CCNA Note

IP Address
N
OSI Layer
Layer 2
Layer 3
P
- Class A , Class B
language)
Class
Class C
IP
Decimal (human
Binary,Octel and Hexa (Machine Language)
Decimal to Hexa and Binary
M
-
0000 0000-0010 0100-1000 1

b
b
8 bit = 1 Byte
1024 B = 1 Kilobyte (KB)
1024KB = 1 Megabyte (MB)
1024MB = 1 Gigabyte (GB)
b
-b
-b
-b
Class A = 1.0.0.0 to 126.255.255.255

Class B = 128.0.0.0 to 191.255.255.255
CCNA 640-802
Page 1 of 127
P
-
P
O
IANA (Internet Assigned Numbers Authority)

P
High Order Bit

b
b
b
b
(Loop back address
b
b
N
O
N
N
O
N
Private
Address
CCNA 640-802
Page 2 of 127
P
P
P
N P
Internet
LAN P
IP Subnetting
IP Subnetting
Building
IP
Building
IANA
IANA
N
website
N
http://www.apnic.net/
IP
Small Office
site
register
APNIC
b
- 203.81.162.22
Yatanarpon Teleport Name
Small Office
Office
Register
Computer
50
Class C
Cost
IP
254
Class C
IP 54
Office
IP
Class C IP
Cost
ISP
IP
IP
Router
Internet
N
IP
Computer
Subnetting
Class A
Subnetting
Subnet Mask
Default Subnet Mask
Octet 255
Host
255
Octet
'1'
Class A
'1'
Slash Notation
Default Subnet Mask
192.168.0.255
O
CCNA 640-802
'255'
Network
Address
Host
Default Subnet Mask
Octet
192.168.0.0
'0'
Subnet Mask
Class B
IP Address Post
8 bit
Network
10.0.0.0/8
Network
172.16.0.0/16
Class C
Octet
192.168.0.0/24
Network Address
'0'
Address
Broadcast Address
Page 3 of 127
Broadcast Address
N
255
Computer1 IP- 10.0.0.1
Computer2 IP - 11.0.0.1
SM- 255.0.0.0
SM- 255.0.0.0
Computer
Octet
10.0.0.1
Network ID
Network
Class A
Class C
11.0.0.2
Class B
Octet
Computer
Network
Octet
Octet
255
Subnet Mask
b
Octet
Subnetting
P
Host
b
P
b
b
b
-b
b N
N
b
M
N
b
Host ID
O
b
CCNA 640-802
Last IP
Network
First IP
192.168.0.0
192.168.0.1
192.168.0.62
192.168.0.63
192.168.0.64
192.168.0.65
192.168.0.126
192.168.0.127
192.168.0.128
192.168.0.129 192.168.0.190
192.168.0.191
192.168.0.192
192.168.0.193 192.168.0.254
192.168.0.255
Page 4 of 127
Broadcast
Class B
subnet
Class B
Octet
172.16.0.0/16
Subnet Mask
subnet
Class C
Octet
subnet
Network
172.16.0.0
172.16.128.0
First IP
172.16.0.1
172.16.128.1
Last IP
172.16.127.254
172.16.255.254
Broadcast -
172.16.127.255
172.16.255.255
1 bit
Default Subnet Mask

0
255.255.0.0
Network
1 bit
00000000.00000000
Decimal
10000000.00000000
'/'
172.16.0.0/18
1 bit
172.16.0.0/17
172.16.64.0/18
172.16.192.0/17
CCNA 640-802
Host
Page 5 of 127
172.16.128.0/18
16
32
Host
Class A
/9
Subnet Mask
/30
255.0.0.0
Octet
/30
http://subnettingquestions.com/
Question: How many subnets and hosts per subnet can you get from the network 172.29.0.0/23?
Networks
Network
IP
255.255.0.0
172
/23
23
Class B
'255'
16
7 bit
Host
2^9
Hosts
16 bits,
512
Subnet Mask
Third Octet
Host
2^7
32 bits
512 Hosts
Class B
Network
128 Sub Networks
Subnet Mask 23
Network
9
510 Hosts
Answer: 128 subnets and 510 hosts

------------------------------------------------------------------------------------------------------------------------------- -------Question: You are designing a subnet mask for the 172.26.0.0 network. You want 110 subnets with up to 300
hosts on each subnet. What subnet mask should you use?

172.26.0.0 Network
110
Network
300 Hosts
Subnet Mask
2^9
7 bit
Hosts
Hosts
/23
Network
2^7
128
300
2^8
256
Host
Network
1 bit
110
Answer: 255.255.254.0
----------------------------------------------------------------------------------------------------------------------------- ---------Question: What valid host range is the IP address 172.16.205.218/26 a part of?
IP
IP
172
/26
192
64
172.16.205.192
Network
Broadcast
CCNA 640-802
Class B
Default
255.255.255.192
64 series
172.16.205.0/26
IP
172.16.205.218
172.16.205.193
10 bits
Octet
172.16.205.64
Host
256
172.16.205.128
172.16.205.192 Network
172.16.205.254
Page 6 of 127
/16
Answer: 172.16.205.193 through to 172.16.205.254

--------------------------------------------------------------------------------------------------------------------------------------Question: What is the last valid host on the subnetwork 10.121.32.0 255.255.240.0?
IP
256
240
16 series
IP
IP
Subnet Mask
10.121.0.0
10.121.16.0
10.121.48.0
10.121.47.255
Third Octet
10.121.32.0
Host IP
10.121.32.0
Broadcast
10.121.47.254
Answer: 10.121.47.254
----------------------------------------------------------------------------------------------------------------------------- ---------Question: What is the first valid host on the subnetwork that the node 172.22.154.105/24 belongs to?
IP
/24
Network
255.255.255.0
Class B
Third Octer
IP
Subnet Mask
Class C
256
IP
255
1 series
172.22.154.0
172.22.0.0
First IP
1 series
172.22.154.1
Answer: 172.22.154.1
------------------------------------------------------------------------------------------------------------------------------ --------Question: What is the broadcast address of the network 172.21.60.0/22?
IP
255.255.252.0
256
252
Broadcast Address
4 series
Third Octet
Network
Third Octet
Network
60
172.21.64.0
Subnet Mask
60
4
series
Subnet
4
Network Address
Broadcast Address
Network
172.21.63.255
Answer: 172.21.63.255
----------------------------------------------------------------------------------------------------------------------------- ---------Question: Which subnet does host 172.18.62.52/27 belong to?
IP
255.255.255.224
172.18.62.32
256
172.18.62.64
224
Network
32 series
IP
Subnet Mask
Network
172.18.62.32 Network
Answer: 172.18.62.32
CCNA 640-802
Page 7 of 127
32
172.18.62.0
Self Study
VLSM(Variable Length Subnet Mask)
Subnetting a subnet is VLSM.
Router A - 60 hosts
Router B - 25 hosts
Router C - 25 hosts
Router D - 10 hosts
O
b
192.168.0.128/26
192.168.0.64/26
192.168.0.192/26
b
b
192.168.0.144/28
192.168.0.160/28
192.168.0.176/28
L
CCNA 640-802
Page 8 of 127
- -
192.168.0.148/30
192.168.0.152/30
192.168
L
P
Route Summarization or CIDR (Classless Inter-Domain Route)
Supernetting is CIDR
b
b
172.16.64.0
10101100.00010000.01000000.00000000
172.16.65.0
10101100.00010000.01000001.00000000
172.16.66.0
10101100.00010000.01000010.00000000
172.16.67.0
10101100.00010000.01000011.00000000Common bits:
10101100.00010000.010000xx.00000000
CCNA 640-802
Page 9 of 127
172.
Step 2 172.16.68.0
10101100.00010000.01000100.00000000
172.16.69.0
10101100.00010000.01000101.00000000
172.16.70.0
10101100.00010000.01000110.00000000
172.16.71.0
10101100.00010000.01000111.00000000
Common bits: 10101100.00010000.010001xx

172.16.68.0/22
Step 3 -172.16.72.0
10101100.00010000.01001000.00000000
172.16.73.0
10101100.00010000.01001001.00000000
172.16.74.0
10101100.00010000 01001010.00000000
172.16.75.0
10101100.00010000 01001011.00000000
172.16.76.0
10101100.00010000.01001100.00000000
172.16.77.0
10101100.00010000.01001101.00000000
172.16.78.0
10101100.00010000.01001110.00000000
172.16.79.0
10101100.00010000.01001111.00000000
Common bits: 10101100.00010000.01001xxx

172.16.72.0/21
CCNA 640-802
Page 10 of 127
Router Commands
Shortcuts To Entering Commands
Router>enable
Router>en
Command
Short Key
Router#configure terminal
Router#conf t
Tab Key
Command
Router#sh
Router#show
? Question Mark
Command
Router#?
Admin Mode
Command
List
Router#c?
Command
Router#cl?
cl
Command
Router#clock
clock Command
List
clear clock
List
parameters
% Incomplete Command
Router#clock ?
Date/Time
Subcommands
set
Router#clock set 13:56:00 26 July
2012
Enter Key
Command
Date/Time
Command
Router#
Router(config)#clock timezone YGN 0 0
enable Command
Router>enable
User Mode
Admin Mode
Router#
configure terminal Command
Router#configure terminal
Global Configuration Mode
Router(config)#
exit Command
Router#exit
Router>exit
Router(config-if)#exit
Current Mode
Router(config)#
Router(config)#exit
Current Mode
Router#
CCNA 640-802
Page 11 of 127
disable Command
Router#disable
User Mode
Router>
logout Command
Router#logout
exit Command
show Command
Router#show ?
Command
List
Router#show interfaces
Interfaces
Router#show interface serial 0/0
Serial 0/0 interface
Router#show ip interface brief
Interfaces
Router#show controllers serial 0
DCE/DTE
summary
Clock Rate
Router#show clock
*13:56:00 YGN Thu 26 July 2012
Router#show history
command
Router#show flash
Flash memory info
Router#show version
Firmware version
Router#show arp
ARP Table
YGN#show running-config
config file
YGN#show startup-config
config file
YGN#sh users
Line
User
0 con 0
idle
*67 vty 0
idle
Host(s)
Idle
Location
00:04:09
00:00:00 192.168.1.20 Active User
YGN#show ip route
Routing Table
do Command
YGN(config)#do show running-config
Mode
Saving Configuration
YGN#copy running-config startup-config
YGN#write
(Remark-
YGN#copy run tftp
CCNA 640-802
config file
tftp server
Page 12 of 127
running config file
Erasing Configuration
YGN#erase start
NVRAM
startup config file
N
Router(config)#hostname YGN
YGN(config)#
YGN(config)#no hostname
Router(config)#
Router
Restart
YGN#reload
Password
YGN(config)#enable password cisco
Admin Mode
YGN(config)#service password encryption
Password
Type 7
YGN(config)#no service password encryption

YGN(config)#enable secret cisco
Admin Mode
Type 5
console
YGN(config)#line console 0
YGN(config-line)#password console
YGN(config-line)#login
Login o
fastethernet interface
YGN(config)#interface fastethernet 0/0
f0/0 interface
ip
YGN(config-if)#ip address 192.168.1.1 255.255.255.0

