Monday, October 25, 2010

CCNA Prep - Key points

Main functions of switches
1. Perform switching in the hardware
2. Address learning
3. Loop avoidance
4. Forward/Filter/Flood
5. Store and Forward(get full packet into memory buffer and then forward), Cut-through(read only destination mac and forward), Fragment free (read first 64 bytes and then forward)
6. increase bandwidth
7. increase collision domains
8. reduce size of collision domain

Spanning Tree Protocol
- runs on a per VLAN basis - 802.1d
- to prevent switching loops
- it takes time to converge... is completely converged when the all ports are either in forwarding or blocking mode
- root bridge has all ports in forwarding mode - but don't get confused, when etherchannel is configured also, all ports will be shown as forwarding
- etherchannel configuration
int port-channel 1
int range fastethernet 1-10
switchport mode trunk
channel-group 1 mode desirable auto

- disabled, blocked, listening, learning, forwarding

forward-delay is 15 seconds - 15 seconds in listening and 15 seconds in learning
wait interval - 20 seconds.. wait for 20 seconds for hello packet before stp is recalculated.

BPDU - Bridge Protocol Data Unit - Bridge Priority:Mac Address
The root bridge is the one with the smallest Bridge ID.

On access ports turn on portfast to reduce STP overhead or we can run rapid Spanning Tree Protocol 802.1w - does away with listening and learning states
10MBPS - 100
100 MBPS - 19
1000 MBPS - 4
10000 MBPS - 2

Port Security
switchport port-security maximimum 2
switchport port-security mac-address sticky
switchport port-security violation shutdown/restrict/protected

UplinkFast - actively finds the next best path to be enabled in case the currently active path fails
switchport uplinkfast

BackboneFast - enabled on access switches. When a switch recieves an inferior BPDU from the designated switch, it knows that the link to the root bridge has failed.
switchport backbonefast

BPDU Guard - puts the port into err-disabled state if a BPDU is recieved on the port on which this is enabled
switchport bpduguard enable

BPDUFilter - removes the port from portfast mode once it receives a BPDU
switchport bpdufilter enable

- process id is locally significant
- process id can be from 1 to 65535
- link state protocol
- sends hello packets every 2 seconds
- link state advertisements are sent out only when there is change in topology
- administrative distance is 110
- suitable for multi-vendor networks
- metric is cost
- for routers to become neighbours
* get hello packet
* same area
* same network mask
* same hello and dead timers
- types of routers
- backbone router - at least one interface in area 0
- area border router - between areas
( all backbone routers are area border routers but not the other way around)
- AS border router - during redistribution
- internal routers - all interfaces in same area
- auto-summarization
router ospf#area 1 ip range

56KBPS line - 1785
64KBPS line - 1586
T1 line - 1544 KBPS - 64
Ethernet - 10 MBPS - 10
FastEthernet - 100 MBPS - 1
100000000/speed in bps

version 1
-broadcast routing updates
- holdowns, split horizon, route poisoning used to prevent routing loops
- holddowns - wait for a particular duration before taking the next step
- route poisoning - advertising a route as unreachable
- split horizon - don't forward a packet out the same interface that it came in on
- uses hop count as metric
- classful
- no support for VLSM
- administrative distance is 120

version 2
- classless
- supports VLSM
- administrative distance is 120
- multicasts routing updates to
- suitable for small networks with fewer hops
- metric is hop count
- ip summary-address rip

- AD is 90
- classless
- supports VLSM
- suitable where mutliple routed protocols are to be supported
- not suitable for multi-vendor networks
- metric is bandwidth, delay, reliability, load, MTU

- modes - server - update own database and send advertisements - is the default mode
- client - can not update their local database on their own. process and update based on advertisements from server
- transparent - used to just forward VTP messages in between. Can update their local database but not advertised
- vtp domain and passwords need to match for switches to share VLAN information

Router on a switch - to communicate between VLANs
- router has sub-interfaces, one in each VLAN subnet and the ip of the sub-interface is set as the gateway in each vlan
- the encapsulation type has to match

Frame Relay
show frame-relay map - shows DLCI and IP address mapping
States : Active, Inactive(remote side problem), Deleted(incorrect mapping entry)

show frame-relay pvc - shows all DLCIs configured with statistics

show frame-relay lmi - sequence numbers should keep increasing depending on keepalive value set in "show interface serial1/0"

LMI acts as keepalive in Frame Relay.

Frame Relay encapsulation types
encapsulation frame-relay ietf
encapsulation frame-relay - defaults to cisco
The encapsulation has to match between DTEs.

LMI types
frame-relay lmi-type ansi/q933a/cisco
LMI types have to match between DTE(Router) and the Frame Switch

DLCIs can be anything between 16 and 1019.

