Test+King+Cisco+640 607+Study+Guide+v1.0

8/8/2019 Test+King+Cisco+640 607+Study+Guide+v1.0

1/63

CCNA FOUNDATIONS .......................................................... ........................................ 4

OSI Model....................................................................................................................... 4Upper Layer .................................................................................................................... 5Lower Layers .................................................................................................................. 5Data Link Layer Tasks.................................................................................................... 6Network Layer Tasks...................................................................................................... 7Transport Layer Tasks .................................................................................................... 8LAN Physical Layer Implementations............................................................................ 8

CISCO DEVICE BASICS.............. ............................................................. ................... 10

Command Modes .......................................................................................................... 10Basis Switch Commands............................................................................................... 11Switch Configuration using the Command Line .......................................................... 11Basic Router Information.............................................................................................. 12Common CLI Error Messages ...................................................................................... 12Basic Router Commands............................................................................................... 13Advance Router Configuration ..................................................................................... 14

OBTAINING NETWORK INFORMATION............................................... ............... 16

CDP............................................................................................................................... 16CDP Related Commands .............................................................................................. 16Telnet Application ........................................................................................................ 17Router Basics ................................................................................................................ 18Router components ....................................................................................................... 18

CATALYST 1900 SWITCH ...................................................... .................................... 21

Functions....................................................................................................................... 21Frame Decisions............................................................................................................ 21

Avoiding Loops ............................................................................................................ 21Spanning Tree Protocol................................................................................................. 22Spanning Tree Path Cost............................................................................................... 23Spanning Tree Protocol elections ................................................................................. 23Spanning Tree States..................................................................................................... 24How Frame Are Sent .................................................................................................... 24Switch communication.................................................................................................. 25Catalyst 1900 Switch Configuration............................................................................. 25

Configuration commands.............................................................................................. 26Virtual LANs ................................................................................................................ 27

TCP/IP ................................................ ....................................................... ...................... 28

TCP Connection Establishment .................................................................................... 29Windowing.................................................................................................................... 29TCP/IP Internet Layer................................................................................................... 29ICMP............................................................................................................................. 30

IP Addressing Basics .................................................................................................... 30


2/63

Address Classes ............................................................................................................ 31Broadcast....................................................................................................................... 32Subnetting ..................................................................................................................... 33Configuring IP Addresses ............................................................................................. 35

ROUTING 101 .................................................... ........................................................ .... 36

Route Selection ............................................................................................................. 36Routing Protocols.......................................................................................................... 37Administrative Distance................................................................................................ 37Routing Protocol Classes .............................................................................................. 37RIP ................................................................................................................................ 40IGRP ............................................................................................................................. 40

ACCESS LISTS ....................................................... ....................................................... 42

Access List Types ......................................................................................................... 42Access List Guidelines.................................................................................................. 42Standard IP Access List ................................................................................................ 43Extended IP Access Lists.............................................................................................. 45Verifying and Monitoring Access Lists........................................................................ 46

NOVELL INTERNETWORK PACKET EXCHANGE (IPX) PROTOCOL SUITE...................................................... ........................................................ ............................. 47

IPX ................................................................................................................................ 47Encapsulation Types ..................................................................................................... 48

CISCO AND WIDE AREA NETWORK (WAN) .................................................. ...... 50

WAN Connection Types............................................................................................... 50WAN Layer 2 Encapsulation ........................................................................................ 50HDLC............................................................................................................................ 51PPP................................................................................................................................ 51

ISDN ............................................................................................................................. 52FRAME RELAY................................................................ ............................................. 54

LMI ............................................................................................................................... 54Subinterface Connection Types .................................................................................... 55Obtain Frame Relay Information.................................................................................. 56

LABS.................................................... ............................................................ ................ 57

Lab 1 Configure a name and passwords for a router ................................................. 57Lab 2 Configuring Router Interfaces ......................................................................... 59Lab 3 Configuring Static Routes................................................................................ 61Lab 4 Configuring RIP and Restoring Configuration................................................ 62Lab 5 Configuring IGRP............................................................................................ 63Lab 6 Access List....................................................................................................... 64


3/63

CCNA Foundations

OSI Model

One of the keys to understanding Cisco is the OSI model. The OSI model permitspeople to understand how internetwork works and it serves as a guideline or framework for creating and implementing network standards, devices, and internetworking schemes.Some of the advantages of the OSI model include:

It allows for the breaking down of complex operation into simple elements; Enables engineers to specialize the design and development of modular elements;

and It provides standards for plug and play and multivendor integration.

The OSI reference model has 7 layers:

To assist in remembering the OSI model layers in the proper area you might want to tryeither of the following sentences:

All ApplicationPeople PresentationSeem SessionTo TransportNeed Network Data Data Link Processing Physical

Appliction(Upper) Layers

Application

Presentation

Session

Transport Layer

Network Layer

Data Link Layer

Presentation Layer

Data FlowLayers

Media Access Control(MAC) Sublayer

Logical Link Control(LLC) Sublayer


4/63

Or from the bottom of the OSI model to the top

Please Do Not Throw Sausage Pizza Away.

Upper Layer

Upper Layers The upper layers of the OSI model deal with user interface, dataformatting, and application access. Specifically these layers do the following:

Application Layer this is where the user/applications access the network.Presentation layer determines how data is presented and special processing such as

encryption.Session Layer controls the establishment the establishing, managing and terminatingcommunications sessions between presentation layers.

Lower Layers

The four lower layers are in charge of how data is transferred across a physical wire,through internetwork devices, to desired end station, and finally to the application on theother side. Specifically these layers do the following:

Transport provides for both reliable and unreliable delivery and error correction beforeretransmit.Network provides logical addressing which device us for path destinationsData Link Combines bits into bytes and bytes into frames, provided access to mediausing MAC addresses, and error detection.Physical responsible to move bits between devices and specifies voltage, wire speedand pin-out cables.

Encapsulation

The method of passing data down the stack and adding headers and trailers is calledencapsulation. For the each of the lower four layers the unit are as follows:

Transport SegmentNetwork PacketData Link FramePhysical Bits


5/63

Collision vs Broadcast Domains

Collision domain is a group of devices connected to the same physical media such that if two devices access the media at the same time, the result is a collision of the two signals.

Broadcast Domains is a group of devices in the network that receive one anothersbroadcast messages.

Data Link Layer Tasks

The data link layer provides network traffic with information on where it is to go andwhat it is to do once it gets there. In order to provide this functions the IEEE data link layer is defined into two sublayers:

1. Media Access Control (MAC) Sublayer (802.3) This sublayers is responsible forhow the data is transported over the physical wire. This is the part of the data link layerthat communicates downward to the physical layer.

The MAC address is a 48-bit address expressed as 12 hexadecimal digits. The first 24bits or 6 hexadecimal digits of the MAC address contain a manufacturer identification orvendor code. This can also be called the Organizationally Unique Identifier (OUI). Thelast 24 bits or 6 hexadecimal are administered by each vendor and often represents theinterface serial number.

2. Logical Link Control (LLC) Sublayer (802.2) This sublayer is responsible forlogically identifying different protocol types and then encapsulating them in the order tobe transmitted across the network.

The data link layer has two types of devices: bridges and Layer 2 switches. Layer 2switching is hardware-based bridging. When a bridge hears a frame on the network itmust decide to filter, flood or copy the frame onto another segment.

This is decided as follows:

1. If the destination in on the same segment it is filtered. That is, if the frame isfrom the same segment then it is blocked from going onto segments.

2. If the destination is on another segment it is forwarded to the proper segment.3. If the destination is not known to the bridge then the bridge will flood the

frame. That is, it is sent to all other segment other than the originating one.

Bridged/switched networks have the following characteristics:

1. Each segment is a collision domain.


6/63

2. All devices connected to the same bridge/switch are part of the samebroadcast domain.

3. All segments must use the same data link layer implementation: Ethernet andall Token Ring.

4. In switched environment, there can be one device per segment, and eachdevice can send frames at the same time, thus allowing the primary pathwayto be shared.

