PREPAIRED BY TAYYAB

CCNA Preparation Notes

Tayyab S Sheikh 1/4/2012

Networks
Perform two tasks Interconnects nodes Establishes Communication

2 Types of Devices exist within a Network End Device Intermediate Devices

Data Networking
System Admin: Deals with End Devices, hardware / software Network Admin: Intermediate Devices and Operating System CCNA CCNP deal with Network Administration Intermediate Device Vendors Cisco, JunIPer, D-Link, Etc Cisco operating system: Internetwork operating system or IOS JunIPer Operating system: JunIPer operating system or Jun OS

OSI Model
Application Layer
It is there to support Applications works at the back end of applications, It Presents data to Applications. it will differentiate between .doc and .jpg file and forward to relevant app to handle it. But apps do not fall under this layer. i.e Http.

Presentation Layer
This layer will take data and make it uniform. In other words all data becomes same it is no longer in the format of .jpg or .doc etc (Think encryption)

Session Layer

The session Layer initiates, coordinates and terminates communications between applications of both computers. It works like telephone operators who used to establish and disconnect international phone calls in the past

Transport Layer
This layer handles Data segmentation, Flow control, Error control of sessions established between the two computers TCP UDP belong to this layer 1. Data Segmentation or data fragmentation 2. Flow control 3. Error Control

Network Layer
It creates logical path (virtual circuits) IP : Internet Protocol belongs to this layer, Data is converted into Frames. Works like a post Office. It has two main tasks: Sorting (routing) Distribution (routed)

All devices which belong to network layer is a network device i.e laptop, router, MLS (L3 switch)

Data Link Layer

Data packets are encoded and decoded into Bits. Physical type of transmission (i.e Wi-Fi, Ethernet, etc), corruption of data and error detection (CRC Cyclic Redundancy Check) are handled in this layer. EMI or Electromagnetic Interference is the main reason for data corruption. Switches belong to this layer.

Physical Layer
Data transforms into energy to transmit over any network. Only involves hardware no software is a part of that device. I.e all cables and connectors fall under this layer. Hub

Routing
Routing defines the best path to reach a destination. Routing can be performed in two ways static routing and dynamic routing. Dynamic Routing: If routing is performed by protocols such as OSPF (Open Shortest Path First), RIP (Routing Information Protocol), EIGRP (Enhanced Interior Gateway Protocol) Static Routing: If routing is performed by network administrator

Routed
Is always dynamic, therefore protocols are known as routed protocols. Routed protocols distribute data across network. General Notes: Bandwidth equals Link Throughput Data Rate Bandwidth clock rate

Clock Rate is the Device capacity of throughput which is set by the Internet Service Provider Protocol = Rules and Regulations IP = Internet Protocol : It dictates Internet (Rules and regulations that control internet)

Note: IP and IP address are two different things. IP address is a part of IP (IP is a routed protocol, IP address is an identifier of a network device.)

Dynamic V.S Static

Note: IF a task is performed by the administrator it is static If any task is performed by a protocol it is dynamic HTTP uses TCP Misplaces / corrupt fragments are retransmitted by TCP

MTU
: Maximum transmission Unit, size in bytes of the largest data unit (packets, frames, fragments) that can pass through

Modes of communication (Communication Types)

1- Connection Oriented Communication 2- Connection Less Communication Connection Oriented Communication: Protocol is TCP Sender receives acknowledgement from receive (destination) Reliable Communication Slow method of communication Processor intensive

Connection Less: Protocol is UDP No acknowledgement Fast Unreliable Uses less resources (as network is not congested with acknowledgements)

TCP and UDP TCP: Transmission Control Protocol, i.e HTTP, etc

UDP: User datagram protocol (Its uncontrolled), i.e Live applications, voice chat, video, audio, DHCP

Types of Network Devices

Router
Router is a layer 3 device that can compute down to layer 1 including physical, data link and network. Router is a unicast device. It has a database that saves the best path of each node on the network its called a routing table. If a router has the destination address of destination node in its routing table then it unicasts to the destination node. If no path is found the packet is discarded. This behavior is for data transmission. Multicast and broadcast is used to create routing table. A router has both LAN and WAN ports. Only routers can work in WAN topology. Ethernet standard Speed: 10 Mbps Fast Ethernet : 100 Mbps Giga-net : 1000 Mbps 10 Giga : 10 000 mbps

Switch
Switch is a layer 2 device and can computer up to data link layer including physical layer. It Creates Switching table in its data base which has possible paths to destinations. If a path is found to destination node it is unicasted. If no path is found in switching table the switch broadcast the frame to all destinations. Switch can broadcast and unicast Multicast can be performed by all intelligent devices i.e layer 2 and 3 devices. This has to be done statically. Hub and switch can perform similar task. Depending on budget installation of hub and switch are chosen.. Hub is the cheaper option. However switch is a lot smarter but more expensive as well. Network layer (router) Packet Data link (switch) Physical layer (hub) Frame Bits

Three types of casting Unicast

Broadcast Multicast

Unicast- means 1 to 1 casting (communication) Broadcast- 1 to all communication Multicast 1 to a specific group communication Multicast is a parent concept of broadcast. Therefor Broadcast is a type of multicast.

MLS vs Router
MLS or router are used to establish communications between 2 networks If the geographical distance is approx. 100m the device should be MLS. MLS can only run on LAN standard (Ethernet 802.3). MLS can connect two networks. It can unicast and broadcast like a switch. Hub or switch is used for communication within network. Decision of installing HUB or SWITCH is made on the following factors: Hub few users, security not an issue, low finance Switch inverse from hub

Difference between layer two switching and layer 3 switching Logical (IP) vs physical (mac) address: Layer 2 = mac address in switching table Layer 3 = IP address in routing table.

MLS has both switching table and routing table. On network communication is on mac address layer 2 switching is used. But between 2 networks routing table is used. MLS can be used within a network

ISP Equipment
CPE: Customer premises Equipment . V.35 serial cable goes from your router to CPE Switch has 24 ports

IP addressing
Decimal to binary conversion 128 64 32 16 8 4 2 1

Binary Operators
In binary following operators apply: Or = + (add) , Input 1 1 0 1 0 Input 2 1 0 0 1 OR 1 0 1 1 AND = x (multIPly), AND 1 0 0 0 XOR = - (minus) XOR 0 0 1 1

Maximum combinations in decimal 101 = 10 ( 0-9) 102 = 100 ( 00- 99) 103 = 1000 ( 000 99) Binary combinations Divide maximum number in first row into half you will get x, apply that to second row. Now take x and divide by 2, you will get y, apply y to third and so on 22 would be 4 divide that in half you get 2 (or x) divide that in half and you get 1(thats y) 100 101 110 111

IPv4
128 27 1 64 26 0 32 25 1 16 24 0 8 23 1 4 22 0 2 21 0 1 20 1

10101001 binary equals 169. All you need is the table above and 1 or 0 will work as placeholder. There are 256 decimal numbers in an 8 bit octet starting from 0 to 255. An IP address is made of four 8 bit octets. i.e 192.168.0.1 . is used as a separator between the octets 192.168.0.1 in binary would be

11000000.10101000.00000000.00000001 To make it human friendly we use decimal as it is easy to remember. But computers use binary not decimal. The 8 octets are divided into 2 groups the network portion of the IP address and the host portion of the IP address. The range of IP address is divided into 4 Classes ABC Class A B C Bits representing Network 10000000 10000000 11000000 Range of addresses 1 - 126 128 - 191 193- 223 Network Portion N.H.H.H N.N.H.H N.N.N.H Host Portion N.H.H.H N.N.H.H N.N.N.H # of Networks in class 27 = 128 214 = 16384 221 = 2097152 # of address per network 224 = 16777216 216 = 65536 28 = 256

