Quick Notes

Standard Access Lists

1 - 99 or 1300 - 1999

Standard Access List (Looks at the source IP) place close to destination

Stop the Accounting users from accessing the HR server attached to Lab B router but allow all other
users access to the LAN.
RouterB#config t
RouterB(config)#access-list 10 deny 192.168.10.128 0.0.0.31
RouterB(config)#access-list 10 permit any
RouterB(config)#interface Ethernet 0
RouterB(config-if)#ip access-group 10 out
192.168.10.129/27 = /24 +3 bits = 4th octet is the interesting octet 11100000 = 224,
Block size = 256 224 = 32
Net IDs 0, 32, 64, 96,128, 160
Host 192.168.10.129 is in the 128 subnet
so subnet = 192.168.10.128
Wildcard is 0.0.0.31, one less than the block size in the interesting octet.

Extended Access Lists

100 - 199 or 2000 2699

Extended Access List place close to source

Stop telnet access to the networks attached to the E1 and E2 interfaces.

Rtr(config)#access-list 110 deny tcp any 172.16.48.0 0.0.15.255 eq 23
Rtr(config)#access-list 110 deny tcp any 172.16.192.0 0.0.63.255 eq 23
Rtr(config)#access-list 110 permit ip any any
Rtr(config)#interface Ethernet 1
Rtr(config-if)#ip access-group 110 out
Rtr(config-if)#interface Ethernet 2
Rtr(config-if)#ip access-group 110 out
172.16.50.173/20, Class B address /16, 3rd octet is the interesting octet /20 = 4 bits borrowed,
11110000 = 240
Block size = 256 - 240 = 16,
0, 16, 32, 48, 64
50 is in the 48 subnet = 172.16.48.0, wildcard mask is 1 less than block size = 0.0.15.255
Note we configure one access list containing both conditions and apply it to the two interfaces
rather than create one access list for each condition and place it on each interface.
Example

Prevent SMTP traffic originating from the WANs from travelling over link A to an SMTP server with
destination 192.168.115.20 by putting an outbound extended IP access list on the Serial 0 interface
of RouterX.
Source

Destination

rtr(config)#access-list 105 deny TCP any host 192.168.115.20 eq SMTP

rtr(config)#access-list 105 permit IP any any
rtr(config)#interface serial 0
rtr(config-if)#ip access-group 105 out

Example
HTTP, Telnet, Simple Mail Transfer Protocol (SMTP), POP3, and FTP traffic are permitted, and the
rest of the traffic sourced from Network B destined to Network A is denied.

Permit TCP traffic with destination port values matching WWW (port 80), Telnet (port 23), SMTP
(port 25), POP3 (port 110), FTP (port 21), or FTP data (port 20).
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#interface ethernet0
rtr(config-if)#ip access-group 102

tcp
tcp
tcp
tcp
tcp
tcp

any
any
any
any
any
any

any
any
any
any
any
any

eq www
eq telnet
eq smtp
pop3
eq 21
eq 20

in

Notice an implicit deny all clause at the end of an ACL denies all other traffic, which does not
match the permit clauses.

Allow Access to a Range of Contiguous IP Addresses

Allow all hosts in Network B with the network address 192.168.10.0/24 to access network
192.168.200.0/24 in Network A.

#access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.200.0 0.0.0.255

(source)
(destination)
#interface ethernet0
#ip access-group 101 in

This allows packets with a source address in the network 192.168.10.0/24 and a destination in the
network 192.168.200.0/24 access to Network A. There is the implicit deny all clause at the end of
the ACL which denies all other traffic through E0 inbound on R1.

Viewing ACLs
Router(config)#show access-lists (shows all access lists)
Router(config)#show access-list 101 (shows access list 101)
Router(config)#show ip interface (shows the access lists on the interface)
Removal of ACLs
Router(config)#no access-list 1

Named Access Lists

Note we type ip access-list, not access-list. This allows us to enter a named access list.

Configure an extended access list name it secure_LAN to allow pings from loopback 0 Router B to
loopback 0 Router A and also an access list to allow anyone to telnet into loopback 1 on Router A
only.
RouterA>enable
RouterA#config t
RouterA(config)#ip access-list extended secure_LAN
RouterA(config-ext-nacl)#permit icmp host 172.30.1.1 host 172.16.1.1
(source)
(destination)
RouterA(config-ext-nacl)#permit tcp any host 172.20.1.1 eq telnet
RouterA(config-ext-nacl)#exit
source
destination
RouterA(config)#int s0
RouterA(config-if)#ip access-group secure_LAN in
RouterA(config-if)#exit
RouterA(config)#exit
Confirm with the show ip access-lists command
RouterA#show ip access-lists
Extended ip access list secure_LAN
Permit icmp host 172.30.1.1 host 172.16.1.1
Permit tcp any host 172.20.1.1 eq telnet

Static NAT

Define Inside Local and Inside Global Addresses

Router(config)#ip nat inside source static 10.0.0.3 179.2.2.80
Inside local outside global
Router(config)#interface ethernet0
Router(config-if)#ip nat inside
Router(config)#interface serial0
Router(config-if)#ip nat outside

inside local outside global

(config)#ip nat inside source static 10.1.1.2 192.168.1.2
(config)#int E0
(config-if)#ip nat inside
(config-if)#exit
(config)#int S0
(config)#ip nat outside

Dynamic NAT

A router needs to be configured with NAT and it has 15 public addresses, 179.9.8.80 through
179.9.8.95 call this pool_1. On the inside network hosts use the private addresses of 10.1.0.0/16.
What is the NAT configuration on the router?
(config)#access-list 1 permit 10.1.0.0 0.0.255.255
(config)#ip nat pool POOL_1 179.9.8.80 179.9.8.95 netmask 255.255.255.0
public address pool
(config)#ip nat inside source list 1 pool POOL_1
(config)#int E0
(config-if)#ip nat inside
(config)#exit

(config)int S0
(config-if)#ip nat outside
Another Example
Router(config)#access-list 1 permit 10.0.0.0 0.0.0.255
Router(config)#ip nat pool cisco 179.2.2.65 179.2.2.90 netmask
255.255.255.224
Router(config)#ip nat inside source list 1 pool cisco
Router(config)#interface ethernet0
Router(config-if)#ip nat inside
Router(config)#interface serial0
Router(config-if)#ip nat outside
Global outside addresses 25, therefore block size 32, netmask 256 32 = 224