YGN(config-if)#description Connect to Account
description
YGN(config-if)#no shutdown
interface
serial interface
YGN(config)#interface serial 0/0
YGN(config-if)#ip address 192.168.1.1 255.255.255.0
YGN(config-if)#description Link to ISP
YGN(config-if)#clock rate 64000
Clock rate
YGN(config-if)#no shutdown
logging synchronous Command
YGN(config)#line con 0
YGN(config-line)#logging synchronous
CCNA 640-802
Command
command
Page 13 of 127
console
information
exec-timeout Command
Console
YGN(config-line)#exec-timeout 0 0
0 0(min sec) console
auto log off

auto log off
YGN(config-line)#
Banner
YGN(config)#banner motd $
------------------------------------------------------------WARNING: This router is the property of Ciscronet Networking Academy. Any unauthorized access is
monitored. Violators will be prosecuted.
------------------------------------------------------------$
Router
YGN(config)#line vty 0 1
telnet user
YGN(config-line)#password telnet
telnet password
YGN(config-line)#login
login o
console port
(eg. 0 4)
user database
YGN(config)#username console secret consoleadmin
Normal User
YGN(config)#username admin privilege 15 secret admin
Admin User
ssh
Router
YGN(config-line)#login local
login
YGN(config-line)#transport input ssh
login
YGN(config)#ip domain-name abc.com
Router
YGN(config)#crypto key generate rsa

The name for the keys will be: YGN.abc.com
Domain Name
Choose the size of the key modulus in the range of 360 to 2048 for
your General Purpose Keys.Choosing a key modulus greater than
512 may take a few minutes.
How many bits in the modulus[512]: 1024
%
b [OK]
YGN>sh users
Line
User
Host(s)
idle
00:02:05
ssh
idle
00:00:32
0 con 0
68 vty 1
Idle
Location
YGN>show tcp brief
CCNA 640-802
Page 14 of 127
DHCP Configuration
YGN(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.20
YGN(config)#ip dhcp pool Account-Dept
YGN(dhcp-config)#network 192.168.1.0 255.255.255.0
Network Scope
YGN(dhcp-config)#default-router 192.168.1.1
Gateway
YGN(dhcp-config)#dns-server 192.168.1.10
DNS Server
YGN(dhcp-config)#netbios-name-server 192.168.1.10
YGN(dhcp-config)#domain-name abc.com
Domain Name
YGN(dhcp-config)#lease 0 1 0
DHCP Reservation
YGN#clear ip dhcp binding
dhcp ip
clear
YGN(config)#ip dhcp pool winxp-1
Reservation Name create
YGN(config-dhcp)#host 192.168.1.200 255.255.255.0
IP
YGN(config-dhcp)#client-identifier 0108.0027.4b84
MAC-Address
YGN(config-dhcp)#client-name winxp1
Computer Name
YGN#clear ip dhcp binding

YGN(config)#ip dhcp pool ubuntu
For Linux Platform
YGN(config-dhcp)#host 192.168.1.200 255.255.255.0

YGN(config-dhcp)#hardware-address 0108.0027.4b84
YGN(config-dhcp)#client-name ubuntu
NTP Server
YGN(config)#ntp-server 192.168.1.10
For Router Security
YGN(config)#login block-for 300 attempts 3 within 10
YGN(config)#login on-success log
Login
YGN(config)#login on-failure log
YGN(config)#logging host 192.168.1.10
Server
YGN(config)#security passwords min-length 10
Password length
CCNA 640-802
Page 15 of 127
log
log
log
DHCP Exercise
Router>en
Admin Mode
Router#conf t
Global Mode
Router(config)#enable secret cisco
Admin Mode
Router(config)#line con 0
Console Configuration
Router(config-line)#login local
User Database
Router(config-line)#exit
Sub Interface
Router(config)#line vty 0 4
Telnet Configuration
Router(config-line)#login local
User Database
Router(config-line)#exit
Sub Interface
Router(config)#username console secret consoleadmin

Router(config)#username telnet secret telnetadmin
Router(config)#int f0/0
Interface f0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
IP
Router(config-if)#no shut
Interface
Router(config-if)#int f0/1
Interface f0/1
IP
Interface
Sub Interface
Router(config)#ip dhcp pool Account-Dept
Account Dept
Router(dhcp-config)#network 192.168.1.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.1.1
Gateway
Router(dhcp-config)#dns-server 192.168.1.10
DNS Server
Router(dhcp-config)#exit
Router(config)#ip dhcp pool Marketing-Dept
Marketing Dept
Gateway
Router(dhcp-config)#dns-server 192.168.1.10
DNS Server
Router(dhcp-config)#exit
CCNA 640-802
Page 16 of 127
Router(config)#ip dhcp excluded-address 192.168.1.1
Address
192.168.1.20
Address

192.168.2.20
Router(config)#end
YGN#sh ip dhcp binding
DHCP List Address
Configure Your Router to Support SDM (Manage with GUI)

Router# configureterminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip http server
For HTTP
Router(config)# ip http secure-server

Router(config)# ip http authentication local
Router(config)# ip http timeout-policy idle 600 life 86400 requests
10000
Router(config)# usernamehttpprivilege 15 secret httpadmin
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
Install the SDM File
http:// IPAddress (or) http://172.28.54.203:2000
SDM Launcher
Router
Router>en
Admin Mode
Router#conf t
Router(config)#hostname YGN
YGN#clock set 4:10:00 July 27 2012
YGN#conf t
CCNA 640-802
Page 17 of 127
YGN(config)#clock timezone YGN 0 0

YGN(config)#int f0/0
Fastethernet interface
YGN(config-if)#ip add 192.168.1.1 255.255.255.0
IP
YGN(config-if)#description For Telnet
Description
YGN(config-if)#no shut
Interface
YGN(config-if)#exit
Sub Interface
YGN(config)#username telnet privilege 15 secret telnet
User Database
YGN(config)#username console secret console

Console Configuration
User Database
User Database
YGN(config-line)#end
Sub Interface
Computer
Router
PC>telnet 192.168.1.1
Router
O
User Access Verification
Username : telnet
Password : ******
Router
YGN#conf t
YGN(config)#username super privilege 15 secret super

User Database
YGN(config-line)#transport input ssh
YGN(config-line)#exit
Sub interface
YGN(config)#ip domain-name abc.com
setting
YGN(config)#crypto key generate rsa

The name for the keys will be: YGN.abc.com
Choose the size of the key modulus in the range of 360 to
2048 for your General Purpose Keys. Choosing a key modulus
greater than 512 may takea few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be nonexportable...[OK]
YGN(config)#
CCNA 640-802
Page 18 of 127
Computer
Router
PC>ssh l super 192.168.1.1
ssh protocol
Open
Password:*****
YGN#
Static Route
Two ways of static route
1.
next-hop address &
2.
exit interface
Static Route
Routing Change
Routing Protocol
small network
Administrator
Router
Router
Routing Table
Change
Admin Distance
Configuring Static Route on a Router

Router(config)#ip route destination-network Subnet-Mask Exit-Interface (or) next-hop address
CCNA 640-802
Page 19 of 127
Exercise( Static Route)
HQ>en
Next-hop IP
HQ#conf t
Route
HQ(config)#ip route 192.168.2.0 255.255.255.0 10.10.10.2
Bandwidth
Static
Data
AD
HQ(config)#ip route 192.168.4.0 255.255.255.0 10.10.10.6 5

B1>en
Exit Interface
B1#conf t
Static
B1(config)#ip route 192.168.0.0 255.255.255.0 Serial0/0/0
Route

B2>en
Static + CIDR
B2#conf t
Routing Table Size
B2(config)#ip route 192.168.0.0 255.255.252.0 10.10.10.5 10

B2(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.5 10
CCNA 640-802
Page 20 of 127
B2(config)#ip route 192.168.0.0 255.255.252.0 10.10.10.9 11

B2(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.9 11
B3>en
B3#conf t
Default Route( type of static)
Default Route
(stub) network
Router(config)#ip route 0.0.0.0 0.0.0.0 exit-interface (or) next-hop IP
Exercise(Static and Default Route)
CCNA 640-802
Page 21 of 127
HQ>en
HQ#conf t
B1>en
B1#conf t
B2>en
B2#conf t
B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0 3
B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/1 2
B3>en
B3#conf t
DHCP Relay Agent
CCNA 640-802
Page 22 of 127
For Server DHCP Scope
HQ(config)#int f0/1
HQ(config-if)#ip helper-address 192.168.0.10
HQ(config-if)#exit
HQ(config)#
B1(config)#int f0/0
B1(config-if)#ip helper-address 192.168.0.10
B1(config-if)#int f0/1
B1(config-if)#exit
B2(config)#int f0/0
B2(config-if)#exit
B2(config)#
B3(config)#int f0/0
B3(config-if)#exit
CCNA 640-802
Page 23 of 127
Router Password Cracking

Configuration register is 0x2102---16 bit register
HEX 0010 0001 0000 0010
NVRAM ignore 0x2142
no service password recovery
1.power off
2.power on
3.press Ctrl+C or Ctrl+Break while booting state
4.Rommon>
5.Rommon>confreg 0x2142
6.Rommon>reset
7.router#copy start run
8.change the password that you forgot
8.1.save the startup-config
9.router(config)#config-register 0x2102
10.router#reload
11.no shutdown command on all shutdown interfaces
CCNA 640-802
Page 24 of 127
CDP-Cisco Discovery Protocol(Network
cisco devices
HQ#sh cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
HQ#sh cdp neighbors
Neighbor Devices
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Br

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform
Switch
Fas 0/0
Switch
156
2950
Port ID
Fas 0/1
Fas 0/1
156
2950
B2
Ser 0/0/1
163
C1841
Fas 0/1
Ser 0/0/0
B3
Ser 0/1/1
163
C1841
Ser 0/0/0
B2
Ser 0/1/0
163
C1841
Ser 0/0/1
B1
Ser 0/0/0
164
C1841
Ser 0/0/0
HQ#sh cdp interface

Vlan1 is administratively down, line protocol is down
Holdtime is 180 seconds
FastEthernet0/0 is up, line protocol is up
Holdtime is 180 seconds
HQ#sh cdp neighbors detail
(or)
Neighbor Device
Information
HQ#sh cdp entry *

HQ(config)#no cdp run
CDP Protocol
HQ(config)#int f0/0
Interface
HQ(config-if)#no cdp enable

HQ(config-if)#int f0/1
HQ(config-if)#no cdp enable
ARP (Address Resolution Protocol)
HQ#sh arp
Protocol Address
FastEthernet Port
Age (min) Hardware Addr Type Interface
Internet 192.168.0.1
- 0007.EC88.C301 ARPA FastEthernet0/0
Internet 192.168.0.10
3 0001.424E.BB2E ARPA FastEthernet0/0
Internet 192.168.1.1
- 0007.EC88.C302 ARPA FastEthernet0/1
CCNA 640-802
Page 25 of 127
CDP
DNS From Server
Server
CCNA 640-802
Page 26 of 127
B1>en
B1#conf t
B1(config)#ip domain-lookup
DNS Server
Record
B1(config)#ip name-server 192.168.0.10
DNS Server IP Address
B1(config)#exit
B2>en
B2#conf t
B2(config)#exit
B3>en
B3#conf t
B3(config)#exit
B3#hq
HQ Router
Translating "hq"...domain server (192.168.0.10)

Trying 192.168.0.1 ...Open
------------------------------------------------------------WARNING: This router is the property of Ciscronet
Networking Academy. Any unauthorized access is
monitored. Violators will be prosecuted.
------------------------------------------------------------User Access Verification
Username: console
Password:
HQ>
Configuration Local Host File For Name to IP
HQ(config)#ip host B1 192.168.2.1
B1(config)#no ip domain-lookup
CCNA 640-802
# domain-lookup
Page 27 of 127
Backup Config File to TFTP Server
YGN>enable
Admin Mode
YGN#copy startup-config tftp
Startup-config file
Address or name of remote host []? 192.168.0.100
Server Address
Destination filename [Router-confg]? Router-config
TFTP Server
TFTP Server
copy
save
Writing startup-config....!!
[OK - 592 bytes]
592 bytes copied in 3.078 secs (0 bytes/sec)
YGN#
Delete Config From Router
YGN#erase startup-config
Restore Config File from TFTP Server
YGN#copy tftp startup-config
TFTP Server
TFTP Server Address
Source filename []? Router-config
TFTP Server
Destination filename [startup-config]?

