Sunteți pe pagina 1din 56

Cheat Sheet for Cisco Certified Network Associate Study Guide to Exam 640-507 (2nd Ed.

) originally by Todd Lammle, published by Sybex; condensed May 2001 by Girishmon with gratitude to Shankar The best way to study something is to regurgitate it in ones own words. When I studied CCNA, I wrote this thing. I reduced 700 pages to a fourteen-page booklet so I could carry it around, reviewing everywhere I went. This document is color-coded, with all the IOS commands in violet arial narrow, for example. As I realize the minimal benefits of color when one prints on black and white laser printers, Ive tried to be sensible about my choices. I still suggest you print it in color, if possible. (Word Viewer wrongly italicizes my commands.) In each chapter, Todd Lammle lists key terms with which you should be familiar before the exam. I havent tried to define every term but I have written them in blue, underlined in squiggles, so look at each and ask, Can I define this? An easier color code to spot is my grey shading. This indicates stuff Lammle, instructors, and some unreliable friends have told me is not likely to be on the exam. Reading it might help your understanding but dont sweat memorizing it. Wiggly red lines to either side show text Ive been strongly warned to study. Im more careful than Lammle to show correct prompts I didnt want to waste space repeating config t and int s0 so its up to you to notice the mode were in. I try to avoid repeating myself, so you might have to read the whole booklet to find a definition you need. When I introduce terms, I often show them in bold face type (but, then, I use bold face type for a lot of things). To save space, I use the following conventions: - I refer to OSI layers as L2, L3, &c., instead of data-link and network. - When I bother to show IOS prompts, I leave off the router names. - I shorten bandwidth to BW, virtual circuit to VC, configuration file to CF, &c. - The proper Latin plural of status is stati but I sometimes say stats. - Et cetera (or etc., meaning and so forth) can also be written &c. Ive borrowed from other sources, too, because I want as much of the exam here as possible. Ive tried to make it all self-evident. This booklet, alone, might be enough to pass the exam (everything on my exam is here) but that wasnt my goal. Although Lammles $140 book isnt perfect (his Frame Relay stuff has several errors and omissions, for example, and the CD-ROMs are full of mistakes) but you should still buy it and the network simulator software that comes with it. My exam was 75 minutes & 65 questions. Different exams have different passing scores, so your final score is MEANINGLESS. Buona Fortuna! Ciscoly Yours, R.S. Contents: [Note: IV router configuration basics (pg VIII IPX (pg 10) Chapters II & VI are 7) paired.] I LANs, OSI model, V IP routing, RIP, IGRP (pg 8) IX access lists (pg 11) Cisco model (pg 1)

II switches, Spanning VI VLANs, tagging, VLAN Tree Protocol (pg 5) Trunk Protocol (pg 5) III IP subnetting (pg 6) VII boot-up & connectivity tools (pg 9)

CHA PTE R I INTERNETWORKING and the OPEN SYSTEMS INTERCONNECTION MODEL or Please Do Not Throw Sausage Pizza Around. (5-7 questions on the OSI model; an unknown number on general networking) This chart summarizes the ISO Open Systems Interconnection model, laid out in more detail hereafter. A layered model reduces complexity, permits the use of standard interfaces, lets engineers make modular changes, lets different technologies inter-operate, accelerates evolution, and is easier to learn. Although all seven layers could be on the exam, theyre not equally critical: You can answer the basic OSI layer questions by knowing enough to tell them apart. The real reason to study layers 2 and 3, where switches and routers work, and L4, where many big protocols appear, is these descriptions form the foundation for much of the exam. If you dont grasp the L2 L4 details of this chapter well enough to write them out from memory, youre toast.

X WANS, HDLC, PPP Frame Relay, ISDN (pg 12) Appendix B the Catalyst 1900 switch (pg 14)

layer L1 L2 L3 L4 L5 L6 L7 mnemonic Please Do Not Throw Sausage Pizza Around! Physical DataNetwork Transport Session Presentation Application name Link Destinatio Navigates Truckers & Split-Second Pasting Parts & n Drop- the Teamsters Sequencing Pieces into functional boxes & National Proper Products mnemonic Doorsteps hiway Network blasts nails wraps chops data Protocol frames packets segments into segments data Data Unit into bits into into (PDU) frames packets a a mailman a navigator a loading a dispatcher a newspaper a corporate This layer conveyor finding a finding a dock worker (or talk show editor compiling executive is belt mailbox town boxing a host) documents issuing analogous shipment sequencing instructions to... tasks The Big sending hardware logical packing & timing file formats giving orders Picture: and addressing (network) shipping Its all receiving addressing about... bits physical framing routing end-to-end dialog control encryption, assorted key topology connections compression, application concepts translation functions puts bits frames routes provides flow opens / closes demands main on the data for between control sessions transfers; IDs network wire local networks partners; final operations network error resolution This layer hardware network ports / sockets filters (physical) addresses /

PDUs using devices

addresses protocol #s hubs switches routers gateways

The CISCO 3-LAYER where-you-should-spend-your-money MODEL CORE LAYER - speed is critical - can affect all users - should be fault-tolerant and reliable - no filtering, security slowdowns, or inter-VLAN routing - no workgroup access - could use FDDI, fast (100Mb) Ethernet, gigabit (1000Mb) Ethernet, or ATM - when improvements are necessary, upgrade; dont expand DISTRIBUTION LAYER - routing - inter-VLAN routing - WAN access - gatekeeper to the core layer - determines how best to handle requests - security, filtering, firewalls - queuing (print jobs, &c.) - transitions between routing protocols (including static routing) - definition of broadcast/multicast domains ACCESS LAYER - a.k.a. the desktop layer - more specific security - segmenting for more collision domains - connectivity to distribution layer via 100Mbps links - Dial on Demand Routing (DDR) - Ethernet switching - static routing - connect 10Mbps switches to workstations; 100Mbps switches to servers

THE UPPER LAYERS: COMMAND & CONTROL Application Layer L7* DATA STREAMS (MESSAGES) * It's all about GIVING ORDERS; the corporate executive; what you see on the screen; interaction with the user; interaction between programs; communications launching. The highest level of the model. It defines the manner in which applications interact with the network, including database management, e-mail, and terminal-emulation programs. KEY CONCEPTS: file, print, message, database, and application services NETWORK OPERATIONS PERFORMED: - determining availability of communication partners and network resources

- coordinating partnerships between multiple applications - ultimate authority over data integrity and error recovery PROTOCOLS (network applications) FOUND AT THIS LAYER: - FTP (TCP - port 21) - File Transfer Protocol full-featured, secure file management - Telnet (UDP - port 23) - terminal emulator program; uses L3 IP and L4 TCP - SMTP (TCP - port 25) - Simple Mail Transfer Protocol e-mail sending - DNS (UDP - port 53) - Domain Name Service English-to-IP translation - HTTP (TCP - port 80) -HyperText Transfer Protocol World Wide Web browsing - POP3 (TCP) - Post Office Protocol e-mail receiving - X.400 - alternative e-mail management - NNTP - Network News Transfer Protocol newsgroup post management - TFTP (UDP) - Trivial File Transfer Protocol stripped-down file transfers - SNMP (TCP) - Simple Network Management Protocol (Are you O.K?) - IRC (TCP) Internet Relay Chat keyboard chat program - EDI - 'Electronic Data Interchange' for e-commerce transactions Presentation Layer Pasting Parts & Pieces into Proper Products * DATA STREAMS * L6It's all about FILE FORMATS; the newspaper editor; data on the hard disk; presentation of data to the programs in binary format. Defines the way in which data is formatted, presented, converted, and encoded. KEY CONCEPTS: - encryption - compression - translation between file formats (MIDI, MPEG, PICT, TIFF, JPEG, ASCII, EBCDIC, &c.) Session Layer Split-Second Sequencing L5* DATA STREAMS * It's all about TIMING; the dispatcher / talk show host; organizes and directs communication sessions; keeps data separate for different applications. Coordinates communications and maintains the session for as long as it is needed, performing security, logging, and administrative functions. Manages simplex, half-duplex, and full-duplex modes. KEY CONCEPT: dialog control NETWORK OPERATIONS PERFORMED: - opening, maintenance, and closure of sessions between devices / applications - managing simplex, half-, and full-duplex modes - keeping data separate for different applications PROTOCOLS (for manipulating remote systems) FOUND AT THIS LAYER: - NFS - Network File System sharing between different file systems - SQL - Structured Query Language database sorting - RPC - Remote Procedure Call for running a process on another machine - ASP - AppleTalk Session Protocol - X Window - remote UNIX GUI emulator - NetBIOS - API giving programs consistent set of tools to call for network functions - NetBEUI - file sharing device driver for tiny Microsoft LANs (not routable)

THE MIDDLE LAYERS: SHIPPING & RECEIVING Transport Layer Truckers & Teamsters L4* chops data into SEGMENTS * It's all about PACKING & SHIPPING (either reliable TCP/SPX or unreliable UDP/IPX); the loading dock worker; data chopper & reassembler; creates and reads segments; asks, Which port (which pipeline) do we stuff this into? Did the packets get where they should? What belongs in this pipe? Defines protocols for structuring messages and supervises the validity of the transmission by performing some error checking. KEY CONCEPT: end-to-end connection NETWORK OPERATIONS PERFORMED: - data segmentation and reassembly; multiplexing several streams onto one link - acknowledging packet receipt during connection-oriented transfers - re-sequencing of received packets following connectionless transfers - flow control (buffering, source-quench messages, & windowing) - error checking & correction by counting segments & requesting retransmissions - managing virtual circuits DISCRIMINATES BY: - application port / socket numbers, by which a segment identifies which upper-layer protocol will use its data (e.g. firewall filtering) PROTOCOLS (delivery control methods) FOUND AT THIS LAYER: - TCP - Transmission Control Protocol reliable delivery boy creating connection-oriented links - UDP - User Datagram Protocol unreliable delivery boy using connectionless transfers - SPX - Sequenced Packet eXchange connection management tools added to IPX for reliable, connectionoriented communication TECHNOLOGIES: - gateways There are 65,535 application ports in both TCP and UDP flavors. (Most applications, however, only use one flavor or the other.) Here are a few ports: TCP 6 L2TP 11 5 echo 7 NNTP (TCP) 11 9 UDP 17 NTP 12 3 FTP (TCP) data 20 NetBIOS file share (UDP) 13 7 NetBIOS file

FTP control

21

(TCP) Telnet (UDP) SMTP (TCP) 23

share (UDP) NetBIOS share (TCP) news file

13 8 13 9 14 4

25

DNS (UDP)

53

SNMP 16 1

TFTP (UDP)

69

SNMP trap 16 2 -----------------------------------------NetWare IP 39 6 HTTPS (TCP) 44 3 RIP (UDP) 52 0 Doom (yes, the game) 66 6

finger HTTP (TCP)

79 80

POP2 (TCP)

109

POP3 (TCP)

110

identification (TCP)

113

Ports below 1024 are called the well known ports and are assigned by the Internet Assigned Numbers Authority (IANA). Of these, the ones from 1 to 254 are used by public applications and the ones from 255 to 1023 are used by proprietary (saleable) applications. Ports 1024 and above are used as needed for addressing by the upper-layers or TCP during sessions. Some examples: WINS - 1512 ICQ (UDP) - 4000 IRC (TCP) - 6660-6669, specifically 6667 [also: 7000, et seq. for very large chat servers] ConSeal VPN (TCP) - 4995-4997 Network Layer Navigates the National Highway Network * wraps segments into PACKETS (data L3or route update) or DATAGRAMS * It's all about LOGICAL ADDRESSING; the long-haul navigator finding a town; How do we get to that network from here? Defines protocols for data routing to ensure that the information arrives at the correct destination node and manages communications errors. KEY CONCEPT: routing

NETWORK OPERATIONS PERFORMED: - logical / network identification - routing / network navigation - breaking up broadcast domains DISCRIMINATES BY: - network (IP, IPX) addresses - protocol numbers in IP packets identifying which L4 protocol the data is for PROTOCOLS (for routing and navigation) FOUND AT THIS LAYER: - IP - Internet Protocol connectionless network addressing and routing - IPX - Internetwork Packet eXchange unreliable delivery boy using connectionless transfers, NetWare's alternative to TCP/IP - AppleTalk - X.25 - enables DTE use over DCE networks; precursor to Frame Relay - ARP -Address Resolution Protocol (What's the MAC address for this IP address?) - RARP -Reverse Address Resolution Protocol (I am diskless workstation XXX; What is my IP address?) - BootP - Bootstrap Protocol (I am diskless workstation YYY; What is my IP address and what should I do first?) - DHCP - Dynamic Host Configuration Protocol (Im new here; what is ALL my IP information?) - ICMP - Internet Control-Message Protocol error-reporting, supporting: PING - Packet Internetwork Groper connectivity detector TraceRoute - traces packet paths using ICMP timeouts delivery of operational messages such as Destination Unreachable, Buffer Full, and Maximum Hop Count Reached - RIP - Routing Information Protocol routing scheme - IGRP - Interior Gateway Routing Protocol routing scheme for large, heterogeneous networks - OSPF - Open, Shortest Path First routing scheme - EIGRP - Enhanced Interior Gateway Protocol routing scheme - BGP - Border Gateway Protocol routing scheme - IGMP - Internet Group Management Protocol membership manager for multicast groups - RSVP - Resource reSerVation Protocol bandwidth reserver TECHNOLOGIES: - routers (slower, software-based) - layer 3 switches (faster, ASIC hardware-based)