Network Layer Tasks

The network layer defines how to transport traffic between devices that are not locallyattached in the same broadcast domain. In order for this to occur the following isrequired:

1. A logical address associated with the source and destination stations.2. A path through the network to reach the desired destination.

The logical network address consists of two parts: one part to identify the network andthe other to uniquely identify the host.

Routers work at the network level. The router performs the following tasks:

Routers identify networks and provide connectivity. Router do not forward Layer 2 broadcast or multicast frames. Routers attempt to determine the optimal path through a routed network based on

routing algorithms. Routers strip Layer 2 frames and forward packets based on Layer 3 destination

address.

Routers map a single Layer 3 logical address to a single network device;therefore, routers can limit or secure network traffic based on identifiableattributes within each packet. These options, controlled via access lists, can beapplied to inbound or outbound packets.

Routers can be configured to perform both bridging and routing functions. Routers provide connectivity between different virtual LANs (VLANs) in a

switched environment. Routers can be used to deploy quality of service parameters for specified types of

network traffic.


7/63

Transport Layer Tasks

For two devices to communicate within a network a connection or session must beestablished. The transport layer defines the guidelines for the connection between thetwo devices.

The transport layer define the following functions:

Allows end stations to assemble and disassemble multiple upper-layer segmentsinto the same transport layer data stream. This is accomplished by assigningupper-layer application identifiers.

Allows applications to request reliable data transport between communicating and

systems. This is done through a connection-oriented relationship between thecommunicating end systems to accomplish the following:

o Ensure the segments delivered will be acknowledged back to the sender.o Provide for retransmission of any segments that are not acknowledged.o Put segments back into their correct sequence order at the receiving

station.o Provide congestion avoidance and control.

LAN Physical Layer Implementations

Cabling exist at the Physical Layer of the OSI model. The CCNA exam focus on theEthernet as the physical and data link connections. The term Ethernet refers to a familyof LAN implementations. The three major categories are:

1. Ethernet (DIX) and IEEE 802.3 this operates at 10 Mbps over coaxial cable,UTP and fiber.

2. 100 Mbps Ethernet (IEEE 802.3u) this is also known as the Fast Ethernet thatoperates over UTP or fiber.

3. 1000 Mbps Ethernet this is known as the Gigabit Ethernet that operates at 1000Mbps over fiber.


8/63

Ethernet Cabling Specifications

Cable MaximumSegmentLength

Topology Connector

10Base5 Coax Thick 500 meters Bus AUI10BaseT Cat 3,4,5 UTP,

2 pair100 meters Star RJ-45

100BaseTX Cat 5 UTP, 2pair

100 meters Star RJ-45

100BaseFX Multimodefiber

400 meters Point-to-point Duplex mediainterfaceconnector(MIC) ST


9/63

Cisco Device Basics

When a switch or a router is first started 3 operations occur:

Step 1: The power on self-test (POST) is performed. The device finds hardware and

performs hardware checking routines.

Step 2: After the hardware is confirmed functional, the start up routine is performed. Theswitch/router looks for and loads the operating system software.

Step 3: After the operating system is loaded, the device will find and apply configurationsettings that are required for network operations.

Command Modes

Cisco IOS software uses a command-line interface as its traditional console environment.There is two default access levels: user EXEC level and privileged EXEC level.

The user EXEC level allows user access to a limited number of basic monitoringcommands.

Privileged EXEC level provides access to all router commands. This can be password-protected to allow only authorized users to configure or maintain the router.

When a device is in EXEC mode, this is represented by the > symbol. The followingrepresents this:

hostname>

More commands are accessible from the privilege EXEC mode, to change the device tothis mode you would issue the enable command. The switch or router prompt willchange to he following:

hostname#

To return to the user EXEC mode you will need to type disable.


10/63

Basis Switch Commands

history This command will provide you with a list of the contents of the switchssubstitution buffer. You can use the following commands/key strokes to navigate thebuffer

Up-arrow button/Ctrl-p Last (previous) command recallDown-arrow / Ctrl-n More recent command to bufferSwitch>show history Shows commands buffer contents

show version this command displays information about software version, systemhardware, the names and locations of configuration files, and the boot images. Thiscommand enables you to determine the switchs current operating system which is

imperative for troubleshooting.

show interface - this command shows the statistics of all of the switchs interfaces thatare configured. This command can be useful when configuring and troubleshooting theswitch.

show ip - this command shows the current IP configuration of the switch.

Switch Configuration using the Command Line

You must switch from the priviledge EXEC mode to the global configuration mode inorder change the parameters of the switch.

switch# conf termswitch(config)#

To configure an interface you must be in the interface configuration mode. You use theinterface command to do this.

switch# interface e0/1switch(config-if)#

To change the name of the switch you do the following:

switch(config)# hostname testkingtestking(config)#

Please note the name change is immediate.

Y ill l d t fi th i dd f th it h thi hi d f ll


11/63

You will also need to configure the ip address of the switch this achieved as follows:

testking(config)# ip address 10.5.5.11 255.255.255.0

Basic Router Information

When a router is first turned on it will check its NVRAM (nonvolatile random accessmemory) for a router configuration. If one is not found then the operating system starts aquestion driven initial configuration. This is known as the system configuration dialog orsetup dialog.

To change the configuration of the router you will need to do so in the configuration

mode. There are two levels of modes:

User mode often used to check the status of the routerPrivileged mode used to change the routers configuration.

Cisco IOS CLI on Cisco routers offers context sentsitive word help and command syntaxhelp:

For word help, use the question mark (?) following one or more characters. Thisprovides a list of commands that begin with a particular character sequence.For command syntax help, use the ? in the place of a keyword or argument. Include aspace before the ?.

Common CLI Error Messages

Error% Ambiguous command: show con

Reason for errorYou did not enter enough characters for your switch to recognize the command.

SolutionReenter the command followed by a question mark (?) with no space between thecommand and the question mark. You will be provided with a choice of keywords thatyou can enter

Error% Imcomplete command.

Reason for error

You did not enter enough of the keywords or values required


12/63

You did not enter enough of the keywords or values required.

SolutionReenter the command followed by a question mark (?) with no space between thecommand and the question mark.

$ Invalid input detected at ^ marker

Reason for errorThe command was entered incorrectly. The caret (^) marks the place of the error.

SolutionEnter a question mark (?) to display all the commands that are available in this commandmode.

When you are in the command line there are a number of shortcuts or hot keys you canuse.

Command LineEditing KeySequence DescriptionCtrl-a Moves the cursors to the beginning of the line.

Ctrl-e Moves the cursors to the end of the line.Ctrl-f Moves the cursors forward one character.Ctrl-b Moves the cursors backward one characterEsc-f Moves the cursors forward one wordEsc-b Moves the cursors backward one wordCtrl-d Deletes a single character.Ctrl-k Deletes everything to the right of the cursor.Ctrl-x Deletes everything to the left of the cursor.

Ctrl-w Deletes a word.Ctrl-u Deletes a line.Ctrl-r Refreshes the command line and everything typed up to this point.Backspace Removes one character to the left of the cursor.Tab Completes a partially entered command if enough characters have

been entered to make it unambiguous.

Basic Router Commands

show version this commands displays the configuration of the software version, therouters hardware, the names and location of the configuration files and the boot images.

show running-configuration this commands is used to display the configuration that is


13/63

show running-configuration this commands is used to display the configuration that isbeing used by the IOS and that is located in the RAM.

show startup-configuration this commands displays the backup configuration that islocated in the NVRAM. This is the file that is used to configure the router during startup.