Configure PAT

A border router needs to be configured with NAT and will allow 6 public addresses, 198.18.131.65
through 70. On the inside network there are 63 hosts that use the private addresses of
192.168.10.129 through 190. What is the NAT configuration on the border router?
Answer
#ip nat pool Todd 198.18.131.65 198.18.131.70 netmask 255.255.255.248
#access-list 1 permit 192.168.10.128 0.0.0.63
#ip nat inside source list 1 pool Todd overload

ip nat pool Todd 198.18.131.65 198.18.131.70 netmask 255.255.255.248

Sets the pool name as Todd and creates the dynamic pool of public addresses for the NAT to use
from 198.18.131.65 to 70
For the inside global pool 5 addresses are required block size = 2, 4, 8.
Block size must be 8, 256 - 8 = 248, Giving us a netmask of 255.255.255.248
Inside local 63 hosts required block size 64 therefore wildcard mask is 0.0.0.63
For the subnet the start of local address pool is 192.168.10.129
This lies in the 192.168.10.128 subnet
ip nat inside source list 1 pool Todd overload
This sets dynamic pool to use Port Address Translation (PAT) by using the overload cmd
Remember to add the ip nat inside and ip nat outside statements on the interfaces.
Lab_A(config)#int s0/0
Lab_A(config-if)#ip nat outside
Lab_A(config-if)#ip f0/0
Lab_A(config-if)#ip nat inside

Question Simulation 1

Configure a router to provide Internet access. The ISP has provided you with six public IP
addresses of 198.18.158.97, 198.18.158.98, 198.18.158.99, 198.18.158.100, 198.18.158.101, and
198.18.158.102. ABC.com has 62 hosts that need access to the Internet simultaneously. The hosts
in the ABC.com LAN have been assigned private space addresses in the range of 192.168.98.65 192.168.98.126. The following have already been configured on the router
1. The basic router configuration
2. The appropriate interfaces have been configured for NAT inside an NAT outside.
3. The appropriate static routes have also been configured (since the company will be a stub
network, no routing protocol will be required)

4. All passwords have been temporarily set to "Cisco" The task is to complete the NAT configuration
using all IP addresses assigned by the ISP to provide Internet access to the hosts in the ABC1 LAN.
Functionality can be tested by clicking on the host provided for testing.
Configuration information
Router name: ABC1 inside global addresses: 198.18.158.97 198.18.158.102/29
inside local addresses: 192.168.98.65 - 192.168.98.126/26 Number of inside hosts: 62
password Cisco
Answer
ABC1(config)#ip nat inside source list 1 pool nat-pool overload
ABC1(config)#access-list 1 permit 192.168.98.64 0.0.0.63
ABC1(config)#ip nat pool nat-pool 198.18.158.97 198.18.158.102 netmask
255.255.255.248
ABC1(config)#int Fa0/0
ABC1(config-if)#ip nat inside
ABC1(config-if)#exit
ABC1(config)#int s0
ABC1(config-if)#ip nat outside
ABC1(config-if)#end
ABC1#copy run start
Previously the ip nat pool nat-pool was configured with /26 which is 255.255.255.192 which is
incorrect because we are configuring inside global and it's /29 which is 255.255.255.248.
Explanation
Public ip addresses 198.18.158.97 102
5 addresses, block size 8, 256 8 = 248, netmask 255.255.255.248
Local inside addresses 192.168.98.65 126, 62 hosts = block size 8, 16, 32, 64, block size = 64
Start of local pool 192.168.98.65 lies in the 64 subnet = 192.168.98.64
So subnet and inverse mask 192.168.98.64 0.0.0.63
Question NAT SIM 2
A network associate is configuring a router for the weaver company to provide internet access. The
ISP has provided the company six public IP addresses of 198.18.184.105 - 198.18.184.110. The
company has 14 hosts that need to access the internet simultaneously. The hosts in the company
LAN have been assigned private space addresses in the range of 192.168.100.17
192.168.100.30

Weaver>enable
Weaver#configure terminal
Router(config)#hostname weaver
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Weaver(config)#ip nat pool isp_adr 198.18.184.105 198.18.184.110 netmask
255.255.255.248
Weaver(config)#ip nat inside source list 10 pool isp_adr overload
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Number inside hosts = 14, block size = 16, wildcard = 0.0.0.15
Start of local pool 192.168.100.17 lies in the 192.168.100.16 subnet
198.18.184.105 110, 5 addresses block size 8, 256 8 = 248, netmask = 255.255.255.248
Weaver(config)#ip nat inside source list 10 pool isp_adr overload
overload keyword is compulsory because the internal LAN address space is more then the ISP
provided public address range 6 public address for 14 private lan hosts which all need to access the
internet at the same time.
-------------------verify configuration
-------------------#clear ip nat translation *
#clear ip nat translation inside glob ip local ip [outside glob ip local
ip]
#show ip nat translations
#show ip nat statistics

Passwords
enable password (used to secure privileged mode)
enable secret the newer encrypted password that overrides the enable password

Router#config t
Router(config)#enable secret todd
Router(config)#enable password todd

Auxiliary Password
Router#config t
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password todd

Console Password
Router#config t
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password todd1

VTY - Virtual Terminal, Telnet Password

Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password todd2
In effect the only line that changes is the line config

To manually encrypt your passwords use the service password-encryption cmd

Router#config t
Router(config)#service password-encryption
Router(config)#^Z
Router(config)#banner motd #
Enter text message. End with the character #
You have entered a secure system,authorized access ONLY! #
Router(config)#^Z

Control A = start of line

Control E = end of line
Control F = right (forward
Control B = left (back)
Control P = repeat last= previous command
Control N = repeat most recent command
Esc B = back 1 word
Esc F = Fwd 1 word
Password Resetting
Flash memory is also called NVRAM
If the boot field is 0x0, Router boots to ROM Monitor Mode (ROMMON).
If the boot field is 0x1, the Router boots from IOS in ROM
If the boot field is 0x2 through 0xF, Router will first look in FLASH (NVRAM) for an IOS.
If the configuration register is set to
0x2142 bypasses the configuration in NVRAM.
0x2102, The default value for the configuration register the router boots normally.
0x1000, the boot field value is zero, so it will boot to ROMMON.
0x0107, the boot field is 7 so the router will still boot normally.
0x2101, the router will boot from ROM into RXBOOT mode on the next reboot.
0x2105, 5 = boot field anything between 0x2 to 0xF will look for startup-configuration in the NVRAM.

Boots normally.

Router#show interface s0/0

Serial0/0 is up, line protocol is down
Datalink problem. Clocking (keepalive) or framing problem. Check the keepalives and encapsulation
matches on both ends and the clock rate is set if needed.
Router#sh int s0/0
Serial0/0 is down, line protocol is down
Physical layer problem. If both are down its a cable or interface problem.
Question
You as the administrator issue the shutdown command on Serial 1. You later view this interface
using the show interface Serial 1 command. How will this interface be displayed?
A. Serial 1 is up, line protocol is up.
B. Serial 1 is up, line protocol is down.
C. Serial 1 is down, line protocol is down.
D. Serial 1 is administratively down, the line protocol is down.
Answer D
Explanation
The shutdown command administratively disables an interface. The result is the interface will be
down as will the line protocol.