THE LOWER LAYERS: HARDWARE MANAGEMENT Data-Link Layer Destination Drop-Boxes & Doorsteps * nails packets into FRAMES or CELLS * L2It's all about HARDWARE ADDRESSING; the mailman finding a mailbox; Where, exactly, is this going? When, exactly, does it go? Validates the integrity of the flow of data from one node to another by synchronizing blocks of data and controlling the flow of data. KEY CONCEPT: framing NETWORK OPERATIONS PERFORMED:

- physical / hardware / MAC identification - framing data for transmission onto the local network segment - breaking up collision domains - CRC (Cyclic Redundancy Check) error notification (not correction) DISCRIMINATES BY: - hardware (MAC) addresses PROTOCOLS (for transmission) FOUND AT THIS LAYER: - 802.2 - defines connection-oriented & connectionless operations; L2 framing - PPP - Point-to-Point Protocol fake Ethernet over modem or serial link - HDLC - High-level Data Link Control (generic or Cisco) error correction - CDP - Cisco Discovery Protocol investigation of neighbor devices - SNAP - SubNetwork Architecture Protocol data transfer, connection management, and QoS - L2TP - Layer 2 Tunneling Protocol frame disguising TECHNOLOGIES: - switches (fast, application-specific integrated circuit (ASIC) hardware-based) - bridges (slower, software-based) - modems - ISDN clouds - Ethernet frames - IPX frames (four varieties: Ethernet_II, 802.3, 802.2, & SNAP) - Frame Relay frames (two varieties: Cisco & IETF) - Token Ring frames - ATM (Asynchronous Transfer Mode) standard for cell-switched WANS - DSL modems - cable modems The TWO SUBLAYERS and THEIR SPECIFIC JOBS: L2aLogical Link Control (LLC) sublayer handles L2 encapsulation - defined by 802.2 - framing - optional flow control - packet handling instructions - control-bit sequencing L2bMedia Access Control (MAC) sublayer controls access to the media - defined by 802.3 & 802.5 - CSMA/CD - MAC (hardware) addresses - logical topology - line discipline - ordered delivery of frames - optional flow control - error notification (not correction) in frames - Token Ring

- DQDB (Dont worry; nobody knows what this is.) SOME FRAME FIELDS of INTEREST: - FCS - Frame Check Sequence field in Ethernet frame (holds the CRC value) - SSAP - Source Service Access Point hardware address field - DSAP - Destination Service Access Point hardware address field

Those Wacky IEEE Specifications: It might help to list some big ones 802.1: bridging, switching, 802.3: CSMA/CD & VLANs, STP the Ethernets 802.2: L2 framing; 802.5: Token Ring connection-oriented & media access connectionless operations Physical Layer L1* blasts frames into BITS * It's all about SENDING AND RECEIVING BITS; the conveyor belt. Defines the mechanism for communicating with the transmission medium and interface hardware: voltages, wire speeds (data rates), and connector pin-outs. KEY CONCEPT: physical topology (baseband or broadband) PROTOCOLS (for bit sequencing) FOUND AT THIS LAYER: - RS-232, RS-449, and other serial line protocols - V.32 and other CCITT modem protocols NETWORK OPERATIONS PERFORMED: - putting bits onto the transmission medium TECHNOLOGIES: - active (amplifying) hubs - passive hubs - repeaters - concentrators - network interface cards (NICs)

- The REST of CHAPTER ONE: Big Picture Networking Of CSMA/CD and ETHERNET LANs Ethernet is a simple way of letting several computers talk on a network. It uses a scheme called carrier sense, multiple access with collision detection or CSMA/CD (which I like to pronounce KIZ-muh-cud). That means 1) each node or host (each PC) listens to the wire to see if anyones talking, 2) anyone can transmit at any time without waiting for permission, and 3) if two devices transmit simultaneously (a collision), they back off for a while, then try again. Works great until you get a couple hundred chatty machines on the same wire. Their shared collision domain can get only so busy before network traffic bogs down because theres no time to get a word in. Some other network schemes, like Token Ring, solve this problem with rigidly fascist control over the wire. They make everyone wait his turn, or they pass a you-get-to-talk-now card (the token) in a ring around the group. Ethernet is a bit more unruly but its cheap and popular, so were stuck with it. Luckily, Ethernet keeps improving. Standard Ethernet operates at 10Mbps and is called 10BaseT. Now weve added FastEthernet at 100Mbps and Gigabit Ethernet at 1000Mbps. One flavor of FastEthernet runs on high-quality category-5 wires where its called 100BaseTX, another runs on optical fiber (100BaseFX) and a third on bundles of cruddy category-3 or -4 telephone wire (100BaseT4). Base, by the way, stands for baseband, meaning, using only one frequency. If a lonely device using two wires in a cable can only transmit OR receive, its working in simplex mode. If it can use those same two wires to talk AND listen but must take turns doing either, it is operating in half-duplex mode. Taking turns this way means only the available BW can be used. A clever device that can talk and listen at the same time through a four-wire cable is using collision-free full-duplex mode. A device using full-duplex must be attached to a switch (not a hub) and have its collision detection and loopback turned off. Wire quality has as much to do with the available modes as does the sophistication of the devices. Any high-frequency signal can only go so far down a cable before it fades out. Old 10Base5 runs up to 500m (the 5 means 500m) on big ugly coaxial cable nicknamed thicknet. A slimmer coax called thinnet carries 10Base2 up to 185m. Almost nobody uses either one these days. Todays 10BaseT runs about 100m on 4-wire, category-3-or-better, unshielded twisted-pair (UTP) cable connected with small plastic Registered Jack (RJ)-45 connectors. 100BaseTX can go 100m, and 100BaseFX can go 412m at -duplex or 2km in full-duplex mode. A new device on a network checks to see the best speed and duplex mode it can use. When we connect a bunch of devices to an Ethernet hub, were just attaching all their wires together. The hub, its cables, and every device connected by them all sense each others state transitions (the voltage rises and drops making up digital messages), so each machine hears everything being said. They are all in the same room, the same collision domain, remember? More on this in a moment. An Ethernet network, then, is a bit like a meeting hall. Weve described the wires or media Ethernet uses, like describing the room everyone meets in. It has to be clean and well built so everyone can find and hear everyone else. Think of this when you study L1 of the OSI seven-layer cake. Weve also seen how the CSMA/CD rules-of-order apply in this room so people dont interrupt each other. Those rules are in L2 in the OSI model. Also at L2 is the idea that everyone has a seat with his name on it (a hardware address more later about these). But people gather in a hall to do business and Ethernet has nothing to do with the business discussed in this room, or in net-speak, the protocols. RJ-45 Pin-to-Pin Wiring Schemes (Pinouts) for 10BaseT or 100BaseT Ethernet: four-wire straight-through cable, your standard Ethernet cable - for connecting dissimilar devices: router to hub/switch; PC to hub/switch - each pin connects to its twin:

near end far end

1 2 3 6 1 2 3 6

four-wire cross-over cable - for connecting similar devices: router to router; PC to PC; hub to switch - the pair of pairs swap partners: near 1 2 3 6 end far 3 6 1 2 end Eight-Wire, RJ-45 Pinout for Console (Rollover) Cable: - for connecting a PC to the console port of a router - an ascending sequence segues to a descending sequence: near 4 5 6 7 8 1 2 3 end far 5 4 3 2 1 8 7 6 end

The OSI MODEL ENCAPSULATES for YOUR SINS, AMEN. That OSI model is a way of charting the responsibilities of network components so the people who design or operate them can enjoy some clarity. The model says, everyone divide your tasks the same way and there will be less confusion. Those tasks are the jobs of networking protocols like IP and IPX, TCP and UDP, ARP and RIP. The important ones are found in my notes on each layer (pp 2 & 3).

This quest for simplification also underlies layered architecture, writing complex programs from simpler units assigned to the individual layers. Some protocols are connectionless, meaning they send data over any available path, expecting no reply or confirmation of receipt. Slower but far more reliable are connection-oriented protocols establishing and reserving a specific virtual circuit with a partner before exchanging data. These expect acknowledgements for their messages or use flow control (buffering; source-quench messages; and windowing, whereby the responses of the receiving device control how much info is transferred before an acknowledgement is required) to ensure theyre heard. Another result of the seven-layer model is the way jobs are sent between layers. If L4 has chopped some data into segments hoping theyll be understood by another machine, it wouldnt make sense for L3 to scribble network addresses like crazy all over those segments. Then, by the time L2 got done adding the specific targets physical address and L1 transmitted the result, those poor data segments would be a real mess to untangle. The better idea is encapsulation: We leave all segments alone, just encapsulate them in L3 packets. Then the packets are left untouched as they, in turn, are then encapsulated in L2 frames. And when at last we blast the frames into bits at L1, we know the patterns of the upper layers are intact in the bit stream. Bits, frames, packets, and segments, the units passed from layer to layer, are called protocol data units (PDUs). When one frame type is hidden inside another, especially for security reasons, this is called tunneling. ADDRESSING: Flat and Lumpy Schemes A devices hardware or physical or MAC address is a built-in L2 address read by switches. Every device comes from its factory bearing a unique MAC address 48-bits long and written as 12 hexadecimal digits

(each digit is 4 bits in size), like 00e0.1e5d.2782. The first six digits are a code for the manufacturer (in bigger words, an Organizationally Unique Identifier) and the last 6 are unique to the device. L2 frames are addressed with MAC addresses. Network addresses, on the other hand, are logical (made-up) addresses read by routers. L3 packets are addressed with Network addresses. There are several network address schemes, such as IP or IPX. (Each L3 address only works for one L3 protocol.) L2 and L3 addresses have nothing to do with each other. So why assign L3 addresses when every device already has a MAC address? Because, while L2 addressing is flat with no address given any particular importance, L3 schemes use hierarchical addressing, letting devices be gathered into convenient groups we call networks. Packets can then be filtered by network area codes and routers can operate efficiently with only L3 knowledge, blissfully ignorant of any L2 details. To work quickly, a router, stores and reads only network addresses; thats as smart as it gets. And thats why each interface on a router must attach to a different network: If two of its connections had the same network name, the router couldnt choose (route) between them. Routers read the L3 addresses and get the packets to the right network on the Internet. From there, switches have no trouble finding a few L2 MAC addresses in the small meeting hall of a flat network segment.

LAN SEGMENTATION: Small Groups are Easier to Control If I want to send a message to 75 recipients I could direct it several ways. I could send 75 individual messages, one network-wide broadcast, or even one multicast to a group of 75 members. Such are the options with logical addressing, although there are good and bad points to each. Now we need machines that can use this addressing power to decrease traffic. If you have several hundred PCs linked by a bunch of hubs, you have one huge collision domain. But insert a bridge before each hub and you keep each hub from ever seeing traffic for the others. A bridge learns the L2 addresses of devices it feeds and if it gets a frame not belonging to any of them, it blocks the frame. What youve done is divide your big collision domain (your meeting hall) into smaller collision domains. The only non-broadcast traffic leaving any domain is traffic specifically intended for another. This improves both security (by keeping private traffic private) and performance (by reducing collisions). Bridges are mostly obsolete now because adding a bunch more ports to a bridge gets you an even nicer device: a switch. A switch is just like a bridge with more ports. Each port forwards only frames addressed to the devices attached there, so the switch divides each port into its own collision domain with fewer members. Put a single device on each port if you like. A different problem is with broadcasts, which use a MAC address of all ones to reach every machine in a network. Switches dont stop broadcasts and can do nothing to break up broadcast domains. You need a router for that. Routers divide broadcast domains because they direct traffic between different L3 network addresses and dont (by default) transmit broadcasts. Routers can also filter packets by the protocols they use. Since separate VLANs must talk through routers, VLANs, too, are said to divide broadcast domains. Whereas switches dont alter the frames they sort, a router replaces the L2 source and destination addresses of each frame it handles. Neither switches nor routers change the L3 addresses of passing packets. [The terms WAN, CSU/DSU, DCE, DTE, ISDN, & BRI are in Chapter X.]

