Documente Academic
Documente Profesional
Documente Cultură
2|Page
WAN Topologies ......................................................................................................................................................... 33
LAN Topologies ........................................................................................................................................................... 34
Data Link Frame ......................................................................................................................................................... 34
4.5 Chapter Summary..................................................................................................................................................... 34
Summary ...................................................................................................................................................................... 34
Section 4.1 New Terms and Commands........................................................................................................................ 34
Section 4.2 New Terms and Commands........................................................................................................................ 35
Section 4.3 New Terms and Commands........................................................................................................................ 36
Section 4.4 New Terms and Commands........................................................................................................................ 36
Chapter 5 – Sections & Objectives .................................................................................................................................... 37
5.1 Ethernet Protocol ...................................................................................................................................................... 37
Ethernet Frame ........................................................................................................................................................... 37
Ethernet MAC Addresses ........................................................................................................................................... 38
5.2 LAN Switches ............................................................................................................................................................ 38
The MAC Address Table............................................................................................................................................ 38
Switch Forwarding Methods ...................................................................................................................................... 39
Switch Port Settings .................................................................................................................................................... 39
5.3 Address Resolution Protocol .................................................................................................................................... 39
MAC and IP................................................................................................................................................................. 39
ARP .............................................................................................................................................................................. 40
ARP Issues ................................................................................................................................................................... 40
5.4 Chapter Summary..................................................................................................................................................... 41
Chapter Summary Summary ..................................................................................................................................... 41
Section 5.1 New Terms and Commands........................................................................................................................ 41
Section 5.2 New Terms and Commands........................................................................................................................ 41
Section 5.3 New Terms and Commands........................................................................................................................ 41
Commands ..................................................................................................................................................................... 42
Configure basic Networking ...................................................................................................................................... 42
Troubleshoot basic Networking............................................................................................................................ 43
Troubleshoot networks with SPAN ...................................................................................................................... 44
Port Security .................................................................................................................................................................. 44
Troubleshooting Port Security .............................................................................................................................. 45
Configure vlans ............................................................................................................................................................. 45
Layer2 Switch Vlan Config ...................................................................................................................................... 45
Layer3 Switch Vlan Config ...................................................................................................................................... 46
3|Page
Router (on a Stick) Vlan Config ............................................................................................................................ 46
Troubleshoot Vlans on a switch ............................................................................................................................ 46
VTP ............................................................................................................................................................................... 47
Troubleshoot VTP ..................................................................................................................................................... 47
STP ................................................................................................................................................................................... 47
Troubleshoot STP ..................................................................................................................................................... 48
Etherchannel (Link Aggregation).............................................................................................................................. 48
Troubleshoot Etherchannel (Link Aggregation) ............................................................................................... 48
TODO: Configure a Serial............................................................................................................................................ 49
ACLs ................................................................................................................................................................................. 49
Interface ACLs............................................................................................................................................................ 50
Troubleshooting ACLs ............................................................................................................................................. 50
NAT .................................................................................................................................................................................. 50
SNAT ............................................................................................................................................................................ 51
DNAT ........................................................................................................................................................................... 51
PAT ............................................................................................................................................................................... 51
Troubleshooting NAT .............................................................................................................................................. 52
DHCP Server................................................................................................................................................................... 52
Troubleshooting DHCP ........................................................................................................................................... 53
HSRP ................................................................................................................................................................................ 53
Troubleshooting HSRP ............................................................................................................................................ 53
SLAs.................................................................................................................................................................................. 54
Troubleshooting SLAs ............................................................................................................................................. 54
Device Management .................................................................................................................................................... 54
Firmware Management ........................................................................................................................................... 55
License Management ............................................................................................................................................... 55
Reset Password ......................................................................................................................................................... 56
Telnet / Console ........................................................................................................................................................ 57
SSH ............................................................................................................................................................................... 57
Clock ............................................................................................................................................................................ 58
Disable unused services .......................................................................................................................................... 58
Radius .......................................................................................................................................................................... 59
TACACS+..................................................................................................................................................................... 59
4|Page
Syslog .......................................................................................................................................................................... 60
SNMP ........................................................................................................................................................................... 60
CDP - Cisco Discovery Protocol ............................................................................................................................. 60
LLDP - Link Layer Discovery Protocol .................................................................................................................. 61
PPP ................................................................................................................................................................................... 61
Troubleshooting PPP ............................................................................................................................................... 62
MLP .............................................................................................................................................................................. 62
PPPoE........................................................................................................................................................................... 63
GRE ................................................................................................................................................................................... 64
Troubleshooting GRE ............................................................................................................................................... 64
RIPv2 ................................................................................................................................................................................ 64
Troubleshooting RIPv2............................................................................................................................................ 65
EIGRP ............................................................................................................................................................................... 65
EIGRP with ipv6 ......................................................................................................................................................... 66
OSPF ................................................................................................................................................................................. 67
OSPF with ipv6 (OSPFv3) ........................................................................................................................................ 67
Troubleshooting OSPF............................................................................................................................................. 67
BGP................................................................................................................................................................................... 68
CLI ..................................................................................................................................................................................... 69
Default Behavior ....................................................................................................................................................... 69
Modes .......................................................................................................................................................................... 69
Filters ........................................................................................................................................................................... 69
Navigation .................................................................................................................................................................. 70
Packet Types .................................................................................................................................................................. 70
Ethernet Frame .......................................................................................................................................................... 70
IPv4 Header ................................................................................................................................................................ 71
TCP Segment.............................................................................................................................................................. 72
UDP Segment............................................................................................................................................................. 72
To Sort and Misc ........................................................................................................................................................... 73
IPv6 Configuration .............................................................................................................................................................. 73
Enabling IPv6 ............................................................................................................................................................... 73
IPv6 Routing: ............................................................................................................................................................... 73
MANAGING STATIC ROUTING FOR CISCO NETWORKING ...................................................................................... 74
5|Page
MANAGING ROUTING INFORMATION PROTOCOL FOR CISCO NETWORKING ........................................................... 74
MANAGING ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL FOR CISCO NETWORKING ............................. 75
MANAGING OPEN SHORTEST PATH FIRST FOR CISCO NETWORKING .................................................................... 75
VIEWING ROUTING INFORMATION FOR CISCO NETWORKING ............................................................................. 76
6|Page
Chapter Summary CCNA 1
8|Page
LANs and WANs
Local Area Networks
Spans across small geographical area
Interconnects end devices
Administrated by a single organization
Provide high speed bandwidth to internal devices
WAN Area Networks
Interconnects LAN
Administrated by multiple service providers
Provide slower speed links between LANS
Can you name more network types?