CDP
To see if cdp is running
R3#show cdp interface
Ethernet0 is up line protocol is up
Encapsulation ARPA
Sending CDP packets every 60s
Holdtime is 180s
To disable cdp on an interface
use no cdp enable cmd

To enable cdp on an interface

use cdp enable cmd

R3#config t
R3(config)#int s0
R3(config-if)#no cdp enable
R3(config-if)#^Z

R3#config t
R3(config)#int s0
R3(config-if)#cdp enable
R3(config-if)#^Z

To disable CDP on the entire router use the no cdp run in global configuration mode.
When issuing a show cdp entry command, the following information is provided.
1. Neighbor device ID
2. Layer 3 protocol information (ie IP address)
3. Local interface and Port identifiers of the neighbors remote ports
4. The hold time in seconds
5. Devices capabilities
6. Device Platform
7. IOS type and version.

Gathering Neighbour Information

Todd2509#show cdp neighbor
Capability codes: R router, T Trans Bridge, B Source Route Bridge,
S switch, H - Host IGMP, r- repeater
Device ID
1900Switch
25000B

Local Intrfce Holdtime Capability

Eth0
238
TS
Ser0
138
R

Platform
1900
2500

Port ID
2
Ser0

So the output shows directly connected to the 2509 router are a switch with a hostname of
1900Switch and a 2500B router.
#show cdp neighbors displays information about directly connected devices
1. Neighbor Device ID: The hostname of the neighbor device
2. Local Interface: The interface on which the cdp packet from the neighbor is heard
3. Capability: Capability of this neighboring device - R for router, S for switch, H for Host etc.
4. Platform: The neighbor device type (ie. 2500 router)
5. Port ID: The interface of the remote neighbor sending CDP information
6. Holdtime: Decremental hold time in seconds

But there's one vital piece of info missing - the neighbor's IP address.
You'll need to run show cdp neighbor detail to get that.
IP Addresses
Example 255.255.255.192/26
Subnetting 192.168.10.0 network address with 255.255.255.192 subnet mask
How many subnets?
/26 compared to /24 = 2 extra bits borrowed for the network address, 2^2 = 4
How many hosts per subnet? = 6 bits left for the host address 2^6 2 = 62 hosts
What are the valid subnets? 256 subnet mask = block size
256 192 = 64, so subnets are
0
64
128
192
Whats the broadcast address for each subnet 63
127
191
255

What are the valid hosts?

1-62

65-126 129-190 193-254

Question
You work as a network technician. You have subnetted the 201.105.13.0 network with a /26 mask.
Your boss asks you how many usable subnetworks and usable host addresses per subnet this will
provide. What should you tell her?
A. 64 networks and 4 hosts
B. 4 networks and 64 hosts
C. 2 networks and 62 hosts
D. 62 networks and 2 hosts
Answer C
/26, therefore 2 bits borrowed for network
Subnets= 2^2 - 2 = 4 - 2 = 2
2 bits for network portion therefore 6 bits left for number of hosts 2^6 - 2 = 64 2 = 62

Summarization
Question
In the network shown below, what is the most efficient summarization that R1 can use to advertise
its networks to R2?

A. 172.1.0.0/22
B. 172.1.0.0/21
C. 172.1.4.0/22
D. 172.1.4.0/25
172.1.4.128/25
172.1.5.0/24

172.1.6.0/24
172.1.7.0/24
E. 172.1.4.0/21
Answer C
172.1.4.0/22
Explanation: In large internetworks, hundreds, or even thousands, of network addresses can exist. It
is often problematic for routers to maintain this volume of routes in their routing tables. Route
summarization (also called route aggregation or supernetting) can reduce the number of routes that
a router must maintain, because it is a method of representing a series of network numbers in a
single summary address.
172.1.4.0
172.1.4.128
172.1.5.0
172.1.6.0
172.1.7.0

172.1 : 00000100.0
: 00000100.128
: 00000101.0
: 00000110.0
: 00000111.0

172.1 is the same for all networks 3rd octet changes therefore reduce to binary to find the remaining
common bits, which is the first 6 bits so /16 + /6 = /22

Quick Notes WAN

HDLC is the default encapsulation used by cisco routers over serial links
No Authentication can be used with HDLC!
Corporate
Router>enable
Router#config t
Router(config)#hostname Corp
Corp(config)#interface serial 0
Corp(config-if)#ip address 10.1.1.1 255.255.255.0
Corp(config-if)#no shutdown
Corp(config-if)#exit
Corp(config)#exit
Corp#
Here the default HDLC is used as Corp router is cisco no configuration necessary

A show interface serial 0, shows HDLC running.

Router#show int s0
Serial0/0 is up, line protocol is up
MTU 1500 bytes, BW 1544 Kbit
Encapsulation HDLC, loopback not set

PPP
If we have a Cisco router and a non-Cisco router connected we must configure PPP HDLC wont
work. Authentication can be used with PPP

Left#config t
Left(config)#username Right password cisco
Left(config)#int s0
Left(config-if)#encapsulation ppp
Left(config-if)#ppp authentication chap
Left(config-if)#ppp authentication pap
Left(config-if)#^Z
Passwords must match on each router

Frame Relay

Dynamic address mapping using Inverse ARP Single

Interface

Corporate
Router>enable
Router#config t
Router(config)#hostname Corp
Corp(config)#interface serial 0
Corp(config-if)#encapsulation frame-relay
Corp(config-if)#frame-relay lmi-type cisco
Corp(config-if)#ip address 10.1.1.1 255.255.255.0
Corp(config-if)#frame-relay interface-dlci 100
Corp(config-if)#no shutdown
Corp(config-if)#exit
Corp(config)#exit
Corp#
No encapsulation method was specifically configured, the default is Cisco, which means that a
Cisco router is on both sides of the link.
If you have a Cisco router on one side of the link and a Nortel or other on the other side of the link,
then the configuration would be.

Corporate
Router>enable
Router#config t
Router(config)#hostname Corp
Corp(config)#interface serial 0
Corp(config-if)#encapsulation frame-relay ietf
Corp(config-if)#frame-relay lmi-type (ansi or Q.933A)
Corp(config-if)#ip address 10.1.1.1 255.255.255.0
Corp(config-if)#frame-relay interface-dlci 100
Corp(config-if)#no shutdown
Corp(config-if)#exit
Corp(config)#exit

The frame-relay interface-dlci command performs dynamic address mapping using Inverse ARP
to map the next-hop address to the local DLCI on the router.

Static Mapping
#config t
Router(config)#interface serial 0/0
Router(config)#no fame-relay inverse-arp
Router(config-if)#encapsulation frame-relay
Router(config-if)#ip address 192.168.0.5 255.255.255.0
Router(config-if)#frame-relay map ip 192.168.0.6 100 broadcast
Router(config-if)#no shutdown
Router(config-if)exit
frame-relay map ip can be configured multiple times to associate more than one DLCI to an
interface.
If the Cisco encapsulation (default) is configured on a serial interface then by default that applies to
all VCs on that serial interface unless configured otherwise to use IETF (non Cisco) encapsulation.
Router(config-if)#frame-relay map ip 192.168.1.1 103 broadcast
Router(config-if)#frame-relay map ip 172.16.1.1 102 broadcast ietf
Router#show frame-relay map
Serial0 (up): ip 192.168.1.1 dlci 103(0x7A,0x1CA0), static, broadcast,
CISCO, status defined, active
Serial0 (up): ip 172.16.1.1 dlci 102(0x7A,0x1CA0), static, broadcast,
IETF, status defined, active

Congestion Control
Forward Explicit Congestion Notification (FECN) bit is set to zero by default, and will be set to 1
if congestion was experienced by the frame in the direction in which the frame was travelling.
Backward Explicit Congestion Notification (BECN) will be set to 1 by a DCE in frames that are
being sent back to the source. If network congestion exists in the opposite direction in which the
frame was travelling,

show frame pvc Displays the FECN, BECN, and DE values.

