Version - Contains a 4-bit binary value identifying the IP packet version.

For IPv4
packets, this field is always set to 0100.
Differentiated Services (DS) - Formerly called the Type of Service (ToS) field, the
DS field is an 8-bit field used to determine the priority of each packet. The first 6 bits
identify the Differentiated Services Code Point (DSCP) value that is used by a quality
of service (QoS) mechanism. The last 2 bits identify the explicit congestion
notification (ECN) value that can be used to prevent dropped packets during times of
network congestion.
Time-to-Live (TTL) - Contains an 8-bit binary value that is used to limit the lifetime
of a packet. It is specified in seconds but is commonly referred to as hop count. The
packet sender sets the initial time-to-live (TTL) value and is decreased by one each
time the packet is processed by a router, or hop. If the TTL field decrements to zero,
the router discards the packet and sends an Internet Control Message Protocol (ICMP)
Time Exceeded message to the source IP address. The traceroute command uses this
field to identify the routers used between the source and destination.
Protocol - This 8-bit binary value indicates the data payload type that the packet is
carrying, which enables the network layer to pass the data to the appropriate upper-
layer protocol. Common values include ICMP (0x01), TCP (0x06), and UDP (0x11).
Source IP Address - Contains a 32-bit binary value that represents the source IP
address of the packet.
Destination IP Address - Contains a 32-bit binary value that represents the
destination IP address of the packet.
Internet Header Length (IHL) - Contains a 4-bit binary value identifying the
number of 32-bit words in the header. The IHL value varies due to the Options and
Padding fields. The minimum value for this field is 5 (i.e., 532 = 160 bits = 20 bytes)
and the maximum value is 15 (i.e., 1532 = 480 bits = 60 bytes).
Total Length - Sometimes referred to as the Packet Length, this 16-bit field defines
the entire packet (fragment) size, including header and data, in bytes. The minimum
length packet is 20 bytes (20-byte header + 0 bytes data) and the maximum is 65,535
bytes.
Header Checksum - The 16-bit field is used for error checking of the IP header. The
checksum of the header is recalculated and compared to the value in the checksum
field. If the values do not match, the packet is discarded.
Identification - This 16-bit field uniquely identifies the fragment of an original IP
packet.
Flags - This 3-bit field identifies how the packet is fragmented. It is used with the
Fragment Offset and Identification fields to help reconstruct the fragment into the
original packet.
Fragment Offset - This 13-bit field identifies the order in which to place the packet
fragment in the reconstruction of the original unfragmented packet.












Version - This field contains a 4-bit binary value identifying the IP packet version.
For IPv6 packets, this field is always set to 0110.
Traffic Class - This 8-bit field is equivalent to the IPv4 Differentiated Services (DS)
field. It also contains a 6-bit Differentiated Services Code Point (DSCP) value used to
classify packets and a 2-bit Explicit Congestion Notification (ECN) used for traffic
congestion control.
Flow Label - This 20-bit field provides a special service for real-time applications. It
can be used to inform routers and switches to maintain the same path for the packet
flow so that packets are not reordered.
Payload Length - This 16-bit field is equivalent to the Total Length field in the IPv4
header. It defines the entire packet (fragment) size, including header and optional
extensions.
Next Header - This 8-bit field is equivalent to the IPv4 Protocol field. It indicates the
data payload type that the packet is carrying, enabling the network layer to pass the
data to the appropriate upper-layer protocol. This field is also used if there are
optional extension headers added to the IPv6 packet.
Hop Limit: - This 8-bit field replaces the IPv4 TTL field. This value is decremented
by one by each router that forwards the packet. When the counter reaches 0 the packet
is discarded and an ICMPv6 message is forwarded to the sending host, indicating that
the packet did not reach its destination.
Source Address - This 128-bit field identifies the IPv6 address of the receiving host.
Destination Address - This 128-bit field identifies the IPv6 address of the receiving
host.
C: Directly connected network
L: Link local route (IOS v15 or
higher)
O: OSPF route
D: EIGRP route
S: Static route
EX: EIGRP External
IA: OSPF inter area
E1: OSPF External type type 1
E2: OSPF External type 2
B: BGP
R: RIP

Sequence number (32 bits) - Used for data reassembly purposes.
Acknowledgement number (32 bits) - Indicates the data that has been received.
Header length (4 bits) - Known as data offset. Indicates the length of the TCP segment
header.
Reserved (6 bits) - This field is reserved for the future.
Control bits (6 bits) - Includes bit codes, or flags, that indicate the purpose and function of
the TCP segment.
Window size (16 bits) - Indicates the number of segments that can be accepted at one time.
Checksum (16 bits) - Used for error checking of the segment header and data.
Urgent (16 bits) - Indicates if data is urgent.

URG - Urgent pointer field significant
ACK - Acknowledgement field significant
PSH - Push function
RST - Reset the connection
SYN - Synchronize sequence numbers
FIN - No more data from sender


Step 1: SYN bit = 1
Step 2: SYN bit = ACK bit = 1
Step 3: ACK bit = 1







The private address blocks are:
o 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
o 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
o 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
Unique address (IPv6) FC00::/7 to FDFF::/7
Loopback addresses: 127.0.0.1 to 127.255.255.255
IPv6: ::1/128
Link local addresses: 169.254.0.0 to 169.254.255.255 (169.254.0.0/16)
IPv6: FE80::/64
Test net addresses: 192.0.2.0 to 192.0.2.255 (192.0.2.0/24)
Document IPv6 address 2001:0DB8::/32
Experimental addresses: 240.0.0.0 to 255.255.255.254
Limited Broadcast address: 255.255.255.255
IPv6 all nodes/hosts multicast (Send to all hosts via this address) FF02::1
IPv6 all routers multicast (Send to all routers via this address) FF02::2
Multicast Addresses: 224.0.0.0 to 239.255.255.255 (224.0.0.0/4)
IPv6 FF00::/8
Unspecified Address (IPv6) ::/128
Site local Address (IPv6) FEC0::/10
Currently (2014) available global unicast IPv6 Address: 2000::/3




