Monday, October 25, 2010

CCNA Prep - Key points

Main functions of switches
1. Perform switching in the hardware
2. Address learning
3. Loop avoidance
4. Forward/Filter/Flood
5. Store and Forward(get full packet into memory buffer and then forward), Cut-through(read only destination mac and forward), Fragment free (read first 64 bytes and then forward)
6. increase bandwidth
7. increase collision domains
8. reduce size of collision domain

Spanning Tree Protocol
- runs on a per VLAN basis - 802.1d
- to prevent switching loops
- it takes time to converge... is completely converged when the all ports are either in forwarding or blocking mode
- root bridge has all ports in forwarding mode - but don't get confused, when etherchannel is configured also, all ports will be shown as forwarding
- etherchannel configuration
int port-channel 1
int range fastethernet 1-10
switchport mode trunk
channel-group 1 mode desirable auto

- disabled, blocked, listening, learning, forwarding

forward-delay is 15 seconds - 15 seconds in listening and 15 seconds in learning
wait interval - 20 seconds.. wait for 20 seconds for hello packet before stp is recalculated.

BPDU - Bridge Protocol Data Unit - Bridge Priority:Mac Address
The root bridge is the one with the smallest Bridge ID.

On access ports turn on portfast to reduce STP overhead or we can run rapid Spanning Tree Protocol 802.1w - does away with listening and learning states
Costs
10MBPS - 100
100 MBPS - 19
1000 MBPS - 4
10000 MBPS - 2

Port Security
switchport port-security maximimum 2
switchport port-security mac-address sticky
switchport port-security violation shutdown/restrict/protected

UplinkFast - actively finds the next best path to be enabled in case the currently active path fails
switchport uplinkfast

BackboneFast - enabled on access switches. When a switch recieves an inferior BPDU from the designated switch, it knows that the link to the root bridge has failed.
switchport backbonefast

BPDU Guard - puts the port into err-disabled state if a BPDU is recieved on the port on which this is enabled
switchport bpduguard enable

BPDUFilter - removes the port from portfast mode once it receives a BPDU
switchport bpdufilter enable

OSPF
- process id is locally significant
- process id can be from 1 to 65535
- link state protocol
- sends hello packets every 2 seconds
- link state advertisements are sent out only when there is change in topology
- administrative distance is 110
- suitable for multi-vendor networks
- metric is cost
- for routers to become neighbours
* get hello packet
* same area
* same network mask
* same hello and dead timers
- types of routers
- backbone router - at least one interface in area 0
- area border router - between areas
( all backbone routers are area border routers but not the other way around)
- AS border router - during redistribution
- internal routers - all interfaces in same area
- auto-summarization
router ospf#area 1 ip range 172.16.20.1 172.16.20.4

Costs
56KBPS line - 1785
64KBPS line - 1586
T1 line - 1544 KBPS - 64
Ethernet - 10 MBPS - 10
FastEthernet - 100 MBPS - 1
100000000/speed in bps

RIP
version 1
-broadcast routing updates
- holdowns, split horizon, route poisoning used to prevent routing loops
- holddowns - wait for a particular duration before taking the next step
- route poisoning - advertising a route as unreachable
- split horizon - don't forward a packet out the same interface that it came in on
- uses hop count as metric
- classful
- no support for VLSM
- administrative distance is 120

version 2
- classless
- supports VLSM
- administrative distance is 120
- multicasts routing updates to 224.0.0.9
- suitable for small networks with fewer hops
- metric is hop count
- ip summary-address rip 172.16.20.1 172.16.20.4

EIGRP
- AD is 90
- classless
- supports VLSM
- suitable where mutliple routed protocols are to be supported
- not suitable for multi-vendor networks
- metric is bandwidth, delay, reliability, load, MTU

VTP
- modes - server - update own database and send advertisements - is the default mode
- client - can not update their local database on their own. process and update based on advertisements from server
- transparent - used to just forward VTP messages in between. Can update their local database but not advertised
- vtp domain and passwords need to match for switches to share VLAN information

