Notes from CCNA Prep Course
Modes
User exec - default login. CMD ID ">"
Privilieged exec - 'enable' to access. Full visibility but no ability to change configs. CMD ID "#"
Global config - 'configure terminal' or 'conf t' to access. Full access to change configs. CMD ID "(config)#"
Exit moves you back one level. End goes back to privileged exec.
'do' command executed a priv. exec level command from global conf mode
Show
show running config or sh run -- shows current configuration
show startup config -- shows default (on boot) configuration
show ip interface brief
Set Password
enable secret [password]
secret is always encrypted
No
removes command previously configured
Save Configuration
write, write memory, or copy running-config startup-config
Cabling
Crossover Cable
used to connect two like devices (same level of osi model) e.g. switch-switch or router-router
pins - 1-3, 2-6, 3-1, 4-7, 5-8, 6-2, 7-4, 8-5
Straight-Through Cable
used to connect two devices across layers of the OSI model
pins are same e.g. 1-1, 2-2, 3-3...
Console/Rollover Cable
Connects terminal to console port
pins 1-8 are reversed
Devices with Auto-MDI/MDIX - a feature that automatically detects the required cable type (straight-through or crossover) for an Ethernet connection - can use crossover or straight-through.
Encapsulation Terms
Data -- L5+ - Data | process-to-process communication
Segment -- L4 -- Data + L4 header | host-to-host communications
Packet -- L3 -- Data + L4 header + l3 header
Frame -- L2 - L2 trailer + Data + L4 header + l3 header + l2 header
DSPF - da sunscreen
Ethernet Frames (L2)
Ethernet Header fields -- Preamble | SFD (start frame delimiter) | Destination (mac) | Source (mac) | type - L3 protocol used in the packet XOR length
Preamble - 7 bytes - allows device to sync reciever clocks to make sure they're ready to recieve rest of frame
SFD (Start Frame Delimiter) - 1 byte - Marks the end of the preamble and the beginning of the rest of the frame with 10101011
Destination and Source - 6 bytes each - MAC Address
IF 802.1Q (VLAN TAGGING) is assigned it will be placed here - 4 bytes
Type xor Length - 2 bytes - Value of 1500 or less indicates length in bytes - Value of 1536 or more indicates type of indicated packet (usually ipv4/ipv6) e.g. 0x0800 means ipv4 (0x indicates hex)
--DATA--
Ethernet Trailer field - FCS (Frame Check Sequence) - 4 bytes in length - detects corrupted data by running CRC (cyclic redundancy check) over the recieved data
minimum ethernet frame size is 46 bytes, anything under that will be padded with 0s
Basic Switching Functions
Switches use MAC Address tables to determine where frames need to go
Adds each device that communicates with it to this table along with the associated port
If a destination MAC is not in the mac address table, the switch floods the frame across all available ports. This is called an unknown unicast frame
If the destination mac is in the mac address table, the switch forwards the frame to the assocaited port. This is called a known unicast frame.
When a MAC address is learned via broadcast, it is called Dynamic
Dynamic mac addresses are removed from the MAC address table after 5 minutes of inactivity.
Command to clear dynamic mac addresses - 'clear mac address-table dynamic'
clear mac address-table dynamic [option] [value]
options -- address [mac address] clears one mac | interface [if-id] clears one interface
Address Resolution Protocol (ARP)
Used to discover L2 address of a known L3 address
ARP request is broadcast. FFFF.FFFF.FFFF = broadcast MAC address
ARP reply is unicast - sent only to the host that sent the request
Ping
used to test reachability. measures round-trip time.