CHAPTER II SWITCHING (15-20 questions, including VLANs) [Note: Im told most of Ciscos switches were designed by companies Cisco purchased, so their commands vary too widely to be exam-worthy. For this reason I havent much bothered to condense Lammles appendix B on switches. The parts of the appendix suggested to me (VLANs and trunking) are on page 14.] - Switching is ASIC (hardware) based, as opposed to bridges (software). - Otherwise, a switch is like a bridge with many more ports. - A L3 intelligent switch is faster than a router and can sort by L3 addresses. - Switches perform address learning by reading frames source addresses. - They make forward-or-filter decisions whereby broadcasts (all 1s), multicasts (host address = all 1s), and frames for unknown destinations go out all ports. - This breaks up collision domains by sending only needed frames out each port. - BUT it does not break up broadcast domains because broadcasts go out all ports. - Switches practice loop avoidance to stop broadcast storms, duplicate frames, and confusion in their filter tables caused by multiple paths. - The key method for loop avoidance is Spanning Tree Protocol (STP) using Bridge Protocol Data Unit (BPDU) multicasts exchanged every 2 seconds. - STP (IEEE 802.1d) is a messy protocol that causes lots of delays and recalculates the entire tree every time the network configuration changes. - STP elects a root bridge based on its 8-Byte bridge ID (derived from its device priority and its MAC ID). Priorities are compared (32,768 is the default) and the lowest value wins. If tied, the lowest MAC address wins. - Root bridge decides ports settings on remaining devices: open (designated) or blocked (non-designated). Lowest cost ports leading back to the root bridge are called root ports and become the path for communications with the root. - Designated ports are chosen by lowest cost path, using links accumulated BWs. - When network topology changes, all data stops for 50 seconds (convergence time) while STP re-configures all ports. Port transitions go as follows: 1.blocking 2.listening (exchanging BPDUs and checking for loops) forwarding delay 3.learning all MAC addresses a period also called a forwarding delay 4.forwarding THREE FRAME HANDLING MODES - cut-through: fastest possible; only destination header is checked (1st 13 Bytes) - FragmentFree: (default mode for Catalyst 1900 switches) reads 1st 64B checking for collision damage before forwarding - store-and-forward: entire frame checked; rejected if too short (<64B) or long (>1518B) or if it has a CRC failure; method with greatest latency (delay).

CHAPTER VI VLANs (15-20 questions, including general switching) - We can divide a switchs ports into subnetworks called virtual LANs (VLANs) organized by location, function, department, applications, or protocols. - WHY VLANs? Each VLAN is a small scalable network segment & a separate broadcast domain. Broadcasts are an unpleasant fact of network life but dividing broadcast domains this way improves security and performance by breaking up flat networks, in which every broadcast is seen by every device. VLANs can

provide automated control of each port and its resources to simplify computer moves, adds, and changes and cut administrative costs. - Hosts in different VLANs must communicate through a L3 device: a router with an interface for each VLAN, an ISL-capable router (Series 2600 and up) that can speak to all VLANs through a single interface, or a route switch module (RSM) installed in the backplane of a 5000-Series switch to support up to 1005 VLANs. Cisco calls a FastEthernet interface + ISL routing a router-on-a-stick. - This router or other L3 device can provide inter-VLAN security.

Switch qqqqqqqqqqq

VLANs must communicate via a Layer 3 device.

L3 DEVICE

E0

E1

unassigned VLAN 1 VLAN 2

Here, one router interface goes to each VLAN

- If the switch in the picture was a L3 switch, it could learn from the router to pass packets between VLANs to speed their trip (route once/switch many or ROSM). - VLAN numbers can range from 1 to 1004. - Users grouped by interest are called VLAN organizations. - A group of connected switches is called a switch fabric. - Access controls can be established anywhere within the fabric. - Administrators create static VLANs by hand. These are stable and secure, as long as the network doesnt change much. - If all required host MAC addresses are entered into a database, switch software can create dynamic VLANs based on applications, protocols or other factors. The software looks up each MAC address in a database and connects it accordingly, even if the device moves around the network. - Cisco offers VLAN Management Policy Server (VMPS) software as a MAC-address-to-VLAN mapping database. - There are two types of links (ports) in a switch fabric: - Access link ports are any ports connected to DTE devices (hosts). Each access port is a member of a VLAN, although a host using that port is unaware of this because any VLAN info is stripped from arriving frames before they are delivered. Such hosts must go through L3 devices to communicate outside their VLANs. - Trunk link ports connect all (or only several) VLANs from switches to routers, servers, or other switches. A device thus trunked can be part of up to 1005 VLANs simultaneously, meaning a trunked server can be reached by many subnets without the need to communicate through a L3 device. Trunk links have a default membership in VLAN 1 if the link fails. By default, all possible VLANs are present on a trunked link between switches (unless manually removed by an administrator) but trunk links going to routers or servers carry only VLAN 1.
A trunked port can carry all VLANs Switch qqqqqqqqqqq One ISL interface, many VLANs

ISL ROUTER
E0

VLAN 1

VLAN 2

TAGGING FRAMES for TRIPS DOWN TRUNKS - Frame tagging is a L2 means of identifying Ethernet frames by their VLAN membership. Tagging assigns each frame a unique, user-defined VLAN ID or color. Frames get tagged when they first go down a trunked link. Each switch in turn reads the tag and decides whether to send it out on another trunk port or out an access port to a host. Finally, as the frame leaves an access port, the tag is stripped off so the host wont reject it as deformed. - Four VLAN trunk ID (tagging) methods are: 1) ISL (Inter-Switch Link), a Cisco proprietary method using only Fast- or Gigabit Ethernet. ISL can be used on switch ports, router interfaces, or server NICs. It offers low latency and full wire-speed operation in either half- or full-duplex modes. It is an external tagging method in which the original frame is not altered but further encapsulated in a new tagging frame with a 26-Byte header and a 4-Byte FCS field at its end. These frames max size is 1,522 Bytes. Only ISL-aware devices can read these frames; other devices reject Ethernet frames not 64 to 1,518 Bytes long. An ISL tag is applied ONLY as a frame leaves a trunk port and removed as the frame leaves an access port. ISL is the only method on the exam. 2) IEEE 802.1q is an industry-standard tag that adds a field to the frame. This method is required if sending frames from Cisco switches to another makers gear. 3) LAN Emulation (LANE) couples VLANs over ATM. 4) 802.10 (FDDI) Ciscos proprietary tag for FDDI; puts SAID field in L2 header - Newer Cisco Catalyst switches use a point-to-point protocol designed for 802.1q called Dynamic Trunking Protocol (DTP) to control trunks in ISL or 802.1q. VLAN TRUNK PROTOCOL (which has nothing to do with trunking...) - VLAN Trunk Protocol is a misleading name for Cisco software that can add, delete, and rename VLANs, and send the changes to the entire fabric. This gives network-wide consistency, allows VLANs trunked over mixed media, permits monitoring, dynamic reporting of added hosts, and plug-and-play VLAN addition. - First turn one switch into a VTP server. VTP servers sharing VLAN info must use the same domain name. VTP is unneeded if all your devices share a VLAN. - VTP info moves between devices via trunk ports. (Maybe thats where the name comes from: VLAN Trunktraveling Protocol?) - Switches advertise VTP management info and all known VLANs to their domains every 5 minutes or whenever a change is made to the domain. Each advertisement carries a revision number assigned by the VTP server. When a switch sees an announcement with a higher revision number, it accepts the new info and overwrites its old database. - You can add a password to control users adding switches to your VTP domain but the same password must be used on every switch throughout the domain. - The default mode for Catalyst switches is server mode. Only this mode allows a switch to create, add, or delete VLANs or change VTP info in a VTP domain. Changes made in server mode are advertised domainwide. - A switch in client mode receives and acts on VTP info but cannot change it. Before any of its ports can join a VLAN, a client must receive instructions from a server. Before installing a new server, first make it a client so it will be up-to-date. - You can set a switch to transparent mode so it will forward advertisements but not act upon them. A transparent switch can still add and delete VLANs from its own, unshared database, as usual. - You can turn on VTP pruning at a server to instruct all switches in a domain to withhold unnecessary broadcasts from disinterested trunk links. Pruning is disabled by default on all switches. By default, only VLANs 2-1005 can prune. VLAN 1 can never prune because it is an administrative VLAN. Please see page 14, APPENDIX B The CATALYST 1900 SWITCH

CHAPTER III IP (5 questions) [Note: I moved lists of the individual protocols to Chapter I with their associated OSI layers. They arent nearly as important as subnetting. YOU MUST ABSOLUTELY KNOW HOW TO SUBNET QUICKLY FOR THE EXAM.] IP ADDRESSING An IP address is of 32 bits divided into four octets of 4 Bytes, each: 11111111. 11111111. 11111111. 11111111 (= 255.255.255.255 in decimal) The first four bits show the class. Classes A, B, & C use the first; first two, and first three octets, respectively, as their network portion. The more network ID bits, the fewer bits remain for any host IDs, and vice-versa. firs first t 4 octet bits 0xx x 10x x 110 x 111 x 111 1 netwo rk addres ses 126 16,384 host addres ses

cla ss

notes

1-126 A 128191 192223 224239 240255 B

C D E

2,097, 152 multic ast reserve d

16,777, (127 214 reserved 65,534 for loopback tests) 254 multica st reserve d

SUBNETTING Subnetting means masking-off a range of IP addresses into a smaller network segment to reduce its population. This scheme improves performance, allows better management, facilitates the use of expensive WAN links, and gives planet Earth more network addresses to work with so we dont run out as fast. A subnet mask of 1s is applied to the IP address to mark its network portion. Lets say a huge corporation died and left us its entire class B network but we only know one address in it. Here is that address in both binary and easyto-read decimal: 10101100.00010010.1111010.11001010 = 172.18.202.10 Its a class B, so its network address is 172.18.0.0. Its node (or host) address is 202.10. The normal class B mask that says where one ends and the other begins is 11111111.11111111.00000000.00000000 = 255.255.0.0, right on the dot between the 2nd and 3rd octets, just like usual. Now, in every network segment, the 1st address, the network address, is special; its the address we route to. The last address before the next segment is special, too; its the address we broadcast to. All the dull addresses in between? Those can be assigned to hosts. Here, our broadcast address is 172.18.255.255, meaning our hosts run from 172.18.0.1 to 172.18.255.254. But we know not to put 65,534 host computers in one Ethernet network! (See the above table.) Instead, we can subnet and carve out several smaller networks if we mask out (steal) an additional few bits from the next, empty octet to the right. Lets change our mask by stealing four more juicy bits from the third octet: 11111111.11111111.11110000.00000000 = 255.255.240.0, our new mask, or 240 in the 3rd octet, for short. [Also, instead of writing out the address and its entire mask, we can use a shorthand of 172.18.250.202/20 to say weve got a mask 20-ones-long.] We calculate new addresses by

applying a magic number to the mask octet. The magic number equals 256 minus the mask. A new segment starts with every multiple of the magic number. Our job now is to find the new network address, broadcast address and valid host address range for our one machine at 172.18.202.10. The magic number for our .240 mask is 16. Our mask is in the 3 rd octet. So, as you count up the 3rd octet from 0 to 255 a new segment starts at every multiple of 16, from 16x0, onward: 172.18.0.0, our first multiple, 172.18.16.0, our second multiple, 172.18.32.0, our third, 172.18.48.0 ...and so on. Each multiple is the first address of a different baby subnet.* Which multiple are we in? Our 202.10 is between multiples 172.18.192.0 and 172.18.208.0. The broadcast address for our segment is the address right before 208.0, so its 172.18.207.255. The range of host addresses is every address between the network and the broadcast addresses, like so: 172.18.192.0 is the network address, 172.18.192.1 to 172.18.207.254 is the host range, and 172.18.207.255 is the broadcast address, meaning 172.18.250.202 is valid and not reserved or illegal. The end. Those of us who cant do math can cope somewhat by memorizing this table: stolen bits 1 2 3 4 5 6 7 8 mask mas magi (binary) k c# 10000000 .12 128 8 11000000 .19 64 2 11100000 .22 32 4 11110000 .24 16 0 11111000 .24 8 8 11111100 .25 4 2 11111110 .25 2 4 11111111 .25 1 5 hos netwo ts rks 12 0 6 62 2 30 14 6 2 6 14 30 62 126 0 254 0

Note the hosts are the magic numbers minus 2 and networks is just hosts upside-down. You might be asked how many hosts you have or, similarly, to mask just enough bits to leave a range of X hosts. Class C numbers are in the table but counting class A and B hosts can be painful. Our example segment had 16 values in the 3rd octet, from 192 to 207, but each of those also represents from 0 to 255 in the last octet, so were talking about 4,096 addresses, here. Each octet you jump to the left represents 256 times the octet to its right. Put another way, because each number in the third octet, from 192 up to and including 207, is worth 256, we multiply 16 x 256 to find out how many addresses exist in our range. The short answer is 4,096 but, because we

cant use the network or broadcast addresses, we must subtract those two to see there are 4,094 possible hosts in our range. Thats your final answer. The simplified formula is (magic number x 256) 2 but if youre instead counting steps in the second octet, its (magic number x 65,536) 2. Remember that for counting in class A. If 4,096 hosts are still too many, you can go on masking right into the next octet, say 172.18.250.202/27. The mask is now three bits into the fourth (and final) octet. This is normally class C turf, so you have to pay attention to that 172 to know its still a class B. Our cheaters table has no row for the 11 bits were now stealing, so just ignore the third octet and pretend were only stealing from the fourth. Read the table for three stolen bits (from the fourth octet). Our mask is 255.255.255.224, our magic number is 32, and, since were ignoring the third octet of the mask, were going to apply the magic number to the fourth octet. Our IP address lands between the magic number multiples 172.18.250.192 (our network address) and 172.18.250.224 (the next network address), meaning 172.18.250.223 is our broadcast address; everything in between, 172.18.250.193 through 172.18.250.222, is our host range, with 30 addresses. Some are harder than others, especially A or B addresses using a little more or a little less than full octets. Here are some youre glad you dont see everyday. Watch how the net address and the next net address change as another bit is stolen. address 122.67.69. 10 /15 255.254.0. mask 0 A class magic # 2 (in 2nd octet) 122.66.0.0 net address 122.67.255 b/c address .255 122.68.0.0 next NA address 122.67.69. 10 /23 255.255.25 mask 4.0 A class magic # 2 (in 3rd octet) 122.67.68. net address 0 122.67.69. BC address 255 122.67.70. next 0 NA address 172.67.69. 10 /23 255.255.25 mask 4.0 B class 122.67.69. 10 /16 255.255.0. 0 A 1 (in 2nd octet) 122.67.0.0 122.67.255 .255 122.68.0.0 122.67.69. 10 /24 255.255.25 5.0 A 1 (in 3rd octet) 122.67.69. 0 122.67.69. 255 122.67.70. 0 172.67.69. 10 /24 255.255.25 5.0 B 122.67.69. 10 /17 255.255.12 8.0 A 128 (in 3rd octet) 122.67.0.0 122.67.127 .255 122.67.128 .0 122.67.69. 10 /25 255.255.25 5.128 A 128 (in 4th octet) 122.67.69. 0 122.67.69. 127 122.67.69. 128 172.67.69. 10 /25 255.255.25 5.128 B

magic # 2 (in 3rd octet) 172.67.68. net address 0 172.67.69. BC address 255 172.67.70. next 0 NA