9|Page
Internet Connections
Internet Access Technologies
Internet Service Provider (ISP)
Broadband cable
Broadband Digital Subscriber Line (DSL)
Wireless WANs
Mobile Services
Business DSL
Leased Lines
Metro Ethernet
Types of Internet Connections
Home and Small Office
Business
1.3 The Network as a Platform
Converged Networks
Traditional Separate Networks
Each network with its own rules and
The Converging Network
Capable of delivering data, voice, and video over the same network infrastructure
10 | P a g e
Reliable Network
Four Basic Characteristics of Network Architecture
Fault Tolerance
Scalability
Quality of Service (QoS)
Security
11 | P a g e
Network Security
Security Threats
Viruses, worms, and Trojan horses
Spyware and adware
Zero-day attacks, also called zero-hour attacks
Hacker attacks
Denial of service attacks
Data interception and theft
Identity theft
Security Solutions
Antivirus and antispyware
Firewall filtering
Dedicated firewall systems
Access control lists (ACL)
Intrusion prevention systems (IPS)
Virtual Private Networks (VPNs)
Network Architecture
Cisco Network Architecture
Support technologies and applications
Ensure connectivity across any combination of networks
CCNA
A first step to a networking career
12 | P a g e
1.5 Chapter Summary
Summary
Explain how multiple networks are used in everyday life.
Describe the topologies and devices used in a small to medium-sized business network.
Explain the basic characteristics of a network that supports communication in a small to medium-sized business.
Explain trends in networking that will affect the use of networks in small to medium-sized businesses.
Section 1.1 New Terms and Commands
client
collaborative learning spaces
global communities
human network
network collaboration services
network of networks
peer-to-peer network
server
Intranet
leased lines
Local Area Network (LAN)
logical topology diagrams
medium
Metropolitan Area Network (MAN)
metro Ethernet
network access devices
network interface card (NIC)
network media
physical port, interface
13 | P a g e
Section 1.3 New Terms and Commands
availability
circuit switched networks
content security
converged network
data confidentiality
data integrity
delay
Denial of Service (DoS)
encrypting data
fault tolerance
hierarchical layered structure
intelligent information network
network architecture
network bandwidth
network congestion
network infrastructure security
packet loss
packet switched networks
packets
Quality of Service (QoS)
queue
redundancy
routing function
scalability
user authentication
video conferencing
virtual private networks (VPNs)
virtualization
viruses
wireless broadband service
wireless internet service provider (WISP)
wireless local area networks (WLAN)
worms
zero-day attacks
14 | P a g e
Chapter 2 – Sections & Objectives
2.1 IOS Bootcamp
Explain the purpose of Cisco IOS.
Explain how to access a Cisco IOS device for configuration purposes.
Explain how to navigate Cisco IOS to configure network devices.
Describe the command structure of Cisco IOS software.
2.2 Basic Device Configuration
Configure hostnames on a Cisco IOS device using the CLI.
Use Cisco IOS commands to limit access to device configurations.
Use IOS commands to save the running configuration.
15 | P a g e
Cisco IOS Access
Access Methods
Console
Auxiliar
Virtual Terminal (Telnet / SSH)
Terminal Emulation Programs
PuTTY
Tera Term
SecureCRT
16 | P a g e
The Command Structure
Basic IOS Command Structure
The general syntax for a command is the command followed by any appropriate keywords and arguments.
Keyword – a specific parameter defined in the operating system
Argument – not predefined; a value or variable defined by the user
IOS Command Syntax
Provides the pattern or format that must be used when entering a command.
The Cisco IOS Command Reference is the ultimate source of information for a particular IOS command.
IOS Help Feature
The IOS has two forms of help available: Context-Sensitive Help and Command Syntax Check.
Hotkeys and Shortcuts
Commands and keywords can be shortened to the minimum number of characters that identify a unique selection.