Router on a switch - to communicate between VLANs
- router has sub-interfaces, one in each VLAN subnet and the ip of the sub-interface is set as the gateway in each vlan
- the encapsulation type has to match

Frame Relay
show frame-relay map - shows DLCI and IP address mapping
States : Active, Inactive(remote side problem), Deleted(incorrect mapping entry)

show frame-relay pvc - shows all DLCIs configured with statistics

show frame-relay lmi - sequence numbers should keep increasing depending on keepalive value set in "show interface serial1/0"

LMI acts as keepalive in Frame Relay.

Frame Relay encapsulation types
encapsulation frame-relay ietf
encapsulation frame-relay - defaults to cisco
The encapsulation has to match between DTEs.

LMI types
frame-relay lmi-type ansi/q933a/cisco
LMI types have to match between DTE(Router) and the Frame Switch

DLCIs can be anything between 16 and 1019.

Status can be seen in show interface serial 1/0

On point to point links, frame-relay interface-dlci 111
Otherwise, frame-relay map ip 172.16.20.1 111 broadcast

Inverse ARP - used to find the dlci given the ip address
Proxy ARP - router returns the MAC address of its interface when the destination is on a remote network
Reverse ARP - to find the IP address of a known mac
ARP - find mac given ip address

PPP consists of HDLC(Encapsulation), LCP(Link Control Protocol - to establish,maintain connections), NCP (Network Control Protocol - to determine which Network Layer Protocol)
LCP provides multilink, callback, authentication, compression

OSI model - to let different vendors interwork
Application/Presentation/Session/Transport/Network/Data Link/Physical
Data link - Logical Link Control and MAC - Media Access Control

TCP/IP model
Process/Application(App/presentation/session) -> Host-to-Host(Transport) -> Internet(Network) -> Network Acess(data link and physical)

TCP - connection oriented, flow control, error detection and recovery, sequencing, windowning
FTP 20/21, SSH - 22, Telnet - 23, SMTP - 25, HTTP - 80, POP - 110, SSL - 443

UDP - connectionless, best effort delivery
DHCP - 67/68, SNMP - 161, TFTP - 69

DNS - 53 on both, 24 on both for mail

Wireless technologies
- 802.11, 802.11a, 802.11 b, 802.11 g, 802.11n
- 900MHZ, 2.4GHZ, 5GHZ - frequency
- 802.11a - enhancement to basic 802.11 - 6 to 54 MBPS speed on 5GHZ - uses ODFM - 12 channels
- 802.11 b - 1 to 11 MBPS on 2.4 GHZ - uses DSSS - 3 channels
- 802.11g - 6 to 54 MBPS on 5GHZ - uses OFDM but switches to DSSS if there is even one 802.11b AP - 3 channels
- 802.11n - 23 channels
- Basic Service Set - one AP
- Extended Service Set - multiple APs all using same SSID to enable seamless roaming but different channels

Memory components
EEPROM - flash - stores IOS
NVRAM - stores startup-config, configuration register
RAM - stores running config, ARP cache
ROM - stores ROM Monitor(piece of code to test, debug), POST, bootstrap, ROM IOS - very basic IOS - to enable an interface and other maintenance commands - loaded if IOS is not found in flash or TFTP server

Configuration register - 0x2102 - default value - load IOS from flash - follow boot sequence in NVRAM
0x2142 - escape startup configuration values to recover password
Ctrl+break while booting will take u into rom monitor mode.
0x2100 - rom monitor mode rommon>
0x2101 - rom boot mode router(boot)>
0x2102 to ff - boot sequence in NVRAM

Troubleshooting
1. Ping localhost 127.0.0.1 - to test TCP/IP stack implementation
2. Ping local ip - to test NIC card
3. Ping local gateway - to test local network
4. Ping remote address - to check if it is a remote problem

interface is administratively down - no shutdown has to be given
interface is down - ip address not set on remote interface or remote interface has to be issued no shutdown
line protocol is down - some logical issue - no keepalives(lmi) or encapsulation mismatch or clock rate not supplied