1 (in 3rd octet) 172.67.69. 0 172.67.69. 255 172.67.70. 0

128 (in 4th octet) 172.67.69. 0 172.67.69. 127 172.67.69. 128

Startling lessons learned: - Just because the mask is /25 doesnt mean its a class C address! - Just because the mask is 255.255.255.0 doesnt mean its a class C address! - Class can only be determined by looking at the first octet! - Just because an address ends in .0 doesnt mean its a network address! - Just because an address ends in .255 doesnt mean its a broadcast address! - Not all network addresses end in .0! - Not all broadcast addresses end in .255! - Dont let anyone tell you, .128 masks are always illegal! - Without the address, the mask cannot tell you how many sub-networks you get! - You may have to crunch the numbers to find out if a given host address is valid! And beware these strange rules: - *Youre cant use first or last multiples. This keeps classful routing protocols (RIP or IGRP) from getting confused by masks that arent /8, /16, or /24. BUT - You can waste less space by subnetting the first and last multiples even further with a variable-length subnet mask. Dont use more than 2 VLSMs on a network. - 10.0.0.0, 172.16.0.0, 192.168.0.0 can be private networks if kept off the Internet. - The following .128 (one bit) masks only become valid if you say ip subnet-zero For class A: 255.128.0.0; for B: 255.255.128.0; for C: 255.255.255.128. These let you create only two subnets and still use them both. - You cant steal either 7 or 8 bits from a class C address. Youd have no hosts!

CHAPTER IV CONFIGURATION BASICS (10-15 questions) - To configure a router, connect its console port to the serial port of a PC with a console cable and a DB9-toRJ45 adapter. Set HyperTerminal to your COM port at 9600 baud and turn on the router. (You cant Telnet to a virgin router until IP is set up, so for remote configuration use an AUX port & modem.) Setup Mode is entered either by typing the setup command or by typing erase startup-config and rebooting. The three Setup Mode options are: 1) Decline the initial config dialog, skip Setup, go to the Command-Line Interface. 2) Basic Management Setup allows enough connectivity for management, only. 3) Extended Setup, with configuration options for each interface. The setup sequence is: hostname, en secret, en password, VTY password, SNMP, L3 protocols, asynch (modem) lines, BRI interface, other interfaces [connector, full- or half-duplex, IP address & mask], and review. You then have three final options: CLI, start over, or save & exit. CTRL-c terminates setup mode. - In User Exec Mode type > en and a password to go to Privileged Exec Mode, then one of these three options to enter Global Config Mode: # config terminal brings up the running-config file in RAM # config memory brings up the startup-config file in NVRAM (= copy start run) # config network gets a config file from a remote TFTP host (= copy tftp start) - If you use either of those last two, the machine swaps the file you requested into RAM so you can work on it. This replaces your running CF, so be careful! - From global config mode, you can visit several sub-modes, for example: (config)# interface s0 to work on an interface (with a (config-if)# prompt). From there, type (config-if)# interface s0.1 to make a subinterface [(config-subif)#]. (config)# line vty 0 4 to work on a line [the new prompt = (config-line)#]. (config)# router rip to work on a routing protocol [prompt = (config-router)#]. - In global config mode, commands are called major or global. - Commands from (config-xxxx)# prompts are called subcommands. IOS Commands to Move Up or Down Between Different Modes/Prompts (NOTE: Chart developed in-part from simulator software; not confirmed with real routers!) Mode: Prompt down: up: enter/leave IOS: ----------------------------none user exec: return exit quit logout > --------exit ----quit ----logout privileged exec: enable disable # ----------------------------global config: config t exit end ^z (config)# ------------end ----^z interface: int e0 exit ^z (config-if)# ----exit ------------subinterface: int e0.1 (config-subif)# -------------

COMAND LINE CURSOR GYMNASTICS and HELP COMMANDS CTRL-w - erases a word CTRL-u - erases a line CTRL-a - moves to start of line CTRL-e - moves to end of line CTRL-f or - moves fwd one character ESC-f - moves forward one word CTRL-p or - recalls previous command in history buffer TAB - completes partial commands CTRL-b or - moves back a character ESC-b - moves back one word CTRL-n or - steps forward to next newer command in history buffer CTRL-c - breaks off long data displays some running

CTRL-z - ends any configuration mode and CTRL-SHIFT-6 - pauses returns to privileged exec mode processes (e.g. Telnet sessions)

command ? - (with a space) gives all possible options to follow command xxxxx? - (no space before the ?) gives all possible completions of the text xxxxx sh history - shows last 10 (default value) commands sh terminal - shows terminal configuration & size of command history buffer terminal history size <0-256> - resizes command history buffer sh version - shows IOS version, CF names and sources, hardware config, Configuration Register code 5 PASSWORDS en secret, en password, console port, aux port, & Telnet - Two passwords are available to enter the Privileged Exec (enable) Mode: enable secret bozo - sets the encrypted enable password; this is the preferred one enable password bozo - sets the plain-text enable password; use as a last resort The two cant be in effect simultaneously; if you try, the secret takes precedence. enable use-tacacs - sets enable password on several routers using TACACS server SETTING the OTHER PASSWORDS (& using OPTIONAL ENCRYPTION) - You can encrypt the 4 plain-text passwords so sh running-config wont show em: (config)# service password-encryption - turns optional encryption on (config)# enable password bozo - sets the plain-text enable password, just like we did above; this can be included in the encryption process if you desire - Next, set the three line passwords, the ones used to connect to the router: (config)# line console 0 - port 0 is the only port available (config-line)# login (config-line)# password bozo - sets the console port password also: (config-line)# exec-timeout <min> <sec> - sets session timeout; 0 0 = never also: (config-line)# logging synchronous - hold pop-up messages while typing (config-line)# line aux 0 - port 0 is the only port available (config-line)# login (config-line)# password bozo - sets the auxiliary port password; aux is typically used for modems but can also be used as a console connection (config-line)# line vty 0 4 - VTY is usually lines 0-to-4; more with Enterprise IOS (config-line)# login (config-line)# password bozo - sets the Telnet password; Telnet will not operate until this is set, unless you leave access open with line vty 0 4 then no login.

(config-line)# exit (config)# no service password-encryption - turns optional encryption off MESSAGE of the DAY BANNER Shown at every console, aux, or Telnet entry. (config)# banner motd <dc> Any character can be the delimiting character (DC) but the default is #. Pressing it ends the message, so it cannot be used in the text. - Other banners are exec, incoming, and login. To keep multiple banners on separate lines, add an extra blank line before pressing the DC. INTERFACE CONFIGURATION (config)# interface serial 0 engages an interface & changes the prompt to (config-if)#. - 2500 Series routers have fixed configurations but 2600, 3600, 4000, and 7000 specify their interfaces with slots and port numbers: interface fastethernet 0/0. - On 7000 or 7500-Series routers with Versatile Interface Processor (VIP) cards, define an interface by slot / port_adapter / port#, thus: interface ethernet 2/0/0. (config-if)# media-type <100BaseX/MII> sets media type (normally auto-detected). (config-if)# no shutdown turns on an interface; (config-if)# shutdown turns it off - Interfaces are shutdown by default. (config)# hostname Chicago labels the router. (The label is case-sensitive.) (config-if)# description Sales Department LAN labels the interface. IP CONFIGURATION (config)# int e0 engages Ethernet interface 0. (config-if)# ip address 172.16.10.2 255.255.255.0 secondary configures IP. (The secondary command adds this info, rather than replacing an earlier IP set up.) (config-if)# no shut turns on service to the interface. SERIAL INTERFACE SPEED SETTINGS - Serial interfaces usually attach to a CSU/DSU that provides synch clocking. If two DTE routers are directly attached (as in a lab), the one at the DCE end of the cable must provide clocking. Use (config-if)# clock rate 64000 with the rate in bps. - The default bandwidth label on an interface is set to 1544kbps (T1 speed). IGRP, EIGRP, OSPF, & other protocols read this label to calculate routes. (RIP ignores it.) To set it, type (config-if)# bandwidth 64 where the rate is in kbps. SAVING and VIEWING CONFIGURATIONS - Saving your configuration copies the file running-config to NVRAM, overwriting startup-config. Do this with copy running-config startup-config. - View the two files with sh run and sh start. (You can shorten the file names, if you like.) Note: Each file shows the IOS version in use when it was created. - Erase CFs with erase run and erase start. (Boots to setup mode if no start file.) - A CF is an ASCII file and can be edited with any text editing program. - You can also copy CFs to TFTP hosts. Use copy run tftp or copy start tftp to make the backup and copy tftp run or copy tftp start to restore the desired file. INTERFACE DIAGNOSTICS - Ping an interface using a specific protocol with ping <protocol> <address>. - Get the address of a neighbor with sh cdp neighbor detail. - Telnet (the best tool to verify IP connectivity) telnet <address/hostname>. (The word telnet is understood if you just type the address or hostname.)

# sh running-config tells interface stati, descriptions, &c. # sh interface e0 as above, plus tells if the interface is administratively down (using shutdown). Shows L2 & L3 addresses, encapsulation methods, collision stats, Maximum Transmission Unit (1500 Bytes by default), BW label, keepalive frequency (must be same on both ends); & carrier detect/keepalive status, thus: Ethernet0 is up, line protocol is up. The first item shows L1 cable or interface problems, the second item shows L2 mismatched keepalives, encapsulations, or clock rates not set. I always call it the L1/L2 up/down stats. Possibilities are: up/up = operational down/down = interface problem

up/down = connection trouble

administratively down/down = disabled

- If the interface is administratively off, the remote end will say down and down. - You can reset the counters for the above command with # clear counters <int#>. # sh controllers s 0 shows info about the physical interface and type of serial cable (DTE or DCE) attached. (Note the required space between the s and the 0.) sh <ip/ipx> interface shows L3 address, applied lists, L1/L2 status for all interfaces. sh <ip/ipx> interface brief just gives the status check with L1/L2 ups/downs. CHAPTER V IP ROUTING (6-10 questions) - The ability to route requires a knowledge of a destination address, of potential routes to other networks and the best route to each, a learning relationship between neighboring routers, and a means to maintain and verify routing tables. - Each interface on a router must attach to a different network. - Routers discard packets for unknown networks (if default routing is not enabled). - Basic router set up (see Chapter IV) gives a hostname to the router, applies an IP address (and clock rate, if needed) to each interface, and turns the interfaces on. - If a network is unreachable, its entry is automatically dropped from the table. - There are three types of routing: static, default, and dynamic: STATIC ROUTING no CPU overhead no network bandwidth administrator oversight of security requires deeper understanding new routes must be added manually only workable on small networks

- Syntax: ip route <dest_addr> <dest_mask> <next_hop> <admin_dist> permanent (config)# ip route 172.16.20.0 255.255.255.0 172.16.10.2 - turns on static routing - next_hop could also be the exit_interface for a point-to-point link (on a WAN). - admin_distance (AD; 0-255) is a scale of trust in routing information, depending on its source. Some default ADs for various sources are:

connected interface static or default route EIGRP IGRP

0 1 90 100

OSPF RIP

110 120

external EIGRP 170 unknown 255 (will never be used)