Line editing keyboard shortcuts such as Ctrl-A are also supported.
2.2 Basic Device Configuration
Hostnames
Device Names
Hostnames allow devices to be identified by network administrators over a network or the Internet.
Very important and should also be displayed in the topology.
Configure Hostnames
IOS hostnames should:
Start with a letter
Contain no spaces
End with letter or digit
Use only letters, digits or dashes
Be less than 64 characters in length
17 | P a g e
Save Configurations
Save the Running Configuration File
File stored in NVRAM that contains all of the commands that will be used upon startup or reboot
NVRAM does not lose its contents when the device is powered off.
Alter the Running Configuration
File stored in RAM that reflects the current configuration, modifying affects the operation of a Cisco device immediately.
RAM loses all of its content when the device is powered off or restarted.
Capture Configuration to a Text File
Configuration files can also be saved and archived to a text document.
The configuration can then be edited with any text editor and placed back in the device.
18 | P a g e
Configure IP Addressing
Manual IP Address Configuration for End Devices
To manually configure an IPv4 address on a Windows host, open the Control Panel > Network Sharing Center > Change
adapter settings and choose the adapter.
Next right-click and select Properties to display the Local Area Connection Properties shown in Figure 1.
Automatic IP Address Configuration for End Devices
DHCP enables automatic IPv4 address configuration for every end device that has DHCP enabled. No extra
configuration is needed.
Switch Virtual Interface Configuration
To configure an SVI on a switch, use the interface vlan 1 global configuration command. Vlan 1 is not an actual physical
interface but a virtual one.
Verifying Connectivity
Interface Addressing Verification
Cisco IOS supports commands to allow IP configuration verification.
19 | P a g e
2.4 Chapter Summary
Summary
Explain the features and functions of Cisco IOS Software.
Configure initial settings on a network device using the Cisco IOS software.
Given an IP addressing scheme, configure IP address parameters on end devices to provide end-to-end connectivity in a small
to medium-sized business network.
Section 2.1 New Terms and Commands
kernel
shell
Command-line interface (CLI)
Graphical user interface (GUI)
Cisco IOS
Firmware
Console
Out-of-band
SSH
Telnet
Auxiliary port (AUX)
PuTTY
Tera Term
SecureCRT
OS X Terminal
Cisco IOS modes
User EXEC mode
Privileged EXEC mode
Global Configuration Mode
Line configuration mode
Interface configuration mode
enable command
disable command
exit command
end command
Key combination – Ctrl+Z
Context-Sensitive Help
20 | P a g e
Section 2.3 New Terms and Commands
IPv4 address
Subnet mask
Default gateway
Physical ports
Virtual interface
Copper
Fiber Optics
Wireless
Ethernet
Local Area Network (LAN)
Layer 2 switch
Layer 3 addresses
Switch virtual interface (SVI)
21 | P a g e
Chapter 3 – Sections & Objectives
3.1 Rules of Communication
Describe the types of rules that are necessary to successfully communicate.
3.2 Network Protocols and Standards
Explain why protocols are necessary in communication.
Explain the purpose of adhering to a protocol suite.
Explain the role of standards organizations in establishing protocols for network interoperability.
Explain how the TCP/IP model and the OSI model are used to facilitate standardization in the communication process.
3.3 Data Transfer in the Network
Explain how data encapsulation allows data to be transported across the network.
Explain how local hosts access local resources on a network.
3.1 Rules of Communication
The Rules
Rule Establishment
Identified sender and receiver
Common language and grammar
Speed and timing of delivery
Confirmation or acknowledgment requirements
Message Encoding
Process of converting information into another acceptable form
Message Formatting and Encapsulation
Message Size
Message Timing
Access method
Flow control
Response timeout
Message Delivery Options
Unicast
Multicast
Broadcast
22 | P a g e
3.2 Network Protocols and Standards
Protocols
Rules that Govern Communications
Network Protocols
The role of protocols
How the message is formatted or structured
The process by which networking devices share information about pathways with other networks
How and when error and system messages are passed between devices
The setup and termination of data transfer sessions
Protocol Interaction
Example: web server and client
Protocol Suites
Protocol Suites and Industry Standards
TCP/IP is an open standard
Can you name other protocol suites?
TCP/IP Protocol Suites
Can you name some of the protocols from the TCP/IP protocol suite.
TCP/IP Communication Process
Can you describe the process?
23 | P a g e
Standard Organizations
Open Standards
Name some advantages of open standards
Internet Standards
Name a few standard organizations
Electronics and Communications Standards Organizations
Name a few organizations
Reference Models
The Benefits of Using a Layered Model
Name some benefits
The OSI Reference Model
Provides list of functions
Describes interactions between layers
OSI Model and TCP/IP Model Comparison
Similar: transport and network layers
Contrast: relationship between layers
24 | P a g e
3.3 Data Transfer in the Network
Data Encapsulation
Message Segmentation
Segmentation – Break communication into pieces
Multiplexing – interleaving the pieces
Protocol Data Units
What are PDUs called at each layer?
Encapsulation and de-encapsulation process
Data Access
Network Addresses
Source IP address
Destination IP address
Deliver the IP packet from the original source to the final destination, either on the same network or to a remote network.