R1#showframepvc
PVCStatisticsforinterfaceSerial0(FrameRelayDTE)
ActiveInactiveDeletedStatic
Local2000
Switched0000
Unused0000
DLCI=122,DLCIUSAGE=LOCAL,PVCSTATUS=ACTIVE,INTERFACE=Serial0
inputpkts30outputpkts0inbytes2280
outbytes0droppedpkts0inFECNpkts0
inBECNpkts0outFECNpkts0outBECNpkts0
inDEpkts0outDEpkts0
outbcastpkts0outbcastbytes0
pvccreatetime00:07:45,lasttimepvcstatuschanged00:06:55

Subinterfaces

Point-to-Point
Central
Router>enable
Router#config t
Router(config)#hostname Central
Central(config)#interface serial 0
Central(config-if)#encapsulation frame-relay
Central(config-if)#frame-relay lmi-type cisco
Central(config-if)#no shutdown
Central(config-if)#no ip address
Central(config-if)#interface serial 0/0.1 point-to-point
Central(config-subif)#ip address 10.20.1.1 255.255.255.0
Central(config-subif)#frame-relay interface-dlci 51
Central(config-if)#interface serial 0/0.2 point-to-point
Central(config-subif)#ip address 10.20.2.1 255.255.255.0
Central(config-subif)#frame-relay interface-dlci 52
Central(config-if)#interface serial 0/0.3 point-to-point
Central(config-subif)#ip address 10.20.3.1 255.255.255.0
Central(config-subif)#frame-relay interface-dlci 53
Central(config-if)#exit
Central(config)#exit
The no ip address cmd is configured under the major interface.
Each point-to-point subinterface must be on a separate subnet.

Multipoint
Router(config)#interface serial 1
Router(config-if)#no ip address
Router(config-if)#encapsulation frame-relay
Router(config-if)#exit
Router(config)#interface serial 1.2 multipoint
Router(config-subif)#ip address 172.16.1.1 255.255.0.0
Router(config-subif)#frame-relay interface-dlci 100 b
Router(config-subif)#frame-relay map ip 172.16.1.2 200 b
Router(config-subif)#frame-relay map ip 172.16.1.3 300 b
Router(config-subif)#frame-relay map ip 172.16.1.4 400 b
Router(config-subif)#exit

dynamic
static

The multipoint subinterface shares its subnet with each mapping static or dynamic. The no
ip address cmd is configured under the major interface.

Multipoint and point-to-point subinterfaces can coexist

RouterA(config)#interface serial 0/0

RouterA(config-if)#no ip address (optional)
(removes ip address only required if the interface already had an ip address)
RouterA(config-if)#encapsulation frame-relay ietf
RouterA(config-if)#frame-relay lmi-type ansi
RouterA(config-if)#interface s0/0.2 point-to-point
RouterA(config-subif)#ip address 2.1.1.1 255.255.255.0
RouterA(config-subif)#frame-relay interface-dlci 20 broadcast

RouterA(config)#interface serial 0/0

RouterA(config-if)#encapsulation frame-relay
RouterA(config-if)#frame-relay lmi-type cisco
RouterA(config-if)#int s0/0.1 multipoint
RouterA(config-subif)#ip address 1.1.1.1 255.255.0.0
RouterA(config-subif)#frame-relay map ip 1.1.1.2 18 broadcast
RouterA(config-subif)#frame-relay map ip 1.1.1.3 19 broadcast
RouterA(config-subif)#frame-relay interface-dlci 18 broadcast

The show frame map command displays the current Network layer-to-DLCI mappings and info
about the connection

Use the show frame-relay pvc [dlci] command to display the status of each configured
This command lists all PVCs, and what DLCI numbers their using also frames sent, received,
dropped, marked discard eligible, or with their Forward Explicit Congestion Notification (FECN) or
Backward-Explicit Congestion Notification (BECN) bit set.

Troubleshooting Frame Relay

There are a few commands used to check the status of your interfaces and permanent virtual
circuits (PVCs)
show frame-relay lmi Local Management Interface (LMI) traffic stats exchanged between the
local router and the Frame Relay Switch.
show frame-pvc command lists all configured PVCs and Data Link Connection Identifier (DLCI)
numbers.
show interface .. displays statistics for all interfaces configured on the switch shows LMI
traffic, encapsulation as well as Layer-2 and Layer3 information.
show frame map shows network layer-to-DLCI mappings

ISDN
ISDN BRI is made up of two B channels of 64k each and one D channel of 16k
also referred to as 2 B + D Total bandwidth for ISDN BRI, is then 144k (64+64+16=144)
D channels work with LAPD at the Data Link Layer for reliable connections.
ISDN BRI routers come with either a U interface or an S/T interface
Question
What Channel is provided by ISDN BRI?
A.
2B+1D
B.
30B+1D
C.
23B+1D
D.
2D+1B
Answer A
Terminal Adapter (TA) enables ISDN for non-ISDN devices TE2 devices ie (PCs, analogue
phone/modem)
Terminal Equipment 1 (TE1) supports ISDN (routers with ISDN interfaces, ISDN telephones,
PCs).
Terminal Equipment 2 (TE2) A non-ISDN device, (serial interface on a router PC, analogue
phone/modem) they require a TA to connect to ISDN
Network Termination 1 (NT1) Attaches to ISDN BRI lines terminates the connection from the
Central Office (CO) converts BRI signals for ISDN line.
Network Termination 2 (NT2) Used with PRI
VLAN
ISL is a Cisco proprietary VLAN tagging method,
802.1q is an open VLAN tagging standard.
Configuring Trunk Links on a Switch
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk encapsulation [dot1q / isl]
Configuring VLAN encapsulation on a Router
Router(config-if)#encapsulation dot1q vlan-number

dot1q Example

It is recommended that the sub-interface value is the same as the VLAN.

switchport
You only use the switchport command on switchesnot routers.
You can configure an interface to be an access link
Switch(config-if)#switchport mode access
Or put a port in a certain VLAN
Switch(config-if)#switchport access vlan 101
To change trunking protocol
Switch(config-if)#switchport trunk encapsulation isl

Creating VLANs
S1#config t
S1(config)#vlan 2
S1(config-vlan)#name
S1(config-vlan)#vlan
S1(config-vlan)#name
S1(config-vlan)#vlan
S1(config-vlan)#name
S1(config-vlan)#^Z

Sales
3
Marketing
4
accounting

After you have created VLANs verify them with a show vlan command

show vlan
S1#show vlan

Trunk ports dont show up in the VLAN database.