Advance Router Configuration

To make complex and specific configurations for a router you can use the CommandLine. To access these specific configuration modes you must first be in the globalconfiguration mode. This is achieved by entering the configure terminal command.Some of the of more popular of these specifc configuration modes are:

Interface this allows you to enter commands that are responsible to configureoperations on each interface. The prompt for this mode is:

router(config-if)#

Subinterface this provide support (and configuration) of multiple virtual interfaces on aphysical interface. The prompt for this mode is:

router(config-subif)#

Line This mode is used to configure a terminal line. The prompt for this mode is:

router(config-line)#

Router This command is used to configure an IP routing protocol. The prompt for thismode is:

router(config-router)#

To exit one of these specific mode you can use the exit command. This command willreturn you to the global configuration mode. If you want to totally exit configurationmode you should enter end or Ctrl-z.. These actions will return you to the priviledgeEXEC prompt.

copy running-configuration startup-configuration this command will copy the currentconfiguration in the RAM to the NVRAM (backup configuration).

To change the name of the router you would use the hostname command. An examplefollows:

router(config)#hostname testkingtestking(config)#

To add a Message of the Day you would use the banner motd command Space and a


14/63

To add a Message of the Day you would use the banner motd command. Space and adelimiting character would follow this command. An example follows:

testking(config)#banner motd *Information DepartmentYou must be authorized to usethis system! *

In order to secure your router you can use passwords. Passwords can be used for both thepriviledge EXEC mode and on individual lines. All passwords are case sensitive.

To configure a login password for console terminal you would do the following to set thepassword as england:

testking(config)#line console 0testking(config-line)#logintestking(config-line)#password england

To set a password for an incoming Telnet session you would do the following:

testking(config)#line vty 0 4

testking(onfig-line)#password londonTo further secure your router you can provide an enable password. These passwordsrestricts access to privilege EXEC mode. To encrypt the enable password you wouldneed to use the enable secret command. An example of both commands follows:

testking(config)#enable password washington

testking(config)#enable secret boston


15/63

Obtaining Network Information

CDP

The Cisco Discovery Protocol (CDP) discovers and shows information about directlyconnected devices. CDP is used to manage Cisco devices. This protocol gathersinformation from directly connected devices (no matter which protocol they are running)and provides administrators with summary of protocol and address information. Devicesthat support CDP can communicate with each other even if they are running differentprotocols (TCP/IP and AppleTalk for example) as CDP runs at the data link layer. CDPstarts by default when a Cisco device starts.

In general, CDP provides the following information for each CDP neighbor device:

Device name and if there is one a domain name. An address for each supported protocol. Port identifier. That is names of the local and remote ports. This is done is

ASCII such as ethernet0. Capability lists.

Hardware platform. Version information.

CDP Related Commands

As stated before CDP is enabled by default on Cisco devices. There will be times thatyou may want/need to disable it. Two of the reasons for disabling it would be to preventCDP information from reaching non-CDP devices and to conserve bandwidth. Todisable CDP at the device level you would issue the no cdp run command at the globalconfiguration mode. To disable CDP on an interface you would use the no cdp enablecommand. To re-enable CDP on an interface you would use the cdp enable command.

show cdp neighbours this command displays the CDP information for each directlyconnected device. The following information will be displayed for each port:

Neighbor device ID Local Interface The hold time in seconds Neighbor device capability code Hardware platform of the neighbor Neighbors remote port ID


16/63

To obtain additional information you can use either the show cdp neighbours detailcommand or show cdp entry * command.

show cdp entry command will display the following information:

Neighbor device ID Layer 3 protocol information The devices platform The devices capabilities The local interface type and outgoing remote port ID The hold time value in seconds OIS type and version

show cdp traffic this command displays the number of CDP packets sent and receivedand the number of errors.

show cdp interface - this command displays the configuration information and theinterface status of the local device.

Telnet Application

CDP only provides information about directly connected devices. To obtain informationabout remote devices you will need to use the Telnet application.

On a router there is no need to use neither telnet nor connect to establish a Telnet session.All you need to do is enter the IP address. For a Catalyst switch you will need to enterthe telnet command followed by the IP address of the remote device.

show sessions this command shows a list of devices that you are connected to. Thiswill allow you to verify Telnet connectivity. This commands displays the following foreach device:

Host name

IP address Byte count Amount of time the device has been idle Connection name assigned to the session

show user this command displays whether the console port is active, and to list all allactive Telnet sessions, with the IP address or IP alias of the originating host. Localconnections are represented by con and remote connections are represented vty.


17/63

Ctrl-Shift-6, all together, followed by x will suspend the Telnet connection

resume this command will resume one session. If there was more than one sessionbefore only the last active session will be resumed.

resume sessionnumber (where sessionnumber will be the actual session number) thiscommand will resume a specific Telnet session. You can use the show sessionscommand to determine the required session number.To can end a Telnet session you can use the following commands:

exit or logout EXEC command while on the remote device to log out of the consolesession.

disconnect EXEC command while on the local device to end the Telnet session. If youwant to disconnect one single session you can use the disconnect sessionnumber (wheresessionnumber will be the actual session number) command.

clear line this command will close a Telnet session from a foreign host. You will needto use the show user command to determine which users are on the device. This willprovide you with the lines that need to be disconnected.

Other useful TCP/IP tools that you can use are the ping command and the traceroutecommand. The ping command verifies connectivity and traceroute will show the routethat packets travel.

Router Basics

Booting Sequence of a router

Step 1 POSTStep 2 Load and run bootstrap codeStep 3 Find the IOS softwareStep 4 Load the IOS softwareStep 5 - Find the configurationStep 6 Load the configurationStep 7 Run

Router components

Routers have the following components:


18/63

RAM contains the software and data structures that allow the router to function. ROM read only memory. Contains microcode for basic functions to start and

maintain the router Flash memory the primary use is to contain the IOS software image NVRAM this stores the configuration Configuration Register this controls how the router boots up. Interfaces

ROM microcode contains:

Bootstrap code POST code ROM monitor Partial IOS

show version this command will be display the configuration register value.

copy running-configuration tftp this will copy the running configuration to a tftp server.This will store a copy of the configuration on a location other than the device.

copy running-configuration startup-configuration this command will move the runningconfiguration to the startup-configuration (NVRAM). This can be done to save changesto the configuration.

copy startup-configuration running-configuration this command will move the startupconfiguration (NVRAM) to the running-configuration (RAM).

As previously stated the Flash memory contains the IOS image. To obtain informationabout your router memory and image file you can use the show flash command. Thiscommand can provide the following:

Total amount of memory on the router Memory available System image file name The size of the file in Flash

The name of the Cisco image file contains different parts. An example is c2500-js-1_120-3.bin.

c2500 shows the platform that the image runs.

js j means that this is an enterprise image and s shows an extended capabilities.

1 means the file is not compressed and can be moved.


19/63

120-3 represents the version number of the image.

.bin means that this is a binary executable file.

copy tftp flash this command will download a new image from a network server to theFlash memory.

Catalyst 1900 Switch


20/63

Catalyst 1900 Switch

Functions

This is a Layer 2 device that provides the following functions (bridges provide the samefunctionality):

The devices learn the MAC address for all devices attached to each of its ports.These addresses are stored in a MAC database.

When a frame is received the switch will consult its MAC database to establishthrough which port the device can be reached. The frame is only sent to that port.

If your network design includes loops to provide for redundancy it is the switchsresponsibility to keep the network from coming down but if the Spanning TreeProtocol is configured then backup paths will be allowed.

An Ethernet switch discovers addresses and functions like a transparent bridge.The switch keeps a MAC address table used to track the locality of devicesconnected to the switch. It then employs that table to determine which packet

should be forwarded to other segments.

Frame Decisions

When a switch receives a frame that is its MAC table, the frame will only be sent to theport that is associated with that MAC.

When a switch receives a multicast frame or a broadcast frame it is sent to all other ports.This process is referred to as flooding.

Avoiding Loops

Switched and bridge networks are designed with redundant links and devices. This caneliminate single points of failure that would cause a failure of the entire network. Thisredundant design can cause many problems. The possible problems are:

Without some form of loop avoidance there is a distinct possibility that eachswitch will flood the network with broadcasts continuously. These broadcasts

can lead a broadcast storm that can cause a waste of bandwidth and severelyimpacts network and host performance


21/63

impacts network and host performance.