Number of Subnets = 2
n
(where n = the number of borrowed bits)
Number of Valid hosts = 2
m
- 2 (where m = the number of bits remaining in the host field; 2 are for
network and broadcast addresses)




SMTP (port 25) is used
To send email from client (Mail User Agent MUA) to its email server / first Mail Transfer
Agent (MTA) or
To send email from a MTA to another MTA

Post Office Protocol (POP) (port 110) enables an email client to retrieve mail from a mail server
and then deleted on the server
IMAP (port 143) enables client to retrieve / sync mail but not delete it on the server
Ethernet0 is up, line
protocol is up.
Both the Physical and Data Link characteristics of the
interface are functioning correctly.
Ethernet0 is down, line
protocol is down.
Physical interface problem. For example, the cable may be
disconnected. This problem can also occur if this interface is
connected to another router whose interface has been shut
down using the shutdown command.
Ethernet0 is up, line
protocol is down.
Physical layer connectivity is obviously not the issue. The line
protocol being down is usually related to either a clocking
issue (such as with keepalives) or a mismatch between the
frame types being used on connected devices. For example,
one router being configured to use ARPA frames, and another
to use SNAP, encapsulation type mismatch, the interface on
the other end could be error-disabled, or there could be a
hardware problem.
Ethernet0 is
administratively down,
line protocol is down.
This output means that a local interface has been manually
shut down using the shutdown command. In the example
below, the shutdown command is issued for interface serial 0,
followed by the show int s0 command.

Switch # show
interface fa0/1
Output from the command line

Runts Malfunctioning NICs are the usual cause of excessive runt frames?
Giants Malfunctioning NICs are the usual cause of excessive runt frames?
CRC There is too much noise on the link and you should inspect the cable for
damage and length. You should also search for and eliminate noise sources, if
possible.
Collisions Number of messages retransmitted because of an Ethernet collision. (Only in
half-duplex)
Late
collisions
Excessive cable lengths are the most common cause of late collisions.
Another common cause is duplex misconfiguration.


Static secure MAC address: MAC addresses configured in this way are stored in the
address table and are added to the running configuration on the switch
Dynamic secure MAC address: MAC addresses that are dynamically learned and stored
only in the address table. MAC addresses configured in this way are removed when the
switch restarts.
Sticky secure MAC address: AC addresses that can be dynamically learned or manually
confiugred, then stored in the address table and added to the running configuration.

If there is still no connection between devices in a VLAN, but IP addressing issues have been ruled
out, refer to the flowchart.


Should troubleshoot trunks follow below order:
Native VLAN mismatches
Trunk mode mismatches
Allowed VLANs on trunks











AS (Autonomous System) is a collection of routers under a common administration such as a
company or an organization. An AS is also known as a routing domain.
Interior Gateway Protocols (IGP) - Used for routing within an AS
Exterior Gateway Protocols (IGP) - Used for routing between AS

Distance - Identifies how far it is to the destination network and is based on a metric such as
the hop count, cost, bandwidth, delay, and more.
Vector - Specifies the direction of the next-hop router or exit interface to reach the
destination.




An ultimate route is a routing table entry that contains either a next-hop IPv4 address or an exit
interface.
A level 1 route is a route with a subnet mask equal to or less than the classful mask of the network
address.
A level 1 parent route is a level 1 network route that is subnetted
A level 2 child route is a route that is a subnet of a classful network address.


Standard ACL: Sau khi add ACE (entry) vo ACL th nn reload li device thy th t chun c
process
Extended ACL: The order in which the statements are entered during configuration is the order they
are displayed and processed




Unlike IPv4, IPv6 Access List has 2 ACE (entry) before "deny any any"
permit icmp any any nd-na
permit icmp any any nd-ns
nd-na: ICMP Neighbor Discovery (ND) - Neighbor Advertisement (NA)
nd-ns: ICMP Neighbor Discovery (ND) - Neighbor Solicitation (NS)


Static address translation (static NAT) - One-to-one address mapping between local and
global addresses.
Dynamic address translation (dynamic NAT) - Many-to-many address mapping between
local and global addresses.
Port Address Translation (PAT) - Many-to-one address mapping between local and global
addresses. This method is also known as overloading (NAT overloading).
clear ip nat translations syntax









Root port: Switch port closest to the root bridge
Designated port: All non-root ports that are still permitted to forward traffic on the network.
Alternate and backup port: Ports are configured to be in a blocking state to prevent loops.
Alternate ports are selected only on trunk links where neither end is a root port.
Disabled ports: A disabled port is a switch port that is shut down.









STP Path selection based on Port cost

STP Bridge ID format

The bridge (switch) with lowest ID will be the Root bridge. So that the follow selection order will
be: Priority, Extended System ID (VLAN ID), Mac Address









- The router with the highest interface priority will be DR, the one with the second highest interface
priority will be BDR.
- If the interface priorities are equal, the router with the highest router ID will be DR, the one with
the second highest router ID will be BDR.
- If no router ID are configured, the router ID is determined by the highest loopback IP address.
- If no loopback interfaces are configured, the router ID is determined by the highest active IPv4
address.
The MTU size is the largest network layer packet that the router will forward out each interface