You have to use the show interface trunk command to see trunked ports.
S37501#showinterfacetrunk
PortModeEncapsulationStatusNativevlan
Fa1/0/13desirablenisltrunking1
Fa1/0/14desirablenisltrunking1

Removing VLANs from a Trunk

We can remove VLANs from the allowed list to prevent traffic from certain VLANs from traversing a
trunked link
S1#config t
S1(config)#int f0/1
S1(config-if)#switchport trunk allowed vlan remove 4
To remove a range of VLANs
S1(config-if)#switchport trunk allowed vlan remove 4-8

Assigning Switch Ports to VLANs on a Switch

S1(config-if)#switchport mode access

S1(config-if)#switchport access vlan 3
S1#config t
Enter configuration commands one per line. End with CNTRL/Z
S1(config)#vlan 5
S1(config-vlan)#name marketing
S1(config-vlan)#exit
S1(config)#vlan 10
S1(config-vlan)#name humanresources
S1(config-vlan)#exit
S1(config)#interface FastEthernet 0/2
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 5
S1(config-if)#exit
S1(config)#interface fastEternet 0/3
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 5
S1(config-if)#exit
S1(config)#interface fastEternet 0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
S1(config-if)#exit
S1(config)#interface fastEternet 0/5
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
S1(config-if)#exit
S1(config)#
At this point, ports 2 and 3 can communicate with each other and ports 4 & 5 can communicate.
This is because the ports are in their own VLAN. For the device on port 2 to communicate with the
device on port 4, you would have to configure a trunk port to a router so that it can strip off the
VLAN information, route the packet, and add back the VLAN information.

Assigning a range of access ports to VLAN

Question
You have hired a new salesperson. All sales associates are placed in VLAN5. You are adding a port
on your Catalyst 2950 switch to VLAN 5. Which commands accomplish this goal?
A. sw1(config-if)#switchport access vlan 5
B. sw1(config)#vlan-membership port vlan 5
C. sw1(config-if)#vlan-membership static 5
D. sw1(config) #port membership vlan 5
Answer A
You go to the particular interface/port you want to assign to VLAN 5 and enter the command
switchport access vlan (vlan#).

Question
What command will configure an interface on a Catalyst 2900 series switch to carry traffic from all
VLANs to another directly connected switch? (Choose two)
A. Switch(config-if)# vlan all
B. Switch(config-if)# switchport access vlan 30
C. Switch(config-if)# switchport access vlan all
D. Switch(config-if)# switchport mode trunk
E. Switch(config-if)# switchport trunk encapsulation dot1q
Answer C, E
Switch(config-if)# switchport access vlan all
Switch(config-if)# switchport trunk encapsulation dot1q

Switches have 3 VTP modes

Server add, modify, delete VLANs in the domain
Client process VLAN changes and forward VTP messages VLANs cannot be created, deleted
and edited on clients
Transparent forward VTP messages only
VTP transparent switches do not participate in the VTP domain.
VLANs can be created, deleted and edited, but are local to the switch only they keep their own
database and are not advertised to the other switches in the VTP domain

When a switch is configured as a VTP server, you must define a VTP domain before you can create
VLANs.

Configuring the Domain

1900(config)#vtp mode server
1900(config)#vtp domain Cisco2
1900(config)#vtp password cantona

VTP can be configured in global or VLAN configuration mode.

Question

Host A in the graphic is connected to a switch port assigned to VLAN 1. Which two settings on host
A are required to allow connectivity with Host B on VLAN 2? (Choose two)
A. IP address: 192.1.1.66 255.255.255.240
B. IP address: 192.1.1.130 255.255.255.192
C. IP address: 192.1.1.142 255.255.255.240
D. Default gateway: 192.1.1.129
E. Default gateway: 192.1.1.65
F. Default gateway: 192.1.1.1
Answer C, D
Explanation
Sub-interface Fast Ethernet 0/0.2 was created for VLAN 1via the "encapsulation dot1q 1" command.
C is correct as
Host A resides in VLAN 1 it must be configured with an IP address in the 192.1.1.128/28
subnet
VLAN 1 192.1.1.129 255.255.255.240 host range?
256 240 = 16 Block Size
0,16, 32, 48, 64, 80, 96, 112, 128, 144
129 is in the 128 subnet, valid hosts 129 - 142

D is correct as
Host A must be configured with the IP address of the default gateway, which is the IP address
assigned to the sub-interface of the router.

Question
Which of the following are valid configuration values for the hosts shown in the graphic? (choose
three)

A. host A IP address: 192.1.1.65

B. host A subnet mask: 255.255.255.224
C. host B IP address: 192.1.1.125
D. host B default gateway: 192.1.1.65
E. host C IP address: 192.1.1.166
F. host C subnet mask: 255.255.255.224
Answer C, D, F
Explanation
VLAN1 192.1.1.65 255.255.255.192 hosts?
256 192 = 64 Block Size
0, 64, 128, 192
65 lies in the 64 subnet
Host range 65 -126
VLAN10 192.1.1.129 255.255.255.224
256 224 = 32

0, 32, 64, 96, 128, 160

129 lies in the 128 subnet
Host range 129 -58

Routing
Route
Connected
Static
EIGRP
IGRP
OSPF
RIP
Enhanced
EIGRP
Unknown

AD
0
1
90
100
110
120
170
255

Link-state routing uses

Link-state advertisements (LSAs) A link-state advertisement (LSA) is a small packet of
routing information that is sent between routers.
Topological database A topological database is a collection of information gathered from
LSAs.
SPF algorithm The shortest path first (SPF) algorithm is a calculation performed on the
database resulting in the SPF tree.
Routing tables A list of the known paths and interfaces.
Distance vector protocols send the entire routing table to directly connected neighbors.
Link state protocols only send updates containing the state of their own links to all other routers on
the network
A passive interface on a router
Allows a router to receive routing updates on an interface but not send updates via that interface.
Question
Which of these statements is true regarding distance-vector routing protocols?
A. They send the entire routing table to directly connected neighbors.
B. They send the entire routing table to every router in the network.
C. They send the changes to the routing table to directly connected neighbors.

D. They send the changes to the routing table to every router in the network.
Answer A
Distance-vector routing protocols send the entire routing table to directly connected neighbors.
B is incorrect, as the routers send the tables only to their directly connected neighbors. If a router
learns of another route from its neighbor, it then passes that information on to another neighbor.

Static Routing
Example
Say that you have two locations, connected by a WAN T1 circuit. On the LAN side of each of these
locations, you have a small Ethernet network.