IP address format: x.x.x.x each x can vary from 0 to 255 From 0.0.0.0 to 255.255.255.255 each 1 IPv4 address will be 32bit long or 4 byte. Octet each x is an octet. There are 4 octet in each IPv4 address. Left to right octet 1.2.3.4 2 to the power 32 is the maximum combinations allowed

Better IP Management
Classification of IPv4 addresses Use 1st octet of the address - 0 to 255 There are 5 classes in an IPv4

ABCDE A B AND C are reserved for unicast (first 3) A = Large Network B= Medium and C= small Class D reserved for multicast and E for research and testing A B C D E 1 to 126 128 to 191 192 to 223 224 to 239 240 to 250

Better IP Management A 1 to 126 0 res for default Routing,

Router by default unicasts or discards. It can also be manually configured to reroute an unknown destination to another router that will probably know the best path to destination 127 - reserved for Loop back testing. Echo message is sent after establishing a link to test this link. Echo message can be send through the command of ping. Source Node Destination node 1.1.1.1 is node 1, linked to 1.1.1.2 node 2, ping sends echo message from node 1 to node 2 Ping 1.1.1.2 and veritys the link is established. In case the ping msg does not return then you either have a problem at your side or the destination side to test yourself you use loop back testing 127.0.0.1. It does not require you to be connected to a network. It tests the software tools to verify if everything is working. Tcp/IP is a software with the collection of tools to communicate with other nodes and is installed by default. Loop back testing verifies that tcp/IP is working properly.

A B C

1 to 126: 128 to 191 192 to 223

N.H.H.H N.N.H.H N.N.N.H

N= 8 bit, H=24 bit N=16 bit, Host = 16 bit N= 24 bit, Host = 8 Bit

Network ID in IPv4 Address Network id means the network portion of the IP address. Host portion is replaced by 0, when considering network ID. Best path are defined for networks not IP addresses. i.e Routing table has network ids or in other words network path is in routing table.

Format will be written as (x.x.x.x/network bits) i.e 10.0.0.0/8 where 8 means network has first 8 bits

If distance is less and network is the same then you use Switch Note: IANA: Internet Assigning Number Authority

Prefix Length x.x.x.x /y here y is prefix length. Number of network bits is subnet mask. Subnet mask = 11111111.0000 0000.0000 0000.0000 0000.0000 0000. 255.0.0.0 is the subnet mask for class a Every device takes IP address AND Subnet mask = Network ID. i.e 200.50.60.70 its a class c address Class b = N 24 bit, H8 Subnet mask is 255.255.255.0 128 64 32 16 8 4 2 1 In binary AND means multIPly

Using above table to convert table IP in binary would be 11001000.00110010.00111100.01000110 subnet be 11111111.11111111.11111111.00000000

When both are multIPlied it will become. 11001000.00110010.00111100.01000110 which in decimal is 200.50.60.0/24 the /24 shows that it is a subnet mask Network has 200.100.50.1 . As the number of users is less therefore class c is used and each user is assigned an IP address Broadcast ID Used to send msg to all hosts in the network. 200.100.50.255 will be the broadcast ID network id would be 200.100.50.0 in-between broadcast id and network ID there are IP address. 200.100.50.1 to .50.254 Examples: 50.0.0.0/8 is class A First IP : 50.0.0.1 Network ID: 50.0.0.0/8 Broadcast id 50.255.255.255 Last IP 50.255.255.254 50.255.255.0 is a valid IP address 172.16.0.0/16 172.16.255.255 172.1.255.0 is an IP as it is neither the broadcast id not the network id Class A = 27 B = 214 C = 221

Host always has x -2 from total number in network

Class A IP Address
20.5.6.1 NET ID: N8, H24 20.0.0.0/8 /8 is the prefix

Broad cast ID. 20.255.255.255 First IP: 20.0.0.1 Last IP: 20.255.255.254 Subnet Mask: 255.0.0.0 2HOST BIT -2 is the formula to find host quantity i.e 224 -2

N.H.H.H Where 28 is theory and practical is 27 Class A formula for number of networks is 27 -2

Class B IP Address
Range: 128 - 191 N.N.H.H: N= 16 and H = 16 130.5.6.7 Network ID: 130.5.0.0/16 Broadcast Id: 130.5.255.255 1st IP: 130.5.0.1 Last IP: 130.5.255.254 Number of Host 216 -2 Number of Networks : 214 Subnet mask 255.255.0.0

Class C IP Address
Range : 192 to 223 IP address: 192.5.5.4 Network ID: 192.5.5.0/24 Broadcast id: 192.5.5.255 Host range: 192.5.5.1 to 192.5.5.254 Subnet mask : 255.255.255.0 All of the above are class full addressing

Rules:

Both nodes on the network must have the same network ID. I .e 1.1.1.1 or 1.2.5.6 Network id will be 1.0.0.0/8 for both WAN or LAN either case network ID must be same Switch does not run on IP addressing In router case LAN side will have the same network ID on both interfaces and WAN side with same network ID but this will be different than the one used for LAN.

Class-Less Addressing

A: 5.6.7.8 connected to 5.6.8.8 both with 5.0.0.0/8 as Network ID B 173.9.0.5 connected to 173.9.0.6, Network ID: 173.9.00/16 C: 200.50.60.70 to 200.50.60.71, Network ID: 200.50.60.0/24 Ethernet has two types: Routed and non-Routed Devices up to layer three have routed ports CCNA BASIC LAB DIAGRAM:

Link A: router to switch 1.1.1.100 fa0/0 of router 4 users 1.1.1.3, 1.1.1.2, 1.1.1.1, 1.1.1.4 starting from right then bottom then left Link C:192.168.5.100 fa0/0 of router to switch 192.168.5.8, 192.168.5.7, 192.168.5.6, 192.168.5.1 are IP of hosts from right, bottom, left WAN LINK with 2.1.1.1 connected to 2.1.1.2, Network ID 2.0.0.0/8 In this case 192.168.5.100 will be gateway for C network 1.1.1.100 will be gateway for switch connected to router A on Link A

Internet:
is a network of networks. No two networks can have the same network ID because if the ID is same then there is a chance that IP addresses will be the same as well

. In above scenario with 50 users you will choose a class c address you have 50 users and the remaining 204 will be wasted. Every IP address is purchased and hence cannot be wasted. A Large range of IP addresses are wasted in class full addresses

Class less IP Addressing

Subnetting Network portion increases and bits are borrowed from host. This concept belongs to classless IP addressing. Super-netting IF you increase the host portion by borrowing bits from network then this concept is called supernetting

Super-netting is done to perform Route summarization: Memory management in the purpose of route summarization

IMPORTANT

1. 192.64.32.0/24 is a Base id provided by ISP.( Base ID is an ID that you divide into subnets.) Convert into Binary 2. 1100 0000. 0100 0000. 0010 0000. 0000 0000 3. N.N.N.H. N=24, H=8 4. 2n = N N= Number of subnets ( new branches), n= Number of bits for sub netting (increment value in network portion) i.e 21=2 1 bit is what you need to add 2 new subnet

5. 1100 0000. 0100 0000. 0010 0000. 0000 0000 111 1111 1100 0000. 0100 0000. 0010 0000. 1000 0000 111 1111 to get Broadcast ID N= 25 H=7 Decimal will become: 192.64.32.0/25 192.64.32.127 x.x.x.1 to 126

192.64.32.128/25 192.64.32.255 x.x.x.129 to 254 Broadcast of 192.64.32.0/25 will be 192.64.32.127 255.255.255.128 Subnet mask for both networks.

