tutor: vaibhav patel CCNA 20 august 2007

Datalink layer- LLC and MAc support the communication between applications over the network 1st 3 bite of MAC is organisation code 98 winipcfg winxp Ipconfig

different between cat 5 and cat 6 in physical layer __________________________________________________

Access command list - filtering - firewall

10.0.0.0--------e0--------r1-------------s0-----20.0.0.1 deny 10.0.0.1 0.0.0.0 ---IP deny 10.0.0.0 0.255.255.255 ---network ID ** deny a block of address** 10.0.0.32 -63 deny 10.0.0.32 0.0.0.31 permit any ****************************

1 2 4 8 16 32 64 128 256 -- size of the IP block

(RIP igrp eigrp) _____________________ (config)#router rip (protocol) (config-router)#network network_connected (config)#show ip protocols (config)#no ip route destNetowk Sm DG router(config)#router igrp Autonumus_number router(config)#network igrp_no. router#debug ip igrp events -->display summary of the routing transcation router#debug ip igrp transactions -->display info of the routing transcation router(config)#router eigrp Autonumus_number router(config)#network eigrp_no. router#show ip eigrp neighbors router#show ip eigrp topology router#show ip route eigrp router#show ip protocols router#show ip eigrp traffic router#debug ip eigrp

______________________________-

router2#sh ip interface brief Interface IP-Address Ethernet0/0 30.0.0.1 Serial0/0 Serial0/1 Serial1/0 Serial1/1 Serial1/2 Serial1/3 unassigned unassigned 20.0.0.2 40.0.0.1 unassigned unassigned

OK? Method Status YES manual up

Protocol up

YES manual administratively down down YES manual administratively down down YES manual up YES manual up up up

YES NVRAM administratively down down YES NVRAM administratively down down

router2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set D D D C C D D C 50.0.0.0/8 [90/20537600] via 40.0.0.2, 00:11:58, Serial1/1 70.0.0.0/8 [90/21049600] via 40.0.0.2, 00:11:58, Serial1/1 80.0.0.0/8 [90/21536000] via 40.0.0.2, 00:11:58, Serial1/1 20.0.0.0/8 is directly connected, Serial1/0 40.0.0.0/8 is directly connected, Serial1/1 10.0.0.0/8 [90/20537600] via 20.0.0.1, 00:12:11, Serial1/0 60.0.0.0/8 [90/21024000] via 40.0.0.2, 00:11:58, Serial1/1 30.0.0.0/8 is directly connected, Ethernet0/0

router2#show ip eigrp topology IP-EIGRP Topology Table for AS(100)/ID(40.0.0.1) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 10.0.0.0/8, 1 successors, FD is 20537600 via 20.0.0.1 (20537600/281600), Serial1/0

P 20.0.0.0/8, 1 successors, FD is 20512000 via Connected, Serial1/0 P 30.0.0.0/8, 1 successors, FD is 281600 via Connected, Ethernet0/0 P 40.0.0.0/8, 1 successors, FD is 20512000 via Connected, Serial1/1 P 50.0.0.0/8, 1 successors, FD is 20537600 via 40.0.0.2 (20537600/281600), Serial1/1 P 60.0.0.0/8, 1 successors, FD is 21024000 via 40.0.0.2 (21024000/2169856), Serial1/1 P 70.0.0.0/8, 1 successors, FD is 21049600 via 40.0.0.2 (21049600/2195456), Serial1/1 P 80.0.0.0/8, 1 successors, FD is 21536000 via 40.0.0.2 (21536000/2681856), Serial1/1 router2#show running-config Building configuration... Current configuration : 1088 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname router2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$q5b9$V7i6ElqbDFl6e/Z6vuJMC1 enable password ccna ! memory-size iomem 10 no aaa new-model ip subnet-zero ip cef ! ! ! interface Ethernet0/0 ip address 30.0.0.1 255.0.0.0 half-duplex !