Many copies of nonbroadcast frames may delivered to the destination device.This could cause unrecoverable errors.

MAC address table could become instable as it receives of the same frame beingreceived on different ports.

Loop avoidance can address each of these problems.

Broadcast storms are eliminated through a loop avoidance solution would prevent one of the interfaces from transmitting or receiving during normal operations. This can beachieved through using the Spanning Tree. This will be discussed in greater detail.

Database instability results when multiple copies of a frame arrive one different ports of aswitch. This can be eliminated through a loop avoidance solution would prevent one of the interfaces from transmitting or receiving during normal operations. This can beachieved through using the Spanning Tree. This will be discussed in greater detail.

A large complex bridged or switched network with multiple switches can cause multiple

loops to occur in the switched network. A loop avoidance mechanism is required toeliminate this. This is the main reason for the Spanning Tree Protocol.

Spanning Tree Protocol

DEC developed the Spanning Tree Protocol. It is a bridge-to-bridge protocol. IEEErevised this protocol as the 820.1d specification. The Catalyst 1900 switch uses the IEEE820.1d specification.

Maintaining a loop-free network is the purpose of the Spanning Tree Protocol. This isachieved as soon as device finds a loop in the network topology it will block one or moreof the redundant ports. The Spanning Tree Protocol is ever vigilant and is constantlylooking for failures and new additions to the network. When the topology changes,Spanning Tree Protocol will make the required changes to the ports to avoid total lossconnectivity or the establishment of new loops.

The Spanning Tree Protocol provides a loop free environment by doing the following:

Electing a root bridge each broadcast domain will have only one root bridge. All of theports of the root bridge are called designated ports and are in a forwarding state. A portin a forwarding state can both receive and transmit frames.

Each nonroot bridge will have on root port the root port is the one with lowest cost pathto the root bridge These root ports are in the forwarding state Spanning Tree path cost


22/63

to the root bridge. These root ports are in the forwarding state. Spanning Tree path costis an accumulated cost based on bandwidth. If the cost is the same then it is the port withthe lowest port number.

On each segment there is one designated port once again the designated port is selectedon the bridge that has the lowest path cost to the root bridge. As these ports are in the

forwarding state they are responsible for forwarding the traffic of the segment.Nondesignated ports are in a blocking state so as to break a loop in the topology. As aresult it cannot forward traffic.

Devices running the Spanning Tree Protocol exchange Bridge Protocol Data Unit(BPDU). BPDU are multicast message are sent by default is sent every 2 seconds thatcontain configuration information including the bridge ID. This ID most often contain 2bytes for priority and 6 bytes that contain the MAC address of the device.

Spanning Tree Path Cost

Link Speed Cost(Reviswed IEEE Specs)

Cost(Old IEEE Specs)

10 Gbps 2 11 Gbps 4 1100 Mbps 19 1010 Mbps 100 100

The Catalyst Switch 1900 use the old calculations whereas other Catalyst switches , suchas 2900XL, use the revised calculations

Spanning Tree Protocol elections

Root bridge the switch with the lowest bridge ID.Root port the port(s) with the lowest-cost path to the root.

Designated port all ports on the root bridge are designated ports. On other devices thedesignated port is the one that has the lowest cost and then the lower bridge ID.Blocking all ports on the segment that are not designated.Forwarding all designated ports and root ports are in the forwarding state.

Spanning Tree States


23/63

Spanning tree has the following states:

Blocking Listening

Learning Forwarding

These states are moved through by Spanning Tree to maintain a loop free topology.Normally a port is either a blocking state or a forwarding state. When a change is sensedports temporarily change to the listening and learning states.

All ports start in the blocked state. These port still receive BPDUs. Ports move to the

listening state. The move to this state to ensure if the transitions it they will not create aloop. Next the port will populate its MAC address table in the learning state but will notforward frames. Finally the port begin receiving and sending frames once it moves intothe forwarding state. The default time to move from the blocking state to the forwardingstate is 50 seconds. The time it takes for a device to transition between the listening tolearning and learning to forwarding is called forward delay. The default Spanning Treetimers are as follows:

Timer DefaultHello Time 2 secondsForward Delay 30 secondsMax age 20 seconds

How Frame Are Sent

Switches have three operating modes to address frame switching:

Store and Forward in this mode the switch must first receive all of the frameprior to forwarding it. The source and destination destinations are read, the CRC(cyclic redundancy check) is done, filters are applied, and then the frame isforwarded. If an error is discovered the frame is dropped. Latency for this mode

is dependent on the size of frame.

Cut-through this mode only checks the destination address (DA) and thenbegins to forward the frame. This can often reduce the latency from input tooutput port. The delay for this mode is the same no matter the size of the frame.The problem with this mode is that it will forward a frame with an error or acollision frame.

Fragment-free this mode (also referred to as modified cut-through) reads thefirst 64 bytes of the forwarding frame. In this way collisions can be fiilterd out as


24/63

y g ythey usually occur within the first 64 bytes. The Catalyst 1900 default mode isfragment free switching.

Switch communication

Half-duplex transmission mode implements Ethernet carrier sense multiple accesscollisions detect (CMSA/CD). This mode is prone to collisions as one line is used forboth receiving and sending transmissions. A good parallel is a one lane bridge over ariver where cars in one direction must wait for the cars coming the other way are donebefore moving.

Full-duplex Ethernet significantly increase bandwidth are separate circuits (of a twistedpair) are used to transmit and receive frames. This arrangement is collision free.Therefore you effectively double the wires initial bandwidth. Each full duplexconnection only uses one port. This is achieved by using point-to-point Ethernet and FastEthernet connections.

Catalyst 1900 Switch Configuration

This type of switch can be configured three different ways:

Using the consol port via a menu-driven interface. Web-based Visual Switch Manager (VSM). Using the IOS command-line interface (CLI).

As the CCNA exam deals with the use of the CLI so will this study guide.

The default configuration settings of the Catalyst Switch is as follows:

IP address 0.0.0.0CDP Enabled

Switching mode fragment-free100BaseT port auto detect duplex modeSpanning Tree EnabledConsole password none

Configuration commands


25/63

config term this command will put the switch into the global configuration mode. Forexample:

switch# conf termswitch(config)#

To configure a specific interface (port) you would do the following:

switch(config)# interface e0/1switch(config-if)#

To configure the IP address and subnet mask on the switch you would do the following:

switch(config)# ip address {address} {mask}

Where address is the IP address and mask is the subnet mask.

To configure the default gateway you would do the following:

switch(config)# ip default-gateway {ip address}

IP address is the IP address of the default gateway such as 10.5.5.3.

To configure the duplex mode of an interface you would do the following:

switch(config)# interface e0/1switch(config-if)#duplex {auto|full|full-full-control|half}

auto sets the duplex mode to autonegotiation. This is the default for 100 Mbps TXports.full sets the mode to full-duplex.full-flow-control sets the mode to full-duplex with flow control.half set the mode to half duplex mode. This is default option for 10 Mbps TX ports.

show version user EXEC command to display basic information about hardware andthe IOS software version. Also included is memory information and uptime.

copy nvram tftp this command will upload the running configuration to a TFTP server.

copy tftp nvram downloads the configuration file from the TFTP server.

Virtual LANs


26/63

A VLAN (Virtual Local Area Network) is a switched network that is logically segmentedby communities of interest without regard to the physical location of users. Each port onthe Switch can belong to a VLAN. Ports in a VLAN share broadcasts. Ports that do notbelong to that VLAN do not share these broadcasts thus improving the overallperformance of the network. VLANs remove the physical constraints of workgroupcommunications. Layer 3 routing provides communications between VLANs. In otherwords users can be in totally different physical locations and still be on the same VLAN.Likewise users in the same physical location can be on different VLANs.

VLANs provide the following benefits:

Reduced administration costs from solving problems associated with moves and

changes - As users physically move they just have to be re-patched and enabledinto their existing VLAN

Workgroup and network security - You can restrict the number of users in aVLAN and also prevent another user from joining a VLAN without prior approvalfrom the VLAN network management application.