Accessing tftp://192.168.0.100/Router-config...
Loading Router-config from 192.168.0.100: !
[OK - 487 bytes]
YGN#
CCNA 640-802
Page 28 of 127
File
copy
Filename
Backup Config File to FTP Server
YGN>en
Admin Mode
YGN#conf t
Global Mode
YGN(config)#ip ftp username cisco
FTP
Username create
YGN(config)#ip ftp password cisco
FTP
Password create
YGN(config)#exit
Admin Mode
YGN#copy startup-config ftp
Startup-Config file
FTP Server Address
Destination filename [Router-confg]?Router-ftp
FTP Server
FTP Server
copy
Writing startup-config...
[OK - 531 bytes]
YGN#
Restore Config File from FTP Server
YGN>en
Admin Mode
YGN#conf t
Global Mode
YGN(config)#int f0/0
Interface f0/0
YGN(config-if)#ip add 192.168.0.1 255.255.255.0
IP
YGN(config-if)#no shut
Interface
YGN(config-if)#exit
Sub Interface
YGN(config)#exit
Global Mode
YGN#copy ftp startup-config
FTP Server

Source filename []? Router-ftp
copy
FTP Server Address

FTP Server
Destination filename [startup-config]?

Accessing ftp://192.168.0.100/Router-ftp...
[OK - 531 bytes]
CCNA 640-802
file
Page 29 of 127
Filename
Dual IOS Boot Configuration
YGN#show flash
Flash directory
System flash directory:

File Length Name/status
3 33591768 c1841-advipservicesk9-mz.124-15.T1.bin
2 28282
sigdef-category.xml
1 227537
sigdef-default.xml
[33847587 bytes used, 30168797 available, 64016384 total]

63488K bytes of processor board System flash (Read/Write)
YGN#copy tftp flash
TFTP
IOS
Flash
TFTP Server IP
Source filename []? c1841-ipbase-mz.123-14.T7.bin
IOS Name
copy
Destination filename [c1841-ipbase-mz.123-14.T7.bin]?

YGN#show flash
Flash directory
System flash directory:

File Length
Name/status
3 33591768 c1841-advipservicesk9-mz.124-15.T1.bin
4 13832032 c1841-ipbase-mz.123-14.T7.bin
2 28282
sigdef-category.xml
1 227537
sigdef-default.xml
YGN#show version
Boot
version
System image file is "flash:c1841-advipservicesk9-mz.12415.T1.bin"

YGN(config)#boot system flash c1841-advisk9-mz.124-15.T1.bin
First Boot Flash File for Boot Order
YGN(config)#boot system flash c1841-ipbase-mz.123-14.T7.bin
Second Boot Flash File
YGN(config)#boot system tftp c1841-ipbasek9-mz.124-12.bin
TFTP Server
Boot
192.168.0.100
YGN(config)#do write
Current Configuration
YGN(config)#do reload
Router
CCNA 640-802
Page 30 of 127
Restart
Restore From Console Cable

software
( Hyper Terminal/Tera Term)

Link
Step 1 xmodem
IOS
restore
Remark xmodem console port

zmodem auxiliary port
Router#delete flash and then power off/on
IOS
rommon1#confreg 0x3922
Boot
rommon2#reset
(0x3922)
Router Boot
Console speed
Software
115200
speed
rommon1#xmodem c filename.bin
Do you wish to continue y/n? y
Hyper Terminal
TransferSend File (or)
Tera Term
FileTransferxmodemsend and then browse
File location
Router(config)#line con 0
Console
Router(config-line)#speed 9600
Speed
CCNA 640-802
Page 31 of 127
software
console
Dynamic Route
Routing Protocol
RIP version 2
Advanced Routing Protocol
Large Network
Dynamic Routing Protocol

update
cisco
EIGRP ( Enhanced IGRP) Protocol
Internetwork
Static Route
IS-IS (
IGRP( Interior
developed
BGP (Border Gateway Protocol) Portocol
Routing Information Change

Static Route
Router
CCNA 640-802
support
OSPF (Open Shortest Path First)
Intermediate- System-to-Intermediate System

Gateway Routing Protocol)
1982
Page 32 of 127
neighbors Router
Information
Administrator
IGP protocol
RIP,IGRP,EIGRP,OSPF
Number
IS-IS Protocol
AS(Autonomous System)
BGP Protocol
AS Number
Distance Vector and Link State

Distance Vector - Distance
hop count
Vector
Distance Vector protocol

Information
Routing Information
Vector Protocol
State Protocol
Neighbor Router
Update
Complete View
CCNA 640-802
Update
Page 33 of 127
Distance
Link-State Link
Distance Vector Protocol
Routing Changes (eg. Router

Neighbor
Routing
Information
hop count
Network
( Periodic Update)
N
direction
Distance Vector
Neighbor
Periodic Update
Classful and Classless Routing

Classful Routing Protocol
- RIP and IGRPClassless Support
Protocol
- RIPv2,EIGRP,OSPF
Convergence
Convergence
Routing Information
Network
IGRP Protocol
EIGRP
RIP
OSPF Protocol
Metric
Metric = Distance or hop count (eg. RIP Protocol
hop count
)RIP Hop count for best path

IGRP and EIGRP Bandwidth , Delay , Reliability and Load
IS-IS and OSPF Cost (choose lowest cost)
Load Balancing
Load Balancing
RIP Protocol
Bandwidth
data
Bandwidth
synchronize
data
Administrative Distance
Network
AD
Protocol
AD
Router
EIGRP Network
Routing Protocol Characteristics
Time to Convergence
Scalability
Classless
Resource Usage
CCNA 640-802
Page 34 of 127
AD
Implementation and Maintenance
Routing Protocol Learning Chart
Cold Start Cold Start
Router
Connected Network
Learning
Periodic Update (RIP and IGRP)

RIP
update
Router
30 seconds
Neighbor Router
IGRP
90 seconds
Routing Table
Routing Table
Failure of a link
Introduction of a new link
Failure of a router
Change of link parameters
RIP Timers
Invalid Timer Router
Flush Timer Router

Route
30s
Update
60s (240s default)
invalid
Update
Routing Table
Holddown Timer Neighbor Router
Network down
show ip route (or) sh ip protocols command
CCNA 640-802
180s (default)
Page 35 of 127
Routing Loop
180s
update receive time
Bounded Update
EIGRP Protocol
EIGRP
Distance Vector Routing Protocol
Bounded Update
Partial Update
Periodic Update
Network
active
Network
neighbors
update
neighbor routers
update
EIGRP
Triggered Update
Triggered Update
update
Network
down
Neighbor Routers
update
Synchronized Update
synchronized update
update
Routers
Neighbor Routers
data
Routing Loop
R3 Router
N
R2 Router
R3
down
Packet
R3
R2
Periodic update
R2
R1 Router
Network 10.4.0.0
Data
R3
CCNA 640-802
R2
Routing Table Update
Interface s0/0/1
R3
Triggered update
Routing Table Update
Network
R3
R3 Table
Neighbor Router R2
R2
Interface s0/0/1
Page 36 of 127
Data
Interface s0/0/1
Data
data
Routing Loop
Count to Infinity
Holddown Timer
Split Horizontal Rule
Route Poisoning
Poison Reverse
Default TTL
RIPv1(Routing Information Protocol Version 1)
distance vector routing protocol
uses hop count for its path selection
hop counts greater than 15 are

unavailable
messages are broadcast send every 30

seconds.
CCNA 640-802
Page 37 of 127
Exercise 1.
R1(config)#router rip
RIP Protocol
Network
Update
Interface
R1(config-router)#network 192.168.1.0
R1(config-router)#passive-interface f0/0
Related Commands
R1#sh run | sec router
router rip
passive-interface FastEthernet0/0
network 192.168.1.0
network 192.168.2.0
CCNA 640-802
Page 38 of 127
R1#sh ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 17 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 1, receive any version
Interface
Send Recv Triggered RIP Key-chain
Serial0/0
12
Automatic network summarization is in effect

Maximum path: 4
Routing for Networks:
192.168.1.0
192.168.2.0
Passive Interface(s):
FastEthernet0/0
Routing Information Sources:
Gateway
Distance
192.168.2.2
120
Last Update
00:00:07
Distance:
(default is
120)
R1#sh ip route rip
R
192.168.4.0/24 [120/1] via 192.168.2.2, 00:00:01, Serial0/0
192.168.5.0/24 [120/2] via 192.168.2.2, 00:00:01, Serial0/0
192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:01, Serial0/0
R1#sh ip route 192.168.5.0 (Network Address)

Routing entry for 192.168.5.0/24
Known via "rip", distance 120, metric 2
Redistributing via rip
Last update from 192.168.2.2 on Serial0/0, 00:00:15 ago
Routing Descriptor Blocks:
* 192.168.2.2, from 192.168.2.2, 00:00:15 ago, via Serial0/0
Route metric is 2, traffic share count is 1
R1(config-router)#distance 100( AD
-
CCNA 640-802
change
Page 39 of 127
Exercise 2.
PN
Route
R3
ISP Router
R2
Distribute
CCNA 640-802
Page 40 of 127
RIP Network
Default
R3
R2
ISP
Router
172.30.0.0/22 Network
RIP Network Router R1
R3(config)#no router rip
R2
R3(config)#ip route 172.30.0.0 255.255.252.0 s0/0
172.30.0.0/22 Network
static route
R2(config-router)#no network 192.168.4.0
ISP Default Route
R2(config-router)#passive-interface s0/1
RIP update
R2(config-router)#exit
Configuration
R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1
ISP
ISP
R2(config-router)#default-information originate
RIP
Default Route
RIP
Default Route
Border Router (Network
Router
RIP Network
RIP
Router)
Router
Router
default router
default router
RIP v2 ( Routing Information Protocol 2)

RIPv1
subnet mask
address field
auto summary
eg. 172.16.0.0/22
network
VLSM
classful
172.16.0.0/16
subnet mask
support
auto summary
VLSM,CIDR
Discontinuous Network
support
Discontinuous Network R2
CCNA 640-802
Network
summarized
Page 41 of 127
routing table size
RIPv2
subnet mask
Discontinuous Network
Data
support
RIPv1
support
RIPv2
support
auto summary
M
Exercise 3.
R1(config-router)#version 2
R1(config-router)#no auto-summary
CCNA 640-802
VLSM,CIDR
Page 42 of 127
VLSM Network
-
Internet
R2(config)#ip route 192.168.0.0 255.255.0.0 null 0
Network
RIP Network
R2(config-router)#redistribute static
(Remark: For Test)
Static
R3(config)#int lo 1
Loopback Interface
R3(config-if)#ip add 172.20.0.1 255.255.255.252
IP Address
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 lo 1
RIP Configuration
Default Route
CCNA 640-802
Page 43 of 127
RIP
create
#for test
EIGRP (Enhanced Interior Gateway Routing Protocol)