- permanent keeps unreachable networks from being deleted from the table. - Verifying static routes using # sh ip route shows the directly connected networks and any remote networks the router knows and can reach. Directly connected routes have a C beside them; static routes have an S and a note similar to [1/3] that shows [AD / hops to the particular network]. DEFAULT ROUTING - Default routing is a variant of static routing used only on stub networks (routers with only one port leading to another router). It replaces multiple static route commands with a single instruction to send all packets for unknown destinations to the same default next hop (another routers interface) or gateway of last resort. - similar to a static route entry but with wildcards (vs. network and mask info) - 1st delete static route entries with no ip route 172.16.20.0 255.255.255.0 172.16.10.2 - 2nd add default entry: ip route 0.0.0.0 0.0.0.0 172.16.10.2 where 172.16.10.2 is the gateway of last resort. - 3rd, Cisco routers are classful, allowing protocols like RIP and IGRP to expect only /8, /16, or /24 masks on each interface. Typing ip classless, however, keeps packets from being discarded due to unrecognized destinations. Always use this command with default routing, even though it will sometimes work without it. (Classless routing is set by default in newer IOS releases.) - Verifying dynamic routes with # sh ip route shows similar information as with static routes, except the several S entries have been replaced by one S* entry indicating the default route candidate. DYNAMIC ROUTING: RIP & IGRP DISTANCE VECTOR PROTOCOLS - uses routing protocols to automatically update tables (at a cost of bandwidth) - two types: Interior Gateway Protocols and Exterior Gateway Protocols - IGPs are used within autonomous systems (AS; a set of networks under common administration, sometimes called a domain). - EGPs are used between autonomous systems. - three classes of routing protocols (RIP and IGRP, only, are on the exam): 1) distance vector (RIP/IGRP) uses hop counts [but see IGRP details, below]. 2) link state (OSPF) uses 3 tables: direct connections, topology, & routing; gets a full view of the network (no rumors) by bandwidth analysis and triggered updates, but is hard to set up and consumes much BW, itself. 3) hybrid (EIGRP) uses bits of both The INS and OUTS of DISTANCE VECTOR ROUTING (D/V) - passes complete tables between routers (routing-by-rumor vs. investigation) - If dual routes exist to a network, the best is chosen by AD, then by other metrics. - If two links have same hop count but different BW, you get pinhole congestion. - Convergence occurs when all routers know the routes to all networks. - D/V tracks changes with periodic update broadcasts to all active interfaces. Slow convergence means discrepancies can develop between routing tables and reality, causing routing loops wherein rumor-fed routers endlessly pass around packets convinced their neighbors can reach a deceased link. Some cures:

- Maximum hop counts: RIP permits 15 hops before a packet is discarded. - Split horizon rules: routing info cant be sent via the interface it arrived on. - Route poisoning: dead routes are explicitly updated as being unreachable (16 hops away) and receiving routers send explicit poison reverse updates as confirmations because, hey, sometimes rumors just arent good enough. - Holddowns: delays that make routers ignore updates to keep them from reinstating a dead route; improves stability by letting changes settle first.

Holddowns are cleared early if a route update arrives with a better metric than the dead route had. - Triggered updates are immediate, forced (instead of periodic) updates to routing tables made when things change. They reset holddown timers if the timer expires, the router gets a processing task proportional to the number of links in the network (making the router effectively forget about the holddown), or a new update says network status has changed. ROUTING INFORMATION PROTOCOL (RIP) - RIP is a D/V protocol sending a full table every 30 seconds. - RIP has a long convergence time. - RIP uses only one metric: hop count, with a maximum hop count of 15. - AD = 120 - RIP will load balance between up to 6 links of equal cost. - good for small networks but inefficient on large ones with slow WAN links or many routers - RIP v1 uses only classful routing, requiring all devices to use the same subnet because it doesnt send subnet info in its updates. - RIP v2 does do classless routing but is not on the exam. - RIP uses three timers: - update timer: sets update frequency (default = 30 seconds) - invalid timer: sets time with no mention of route before route is declared invalid (default = 90 seconds) - flush timer: sets time after invalid status before the route is removed from the table (default = 240 seconds) The flush delay is used to inform other routers of the dead routes impending removal. - RIP is configured thus: (config)# no ip route 172.16.20.0 255.255.255.0 172.16.10.2 - removes static routes; static routes have an AD of 1, so RIP (AD = 120) would never do anything (config)# router rip - enables RIP (config-router)# network 172.16.0.0 - sets network to advertise (note: no mask!) (config-router)# passiveinterface s0 - sets interface to receive but not send updates if you wish to limit RIP broadcast traffic - Verifying RIP with # sh ip route again shows a table of info similar to static routing, except with an R next to each dynamically acquired RIP table entry. INTERIOR GATEWAY ROUTING PROTOCOL (IGRP) - IGRP is a Cisco proprietary D/V protocol designed as an improvement to RIP. - IGRP has maximum hop count of 100 by default with a maximum setting of 255. - AD = 100 - IGRP uses a composite metric of BW and delay by default but can also use reliability, load, and/or MTU (maximum transmission unit), if desired. - IGRP uses four timers: update = 90 seconds; invalid = 3 x update; flush = 7 x update; holddown = (3 x update) + 10 seconds - IGRP is configured thus:

(config)# router igrp 10 - enables IGRP in AS number 10; all routers in an autonomous system must be configured with the same AS # (1-65535) (config-router)# network 172.16.0.0 - sets network to advertise (note: no mask!) - IGRP can load balance up to 6 unequal routes using this command to control the balance between the lowest cost and the highest acceptable cost: (config-router)# variance <1-128> where the value is the metric variance multiplier - other commands to help control traffic distribution are: (config-router)# traffic-share balanced meaning, share over the routes in proportion to their metrics, and (config-router)# traffic-share min meaning, share only among routes with the same, lowest cost - Verifying IGRP routes with # sh ip route again shows similar tables, now with an I for IGRP next to each dynamically acquired table entry and a note similar to [100/160360] which shows the [default IGRP AD / composite metric]. - Note: If RIP is accidentally left on, it will continue to consume BW and CPU cycles, but never change a routing table because of its higher cost (AD = 120). ROUTING TABLE DIAGNOSTICS sh ip route a table of routes to all directly connected or reachable remote networks. sh ip protocols shows settings: which routing protocol is in use, update frequency, time to next update, timer settings, metric weights, max hops, load balancing, networks advertised, gateways found, and AD to each. sh protocols shows if routing is enabled, L1/L2 up/down stats, & L3 addresses. sh run shows the configurations you ordered. debug ip rip shows routing updates as they come & go. If youre Telnetting-in, you must type terminal monitor to get these reports. debug ip igrp events summarizes IGRP info running on network, all requests and responses, but NO INFO ABOUT INDIVIDUAL ROUTES. debug ip igrp transactions shows detailed contents of requests and responses, including info about individual routes.

CHAPTER VII BOOT-UP & CONNECTIVITY TOOLS (unk # questions) ROUTER MEMORY COMPONENTS ROM (a.k.a. boot ROM) - instructions encoded on EPROM chips, including: - POST (power on self-test) - checks hardware for configuration and errors - bootstrap sequence - instructions to initiate a start-up when the power comes on - ROM monitor - provides a user interface in the absence of any valid IOS image - Mini-IOS - called RxBOOT or bootloader by Cisco; will help router boot if no real IOS is present; able to load a real IOS into flash and bring up an interface RAM (a.k.a. DRAM) - erased whenever shutdown; holds packet buffers, routing tables, functioning software and data, and the running-config file; some routers can keep the IOS here. Examine the CF with sh runningconfig; RAM contents with sh memory, sh buffers, and sh stacks; programs with sh processes; CPU use with sh processes cpu. flash - an EEPROM chip (keeps its memory when the router is off; can be erased or overwritten by special software commands); holds the Cisco Internetwork Operating System (IOS); Some routers protect the flash in read-only mode unless you boot from ROM. Examine the IOS with sh version or the size & contents of the flash memory with sh flash.

NVRAM (non-volatile RAM) - also holds its memory when shut down; stores the startup-config file transferred to RAM at startup and the configuration register code for boot control. Examine the CR with sh version and the stored configuration file with sh startup-config. SELECTING an IOS for your NEXT BOOT (config)# boot system flash <filename> - get IOS from flash; <filename> is optional (config)# boot system tftp <filename> <server_addr> - get IOS from a network file (config)# boot system rom - use that Mini-IOS hiding in ROM - If you add all of these lines to your CF, the router will attempt each one in turn. The ROUTER BOOT SEQUENCE - To reboot the router, type > reload. - The POST loads from ROM and checks health of the machine. - The boot sequence is engaged to issue start up instructions. - The IOS is loaded (from flash, by default); router now has an operating system. - If a CF exists in NVRAM, it is loaded into RAM; otherwise setup mode starts. CONFIGURATION REGISTER MATH - 16 binary bits / 4 hex digits; viewed with # sh version - The CR is usually set to 0x2102. In binary that equals 0010000100000010, with bits 1, 8, & 13 turned on. Four bits at a time it reads 2 1 0 2.

0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0 bin de 2 1 0 2 c

hex 0x0001 0x0002 0x0004 0x0008 0x0010 0x0020 0x0040 0x0080 0x0100 0x0200 0x0400 0x0800 0x1000 0x2000 0x4000 0x8000

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

a 1 in this bit means... (Note: Bits that are normally on are shown in bold type.) bits 0-3 control the bootfield (the source of the IOS): 0x0000; CR = xxx0: ROM monitor mode (no IOS) 0x0001; CR = xxx1: boot an IOS image from ROM 0x0002 - 0x000F: use the IOS specified in NVRAM [function unknown] [function unknown] 0 = use CF from NVRAM; 1 = ignore NVRAM OEM bit enabled keyboard break disabled [function unknown] IP broadcast addresses use all zeros bits 11 & 12 control the console line speed boot the default ROM software if a network boot fails IP broadcast addresses use no network numbers enable dialog messages and ignore NVRAM contents

- Simplified: xxx0=ROM monitor mode, xxx1=IOS from ROM, xxx2=IOS from flash, xx0x=use the CF in NVRAM, xx4x=skip the CF; Some CR examples: 2000 - RxBOOT diagnostics mode; use b to continue booting 2100 force ROM monitor mode with rommon> prompt 2101 boot IOS from ROM + NVRAM with router(boot)> (for upgrading flash) 2102 normal boot up (i.e. with IOS from flash + NVRAM) (2102-210F use the default boot filename specified in NVRAM)

bit

2141 boot to ROM and skip the CF (for disaster recovery) 2142 boot the IOS from flash but skip the CF (for password recovery) - Change the CR with (config)# config-register <value>, then reboot RESETTING PASSWORDS by TURNING ON BIT 6 for ACCESS: - Reboot; at the console port, interrupt the boot sequence within 30 seconds with a break command (CTRLBREAK) to get to the rommon 1> prompt (on some routers). [WinNTs HyperTerminal wont do breaks, so upgrade or use 95/98.]

- Turn on bit 6 by typing (config)# config-register 0x2142, then reload the router, [or, on a 2500 Series router, > o to reach the option menu, then > o/r 0x2142, then I for initialize or, on a 2600 Series router, rommon 1> confreg 0x2142, then reset.] - Decline to enter setup mode (asked because there is no startup-config in use). - Enter privileged mode with > enable; copy the startup-config file (its still there in NVRAM, even though it wasnt used) to the running-config file with copy start run; config t then set any passwords desired (enable secret bozo, &c.); save CF with copy start run; reset the CR with config-register 0x2102. - Reload the router with # reload. BACKING UP the IOS to a TFTP HOST - By default, the IOS is stored in flash. - First, copy the existing operating system to a tftp host. [To make a router a TFTP host for storing flash images, type (config)# tftp server.] - Type # sh flash. The files name will be similar to c25000-js-l.112-18.bin. This will also show any room available in flash for more file storage. - ping your intended remote host to ensure you have connectivity. - Type # copy flash tftp. (Note: This displays the same info as the sh flash command.) When asked, enter the IP address of the remote host, the source filename, the destination filename, and confirm the copy. TFTF can only copy the file to the default directory on the host, so you need to set that up, first. RESTORING / UPGRADING the IOS from a TFTP HOST [Note: This procedure forces a reboot and terminates any Telnet sessions.] - Put the desired source file in the default TFTP folder on the host. - Type # copy tftp flash. Confirm, enter the host IP address, source filename, and destination filename, confirm the erasure of the flash (if theres insufficient room for both the new and old files or if this is a virgin flash), confirm again, accept a backup of the running-config to the startup-config (if needs be), and confirm again. The router erases the flash, transfers the data, does a checksum verification, and reboots. Whew! CISCO DISCOVERY PROTOCOL - CDP gathers info about the hardware and protocols on directly connected Cisco neighbor devices. It uses L2 SNAP multicasts. - # sh cdp (on either routers or switches) shows your CDP timer (seconds between your transmittals of CDP on all active interfaces; default = 60) and your CDP holdtime (seconds youll hold an incoming CDP packet; default = 180.) - To set these, type (config)# cdp timer <seconds> or cdp holdtime <seconds>. - Routers run CDP by default. (config)# cdp run and no cdp run turn it on and off. - Theres still no CDP on an interface until its enabled using (config-if)# cdp enable. - View neighbor info with # sh cdp neighbor. This lists the devices IDs, your interface connected to them, your remaining holdtimes for their last packets, what they do, what series they are, and their port or interface connected to you.