After Sub-netting of a Network the base id is dissolved. When subnet mask comes in class full it is called subnet mask. In class less it is called Custom Subnet mask.

Cables
TP cable
It is used in Ethernet. Twisted Pair has a maximum throughput distance of 100 meter

Twisted pair
Twisted Pair has 2 types. UTP and STP. Unshielded and Shielded twisted pair. The foil used in STP is used as a reflector and reduces the effect of weather. STP is used for outdoor and UTP indoor.

CAT 3
Category 3: the flexible telephone cable which comes from box to phone . Always UTP. Has 4 wires connected to either side with a RJ11

EIA/TIA
Monitors cable standards throughout the world. Electronics industries alliance/Telecommunication industries association

Cat 5
It is used for data: In Ethernet and fast Ethernet

Cat 6
It can support upto 10 giga Ethernet Both cat 5 and 6 have 8 wires and RJ45 jack. Always in this sequence: 1 2 w/orange Orange

3 4 5 6 7 8

w/green blue w/blue green w/brown brown

3 types of cat 5/ cat 6 cables 1. straight through 2. cross over 3. roll over/ console

Types of Twisted Pair Wires and their Color Scheme

Straight through w/orange w/orange Orange orange w/green w/green Blue blue w/blue w/blue Green green w/brown w/brown Brown Brown Cross Over w/orange w/green Orange green w/green w/orange Blue blue w/blue w/blue Green orange w/brown w/brown Brown brown Roll over/console w/ orange brown Orange w/brown w/green green Blue w/blue w/blue blue Green w/gren w/brown orange Brown w/orange

4 are used for data transfer other 4 are now being used for power supply . POE or power over Ethernet 1, 2, 3, 6 are used in data w/orange orange w/green green

Types of Network Devices

There are 2 families of network devices: Family one Hub and switch Family two PC. Router, Mls, AP, etc The division of families is done on the basis of electric circuits. Receive and transmit behavior is also different. Intra family communication uses cross over. Inter family communication will use straight through Console cable used for configuration of router/switch which is connected into the console port of the device

The router and Pc etc perform the following

On wire 1 and 2 they transmit, on wire3 and 6 they receive 1 Tx +ev | 2 Tx -ev 3 Rx +ev | 6 Rx ev

Switch and Hub Family

1 and 2 receive 1 Rx +ev | 2Rx ev 3 Tx +ev | 6 Tx -ev Cisco uses Cisco xxx for its router only if it says cisco then its a router. Cisco 2500 series obsolete fixed ports Cisco 2600 obsolete here onwards its modular routers Cisco 2800 150 000 Rps Cisco 3600 Cisco 7200 So on 3 and 6 transmit

Cisco.com under products you can find more info on each series. There are 2 types of routers in cisco. Fixed port and modular RS232: are the standard ports on configuration ports not for communication purpose. Roll over with Console for local access

Basic Router Diagram

WAN Standards
HDLC
High level data link control: made by cisco is used when both routers are cisco. Two types of Networks: Point to Point and Multi Access.

Point to Point
Is the network in which a maximum of two interfaces are connected. Two IPs one network ID PPP protocol: Is a Point to Point protocol which is an Open standard.

Multi-access Network
In which two or more interfaces communicate with each other. Communication between one interfaces to multiple interfaces at one given time. Ethernet It is always Multi-access network. Frame Relay it is the multi-access protocol for WAN. It is an open standard. There is a frame relay switch

There are 4 standards HDLC Point to Point WAN. Cisco PPP Point to Point, WAN. Open. Frame Relay. Multi Access. WAN. Open. Layer 2 switching. Different branches same network. Ethernet: Multi Access. LAN. Open

We only need to know how to setup up to Router on our side. CPE and beyond is Service Providers Responsibility CPE devices can be wireless / wired You can Have CPE cards that can be installed in a Modular Cisco Router In any modular router there is no WAN Ports attached by default. You have to buy a separate WIC card (WAN Interface Card). WIC: can be 2T, 4T and 8T. 2T will have 2 WAN Ports. , 8T Will have 8 WAN Ports Now-a-days RS232 has been integrated into USB port. DB9 to USB is a converter cable that is now used into RS232 has the capacity (Baud Rate is the term used in RS 232) of: 9600 always. RS232 is also known as serial.

Architecture of Cisco Devices

Memory Architecture
RAM Read Access Memory, Volatile: The file that is made in cisco Devices RAM is called running-config. NVRAM Nonvolatile RAM (works like HD of computer). Configuration information is stored in this memory. File made in NVRAM is Startup-config ROM Read only Memory, Non Volatile. Mini-IOS is installed in this memory which works like (BIOS: Basic input output Operating System). FLASH Memory Operating system is in this memory IOS. Cisco 2800 and above now have flash in card which can be replaced. Routing table is in RAM as it is being updated at all times. When router is restarted it will delete the routing table. Static info and Protocol configuration is installed in NV.RAM CLI: Command Line Interface

GUI: Graphical Unit Interface 2 Main activities are there in CLI of cisco Configuration Verification/Examination/Monitoring

There are multiple command prompts/Modes in Cisco IOS. Some are used for Configuring others are used for monitoring, examination etc. First two command prompts are reserved for verification

Modes in Router:
1 User access Mode or User Mode
Router > Where router is the host name of the device, which is configurable. The > sign shows that it is in user mode The user mode has limited verification/monitoring capacity.

2. Enable/ Privilege Mode

We can completely monitor the device in this mode. You can Save, Copy or Write in this mode. We can also del/erase in this mode Verification has two commands: Show and Debug. These two commands can work in user mode as well. Real-time monitoring is done by Debug whereas show command will show already gathered info. Router# Where # indicates that you are in privilege mode Clock set is performed in enable mode Carriage Return <cr> indicates that the command is now executable and there is no further

Basic cisco Router configuration

Calendar Set command will set hardware clock. Whereas clock set will set the software clock. However hardware clock is not observed in any scenario.

3.Global Configuration Mode

R#Configure Terminal

This mode will have a global impact on router Ports are divided into two categories: Interface and Line. Data communication Interface Port Configuration Line Port

R#Hostname CCNA To configure Hostname this command is used, This will make Router name to CCNA We cannot access Startup Config and Running Config in User Mode. Exit command will bring one step back Show Running Config will show Running config. This has to be done in enable mode Show Startup-config will show file in NV.RAM, permanent memory Copy running-config startup-config will copy all values from ram to NV. Ram Enable Password password123: Command for Enabling Password to go from user to Enable/Privilege mode. This is known as enable password. This has to be done in Conf t Write is alternative to copy running-conf startup-config Disable to get out of en mode Password can be seen in two ways in clear text and encrypted. Enable Password can now be applied and stored in running-config and startup-config Enable password this will show in clear text in startup-config or running-config Enable secret will not show in clear text in startup-config or running-config Encryption method used by cisco is MD5 Message Digest 5 User-mode password is known as login password and user-access verification User-mode password will be placed in config t R1 (config)#Line console 0 will take you into line configuration R1(config-line)# password ccna123 will place a password ccna123

R1(config-line)# login will show the router that the place of asking password is at the time of login Both password xxx and login must be done To go back from any mode to enable mode we can press ctrl + Z keys which will take us back to enable mode. End is an alternative to ctrl Z NTP Network time Protocol is the protocol which will sync time throughout the network.

Erase has two stages: Portion or entire file. R1# erase startup-config will erase the entire file. Reload is a must after this command Alternatively R1# Write Erase will also erase Startup-config R1# reload will reboot the router R1 (Config)# enable password cisco 123 will over write any existing password. Go to enable mode and wr to make it permanent. R1 (config)# no enable password will erase password from running and wr will do it in startup-config. Add no to any command where it had to be initiated i.e. en mode or config mode and it will erase it from the running-config and wr will make it permanent.