The only way for the devices on Ethernet LAN 10.10.1.0 to communicate with devices on network
10.10.2.0, is to use routing. With such a simple network, static routing is a perfect solution. You can
enter one route on each router and be done with the configuration.
The static routes for this network,
San Diego#conf t
San Diego(config)#ip route 10.10.2.0 255.255.255.0 20.1.1.2
Destination mask
next hop
Chicago#conf t
Chicago(config)#ip route 10.10.1.0 255.255.255.0 20.1.1.1
The syntax is: ip route <destination> <netmask>

<next hop>
<admin distance>
or<exit interface>

The next-hop address

router(config)#ip route 172.16.20.0 255.255.255.0 172.16.10.2
The exit interface
router(config)#ip route 172.16.20.0 255.255.255.0 s0/0

Example
RouterB is connected to the networks 192.168.20.0, 192.168.30.0 and 192.168.40.0
We must configure the following static routes on RouterB
192.168.10.0
192.168.50.0

RouterB(config)#ip route 192.168.10.0 255.255.255.0 192.168.20.1

RouterB(config)#ip route 192.168.50.0 255.255.255.0 192.168.40.2
Now looking at the routing table you can see RouterB understands how to find each network.
RouterB#show ip route
Codes: C - connected, etc
S
192.168.50.0
C
192.168.40.0
C
192.168.30.0
C
192.168.20.0
S
192.168.10.0
RouterB#

[1/0] via 192.168.40.2

is directly connected, Serial 0/1
is directly connected, FastEthernet0/0
is directly connected, Serial 0/0
[1/0] via 192.168.20.1

Default Route
A default route serves as a gateway of last resort. If there are no matches for a destination in the
routing table, the default route will be used.
R1(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2 (next-hop IP address)
R1(config)#ip route 0.0.0.0 0.0.0.0 serial0 (local exit interface)
The syntax is: ip route 0.0.0.0 0.0.0.0 <next hop> <admin distance>
<or exit interface>
To turn off default routing add no in front
R1(config)#no ip route 0.0.0.0 0.0.0.0 200.1.1.2
Question
You are configuring router Lon, and want to configure a gateway of last resort to router Man.
Router Lon will be sending this traffic out its interface serial0, which has an ip address of 172.1.1.1
Router Man will be receiving this traffic on its interface serial1, and this interface has an ip address
of 189.12.12.12
Which of the following statements will successfully configure a gateway of last resort?
A. ip route 0.0.0.0 0.0.0.0 189.12.12.12
B. ip route 0.0.0.0 0.0.0.0 serial1
C. ip route 0.0.0.0 0.0.0.0 serial0

D.
E.
F.
G.
H.

ip
ip
ip
ip
ip

route
route
route
route
route

255.255.255.255
255.255.255.255
255.255.255.255
255.255.255.255
0.0.0.0 0.0.0.0

255.255.255.255
255.255.255.255
255.255.255.255
255.255.255.255
172.1.1.1

172.1.1.1
serial1
189.12.12.12
serial0

Answer A, C
Explanation
These are the only two routes that will work
A. ip route 0.0.0.0 0.0.0.0 189.12.12.12 (next hop ip)
C. ip route 0.0.0.0 0.0.0.0 serial0 (exit interface)
RIP
RouterA(config)#router rip
RouterA(config-router)#network 192.168.10.0
RouterA(config-router)#network 192.168.20.0
RouterA(config-router)# ^Z
RIPv1 all devices in the network must use the same subnet mask. Classful routing.
RIPv2 sends subnet mask info with the route updates. This is Classless routing.
To disable RIP RouterA(config)#no router rip
To view route information do a show ip route from privileged mode or a do show ip route from
configuration mode
RouterA#show ip route
Codes: C connected etc
R 192.168.50.0
R 192.168.40.0
R 192.168.30.0
C 192.168.20.0
C 192.168.10.0
RouterA#

RIP Example

[120/2] via
[120/1] via
[120/1] via
is directly
is directly

192.168.20.2 00:00:23 serial0/0

192.168.20.2 00:00:23 serial0/0
192.168.20.2 00:00:23 serial0/0
connected, serial0/0
connected, FastEthernet0/0

Configure Router A, use the network ID of 192.168.164.0/28. The s0/0 interface of Router A will use
the last available IP address in the 8th subnet and fa0/0 will use the last available IP address in the
2nd subnet. Do not consider the zero subnet valid.
Answer
/28 = 255.255.255.240 mask
256 240 = 16 block size in the 4th octet
Since we have a block size of 16 our subnets are: (not starting at subnet zero)
16, 32, 48, 64, 80, 96,112,128,144 etc
The 8th subnet for the s0/0 interface is subnet 128
Valid host range is 129 142, 143 is the broadcast address
The 2nd subnet fa0/0 = subnet 32
Valid hosts 33 46, 47 as broadcast

Configuration on Router A will be

RouterA(config)#interface s0/0
RouterA(config-if)#ip address 192.168.164.142 255.255.255.240
RouterA(config-if)#no shutdown
RouterA(config-if)#interface fa0/0
RouterA(config-if)#ip address 192.168.164.46 255.255.255.240
RouterA(config-if)#no shutdown
RouterA(config-if)#router rip
RouterA(config-router)#network 192.168.164.0
RouterA(config-router)#^Z
RouterA#
To prevent RIP updates from propagating across your LAN/WAN
RouterA#config t
RouterA(config)#router rip
RouterA(config-router)#network 192.168.10.0
RouterA(config-router)#passive-interface serial 0/0
This command stops RIP updates from being propagated out serial interface 0/0, but serial interface
0/0 can still receive RIP updates.
Question

If the passive interface command is enabled on the fa0/0 interface of Router E, which statements
are true? (Choose two.)
A. Router E will send all routing updates via interface fa0/0.
B. Router E will ignore all routing updates learned via interface fa0/0.
C. Router E will use routing updates learned via interface fa0/0.
D. Router E will not send routing updates via interface fa0/0.
Answer C, D
Router E will use routing updates learned via interface fa0/0.
Router E will not send routing updates via interface fa0/0.
RIPv2 is a classless routing protocol (even though it is configured as classful, like RIPv1 it sends
subnet mask information along with the route updates)
RouterC(config)#router rip
RouterC(config-router)#version 2
RouterC(config-router)#network 192.168.40.0
RouterC(config-router)#network 192.168.50.0
RIP version 2 default behavior is to autosummarize routes advertised across classful boundaries. To
disable this behavior, run the no auto-summary command under the RIP process.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 172.10.0.0
If you want to see only a certain protocol route from the entire routing table, run the
show ip route followed by the protocol or route type (static, for example).
R1#show ip route rip
R 2.0.0.0/8 [120/1] via 172.16.123.2, 00:00:26, Serial0
R 3.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
[120/1] via 172.16.123.3, 00:00:09, Serial0
R 10.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
The hold down timer for RIP is 180 sec. The flush timer for RIP is 240 sec.

It broadcasts it entire routing table every 30 seconds by default and it can be load balanced as
many as six equal cost paths (4 paths are the default).
Question
You are configuring the Ike router on the network shown in the figure below. You would like to use
the RIP routing protocol to propagate all the networks to the three routers shown. What
configuration would you apply to Ike to have it participate in this objective?