Uses two messages: ICMP Echo Request && ICMP Echo Reply
L3 - Network Layer
Provides connectivity between end hosts on different networks
provides logical addressing (ip)
Provides path selection between source and destination
Routers need an IP address for each network they are connected to
IP addresses such as 192.168.0.1 are referred to as 'dotted decimal' format
IPV4 Address Classes
| Class | First Octet | First Octet Numerical Range | Prefix Length |
|---|---|---|---|
| A | 0xxxxxxx | 0-127 | /8 |
| B | 10xxxxxx | 128-191 | /16 |
| C | 110xxxxx | 192-223 | /24 |
| D | 1110xxxx | 224-239 | |
| E | 1111xxxx | 240-225 |
Class D addresses reserved for multicast addresses
Class E addresses reserved for experimental purposes
127 range is reserved for loopback addresses. Used to test the network stack. Computers process traffic sent to 127 addresses down and up the stack as if it was sent from another computer
Assigning IP Info
Network address = host portion of the address is all 0s
First usable address - 1 above network address
Broadcast address = Host portion of the address is all 1s
Reserved for non-hosts - Network Address (all 0s), Broadcast Address (all 1s)
Gateway Address are technically hosts, so when calculating numbers of hosts they are not included. E.g. binary to decimal calculation minus 2 (broadcast and network)
Interface Configs
Cisco switch interfaces are not administratively down (e.g. shutdown [if-id]) by default. Router interfaces are administratively down by default.
To configure an interface, type interface [if-name]. The CLI will show NAME(config-if)
Interface range specification can be used to interact with multiple ports at once, so to shutdown all ports it would be something like 'interface range Gigabit1/1-48' | shutdown
Interface names can be identified with 'show interfaces' command
Set ip with 'ip address' command and then the ip address and subnet mask in dotted decimal
open a port with 'no shutdown' or 'no shut' command for short. Example:
R1(config-if)#ip address 10.255.255.254 255.0.0.0
R1(config-if)#no shutdown
interface descriptions can be added with 'description' command followed by the description
'interface range f0/5 - 12' to select fastethernet interfaces five to twelve
'show ip interfaces brief' gives a concat view of the interfaces. | 'show interfaces status' gives a status view of the interfaces
Configuring interface speed and duplex
Interfaces that can run at different speeds have default setting of speed auto and duplex auto
a-[#] in 'show interfaces status' output indicates the shit was automatically choosen to be the fastest shared speed available
Interfaces 'advertise' to neighboring device to negotiate the best option
If autonegotiation is turned off on neighboring device, switch will attempt to sense speed other device is using, and if that fails it will use the SLOWEST supported speed
in this scenario, if speed is 10 or 100 mbps the switch will use half-duplex
if the result is a "duplex mismatch" collisions will occur, resulting in poor performance
'speed [#]' forces a specific mbps | use 'speed ?' to determine available settings | 'speed auto' enables auto speed
'duplex [option] to set duplex | options: auto, full, half
half duplex - can't send and recieve at same time. | full duplex - hmmmmmmmmm
CSMA/CD
Carrier Sense Multiple Access with Collision Detection
depracated - Was used for hubs. Switches separate collision domains.
describes how devices avoid collision in half duplex and how they react when collisions occur
before sending frames devices 'listen' to collision domain until they detect that other devices are not sending
if collision occurs, device sends a jamming signal to inform other devices
each device waits random amount of time before sending frames again
Interface Errors (as seen in show interfaces output)
Runts: Frames that are smaller than minimum frame size (64 bytes)
Giants: Frames larger than max size (1518 bytes)
CRC: Frames that failed CRC (in etnernet fcs trailer)
Frame: frames in incorrect format
Input Errors: Total of various counters such as above
IPv4 Header
Version - 4 bits - binary representation of IPv 4 (0100) or 6 (0110)
IHL - Internet Header Length - 4 bits - indicates total length of the header in bytes (this value is then multiplied by 4). Minimum value is 5, maximum value is 15
DSCP - Differentiated services code point - 6 bits - Used for QOS - prioritizes delay-sensitive data (streaming audio, video)
ECN - Explicit Congestion Notification - 2 bits - end-to-end notification of network congestion without dropping packets. Requires both parties to support
Total Length - 16 bits - indicates total length of the packet, measured in bytes. Not multiplied by 4 like the IHL field. Min value is 20, max value is 65635
Identification - 16 bits - for fragmenting packets. All fragments of the same packet will have the same value in this field for re-assembly. MTU defines size before fragmentation (usually 1500 bytes)
Flags - 3 bits - used to control/identify fragments | bit 0 = Reserved | Bit 1 = Don't Fragment (DF Bit) | Bit 2 = More Fragments (MF Bit). 1 means more fragments in packet, 0 means this is the last fragment. Unfragmented packets always set to 0
Fragment offset - 13 bits - indicates position of fragment within original unfragemnted packet. Allows for reassembly when recieved out of order
Time to live - TTL - 8 bits - router drop ttl = 0 packets. Used to prevent infinite loops. In practice, indicates a 'hop count'. Routers decrease TTL by one every time they recieve packet.