-
Type of Distance Vector
Features of EIGRP
-
Balance Hybird Protocol / Advanced Distance Protocol
Reliable Transport Protocol (RTP)

-
Bounded Updates
Diffusing Update Algorithm ( DUAL)
Establishing Adjacencies
Neighbor and Topology Tables
CCNA 640-802
Page 44 of 127
EIGRP Message Format include

-
Hello
- Hello packets
multicast
Bandwidth (1.544 Mbps)
Update - Update packets
CCNA 640-802
60s
neighbors
T1
Hello packets
b
Page 45 of 127
5s
T1
Query & Reply Query
Network
down
Query
EIGRP Protocol
protocol
support
EIGRP
TCP/IP
Table
Neighbors Table
N
CCNA 640-802
down
Path
Topology Table
Routing Table
Routing path
Neighbors Table,Topology Tables

N
TCP/IP,IPX
best path
Topology Table
Page 46 of 127
Backup path
Apple Talk
Routing Table
b
backup path
EIGRP Protocol
Transport Layer
Modules
TCP/IP,IPX
AppleTalk
Module
Layer
PDM ( Protocol Dependent Modules)
PDM Modules
support
DUAL Algorithm
Router
Network
Neighbor Routers
Acknowledge
Down
Neighbors Router
Update Packets
Router
Neighbors
Neighbor Router
Reply
Network
b
(Convergence State)
Administrative Distance
Internal EIGRP 90
External EIGRP 170
Summary EIGRP Route 5
CCNA 640-802
Update Packets
Page 47 of 127
Query Packets
Authentication
Authentication
authenticate
Router
Router
Authenticate(same
EIGRP
Max Hop
255
Router
R1(config)#router eigrp AS-Number

R1(config-router)#network w.x.y.z subnet-mask
R1(config-router)#network w.x.y.z wildcast-mask
CCNA 640-802
Page 48 of 127
Max Path
Exercise 1.
R1(config)#router eigrp 10
Classful
#absent null 0 route path
R1(config)#int s0/0
R1(config-if)#bandwidth 64
R1(config-if)#int s0/1
R2(config-router)#network 172.16.3.0 255.255.255.252
R2(config)#int s0/0
Interface serial 0/0
Bandwidth
R3(config)#int s0/0
CCNA 640-802
auto summarized
Page 49 of 127
EIGRP Composite Metric and K values
Bandwidth=107/mini BW(K) * 256

Delay= Total Delay/10 * 256
Delay Values in Microseconds
Router#sh ip eigrp topology w.x.y.z

cost
Router(config)#router eigrp 10
Router(config-router)#metric weights 0 1 0 0 0 0 0
Delay
tos(default 0)
CCNA 640-802
Page 50 of 127
Bandwidth
DUAL Concepts
Successor ( Main Path)
Feasible Successor ( backup path)
Feasible Distance
Feasible Condition
Reported Distance ( Router
Network
)
Fesible Distance (Metric) and Successor (Gateway)
CCNA 640-802
Page 51 of 127
Neighbors Router
Fesible Distance
Next Hop Address

for Successor
Reported Distance
Next Hop Address

for Fesible Successor
Router#debug eigrp fsm
Dual update
Router#sh ip eigrp topology
Topology Table
Router#sh ip eigrp neighbors
Neighbors Table
Router#sh ip eigrp topology all-links
Topology Table
Default Route
Routing Path
EIGRP

Router
Route
R2(config-router)#redistribute static
R2(config)#ip default-network 10.0.0.0
Network
R2(config-router)#auto-summary
CCNA 640-802
Auto summary
Page 52 of 127
Classful
Manual Summarization
R3(config-route)#exit
R3(config)#int lo 0
R3(config-if)#ip add 192.168.0.1 255.255.255.0
R3(config)#int lo 2
R3(config-if)#ip add 192.168.2.1 255.255.255.0
R3(config)#int lo 3
R3(config-if)#ip add 192.168.3.1 255.255.255.0
R3(config)#int s0/0
Interface
R3(config-if)#ip summary-address eigrp 10 192.168.0.0 255.255.252.0
Manual Summarization
R3(config)#int s0/0
R3(config-if)#ip summary-address eigrp 10 192.168.0.0 255.255.252.0
CCNA 640-802
Page 53 of 127
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.10.0/30 is subnetted, 2 subnets
C
192.168.10.4 is directly connected, Serial0/1
192.168.10.8 [90/2681856] via 192.168.10.6, 01:00:20, Serial0/1

[90/2681856] via 172.16.3.2, 01:00:20, Serial0/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
172.16.1.0/24 is directly connected, FastEthernet0/0
172.16.2.0/24 [90/2172416] via 172.16.3.2, 01:00:20, Serial0/0
C
D
172.16.3.0/30 is directly connected, Serial0/0

192.168.0.0/22 [90/2172416] via 192.168.10.6, 00:00:12, Serial0/1
R1#
CCNA 640-802
Page 54 of 127
Link State Routing Protocol
Link-State Routing Process

1.
Link-State Routing Protocol
2.
3.
Connected Network
Hello packets
Neighbors
Link-State Router
learns
Connected Networks
Connected Networks
4.
LSP (Link State Packet)
Neighbor Routers
5.
Routers
LSP
Network
Routers
Network
Topology map
Advantages Of Link-State Routing Protocol
1.
Routers
2.
Network
Topology Map
Routers
Flood
Network Convergence( Network
)
3.
Distance Vector Protocols
Periodic Update
LSP
Routers
4.
Mutiple Areas
Network
Requirement s Of a Link-State Routing Protocol

Link-State Routing Protocols
Network
CPU,Memory
Multiple Areas
Areas
Routing
Bandwidth
Routers
LSP Flooding
Resources
CCNA 640-802
Page 55 of 127
OSPF (AD 110)
OSPF Link-State Update Link-state Update Packets

Link-state Update Packets
CCNA 640-802
O P
Link-State Advertisements ( LSAs)
Page 56 of 127
OSPF Algorithm - OSPF Router
Routers
Link-State Database
(SPF)
SPF Tree
LSAs ( Link State Advertisement)

OSPF
SPF Tree
IP Routing Table
OSPF Packet Type
Router(config)#router ospf process-id

Router(config-router)#network w.x.y.z wildcast-mask area 0
CCNA 640-802
Page 57 of 127
Exercise
R1(config)#no logging console
Command
interrupt
R1(config)#router ospf 1
R1(config-router)#network 172.16.1.16 0.0.0.15 area 0
CCNA 640-802
Page 58 of 127
Network
Bandwidth
Before define bandwidth
R1-R2(10.10.10.0)
R1(config)#int s0/0
R2(config)#int s0/0
R3(config)#int s0/0
After Define Bandwidth

R1-R3-R2(10.10.10.0)
AD
Cost
CCNA 640-802
AD
Cost
Page 59 of 127
Cost
R1-R3-R2(10.10.10.0)
Cost= 108/BW(bps)+108/BW(bps)
Cost=108/1544*103+ 108/1024*103 + 108/100*106
=162
OSPF Cost Metric
Bandwidth 100MB
support
R1(config-router)#auto-cost reference-bandwidth ?
<1-4294967> The reference bandwidth in terms of
Mbits per second
R1(config-router)#auto-cost reference-bandwidth
10000
Admin
cost
R1-R3-R2(10.10.10.0)
CCNA 640-802
Page 60 of 127
108
1010
R1(config)#int s0/0
R1(config-if)#ip ospf cost 16200
R2(config)#int s0/0
R2(config-if)#ip ospf cost 16200
R1-R2(10.10.10.0)
R1#sh ip ospf neighbor
Router ID
1.
2.
Loopback Interface
3.
Physical IP
Router-ID
R1(config)#int lo 0
R1(config-if)#ip add 192.168.11.11 255.255.255.255
R2(config)#int lo 0
R2(config-if)#ip add 192.168.11.22 255.255.255.255
R3(config)#int lo 0
R3(config-if)#ip add 192.168.11.33 255.255.255.255
Router-ID
CCNA 640-802
Point to Point
-Time(Default 40s)
Page 61 of 127
Router-ID Command
R1(config-router)#router-id 1.1.1.1
Reload or use "clear ip ospf process" command, for this to take effect
R1(config-router)#end
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: y
R1#
R2#
R3#
CCNA 640-802
Page 62 of 127
R1
Default Route
R1(config)#int lo 1
R1(config-if)#ip address 172.20.0.1255.255.255.252
R1(config-if)#exit
CCNA 640-802
Page 63 of 127
Default Type E2
metric
Type E1
R1(config-router)#default-information originate metric-type 1
R1(config-router)#
Virtual Link Exercise
CCNA 640-802
Page 64 of 127
E1
O P

IA(International Area)
Loopback Interface
Area
Network
Classful
R1(config)#int lo 1
R1(config-if)#ip ospf network point-to-point
R2(config)#int lo 2
R3(config)#int lo 3
R3(config)#int lo 100
R3(config-if)#int lo 101
CCNA 640-802
Page 65 of 127
Virtual Link Area
Network
Route
Main Area (area 0)
Main Area
Route
Router
Virtual Link
Router-Id
R1#
R2#conf t
R2(config-router)#area 23 virtual-link 3.3.3.3
R3(config)#end
R3#
R3(config-router)#area 23 virtual-link 2.2.2.2
Virtual Link
CCNA 640-802
R3
Network
R1
Page 66 of 127
Network
Area
Virtual Link
R3
Loopback Interface
Route Summarize
R3(config-router)#area 100 range 192.168.100.0 255.255.252.0
Multiaccess Network
Multiaccess Network
Shared Media
Devices
OSPF defines five network types
Point-to-Point
Boradcast Multiaccess
Nonbroadcast Multiaccess (NBMA)
Point-to-multipoint
Virtual links
CCNA 640-802
Page 67 of 127
Designated Router( DR )
OSPF Multiple access networks
Router
DR
Router
BDR
Router
BDR
DR
Network
LSA
DR Router
DR
Routers
Priority
( Multiaccess Network
Point-to-Point Network
Router
Routers
Router_ID
Exercise
R1(config)#int f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
CCNA 640-802
Page 68 of 127
Router Priority
LSA
R2(config)#int f0/0
R2(config-if)#ip add 192.168.1.2 255.255.255.0
R2(config-if)#exit
R3(config)#int f0/0
R3(config-if)#ip add 192.168.1.3 255.255.255.0
R3(config-if)#int f0/1
R3(config-if)#ip add 192.168.2.3 255.255.255.0
R3(config-if)#exit
R4(config)#int f0/0
R4(config-if)#ip add 192.168.1.4 255.255.255.0
R4(config-if)#exit
R5(config)#int f0/0
R5(config-if)#ip add 192.168.2.5 255.255.255.0
R5(config-if)#exit
R3
CCNA 640-802
192.168.1.3
192.168.2.3
Page 69 of 127
IP
192.168.2.3
ID
R1#sh ip ospf interface brief
R1#sh ip ospf int f0/0
Router ID
CCNA 640-802
Loopback Address
DR, BDR
Page 70 of 127
Router
Network
Router
DR
Router down
DROTHER
Routers
DR, BDR
Router
Priority
R1(config)#int lo 0
R1(config-if)#ip add 111.111.111.1 255.255.255.255
R1(config-if)#
R2(config)#int lo 0
R2(config-if)#ip add 111.111.111.2 255.255.255.255
R2(config-if)#
R3(config)#int lo 0
R3(config-if)#ip add 111.111.111.3 255.255.255.255
R3(config-if)#
R4(config)#int lo 0
R4(config-if)#ip add 111.111.111.4 255.255.255.255
R4(config-if)#
R5(config)#int lo 0
R5(config-if)#ip add 111.111.111.5 255.255.255.255
R5(config-if)#
R6(config)#int f0/0
R6(config-if)#ip add 192.168.1.6 255.255.255.0
R6(config-if)#ip add 111.111.111.6 255.255.255.255
R6(config-if)#exit
R6
Project
CCNA 640-802
Router ID
Page 71 of 127
BDR
Priority
( 0-255)
R3(config)#int f0/0
R3
Network
DR
Priority
R3(config-if)#ip ospf priority 200

