gate Discovery
1719
TCP/UDP H.323 Gate Stat
1720
TCP/UDP H.323 Host Call (VoIP)
1723
TCP
Microsoft PPTP VPN
Official
1723
UDP
Microsoft PPTP VPN
Official
1731
TCP
Audio Call Control
1761
TCP
Novell Zenworks Remote Control Utility - Conflict with registered use:
cft-0
Unofficial/Conflict
1863
TCP
MSN Messenger
Official
1900
UDP
Microsoft SSDP - Enabled discovery of UPnP devices
Official
1984
TCP
Big Brother - network monitoring tool
Official
2000
TCP
Cisco SCCP (Skinny)
Official
2000
UDP
Cisco SCCP (Skinny)
Official
Oracle Services for Microsoft Transaction Server
Unofficial
2030
2082
TCP
CPanel's default port - Conflict with registered use: Infowave Mobility
Server
Unofficial/Conflict
2083
TCP
CPanel's default port for SSL connection
Unofficial
2086
TCP
WebHost Manager's default port - Conflict with registered use: GNUnet
Unofficial/Conflict
Page
35
2087
TCP
WebHost Manager's default port for SSL connections
Unofficial
2095
TCP
CPanel's default port for webmail connections
Unofficial
2096
TCP
CPanel's default port for webmail connections via SSL
Unofficial
2181
TCP
EForward - document transport system
Official
2181
UDP
EForward - document transport system
Official
2222
TCP
DirectAdmin's default port
Unofficial
2427
UDP
Cisco MGCP
Official
2447
TCP
ovwdb - OpenView Network Node Manager (NNM) daemon
Official
2447
UDP
ovwdb - OpenView Network Node Manager (NNM) daemon
Official
2517
TCP/UDP H.323 Annex E call signaling transport
2710
TCP
XBT Bittorrent Tracker
Unofficial
2710
UDP
XBT Bittorrent Tracker experimental UDP tracker extension
Unofficial
3050
TCP
gds_db
Official
3050
UDP
dgs_db
Official
3128
TCP
HTTP used by web caches and Squid cache default port
Official
3306
TCP
MySQL Database System
Official
3389
TCP
Microsoft Terminal Server (RDP) officially registered as Windows Based
Terminal (WBT)
Official
3396
TCP
Novell NDPS Printer Agent
Official
3689
TCP
DAAP Digital Audio Access Protocol used by Apple's ITunes
Official
3690
TCP
Subversion version control system
Official
3784
TCP
Ventrilo VoIP program
Official
3785
UDP
Ventrilo VoIP program
Official
4662
TCP
eMule - Port often used
Unofficial
4672
UDP
eMule
Unofficial
4894
TCP
LysKOM Protocol A
Official
4899
TCP
RAdmin remote administration tool (Often trojan horse)
Official
5000
TCP
UPnP - Windows Network device interoperability; Conflict with registered Unofficial/Conflict
use: commplex-main
5060
TCP/UDP SIP (VoIP)
5061
TCP/UDP SIP TLS (VoIP)
5121
Neverwinter Nights and its mods, such as Dungeon Eternal X
Unofficial
5190
TCP
AOL and AOL Instant Messenger
Official
5222
TCP
XMPP/Jabber - client connection
Official
5223
TCP
XMPP/Jabber - default port for SSL Client Connection
Unofficial
5269
TCP
XMPP/Jabber - server connection
Official
5432
TCP
Postgre SQL database system
Official
5517
TCP
Setiqueue Proxy server client for SETI@Home project
Unofficial
5800
TCP
VNC remote desktop protocol - for use over HTTP
Unofficial
5900
TCP
ARD/VNC remote desktop protocol - regular port
Unofficial
6000
TCP
X11 - used for X-windows
Official
6112
UDP
Blizzard's Battle.net gaming service - Clonflict with registered use:
dtspcd
Unofficial/Conflict
6346
TCP
Gnutella Filesharing
Official
6347
UDP
Gnutella
Official
6600
TCP
mpd - default port that mpd listens on
Unofficial
6667
TCP
IRC
Unofficial
6668
TCP
IRC
Unofficial
6669
TCP
IRC
Unofficial
6881
TCP
BitTorrent
Unofficial
6882
TCP
BitTorrent
Unofficial
6891-6900 TCP/UDP MSN Messenger (File Transfer)
Official
6901
Official
TCP/UDP MSN Messenger (Voice)
Page
36
7312
UDP
Sibelius License Server
Unofficial
8000
TCP
iRDMI (Often unofficially used for internet radio streams)
Official
8010
TCP
XMPP/Jabber file transfers
Unofficial
8080
TCP
HTTP Alternate
Official
8118
TCP
Privoxy web proxy
Official
11371
OpenPGP HTTP Keyserver
Official
11576
IPStor Server Management Communication
Official
Unofficial
20720
TCP
Symantec i3 Web GUI server
22136
TCP
MXM endpoint administration
2700027006
UDP
id Sofware's QuakeWorld Master server
Unofficial
27010
Half-Life and its mods
Unofficial
27015
Half-Life and its mods
Unofficial
27374
Sub7's default port. Most script kiddies do not change.
Unofficial
2750027900
UDP
id Software's QuakeWorld
Unofficial
2796027969
UDP
id Software's Quake III Arena and Quake III derived games
Unofficial
31337
TCP
Back Orifice - remote administration tool (often a trojan horse) ("31337" Unofficial
is the leet speak version of "Elite")
4915265535
TCP/UDP Dynamic Port Range. No Official Registrations.
References / Citations
CCNA Boot Camp, Instructor: Milton Kabia
TCP/UDP Common Ports. BT Tech, Consulting for the Future
<http://www.bttech.org/pageports.html>
www.Cisco.com
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.s
html
TrainSignal Training
www.Trainsignal.com
Page
37