Protocol - 8 bits - Indicates protocol of encapsulated L4PDU | Value of 6 = TCP | 17 = UDP | 1 = ICMP | 89 = OSPF
Header Checksum - 16 bits - used to check for errors in IPV4 header. Router drops packet if calculated checksum and this value don't match. Just for header content, TCP and UDP have their own checksums.
Source IP - 32 bits
Destination IP - 32 bits
Options - 0 to 320 bits - IHL>5 indicates options present | rarely used
Routing
Routing determines path over network
These paths are stored in a routing table
Routing Methods
Dynamic Routing - i.e. OSPF - shares routing information with other routers automatically to build routing tables
Static Routing - routes are manually configured
Basic Flow
A route tells the router: to send packet to destination X you should send the packet to next-hop Y
or - if destination is directly connected to router, send to destination | or, if destination is router's own IP, recieve packet
Routing Table
'show ip route' command displays the routing table
Conncted Route - route to the network the interface is connected to
Local Route - a route to the IP address configured on the interface
If a packet matches two entries in the routing table, the router will choose the most specific matching route.
Variably subnetted means that there are two routes to subnets that fit within the network
Default Gateway
AKA Default Route or Gateway of Last Resort
default is 0.0.0.0/0 - includes all addresses
often used to direct traffic to the internet
configure Default Route - 'ip route 0.0.0.0 0.0.0.0 [next-hop]'
Static Route Configuration
Routers don't have to have each hop manually included, just the next hop in line to a specific network
'ip route [ip-address] [netmask] [next-hop]'
e.g. ip route 192.168.1.0 255.255.255.0 192.168.3.3
Static Routes are indicated with a S in the routing table ('show ip route')
Routers re-encapsulate packets with L2 information before forwarding it onto the next device
Exit interfaces are an alternative to next hop. Instead of specifying IP to send packets to, specifies port for packets to be sent from
'ip route [ip-address] [netmask] [interface]'
e.g. ip route 1902.168.1.0 255.255.255.0 g0/0 | [next-hop] can also be included at the end of the command here
specifying an exit port makes the routing table display that the destination network is directly connected (is it not)
Devices will arp to discover each-other's MACs if they haven't already talked
Subnetting
breaks networks into smaller, more manageable segments
2^x-2 = Usable Addresses
x = number of bits assigned to the network portion
e.g. /24 = 255.255.255.0 = 8 bits assigned. | x = 8 | 2^8-2 = 254 usable addresses
the -2 comes from the BROADCAST address and the NETWORK address.