R2(config)#int f0/0
Router
Priority
BDR
DR
R1(config)#int f0/0
R6(config)#int f0/0
Performance
Priority
RIP
Router
O P
CCNA 640-802
Page 72 of 127
DR, BDR
R1(config)#int lo 0
Lookback address
R1(config-if)#
R2(config)#int lo 0
R2(config-if)#exit
RIP Protocol
R2(config-router)#redistribute ospf 1 metric ?

<0-16>
Default metric
transparent Transparently redistribute metric

R2(config-router)#redistribute ospf 1 metric 3
CCNA 640-802
metric
OSPF
Redistribute
count
hop count
Page 73 of 127
hop
OSPF Protocol
R2(config-router)#redistribute rip subnets
cost
rip
R2(config-router)#redistribute rip subnets metric-type 1
subnets
R2(config-router)#
default
E1
R3(config)#int lo 0
CCNA 640-802
metric
Page 74 of 127
EIGRP
O P
Reliability
R2(config-router)#redistribute ospf 1 metric 1544 20000 255 1 1500MTU

BW Delay
Load
R2(config-router)#redistribute eigrp 10 subnets
Switching Commands
CCNA 640-802
Page 75 of 127
? command (help)
Switch>?
User mode
command
Command Modes
Switch>
User Mode
Switch>enable
Privilege Mode (or) Admin Mode
Switch#exit
<or>
User Mode
Switch#disable
Switch#configure terminal
show Commands
Switch#sh mac address-table
Mac Address Table
Switch#clear mac address-table
Mac Address Table
Switch#show running-config
Switch#show startup-config
clear
save
Configuration
Setting host name Command

Switch#configure terminal
Global Mode
Switch(config)#hostname S1
Password
Switch(config)#enable password cisco
Admin Mode
Switch(config)#enable secret cisco
Admin Mode
Switch(config)#line console 0
Console port
Switch(config-line)#login local
User database
Switch(config-line)#exit
Sub Interface
Switch(config)#line vty 0 4
Telnet
User database
Sub Interface
password
login
password
login
VLAN Command
Switch(config)#vlan 10
VLAN database
Switch(config-vlan)#name Account
VLAN
Switch(config-vlan)#exit
VLAN database
Switch(config)#interface f0/1
(or)
Interface f0/1
VLAN
Switch(config)#interface range f0/1 3
Interface f0/1
f0/3
Switch(config)#switchport mode access
Dynamic Type to Static
Switch(config)#switchport access vlan 10
Switchport
VLAN 10
Exercise
CCNA 640-802
Page 76 of 127
VLAN
Port Security
PC1
PC4
Switch>en
Admin Mode
Switch#sh mac address-table
Mac Address Table
Mac Address Table

------------------------------------------Vlan
----
Mac Address
-----------
Type
--------
Ports
-----
0002.4a52.27bd
DYNAMIC
Fa0/2
000b.beac.acd4
DYNAMIC
Fa0/3
00d0.5849.4426
DYNAMIC
Fa0/1
Switch#conf t
Switch(config)#hostname S1
Switch
S1(config)#enable secret cisco
Global Mode
S1(config)#int range f0/1 - 3
Port range
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport port-security
Port-Security
S1(config-if-range)#switchport port-security ?
Port-Security
host
Password
Command
mac-address Secure mac address

maximum
violation
Max secure addresses

Security violation mode
S1(config-if-range)#switchport port-security maximum ?

<1-132> Maximum addresses
S1(config-if-range)#switchport port-security maximum 1
Port
Mac Address 1
S1(config-if-range)#switchport port-security mac-address ?

H.H.H 48 bit mac address
sticky Configure dynamic secure addresses as sticky
S1(config-if-range)#switchport port-security mac-address sticky
S1(config-if-range)#switchport port-security violation ?
CCNA 640-802
Page 77 of 127
Mac
Security Mode
protect Security violation protect mode

restrict Security violation restrict mode
shutdown Security violation shutdown mode
S1(config-if-range)#switchport port-security violation shutdown
Mac Table
Address
S1(config-if-range)#end
S1#sh port-security address
Sticky Mac Address
Secure Mac Address Table

------------------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
---
-----------
----
00D0.5849.4426
SecureSticky
FastEthernet0/1
0002.4A52.27BD SecureSticky
FastEthernet0/2
000B.BEAC.ACD4 SecureSticky
FastEthernet0/3
(mins)
-----
-------------
-----------------------------------------------------------------------------Total Addresses in System (excluding one mac per port)
:0
Max Addresses limit in System (excluding one mac per port) : 1024
S1#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count)
(Count)
(Count)
-------------------------------------------------------------------Fa0/1
Shutdown
Fa0/2
Shutdown
Fa0/3
Shutdown
----------------------------------------------------------------------
CCNA 640-802
Page 78 of 127
Port Security
Violation Count
port shutdown
S1#sh port-security
PC1
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Violation Count 1
Action
(Count)
(Count)
(Count)
-------------------------------------------------------------------Fa0/1
Shutdown
Fa0/2
Shutdown
Fa0/3
Shutdown
Port
S1#sh port-security interface f0/1

Port Security
: Enabled
Port Status
: Secure-shutdown
Violation Mode
: Shutdown
Aging Time
: 0 mins
Aging Type
: Absolute
SecureStatic Address Aging : Disabled

Maximum MAC Addresses
:1
Total MAC Addresses
:1
Configured MAC Addresses
:0
Sticky MAC Addresses
:1
Last Source Address:Vlan
: 00E0.A377.D11D:1
Security Violation Count
:1
S1#conf t
S1(config)#int f0/1
S1(config-if)#shutdown
S1(config-if)#no shut
Switch
CCNA 640-802
Password
Page 79 of 127
PC4
port shutdown
Router
Router>en
Admin Mode
Router#conf t
G b

Interface f0/0
Interface
Sub Interface
Interface f0/1
Interface
Sub Interface
Router(config)#exit
Global Mode
Router#write
Switch
Switch>en
Admin Mode
Switch#conf t
Admin Mode
Switch(config)#line con 0
Console
pas
P
Sub Interface
Switch(config)#username console secret consoleadmin
User Account
cretate
Switch(config)#username telnet secret telnetadmin

Switch(config)#interface vlan 1
Switch(config-if)#ip add 192.168.1.5 255.255.255.0
Switch
IP
Switch(config-if)#no shut
Switch(config-if)#exit
Sub Interface
Telnet
Switch(config)#ip default-gateway 192.168.1.1
Switch(config)#do write
Sub Interface
Netwrok
Building configuration...
[OK]
Switch 1
PC>telnet 192.168.2.5
Trying 192.168.2.5 ...Open
User Access Verification
Username:
CCNA 640-802
Page 80 of 127
Switch Password Cracking
1.Power Off
Putty
setting
2.Power On,press Mode button while boot and them
Mode button
prompt switch:
switch:
3.Enter swtich:flash_init
flash_init Command
Switch
Power
Power
4.Enter switch:dir flash:

5.Enter switch:rename flash:config.text flash:config.old
config.text file
Enter switch:dir flash:

6.Enter switch:boot
Switch
Restart
7. Switch>en
Switch#copy flash:config.old running-config
Config file
And then password reset for your switch
Setting
copy
password
VLAN Trunking
1.
ISL (InterSwitch Link)
2.
IEEE 802.1q
(not today used)
Native Vlan
Vlan Database Create
Switch(config-vlan)#name native
Switch(config)#interface fastethernet0/1
Interface f0/1
Switch(config-if)#switchport mode trunk
Trunk Port
Switch(config-if)#switchport trunk native vlan 99
Trunk Link
Switch(config-if)#switchport trunk allowed vlan vlanname
CCNA 640-802
Page 81 of 127
N
vlan
VLAN Hopping
VLAN hopping is a computer security exploit, a method of attacking networked resources on a Virtual
LAN(VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain
access to traffic on other VLANs that would normally not be accessible. There are two primary methods of
VLAN hopping: switch spoofing and double tagging. Both attack vectors can be easily mitigated with proper
switchport configuration.
Switch spoofing
In a switch spoofing attack, an attacking host imitates a trunking switch by speaking the tagging and trunking
protocols (e.g. Multiple VLAN Registration Protocol, IEEE 802.1Q, VLAN Trunking Protocol) used in maintaining
a VLAN. Traffic for multiple VLANs is then accessible to the attacking host.
Mitigation
Switch spoofing can only be exploited when interfaces are set to negotiate a trunk. To prevent this attack on
Cisco IOS, use one of the following methods[1]:
1. Ensure that ports are not set to negotiate trunks automatically.
Switch(config-if)# switch trunk nonegotiate
2. Ensure that ports that are not meant to be trunks are explicitly configured as access ports
Switch(config-if)# switch mode access
Double tagging
In a double tagging attack, an attacking host connected on a dot1q interface prepends two VLAN tags to
packets that it transmits. The packet (which corresponds to the VLAN that the attacker is really a member of)
is forwarded without the first tag, because it is the native VLAN. The second (false) tag is then visible to the
second switch that the packet encounters. This false VLAN tag indicates that the packet is destined for a target
host on a second switch. The packet is then sent to the target host as though it originated on the target VLAN
bypassing the network mechanisms that logically isolate VLANs from one another. However, this attack allows
to send packets toward the second switch, but possible answers are not forwarded to the attacking host.
Mitigation
Double Tagging can only be exploited when switches use "Native VLANs" [2]. Ports with a specific access VLAN
(the native VLAN) don't apply a VLAN tag when sending frames, allowing the attacker's fake VLAN tag to be
CCNA 640-802
Page 82 of 127
read by the next switch. It is always good practice to do one of the following (With sample IOS interface
configuration):
1. Simply do not put any hosts on VLAN 1 (The default VLAN). i.e., assign an access VLAN other than VLAN 1
to every access port
Switch(config-if)# switch access vlan 2
2. Change the native VLAN on all trunk ports to an unused VLAN ID.
Switch(config-if)# switchport trunk native vlan 999
3. Explicit tagging of the native VLAN on all trunk ports.
Switch(config-if)# switchport trunk native vlan tag
Example
As an example of a double tagging attack, consider a secure web server on a VLAN called VLAN1. Hosts on
VLAN1 are allowed access to the web server; hosts from outside the VLAN are blocked by layer 3 filters. An
attacking host on a separate VLAN, called VLAN2, creates a specially formed packet to attack the web server.
It places a header tagging the packet as belonging to VLAN2 on top of another header tagging the packet as
belonging to VLAN1. When the packet is sent, the switch on VLAN2 sees the VLAN2 header and removes it,
and forwards the packet. The VLAN2 switch expects that the packet will be treated as a standard TCP packet
by the switch on VLAN1. However, when the packet reaches VLAN1, the switch sees a tag indicating that the
packet is part of VLAN1, and so bypasses the layer 3 handling, treating it as a layer 2 packet on the same
logical VLAN. The packet thus arrives at the target server as though it was sent from another host on VLAN1,
ignoring any layer 3 filtering that might be in place.
CCNA 640-802
Page 83 of 127
VLAN - 802.1Q ( Inter vlan routing with Router) Exercise 1
Switch 1 to 5
Switch>en
Admin Mode
Switch#conf t
Global Mode