Controlled Broadcast activity - Broadcasts are only propagated within the VLAN.

This offers segmentation based on logical constraints.

Leveraging of existing hub investments - Existing hubs can be plugged into aswitch port and assigned a VLAN of their own. This segregates all users on thehub to one VLAN.

Centralized administration control - VLANs can be centrally administrated.

Inter-Switch Links (ISL) is a Cisco proprietary protocol used to interconnect switchesand to maintain VLAN information as traffic goes between switches. ISL providesVLAN capabilities while maintaining full wire-speed performance over Fast Ethernetlinks in full- or half-duplex mode. It operates in a point to point environment.

show spantree this command will display the Spanning Tree Protocol configurationstatus of the switch.

TCP/IP


27/63

Another important concept for someone preparing for the CCNA exam is theTransmission Control Protocol/Internet Protocol (TCP/IP) stack. In particular Layer 3and Layer 4. The TCP/IP model compares to the OSI model as follows:

OSI Model TCP/IP Model

The TCP/IP application layer enables the following operations:

EmailNetwork ManagementFile Transfer

Name ManagementRemote login

At the transport layer the following two protocols operate:

TCP connection orientated protocol/ reliable protocol.UDP User Datagram Protocol is connectionless and unacknowledged protocol.

Application

Presentation

Session

Transport Layer

Network Layer

Data Link Layer

Presentation Layer

Transport Layer

Internet Layer

Data Link Layer

Presentation Layer

Application

TCP and UDP both use ports to pass information to the application layers. The most

t d


28/63

common ports used are:

Port Application21 FTP23 Telnet TCP

25 SMTP53 DNS69 TFTP UDP161 SNMP520 RIP

TCP Connection Establishment

For TCP to establish a connection a three-way handshake must occur. That is, thedevices involved in the communication must exchange initial sequence numbers (ISN)and a control bit called SYN (synchronize). There are three steps to establishment of communication:

1.

Device 1 sends it SYN to Device 2.2. Device 2 ACK Device 1 SYN and sends it own SYN.3. Device 1 ACK Device 2 SYN and sets ACK and SYN bit.

Communication is established.

Windowing TCP controls the flow of data with windowing. The receiving device reports how manyoctets it is prepare to receive, a window, from the sending device. TCP window size canchange during the duration of the connection. Each acknowledgement contains howmany bytes the receiving device can receive. If the window size is set to zero it meansthe buffer of the receiving device is full and cannot receive any more data. The sendingdevice will not send additional data until an acknowledgement has a window bigger thanzero.

TCP/IP Internet Layer

The following protocols operate at the Internet Layer of TCP/IP model:

1. Internet Protocol (IP) is a connectionless protocol that provides for a best

effort delivery of datagrams The content of the datagram is not a concern


29/63

effort delivery of datagrams. The content of the datagram is not a concern,rather route to a destination is.

2. Internet Control Message Protocol (ICMP) provides control and messagingcapabilities.

3. Address Resolution Protocol (ARP) determines the data link layer address(MAC address) of the destination device for known destination IP address.

4. Reverse Address Resolution Protocol (RARP) determines the sourcenetwork address (IP address for example) when source data link layer address(MAC Address) is known. This is used when a device does not know its ownIP address when it comes onto a network.

ICMP

ICMP messages are passed in IP datagram and are implemented to send error and controlmessages. The ICMP messages include:

Address request Address Reply Destination Unreachable Echo Echo Reply Information Request Information Reply Parameter Problem Redirect Subnet Mask Request Time Exceeded Timestamp Timestamp Reply

IP Addressing Basics

A host or node is a computer or device on a TCP/IP network. Every TCP/IP node isuniquely identified by its IP address. An IP address consists of a network ID and a hostID. If two different hosts belong to the same network, they have the same network ID.The two hosts will have different host ID's and can communicate with each other locally

without going through a router. If two hosts have different network ID's, they belong todifferent segments on the network. They must communicate with each other remotelythrough a router or default gateway


30/63

through a router or default gateway.

An IP address consists of 32 binary bits, where each bit is either a 0 or 1. We write the 32bits into four 8-bit numbers (octets) separated by a periods.

For Example: 11000001 . 00001010 . 00011110 . 00000010 (IP address in binary form)

To convert the IP address from binary to decimal form, we convert each of the four 8-bitnumbers in each octet according to the following table:

Decimal Value 128 64 32 16 8 4 2 1Octet Value x x x x x x x x

So the first octet in the above binary number would be translated as:

Decimal Value 128 64 32 16 8 4 2 1Octet Value 1 1 0 0 0 0 0 1

Everywhere a 1 appears in the table, the decimal value in that column is added todetermine the decimal value of the entire octet.

Or

128 + 64 + 1 = 193

Using the same table to translate the other three octets would give us the following result.

00001010 = 8 + 2 = 1000011110 = 16 + 8 + 4 + 2 = 3000000010 = 2So in decimal form, the above IP address is: 193.10.30. 2

Address Classes

An IP address consists of two parts, one identifying the network and one identifying thehost. The Class of the address determines which part is the network address and whichpart is the host address.

There are 5 different address classes. The decimal notation of the very first octet candistinguish classes. The following Address Class table illustrates how you can determineto which class and address belongs.

Class Range of Network Numbers Network Bits Default Subnet Mask A 1 0 0 0 to 126 0 0 0 8 255 0 0 0


31/63

A 1.0.0.0 to 126.0.0.0 8 255.0.0.0B 128.0.0.0 to 191.255.0.0 16 255.255.0.0C 192.0.0.0 to 223.255.255.0 24 255.255.0.0D 224.0.0.0 to 239.255.255.255 MulticastE 240.0.0.0 to 247.255.255.255 ResearchPlease note 127 is reserved for local testing. The local loopback is 127.0.0.1.

The two parts of IP address of 172.16.122.204 is as follows: Network number 172.16(first 16 bits) and Host number is 122.204 (the remaining 16 bits).

If you are required to determine how many hosts are available for given IP address youcan use the following formula:

2N 2 (where N is the number of bits are in the host portion)

For example:

172.128.0.0

As this is a Class B address the first 16 bits are used for the network. As a result 16 bitsremain for host.

216 2 = 65534 available host address.

Broadcast

Cisco IOS software support three types of broadcasts:

FloodingDirected broadcastsAll subnet broadcast

Flooded broadcast are considered local and are represented by 255.255.255.255.

Directed broadcast are sent to a particular network and are allowed to transit by a router.Directed broadcasts have 1 in the host portion of the address. If you want to send abroadcast to the third subnet of the 172.16 network the address would be 172.16.3.255.

To send a broadcast to all the subnets of 172.16 network the address would be172.16.255.255.

If you are provided with an IP address and a subnet mask address you can determine thesubnet address, the broadcast address, the first usable address and the last usable address.There is usually a question or two on exams that will require this process.


32/63

y q q p

172 16 2 1603

172.16.2.160 10101100 00010000 00000010 10100000 1

255.255.255.192 11111111 11111111 11111111 11000000 2 172.16.2.128 9 8 10101100 00010000 00000010 10 000000 4 172.16.2.191 10101100 00010000 00000010 10 111111 5 172.16.2.129 10101100 00010000 00000010 10 000001 6 172.16.2.190 10101100 00010000 00000010 10 111110 7

Step 1 Write the 32 bit address in binary notation.Step 2 Write the 32 bit subnet mask in binary just below it.Step 3 Draw a vertical line just after the last contiguous subnet mask 1.Step 4 In arrow just below, place all 0s for the remaining free spaces (to the right of the

line). This will be subnet mask.Step 5 In the next row, to right of the line, place all 1s until you reach 32 bit boundary.

This will be the broadcast address.Step 6 On the right side of the line on the next row, places all 0s in the remaining free

spaces until you reach the last free space. Place a 1 in that freed space. This willbe your first usable address.

Step 7 On the right side of the line on the next row, places all 1s in the remaining freespaces until you reach the last free space. Place a 0 in that freed space. This willbe your first usable address.