Cisco Router Basics

WAN Link:

Physical Link and Link Configuration:

Cisco routers are not plug and play. First step is to physically link cables then step 2 is configuring it. Whenever we have to establish a link it is done in Interface Configuration. Connectivity of two interfaces is known as a link. R# show intfaces will show all interfaces R# sh int Serial0 will show the exact interface. This should be done in both Routers Link Status Statements: There can be 4 possibilities of outputs 1. Serial 0 is up, Line protocol is Up 2. Serial 0 is up, Line protocol is down

3. Serial 0 is down, line protocol is down 4. Serial 0 is Administratively Down, Line protocol is Down

1. Both Link hardware and software is UP. Link up is always shown if link is up on both devices 2. No problem in Link but software is down. 3. If link is down then the software or protocol will always be down 4. Hardware stays attached and shut down interface in int config mode will show administratively down, line protocol is down will appear. Any kind of serial port is not hot swappable. Whereas RJ45 is Cisco Routers by Default come with all interfaces in administratively down state. IF one side of the link is down administratively (statement 4) or physically the other side will show statement 3. Statement 2: There are three major reasons for statement 2 to appear. 1. Keep alive Not Set (10 sec by default) 2. Encapsulation Mismatch 3. Clock Rate at DCE not set This statement 2 will show up on both ends of the link if this problem exists, when there is a problem in the software. Keep Alive: If no Keep alive is received after 10 sec from destination router, it shows statement 2. Keep alive is configurable. The keep a live interval should be same at both ends of the link. Encapsulation Mismatch: Occurs when 2 different protocols are running at each side of the link. One router is running PPP while other is running HDLC Clock Rate at DCE not set. Clock Rate: Clock rate limits the bandwidth of the link and is set at the service provider side. V.35 has two side one connector of V.35 is DTE while other is called DCE

DTE = Data Terminal Equipment DCE = DATA communication equipment, Service provider end. Connects to CPE DTE DCE Bandwidth has to be configured at both DTE and DCE. While clock rate is only set at DCE. If clock rate has not been set by service provider then it will be because of 3rd reason. In all modular routers the interfaces are interchangeable. The sequence of differentiating one interface from another is by Port number convention is modular router: Serial Module/Slot/Port By default Module number start from right to left or bottom to up. NM-16ESW Means Ethernet Non routed, Layer 2. FRSW Frame Relay

Ethernet
Ethernet can be routed and non-routed. The routed ones can have IPs and are used as gateways they come factory fitted (or if they are LAN ports coming preinstalled in a router they are gateway ports or routed ports) where as non-routed can be installed but they run at layer 2. Working as a switch

B# sh interface serial 0/0/1 This will go into S 0/0/0 and will setup there In order to configure links we have to go into interface mode Conf t interface serial 0/0/0 will take into interface You can switch over into other interfaces from one interface into another from within the interface mode IF you want to verify clock rate and cable type following command will be used. R# show controllers will show all interfaces adding Serial 0/0/0 will show just this interface

Interface mode clock rate 64000 is calculated in Kbits and is configurable Bandwidth By default the bandwidth of 1544 Kbit is set by default in all serial interfaces. Interface mode Bandwidth 64 will set the bandwidth on one interface Interface mode Encapsulation xxx will change the protocol type on that interface. Copy paste can be performed in secure crt etc

NM-1FE-TX is a single fast Ethernet port which is routed. En Sh IP int brief will show a table with all IP related info. Ping command Cisco router ping command generates 5 packets which can be configured. Every packet has 100 Bytes. Internet Control Message Protocol. ICMP is the protocol used for sending ping in cisco RTT: Round trip time. Avg is the figure that will be RTT In Ethernet the very first time the first Ping out of 5 is dropped

Remote Access:
Remote access must be reachable/ping-able.

Line VTY (Virtual Terminal)

VTY are used for Virtual Link, so that the communication ports can now act as a virtual Aux port. There can be 5 (0 to 4) and above VTY Lines in each router these can be accessed through any interface. TCP is the protocol in which the telnet tool is used to establish remote access. It is reliable as it belongs to TCP. It establishes remote access via Line VTY. R# telnet 1.1.1.2 But before this can be done the remote host must be enabled to accept remote host R2# conf tline vty 0 4password xxxxx login To switch from user mode to enable mode while accessing remotely, the password must be set at R2. R2# conf t enable secret xxxx R1# show line will show which of the VTY lines you are using

Associating name to IP address R1 (config)# IP host LHR 1.1.1.2. IP host followed by WORD followed by IP address R1# show hosts will show the table of associated names to IP address Ctrl + A will bring cursor to start of the written command Ctrl + E will bring the cursor to the end

Network Design Management with CDP

CDP Cisco discovery protocol is the protocol that will help obtain complete info of the network design. Cons of CDP includes that it does not recognize non cisco devices in a network, and it cannot show indirectly connected devices A# show cdp neighbors: this command will show Output: Device ID B C Local Interface S 0/0/0 Ser 0/0/1 Hold Time 127 130 Capability R R Platform C2800 C2800 Port ID S 0/0//0 Ser 0/0/1 Destination Port

Sh CDP Neighbors detail: will show the details

3 types of communication
Simplex, Half Duplex and Full duplex Simplex One sided communication receiver will only receive and always receive, same with sender. Half Duplex Walki Talki type communication Duplex telephone type

CDP uses Multicasting MAC addresses. CDP packets will be shared with neighbors. CDP packet multicasts at 60 sec interval

Holdtime
is the time that it waits for before removing from table. No cdp run will disable cdp multicasting. Can be done in int level as well int uses cdp en

Boot-up Sequence of Cisco Devices

Memory is stored in Registers. NVRAM (reg #) 0x2102 RAM: 0x2142 ROM has two registers: RX-Boot and ROM-MON RX-BOOT 0x2101 (Mini IOS) ROM-MON 0x2100 (Configuration, Boot up Sequence)

POST: Power on Self-Test is the process that takes place after boot up. This checks the hardware to verify if it is working or not. After starting the IOS has to be picked for which NVRAM is accessed. There can be 4 Configuration Register Values for this 0x2102 0x2142 0x2101 0x2100

These 4 options do not refer to the 4 memory locations stated above. 0X2102 IF 0x2102 is there it means look in flash (This is the default sequence) If not then TFTP server is accessed If not then RX-boot is selected Next Step is to Copy NVRAM to RAM 0x2142 Look in Flash

Then TFTP Then RX-boot Next step it will bypass coping of NVRAM to RAM 0x2101 Look in RX-Boot (it will load mini IOS) Next step NVRAM is copied onto RAM 0x2100 No IOS will load in this option. A Special mode will appear Configure Boot up Sequence.

Boot up sequence can be configured in global configuration

R1# Show version : IOS info details, Hardware related details, Device uptime, Current Config Register value Conf t config- register xxx is the command i.e 0x2101. Must be Wr after last command. This will take effect at next reload ROUTER (boot) > this outcome will indicate that router is in mini ios En Router (boot)#Erase flash will erase the flash R1#Sh flash will show status of flash TFTP server is used to upload IOS Router(boot)# copy tftp flash Will ask for host address Will ask for file name Will ask to erase file again We must set the OX2102 after completing the upload in conf t# config-register 0x2102 followed by wr

We can have multiple IOS in a device. Sequence of loading can be configured by the command: Note: Always Ping before coping an IOS. As the first packet of the Ethernet will be dropped. In case of ios it would copy an incomplete file.

