Beruflich Dokumente
Kultur Dokumente
N
OSI Layer
Layer 2
Layer 3
P
- Class A , Class B
language)
Class
Class C
IP
Decimal (human
M
-
b
8 bit = 1 Byte
1024 B = 1 Kilobyte (KB)
1024KB = 1 Megabyte (MB)
1024MB = 1 Gigabyte (GB)
b
-b
-b
-b
CCNA 640-802
Page 1 of 127
P
-
P
O
b
b
b
(Loop back address
b
b
N
O
N
N
O
N
Private
Address
CCNA 640-802
Page 2 of 127
P
P
P
N P
Internet
LAN P
IP Subnetting
IP Subnetting
Building
IP
Building
IANA
IANA
N
website
N
http://www.apnic.net/
IP
Small Office
site
register
APNIC
b
- 203.81.162.22
Small Office
Office
Register
Computer
50
Class C
Cost
IP
254
Class C
IP 54
Office
IP
Class C IP
Cost
ISP
IP
IP
Router
Internet
N
IP
Computer
Subnetting
Class A
Subnetting
Subnet Mask
Octet 255
Host
255
Octet
'1'
Class A
'1'
Slash Notation
Default Subnet Mask
192.168.0.255
O
CCNA 640-802
'255'
Network
Address
Host
Octet
192.168.0.0
'0'
Subnet Mask
Class B
IP Address Post
8 bit
Network
10.0.0.0/8
Network
172.16.0.0/16
Class C
Octet
192.168.0.0/24
Network Address
'0'
Address
Broadcast Address
Page 3 of 127
Broadcast Address
N
255
Computer2 IP - 11.0.0.1
SM- 255.0.0.0
SM- 255.0.0.0
Computer
Octet
10.0.0.1
Network ID
Network
Class A
Class C
11.0.0.2
Class B
Octet
Computer
Network
Octet
Octet
255
Subnet Mask
b
Octet
Subnetting
P
Host
b
P
b
b
b
-b
b N
N
b
M
N
b
Host ID
O
b
CCNA 640-802
Last IP
Network
First IP
192.168.0.0
192.168.0.1
192.168.0.62
192.168.0.63
192.168.0.64
192.168.0.65
192.168.0.126
192.168.0.127
192.168.0.128
192.168.0.129 192.168.0.190
192.168.0.191
192.168.0.192
192.168.0.193 192.168.0.254
192.168.0.255
Page 4 of 127
Broadcast
Class B
subnet
Class B
Octet
172.16.0.0/16
Subnet Mask
subnet
Class C
Octet
subnet
Network
172.16.0.0
172.16.128.0
First IP
172.16.0.1
172.16.128.1
Last IP
172.16.127.254
172.16.255.254
Broadcast -
172.16.127.255
172.16.255.255
1 bit
255.255.0.0
Network
1 bit
00000000.00000000
Decimal
10000000.00000000
'/'
172.16.0.0/18
1 bit
172.16.0.0/17
172.16.64.0/18
172.16.192.0/17
CCNA 640-802
Host
Page 5 of 127
172.16.128.0/18
16
32
Host
Class A
/9
Subnet Mask
/30
255.0.0.0
Octet
/30
http://subnettingquestions.com/
Question: How many subnets and hosts per subnet can you get from the network 172.29.0.0/23?
Networks
Network
IP
255.255.0.0
172
/23
23
Class B
'255'
16
7 bit
Host
2^9
Hosts
16 bits,
512
Subnet Mask
Third Octet
Host
2^7
32 bits
512 Hosts
Class B
Network
128 Sub Networks
Subnet Mask 23
Network
9
510 Hosts
110
Network
300 Hosts
Subnet Mask
2^9
7 bit
Hosts
Hosts
/23
Network
2^7
128
300
2^8
256
Host
Network
1 bit
110
Answer: 255.255.254.0
----------------------------------------------------------------------------------------------------------------------------- ---------Question: What valid host range is the IP address 172.16.205.218/26 a part of?
IP
IP
172
/26
192
64
172.16.205.192
Network
Broadcast
CCNA 640-802
Class B
Default
255.255.255.192
64 series
172.16.205.0/26
IP
172.16.205.218
172.16.205.193
10 bits
Octet
172.16.205.64
Host
256
172.16.205.128
172.16.205.192 Network
172.16.205.254
Page 6 of 127
/16
240
16 series
IP
IP
Subnet Mask
10.121.0.0
10.121.16.0
10.121.48.0
10.121.47.255
Third Octet
10.121.32.0
Host IP
10.121.32.0
Broadcast
10.121.47.254
Answer: 10.121.47.254
----------------------------------------------------------------------------------------------------------------------------- ---------Question: What is the first valid host on the subnetwork that the node 172.22.154.105/24 belongs to?