the /31 mask is for point-to-point networks. There is no need in this case for a network address or a broadcast address, so both addresses can be assigned to the routers
although this is preferrable in practice, for the CCNA test - use /30 point-to-point instead
the /32 mask identifies a route to a single host, including loopback interfaces
to determine which subnet a host belongs to - change all host bits to 0
2^x = number of possible subnets | x = number of borrowed bits
VLSM - Variable Length Subnet Mask
Essentially means using multiple subnet mask values in a network
Assign the subnets from largest to smallest
start each additional subnet following the broadcast address of the previous
Managing LANs
A LAN is defined as a single broadcast domain
A Broadcast Domain is defined as the group of devices which will recieve a broadcast frame (destination MAC FFFF.FFFF.FFFF) sent by any other member
unecessary broadcast traffic impacts network performance
VLANs
Configured on a per-interface basis
logically separate end hosts at L2
switches WILL NOT forward traffic between VLANS
traffic between vlans on a single switch is forwarded back and forth from a router
'show vlan brief' displays existing vlans and corresponding interfaces
VLANs 1, 1002-1005 exist by default and CANNOT BE DELETED
Example vlan configuration
'interface range g1/0 - 3' goes into (config-if-range) mode to give manage multiple interfaces
'switchport mode access' puts ports into Access Mode which belong to a single VLAN
'switchport access vlan #' adds the vlan tag to the interfaces
Create and manage VLANs
'vlan #' brings you into (config-vlan) mode for # vlan and will create the vlan if needed
assigning a vlan that doesn't exist will also create that # vlan
in (config-vlan) mode: 'name' allows you to change the name of the vlan
Trunk Ports
Carry traffic from multiple VLANs over a single interface
all vlans allowed by default
'switchport trunk encapsulation dot1q' | not necessary on devices that only support dot1q
'switchport mode trunk'
'show interfaces trunk'
'switchport trunk allowed vlan #,#...'
'switchport trunk allowed vlan ?' for more options | add, all, except, none, remove
802.1Q Tag
16 bits in length
TPID - Tag Protocol Identifier: value always 0x8100 to indicate frame is tagged.
reminder:0x represents a declaration that the following is hex
pcp - 3 bits - prioritizes conjested traffic
dei - 1 bit - frame can be dropped if network is congested
VID - 12 bits - identifies vlan frame belongs to. 2^12=4095 - number of available vlans but 0 and 4095 can't be used so actually 1-4094
normal vlans - 1-1005
extended vlans - 1006-4094
native vlan - vlan 1 - other native vlan can be configured on each trunk port
for security purposes, it's best to change the native vlan to an unused vlan
'switchport trunk native vlan #'
switch does not add 802.1Q tag to native VLAN
when switch recieves untagged frame it assumes it belongs to native vlan
Router on a Stick
only uses one physical interface on the router
vlans can be enabled on the router as well as subinterfaces
'interface g0/0.10' | switches to g0/0 subinterface 10 showed by (config-subif) | recommended to match subif number to vlan number
'encapsulation dot1q 10' | tells router to treat any arriving frames with 10 vlan tag to arrive on this subinterface. Router tags all frames leaving this subinterface with 10
'encapsulation dot1q vlan-id native' | sets the native vlan on a router
configuring the IP address for the native VLAN's subnet on the router's physical interface makes the previous command unecessary
'no interface g0/0.10' | deletes the subinterface
Layer 3 Switch
layer 3 switch == multilayer switch
multilayer switch is capabble of both switching and routing
can configure routed ports which behave like a router
can create virtual interfaces for each VLAN, and assign IP addresses to those interfaces
if you use virtual interfaces, assign these interface IPs as the local PCs gateway address
can be used for inter-vlan routing
Configuring L3 Switch with SVIs (Switch Virtual Interface)
'ip routing' (in global config mode) | activates L3 capabilities
'interface g0/1' | this and next two are assigning ip to L3 switch interface and the default route
'no switchport' | ??? this wasn't in the tutorial video but later was said to be necessary
'ip address [interface-ip] [subnet-mask]'
'ip route 0.0.0.0 0.0.0.0 [next-hop]' | sets default route to forward all traffic to next router
now we set up the SVIs
'interface vlan10'
'ip address [subnet-IP] [subnet-mask]'
'no shutdown' | SVIs are shut by default, so don't forget to 'no shut' them
Dynamic Routing
advertises information about the routes they know to other routers
routers form "adjancies" / "neighbor relationships" / "neighborships" with adjacent routers to exchange this information
if multiple routes are learned it uses the "metric" of a route to determine which is superior and chooses that route
Types of Dynamic Routing Protocols
IGP (Interior Gateway Protocol)
Algorithm Type - Distance Vector | RIP (Routing Information Protocol) and EIGRP (Enhanced Interior Gateway routing Protocol)
Distance Vector was created first
Operate by sending known destination networks and their metric to reach their known destination network
often called 'routing by rumor' since routers don't know the network well beyond neighbors
called 'distance vector' because routers only learn the "distance" (metric) and "vector" (direction, the next hop router) of each route
Algorithm Type - Link State | OSPF (Open Shortest Path First) and IS-IS (Intermediate System to Intermediate System)
Makes a complete map of the network to calculate the best route
EGP (Exterior Gateway Protocol)
Only EGP algorithm is Path Vector - Exclusively Border Gateway Protocol
EGP shares information BETWEEN AUTONOMOUS SYSTEMS
Metrics
If for a routing table entry destination, administrative distance, and metric, are all identical then traffic will be load balanced across both paths.