VLAN Database 10
Switch(config-vlan)#name HR
VLAN Database
Switch(config-vlan)#vlan 20
VLAN Database 20
Switch(config-vlan)#name Sale
VLAN Database
VLAN Database 30
Switch(config-vlan)#name Manager
VLAN Database
VLAN Database 40
Switch(config-vlan)#name Account
VLAN Database
VLAN Database 50
Switch(config-vlan)#name Operation
VLAN Database
VLAN Database 60
Switch(config-vlan)#name Security
VLAN Database
Name
Name
Name
Name
Name
Name
Switch(config)#
Switch(config)#int f0/2
Interface f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Port Security
Switch(config-if)#switchport port-security violation protect
CCNA 640-802
Page 84 of 127
vlan
Switch(config-if)#switchport access vlan 10
VLAN 10
Switch(config-if)#int f0/3
Interface f0/1
Switch(config-if)#switchport mode trunk
Trunk L
Switch(config-if)#int range f0/8 - 24
Interface Range f0/8
f0/24
Switch(config-if-range)#shutdown
Port
Shutdown
Router
Router>en
Router#conf t
Interface f0/0
Router(config-if)#no shutdown
Interface
Router(config-if)#int f0/0.10
F0/0
Router(config-subif)#encapsulation dot1Q 10 (vlan name)
VLAN
Router(config-subif)#ip add 192.168.10.1 255.255.255.0

Router(config-subif)#int f0/0.20
CCNA 640-802
Page 85 of 127
subinterface create
dot1Q
Route
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#exit
Excluded Address
192.168.10.10
192.168.20.10
192.168.30.10
192.168.40.10
192.168.50.10
192.168.60.10
Router(config)#ip dhcp pool vlan10
Router(dhcp-config)#ip dhcp pool vlan20
VLAN

CCNA 640-802
Page 86 of 127
PP

Intervlan Routing with Layer3 Switch (Routing with virtual interface lan)
L3(config)#vlan 10
Vlan
L3(config-vlan)#name Account
L3(config-vlan)#vlan 20
L3(config-vlan)#name HR
L3(config-vlan)#name Native_Trunk
L3(config-vlan)#exit
L3(config)#int range f0/1-2
Interface f0/1&f0/2
L3(config-if-range)#switchport trunk encapsulation dot1q
dot1q trunk
L3(config-if-range)#switchport mode trunk
Trunk mode
L3(config-if-range)#switchport trunk native vlan 99
Trunk Link
L3(config-if-range)#switchport trunk allowed vlan 10,20
enable
N
Vlan 10,20
L3(config-if-range)#exit
L3(config)#int vlan 10
Virtual Interface 10
L3(config-if)#ip add 192.168.10.1 255.255.255.0
Route
L3(config-if)#int vlan 20
L3(config-if)#ip add 192.168.20.1 255.255.255.0
L3(config-if)#exit
L3(config)#ip routing
Vlan
L3(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.20
IP Addresses
CCNA 640-802
Page 87 of 127
IP
L3(config)#ip dhcp pool vlan10
Vlan
L3(dhcp-config)#network 192.168.10.0 255.255.255.0

L3(dhcp-config)#default-router 192.168.10.1
L3(dhcp-config)#ip dhcp pool vlan20
L3(dhcp-config)#exit
SW1(config)#vlan 10
SW1(config-vlan)#name Account
SW1(config-vlan)#vlan 20
SW1(config-vlan)#name HR
SW1(config-vlan)#name Native_Trunk
SW1(config-vlan)#exit
SW1(config)#int f0/5
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk native vlan 99
SW1(config-if)#switchport trunk allowed vlan 10,20
SW1(config-if)#int range f0/1-2
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 20
SW1(config-if-range)#int range f0/3-4
SW1(config-if-range)#exit
SW2(config)#vlan 10
SW2(config-vlan)#name Account
SW2(config-vlan)#name HR
SW2(config-vlan)#name Native_Trunk
SW2(config-vlan)#exit
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport trunk native vlan 99
SW2(config-if)#switchport trunk allowed vlan 10,20
SW2(config-if)#int range f0/1-2
SW2(config-if-range)#int range f0/3-4
CCNA 640-802
Page 88 of 127
DHCP Scope
Dynamic Trunking Protocol (DTP)

P
P
b
Switch(config)#int f0/1
Interface f0/1
Switch(config-if)#switchport mode dynamic desirable
Trunk Link
Neighbors Interface
b
Interface
Trunk
Switch(config-if)#switchport mode dynamic auto
Neighbors Interface
Switch(config-if)#switchport nonegotiate
DTP
Interface
Trunk
VLAN Trunking Protocol

Switch(config)#vtp mode server
Default
Switch
VTP Server Mode

Switch(config)#vtp mode client
VTP Client Mode
Switch(config)#vtp mode transparent
VTP Transparent Mode
VTP Server
VTP Server
Client
Switch(config)#no vtp mode
CCNA 640-802
Default Server Mode
Page 89 of 127
Switch(config)#vtp domain domain-name
Domain-name
1-32 Characters
Remark-
Switch
domain-name
password
Communicate
Switch(config)#vtp password p@ssw0rd
Switch(config)#vtp pruning
Enable VTP pruning

Default
Mode 1
VTP Server
Enable
VTP pruning function use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown,
and flooded unicast packets. VTP pruning save and increases available bandwidth by restricting flooded traffic
to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP
pruning is disabled. VTP pruning does not prune traffic from VLANs that are pruning-ineligible.
What VTP Pruning does,
VLAN 1(default) is always pruning-ineligible, meaning traffic from VLAN 1 cannot be pruned in any
situation.
Pruning eligibility is based only on the VLANs that need the given broadcast information across the
trunks. It is not related with the number of ports assigned to that VLAN.
VTP Pruning does not change, add, or delete the VLANs in a VTP domain, it simply reduces the
broadcast and multicast traffic.
VTP version 2 and VTP version 1 are not interoperable on network devices in the same
VTP domain. Every network device in the VTP domain must use the same VTP version.
Do not enable VTP version 2 unless every network device in the VTP domain supports
version 2.
Switch#show vtp status
VTP Configuration
Switch#show vtp counters
VTP Couters
VTP Advertisements
Summary advertisements VTP Server
Clients
5min
Configuration Rivision no. Count
Creating or deleting a VLAN

Suspending or activating a VLAN
Changing the name of a VLAN
Changing the MTU of a VLAN
CCNA 640-802
P
sent
Subset advertisements VTP information
Request Advertisements- VTP Client
update
VTP Server
Page 90 of 127
Remark- VTP
No
Revision No
Switch
VTP Server Switch
Network
L N
Update
b
Revision
VLAN Exercise-2 (Intervlan Routing With Layer3 Switch)
Layer3 Switch
Switch(config)#hostname L3
L3(config)#int range f0/1-2
L3(config)#vtp mode server
L3(config)#vtp domain cisco
VTP Configuration
L3(config)#vtp password cisco

L3(config)#vlan 10
L3(config-vlan)#name Sale
L3(config-vlan)#name Manager
VLAN creation & define
description
L3(config-vlan)#name Operation
L3(config-vlan)#name Security
L3(config)#vlan 99
L3(config-vlan)#name Native_Trunk
CCNA 640-802
Page 91 of 127
L3(config-if-range)#int range f0/1-2
Interface f0/1 & f0/2
native

L3(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 Allow
vlan
L3(config)#int vlan 10
L3(config-if)#ip add 192.168.10.1 255.255.255.0
L3(config-if)#ip add 192.168.20.1 255.255.255.0
L3(config-if)#ip add 192.168.30.1 255.255.255.0
Define Ip address for virtual
L3(config-if)#ip add 192.168.40.1 255.255.255.0
interface Intervlan Routing
L3(config-if)#ip add 192.168.50.1 255.255.255.0
L3(config-if)#ip add 192.168.60.1 255.255.255.0
L3(config-if)#exit
L3(config)#int f0/3
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 10
L3(config-if)#int f0/4
CCNA 640-802
Page 92 of 127

L3(config-if)#int range f0/9-24
L3(config-if-range)#shutdown
L3(dhcp-config)#exit
Layer2 Switch
(SW2 Configuration
Switch(config)#hostname SW2
SW2(config)#int range f0/1-2
SW2(config-if-range)#switchport mode trunk
SW2(config)#vtp mode client
CCNA 640-802
Page 93 of 127
SW2(config)#vtp domain cisco

SW2(config)#vtp password cisco
SW2(config-if-range)#switchport trunk native vlan 99
SW2(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60
SW2(config-if)#switchport mode access
SW2(config-if)#switchport port-security
SW2(config-if)#switchport port-security violation protect
SW2(config-if)#switchport access vlan 10
SW2(config-if)#int f0/4
SW2(config-if-range)#shutdown
CCNA 640-802
Page 94 of 127
VOIP(Voice Over Internet Protocol)
L3(config)#vlan 10
L3(config-vlan)#name Sale
L3(config-vlan)#name Manager
L3(config-vlan)#name Operation
L3(config-vlan)#name Security
L3(config-vlan)#name Native
L3(config)#vtp mode server
L3(config)#vtp domain cisco
L3(config)#vtp password cisco
CCNA 640-802
Page 95 of 127
L3(config)#int range f0/1 - 2

L3(config-if-range)#switchport nonegotiate
3(config-if-range)#switchport trunk allowed vlan
10,20,30,40,50,60
L3(config)#int f0/3
L3(config-if)#switchport voice vlan 10
VOIP
CCNA 640-802
Page 96 of 127

L3(config-if)#exit
L3(config)#int range f0/9 - 24
L3(config-if-range)#shutdown
L3(config)#int vlan10
L3(config-if)#ip add 10.10.10.1 255.255.255.0
L3(config-if)#int vlan20
L3(config-if)#ip add 10.10.20.1 255.255.255.0
L3(config-if)#ip add 10.10.30.1 255.255.255.0
L3(config-if)#ip add 10.10.40.1 255.255.255.0
L3(config-if)#ip add 10.10.50.1 255.255.255.0
L3(config-if)#ip add 10.10.60.1 255.255.255.0
L3(config-if)#exit
L3(config)#ip dhcp excluded-address 10.10.10.1
10.10.10.50
10.10.20.50
10.10.30.50
10.10.40.50
10.10.50.50
10.10.60.50
L3(dhcp-config)#option 150 ip 192.168.0.1
option 150 ph svr
192.168.0.1 - CME Address