- # sh cdp nei detail adds L3 addresses and IOS versions to the above. Its identical to # sh cdp entry *. Clear your table of neighbor data with # clear cdp table. - You can use Telnet to get CDP info from devices that arent your neighbors. - # sh cdp traffic counts the CDP packets youve sent and received and their errors. - # sh cdp interface lists all your interfaces L1/L2 up/down stats, encapsulations, and cdp timer & holdtime settings. But if an interface has CDP disabled, it wont even be mentioned! TELNET or VTY (Virtual TeletYpe) - Why VTY? Because the old Teletype abbreviation is TTY. Does that help? - Using Telnet tests connectivity through the entire IP stack. Its your best test. - Telnet is preferable to debug, which can place extreme traffic loads on a router. - By default, before you can Telnet in to a device, its VTY password must be set. You can Telnet into (but not from) a 1900 Series switch but you must first set its enable mode password level 15. This lets you get to the switchs Management Console menus or command line. (You can ping from a 1900.) - Launch Telnet from any Cisco or DOS prompt by typing telnet and either the address or hostname to connect to. Also, any time you simply type a name or address into a router prompt, the Cisco IOS assumes you want to Telnet there. - Close a session from the remote ends prompt with exit. Do the same from your prompt with disconnect <connection_#/connection_name>. - To get back your own prompt without disconnecting, press CTRL-SHIFT-6, then x. - # sh sessions lists current Telnet connections and their connection numbers with a * beside the most recently used. Press ENTER ENTER to go back to that one. - All the active consoles and ports on your router are shown with # sh users. (Its really more like sh ports.) Again, a * marks the user (port) of the current terminal session. If youre Telnetting out, your end will show all the hosts youre connected to. Run this command on the remote end (via Telnet) and youll see all its incoming connections, yours included. - Eject a guest with sh users to see his line number, then clear line <#> to toss him. Continued on page 14 with TWO WAYS TO RESOLVE HOST NAMES CHAPTER VIII IPX (4-5 questions on encap. types & how to turn on/off) Part 1: IPX BASICS Like IP, IPX is comprised of a suite of protocols. Novells layered protocols dont, however, follow the OSI model: IPX... - stands for Internetwork Packet eXchange - is connectionless (like UDP), therefore communications using it get no acknowledgements - approximates L3 (mostly) and L4 functions - talks to higher layers via sockets, akin to TCP ports - sends everything via broadcasts (very resilient but problematic for big internetworks) SPX... - stands for Sequenced Packet eXchange - adds-on connection oriented functions (akin to TCP) - identifies individual connections as virtual circuits, each with a specific connection ID in the SPX header - operates at the equivalent of L4 Novell RIP... - stands for Routing Information Protocol

- is a distance/vector routing protocol - uses ticks (18ths-of-a-second) and (if theres a tie) hop counts as metrics - Ill label it as RIPIPX so as not to confuse it with TCPs RIP. SAP... - stands for Service Advertising Protocol - is used to advertise/request network services from NetWare servers NLSP... - stands for NetWare Link Services Protocol - is a more advanced replacement for RIP IPX and SAP - is a link-state routing protocol NCP... - stands for NetWare Core Protocol - provides security, file access, synchronization, &c In summary, Novell provides much internetworking capability on its own. CLIENT- SERVER RELATIONS - NetWare machines are either clients OR servers. Period. - Servers almost always run the NetWare OS. - Clients can run MAC, DOS, Windows, NT, OS/2, Unix, or VMS. - Clients broadcast GNS (Get nearest Server) requests; servers answer with GNS replies containing pointers to specific servers holding the requested resources; the info comes from SAP tables on the servers. - Cisco routers can build their own SAP tables and respond as though they were NW servers, or respond on behalf of a remote NW server in a different network. SERVER-SEVER RELATIONS - Servers speak to each other 2 ways: with SAP packets for service info and with RIPIPX for routing info. - Both are sent in broadcasts at 60-second intervals. - Broadcasts include the senders own info plus accumulated info about other servers, as well. Eventually, all NW servers become fully enlightened. - Cisco routers can play this IPX update game, too; this is good because broadcasts dont normally cross routers (keeps more traffic within individual segments). IPX ADDRESSING - IPX addressing is hierarchical, as in IP. The first eight hex digits are the network address; the remaining twelve form the node address. Heres an example: 00007C80.0000.8609.33E9 network portion node portion total up to 8 hex digits 12 hex digits = 20 hex digits 4 Bytes 6 Bytes = 10 Bytes (1/2 Byte per hex) 32 bits 48 bits = 80 bits (4 bits per hex) - By convention, leading zeroes in the network address are usually not shown. - The network portion of an IPX address is used, as with any L3 address, to route packets between networks. An administrator assigns the network number. - The node portion, however, is derived automatically by copying the devices L2 MAC address. This means every IPX address contains both L3 and L2 info.

- Automatic IPX addressing means workstations require no DHCP or manual configuration. - Because L2 addresses are already included within the logical addresses, there is no need for something like ARP to provide L3-to-L2 resolution. Pretty smart.

IPX ENCAPSULATION - Here we mean taking L3 IPX datagrams and framing them in L2 IPX frames for use on Ethernet, Token Ring, or FDDI. - Because of Novell changes through the years, these L2 frames come in four incompatible frame types for Ethernet, two for Token Ring, and three for FDDI. For example, the fields in the four different IPX Ethernet frames look like this: Ethernet_802.3 802.3 IPX Ethernet_802.2 Ethernet_II Ethernet_SNAP 802.3 802.2 LLC IPX IPX 802.2 LLC SNAP IPX

Ethernet 802.3

See why its a problem? Cisco has five different names for the frame types, thus: NetWare name Ethernet_802.3 Ethernet_802.2 Ethernet_II Ethernet_SNAP Token Ring Token Ring_SNAP FDDI_SNAP FDDI_802.2 FDDI_RAW Cisco name notes

novell-ether used in NW3.x; default for Ethernet sap arpa snap sap snap snap sap novell-fddi default for FDDI default for Token Ring for NW4.0; most common (says Cisco) the best if using both TCP/IP and IPX

- On a serial interface, the default encapsulation remains Cisco proprietary HDLC. - Each frame type in use on a network segment constitutes a separate virtual IPX network with its own, unique IPX network address and its own broadcast traffic. - To display frame types and IPX network IDs in use on a NW server, type CONFIG on that server.

Part B: HOW TO DO IPX, ROUTER-WISE IPX SETUP - Two parts to IPX setup: enabling IPX routing and enabling IPX on an interface. - Cisco HDLC remains the default encapsulation method for each serial interface. (config)# ipx routing - automatically starts RIPIPX (config)# ipx network <network_ID_#> encapsulation <frame_type> secondary encapsulation <frame type> is optional (see default types in above table) secondary (also optional) indicates this command is an additional configuration with yet another frame type to use, rather than just a reconfiguration of the interface. - Some examples of the above command: (config)# ipx network 20 (config)# ipx network 20 encapsulation sap secondary - A warning about the secondary command: Although multiple frame types can be configured on a single segment (to support different generations of Novell, say), this can be a lousy idea because each frame type generates its own, added broadcasts. You can avoid multiple frame types by making subinterfaces, instead. ipx maximum-paths <1-64> - enables round-robin load sharing over several equal-cost paths ipx per-host-load-share - always sends traffic for a specific host via the same path when load sharing IPX DIAGNOSTICS show ipx route a table of routes to all reachable IPX segments, with ticks & hops. show ipx interfaces gives a long list: L1/L2 up/down stats, IPX addresses with encapsulation type, and other IPX settings, mostly about access lists (chapter IX). show ipx interface e0 Same as above, but for only a single interface. show interface e0 DOES NOT SHOW IPX ADDRESS! show protocols lists 3 things: routed protocols, L1/L2 up/down stats, and IP and IPX addresses (with IPX encapsulation type, except on subinterfaces). show ipx servers displays the accumulated SAP table info, including all known servers and their offerings. show ipx traffic shows the number and type of IPX packets transmitted (both RIPIPX and SAP traffic). debug ipx routing activity displays routing updates as they occur debug ipx sap activity displays SAP updates as they occur Once you have the IPX address of a remote router (using show cdp neighbor detail or show cdp entry * or by Telnetting into it), you can ping that address three ways: ping <ipx_address> (although that wastes time trying to ping via IP, first) ping ipx <ipx_address> or, for more details, ping ipx <ipx_address>

CHAPTER IX ACCESS LISTS (3 questions) - Access lists limit packets to specified segments for improved operation and simplified traffic patterns, as well as limiting access for improved security. - IP and IPX lists work similarly. - Inbound means from segment to router, whilst outbound means from router to segment. Lists are applied specifically to traffic of one direction or the other. - IP and IPX lists are either standard or extended. Standard lists filter only by source address or destination address (IPX, only). - Extended lists can filter by source address destination address L3 protocol field (IP, TCP, & UDP in IP lists; SAP & SPX in IPX lists) IP port number (or IPX socket number) - Lists are first created, one test at a time. They are then applied to an interface. - As you build a list, each new test is appended to its end. The sequence matters! - De-apply a list with no ip access-group 1 in, then delete it with no access-list 1; to kill just one test, type the whole line (no access-list 1 and remaining parameters). - Apart from that method, lists cannot be edited in the Cisco IOS but the results of show running-config or show access-list can be copied to a text editor and changed. - Only one list per protocol or per direction may be placed on an interface. - SYNTAX NOTE! access-list to create; ip access-group (or ipx ) to apply! OPERATIONAL RULES - The tests in a list are always considered sequentially. - Once a packet finds a permit or deny match, that action is taken and no further testing of that packet occurs. - Each list ends with an implicit deny everything else statement. - Lists filter only traffic from other routers, not traffic originating in their router. LIST CONSTRUCTION GUIDELINES - Place the most specific tests first. - Apply standard lists as close to the destination as possible. - Apply extended lists and SAP filters close to the source to reduce network traffic. - If no permit statement is included, no packets will pass. (Duh!) - Unless you end a list permit all others, any traffic not passed will be discarded. - Slap an access list onto a port with only narrow permissions and you can unwittingly block a lot of traffic. ID NUMBER RANGES FOR ACCESS LISTS 1 99 100 199 200 299 300 399 400 499 IP IP Protocol Type Code DECnet XNS standard standard extended

500 599 600 699 700 799 800 899 900 999

XNS AppleTalk 48-bit MAC Address IPX IPX

Extended

Standard Standard Extended SAP Extended

1000 1099 IPX 1100 1199 48-bit MAC Address

1200 1299 IPX Summary Address Extended

STANDARD IP LISTS (config)# access-list <1-99> <deny/permit> <source_address> <1-99> is the list ID number. <source_address> can appear in the following formats: host <ip_address> host is the default command & may be eliminated: access-list 1 deny host 172.16.30.2 - OR access-list 1 deny 172.16.30.2 - deny traffic from this specific host <ip_address> <wildcard> adds flexibility to the above. In the wildcard each 0 means consider the corresponding octet in the IP address, and each 255 means ignore the corresponding octet. Be as specific as you like: access-list 1 deny 172.16.30.2 0.0.0.0 - deny traffic from just this host access-list 1 deny 172.16.30.0 0.0.0.255 - deny traffic from all hosts in network segment 172.16.30.0 access-list 1 deny 0.0.0.0 255.255.255.255 - deny traffic from any source (In the address, an ignored octet can contain any digits but is usually filled with a zero, by convention.) any similarly means, consider packets from any source, as in access-list 1 deny any - deny packets from any source hostname <name> specifies one host: access-list 1 deny hostname RouterB - Each additional access-list command adds another test line to the specified list. - The command (config-if)# ip access-group <1-99> <in/out> applies the specified list to this interface. For example: (config-if)# ip access-group 1 in IP LIST WILDCARDS USING BLOCKS - Rather than considering an entire octet with a 0 or ignoring it with a 255, you can opt to consider blocks of 4, 8, 16, 32, or 64 addresses within an octet by using the corresponding wildcards 3, 7, 15, 31, or 63, respectively. For example, in access-list 1 deny 172.16.32.0 0.0.7.255 the numeral 7 means deny 172.16.32.0 through 172.16.39.0. This is the block of eight network addresses from 32-to-39 because the wildcard to consider eight addresses is the number 7 and the starting address given in the corresponding (third) octet is 32. -The starting address (32, in the above example) must be always a multiple of the block size. Here the block size is eight and because 32 is, in fact, a multiple of eight, everything is proper. Hint: as a quick check, this rule means the starting address must be always a multiple of four, the smallest possible block. You cant start a

block at a value of 39, for example, nor can you start a block of 64 addresses with the value 40. (But you can permit a block of 64 and then deny little blocks of 4 within it!) VTY (Telnet) ACCESS CONTROL (config)# access-list <1-99> <deny/permit> <source_address> - Telnet lists are applied like other lists, but with slightly different commands: (config)# access-list 1 deny 172.16.30.2 - creates the access list (config)# line vty 0 4 - shifts to the Telnet line-specific prompt (config-line)# access-class 1 in - applies the access list to that Telnet line EXTENDED IP LISTS (config)# access-list <100-199> <deny/permit/dynamic> <destination_address> <option> <port>