this is called ECMP (Equal Cost Multi-Path)
possible to do this with static routes as well
STP
Essentialls disables (blocks) some links between switches and leaves others open (forwarding)
STP is always on by default from every vendor
Switches send/receive 'Hello BPDUs' out of all interfaces, by default every 2 seconds
If a switch recieves a 'Hello BPDU' on an interface, it knows that it's connected to another switch
switches use the bridge ID field of the BPDU to elect a root bridge for the network
lowest bridge ID becomes root bridge
all ports on root bridge (designated ports) are put in forwarding state, and other switches must have a path to reach this switch
default bridge prio is 32768 so by default mac address is the tiebreaker
cisco switches use a version called PVST (Per-VLAN Spanning Tree) which runs a separate STP instance in each VLAN
once root bridge is selected, each remaining switch will select one of its interfaces to be its root port (forwarding state)
ports across from the root port are always designated ports.
root port selection:
1: Lowest root cost
2: Lowest neighbor bridge ID
3: Lowest neighbor port ID
Root Port and Root Cost
Each switch in the spanning tree will select ONE interface to be a root port. The interface with the lowest root cost will be the root port.
Higher speed interfaces incur a lower cost from being selected as the root port
| Speed | STP Cost |
|---|---|
| 10 Mbps | 100 |
| 100 Mbps | 19 |
| 1 Gbps | 4 |
| 10 Gbps | 2 |
Random Tidbits from Practice Tests
Video QOS Requirements
bandwidth - 384kb to 20+mb | data loss - 0.1 to 1% | delay - 200 to 400ms | jitter - 30 to 50 ms
yank image from a remote server
'copy tftp flash' | brings up config dialogues, so no need to specify options in the command
QoS Per-Hop Behaviors (PHBs)
Classification, marking, queuing, congestion, policing, shaping
Centralized DHCP Server
'ip helper-address' tells routers to notice subnet broadcasts and change the source and destination to the DHCP server so other hosts can get a dhcp address
'ip address dhcp' tells routers in (config-if) mode to go lease an address for the interface
CDP - Cisco Discovery Protocol
'cdp run' to enable
learns info about neighboring devices
Includes:
--device identifier (host name)
--address list (network and dat-link addresses)
--port identifiers (interface that sent the request)
--capabilities list (the type of device)
--platform (model and OS)
Autonomous AP Functions
Management Functions: RF Management, Associations and roaming management, client authentication, security management, QoS
Real-time functions: RF transmit/receive, MAC management, encryption
Ethernet as a WAN technology
another option to leased lines
advantages: support up to 70-km length cables with 1000BASE-ZX standard
Service providers use EoMPLS (Ethernet over MPLS) to allow ethernet to send frames over the link
Note: HDLC and Serial links are used with leased lines. Ethernet WAN emulates a physical ethernet link, but telcos aren't limited by that
LAP and WLC
Use CAPWAP (Control and Provisioning of Wireless Access Points) tunneling protocol to encasulate data between a lightweight access point (LAP) and a wireless LAN controller (WLC)
Security Terms
Threat: the potential that a malicious user can use exploits on vulnerabilities
Vulnerability: a weakness that can be exploited
Mitigation Technique: a way to defend against malicious activity
Traffic Limits
Shaping limits bandwidth
Policing discards packets that exceed rate limit
Marking puts a tag on traffic to ID it
classification classifies (imagine that) traffic according to type
'show ip ospf interface brief'
lists the designated router/backup designated router (DR/BDR) state of each interface
Also includes - PID, area, IP address, mask, costs, and number of neighbors that are fully adjacent or 2 way