Data Link Addresses
Source data link address
Destination data link address
Deliver the data link frame from one network interface card (NIC) to another NIC on the same network
Devices on the Same Network
Devices on a Remote Network
25 | P a g e
3.4 Chapter Summary
Summary
Explain how rules are used to facilitate communication.
Explain the role of protocols and standards organizations in facilitating interoperability in network communications.
Explain how devices on a LAN access resources in a small to medium-sized business network.
Section 3.1 New Terms and Commands
access method
acknowledgement
broadcast
decoder
encapsulation
encoder
flow control
message
message delivery options
message encoding
message formatting
message formatting and encapsulation
message size
message timing
multicast
protocols
receiver
response timeout
segmenting
transmission medium
transmitter
unacknowledged
unicast
26 | P a g e
Telecommunications Industry Association (TIA)
Transmission Control Protocol/IP (TCP/IP)
transport protocol
destination IP address
frame
Multiplexing
network address
packet
protocol data unit (PDU)
source IP address
source data link address
Segment
segmentation
27 | P a g e
Chapter 4 – Sections & Objectives
4.1 Physical Layer Protocols
Identify device connectivity options.
Describe the purpose and functions of the physical layer in the network.
Describe basic principles of the physical layer standards.
4.2 Network Media
Identify the basic characteristics of copper cabling.
Build a UTP cable used in Ethernet networks (scope – does not include cabling area discussion).
Describe fiber-optic cabling and its main advantages over other media.
Connect devices using wired and wireless media.
4.3 Data Link Layer Protocols
Describe the purpose and function of the data link layer in preparing communication for transmission on specific media.
4.4 Media Access Control
Compare the functions of logical topologies and physical topologies.
Describe the basic characteristics of media access control methods on WAN topologies.
Describe the basic characteristics of media access control methods on LAN topologies.
Describe the characteristics and functions of the data link frame.
4.1 Network Access
Physical Layer Protocols Physical Layer Connection
Types of Connections
28 | P a g e
Physical Layer Protocols Purpose of the Physical Layer
The Physical Layer
Accepts a complete frame from the data link layer
Encodes it as a series of signals that are transmitted onto the local media
Physical Layer Media
Describe the media types
Physical Layer Standards
29 | P a g e
UTP Cabling
Properties of UTP Cabling
Cancellation of EMI and RFI signals with twisted pairs
UTP Connectors
Types of UTP Cable
Rollover
Crossover
Straight-through
30 | P a g e
Fiber-Optic Cabling
Properties of Fiber-Optic Cabling
Transmits data over longer distances
Flexible, but thin strands of glass
Transmits with less attenuation
Immune to EMI and RFI
Fiber Media Cable Design
31 | P a g e
Wireless Media
Properties of Wireless Media
– Data communications using radio or microwave frequencies
Types of Wireless Media
– Wi-Fi, Bluetooth, WiMax
Wireless LAN
– Wireless Access Point
– Wireless NIC adapters
32 | P a g e
4.4 Media Access Control
Topologies
Controlling Access to the Media
WAN Topologies
Common Physical WAN Topologies
– Point-to-point– Hub and spoke
– Mesh
Physical Point-to-Point Topology
Logical Point-to-Point Topology
33 | P a g e
LAN Topologies
Physical LAN Topologies
Half and Full Duplex
Media Access Control Methods
Contention-Based Access
– CSMA/CD vs. CSMA/CA
Latency
Manchester encoding
Megabits per second (Mb/s)
Modulation
Network Interface Cards (NICs)
OSI Physical Layer
Signaling
Telecommunications Industry Association/Electronic Industries Association (TIA/EIA)
Throughput
Wireless
Wireless Local Network (WLAN)
35 | P a g e
Section 4.3 New Terms and Commands
American National Standards Institute (ANSI)
Data link layer (layer 2)
Ethernet interface
Frames
Institute of Electrical and Electronics Engineers (IEEE)
International Organization for Standardization (ISO)
International Telecommunication Union (ITU)
Logical Link Control (LLC)
Media Access Control (MAC)
Serial interface
Section 4.4 New Terms and Commands
802.11 frame
802.11 Wireless
Bus
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
Carrier Sense Multiple Access/Collision Detection (CSMA/CD)
Collision
Contention-based access
Control
Controlled access
Cyclic Redundancy Check (CRC) value
Data
Error Detection
Ethernet
Extended Star
Frame Check Sequence (FCS) Frame Relay
Frame Relay
Frame start and stop indicator flags
Full-Duplex Communications
Half-Duplex Communications
HDLC
Header
Hub and Spoke
Logical Point-to-Point Topology
Logical Topology
36 | P a g e
Chapter 5 – Sections & Objectives
5.1 Ethernet Protocol
Explain how the Ethernet sublayers are related to the frame fields.
Describe the Ethernet MAC address.
5.2 LAN Switches
Explain how a switch operates.
Explain how a switch builds its MAC address table and forwards frames.
Describe switch forwarding methods.
Describe the types of port settings available for Layer 2 switches.
5.3 Address Resolution Protocol
Compare the roles of the MAC address and the IP address.
Describe the purpose of ARP.
Explain how ARP requests impact network and host performance.