Conf t boot system (xxx) where xxx can be flash, tftp which will set the flash 1st of tftp 1st Conf t boot system flash xxx where xxx is source file name of the IOS to load first if there are multiple IOS

Password Recovery
1. Restart 2. Hit Ctrl +break keys before ios starts to load Enter the 0x2100 rom-mon 3. o/r 0x2142: command will be entered to change boot-up sequence 4. I will be typed to initialize Now you will enter a blank ios with no configs 5. go into enable mode copy startup-config running-config 6. no enable secret 7. config-register 0x2102 8. wr 9. reload

Routing

R#Sh IP route: will show routing table C next to a network ID shows that they are directly connected Routing is always done on the basis of next hop Router knows about networks through its interface and with IP address (interface local and IP of destination). Static routings best practice is to use local interface for defining next hop S shows static routes

Convergence
Completion of routing, each and every IP address is reachable directly or indirectly connected. Merging networks that carry data, voice, media, etc.

Partial convergence
Some of the IPs are converged some are not

Static Routing command

R1# IP route 200.100.100.0 255.255.255.0 serial 0/0/0 will add this network statically to router 1 and shows that the destination path is via s0/0/0 R2# IP route 200.100.50.0 255.255.255.0 1.1.1.1 will add networks path of 200.100.50.0 via IP address 1.1.1.1 IP route must be written in full no abbreviations AD Value/ Matric is what you see with the IP address path selection

Lower numeric value means higher value for AD Directly connected value 0 Static routing with interface considered connected value 0 Static routing with next hop IP value 1 Metric: Criteria of selecting best path. Best Path: Differs with each protocol Static routing has no matric Hop count Entering through one interface and exit through another of 1 router will be 1 hop count

Dynamic Routing:
There are two types of Routing policies: IGP and EGP IGP Performs convergence within one AS EGP Performs convergence between two or more than two different AS One routing protocol in one AS

Autonomous System:
A network with single routing Protocol is called an AS A network with single administration is called an AS

Protocols
Types of Protocols
IGP Types: RIP: (Routing Information Protocol) OSPF (Open Shortest Path First) EIGRP: (Enhanced Interior gateway routing Protocol) IS-IS: (Intermediate System to Intermediate System) Service Provider EGP BGP: Border Gateway Protocol

RIP
RIP is an IGP protocol

Rip Properties: Principle of Work: Distance Vector routing protocol A.K.A: Bellmen Ford Algorithm RIP Metric: Hop Count IGP Protocol AD Value: 120 Routing Update : Broadcast As it is overhead router will broadcast. It usually uses unicast to send data packets Broad cast address 255.255.255.255 Its a Bandwidth Intensive protocol Periodic Routing updates take place every 30 Sec RIP is Very Easy to configure Limitation of 15 hops RIP was made for small size networks Does not support routing for class-less subnets.

RIP v2
Multicast Supports Routing for class-less & class-full sub netting Multicast address: 224.0.0.9 RIP v1 and v2 will receive multicasts R3# Sh IP protocol: will show if there are protocols running If there are multiple protocols running the protocol with lower AD value will take preference Conf t router RIP do sh IP route You can run any en mode command in router conf mode with do sh Conf t router rip network 1.0.0.0 network 3.0.0.0 200.100.50.0

A# sh IP route C= 3 routs directly connected C1.0.0.0/8 is directly connected, serial 0/0/0 R 2.0.0.0/8 [120/1] via 1.1.1.2 00:00:16, serial 0/0/0 Via 3.1.1.1 00:00:25, serial 0/0/1 R200.100.100.0/24 [120/1] via 1.1.1.2 time, s 0/0/0 R200.200.100.150.0/ 24 [120/1] via 3.1.1.1, time, ser 0/0/1 RIP 2 can replace RIP1, there is no need to remove RIP before installing RIP2 RIP v1: Send: v1 RIPv2:Send V2 Receive: V1&V2 Receive V2

When there is a mix of RIPv1 and RIPv2 it will be partially converged Conf t router RIP version 2: is the command to 240 seconds is the hold time in RIP before it removed entries from routing table if the destination is not reachable. However after 30 sec it will stop forwarding packets to the destination Enclear IP route * will remove routing table entries which are not actively sending packets. It will refresh routing table

R1# C1.0.0.0/8 is directly connected, s0/0/0 C 4.0.0.0/8 is directly connected, serial 0/0/1 C200.100.50.0/24 is directly connected, fast Ethernet 0/0 R 200.100.100.0/24 [120/1] via 1.1.1.2 s0/0 R 200.100.200.100/24 [120//1] via 4.1.1.1 s0/1 R3.0.0.0/8 [120/1] via 4.1.1.1 s0/0/1 Via 200.100.20.2 fa0/0

OSPF
OSPF Configuration: 1. Process ID 2. Wildcard mask 3. Area ID

When 2 AS converge at one router Redistribution has to take place If 2 AS converge with a link then BGP is used Wildcard mask: Host bits, It is inverse of subnet mask. Its the difference between the starting and ending of the range i.e .0 - .255

Process ID Is only important when there are multiple AS running on a single router. Process ID differentiates different routing systems on a single router

Process ID is only significant for one router.

R1#conf t router ospf 1 net 1.0.0.0 0.255.255.255 area 5 End

EIGRP
It is a balanced hybrid routing protocol Hybrid of RIP and OSPF Cisco designed EIGRP As it is Cisco Propriety, and does not work on any other vendor

IGP
AD value =90 Multicast address: 224.0.0.10 Incremental and triggered multicasts take place

Supports both class-less and class-full, class full does not require wild card mask whereas calss-less does Metric: Composite Metric 1. Bandwidth 2. Delay 3. Reliability 4. Load 5. MTU

EIGRP is by default set to consider Bandwidth and Delay combination EIGRP Metric = (107/minimum Bandwidth)256 +(total delay)256

Units of the above formula bandwidth is calculated in Kbps In the above pic the top path has 1.5mb as the minimum bandwidth Bottom path has 10mb so bottom is the better path 256 is multiplied so that the minute differences between the path now become noticeable

Delay in above formula calculated in 10 of micro sec: 1 x 10-6 of a sec Tables: 1. Neighbor Table (works same as OSPF hello sent, etc.) 2. Database table (has two paths best and second best) 3. Routing table (Best Path, when best path goes down the second best takes place) EIGRP supports large to very large networks

Divisions is

Autonomous system numbers are assigned by AIANA like IP. EIGRP uses ASN whereas OSPF uses Process ID, however unlike Process ID the ASN must be same throughout the AS #conf t router eigrp do sh IP route network 1.0.0.0 end

IP traffic Management / Network Security

ACL
Standard and extended (both can be configured inbound and outbound) Standard Source IP Based / Network ID Extended IP/Network ID Destination IP/ Network, Protocol /Port

Defining an ACL Making a List in which allow or deny should also be applied ACL must be defined in Global mode of router or switches Implementation can be applied on Interfaces, Lines, Processes (just like routing protocol) i.e NAT List of ACL that can be made

On 1 router or switch the standard number of ACL that can be configured is 99 however this range has expanded 1 to 99 is Standard 100 and above will not be standard Extended gives another 100 from 100 to 199 . (Source IP) (Source, Destination, Protocol)

Each ACL list can have unlimited number of restrictions or permissions

Task Block 200.100.50.1 not to reach 200.100.100.1 1. We will define the ACL at A 2. We will apply on A at fa0/0, inbound # Sh access-lists to verify A (config) #access-list 5 Deny 200.100.50.1 0.0.0.0 in A single IPs wildcard mask will always be 0.0.0.0 Wild card mask can be of a single IP as well as network. Rule of thumb is that you block at the very start of Network so that it does not utilize network bandwidth