Step 8 Copy down all the bits you wrote in Step 1 for the bit fields of the left of the linein all four lines.

Step 9 Convert the bottom four rows to dotted-decimal.

Subnetting

Subnetting is the process used to divide the total available IP addressed (hosts) for yourNetwork into smaller subnetworks (subnets). For example, the Network ID we used inthe discussion above (193.10.30.0). This network would consist of 256 possible IPaddresses (193.10.30.0 - 193.10.30.255). We know this because in a Class C address,

only the last octet is available for host IDs (0000000 - 11111111) or (0-255). Since 0 isused to identify the whole network and 255 is reserved for broadcasts, which leaves uswith 254 possible hosts (193.10.30.1 - 193.10.30.254).

Suppose we wanted to divide those 254 addresses up into 6 smaller subnets. Using whatis referred to as a Subnet Mask can do this. By looking at the above table we can seeClass C addresses all have a default subnet mask of 255.255.255.0. Since the last octet of the subnet mask is 0, it means that the Host IDs have not been subdivided into smaller

subnets. However, if we choose to divide our network into a few smaller segments(subnets), then we would change the default subnet mask by replacing the last octet withone of the valid subnet masks.


33/63

If you are asked to determine subnet masks, number of subnets and the number of hostyou can refer to the charts below. For some situations will be required to memorize thesecharts so that you can reproduce them.

Class B Subnet Table

Number of Bits Subnet Mask Number of Subnets Number of Hosts2 255.255.192.0 2 163823 255.255.224.0 6 81904 255.255.240.0 14 40945 255.255.248.0 30 20466 255.255.252.0 62 10227 255.255.254.0 126 5108 255.255.255.0 254 2549 255.255.255.128 510 12610 255.255.255.192 1022 6211 255.255.255.224 2046 30

12 255.255.255.240 4094 1413 255.255.255.248 8190 614 255.255.255.252 16382 2

Class C Subnet Table

Number of Bits Subnet Mask Number of Subnets Number of Hosts

2 255.255.255.192 2 623 255.255.255.224 6 304 255.255.255.240 14 145 255.255.255.248 30 66 255.255.255.252 62 2

Whenever you are asked to determine subnet masks, number of hosts and number of subnets you can either use the charts provided above or you can use the methodillustrated previously in this guide (converting address and subnet mask to binary).

Configuring IP Addresses


34/63

Switches

To configure a 1900 switch with an IP address you would use the ip address command.For example:

Switch(config)#ip address {ip address} {subnet-mask}

{ip address} would be the dotted decimal number.

{subnet-mask} would be subnet mask related to the IP address.

To establish a default gateway for your switch you would us the ip default command.For example:

switch(config)#ip default-gateway {ip-address}

{ip-address} - would be the IP address of the device which is the default gateway.

Router

To establish a logical address on a router interface you would use the ip addresscommand. For example:

router(config-if)#ip address {ip-address} {subnet-mask}

The {ip-address} {subnet-mask} parameters are the same as they are for a switch.

Routing 101


35/63

Route Selection

A router has two methods that it can forward packets to a non-directly connected device:

Dynamic routes Once a routing protocol is configured on a router it willautomatically learn routes. Whenever the network topology changes the routingprotocol will update the route information.

Static routes These are routes that an administrator manually enters into therouter. If a change occurs in the network topology then the administrator will

need to manually change the static routes to reflect the new network topology.

To configure a static route you would us the ip route command. The ip route commandparameters are:

ip route {network} {mask} {address|interface} [distance] [permanent]

{network} - is the destination ip address

{mask} is the related subnet mask {address is the address of the next hop rotuerinterface} is the name of the interface used to get to the destination network [distance] you may provide an administrative distance for the route. More informationon administrative distance will be provided shortly[permanent] you may use this argument to specify that the route will remain even if therouter is shut down.

If you wanted to establish a static route to 172.16.2.0, subnet mask of 255.255.255.0, andthe next hoop router was 172.16.1.2 the command would be as follows:

router(config)#ip route 172.16.2.0 255.255.255.0 172.16.1.2

To assign a default route to the same location you would enter the following command:

router(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2

A routing protocols are network layer protocols. They gather information from packetsto ascertain information and to maintain their information. Routed protocols, on the otherhand, are transport mechanisms for traffic through the use of the packets fields and

formats. Once a routing protocol has determined the route, routed protocols, such asTCP/IP and IPX, are used by the router to route the traffic.


36/63

Routing Protocols

Routing protocols have two major types:

Exterior Gateway Protocols (EGP) These protocols are used to communicateinformation between autonomous systems (AS). An example of EGP is BGP(Border Gateway Protocol).

Interior Gateway Protocols (IGP) IGP are the routing protocols inside an AS.Examples of IGP are RIP (Routing Information Protocol) and IGRP (InteriorGateway Routing Protocol).

Note: AS are a collection of networks under a common administrative domain.

Administrative Distance

Administrative Distances are used to determine the trustworthiness of a route of eachroute source. The route with the lowest administrative distance will be the one used forrouting. Administrative distances can be form 0 to 255. The default administrativedistance are indicated in the table below:

Source of Route Default DistanceConnected Interface 0Static Route address 1EIGRP 90IGRP 100OSPF 110RIP 120External EIGRP 170Unknown/Unbelievable 255

Routing Protocol Classes

It is generally considered that there are three classes of routing protocols. These classesof routing protocol are:

Distance Vector

Link State Balance Hybrid

Di t V t


37/63

Distance Vector

Distance vector based routing algorithms pass periodic copies of a routing table fromrouter to router. Routers send their routing table to all of their directly connected

neighbors. This allows for the routers to communicate topology changes and it alsoallows routers to know the topology of the network through second hand information.RIP and IGRP are Distance Vector Routing Protocols.

Routing table updates must occur when the network topology has changed. As with thenetwork discovery process, topology change notification must occur router to router.When an update is received from a neighboring router, the update is compared to its ownrouting table. Routing tables will only be change if a route with a smaller hop count isdiscovered.

Distance vector routing protocols are open to the following problems:

Routing Loop this can occur when the network is slow to converge from atopology change. As a result, inconsistent route information can occur.

Counting to infinity can cause packets to be sent around the network continuously when the required route is down.

These problems can be avoid with the following techniques:

Defining a maximum number of hops - Specify a maximum distance vectormetric as infinity. 16 with RIP and 256 with IGRP.

Split Horizon - If you learn a protocols route on an interface, do not sendinformation about that route back out that interface.

Route Poisoning - Information past out on an interface is marked as unreachableby setting the hop count to 16 for RIP

Hold Down Timers - Routers ignore network update information for some periodof time. The timers can been reset when:

1. The timer expires.2. Infinity is finally defined as some maximum number.3. Another update is received indicating that the original route to the network has

been restored.

Link State

The Link State Routing algorithm maintains a more complex table of topologyinformation Routers using a link state routing protocol have a complete understanding


38/63

information. Routers using a link state routing protocol have a complete understandingand view of the entire network. The Link State algorithm uses Link State Packets (LSP)to inform other routers of distant links. All routers exchange LSP to build a total view of the network. OSPF is a Link State Routing Protocol.

When the topology changes, the first routers to find out sends LSP to all other routers onthe internetwork. All routers then re-calculate the best path to any affected route. Link State routing protocols are more intensive in terms of power, memory, and bandwidthrequired.

The differences between distance vector and link state are as follows:

Distance Vector gets all its information second hand or gossip whereas link staterouting obtains a total topology of the internetwork.

Distance Vector determines the best path by counting hops. Links State uses acomplex bandwidth analysis.

Distance Vector updates topology changes every 30 seconds as default, whichcauses a slow convergence time. Link State can be triggered by topology changesresulting in faster convergence times.

Link state is harder to setup.

Problems with Link State

Link-state (OSPF) needs lots of processing power to rebuild the routing database (tree).

Network bandwidth, is another problem. Link-state info can flood the network.