interface Serial0/0 no ip address shutdown clockrate 64000 no fair-queue ! interface Serial0/1 no ip address shutdown ! interface Serial1/0 ip address 20.0.0.2 255.0.0.0 clockrate 64000 ! interface Serial1/1 ip address 40.0.0.1 255.0.0.0 interface Serial1/2 no ip address shutdown ! interface Serial1/3 no ip address shutdown ! router eigrp 100 network 20.0.0.0 network 30.0.0.0 network 40.0.0.0 auto-summary ! router rip network 20.0.0.0 network 30.0.0.0 network 40.0.0.0 ! ip local pool setup_pool 1.1.1.1 ip http server ip classless ! ! dialer-list 1 protocol ip permit ! line con 0 password console

login line aux 0 login line vty 0 4 password rrrr login ! ! ! end

____________________ 10.0.0.1 ---------E0--R1--S0-------20.0.0.1 0 = check corresponding octect 1(255) = ignore corresponding octect router ospf 99 network 10.0.0.1 0.255.255.255 area 0 network 20.0.0.0 0.255.255.255 area 0 ****p/s**** if the network == ip address then the syntax is network 20.0.0.1 0.255.255.255 area 0 is incorrect network 20.0.0.0 0.255.255.255 area 0 is correct Invalid wildcard subnet mask 255.0.0.0 0.255.255.0 router ospf 100 network 10.1.1.1 0.0.0.0 area 0 network 20.1.1.1 0.0.0.0 area 0 router#show ip protocols router#show ip route router#show ip ospf interface router#show ip ospf neighbor router#debug ip ospf events router#debug ip ospf packet

Configure commands: aaa Authentication, Authorization and Accounting. access-list Add an access list entry alarm-interface Configure a specific Alarm Interface Card alias Create command alias arp Set a static ARP entry async-bootp Modify system bootp parameters banner Define a login banner boot Modify system boot parameters bridge Bridge Group. buffers Adjust system buffer pool parameters busy-message Display message when connection to host fails call-history-mib Define call history mib parameters carrier-id Name of the carrier associated with this trunk group cdp Global CDP configuration subcommands chat-script Define a modem chat script class-map Configure QoS Class Map clock Configure time-of-day clock cns CNS agents config-register Define the configuration register connect cross-connect two interfaces default Set a command to its defaults default-value Default character-bits values define interface range macro definition dialer Dialer commands dialer-list Create a dialer list entry diffserv Differentiated Services (COPS) dnsix-dmdp Provide DMDP service for DNSIX dnsix-nat Provide DNSIX service for audit trails do To run ex downward-compatible-config Generate a configuration compatible with older software enable Modify enable password parameters end Exit from configure mode exception Exception handling exit Exit from configure mode file Adjust file system parameters frame-relay global frame relay configuration commands help Description of hostname Set system's network name interface Select an interface to configure ip Global IP configuration subcommands key Key management

kron Kron interval Facility line Configure a terminal line logging Modify message logging facilities login-string Define a host-specific login string map-class Configure static map-list Configure static map list memory Configure memory management memory-size Adjust memory size by percentage menu Define a user-interface menu microcode configure microcode modemcap Modem Capabilities database multilink PPP multilink global configuration netbios NETBIOS access control filtering no Negate a comma ntp Configure NTP parser Configure parser partition Partition device policy-map Configure QoS Policy Map printer Define an LPD printer priority-list Build a priority list privilege Command privilege parameters process-max-time Maximum time for process to run before voluntarily relinquishing processor prompt queue-list Build a custom queue list random-detect-group Configure random-detect class regexp regexp commands resume-string Define a host-specific resume string rif Source-route RIF cache rlogin Rlogin configuration commands rmon Remote Monitoring route-map Create route-map or enter route-map command mode router Enable a routing rtr RTR base configuration scheduler Scheduler parameters security Infra Security CLIs service Modify use of network based services signaling-class Configure signaling class snmp Modify non engine SNMP parameters snmp-server Modify SNMP engine parameters stackmaker Specify stack name and add its member standby Global HSRP confi state-machine Define a TCP dispatch state machine subscriber-policy Subscriber policy

table-map tacacs-server template terminal-queue tftp-server time-range track trunk username virtual-profile virtual-template x25 x29 xot