5.1 Ethernet Protocol
Ethernet Frame
Ethernet Encapsulation
Ethernet operates in the data link layer and the physical layer.
Ethernet supports data bandwidths from 10Mbps through 100Gbps.
Ethernet standards define both the Layer 2 protocols and the Layer 1 technologies.
MAC Sublayer
MAC constitutes the lower sublayer of the data link layer.
Responsible for Data encapsulation and Media access control.
Ethernet Evolution
Ethernet has been evolving since its creation in 1973.
The Ethernet frame structure adds headers and trailers around the Layer 3 PDU to encapsulate the message being
sent.
Ethernet Frame Fields
The minimum Ethernet frame size is 64 bytes and the maximum is 1518 bytes.
Frame smaller than the minimum or greater than the maximum are dropped.
Dropped frames are likely to be the result of collisions or other unwanted signals and are therefore considered invalid.
37 | P a g e
Ethernet MAC Addresses
MAC Addresses and Hexadecimal
38 | P a g e
Switch Forwarding Methods
Frame Forwarding Methods on Cisco Switches
Store-And-Forward
Cut-Through
Cut-Through Switching
Fast-forward switching
Lowest level of latency immediately forwards a packet after reading the destination address.
Typical cut-through method of switching.
Fragment-free switching
Switch stores the first 64 bytes of the frame before forwarding.
Most network errors and collisions occur during the first 64 bytes.
Memory Buffering on Switches
Port-based memory
Share memory
39 | P a g e
ARP
Introduction to ARP
ARP allows the source to request the MAC address of the destination.
The request is based upon the layer 3 address of the destination (known by the source).
ARP Functions
Resolving IPv4 addresses to MAC addresses
Maintaining a table of mappings
ARP uses ARP Request and ARP Reply to perform its functions.
Removing Entries from an ARP Table
Entries are removed from the device’s ARP table when its cache timer expires.
Cache timers are OS dependent.
ARP entries can be manually removed via commands.
ARP Tables
On IOS: show ip arp
On Windows PCs: arp -a
ARP Issues
ARP Broadcasts
– ARP requests can flood the local segment.
ARP Spoofing
– Attackers can respond to requests and pretend to be providers of services. Example: default gateway
40 | P a g e
5.4 Chapter Summary
Chapter Summary Summary
Explain the operation of Ethernet.
Explain how a switch operates.
Explain how the address resolution protocol enables communication on a network.
Section 5.1 New Terms and Commands
IEEE 802.2
IEEE 802.3
LLC Sublayer
MAC Sublayer
Data Encapsulation
Frame Delimiting
Cyclic Redundancy Check
Carrier Sense Multiple Access (CSMA)
Ethernet II
Frame Check Sequence (FCS)
Preamble
EtherType
Runt
Collision Fragment
Jumbo
Baby Giant Frame
Hexadecimal
Organizationally Unique Identifier (OUI)
Half-duplex
Full-duplex
Auto-MDIX
Address Resolution Protocol (ARP)
41 | P a g e
Commands
Configure basic Networking
Command Description
(config-if)# ipv6 address 2001:41d0:8:e115::/64 eui-64 Add IPv6 address based on MAC to interface.
(config-if)# ipv6 address autoconfig [default] Get IPv6 address [and default route] via autoconfig
(config-if)# ip dhcp client client-id asccii SW2 Set hostname transmitted as dhcp client to SW2
(config-if)# [no] shutdown En- or Disable interface. Often shutdown is the default.
(config)# ip route 10.20.30.0 255.255.255.0 {1.2.3.4,e0/0} [ad] Add static route via next hop or interface
(config)# ipv6 route 2001:41d0:8:e115::/64 [g1/1] [next hop] You can also set both. TODO: Why would you?
(config)# ip host the-space.agency 178.32.222.21 Create a static host entry on this device.
42 | P a g e
Troubleshoot basic Networking
Command Description
# show interfaces [if-name] Show interfaces mac, bandwidth, mtu, packet stats...
# show ip[v6] route [static] Show routes and how they were learned.
# show ip[v6] interface brief [if-name] Only show ip, status and operational status
# show protocols [if-name] Much like show ip int brief, w/ cidr, w/o ok/method
# clear mac address-table [dynamic] Clear the dynamically learned mac address table entries.
# show control-plane host open-ports netstat -tulpn on this cisco device, basically
43 | P a g e
Troubleshoot networks with SPAN
Command Description
(config)# monitor session 23 source interface g1/1 {rx,tx,both} Define SPAN #23 input as g1/1
(config)# monitor session 23 destination interface g1/2 Define SPAN #23 output as g1/2
Port Security
Command Description
(config-if)# switchport port-security mac-address 1234.5678.9abc Manually allow a MAC on this port.
(config-if)# switchport port-security mac-address sticky Allow learning of connected macs until mac reached.
(config-if)# switchport port-security violation shutdown Shutdown port when other device gets connected.
(config)# errdisable recovery cause psecure-violation Reenable if automatically after problem is fixed.
(config)# errdisable recovery interval 42 Recheck every 42 seconds. (min 30, default 300)
44 | P a g e
Troubleshooting Port Security
Command Description
# show port-security [interface g1/1] port status, violation mode, max/total MACs,...
Configure vlans
Note: Even when a switch port is changed from access to trunk, its access vlan is maintained in the config. When automatic trunk negotiation fails (e.g.
because I unplug a link between to switches and put it into my laptop) the configured access vlan becomes active once again and I might be able to
reach network parts I'm not supposed to. Always disable DTP / trunk auto negotiation.