Rules of Wildcard Mask

Must start at Network ID and end at Broadcast ID check the table below So on 128 64 0-63 64-127 128-191 192-255 32 0-31 32-63 64-95 96-127 128-160 16 0-15 16-31 32-47 48-63 64-79 8 0-7 8-15 16-23 24-31 32-39 4 0-3 4-7 8-11 12-15 16-19 2 0-1 2-3 4-5 6-7 8-9 1

If it does not fall in the table above it cannot be a wildcard mask i.e if a range starts from x.x.50.2 and ends at x.x.50.5 it cannot exist as it does not fall in any category above i.e x.x.50.0 to x.x.50.11 in which case there will be a split from 0-7 and 8-11 which comes from the two tables above Look at the table groups, take any table and minus 1 which will be the only wildcard mask ranges i.e. x.x.x.3 , x.x.x.7, x.x.x.15, x.x.x.31 can be the only ranges. (Config)# access-list 5 permit 1.1.1.1 0.0.0.0 (config)# access-list 5 deny 1.1.1.1 0.0.0.0

ACL rule: If the above is written in an ACL, whatever is written first in line is executed # conf t access-list 5 deny 200.100.50.4 0.0.0.0 The above command is incomplete and will block all addresses including the one stated above as by default ACL has a line defined which Access-list 5 is deny any To counter this line must be written # conf t access-list 5 permit any

# conf t access-list 6 permit 200.100.50.4 0.0.0.3 Which will allow x.x .50.4 and the next 3 x.x.50.5, x.x.50.6, x.x.50.7 Example Have to deny x.x.50.5 to x.x.50.7 #conf t access-list 7 deny 200.100.50.6 0.0.0.1 #conf t access-list 7 deny 200.100.50.5 0.0.0.0 #conf t access-list 7 permit any

Another way of doing the same #conf t access-list 8 permit 200.100.50.4 0.0.0.0

#conf t access-list 8 deny 200.100.50.4 0.0.0.3 #conf t access-list 8 permit any.

The above will permit the first address which has been written first and the remaining will be denied

In ACL any 1 line cannot be removed the entire ACL has to be removed. Using notepad in this scenario helps copy old ACL edit it and after removing old ACL from running config past the new one from notepad #show access-list Will show if there are any access lists available

#conf t access-list 8 deny 200.100.50.4 0.0.0.0 #conf t access-list 8 permit any. #Conf t int s0/0/0 IP access-group 8 outend sh access-list Note: #conf t access-list 8 deny 200.100.50.4 0.0.0.0 & #conf t access-list 8 deny host 200.100.50.4 Are interchangeable for single IP

Extended ACL
#conf taccess-list 105 deny (parent protocol) (source IP with wildcard) (destination IP with wildcard) eq (name or port number) #conf t access-list 105 deny tcp 200.100.4 0.0.0.0 200.100.100.100 0.0.0.0 eq telnet (eq 23) Alternatively: #conf t access-list 105 deny tcp host 200.100.4 host 200.100.100.100 eq telnet (eq 23) # access-list 105 permit IP any any As by default it will deny IP any any ( any source to any destination) #Conf t int s0/0/0 IP access-group 105 outend sh access-list

Assignment
To block ping command is # access-list 103 deny ICMP (source IP) (destination IP ) echo

Group A 200.100.100.100 telnet deny Group B Group C ping deny Solution to above problem: # conf t access-list 107 deny tcp 200.100.50.8 0.0.0.3 host 200.100.100.100 eq 23 # conf t access-list 107 deny ICMP 200.100.50.2 0.0.0.1 200.100.100.4 0.0.0.1 echo # conf t access-list 107 permit IP any any # conf t int s0/0 IP access-group 107 in/out

New assignment
Group B should not be able to http with the web server

Types of IPs
Public and Private

Public
Is Paid while private is not paid

Private
Unpaid. Free for all to use in their private networks cannot access internet with these IPs Class A: 10.0.0.0/8 to 10.255.255.255 Class B: 172.16.0.0/16 to 172.17.0.0/16 172.17.x.x , 172.18.x.x all the way to 172.31.x.x Class C: 192.168.0.0/24 Public IPs are usually configured on WAN interfaces

NAT
NAT (Network address Translate), Which translates the private IP into the public IP provided by the ISP Communication on internet can only be performed by public IP

In addition to the source address an additional port number is added to the header of the packet. This informs the destination node that there are multiple source nodes at the source IP. And returns the packet with the same header. When the packet is received by the NAT server it looks up the port number and returns the packet to the destination node on its local network.

NAT
private address is translated into public IP and sent to the destination node along with a port number assigned to the local node the source node

PAT
Public to private translation takes place when the packet is received from internet and forwarded to the node on the local network

Public is also known as global, private AKA local

Static NAT vs Dynamic NAT

Step 1 of NAT Configuration Defining Inside and Outside interface of the router There Are two types of public IPs: Static and Dynamic Dynamic changes

Static remains same

Static Public IP has static NAT and dynamic Public IP has Dynamic NAT #debug IP packet This will show all inbound and outbound packets at the router # U all This will stop all debugging #conf t Int fa 0/0 IP nat inside int s0/0/0 IP nat outside exit #conf t IP nat inside source static 200.100.50.4 1.1.1.1 :can only work where the IP address will remain static and if the number of IPs to be advertised is low

# show IP nat translations : will show nat translations NAT is Important for better IP management as well as security #conf t access-list 11 permit 200.100.50.4 0.0.0.3

# conf tIP nat inside source list 11 interface serial 0/0/0 overload Overload will implement pat

Switching

L7 L1

L2 L1

L2 L1

L3 L1

L2 L1

L2 L1

L7

An Other way is IP Bit MAC Bit MAC Bit IP Bit MAC Bit MAC Bit IP

MAC address
At Layer 2 Media Access Control Addresses always belongs to an Ethernet Port. A Serial port never has MAC address MAC cannot be changed, It is in Hexadecimal form Hexadecimal is 1 to 9, A to F. where F = 15 and total numbers start from 0 therefore 16 digit Its a 4 Bit Format

1 hexadecimal = 4 bits 1 MAC Address = 12 Hexadecimal or 48 bits, or 6 Bytes FORMAT used: 8FC9.ABCD.0157 8F-C9-AB-CD-01-57 Byte by Byte division 8FC9ABCD0157 Front End: IP back end :MAC

ARP
Address Resolution Protocol is the protocol that helps generate ARP table which has mac address and IP address. It is a Layer 3 table. ARP request and ARP reply are both Broadcasted. The aging timer is set to 4 Hours in Cisco. It is configurable There are two types of table. Prebuilt and On demand. Routing table is Prebuilt. ARP is on demand. It only starts looking for IP/mac maps when a request occurs. ARP is not the same as Switching Switching table is also known as MAC Address Table.

Cisco Switch

24 Port Number start from 1 to 24 48 Port 1 to 48 Switch start from Fast Ethernet, It is considered to be a module there for it has interfaces like fa 0/1 to 0/24 or 0/48

All ports on a switch are non-routed ports AKA switch port.