NAT
- ip nat inside
- ip nat outside
- ip nat pool Pool1 201.1.1.1 201.1.1.5 prefix-length 29
- access-list 1 permit 192.168.1.1 0.0.0.255
- ip nat inside source list 1 pool Pool1 overload
- static translation - ip nat inside source static 10.1.1.1 15.1.1.1
or
ip nat inside source static 10.1.1.1 interface serial0
- each nat translation entry takes 160 bytes
- nat helps conserve ip addresses, reuse ip addresses, reduces overhead when changing ISPs, connecting networks with overlapping address space
- nat can cause routing delays, end to end ip traceability, some applications don't work with NAT
- show ip nat translations
- show ip nat statistics
- clear ip nat translations *
- ip nat translations max-entries
- ip nat translations timeout

access lists
1. standard
1 to 99, 1300 to 1999
filter only on source address
access-list 1 permit host 1.1.1.1
access-list 1 permit 1.1.1.1 0.0.0.0
access-list 1 permit 172.12.12.0 0.0.0.255

(config-if)#ip access-group 1 in
(config-line)#ip access-class 1 in

2. extended
access-list 100 permit tcp host 1.1.1.1 host 5.5.5.5 eq www

3. named
ip access-list standard 1
permit host 1.1.1.1
deny host 5.5.5.5

Don't forget IMPLICIT deny at the end

3. lock and key ACLs - require the user to telnet and login to get authenticated
4. dynamic ACLs - specify time during which ACL will apply
time-range NO_TELNET periodic weekends 10:00 5:00
ip access-list 100
deny tcp any host 5.5.5.5 eq telnet time-range NO_TELNET
permit tcp any host 6.6.6.6 eq telnet time-range AlWAYS


floating routes
- when the default administrative distance of a static route is changed

configuring use of SSH instead of Telnet on vty lines
REQUIRED
hostname aaa
ip domain-name aaa.com

line vty 0 4
transport input ssh telnet

crypto key generate rsa general-keys modulus 1024
ip ssh authentication-retries
ip ssh timeout

configuring DNS on IP
ip domain-lookup
ip name-server
ip domain-name todd.com

configuring dhcp on ipv6
ipv6 unicast-routing - global
ipv6 enable on an interface
ipv6 dhcp pool pool1
domain-name
dns-server
prefix-delegation pool pool1 lifetime 3600 3600

config-if)#ipv6 dhcp server pool1
ipv6
----
global - 2000::/3
six to four tunnelling - 2002::/16
unique local/site local - FC00::/7
link local - FE80::/10
multicast - FF00::/8

Modified EUI - insert FF:FE into the MAC address to get IP v6 address and change second bit based on whether it is a local or global address
First and second bits of mac-address
I/G and G/L in MAC Address
I = individual when 0
G = multicast/broadcase when 1

G = 0 globally administered by IEEE
L = 1 local administration like DEC

Creating a IPv4 dhcp pool
dhcp pool pool1
network 172.16.10.0 255.255.255.0
default-router 172.16.0.254

ip dhcp excluded-address 172.16.0.254

Cabling standards
10Base2 - 185
10Base5 - 500
10BaseT - 100

100BaseT - 100
100BaseF - 412

1000BaseC - 25 metres
1000BaseT - 100 metres
1000BaseS - MMF - 550metres
1000BaseL - Single mode - 3to 10km


802.11
a - 6-54mbps - 5GHz - 12 channels - 190-75
b - 1 to 11mbps - 2.4Ghz - 3 channels - 350 - 160
g - 6 to 54mbps - 2.4Ghz - 3 channels - 300 - 90
h - 6-54mbps - 5GHZ - 23 channels
n - MIMO - 23 channels - upto 250mbps

Wireless authentication methods
open
shared key
ssid
mac based
wep

wpa - TKIP and AES