Command Description
(config)# [no] vlan 23 [delete vlan or] create vlan and enter config-vlan mode
(config-if)# switchport mode access Make frames out this port untagged
(config-if)# switchport mode trunk Make frames out this port tagged by default
(config-if)# switchport trunk encapsulation dot1q Sometimes the default is ciscos old isl.
(config-if)# switchport trunk native vlan 256 Except for vlan 256, which is still untagged.
45 | P a g e
Layer3 Switch Vlan Config
Command Description
(config-if)# int g
Command Description
(config-subif)# encapsulation dot1q 10 enable ieee 802.1Q vlan tagging with vlan 10 on the subinterface
Command Description
# show vlan [{id 23, name TelephoneSanitizer}] [brief] Show vlan settings for all switch ports
# show run interface vlan 1 Quick way to search the running config.
46 | P a g e
Command Description
# show dtp interface g1/1 Show current DTP mode for g1/1
VTP
Command Description
Troubleshoot VTP
Command Description
show vtp status show vtp domain, pruning, mode and more
STP
Command Description
(config)# spanning-tree vlan 1 root {primary, secondary} Make this device the primary/secondary root bridge.
(config)# spanning-tree portfast bpduguard default Enable bpdu guard for all portfast enable interfaces
(config)# spanning-tree portfast default Enable portfast for all non-trunk interfaces
47 | P a g e
Troubleshoot STP
Command Description
# show spanning-tree [vlan 1] Who's the root and how do I get there?
Command Description
(config)# interface range g1/1 - 2 configure g1/1 and g1/2 at the same time
(config-if-range)# channel-group 1 mode {on, active, passive} Add both interfaces to etherchanenl 1
(config-if)# switchport trunk allowed vlan 10,20,30 Add tagged vlans 10,20,30 on ethercahnnel 1
Command Description
# show interface port-channel 1 Has the combined bandwidth and members as extra info.
48 | P a g e
TODO: Configure a Serial
ACLs
Command Description
(config)# access-list 23 permit 1.2.3.4 [0.0.255.255] Create ACL #23 or append a rule to ACL #23, allow 1.2.x.x
(config)# ip[v6] access-list resequence local_only 5 10 Renumber ACL Rules, put first on #5, increment by 10.
(config)# ip access-list {standard, extended} 23 Create ACL and/or enter config mode for ACL #23
(config)# ip access-list {standard, extended} local_only Create ACL and/or enter config mode for ACL 'local_only'
49 | P a g e
Interface ACLs
Command Description
(config-if)# ip access-group 23 out Apply ACL #23 to outgoing packets, not send by the router
(config-if)# ip access-group local_only in Overwrite the used ACL, only one ACL per if + proto + direction!
# show ip interface g1/1 | incl access list Show ACLs on g1/1 (When none set shows not set for v4 and nothing for v6)
Troubleshooting ACLs
Command Description
# show access-list 10 Display all rules in ACL #10 and how often they matched.
NAT
Termin Definition
inside local
inside global
outside global
outside local
Command Description
50 | P a g e
Command Description
(config-if)# ip nat outside Packets going out, need to change their src, incoming their dest ip.
(config-if)# ip nat inside Packets going out, need to change their dest, incoming their src ip.
SNAT
Command Description
(config)# ip nat inside source static 10.10.23.2 1.2.3.5 SNAT - statically map an internal ip 1:1 to an external ip.
DNAT
Command Description
(config)# ip nat pool POOL 1.2.3.5 1.2.3.10 netmask 255.255.255.240 Create an IP Address Pool for NATing
(config)# ip nat inside source list 42 pool POOL DNAT IPs matching ACL #42 1:1 with IPs from nat pool 'POOL'.
PAT
The overload keyword means, that one or a couple of external IPs are to be used for multiple internal IPs. Higher level information like connection port
numbers are used to identify the correct internal destination for incoming packets. Cisco calls this PAT, while this is what your average joes home router
would call NAT.
Command Description
(config)# ip nat inside source list 10 interface g1/1 overload PAT IPs matching ACL #10 many:1 with g1/1s public IP
51 | P a g e
Troubleshooting NAT
Command Description
# show ip nat statistics Show translations are actually used and interfaces are marked in/out correctly.
# clear ip nat translation {ip, *} Clear dynamic translations. Doesn't mess with SNAT!
Is the ACL correct? Is there a route to the address? Note: NAT Table entries are kept for 24h after the last use by default.
DHCP Server
Command Description
(config)# ip dhcp excluded-address 10.30.4.1 10.30.4.100 Don't distribute these IPs in leases
(config)# ip dhcp pool PCs Creat and/or enter dhcp config for pool 'PCs'
(config)# int g1/1 Enter interface config mode on client facing interface
52 | P a g e
Troubleshooting DHCP
Command Description
HSRP
Command Description
(config-if)# standby [group-number] preempt (optional) Preempt other routers when this router becomes active
Troubleshooting HSRP
Command Description
# show standby HSRP Groups, their VIPs, state, active router, standby router, preemption.
53 | P a g e
SLAs
Command Description
(config)# ip sla 23 Create ip sla test #23 and enter its config mode.