CCNA 640-802
Page 97 of 127

L3(config)#int f0/9
L3(config-if)#no switchport
IP
L3(config-if)#ip add 192.168.0.2 255.255.255.252

L3(config-if)#no shut
SWA(config)#vtp mode client
SWA(config)#vtp password cisco
SWA(config)#int range f0/1 - 2
SWA(config-if-range)#switchport mode trunk
SWA(config-if-range)#switchport trunk native vlan 99
SWA(config-if-range)#switchport trunk allowed vlan
10,20,30,40,50,60
SWA(config-if-range)#switchport nonegotiate
SWA(config-if-range)#exit
SWA(config)#int f0/3
SWA(config-if)#switchport mode access
SWA(config-if)#switchport port-security
SWA(config-if)#switchport port-security violation protect
SWA(config-if)#switchport access vlan 10
SWA(config-if)#switchport voice vlan 10
SWA(config-if)#int f0/4
CCNA 640-802
Page 98 of 127
switchport mode
SWA(config-if)#int range f0/9 - 24
SWA(config-if-range)#shutdown
SWB(config)#vtp mode server
SWB(config)#vtp password cisco
SWB(config)#int f0/2
SWB(config-if)#switchport mode access
SWB(config-if)#switchport port-security
SWB(config-if)#switchport port-security violation protect
SWB(config-if)#switchport access vlan 10
SWB(config-if)#switchport voice vlan 10
SWB(config-if)#int f0/3
CCNA 640-802
Page 99 of 127

SWB(config-if)#int range f0/8 - 24
SWB(config-if-range)#shutdown
SWC(config)#vtp mode client
Setting device to VTP CLIENT mode.
SWC(config)#vtp password cisco
Setting device VLAN database password to cisco
SWC(config)#int range f0/1 - 2
SWC(config-if-range)#switchport mode trunk
SWC(config-if-range)#switchport trunk native vlan 99
SWC(config-if-range)#switchport trunk allowed vlan
10,20,30,40,50,60
SWC(config-if-range)#switchport nonegotiate
SWC(config-if-range)#int f0/3
SWC(config-if)#switchport mode access
SWC(config-if)#switchport port-security
SWC(config-if)#switchport port-security violation protect
CCNA 640-802
Page 100 of 127
SWC(config-if)#switchport access vlan 10

SWC(config-if)#switchport voice vlan 10
SWC(config-if)#int f0/4
SWC(config-if)#int range f0/9 - 24
SWC(config-if-range)#shutdown
SWD(config)#vtp mode client
Setting device to VTP CLIENT mode.
SWD(config)#vtp password cisco
Setting device VLAN database password to cisco
SWD(config)#int f0/1
SWD(config-if)#switchport mode trunk
SWD(config-if)#switchport trunk native vlan 99
SWD(config-if)#switchport trunk allowed vlan
CCNA 640-802
Page 101 of 127
10,20,30,40,50,60
SWD(config-if)#switchport nonegotiate
SWD(config-if)#int f0/2
SWD(config-if)#switchport mode access
SWD(config-if)#switchport port-security
SWD(config-if)#switchport port-security violation protect
SWD(config-if)#switchport access vlan 10
SWD(config-if)#switchport voice vlan 10
SWD(config-if)#int range f0/8 -24
SWD(config-if-range)#shutdown
CME(config)#int f0/0
CME(config-if)#ip add 192.168.0.1 255.255.255.252
CCNA 640-802
Page 102 of 127
CME(config-if)#no shut
CME(config-if)#exit
CME(config)#ip route 10.10.10.0 255.255.255.0 f0/0
CME(config)#telephony-service
Phone Service
CME(config-telephony)#max-dn 30
Ph.ext
CME(config-telephony)#max-ephones 30
Ph.
CME(config-telephony)#exit
CME(config)#ephone-dn 1
dn= directory numbers (1-144)
CME(config-ephone-dn)#number 9101
Ph extension
CME(config-ephone-dn)#ephone-dn 2
CCNA 640-802
Page 103 of 127
CME(config-ephone-dn)#exit
CME(config)#ephone 1
CME(config-ephone)#type cipc
Type = softphone
CME(config-ephone)#mac-address 000A.F3CA.14B1
Computer Mac Address
CME(config-ephone)#button 1:1
Ext no.
CME(config-ephone)#ephone 2
CME(config-ephone)#mac-address 0001.638E.60BA
CCNA 640-802
Page 104 of 127
(9101)
CME(config-ephone)#mac-address 0090.0CE6.AC8A
CME(config-ephone)#mac-address 00E0.A353.5EBA
CME(config-ephone)#mac-address 000A.F390.BBE5
CME(config-ephone)#mac-address 0001.4248.E46A
CME(config-ephone)#mac-address 000B.BE10.4336
CME(config-ephone)#mac-address 00D0.5897.0895
CME(config-ephone)#mac-address 0002.4AED.6AB6
CME(config-ephone)#mac-address 0007.ECA4.8CCE
CME(config-ephone)#mac-address 00E0.F7A2.2543
CME(config-ephone)#mac-address 00D0.9793.B500
CCNA 640-802
Page 105 of 127
CME(config-ephone)#mac-address 0030.A316.ABB3
CME(config-ephone)#mac-address 00E0.B013.C2B3
CME(config-ephone)#mac-address 000A.41D9.9A33
CME(config-ephone)#mac-address 0001.9769.0AE8
CME(config-ephone)#mac-address 0009.7C9C.1A52
CME(config-ephone)#mac-address 0010.1112.9D99
CME(config-ephone)#mac-address 0005.5E26.516A
CME(config-ephone)#mac-address 000B.BEED.0C31
CME(config-ephone)#mac-address 00D0.FF90.81C4
CME(config-ephone)#mac-address 0010.11EA.B09D
CME(config-ephone)#
CME(config-ephone)#mac-address 00D0.BA28.A209
CCNA 640-802
Page 106 of 127
CME(config-ephone)#mac-address 0002.4A8C.6226
CME(config-ephone)#mac-address 00D0.5854.800C
CME(config-ephone)#mac-address 000D.BDDC.7A11
CME(config-ephone)#mac-address 0001.97A0.3065
CME(config-ephone)#mac-address 0002.1654.4B8B
CME(config-ephone)#mac-address 0006.2AE5.4C38
CME(config-ephone)#mac-address 00D0.FF4E.969A
CME(config-ephone)#exit
CME(config)#telephony-service
CME(config-telephony)#ip source-address 192.168.0.1 port
2000
CCNA 640-802
Page 107 of 127
Spanning Tree Protocol (STP)(802.1D)

STP Protocol
Switch to Switch
recover
Backup
P
Data
Port
Root Port
Root Bridge
Link
Desg Port
P
Link
Forwarded Port
Path Cost
Down
BLK port
P
Switch
Root Bridge
(0-61440)
Priority
2. Priority
4-bit
Mac Address
Switch
Remark Root Bridge
Switch
Port
Switch(config)#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Priority
Address
32769
0001.6435.13E5
This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority
Address
32769 (priority 32768 sys-id-ext 1)

0001.6435.13E5
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20
Interface
Role Sts Cost
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/2
Desg FWD 19
128.2
P2p
Fa0/1
Desg FWD 19
128.1
P2p
CCNA 640-802
Page 108 of 127
Root Port Election

Non-Root Switch
Path Cost
Switch
P
Path
Cost
10 GB
1 GB
100 MB
19
10 MB
100
Port No.
Port No.
Non-Root Switch
Link
Acti
Root Port
BPDU(Bridge Protocol Data Unit)
Down
20s, Forwarding
15s
MAC Learning
19+19
CCNA 640-802
Switch
every 2s
Link Down
Cost 19
BLK Port
Root Bridge
Root Bridge
Page 109 of 127
10
Backup Link
15s
50s
P
Mac Address
Path Cost
Port
Switch
Root Bridge
Neighbor Switch
Root Port
Mac Address
Access Layer
Core Layer
Priority
Switch
Data
Root Bridge
Root Bridge
Per Vlan Spanning-Tree (PVST+)
CCNA 640-802
Mac Address
Page 110 of 127
Switch
Access Layer
Vlan
Root Primary
BLK Port
Rapid PVST
Rapid PVST
Backup Link
2s
P
Switch(config)#spanning-tree mode rapid-pvst
CCNA 640-802
Page 111 of 127
YGN-S1(config)#int range f0/1 - 2

YGN-S1(config-if-range)#switchport mode trunk
YGN-S1(config-if-range)#switchport nonegotiate
YGN-S1(config-if-range)#exit
YGN-S1(config)#vtp mode server
YGN-S1(config)#vtp domain cisco
YGN-S1(config)#vtp password cisco
YGN-S2(config)#vtp mode client
CCNA 640-802
Page 112 of 127
YGN-S3(config)#vtp mode client
Access Control Lists

Access Control lists
Router
Users
instructions
ACL
1.
Standard Access Lists
2.
Extended Access Lists

1.
2.
Data Packets
3.
Destination Addresses
filter
Router
CCNA 640-802
1-99
source addresses
L
interface
Page 113 of 127
Destination
4.
Filter
OSI Model
Layer 3
Exercise 1
deny
B1(config)#access-list 10 deny host 192.168.1.31

B1(config)#access-list 10 deny 192.168.1.31
access-list 10 deny Source IP Address
B1(config)#access-list 10 deny 192.168.1.31 0.0.0.0

ACL No.
B1(config)#int f0/0
-
Access-list
Rule
host
Destination Network
Source Network
outbound
default deny auto rule

Host
host
B1(config)#access-list 11 deny host 192.168.1.31
Deny host
B1(config)#access-list 11 permit any

B1(config)#int f0/0
CCNA 640-802
IP
Interface
B1(config-if)#ip access-group 10 out
Rule
Deny
Page 114 of 127
source network
Deny
192.168.1.0 Network

B1(config)#int f0/0
Network
192.168.1.255
192.168.1.128
B1(config)#
B1(config)#int f0/0
192.168.1.0-64
192.168.1.128-192
Deny

B1(config)#
B1(config)#int f0/0
Deny

B1(config)#
B1(config)#int f0/0

IP
b
B1(config)#
B1(config)#int f0/0
CCNA 640-802
Page 115 of 127
255
Exercises
192.168.7.0 Network
CCNA 640-802
Website access
Page 116 of 127
access-list 110 permit tcp 192.168.7.0 0.0.0.255 any eq
7.0 Network
0.0 Network
website
80
access-list 110 permit udp 192.168.7.0 0.0.0.255 host
website
192.168.0.10 eq 53
Service
access-list 110 permit udp any eq 68 any eq 67
Client
DNS
DHCP Service
(68
server
int f0/1
client
67
Access-List
Interface
ip access-group 110 in
access-list 111 deny tcp 192.168.7.0 0.0.0.255 host
Website
192.168.0.11 eq 80
deny
cisco.com website
(Remark Deny
ACL
)
website
80
192.168.0.10 eq 53
int f0/1
access-list 111 permit icmp 192.168.7.0 0.0.0.255
7.0 Network
192.168.2.0 0.0.0.255 echo
CCNA 640-802
Page 117 of 127
2.0 Network
Ping
access-list 112 deny tcp 192.168.7.0 0.0.0.255 host