Link Layer Discovery Protocol (LLDP)
Turn off by doing 'no lldp transmit' | 'no lldp receive'
Ethernet Shared Media IS USED BY HUBS
Administrative distances
0 - Connected Routes (C)
0 - IPv6 Local Routes (L)
1 - Static Routes (S)
20 - External BGP (eBGP) ()
90 - EIGRP (Internal) (E)
100 - IGRP ()
110 - OSPF (O)
115 - IS-IS (i)
120 - RIP (R)
170 - EIGRP (external) ()
200 - Internal BGP (iBGP) ()
255 - Unusable route
Aging Time
MAC addresses remove entries from their MAC Address Table based on the "aging time" config
'mac address-table aging-time' | sets the aging time
'show mac address-table aging-time' | view aging time
FTP Info
used to transfer files AND SEND COMMANDS
A control connection is used to exchange FTP commands
In active mode, the FTP client sends a PORT command to the FTP server, although this method doesn't work well through firewalls
A FTP DATA CONNECTION is used to transfer files. FTP Uses TWO tcp ports, 21 for control traffic and 20 for other TCP port data
TFTP is an old protocol, doesn't have authentication or security, and is used for network boots such as PXE
Three-Tier'd LAN Design
Distribution Layer
Access Switches
Partial Meshes
Two-Tier'd LAN Design
Collapsed Core Layer combines Distribution and Core Layers
FHRP aka FIRRRP aka First Hop Redundancy Protocol
Provides gateway redundancy without hosts needing to change their configs.
Hosts only need to have one default router setting
Hosts use a virtual IP address for the FHRP as their default router
Routers exchange FHRP info with eachother to negotiate what to do if at any point in time one of them fails
Consists of three protocols
Hot Standby Router Protocol (HSRP) - Cisco protietary protocol where one router is active and another is standby
Virtual Router Redundancy Protocol (VRRP) - Vendor neutral HSRP alternative that functions similarly but allows multiple routers to share the same virtual IP
Gateway Load Balancing Protocol (GLBP) - Cisco protocol that provides load balancing instead of acting as a single router
Cisco Software-Defined Access (SDA or SD-Access)
Uses a controller with various APIs to simplify and automate network management and enhance security
Underlay includes switches and cabling that allow network device nodes to send IP packets (imagine that)
Overlay includes the functions that deliver endpoint packets across a network using tunnels between fabric nodes
The fabric is the combination of overlay and underlay which provides all features to deliver data across the network
A fabric border node is a switch that connects to devices outside of a SDA's control
OSPF Reservations
Multicast address 224.0.0.5 is reserved by IANA for all OSPF routers
224.0.0.6 is used for all SPF DRs
224.0.0.9 is used for RIPv2 Routers
224.0.0.10 is used for EIGRP routers
224.0.0.12 is used for DHCP
Syslog Severity Levels
from least to most severe
debugging, informational, notification, warning, error, critical, alert, emergency
Dynamic ARP Inspection (DAI)
used to protect switches from ARP attacks
compares the source mac in an arp message with mac entries in the DHCP Snooping Binding Table
'ip arp inspection limit rate' sets a limit of ARP messages per second
'errdisable recovery internal' sets time to recover from an interface err-disabled state.
DAI defaults to not trusting ports
Device connected to wireless network is called a station (STA)
includes access points along with laptops/phones/etc
basic service set (BSS) is a closed area including an AP and connected devices.
SSID is the identifier for the wireless network. BSSID is a unique identifier for an AP
RESTful API
Six Attributes - Client/Server architecture | stateless operation | caching | uniform interface | layered | code-on-command