Configure Table Map Modify TACACS query parameters Select a template to configure Terminal queue commands Provide TFTP service for netload requests Define time range entries Object tracking configuration commands Global trunk configuration Establish User Name Authentication Virtual Profile configuration Virtual Template configuration X.25 Level 3 X29 commands Global XOT commands

Other people ______________ NAT, PAT is done on router NAT - convert private ip to public ip and vice versa - no. of private ip = no. of private ip needed - 10.0.0.1 -> 171.165.12.25 PAT overloading - convert private ip tp public ip and vice versa together with port address - to reduce no. public ip address needed. - 10.0.0.1:2031 -> 171.165.12.25:2031 Configure static translation "ip nat inside" (issue on the inside interface, usually Ethernet interface) "ip nat outside" (issue on the outside interface, usually serial interface) "ip nat inside source static 'private ip public ip'" etc: static NAT {interface s0 ip address 192.168.1.1 255.255.255.0 ip nat outside interface e0 ip address 10.1.1.1 255.255.255.0 ip nat inside ip nat inside source static 10.1.1.2 192.168.1.2 (PCs' ip addresses) } dynamic NAT configure "ip net pool net-208 (pool number) 171.69.233.209 171.69.233.222 (public ip range) netmask 255.255.255.240 (public ip mask) ip nat inside source list 1 (accesslist no.) pool net-208 (pool number) interface s0 ip address 171.69.232.182 255.255.255.240 ip nat outside interface ethernet 0 ip address 192.168.1.94 255.255.255.0 ip nat inside access-list 1 permit 192.68.1.0 0.0.0.255"

PAT configure (4-5 qns on exams) "interface ethernet0 ip addresw 192.168.3.1 255.255.255.0 ip nat inside interface ethernet1 ip address 192.168.4.1 255.255.255.0 ip nat inside interface serial0 decription (description = comment, no effect on commands) To ISP ip address 172.17.38.1 255.255.255.0 ip nat outside ip nat source list 1 interface serial0 overload (overload=pat) ip route 0.0.0.0 0.0.0.0 serial0 (default route) access-list 1 permit 192.168.3.0 0.0.0.255 access-list 1 permit 192.168.4.0 0.0.0.255" commands tp clear dynamic translation table: "clear ip nat translation * " (clear all dynamic translation entries) "clear ip nat translation inside 'global ip' 'local ip'" [outsude 'global ip' 'local ip') (clear a single dynamic translation entry) "clear ip nat translation outside" display nat info "show ip nat translations" (display active translations) "show ip nat statistics" (display translation stats) debug NAT "debug ip nat" switch { functions - loop avoidance - learn mac address

ways to transmit frames - cut through - fast - does not chk frame integrity - chk dest addr and forward - store and forward - does chk frame integrity - fragment free - chk for 1st 64bytes then forward - faster than s&f, slower than cut through - in between the 2, most balance of the 3. a hub in place in btw swrtich and the pcs to control broadcasts if swtich does not have the dest mac addr for a packet, it will broadcast the packet to all problem in switched-based network (chim... need to read up) - usually caused by redundant links and devoice in switched networks, which is common - 1.broadcast storm - 2.mutiple frame copies - router rcv 2 copies of the same frame - 3.MAC database instability to solve the 3 problems... Spanning tree protocol (STP) - a bridge to bridge protocol to maintain a loop-free network - by placing certain ports in the blocking state, the switch will decide which port to block, user jus issue the command Root Bridge - router/bridge which has STP configured (have the lowest priority or Mac address) Non-root Bridge - normal router/bridge Root port - port(s) on other switches (other than the root bridge) connected directly to the root bridge Designated port Undesignated port Selection of Root Bridge Check for switch priority 1st, if the same, check Mac address (always select the LOWEST value) in stp-implented network Block - all ports are block Listen - decide if it is a root or designated port Learning Forward Spanning tree convergence (sync, recomputed stp, means may change port status, change root bridge) occur when the network changes (adding of new device, speed change etc), disrupt traffic