Balanced hybrid approach combines the aspect of the link state and distance vectoralgorithms. EIGRP is an example of this approach.

To configure dynamic routing protocols you use the following commands:

router(config)#router {protocol}[keyword]

{protocol} RIP, IGRP, OSPF, or EIGRP[keyword] stands for a autonomous system. IGRP requires this parameter.

Router(config-router)#network {network number}

{network number} specifies the directly connected network.

RIP


39/63

RIP

If you want to enable RIP on a router that is directly connected to the following networks,192.168.2.0 and 10.0.0.0 you would use the following commands:

router(config)#router riprouter(config-router)#network 192.168.2.0router(config-router)#network 10.0.0.0

Display RIP associated information

The show ip protocols command displays values associated with routing timers andnetwork information associated with the entire routers.

The show ip route command displays the contents of the IP routing table.

The debug ip rip command displays RIP routing updates as they are sent and received.

IGRP

IGRP is an advance distance vector routing protocol. It offers a number of features thatother distance vector protocols do not have. These features are:

Increased scalability. IGRP default hop count is 100 and its maximum hot count

is 255 hops. Sophisticated metric. It uses a composite metric. More will follow on this point. Multiple path support. IGRP can maintain up to six unequal cost paths betweens

a source and destination.

As stated before IGRP uses a composite routing metric. This metric includes thefollowing parts:

Bandwidth the lowest bandwidth value in the path. Delay the cumulative interface delay on the path. Reliability the reliability between source and destination, determine by the

exchange of keepalives. Load the load on a link between the source and destination based on bits per

second.

MTU the Maximum Transfer Unit value of the path.

By default only bandwidth and delay are used by the IGRP metric.


40/63

To configure IGRP you would use the following combination of commands:

router(config)#router igrp {autonomous-system}

router(config-router)#network {network-number}

To enable IGRP on a router, on autonomous system 100, that connects to network 192.168.1.0 and 10.0.0.0 the commands would be:

router#config trouter(config)#router igrp 100

router(config-router)#network 192.168.1.0router(config-router)#network 10.0.0.0

To change the default load balance of IGRP, which is 1 (equal sharing), you use thevariance command to configure un-equal cost load balancing by defining the differencebetween the best metric and worst acceptable metric.

In addition you can use the traffic share command to control how traffic is distributedamong IGRP load sharing routes.

Display IGRP related information

The show ip protocol command displays parameters, filters, and network informationabout the entire router. In addition, it will also provide the autonomous system, routingtimers, networks, and administrative distances.

The show ip route command displays the contents of the IP routing table. The tablecontains a list of all known networks and subnets associated with each entry.

The debug ip igrp events command will display a summary of the IGRP routinginformation.

By default a router assumes all directly connected subnets are listed in its routing table.If the router receives a packet for an unknown destination address, the packet will bedropped. This can be changed with the ip classess command. With the ip classesscommand configured if a packet is received for an unknown destination then the packetwill be sent to the default route and not dropped.

Access Lists

Access list can be used to control network traffic Specifically Access Control Lists


41/63

Access list can be used to control network traffic. Specifically Access Control Lists(ACLs) are used in routers to classify traffic. Once the traffic is recognized it can thenutilized to filter traffic to control the traffic in a network. These filters can be used toeither filter the flow in or out of a router interface. Access lists are most often used tofilter packets.

Access List Types

There are two types of access lists:

Standard Access Lists Standard IP access lists check the source address of thepackets that could be routed. It will either permit or deny the packet for the entireprotocol suite based on the IP address of the source device.

Extended Access Lists Extended IP access lists check for both the source anddestination packet addresses. In addition, they also check for particular protocols,port numbers and further factors that provide administrators more flexibility in

specifying the packets to be checked.

Access lists can have the following applications:

Inbound access lists packets are checked before they are process onto an outboundinterface. This is the most efficient form of access list, as a packet that is dropped willnot be looked up in the routing table. If the packet is accepted it will then be processedfor transmission.

Outbound access lists The packet is sent to the outbound interface from the inboundinterface then the accessed list is applied before the packet is routed.

Access List Guidelines

When using access lists you will need to remember the following principles whenconfiguring them:

Only use the Cisco defined access list numbers based on the protocol and type of list you are creating.

You can only have one access list per protocol for each direction on eachinterface. An interface can have more than one access list as long as there is onlyon per protocol.


42/63

Access list are implemented from the top down. Specific references shouldappear before general one as more frequent conditions should appear before theless frequent ones. There is an implicit deny at the end of every access list.

If an access list does not have a permit statement there is an implicit deny all.

Create the access list before it is applied to the interface. If an access list isapplied before it is created then all traffic is permitted.

Access list only applies to traffic being processed through the router. Traffic fromthe router is not filtered.

Protocol Number RangeIP Access ListStandard 1 to 99Extended 100 to 199Named Name (Cisco IOS 11.2 and later)IPX Access ListStandard 800 to 899Extended 900 to 999Named Name (Cisco IOS 11.2 and later)

Standard IP Access List A standard IP access list analyses the source address of the packet and matches it againstthe access list. To create an access list in global configuration mode use the followingcommand:

router(config)#access-list {number 1-99} {permit|deny} {source-address} {wildcard-mask}

{number 1-99} number for the access list.{permit|deny} whether to permit or deny traffic from the IP address{source-address} IP address for the source of the packet{wildcard-mask} which parts of the IP address that must be read and which parts thatcan be ignored.

Wildcard Mask

A wildcard mask is 32 bit, 4 octet, address that can be used on a router to allow you to


43/63

apply an access list to a specific IP address or a specific range of IP addresses. Wildcardmasking for IP address bits uses the numbers 1 and 0 to indicate how to treat thecorresponding IP address bits:

O in the wildcard mask indicates that the corresponding bit in the IP address mustchecked.

1 in the wildcard mask indicates that the corresponding bit in the IP address must beignored.

In the chart below please find some example of wildcard masks and what the mean.

128 64 32 16 8 4 2 1 Meaning0 0 0 0 0 0 0 0 Check all address bits (match all)0 0 1 1 1 1 1 1 Ignore the last 6 address bits0 0 0 0 1 1 1 1 Ignore the last 4 address bits1 1 1 1 1 0 0 0 0 Check last 2 address bits1 1 1 1 1 1 1 1 1 Do not check address (ignore bits in octet)

To apply the access list you will need to first identify the interface and then apply it to theinterface. The following commands are used:

router(config)#interface serial 0router(config-if)#ip access-group {access-list-number}{in|out}

{access-list-number} this would be the number of the access list that you want to apply.{in|out} you can specify if the access list is in or out. By default it is out if it is notspecified.

The previous commands are the ones used to apply an access list to a physical interface,if you want to apply an access to a virtual interface the commands are slightly different.A virtual interface is called virtual terminal lines (vty). By default, there are five suchvirtual terminal lines, numbered vty 0 to vty 4. These are used to Telnet to the command

line interface (CLI) of a router.In the case for virtual terminal lines the commands are:router(config)# access-list {number 1-99} {permit|deny} {source-address} {wildcard-mask}router(config)#line vty 0 4router(config-line)#access-class {access-list-number}{in|out}

{access-list-number} this would be the number of the access list that you want to apply.in prevents a router from receiving Telnet sessions from the IP address in the accesslist.out prevents the router vty ports from initiating Telnet connections to addresses definedi h li


44/63

in the access list.

Extended IP Access Lists

Configuring an extended IP access list is very similar to a standard IP access list. Thecommand to create the list is:

router(config)#cccess-list {number 100-199} {permit|deny} {protocol} {source-address}{source-wildcard} {destination-address} {destination-wildcard} {port} [established][log]

{protocol} identify the protocol to be filtered. It can be IP, TCP. UDP, ICMP, GRE orIGRP.{source-address} {source-wildcard} identify the IP address of the source and itswildcard mask.{destination-address} {destination -wildcard} identify the IP address of the destinationand its wildcard mask.{port} protocol port number.[established] is used for inbound TCP only.[log] sends a logging message to the console.