(config)# ip sla schedule 23 life {forever, seconds} start-time now Start test #23 now and until manually stopped.
Troubleshooting SLAs
Command Description
Device Management
Command Description
# copy flash0: tftp: Copy something from flash to tftp. Wizard asks for details. Works both ways.
54 | P a g e
Command Description
# show version ios, bootloader and hardware infos, uptime, configuration register
# show {running,startup}-config
Firmware Management
Command Description
(config)# config-register 0x2342 Set the 16bit Configuration Register value used after reboot.
License Management
Command Description
55 | P a g e
Command Description
(config)# no license boot module technology-package disable Remove the no longer needed line from the config.
# show license udi product id and serial number needed to order licenses
Reset Password
Command Description
> confreq 0x2142 Set the configuration register in rom monitor to not load startup-conf
# save
56 | P a g e
Telnet / Console
Command Description
(config)# banner login "Insert snarky banner." Make sure to include legal terms to sound smart.
(config)# line vty 0 4 Enter config mode for vty 0 to 4 (up to 15 allowed).
(config)# line console 0 Enter config mode for the console port
(config-line)# access-class 10 in Set ACL to limit inbound IPs allowed to access vty
(config-line)# access-class 42 in Overwrite the used ACL, only one ACL per vty + direction!
(config-line)# login local Require login on telnet/console connection via local users.
(config)# username h.acker secret C1sco123 Create local user with encrypted password.
SSH
Command Description
(config)# crypto key generate rsa modulus 2048 Generate keys like it's 1995! Potentially takes forever.
57 | P a g e
Command Description
Clock
Command Description
Command Description
(config)# no ip http server Stop the http server (but not https).
# auto secure
58 | P a g e
Radius
Command Description
(config)# aaa authentication login group local Allow that group and local users in.
TACACS+
Command Description
(config-server-tacacs)# [port ]
(config-server-tacacs)# key
(config)# aaa authentication login group local Allow that group and local users in.
59 | P a g e
Syslog
Command Description
# logging trap informational Only log messages with min. informational sev.
service sequence-number | Needed for seqence number in syslog messages service time stamps log [datetime, log] | Needed for date and time in syslog
messages
Command Description
SNMP
Command Description
Command Description
Command Description
# [no] cdp run Enables cdp globaly and on all interfaces (default)
60 | P a g e
Command Description
# show cdp neighbors [detail] List connected cisco devices (name, local/remote port, [ip] ..)
Command Description
PPP
Command Description
(config)# username fnord password pass Create users for pap auth.
(config-if)# bandwidth 125 Logical speed used for routing cost calc, RSVP...
(config-if)# ppp pap sent-username fnord password pass Authenticate to remote pap
(config)# hostname routy1 Required for CHAP, used as chap client username
(config)# username routy2 password foobar Create users for chap auth for routy2
61 | P a g e
Command Description
(config-if)# no ppp pap sent-username fnord password pass Remove in favor of chap
Note: When routy1 connects to routy2 it looks in it's local user database for a user named routy2 and uses that users password. This means the
passwords have to be the same on both sides and the usernames must be the other sides hostname.
Troubleshooting PPP
Command Description
# show ppp all session state, auth type, peer ip and name
MLP
Command Description
(conifg-if)# ppp multilink group 23 Make phys ifs with mlp #23 join.
62 | P a g e
Command Description
Troubleshooting MLP
Command Description
PPPoE
Command Description
(config-if)# dialer pool 23 The dialer interface is a member of one dialer pool...
(config-if)# no ip address
(config-if)# pppoe-client dial-pool-number 23 ... the pool is a group of one or more physical interfaces.
Troubleshooting PPPoE
Command Description
# show ip interface brief is the dialer if up? Does the dialer have an IP via IPCP?
63 | P a g e
GRE
Note: We can run OSPF and other routing protocols through this gre tunnel, as gre supports multicast.
Command Description
Troubleshooting GRE
Command Description
# show ip interface brief tunnel23 Line hould be up, given a route to the destination.
RIPv2
Command Description
(config)# router rip Enable RIP and enter it's config mode
64 | P a g e
Command Description
(config-router)# passive-interface g1/1 Don't send RIP updates out this interface
Troubleshooting RIPv2
Command Description
# show ip rip database Routes learned by rip, used to combile the routing table
EIGRP
Note: The network command enables any interface with an ip in that net to send and receive EIGRP updates. Also it enables routes to this nets to start
beeing advertised.
Command Description
65 | P a g e
Command Description
(config-router)# [no] passive-interface g1/2 Disable EIGRP here. Ignore incoming pkgs.
# show ip[v6] eigrp neighbors Neighbor addr, if, hold time, uptime, queued pkgs
# show ip[v6] eigrp interfaces [if-name] If, Number of peers, pending routes, queued pkgs
# show ip[v6] route [eigrp] Routes starting with D were learned via EIGRP
Command Description
(config-if)# [no] ipv6 eigrp 23 Enable eigrp with ipv6 for as #23 on this if.