A. Ike(config)#router rip
Ike(config-router)#network 172.16.0.0
Ike(config-router)#network 192.168.45.0
B. Ike(config)#router rip
Ike(config-router)#network
Ike(config-router)#network
Ike(config-router)#network
Ike(config-router)#network

172.16.30.0
192.168.35.0
192.168.45.0
192.168.55.0

C. Ike(config)#router rip
Ike(config-router)#network
Ike(config-router)#network
Ike(config-router)#network
Ike(config-router)#network

172.16.0.0
192.168.35.0
192.168.45.0
192.168.55.0

D. Ike(config)#router rip
Ike(config-router)#network 172.16.0.0
Ike(config-router)#network 192.168.0.0

Answer A
RIP is considered a classful protocol. From a configuration standpoint, this means that networks
must be entered into the configuration using their default classes (Class A, B, or C). Because
172.16.0.0 is a class B network, it must be entered as if it had a class B subnet mask rather than
the subnet mask shown in the figure. In addition, you enter directly connected interfaces only into a
routing process

EIGRP
EIGRP is a classless, enhanced distance vector Cisco proprietary protocol.
It includes the subnet mask in its route updates
It doesnt send link state updates like OSPF but sends distance vector updates with info about
networks and the cost of reaching them. But like link state it synchronises routing tables between
neighbors at startup and when the topology changes

EIGRP hello messages are sent every 5 secs on Ethernet by default.

EIGRP has a maximum hop count of 100, but it can be set up to 255.
Router#config t
Router(config)#router eigrp 20
Router(config-router)#network 172.16.0.0
Router(config-router)#network 10.0.0.0
Note the AS number 20 which can be any number 1 to 65535
Router(config)#router eigrp 20
Router(config-router)#passive-interface serial 0/1
EIGRP passive interfaces differ to RIP they will neither send nor receive updates.
EIGRP also supports the use of discontiguous subnets
Discontiguous subnets work with OSPF by default because OSPF does not auto-summarise
like EIGRP.

A Discontiguous Network
Here the subnets 172.16.10.0 and 172.16.20.0 are connected together with a 10.3.1.0 network. By
default each router thinks it has the only 172.16.0.0 classful network.

Configuring Discontiguous Networks

By default routers running EIGRP will automatically summarise the classful boundaries and routing
will not work. Heres how to turn auto summarisation off.
RouterA#config t
RouterA(config)#router eigrp 100

RouterA(config-router)#network 172.16.0.0
RouterA(config-router)#network 10.0.0.0
RouterA(config-router)#no auto-summary
RouterB#config t
RouterB(config)#router eigrp 100
RouterB(config-router)#network 172.16.0.0
RouterB(config-router)#network 10.0.0.0
RouterB(config-router)#no auto-summary
By using the no auto-summary command EIGRP will advertise all the subnets between the two
routers.
In the presence of discontiguous subnets automatic summarisation must be disabled for routing to
work.
EIGRP topology table

Routes with larger metrics to the network via other routers, is the Reported Distance (RD).
A Feasible Successor is a neighbor whose Reported Distance is less than the current Feasible
Distance.
The Successor for a particular route is the neighbour/peer with the lowest metric/distance to that
network and is the primary route to a desination.
Feasible Distance (FD) is the route with the lowest metric to a network.
Reported Distance (FD) is the distance advertised by a neighbour

Open Shortest Path First (OSPF) open source

If not your routers are Cisco then you cant use EIGRP so your options are RIP or OSPF. Note
OSPF cant load balance across unequal cost links as EIGRP can.

OSPF supports VLSM, has no limitation of network reachability, it maintains neighbor relationships
using the IP multicast address of 224.0.0.5. After initialization, OSPF only sends updates on routing
table sections which have changed it does not send the entire routing table.
Router ID The Router ID (RID) is an IP address used to identify the router.
The Designated Router is elected by the Hello Protocol.
A router's Hello Packet contains its Router Priority. The router with the highest priority becomes
the designated router (DR). If the priorities are the same, then the router with the highest router
ID by (the highest IP address of all loopback interfaces). If no loop-back interfaces are
configured, OSPF will choose the highest IP address.
Priority areas are 0 to 255, when the priority of a router is 0, the router will not participate in
the election.

Only the DR will send LSAs to the rest of the network.

For backup purposes also a Backup DR (BDR) is elected
All routers also establish adjacencies to the BDR
BDR itself also establishes adjacency to DR

R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/BDR 00:00:34 192.168.12.2 Serial1/1
3.3.3.3 1 FULL/BDR 00:00:36 192.168.13.3 FastEthernet0/0
Neighborship database A variety of details such as the Router ID and state are maintained on
each router in the neighbourship database it is a list of all OSPF routers which have received hello
packets.

Configuring Priority

A router with the highest OSPF priority will win the election for DR.
R3#config t
R3(config)#interface f0/0
R3(config-if)#ip ospf priority 100
Note we have to reload or shutdown the routers for election to take place and priority take effect.
We can see Priority with show ip ospf interface
R3#show ip ospf interface
FastEthernet0/0 is up, line protocol is up
Internet Address 171.154.45.39 Area 0
Process ID 64999 Router ID 171.154.45.39 Network Type BROADCAST Cost 10
Transmit Delay is 1 sec State DR Priority 100
Designated Router (ID) 171.154.45.39, Interface address 192.168.50.1

Configure a loopback interface

Router(config)#interface loopback 0
Router(config-if)#ip address 192.168.31.33 255.255.255.255
Router(config-if)#exit
To remove the loopback interface
Router(config)#no interface loopback 0
01:47:27: %LINK-5-CHANGED: Interface Loopback0,
Changed stateto administratively down

If you don't want to use a Loopback interface, you can still force the router ID to use a particular IP
address with the router-id configuration command
Router5#configure terminal
Enter configuration commands, one per line.
Router5(config)#router ospf 87
Router5(config-router)#router-id 172.25.1.7
Router5(config-router)#end
Router5#

End with CNTL/Z.

You can see what the RID for your router is with the following command:
Router5#show ip ospf
Routing Process "ospf 87" with ID 172.25.1.7
Supports only single TOS(TOS0) routes
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 5. Checksum Sum 0x28868
Number of DCbitless external LSA 0
Number of DoNotAge external LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Area BACKBONE(0)
Number of interfaces in this area is 2
Area has no authentication

Configuring OSPF Areas

After the OSPF process we need to identify the interfaces and area on which you want to activate
OSPF.
RouterA#config t
RouterA(config)#router ospf 1
RouterA(config-router)#network 10.0.0.0 0.255.255.255 area 0
In multi-area OSPF networks all areas are required to connect to area 0 the backbone area.
The Process ID is in the range 1-65535
The area-id is an integer between 0 and 4294967295
Priority is the range 0 to 255 (not shown)
If you have more than one network statement, the order becomes important. In the following
example, the last line matches all IP addresses and assigns them to Area 0. But, because this line
comes last, it only picks up any addresses that are not captured by either of the lines above it.
However, if we had written this line first, then all of the interfaces would wind up in Area 0.
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 55
Router1(config-router)#network 10.0.0.0 0.255.255.255 area 2
Router1(config-router)#network 172.20.0.0 0.0.255.255 area 100
Router1(config-router)#network 0.0.0.0 255.255.255.255 area 0
Router1(config-router)#end
Router1#
We have a router with theses 4 subnets connected to four different interfaces.
192.168.10.64/28, 192.168.10.80/28, 192.168.10.96/28, 192.168.10.8/30
All interfaces need to be in area 0. Seems the easiest config is
Test#config t
Test(config)#router ospf 1
Test(config-router)#network 192.168.10.0 0.0.0.255 area 0
But to cover CCNA objectives lets use separate subnets and wildcards
Test#config t
Test(config)#router ospf 1
Test(config-router)#network
Test(config-router)#network
Test(config-router)#network
Test(config-router)#network