When configuring Extended Access List you should be familiar with the common portnumbers:

IP Protocol Well-KnownPort Numbers

FTP data 20FTP program 21Telnet 23SMTP 25TFTP 69

DNS 53

Then you would apply the access list with the following command:

router(config-if)#ip access-group {access-list-number}{in|out}

Verifying and Monitoring Access Lists

The show ip interface command displays IP interface information and indicates whetherany access lists are set for a specific interface. The syntax for this command is as


45/63

follows:

router#show ip interface {interface-type} {interface-number}

The show access-lists command displays the contents of all access lists. The syntax is asfollowing:

router#show {protocol} access-lists {access-list-number|name}

By entering access list number or name you can view a specific access list. To displaythe access list for a specific protocol you would identify the protocol.

Novell Internetwork Packet Exchange (IPX) ProtocolSuite


46/63

Cisco routers can a sloe be used within a Novell network. Novell has its own proprietaryprotocol suite. This suite is called Novell IPX/SPX (Internet PacketExchange/Sequenced Packet Exchange).

IPX

IPX is a:

Does not require an acknowledgment for each packet as it is Connectionlessdatagram protocol. It is much like IP and UDP.

Layer 3 protocol that defines the network layer address. This includes anetwork.node designator.

Novell Netware has its own proprietary:

IPX RIP to make possible exchange of routing information.

Service Information Protocol (SAP) to advertise and find network services. Anexample is GNS (Get Nearest Server).

Netware Core Protocol (NCP) to provide client to server connections andapplication level services.

Sequenced Packet Exchange (SPX) is a Layer 4 connection orientated protocol.IPX and SPX are very similar to IP and TCP.

Novell IPX addressing uses a two-part address the network number (32 bits) and thenode number (48 bits). The node number is most often the MAC address of network interface.

Encapsulation Types

IPX has its own encapsulation types but they do Cisco equivalents. These equivalents arelisted in the table belo


47/63

listed in the table below.

Media Type IPX Encapsulation Cisco Encapsulation

Ethernet Ethernet_802.3 novell-ether (default)Ethernet_802.2 sapEthernet_II ARPAEthernet_SNAP snap

Token Ring Token-Ring_SNAP snap (default)Token-Ring sap

FDDI FDDI_SNAP snap (defaultFDDI_802.2 sapFDDI_Raw novell-fddie

The ipx routing command enables IPX routing and SAP services. An optional nodeaddress can be specified for the serial interface. If no node address is specified, the Ciscorouter uses the MAC address of the LAN interface. The proper syntax is:

router(config)#ipx routing [node]The ipx maximum-paths command enables load sharing. The default is 1, meaning noload sharing is enabled. The syntax is:

router(config)#ipx maximum-paths {paths}

{paths} represents the maximum number of parallel paths to the destination. Default is

1 (no sharing) and the maximum is 512.

To enable IPX routing on an interface you would us the ipx network command. That is:

router(config)#ipx network {network} [encapsulation encapsulation-type]

{network} this would be the network number.[encapsulation encapsulation-type] this would help specify an encapsulation type (arpa,novell-ether, novell-fddi, sap and snap).

Standard IPX Access Lists

Standard IPX access lists permit or deny packets based upon the source and destinationIPX addresses. This differs from IP where it only looks at the source address. There are

no wildcard masks with IPX and you can use either the Node Address or Network Address. To configure it you would use the following command:

router(config)# access-list 810 permit 4b 5c


48/63

The same, other than wildcard mask, commands are used to create and enable IPXStandard Access Lists and Extended Access Lists as are used for IP.

Cisco and Wide Area Network (WAN)

WANs make data connections across a broad geographic area. Companies use WAN toconnect various company sites to facilitate communication between distance offices As


49/63

connect various company sites to facilitate communication between distance offices. Asa result you must use line from a service provider.

WAN Connection Types

There are three general connections types that can be selected from:

Leased line a leased line, as called point-to-point or dedicated connection, provides asingle connection from the customer location through the service provider to the remotecompany location. This line is not shared (and has a guarantee bandwidth) but they canbe very expensive.

Circuit switched A dedicated link is provided between the sender and receiver locationfor the duration of the communication. This are often used for WAN usage is onlyoccasional.

Packet switched Packet switched is a WAN switching method that network devicesshare a single point-to-point link to transport data (broken down into packets) fromsource to destination across carrier network. To provide end-to-end connectivity is doneby virtual circuits (VC). Packet switching offers service like leased line, except with ashared line, which lowers the cost.

WAN Layer 2 Encapsulation

WAN has a number of encapsulation types that can be used. This include:

Cisco High-Level Data Link Control (HDLC) the default encapsulation type forpoint-to-point dedicated links and circuit-switched connections.

Point-to-Point Protocol (PPP) this provides router-router and host-to-network connections over synchronous and asynchronous circuits. It works with both IPand IPX. It has built in security features such as Password AuthenticationProtocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).

Serial Line Internet Protocol (SLIP) is the standard point-to-point serialconnections for TCP/IP. PPP has generally replace SLIP.

X.25/Link Access Procedure, Balance (LAPB) a standard that controlsconnections between DTE and DCE.

Frame Relay is the industry standard for switched data link protocol thathandles virtual circuits. This is the next generation of X.25.


50/63

g

Asynchronous Transfer Mode (ATM) the international standard for cell relay in

which multiple services types are conveyed in fixed-length cells.

HDLC

As stated earlier Cisco has its own version of HDLC. Cisco HDLC frame includes aproprietary type field that is used to indicate protocol. This makes possible multiplenetwork layer protocols to share the same serial link. To enable this use the followingcommand:

router(config-if)#encapsulation hdlc

PPP

PPP is a data link layer protocol with network services. As a result PPP can be brokeninto sublayers: data link layer and physical layer. PPP use Network Control Program(NCP) to encapsulate multiple protocols.

PPP session consists of the three stages:

1. Link Establishment2. Authentication Phase (optional)3. Network layer protocol phase

To enable PPP authentication you will use the following commands:

router(config)#hostname {name}The router must have name. {name} will be the name you select for the router. If you

wanted to call your router testking you would use the following command:

router(config)#hostname testking

Next you need to provide the router with the name and password that should be expectedfrom the remote router. You would use the following command:

testking(config)#username {name} password {password}


51/63

Both parameters are case sensitive.

The final step is to configure PPP authentication. The command would be as follows:

testking(config-if)#ppp authentication {chap|chap pap|pap chap|pap}

ISDN

Integrated Services Digital Network (ISDN) is a digital service designed to run overexisting telephone networks. ISDN can support both data and voice simultaneously.ISDN encompasses the OSI Physical, Data Link, and Network Layers. ISDN networkingcan provide up to 128 Kbps with a PPP Multilink connection to corporate networks or theInternet. A Basic Rate Interface (BRI) connection can also be used as a backup line incase the primary link goes down. In this case you have to set the desirability of the ISDNlink to be very low. In other words only use if there is no other way.

ISDN has the following benefits over standard telephone connections:

Data transfer is faster than typical modems Call setup is faster ISDN can carry voice, video, and data traffic

ISDN ProtocolsThese protocols deal with ISDN issues:

E Specifies ISDN on the existing telephone network. I Specifies Concepts, terminology, and Services. Q Specifies switching and signaling.

ISDN Function Groups

Devices connected to the ISDN network are known as terminals and have the followingtypes:

TE1 Terminal Equipment type 1 understands ISDN standards. Such as a BRIInterface on a router.

TE2 Terminal Equipment type 2 predates ISDN standards. To use a TE2, youmust have a Terminal Adapter (TA).


52/63

ISDN Reference Points

ISDN uses four different reference points to define logical interfaces. They are asfollows:

R Defines the reference point between non ISDN equipment and a TA S Defines the reference point between user terminals and an NT2 T Defines the reference point between NT1 and NT2 devices U Defines the r

Documents

Test+King+Cisco+640 607+Study+Guide+v1.0