66 | P a g e
OSPF
Command Description
(config-router)# router-id 1.2.3.4 Defaults to highest IPv4 on lo, then other ifs.
(config-router)# network 10.20.30.0 0.0.0.255 area 0 enable interfaces for ospf with matching IPs
(config-router)# (no) passive-interface g1/1 Stop in- and egress ospf hello packets.
default-information orginate (always) auto-cost reference bandwidth <refbw in Mb/s> | (config-if)# ip ospf cost 23 | overwrite if cost to 23 bandwidth |
interface bandwidth
Command Description
The networks command does not exist, non mentioned commands are the same.
Troubleshooting OSPF
Command Description
67 | P a g e
Command Description
# show ipv6 ospf reference bandwidth, router id, networks, interface per area
# show ip(v6) ospf neighbor neighbor IDs, IPs and via interface.
# show ip(v6) ospf interface g1/1 ospf related infos for g1/1, passive?
# show ip(v6) route (ospf) ospf routes are marked O, show route ad and cost
BGP
Note: In other routing protocols the network statement is used to determin the interfaces over which the protocol should talk to its neighbors. In BGP it
indicates only which routes should be advertised to the BGP neighbors. The network needs to match an exact route in the routing table or it will still not
be announced.
Command Description
Command Description
# show ip bgp summary neighbors IPs, ASs and session states, bgp version
# show ip bgp neighbors [peer-ip] tcp sessions and timers, bgp parameters
68 | P a g e
CLI
Default Behavior
Here I'll collect crazy default behaviors and how to fix them, I guess..
Command Description
Modes
Filters
Name Function
begin interface Show remaining config starting with the first line containing 'interface'
69 | P a g e
Navigation
Sequence Function
Tab Autocompletion
Packet Types
Ethernet Frame
802.1Q tag (optional) 4 bytes Optional vlan tag. Starts with 0x8100 to mark 802.1Q mode in type location.
70 | P a g e
Field Field Length Description
Type or Length 2 bytes Layer three type OR length if smaler then 1536 bytes.
IPv4 Header
71 | P a g e
TCP Segment
Control Flags like SYN, ACK, FIN, RST and Flags for
Flags 9 bits
congestion controll.
Data variable
UDP Segment
72 | P a g e
Field Field Length Description
Data variable
| # disconnect | Disconnect background telnet session | telnet 1.2.3.4 23 | ssh -l h.acker 1.2.3.4 | (config-if)# duplex {full, auto} | Set duplex mode or set it
to autonegotiation. (config-if)# speed {100, auto} | Set speed or set it to autonegotiation.
IPv6 Configuration
Enabling IPv6
Initialize IPv6
# conf t
(config)# ipv6 unicast-routing
Configure an andress on an interface
IPv6 Routing:
Static Route
(config)# ipv6 route [ipv6 prefix]/[prefix length] [next hop ipv6 address]
Default IPv6 static route
(configure-rtr)# no shutdown
73 | P a g e
MANAGING STATIC ROUTING FOR CISCO NETWORKING
When working with your routers on your Cisco network, it’s very likely that you’ll want to have your routers
route data. The first step in having your router pass data from one interface to another interface is to
Router1>enable
Router1#configure terminal
Router1(config)#ip routing
Whether or not you choose to use a dynamic routing protocol, you may add static routes to your router. The
following will add a static route to Router1 to send data to the 192.168.5.0/24 network using the router with
Router1>enable
Router1#configure terminal
Router1(config)#ip routing
Routing Information Protocol (RIP) is widely used, with version 2 allowing you to use Variable Length Subnet
Masks (VLSM) across your network. The following code will enable routing, enable RIP, set RIP to version 2,
disable route summarization, defines the distributed network from this router as 192.168.5.0/24, and rather
Router2>enable
Router2#configure terminal
Router2(config)#ip routing
Router2(config)#router rip
Router2(config-router)#version 2
Router2(config-router)#no auto-summary
Router1(config-router)#network 192.168.5.0
Router2(config-router)#neighbor 192.168.1.1
74 | P a g e
MANAGING ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL FOR CISCO NETWORKING
Enhanced Interior Gateway Routing Protocol (EIGRP) is the updated version of IGRP. The following code will
enable EIGRP using an autonomous-system (AS) number of 100, distribute two networks and disables auto
summary.
Router2>enable
Router2#configure terminal
Router2(config)#ip routing
Router2(config-router)#network 192.168.1.0
Router2(config-router)#network 192.168.5.0
Router2(config-router)#no auto-summary
Open Shortest Path First (OSPF) is a link state protocol which is widely used. OSPF uses the address of the
loopback interface as the OSPF identifier, so this example will set the address of the loopback interface,
then enable OSPF with a process ID of 100, and distributing a network of 192.168.255.254 and a network of
192.168. 5.0/24
Router2>enable
Router2#configure terminal
Router2(config)#interface loopback 0
Router2(config-if)#exit
75 | P a g e
VIEWING ROUTING INFORMATION FOR CISCO NETWORKING
After setting up any routing protocol that you want to implement – RIP, OSPF, or EIGRP – you can view all of
your routing information through the ip route command. The following is an example of the output of this
command. The output includes a legend showing the codes for each routing protocol, and the specific routes
Router2>enable
Password:
Router2#show ip route
76 | P a g e