Sw# show mac-address-table To save time instead of writing full mac address we will use A B C D for this example A sends packet to D. Switch records that A is on port 0/5 then it broadcasts to all other ports and D will reply. Switch does not broadcast for D lookup on 0/5 as it already knows that this port is linked to A. Once it knows the Mac address and its Ports it will start unicasting to known addresses. This table remains empty until communication starts. MAC A D Port # 0/5 0/15

Mac address table aging time is 5 mins / 300 secs

Cisco Switches known as Catalyst. Its Layer 2 and multi-Layer both come under catalyst. Console port identifies if the switch is manageable or not. Cisco switch Ports are also known as Non-routed or switch ports. IOS recognizes switch port Switch Port Has two types. Access port and trunk port Interfaces on Cisco Switches are by default set to up state. By default all ports are set as access port. Access ports are ports that are connected to an end user/single user or host. i.e printer, camera, computer. and the link is known as access link Trunk Port A port that connects switch to another switch. And the link is known as a trunk link. Any of the 24/48 ports can be used as access ports or trunk ports. An access link can change into a trunk link dynamically and statically depending on the model of the catalyst. i.e 2950 and 2960 Layer two switches 3550 , 3560, 3750 . And higher series are Multilayer switches. Among all these 3550 series is the only switch model that dynamically converts an access port into a trunk port. As long as one of the switches in 3550. Configuration of trunk links Trunk: Dynamic and Static In labs static is the only switching we will be asked for. Encapsulation is configured in non-routed trunk ports Static: Encapsulation : ISL (inter Switch Link)(Cisco Proprietary) 802.1Q AKA Dot1Q (IEEE)

Switch Port Mode:

Trunk Access

Dynamic: Encapsulation : ISL (inter Switch Link, Cisco Proprietary) 802.1Q AKA Dot1Q (IEEE, Open standard)

Switch Port Mode DTP protocol is used (Dynamic trucking protocol, cisco proprietary)

Switch Port mode has two types in dynamic switching: Dynamic Desirable and Dynamic Auto DTP session establishment means trunk link has been established. It has two requirements: DTP request and DTP reply after which a DTP session is established Dynamic Desirable: Can generate both DTP request and DTP reply Dynamic Auto: can only generate DTP reply. Dynamic Desirable and Dynamic Auto are configurable and one can be changed into the other In short you require at least 1 DD among the two switches to establish a DTP session. Catalyst 3550 by default is set to Dynamic Desirable all others are set to Dynamic Auto.

1 Network ID is also a network domain All broadcast ids have 1 mac address which is FFFF.FFFF.FFFF

VLAN
VLAN stands for Virtual Local Area Network. It is a logical partition that isolates different broadcast domains. VLAN is a broadcast Domain. The # of networks is the # of broadcast domains. 1 VLAN = 1 Broadcast domain = 1 We can configure 1 to 4094 on a single switch Steps to setup VLAN 1. Defining VLAN 2. Port association with VLAN VLAN tag isolates 1 network with other networks on the same switch.

VLAN 1 is set on every catalyst by Default VLAN 100 : Port 1 to 4 has 10.0.0.0/8 broadcast domain VLAN 200: Port 11, 13,16,19 is 20.0.0.0/8 VLAN 300: Port 21,223, 24

VLAN 100 tag is replaced by Mac address. When frames come into switch via interface VLAN tag is added to the frame when it exits the switch the VLAN tag is removed. 1 Broadcast domain should be in 1 VLAN All switches should have identical VLANS

When a computer sends a frame to the switch the packet header is imposed with a VLAN tag. I.e frame comes in from port 7 the switch looks at which ports belong to VLAN 200 locally and forwards to all VLAN 200 ports on local switch then it looks for a trunk port if the switch has a trunk port it will forward the frame to switch 2 the switch 2 looks for VLAN 200 ports and forwards again to these ports. The VLAN tag is taken off at the communication port before sending it to the host connected to this port. If a port is not defined by the user in any defined VLANs then it is a member of VLAN 1 which is the default VLAN NOTE: Access Port: Is a port that is in one VLAN and it handles communication of that particular VLAN and only of that VLAN. It cannot be in two VLANS. If a switch port is a member of a VLAN then that is an Access Port. Access Port: Enter VLAN tag imposed on frame Exit VLAN tag removed on frame TRUNK Port: Enter No change in frame header Exit No change in frame

VTP:
Cisco proprietary, It is a protocol that dynamically propagates network. Defining VLAN on one switch will define switches on all switches

VTP domain
Is a group of switches that shares common identical VLAN database. VTP Mode/ VTP operational Mode Choses which switch should be selected to propagate the network Three VTP operation modes: Server, Client, Transparent. By default every cisco switch has server mode selected by default.. Differences between SERVER CLIENT and TRANSPARENT SERVER Mode Create VLAN Delete VLAN Modify VLAN Transmit VLAN database Receive VLAN database Receives, Copies (sync), Forwards (transmits). Database it receives CLIENT Mode Cannot Create VLAN Cannot Delete VLAN Cannot Modify VLAN Can transmit VLAN Can Receive VLAN database Receives, Copies (sync), Forwards (transmits). Database it receives Transparent Mode Create VLAN Delete VLAN. But only those VLANs that are created in Transparent Mode Modify VLAN. But only those that are created in transparent Mode Transmit VLAN but only those that are received by other switches Receive VLAN database Receives and transmits but does not keep a copy (sync). DOES NOT SYNC

Transparent Mode It Is implemented for security purpose. i.e if you want two new VLANs that should not be propagated throughout the network, it will be created in this mode. it will keep these VLANS hidden from other switches in the network.

Having 2 VLANs of a single switch being connected by a router is not an efficient or scalable option. Concept: Inter VLAN routing with a Router on a Stick.

In order to have one link that connects to the switch we will create 2 logical interfaces in one interface. Cisco Routers only support Dot1Q encapsulation. Cisco switches have both Dot1Q and ISL encapsulation Cisco routers do not support DTP and has to be connected statically to the switch

Configuration Commands
Configuration Sequence: 1. Trunk 2. VTP 3. VLAN

#sh interfaces trunk : will show the existing trunks # conf t ho SWA # conf t int fa 0/8 switchport trunk encapsulation dot1q switchport mode trunk (?) Same on the other switch

VTP: #sh vtp status # vtp domain Cisco : changes the name All commands of VTP are executed in Global mode #vtp mode client: changes mode to client from default # sh VLAN : will show VLAN database, trunk ports are invisible In addition to VLAN 1 there are 4 other VLAN that are there by Default these 4 cannot be used as they are reserved for switch cpu usage 1002 ,1003, 1004, 1005 are the 4 VLANs # conf tVLAN 100 name HR exit # conf t VLAN 200 name IT exit

# Conf t int fa0/2 switchport access VLAN 100 : will make 0/2 a member of VLAN 100 Router can be connected to wither router in our scenario VLAN config steps Step 1: configure IP address and default gateway on end devices Step 2: Configure VLAN and access ports. Step 3: no sh command on Routers physical interface Step 4: Configure Trunk Link RS . It must be configured statically and dot1q encapsulation enabled Step 5: Configure sub interfaces on router VLAN membership (association) Encapsulation of dot1q IP configuration sub interface

Step 6: Verify that VLANs are communicating to each other Enable no shut on router Enable trunk on switch just like we did above R# en conf t int fa 0/0. 100: will make a sub interface R# en conf t int fa 0/0 100 encapsulation dot1q 100 R# en conf t int fa 0/0 100 IP address 200.100.20.100 255.255.255.0 IP address are assigned at the very last R# sh IP route will show both sub interfaces

Multi Access Networks

Frame Relay Switching Frame relay is a WAN technology that connects multiple branches that are connected in a manner that they give a feel of directly connected branches.