<protocol>

<source_address>

<dynamic> signifies a dynamic list of permits and denies. <protocol> is a protocol sufficiently high up the OSI model to act upon the port number youll specify. Its typically TCP or UDP, because IP, ICMP, &c. even though theyre legitimate choices cannot filter on L4 port numbers! <source_address> can appear in the following formats: host <ip_address> as above <ip_address wildcard> as above any as above <destination_address> can appear in the following formats: host <ip_address> as above <ip_address> <wildcard> as above any as above eq equal to the specified port number gt greater than the specified port number lt less than the specified port number neq not equal to the specified port number range within the specified range of port numbers <option> can appear in the following formats: eq equal to the specified port number gt greater than the specified port number lt less than the specified port number neq not equal to the specified port number range within the specified range of port numbers established allow to pass (usually) if using an already-established connection fragments check fragments log logs list #, protocol, source/dest. addresses, & port for any matches log-input same as log also including input interface precedence match packets with given precedence value tos match packets with given TOS value <port> application port, either by name (telnet) or number (23) access-list 100 deny tcp any host 172.16.30.2 eq 23 log - deny tcp packets from any source to host 172.16.30.2, specifically those for ports equal to 23; log any hits access-list 100 permit ip any any - permit remaining ip packets from any source to any destination ip access-group 100 out - applies the specified list to this interface IP LIST DIAGNOSTICS

show access-list - shows all lists by ID number and their configurations but does not show the interface to which a list is applied show access-list <id#> - same, but for a specific list, only; also does not show the interface to which applied show ip access-list - shows only ip (standard and extended) lists, in detail show ip interface - shows which interfaces bear which lists show running-config - shows all lists and the interfaces using them Continued on page 14 with STANDARD IPX LISTS CHAPTER X WANs: When Ethernet Just Doesnt Cut It (6-10 questions) CONNECTION TYPES leased serial line (a.k.a. point-to-point dedicated line): - synchronous serial (a direct, precisely timed digital link between 2 machines) - always connected; no call & setup needed; you dont share the wire - expensive but the best for constant, high-speed traffic - 45Mbps, max. packet-switched (e.g. X.25 or Frame Relay): - line remains open into a cloud network of switches used by many clients - best for occasional burst transfers - cheaper alternative to leased lines if youre not constantly transmitting - ATM, using equal-sized 53-Byte packets or cells, is called cell-switched circuit-switched (e.g. ISDN or POTS/PSTN dial-up): - asynchronous serial (PPP dial-ups) or synchronous serial (ISDN) - connected only when needed (usually by a call through telco copper circuits) - offers the lowest bandwidth of the three types - toll networks are ones using the public switched telephone network (PSTN) TELECOM CONNECTION TERMS

DCE (the mechanisms & links of the network portion)

CPE
DTE CSU/ DSU

CO POP

DEMARC LOCAL LOOP

DCE = data communications equipment DTE = data terminal equipment; a router or PC CPE = customer premises equipment; the stuff on-site, no matter who owns it DSU = data service unit; the T1 adapter & timing device, usually combined with the... CSU = channel service unit; the digital connector CO = central office, the providers nearest point-of-presence Demarcation (Demarc) = point (equipment closet) where the CPE and Local Loop meet SUMMARY of WAN PROTOCOLS (except DSL, which is too new) HDLC (High-level Data-Link Control developed from the 1970s, onward): - provides L2 encapsulation & error-checking for point-to-point links on synchronous serial lines.

- used over leased-line, circuit-switched, or packet-switched networks - L2 and a bit of L1 - bit-oriented - uses frame characters and checksums - does not permit authentication - comes in many flavors; Normal Response Mode is an ISO-standard, BUT - It does not identify the L3 protocol it encapsulates, THEREFORE - Each vendor (Cisco included) has a proprietary identification method for an encapsulated L3 protocol, making different vendors HDLCs incompatible. - The generic, ISO version of HDLC is used by PPP (only place youll see it). - Cisco HDLC is the default encapsulation for serial interfaces on Cisco routers. HDLC History: IBM made SDLC (Synchronous DLC) in the mid-70s as part of its System Network Architecture for mainframes. Everyone copied it. First the ISO made HDLC to give L2 framing to other networks. Now HDLC has several variants: theres NRM for SDLC users and the ITU-T bureaucrats in France made LAP for early X.25 users, LAPB for current X.25, LAPD for ISDN D-channels, and LAPM for modems. The IEEE built their 802.2 specs on it and many vendors, Cisco included, have their own flavors. Fun, huh? X.25 (1970s): - hooks DTE gear to DCE networks via a Packet Assembler/Disassembler (PAD) - ITU-T precursor to Frame Relay; not great for voice, video, or bursty traffic - used over packet-switched networks - the L3 component of the stack is called PLP (Packet Level Protocol) - uses LAPB for L2 functions; uses the X.121 international addressing standard LAPB (Link Access Procedure, Balanced actually HDLC-LAPB; 1980s): - an HDLC variant providing heavy error-checking for DTE-DCE connections - L2 and a bit of L1 - connection-oriented - bit-oriented - was developed as part of the X.25 stack but can stand alone - some overhead due to strict time-out and windowing requirements - an alternative to HDLC-NRM for error-prone connections ISDN (Integrated Services Digital Network 1970s and 1980s): - L1, L2, and L3 - used on ckt-switched networks like the plain old telephone system (POTS) - synchronous serial; 100% digital from end-to-end - like dial-up but in digital format with immediate connections & higher speeds - can carry voice plus data, video, audio, large files, &c. - good for infrequent, high-speed transfers - a good alternative when youre too far from a CO for DSL signals to reach - a back-up method to Frame Relay or a T1 leased line; good for branch offices - a suite of protocols designed by ITU-T telco bureaucrats, so it has weird terms - often uses PPP for encapsulation, maintaining link integrity, & authentication - for encapsulation it can use PPP, HDLC (default on BRI interfaces), or LAPB - supports most every type of upper-layer protocol PPP (Point-to-Point Protocol late-1980s):

- provides fake Ethernet L2 encapsulation for L3 contents over a modem or serial point-to-point link, either router-to-router or host-to-network - mostly L2 with a L1 component - used mostly over circuit-switched networks, either on asynchronous (dial-up) or synchronous (ISDN) links - uses generic HDLC but uses NCP to identify the L3 protocol it encapsulates - features PAP or CHAP authentication - Its an ISO-standard means of identifying encapsulated L3 info, so it can be used to connect proprietary formats. - the successor to SLIP (Serial Line Internet Protocol) since the late 1980s Frame Relay (a child of X.25; late-1980s): - replaces Ethernet, & other LAN frames with Frame Relay frames for transparent transmission across packetswitched networks - L2 with some L1 functions - industry-standard - connection-oriented via private or switched virtual circuits (PVCs or SVCs) - originally designed for ISDN; now supports IP, DECnet, AppleTalk, IPX, &c. - NBMA (Non-Broadcast, Multi-Access): will not broadcast, so routers must copy routing protocols, &c. onto all VCs. All connected routers are peers. - uses only best-effort delivery; leaves any error checking to higher layers; less error checking = less overhead than old X.25, so it has better performance - excellent for bursty traffic if reliable connections; not great for voice or video - allows dynamic bandwidth allocation, congestion control, simple flow control - 56kbps to 2,078kbps A Word about Bit- vs. Byte-Oriented L2 Protocols: - Bit-Oriented protocols transmit frames regardless of content; may use single bits to hold control info; more efficient and trustworthy than Byte-Oriented; can run in full-duplex; e.g. SDLC, HDLC, LAPB, LLC, TCP, IP. - Byte-Oriented protocols mark frame boundaries with specific characters; need whole bytes for control info; generally superceded by bit-oriented protocols. The DETAILS to KNOW about PARTICULAR PROTOCOLS PPP - Its L2 portion has three parts: - NCP (Network Control Protocol), used to identify the L3 contents - LCP (Link Control Protocol), used to make/break connections; LCP provides: PAP or CHAP authentication Stacker or Predictor (for Cisco) compression Quality and Magic Number error-checking Multilink load splitting - generic (not proprietary!) HDLC, used to encapsulate L3 contents with no ID - Its L1 portion has one part: the EIA/TIA-232C (RS-232) serial link standard - PPP sessions are established in three phases: - a link establishment phase - an authentication phase - a network layer protocol (L3) phase - PPP authentication methods: (You can use one, not both.)

- PAP (Password Authentication Protocol); like it sounds, clear text authentication by the exchange of a password - CHAP (Challenge Handshake Authentication Protocol); a three-way handshake; much more secure than PAP CONFIGURING PPP: (config-if)# encapsulation ppp - turns on PPP for a serial link (config)# hostname Chicago - name it so it can identify itself when authenticating (config)# service password-config - option to encrypt the password you are setting (config)# username Atlanta password bozo - set the name of remote router and the password it must give; Note: both routers passwords must be identical (config-if)# ppp authentication chap - set authentication method; Note: if you then say ppp authentication pap, CHAP will be the default with PAP as a back up PPP DIAGNOSTICS: show interface s0 - gives PPP info, LCP status, as well as all the usual stuff debug ppp authentication - verifies your authentication setup More

FRAME RELAY (3 questions)


CHI-NY PVC
172.16.30.17 23 CHI
CO CO

172.16.30.1 s0.7 16 NY

17

NY-ATL PVC

24 X

CO

Frame Relay cloud of switches

42

= DLCI = CSU/DSU = FR Switch CHI-ATL PVC


41 ATL 172.16.30.18

- DTEs in FR connect via PVCs or SVCs. Every VC is labeled at either end with a Data-Link Connection Identifier or DLCI (DEL-see) numbered 16-1007. - FR is NBMA, so routers must copy broadcasts onto all virtual circuits but Split-Horizon rules stop routing info (except from RIP, IGRP, EIGRP, &c. in the IP suite) and service updates (IPX SPA/GNS) from coming and going via the same interface. Separate full-mesh connections between every router might be complex and expensive. Instead, subinterfaces can host many VCs, each with its own DLCI and L3 characteristics (IP address, &c.) on one physical interface. (config-if)# encapsulation frame-relay <type> enables FR on specified interface or subinterface and sets the encapsulation type used by the provider. The default type is cisco and its proprietary; ietf (Internet Engineering Task Force) is an encapsulation based on PPP and is for connections to non-Cisco equipment. - Create a subinterface (a common interface trick, not just a FR command) with (config-if)# interface s0.7 <link_type>. The two link types are point-to-point (only 1 VC connects to your interface; each connection needs its own subnet) and multipoint (several VCs connect; all FR interfaces use the same subnet).

(config-subif)# frame-relay interface-dlci <16-1007> applies a DLCI to a specific subinterface; required on point-to-point subinterfaces; optional on multipoint. - A Link (or Local) Management Interface (LMI) tracks and maintains the link from the router to the FR switch. It verifies flow, auto-assigns local or global DLCIs, and reports a circuit status as active, inactive, or deleted. The three LMI types are cisco (the default), ansi, and q933a. Since IOS v11.2, LMI type is autosensed but you can set it with (config-if)# frame-relay lmi-type <type>. - On multipoint interfaces only, IP or IPX addresses at the distant-end must be mapped to DLCIs at your end, either statically or (using Inverse ARP) dynamically. [See the examples below.] Static maps are more reliable because IARP sometimes makes nonsense mappings to unknown devices. FRAME RELAY EXAMPLE with STATIC MAPPING on ROUTER NY: (config)# int s0 - go to a serial interface zero (config-if)# encapsulation frame-relay - turn on Frame Relay (config-if)# int s0.7 multipoint - create a multipoint subinterface (config-subif)# no inverse-arp - turn off Inverse ARP (config-subif)# ip address 172.16.30.1 255.255.255.0 - set IP address on subinterface (config-subif)# frame-relay map ip 172.16.30.17 16 ietf broadcast - map Chicagos IP address to your DLCI 16; use IETF encapsulation for this subinterface because Chicago has non-Cisco gear; let broadcasts use this virtual circuit (config-subif)# frame-relay map ip 172.16.30.18 17 - map Atlantas IP to DLCI 17 (config-subif)# frame-relay keepalive <seconds> - set LMI keepalive (default = 10) - To use less-stable, automatic IARP mapping instead, enter only these commands: (config-if)# int s0.7 multipoint - create a multipoint subinterface (config-subif)# encapsulation frame-relay ietf - turn on Frame Relay, IETF type (config-subif)# ip address 172.16.30.1 255.255.255.0 - set subinterfaces IP address - FR switches can apply three congestion control methods: - DE (Discard Eligibility) bit: Less-important packets have the DE bit turned on so they may be dumped if congestion occurs. - FECN (Forward Explicit Congestion Notification) bit: Gets turned on as a warning to the destination if a packet encounters congestion along its trip. - BECN (Backward Explicit Congestion Notification) bit: Gets turned on in a special packet sent back to the source as a warning. - CIR (Committed Information Rate): A providers guaranteed minimum rate with faster speeds possible if traffic is light. Low CIRs mean more packets are dispensable, with their DE bits set to on. FRAME RELAY DIAGNOSTICS: # show frame-relay <x> where x= ip, route, traffic, or, more importantly, lmi shows type, errors, LMI traffic details pvc stats for PVCs (up/down) & DLCIs, including BECN and FECN counts map L3 address-to-DLCI number mappings, static/IARP mapping, LMI stats # show interface s0 - line, protocol, LMI type, and general LMI stats # debug frame-relay lmi - shows if router and switch are sharing correct LMI info

ISDN (2-3 exam questions; expect definitions) - ISDN has an alphabet soup of component labels. In North America/Japan:
V
ET

U TE1 LT

NT1 module inside the TE1

ISDN switch cloud V


ET

NT1

NT2

S TE1

LT S
T A

R TE2

In Europe & Australia:

S/T TE1

ISDN switch cloud (NT1 stuff inside) S/T


T A

R TE2

TE1 (Terminal Equipment, type 1): an ISDN-ready device TE2 (Terminal Equipment, type 2): an ISDN-stupid device; no ISDN capability NT1 (Network Termination, type 1): handles L1 ISDN specs; part of the carrier network outside North America/Japan but here packaged as a separate box (a type of CSU/DSU) to connect to our primitive ISDN networks NT2 (Network Termination, type 2): handles L2 & L3 ISDN specs; Lammle says they are usually provider equipment (like a switch or PBX) and only rarely seen as CPE gear. I think hes clueless about NT2s because other sources show them as in my picture (above) and they say an NT2 is often integrated with an NT1 into a single box. (Maybe thats why Lammle didnt see them.) TA (Terminal Adapter): often incorrectly called an ISDN modem; the wire-converter thingy you must stick in front of a TE2 to get it to play ISDN games. LT (Line Termination): a physical connection point into the telco network ET (Exchange Termination): the telcos ISDN switch, the first one in the cloud R reference point: between a TE2 and its TA; 2 wires S and T reference points: Supposedly, an NT2 connects to CPE gear by an S and to an NT1 by a T. Sybexs diagrams show no NT2s, so I made my picture from other sources. We can say for sure 1) S & T are electrically and functionally equivalent, so their names often get combined and B) they must be the same as

the 4-wire connections between European NT1s and TE1s/TAs, because thats where theyre always pictured. Helpful? I didnt think so. U reference point: between DCE (meaning telecom) line termination equipment and NT1s (only in North America and other ass-backward zones); 2 wires V reference point: between ET and LT; I have no idea how many wires it has. ISDN protocols starting with... - E deal with ISDN use over existing phone systems - I deal with concepts, aspects, and services (Could you be more vague?) - Q deal with switching and signaling BRI (Basic Rate Interface) 2B (bearer) + 1D (data) channels, total 128kbps B = data @ 64kbps D = control & signaling @ 16kbps PRI (Primary Rate Interface) In North America: 23B + 1D channels (a T1), total 1.544Mbps In Europe, Australia, &c: 30B + 1D channels (an E1), total 2.048Mbps B = data @ 64kbps [Since 1k=1024 and 1M=1024k, I know the above D = control & signaling @ 64kbps totals dont add up but try not to worry about it!] How ISDN connects: Router connects D channel to near-end ISDN switch; switch sets path to distant-end switch via SS7 signaling; distant-end switch connects D channel to remote router; B channel(s) are connected from end to end. - Use (config)# or (config-if)# isdn switch-type <keyword> to configure the correct ISDN switch type, where the keyword tells the manufacturer and switch type. Basic-5ess = an AT&T basic rate and Basic-ni1 = a National ISDN-1 switch. - BRI interface hookups may require you use isdn spid1 <spid> <local_dial#> and isdn spid2 <spid> <local_dial#> to configure the SPID (Service Protocol ID like an account number) for each B channel to let your equipment talk to the ISDN switches. The local dial number may or may not be required. - A full ISDN PRI setup goes: isdn switch-type <keyword>; controller t1 <slot/port>; framing esf; linecode b8zs; pri-group <timeslots/range>. (So Im told.) More

DDR (Dial-on-Demand Routing) for ISDN or DIAL-UP - for low-volume, occasional connections via POTS/PSTN (dial-up or ISDN) - connects when interesting packets dictate; breaks when idle time-out ends. - First, set up a static route (so routing protocol traffic wont keep you connected): (config)# ip route 172.16.50.0 255.255.255.0 172.16.60.2 - get to 50 via 60.2 (config)# ip route 172.16.60.2 255.255.255.255 bri0 -get to 60.2 via bri0 - All participating routers require full static route knowledge of the network. - Default routing can be used on stub networks (only one outlet to other networks). - Next step, specify the interesting traffic with a dialer-list command: (config)# dialer-list 1 protocol ip permit - List 1 says, all IP traffic is interesting. (config)# int bri0 - choose the interface (config-if)# dialer-group 1 - apply List 1 to the specified interface - Last step, configure the dialer: (config-if)# ip address 172.16.60.1 255.255.255.0 - assign the interface an IP address (config-if)# no shut - turn the interface on

(config-if)# encapsulation ppp - select an encapsulation type (config-if)# dialer-string 8350661 - set up the number(s) to dial OR (config-if)# dialer map ip 172.16.60.2 name Chicago 8350661 - map the number(s) to dial, which is more secure. (This method uses the IP address of the next hop router and the hostname of the remote router for authentication.) - To tell the dialer when to bring up the second B channel, type (config-if)# dialer load-threshold <1-255> <in/out/either>, where 1-255 is the relative load level and the direction tells which traffic you want used as a trigger. The default is to monitor outbound traffic. - To set the idle disconnect time for calls, use (config-if)# dialer idle-timeout <seconds> The default is 120 seconds. - You can extend the interesting list by pointing it to an access list: (config)# dialer-list 1 list 100 - Use access list 100 to define dialer list 1. (config)# access-list 100 permit tcp any any eq smtp - add to access list 100 (config)# access-list 100 permit tcp any any eq telnet - add to access list 100 (config-if)# dialer-group 1 - apply the dialer list to the specified interface - Note: The access list is created but not applied anywhere. The access list may be of any type, 1-1299. ISDN & DDR DIAGNOSTICS: ping or telnet - make sure ping and Telnet are designated interesting so the link comes up when you try to use them! show dialer - gives diagnostic info for all the above dialer commands show isdn active - shows the number called, if a call is in progress show isdn status - used before dialing to check SPID validity; confirms L1, L2, & L3 are talking to the providers switch show ip route - displays all the known routes debug isdn q921 - gives L2 info, only (Remember those Q protocols?) debug isdn q931 - gives L3 info (including call set-up & tear-down) debug dialer - display call set-up/tear-down activity as it happens isdn disconnect interface bri0 - hang up the specified interface; this is the same as shutting down the interface with (config-if)# shutdown APPENDIX B The CATALYST 1900 SWITCH, related to switching, pg 5 - 1900 switch passwords must be from 4 to 8 characters long (not case-sensitive). - Switch ports are labeled by type slot/port (e.g. ethernet 0/16, or fastethernet 0/26). Small switches have only slot zero. Use (config)# int e0/16 to configure port 16. FIRST, CREATE YOUR VLANs (config)# hostname MySwitch - names the switch (config)# vlan 2 name sales - creates and names VLAN 2 (config)# vlan 3 name marketing - creates and names VLAN 3 (config)# vlan 4 name tech - creates and names VLAN 4 - Then map them to ports: (Only static mapping is on the exam.) All ports are initially mapped to VLAN 1, by default; only one VLAN is allowed per port: (config)# int e0/2 - go to Ethernet port 2 (in slot 0) (config-if)# vlan-membership static 4 - map only one VLAN; repeat for other ports # sh vlan gives names, status, port mappings # sh vlan 2 as above, plus type, SAID, MTU, parent, ring#, bridge#, STP, &c.

# sh vlan-membership - list each port, its VLAN, and whether static or dynamic PUTTING MULTIPLE VLANs through ONE PORT by TRUNKING IT Add ALL the VLANs to a trunked port and set how it deals with the device plugged into it: (config-if)# trunk <option> where option is one of the following: auto do trunk mode if the other device is on or desirable desirable negotiate trunk mode if other device is on, desirable, or auto on permanent trunk port; negotiate conversion to trunked mode nonegotiate permanent trunk port; dont negotiate off no trunking; try to convert other device to be on-trunk, too

- To selectively remove a VLAN from a trunked port (for security, broadcast, or routing update issues): (configif)# no trunk-vlan 5 - repeat for each VLAN to kill - Multiple ports can trunk. Each is identified with a letter. Verify trunking with # sh trunk (for all trunking ports) or # sh trunk <letter> (for specific ports) and # sh trunk <letter> allowed-vlans to see remaining VLANs after some are removed. Key Terms: auto duplex: duplex is set automatically; dynamic entries: a L2 or L3 address table built dynamically; port security: frame restrictions on switch ports; set-based: the older CLI for Cisco switches, as opposed to newer IOS-based types. CHAPTER VII BOOT-UP & CONNECTIVITY TOOLS, continued from pg 9 TWO WAYS TO RESOLVE HOST NAMES to IP ADDRESSES: HOST TABLES: ip host <name> <tcp_port#> <ip_addresses_1-8> The default port number for TCP is 23 (so you can skip it) and you can list up to 8 IP addresses: (config)# ip host Atlanta 172.16.10.2 (config)# ip host Chicago 192.168.0.148, &c. To view your table, type # sh hosts. Manual entries will say perm; DNS entries will say temp. Verify with ping. - To remove an entry, type no ip host Atlanta. DOMAIN NAME SYSTEM (DNS): The IOS assumes you want to use DNS any time you type an unknown command. It looks for your typed gibberish in its hosts table, thinking you might be naming a device you want to Telnet to. To turn this feature off, use no ip domain-lookup. - To set up DNS: Turn it back on with (config)# ip domain-lookup. (What? You thought you could leave it off?) (config)# ip name-server 192.168.0.70 points to your DNS server. (6 servers, max.) (config)# ip domain-name mycompany.com (optional) appends this domain name any time you type the name of a host. This is a good idea because DNS demands FQDNs (Fully Qualified Domain Names) to operate. View your host table with # sh hosts. Test with ping. PINGing and TRACEing - Ping requests ICMP echo packets from a target; Trace uses TTL (time-to-live) values from each router it meets to send back a list of hops along the way. - Both ping & trace work with many protocols. To specify a particular protocol, type ping <protocol> <target>. Same syntax for trace: trace <protocol> <target>. TURNING OFF DEBUG undebug ip <specific debug command> or no debug all or undebug all or just un al

CHAPTER IX ACCESS LISTS, continued from pg 11 STANDARD IPX LISTS (config)# access-list <800-899> <deny/permit> <source_ipx_address> <destination_ipx_address> For example: (config)# access-list 800 permit 20 40 - creates the list (config-if)# ipx access-group 800 out - applies it to the specified interface - The wildcard -1 when used in either the source or destination address fields means any host or network. EXTENDED IPX LISTS (config)# access-list <900-999> <deny/permit> <protocol> <source_ipx_address> <source_socket> <destination_ipx_address> <destination_socket> IPX SAP FILTER LISTS - Must be placed on all participating routers! - INPUT lists stop specified SAP traffic from updating the routers SAP table. - OUTPUT lists stop specified SAP updates from being sent by the router. (config)# access-list <1000-1999> <deny/permit> <source_ipx_address> <SAP_server_name> <source_ipx_address> can appear in the following formats: <0-FFFFFFFF> network ID, only <N.H.H.H> fully specific source address (both network and host) 1 indicates any network. (Note the minus sign.) <service_type> can appear in the following formats: <0-FFFF> service code: 4 = file server, 7 = print server, 24 = router <N.H.H.H> mask for specific source address 0 indicates all services. (config)# access-list 1000 permit 9e.6666.7777.8888 4 sappy_serv - creates the list (config-if)# ipx input-sap-filter 1000 - applies it to specified interface; note hyphens! IPX LIST DIAGNOSTICS show ipx interface - shows IPX address, applied lists, SAP filters for all interfaces show ipx access-list - shows lists in detail (with all Fs instead of wildcards) (See IP LIST DIAGNOSTICS, above, for show access-list, & other options.) * END *

<service_type>

SPECIAL BONUS PAGE: 10 things you should immediately dump onto your scratch paper as your exam begins (like, before you forget them). 7 6 5 4 3 All People Seem To Need Application Presentation Session Transport Network Data

Segments Packets

2 1

Data Processing*

Data-Link Physical

Frames Bits

(* Or whatever works for you.) CORE DISTRIBUTION ACCESS FTP Telnet SMTP DNS HTTP 1-126 128191 C 21 23 25 53 80 A B

192223 stolen bits 1 2 3 4 5 6 7 8 mas k .128 .192 .224 .240 .248 .252 .254 .255

magic # 128 64 32 16 8 4 2 1

host network s s 126 0 62 30 14 6 2 0 0 2 6 14 30 62 126 254

source connected interface static or default route

AD 0 1

IGRP RIP

100 120

2 1 0 2

0 = ROM monitor mode (no IOS) 1 = boot an IOS image from ROM 2 = use the IOS specified in NVRAM (default) 0 = use CF (default); 4 = ignore CF

Novell Ethernet_802.3 Ethernet_802.2 Ethernet_II Ethernet_SNAP

Cisco novell-ether (default) sap arpa snap

1 99

IP

standard extended

100 199 IP

800 899 IPX standard

ISDN switch cloud V


ET

U LT

NT1

NT2

S TE1

S
T A

R TE2

FILL-IN-THE-BLANKS PRACTICE SECTION: 7 6 5 4 3 2 1 3 Cisco layers

protocol

port #

range

class A B C

stolen bits 1 2 3 4 5 6 7

mask

magic #

hosts

networks

source connected interface static or default route IGRP RIP 0= 1= 2= 0=

AD

_ _ _ _

Novell

Cisco (default)

IP IP

standard extended

IPX standard
ISDN switch cloud

S-ar putea să vă placă și