Status can be seen in show interface serial 1/0

On point to point links, frame-relay interface-dlci 111
Otherwise, frame-relay map ip 111 broadcast

Inverse ARP - used to find the dlci given the ip address
Proxy ARP - router returns the MAC address of its interface when the destination is on a remote network
Reverse ARP - to find the IP address of a known mac
ARP - find mac given ip address

PPP consists of HDLC(Encapsulation), LCP(Link Control Protocol - to establish,maintain connections), NCP (Network Control Protocol - to determine which Network Layer Protocol)
LCP provides multilink, callback, authentication, compression

OSI model - to let different vendors interwork
Application/Presentation/Session/Transport/Network/Data Link/Physical
Data link - Logical Link Control and MAC - Media Access Control

TCP/IP model
Process/Application(App/presentation/session) -> Host-to-Host(Transport) -> Internet(Network) -> Network Acess(data link and physical)

TCP - connection oriented, flow control, error detection and recovery, sequencing, windowning
FTP 20/21, SSH - 22, Telnet - 23, SMTP - 25, HTTP - 80, POP - 110, SSL - 443

UDP - connectionless, best effort delivery
DHCP - 67/68, SNMP - 161, TFTP - 69

DNS - 53 on both, 24 on both for mail

Wireless technologies
- 802.11, 802.11a, 802.11 b, 802.11 g, 802.11n
- 900MHZ, 2.4GHZ, 5GHZ - frequency
- 802.11a - enhancement to basic 802.11 - 6 to 54 MBPS speed on 5GHZ - uses ODFM - 12 channels
- 802.11 b - 1 to 11 MBPS on 2.4 GHZ - uses DSSS - 3 channels
- 802.11g - 6 to 54 MBPS on 5GHZ - uses OFDM but switches to DSSS if there is even one 802.11b AP - 3 channels
- 802.11n - 23 channels
- Basic Service Set - one AP
- Extended Service Set - multiple APs all using same SSID to enable seamless roaming but different channels

Memory components
EEPROM - flash - stores IOS
NVRAM - stores startup-config, configuration register
RAM - stores running config, ARP cache
ROM - stores ROM Monitor(piece of code to test, debug), POST, bootstrap, ROM IOS - very basic IOS - to enable an interface and other maintenance commands - loaded if IOS is not found in flash or TFTP server

Configuration register - 0x2102 - default value - load IOS from flash - follow boot sequence in NVRAM
0x2142 - escape startup configuration values to recover password
Ctrl+break while booting will take u into rom monitor mode.
0x2100 - rom monitor mode rommon>
0x2101 - rom boot mode router(boot)>
0x2102 to ff - boot sequence in NVRAM

1. Ping localhost - to test TCP/IP stack implementation
2. Ping local ip - to test NIC card
3. Ping local gateway - to test local network
4. Ping remote address - to check if it is a remote problem

interface is administratively down - no shutdown has to be given
interface is down - ip address not set on remote interface or remote interface has to be issued no shutdown
line protocol is down - some logical issue - no keepalives(lmi) or encapsulation mismatch or clock rate not supplied

- ip nat inside
- ip nat outside
- ip nat pool Pool1 prefix-length 29
- access-list 1 permit
- ip nat inside source list 1 pool Pool1 overload
- static translation - ip nat inside source static
ip nat inside source static interface serial0
- each nat translation entry takes 160 bytes
- nat helps conserve ip addresses, reuse ip addresses, reduces overhead when changing ISPs, connecting networks with overlapping address space
- nat can cause routing delays, end to end ip traceability, some applications don't work with NAT
- show ip nat translations
- show ip nat statistics
- clear ip nat translations *
- ip nat translations max-entries
- ip nat translations timeout

access lists
1. standard
1 to 99, 1300 to 1999
filter only on source address
access-list 1 permit host
access-list 1 permit
access-list 1 permit

(config-if)#ip access-group 1 in
(config-line)#ip access-class 1 in

2. extended
access-list 100 permit tcp host host eq www

3. named
ip access-list standard 1
permit host
deny host

Don't forget IMPLICIT deny at the end

3. lock and key ACLs - require the user to telnet and login to get authenticated
4. dynamic ACLs - specify time during which ACL will apply
time-range NO_TELNET periodic weekends 10:00 5:00
ip access-list 100
deny tcp any host eq telnet time-range NO_TELNET
permit tcp any host eq telnet time-range AlWAYS

floating routes
- when the default administrative distance of a static route is changed

configuring use of SSH instead of Telnet on vty lines
hostname aaa
ip domain-name

line vty 0 4
transport input ssh telnet

crypto key generate rsa general-keys modulus 1024
ip ssh authentication-retries
ip ssh timeout

configuring DNS on IP
ip domain-lookup
ip name-server
ip domain-name

configuring dhcp on ipv6
ipv6 unicast-routing - global
ipv6 enable on an interface
ipv6 dhcp pool pool1
prefix-delegation pool pool1 lifetime 3600 3600

config-if)#ipv6 dhcp server pool1
global - 2000::/3
six to four tunnelling - 2002::/16
unique local/site local - FC00::/7
link local - FE80::/10
multicast - FF00::/8

Modified EUI - insert FF:FE into the MAC address to get IP v6 address and change second bit based on whether it is a local or global address
First and second bits of mac-address
I/G and G/L in MAC Address
I = individual when 0
G = multicast/broadcase when 1

G = 0 globally administered by IEEE
L = 1 local administration like DEC

Creating a IPv4 dhcp pool
dhcp pool pool1

ip dhcp excluded-address

Cabling standards
10Base2 - 185
10Base5 - 500
10BaseT - 100

100BaseT - 100
100BaseF - 412

1000BaseC - 25 metres
1000BaseT - 100 metres
1000BaseS - MMF - 550metres
1000BaseL - Single mode - 3to 10km

a - 6-54mbps - 5GHz - 12 channels - 190-75
b - 1 to 11mbps - 2.4Ghz - 3 channels - 350 - 160
g - 6 to 54mbps - 2.4Ghz - 3 channels - 300 - 90
h - 6-54mbps - 5GHZ - 23 channels
n - MIMO - 23 channels - upto 250mbps

Wireless authentication methods
shared key
mac based

wpa - TKIP and AES