It works just like Ethernet but it is used for WAN and instead of DLCI Data link Circuit Identifier, works just like mac in Ethernet but this is for Frame Relay On each switch there are multiple DLCI which are simple numbers. Frame Relay switch is on the service providers side DCE should always be on the service provider side Frame relay switches are actually routers which are acting as switches for Frame relay and other wise work upto Layer 3 Frame relay is an example of VPN To communicate between R1 and R2 a Virtual tunnel is made at the Frame Relay switch that will forward it to the interface that is connected to router 2. This virtual circuit has to be configured. This virtual circuit is called PVC. To connect every two branches we require at least 1 PVC connection Ethernet is a Broadcast Multi-access while Frame relay is a NBMA non Broadcast Multi Access topology Each PVC is identified by DLCI.

When R1 sends a packet top R2 it attaches a tag with the packet i.e 102 DLCI which is the DLCI for PVC leading to R2 IP to DLCI mapping can be performed statically and Dynamically, Inverse ARP is the protocol used to dynamically map DLCI Dynamic mapping is process intensive and is not preferred when bandwidth is an issue. Commands # Conf t frame relay Switching # Conf t frame relay Switching int ser 2/0 no IP address No IP address command makes sure there is no IP assigned # Conf t frame relay Switching int ser 2/0 encapsulate frame-relay Next step clock rate # Conf t frame relay Switching int ser 2/0 frame-relay intf-type dce The above command will change its own type to dce if cable is connected wrongly, this can only change its type in frame relay # Conf t frame relay Switching int ser 2/0 Clock rate 64000

# Conf t frame relay Switching int ser 2/1 frame-relay route 102 interface serial 2/1 201 no sh Which will create a PVC at 102 at 2/0 and destination is 2/1 with DLCI 201 # Show frame-relay route

Will show output of PVC # Conf t frame relay Switching int ser 2/1 no IP address encapsulate frame-relay framerelay route 201 interface serial 2/0 102 no sh Will go back to router 1. In interface will apply IP address and the # conf t int s2/0 IP address 1.1.1.1 255.0.0.0 encapsulation frame-relay no sh Inverse ARP will become active is the above scenario On client side verification is done by # Show frame-relay map STATIC routing R1# conf t int ser 2/0 shutdown end Which will shut down the interface and the map will be deleted R1# conf t int ser 2/0 no frame-relay inverse-arp Which will shut down inverse arp which is on by default R1# conf t int ser 2/0 no frame-relay inverse-arp frame-relay IP address 1.1.1.2 102 no sh Our IP and Destination DLCI R2# conf t int ser 2/0 no frame-relay inverse-arp frame-relay IP address 1.1.1.1 201 no sh

IPv6
Intro to IPv6
128 bits long IPv6 address are assigned in hexadecimal numbers, 32 hexadecimals in one address, which is divided into 8 groups 0 to 9 then A to 16. A is 10, B is 11 and so on U hexa = 4 bits 1 IPv6 address has 32 hexadecimal 16 bytes

: is used to separate group just like . was used to separate auctits i.e AB01 : 56789 : 9FEE : CBE9 : CBF8 : 8CC9 : 9315 : 8EEF 00AB:0000:0000:000E:0000:0000:0000:0100 AB:0:0:E:0:0:0:100, AB:0:0:E::100

:: CAN BE USED ONLY ONCE IN IPv6 ADDRESS 200B : 0000 : 0000 : 000E : 0000 : 0000 : 0000 : 0500 WHICH CAN BE WRITTEN AS 200B : 0 : 0 : E : 0 : 0 : 0 : 500 PrincIPle of IPV6: Adjacent 0 groups in an IPv6 address can be replaced by :: (double colleen ), But this can happen only once in an IPv6 address. In the above example we should implement the rule after E as we can reduce 3 groups therefore making it shorter 200B : 0 : 0 : E : : 500 making groups 5 There are no classless address Size of network is fixed in IPv6. No Class exist for large medium or small size organizations Network has 64 Bits and interface has 64 bits. It can support sub netting however it is not performed at the time neither is it considered 200B : 1 : 2 : 3 : 4: 5 : 6 : 7 Where 200B : 1: 2 : 3 is Network ID and Interface ID is 4 : 5 : 6 : 7

The network address will be represented by 200B :1:2:3 : : /64 where Interface group will be :: as all will be 0. There is no Broadcast ID in IPv6 as it does not support Broadcasting it is multicast. Link Local Address behaves like broadcast ID as there was a need for having an address that can replace broadcast 2009: 0 : 0 : 0 : 0 : 0 :0 : 0 2009 ::/64 is the same thing

Types of IPv6 addresses

1. Global Unicast addresses 2. Site Local Address 3. Link Local Address 4. Multicast Address Global Unicast Address: They are configurable, and routable, Public IPS Site local Address: They are configurable and routable, Private IPs Link Local Address: They are not configurable. Calculated from MAC address Multicast: They are configurable and routable. Each Hexadecimal has 4 bits 8 1 4 0 2 1 1 0 (4 bits) A which has value of 10 (Public IPs) (Private IPs) (broadcast ID replacement, calculated from MAC) (Multicast Address)

First digit of the first group of Hexadecimal address decides if it is a global address 001x will mean it is a global address. In other words if the hexa address starts with 2 or 3 it is a global address. But for the time being the address starting with 2 will be a global unicast address.

/3 is usually seen with global unicast address however this is shown to say that the first 3 bits have been checked and it is verified to be global unicast this is not in any way representing subnet mask

Site Local
If the first group of the hexa address is FEC0 it is a site local address. F:1111 E:1110 C:1100 0:0000

If the first 10 bits of a Group are 1111 1110 11 then it is a Site Local therefore FECx , FEDx, FEEx, FEFx ALL WILL BE SITE LOCAL

/10 show site local address again this is to show that it is a site local address and has nothing to do with subnet mask.

Link Local
FE80 is a group that represents link local address. We look at the first 10 bits F:1111 E:1110 8:1000 0:0000

IF the first 10 bits are 1111 1110 10 FE8x, FE9x, FEAx, FEBx. All represent Link Local

Multicast Address
If the first 8 bits are 1111 1111 then it is a multicast address. In other words if the first group starts with FF it is a multicast address. /8 suggests that the first 8 bits are important.

ANY CAST
It has multiple servers all with the same unicast address all having the copied databases. The closest server is chosen when a user tries to access data however the changes take effect in all servers

IN CISCO INSTEAD OF IP WRITE IPv6 in all commands and verifications

# conf tint fast Ethernet 0/0IPv6 en IPv6 address 2001::a/64 no sh no keepaliveend

Ping IPv6 200a:b:c:d::b Alternatively ping 200a:b:c:d::b can also be seen in IPv6 convergence: Static routing: R1# conf t IPv6 route 2002::/64 200a:b:c:d::b end R1# sh IPv6 route RIPng is used in IPv6 routing RIP next generation (RIP metric + 1 is the RIPng metric) The hop count is started when the packet leaves the router whereas RIP calculated a hop when it crossed a router Before enabling routing protocols on IPv6 we must enable IPv6 first By default IPv6 and IPv4 multicast is not enabled R1# conf t IPv6 unicast- routing R1# conf t int ser 2/0 IPv6 rIP word enable where word is the name of the tracking id and it must remain same throughout the AS.works just like ospf routing id

R1# conf t int fa 0/0 IPv6 rIP word enable

R1# conf t IPv6 router rIP word this will take you into rIP area where changes can be make i.e redistribution or route-map is placed

OSPFv3 is used in IPv6

In OSPFv3 the router ID is always a IPv4 address never a IPv6 address. Best thing is to hard code an IPv4 router ID R2# conf t IPv6 unicast- routing R2# IPv6 router ospf 1 router-id 2.2.2.2 exit R2# int ser 2/0 IPv6 ospf 1 area 0 end

Redistribution: R2# conf t IPv6 router ospf 1 redistribute rIP word R2# conf t IPv6 router rIP word redistribute ospf 1 metric 1