Rapid STP - faster convergence to reduce downtime Default switch configurations Cdp enable Spanning tree enable No console password "Show spanning-tree detail" "Show vlan" To assign ip address to switch "Interface vlan 1" (management interface) "ip address 10.0.0.1 255.255.255.0" set default gateway "ip default-gateway 'ip address'" (in conf mode) "Show interface" "Show interface vlan 1" "Interface fa0/1 (on switch, is fa - fast Ethernet) "Show mac-address-table" Static mac addr mapping "Mac-address-table static 'mac-addr' vlan 'vlan id' interface 'interface id'" Etc: "mac-address-table static 0004.5600.9411 vlan 1 interface fa0/0" Configure port security: Interface fa0/1 Switchport mode access Switchport port-security Switchport port-security maximum 1 (allow only 1 mac addr (pc) to connect to this interface) Switchport port-security mac-address 0008.eee.eee (only allow pc with this Mac addr to connect to this port) switchport port-security violation shutdown (if not the the mac defined (aka violation), SHUTDOWN) Verifying Show port security Show port security address Manage/backup switch config file Copy nvram:startup-config tftp://172.16.2.155/wg_sw_a.cfg (any name.cfg) (pc which have the tftp

service running) copy flash:startup-config tftp://172.16.2.155/wg_sw_a.cfg (any name.bin command to backup router IOS) reset switch to factory default "erase nvram" OR "erase startup-config" why use vlan - segmentation (subnets) - security trunk carry traffic for mutiple vlans trunk use special encapsulation to distinguish btw vlans - dynamic vlan (not part of CCNA) - static vlan adding a vlan "config t" "vlan 1" "name switchlab2" assign an ethernet interface to a vlan "interface fa0/1" (go to the interface) "switchport access vlan 2" to verify "show vlan" "show interface fa0/0 switch|trunk" "show vlan id 'name|number' "show vlan brief" "show spanning-tree vlan 'number'"

encapsulation types 1. 802.1q - open standard. - 802.1q frame contains a vlan id for identification - enable 802.1q "switchport mode trunk" (command mus be issue to uplink interface on both connecting switches) 2. ISL tagging - cisco proprietary - vlan tagging only known btw the swithes. - added at the incoming port of the source switch and remove at the outgoin port of the dest switch - frame contains vlan tag - BPDU: id the sort of traffic - crc of 4 vytes - enable ISL trunking (command mus be issue to uplink interface on both connecting switches) "shutdown" "switchport trunk encapsulation isl" "switchport mode trunk" "no shutdown" 3. vtp (virtual trunking protocol) only for switches - layer 2 messagin protocol - centralised system - send advertisements on trunk port (uplink) only - vtp adverts r sent every 5 mins or whenever ther is a change. - vtp adverts r send as mutlticast frames vtp modes (potential exam qn) - Server: create modify delete vlans, sync, send and fwd adverts, saved in nvram - Client: cannot create modify delete vlans, sync, fwd adverts, not saved in nvram - transparent: can create modify delete LOCAL vlans, does not sync, send and fwd adverts,not saved in nvram - sync to the latest revision number. vtp pruning - increase available traffic by reducing unnecessary traffic - switches broadcast, vtp prunning makes it tat packet are send only to neighbor switches in the same vlan configuring vtp - new switch is server mode by default. remb to change if necssary b4 configuring config terminal vtp mode server, client, transparent vtp domain 'domain-name' vtp password 'password' *mus be the same for all switches in the same vlan) vtp pruning end

to verify "show vtp status" troubleshootin switched network 1. chk physical connection 2. router and swtich config 3. trunking ok?