192.168.10.64 0.0.0.15 area 0

192.168.10.80 0.0.0.15 area 0
192.168.10.96 0.0.0.15 area 0
192.168.10.8 0.0.0.3 area 0

If the area address ranges are nicely assigned (which also helps immensely when you have to start
summarizing), you can use a single network statement to cover the whole area. If, for example,
area 3 has address range 10.1.16.0/20,
use network 10.1.16.0 0.0.15.255 area 3
If the router has all interfaces in a single area, I would always use
network 0.0.0.0 255.255.255.255 area area-id
(unless there is an extremely good reason that some interfaces should not be seen by the OSPF)

To configure Man router with an ip address shown and loopback interface on Fa0/0 for ospf
Man#config terminal
Man(config)#interface fa0/0
Man(config-if)#ip address 192.168.1.1 255.255.255.0
Man(config-if)#no shutdown
Man(config-if)#interface loopback 0
Man(config-if)#ip address 192.168.31.11 255.255.255.255
Man(config)#router ospf 1
Man(config-router)#network 192.168.1.0 0.0.0.255 area 0
1 is the ospf process ID which is locally significant.

The show ip ospf interface (interface) command

Displays Priority, timer intervals, router ID number and neighbor adjacencies

Show ip ospf neighbor & Show ip ospf neighbor detail

Summarises the OSPF information regarding neighbour id, priority, adjacency state and DR or BDR.

So use the show ospf neighbor command to see who won DR election

Layer 2 Switching
Forward/filter decisions When a frame is received on an interface, the switch looks at the
destination hardware address and finds the exit interface in the MAC database. The frame is only
forwarded out the specified destination port.

Looking at the output of a show mac address-table

If the switch received a frame with the following MAC addresses

The destination MAC address is found in the MAC address table and is forwarded out the fa0/3
interface.

3 main switching methods are

Cut Through - looks at the first 6 bytes of the destination MAC address only
Fragment free cut through - looks at the first 64 bytes only
Store and forward - looks at the entire frame

Spanning Tree Protocol (STP)

Bridge Priority - Numerical value held by switches. All Catalyst switches are priority 32768
Bridge ID = Priority Value and switch MAC Address.

Root bridge This is the bridge with the lowest bridge ID.
Root port The port with the lowest path cost to the root bridge.
Used for communicating with the root bridge.
Designated port this has been determined as having the lowest cost. A designated port will be
marked as a forwarding port.
NonDesignated port has a higher cost than the designated port Nondesignated ports are put in
blocking mode.

Any port that is not either a root port or a designated port is placed into the blocking state.

Switch A is the root bridge because its the one with the lowest bridge ID. Switch B must shut down
one of its ports connected to Switch A to prevent a switching loop from occurring.
STP will shut down the link with the lowest bandwidth, here both links are 100Mbps so STP will shut
down the highest port number ie Fa0/12.

Wireless
The Service Set Identifier (SSID) all wireless devices in a WLAN must be configured with the same
SSID in order to communicate.
Ad-hoc
The simplest form of a wireless network is created by connecting two or more wireless clients
together in a peer-to-peer network. A wireless network established in this manner is known as an
ad-hoc network and does not include an AP.
All clients within an ad-hoc network are equal. The area covered by this network is known as an
Independent Basic Service Set (IBSS).
Infrastructure Mode
Larger networks require a single device that controls communications in the wireless cell, an AP
Access Point.
The area covered by a single AP is known as a Basic Service Set (BSS) or cell.
The Basic Service Set (BSS) is the smallest building block of a WLAN. The area of coverage of a
single AP is limited. To expand the coverage area, it is possible to connect multiple BSSs through a
Distribution System (DS). This forms an Extended Service Set (ESS). An ESS uses multiple APs.
Each AP is in a separate BSS.

In order to allow movement between the cells without the loss of signal, BSSs must overlap by
approximately 10%. This allows the client to connect to the second AP before disconnecting from
the first AP.
Most home and small business environments consist of a single BSS. However, as the required
coverage area and number hosts needing to connect increases it becomes necessary to create an
ESS.

802.11b standard uses DSSS with a maximum data rate of 11Mbps

802.11b supports four data rates: 1, 2, 5.5, and 11 Mbps.

Wi-Fi Protected Access (WPA). Specifies the use of dynamic encryption keys that change each time
a client establishes a connection. It includes authentication by PSK.
Question
You and a co-worker have established wireless communication directly between your wireless
laptops. What type of wireless topology has been created?
A. BSS
B. ESS
C. IBSS
D. SSID
Answer C
Explanation
Ad-hoc mode or Independent Basic Service Set [IBSS] is simply a group of computers talking
wirelessly to each other with no access point (AP).

IPv6
21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A or
21DA:D3:0:2F3B:2AA:FF:FE28:9C5A with the leading zeros removed
A contiguous sequence of 16-bit blocks set to 0 in the colon-hexadecimal format can be
compressed to ::
FE80:0:0:0:2AA:FF:FE9A:4CA2 can be compressed to FE80::2AA:FF:FE9A:4CA2.
FF02:0:0:0:0:0:0:2 can be compressed to FF02::2.
0000, may be replaced with two colons:: as long as there is only one double colon used in an
address
1234:0:0:0:ABCD:0:0:123
could be represented as
1234::ABCD:0:0:123
or
1234:0:0:0:ABCD::123
You can identify these and other IPv6 addresses by their initial bits
1111 111010 - Link Local prefix FE80::/10
1111 111011 a site-local address IPv6 unicast address prefix FEC0::/10
1111 1111 Multicast has a prefix of FF00::/8
6to4 is 2002::/16 - this is the transition systemthe structure that allows IPv6 packets to be
transmitted over an IPv4 network without the need to configure explicit tunnels.

Autoconfiguration

MAC-48: 00:01:03:69:8B:CF
EUI-64: 0201:03ff:fe69:8bcf

Example
Host Ethernet address is 00:30:48:23:58:df
Network prefix is 2001:db8:1:cafe::/64
Address is
2001:0db8:0001:cafe:0230:48ff:fe23:58df
The change in the top byte of the address from 00 to 02 comes from the global bit being set in the
translation from IEEE MAC-48 to EUI-64

What multicast address does RIPng use?

Answer FF02::9
What multicast address does EIGRPv6 use?
Answer FF02::A
What two multicast addresses does OSPFv3 use?
Answer FF02::5, FF02::6

A router that is running both IPv4 and IPv6 addressing on the same interface is known as
Dual-stack