192.168.0.11 eq 80
80
192.168.0.10 eq 53
access-list 112 deny icmp 192.168.7.64 0.0.0.31
7.64-7.96
2.224-2.255
deny
192.168.2.224 0.0.0.31 echo

access-list 112 permit icmp 192.168.7.0 0.0.0.255
192.168.2.0 0.0.0.255 echo
access-list 112 permit tcp host 192.168.7.100 host
7.100 computer
192.168.0.11 eq 21
int f0/1
Name Access-List
Router
HQ(config)#enable secret cisco
CCNA 640-802
Page 118 of 127
0.11
HQ(config)#line vty 0 4
HQ(config-line)#password telnet
HQ(config-line)#exit
HQ(config)#ip access-list standard John
John
HQ(config-std-nacl)#permit host 192.168.1.31
John compuer
Standard ACL
HQ(config-std-nacl)#exit
HQ(config)#line vty 0 4
Telnet
HQ(config-line)#access-class John in
ACL
HQ(config-line)#exit
Computer
Server Network
Switch
Admin Mode
Password
Switch(config-line)#password telnet
Password
Switch(config)#int vlan 1
Switch
IP
Switch(config-if)#ip add 192.168.0.5 255.255.255.0

Switch(config-if)#no shut
Switch(config-if)#exit
Switch(config)#ip default-gateway 192.168.0.1
Switch
gateway
Switch(config)#ip access-list standard John
Switch(config-std-nacl)#permit host 192.168.1.31
192.168.1.31
Switch(config-std-nacl)#exit
ACL
Switch(config-line)#access-class John in
Time Base ACL
CCNA 640-802
Page 119 of 127
R1#sh clock
R1(config)#clock timezone YGN 6 30
R1#clock set 19:00:00 11 Oct 2012
R1(config)#ntp master
ntp server
R2(config)#ntp server 192.168.123.1
Time Setting
NTP Server
R2(config)#clock timezone YGN 6 30
111.0 Network
222.0 Network
ICMP Allow
R1(config)#ip access-list extended PING

R1(config-ext-nacl)#permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo
R1(config)#int f0/0
R1(config-if)#ip access-group PING in
R1#sh access-list
Extended IP access list PING
10 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo
N
111.10 Client
222.20 Server
ICMP Deny
ACL
ACL No.
R1(config)#ip access-list extended PING
R1(config-ext-nacl)#9 deny icmp host 192.168.111.10 host 192.168.222.20 echo
R1(config-ext-nacl)#do sh access-list
CCNA 640-802
Page 120 of 127

9 deny icmp host 192.168.111.10 host 192.168.222.20 echo
10 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo
ACL Rule
ACL No.
start no.increase count
R1(config)#ip access-list resequence PING 10 10

R1(config)#do sh access-list
20 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255
echo
Remote Desktop
(Time Frame
R1(config)#time-range RDP
R1(config-time-range)#?
Time range configuration commands:
absolute absolute time and date
default Set a command to its defaults
exit
Exit from time-range configuration mode
no
Negate a command or set its defaults
periodic periodic time and date

R1(config-time-range)#periodic Monday Wednesday Thursday 8:30 to 9:00
R1(config-time-range)#ip access-list extended PING
R1(config-ext-nacl)#5 permit tcp host 192.168.111.10 host 192.168.222.20 eq3389 time-range RDP
R1(config-ext-nacl)#do sh access-list
5 permit tcp host 192.168.111.10 host 192.168.222.20 eq 3389 time-range RDP (inactive)
20 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255
CCNA 640-802
Page 121 of 127
B1(config)#enable secret cisco

B1(config)#line vty 0 4
B1(config-line)#password telnet
B1(config)#access-list 10 permit 10.10.14.0 0.0.0.255
IT Vlan 24
B1(config)#line vty 0 4
Router
B1 Router
B1(config-line)#access-class 10 in
7.0 Guest Network
Internet Access
Allow
(HTTP,HTTPS,DNS,DHCP)
B2(config)#access-list 120 permit udp 10.10.7.0 0.0.0.255 host 10.10.15.10 eq 53

L
Guest Network
DNS Server
DNS Service
B2(config)#access-list 120 deny tcp 10.10.7.0 0.0.0.255 host 10.10.15.30 eq 80

L
Guest Network
Internal website(www.abc.com)
B2(config)#access-list 120 deny tcp 10.10.7.0 0.0.0.255 host 10.10.15.30 eq 443

L
Guest Network
Internal website(www.abc.com)
B2(config)#access-list 120 permit tcp 10.10.7.0 0.0.0.255 any eq 80

L
CCNA 640-802
Guest Network
Internet Website
Page 122 of 127

L
Guest Network
Internet Website
B2(config)#access-list 120 permit udp any eq 68 eq 67

L
Guest Network
DHCP Server
DHCP Service
B2(config)#access-list 120 permit ip 10.10.7.0 0.0.0.255 10.10.9.0 0.0.0.255

L
Guest Network
Wireless
B2(config)#access-list 120 permit ip 10.10.7.0 0.0.0.255 10.10.11.0 0.0.0.255

L
Guest Network
Wireless
B2(config)#access-list 120 deny tcp 10.10.7.0 0.0.0.255 host 10.10.15.50 0.0.0.255 eq 25

L
Guest Network
Internal Mail Server
SMTP
B2(config)#access-list 120 deny tcp 10.10.7.0 0.0.0.255 host 10.10.15.50 0.0.0.255 eq 110
L
Guest Network
Internal Mail Server
POP3

L
Guest Network
Internet Mail Server

L
Guest Network
Internet Mail Server
B2(config)#int f0/0.17
B2(config-subif)#ip access-group 120 in
NAT (Network Address Translation)
Three types of NATStatic NAT (one to one)- Mapping an unregistered IP address to a registered IP address on a one-toone basis. Particularly useful when a device needs to be accessible from outside the network.
CCNA 640-802
Page 123 of 127
In static NAT, the computer with the IP address of 192.168.0.10 will always translate to 213.81.71.69:
Dynamic NAT Maps an unregistered IP address to a registered IP address from a group of

registered IP addresses. Dynamic NAT also establishes a one-to-one mapping between unregistered
and registered IP address, but the mapping could vary depending on the registered address
available in the pool, at the time of communication.
In dynamic NAT, the computer with the IP address of 192.168.32.10 will translate to the first available
address in the range from 213.18.123.100 to 213.18.123.150:
Overloading A form of dynamic NAT that maps multiple unregistered IP addresses to a single
registered IP address by using different ports. Known also as PAT (Port Address Translation), single
address NAT or port-level multiplexed NAT.
In overloading, each computer on the private network is translated to the same IP address
(213.18.123.100) but with a different port number assignment:
Exercise ( Static NAT) - Internal Web Site
CCNA 640-802
External Client
Page 124 of 127
NAT(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0
Internet
NAT(config)#ip nat inside source static 10.1.0.254 203.81.64.11 Nat
203.81.64.11
NAT(config)#int s0/0/0
10.1.0.254
NAT(config-if)#ip nat outside
Int serial 0/0/0
translate
outside interface
NAT(config-if)#int f0/0
NAT(config-if)#ip nat inside
Int f0/0
inside interface
NAT(config)#ip nat inside source static tcp 10.1.0.254 80 203.81.64.11 80
Wan IP
NAT(config)#ip nat inside source static tcp 10.1.0.253 80 203.81.64.11 443
Internal Web Server
DNS Server
Exercise (Dynamic NAT)Internal Clients
CCNA 640-802
Internet
Page 125 of 127
WAN IP
Port
NAT(config)#access-list 30 permit 10.1.0.0 0.0.1.255
NAT(config)#ip nat pool MYPOOL 203.81.64.3
WAN IP 3
203.81.64.5 netmask 255.255.255.240
NAT
NAT(config)#ip nat inside source list 30 pool MYPOOL
Interface
POOL
NAT(config)#int s0/0/0
NAT(config-if)#ip nat outside
NAT#sh ip nat translations
NAT
NAT#clear ip nat translation
NAT
Exercise -PAT (Port Address Translation) Internal Clients
Internet
NAT(config)#ip nat inside source list 30 pool MYPOOL overload

HTTP/HTTPS
DNS
Allow
NAT(config)#access-list 120 permit tcp 10.1.0.0 0.0.1.255 any eq 80

NAT(config)#ip nat inside source list 120 pool MYPOOL overload
CCNA 640-802
Page 126 of 127
Overload
PAT
CCNA 640-802
Page 127 of 127

CCNA Note

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CCNA Note

Hochgeladen von

Copyright:

Verfügbare Formate

IP Address

Binary,Octel and Hexa (Machine Language)

Decimal to Hexa and Binary

0000 0000-0010 0100-1000 1

Class A = 1.0.0.0 to 126.255.255.255

IANA (Internet Assigned Numbers Authority)

High Order Bit

Yatanarpon Teleport Name

Default Subnet Mask

Default Subnet Mask

Computer1 IP- 10.0.0.1

Default Subnet Mask

Answer: 128 subnets and 510 hosts

hosts on each subnet. What subnet mask should you use?

Answer: 172.16.205.193 through to 172.16.205.254

VLSM(Variable Length Subnet Mask)

Subnetting a subnet is VLSM.

Route Summarization or CIDR (Classless Inter-Domain Route)

Common bits: 10101100.00010000.010001xx

Common bits: 10101100.00010000.01001xxx

Global Configuration Mode

Router#show interface serial 0/0

Serial 0/0 interface

Router#show ip interface brief

Router#show controllers serial 0

Flash memory info

YGN#copy run tftp

running config file

startup config file

YGN(config)#service password encryption

YGN(config)#no service password encryption

YGN(config-if)#ip address 192.168.1.1 255.255.255.0

0 0(min sec) console

auto log off

YGN(config)#username console secret consoleadmin

YGN(config)#username admin privilege 15 secret admin

YGN(config-line)#transport input ssh

YGN(config)#ip domain-name abc.com

YGN(config)#crypto key generate rsa

YGN>show tcp brief

YGN(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.20

YGN(config)#ip dhcp pool Account-Dept

YGN(dhcp-config)#network 192.168.1.0 255.255.255.0

YGN(config)#ip dhcp pool winxp-1

Reservation Name create

YGN(config-dhcp)#host 192.168.1.200 255.255.255.0

YGN#clear ip dhcp binding

For Linux Platform

YGN(config-dhcp)#host 192.168.1.200 255.255.255.0

YGN(config)#login on-failure log

YGN(config)#logging host 192.168.1.10

YGN(config)#security passwords min-length 10

Router(config)#enable secret cisco

Router(config)#username console secret consoleadmin

Router(config-if)#ip add 192.168.1.1 255.255.255.0

Router(config-if)#ip add 192.168.2.1 255.255.255.0

Router(config)#ip dhcp pool Account-Dept

Router(dhcp-config)#network 192.168.1.0 255.255.255.0

Router(dhcp-config)#network 192.168.2.0 255.255.255.0

Router(config)#ip dhcp excluded-address 192.168.1.1

Router(config)#ip dhcp excluded-address 192.168.2.1

DHCP List Address

Configure Your Router to Support SDM (Manage with GUI)