IP
/24
Network
255.255.255.0
Class B
Third Octer
IP
Subnet Mask
Class C
256
IP
255
1 series
172.22.154.0
172.22.0.0
First IP
1 series
172.22.154.1
Answer: 172.22.154.1
------------------------------------------------------------------------------------------------------------------------------ --------Question: What is the broadcast address of the network 172.21.60.0/22?
IP
255.255.252.0
256
252
Broadcast Address
4 series
Third Octet
Network
Third Octet
Network
60
172.21.64.0
Subnet Mask
60
4
series
Subnet
4
Network Address
Broadcast Address
Network
172.21.63.255
Answer: 172.21.63.255
----------------------------------------------------------------------------------------------------------------------------- ---------Question: Which subnet does host 172.18.62.52/27 belong to?
IP
255.255.255.224
172.18.62.32
256
172.18.62.64
224
Network
32 series
IP
Subnet Mask
Network
172.18.62.32 Network
Answer: 172.18.62.32
CCNA 640-802
Page 7 of 127
32
172.18.62.0
Self Study
Router A - 60 hosts
Router B - 25 hosts
Router C - 25 hosts
Router D - 10 hosts
O
b
192.168.0.128/26
192.168.0.64/26
192.168.0.192/26
b
b
192.168.0.144/28
192.168.0.160/28
192.168.0.176/28
L
CCNA 640-802
Page 8 of 127
- -
192.168.0.148/30
192.168.0.152/30
192.168
L
P
Supernetting is CIDR
b
b
172.16.64.0
10101100.00010000.01000000.00000000
172.16.65.0
10101100.00010000.01000001.00000000
172.16.66.0
10101100.00010000.01000010.00000000
172.16.67.0
10101100.00010000.01000011.00000000Common bits:
10101100.00010000.010000xx.00000000
CCNA 640-802
Page 9 of 127
172.
Step 2 172.16.68.0
10101100.00010000.01000100.00000000
172.16.69.0
10101100.00010000.01000101.00000000
172.16.70.0
10101100.00010000.01000110.00000000
172.16.71.0
10101100.00010000.01000111.00000000
10101100.00010000.01001000.00000000
172.16.73.0
10101100.00010000.01001001.00000000
172.16.74.0
10101100.00010000 01001010.00000000
172.16.75.0
10101100.00010000 01001011.00000000
172.16.76.0
10101100.00010000.01001100.00000000
172.16.77.0
10101100.00010000.01001101.00000000
172.16.78.0
10101100.00010000.01001110.00000000
172.16.79.0
10101100.00010000.01001111.00000000
CCNA 640-802
Page 10 of 127
Router Commands
Shortcuts To Entering Commands
Router>enable
Router>en
Command
Short Key
Router#configure terminal
Router#conf t
Tab Key
Command
Router#sh
Router#show
? Question Mark
Command
Router#?
Admin Mode
Command
List
Router#c?
Command
Router#cl?
cl
Command
Router#clock
clock Command
List
clear clock
List
parameters
% Incomplete Command
Router#clock ?
Date/Time
Subcommands
set
Router#clock set 13:56:00 26 July
2012
Enter Key
Command
Date/Time
Command
Router#
Router(config)#clock timezone YGN 0 0
enable Command
Router>enable
User Mode
Admin Mode
Router#
configure terminal Command
Router#configure terminal
Router(config)#
exit Command
Router#exit
Router>exit
Router(config-if)#exit
Current Mode
Router(config)#
Router(config)#exit
Current Mode
Router#
CCNA 640-802
Page 11 of 127
disable Command
Router#disable
User Mode
Router>
logout Command
Router#logout
exit Command
show Command
Router#show ?
Command
List
Router#show interfaces
Interfaces
Interfaces
DCE/DTE
summary
Clock Rate
Router#show clock
*13:56:00 YGN Thu 26 July 2012
Router#show history
command
Router#show flash
Router#show version
Firmware version
Router#show arp
ARP Table
YGN#show running-config
config file
YGN#show startup-config
config file
YGN#sh users
Line
User
0 con 0
idle
*67 vty 0
idle
Host(s)
Idle
Location
00:04:09
00:00:00 192.168.1.20 Active User
YGN#show ip route
Routing Table
do Command
YGN(config)#do show running-config
Mode
Saving Configuration
YGN#copy running-config startup-config
YGN#write
(Remark-
CCNA 640-802
config file
tftp server
Page 12 of 127
Erasing Configuration
YGN#erase start
NVRAM
N
Router(config)#hostname YGN
YGN(config)#
YGN(config)#no hostname
Router(config)#
Router
Restart
YGN#reload
Password
YGN(config)#enable password cisco
Admin Mode
Password
Type 7
Admin Mode
Type 5
console
YGN(config)#line console 0
YGN(config-line)#password console
YGN(config-line)#login
Login o
fastethernet interface
YGN(config)#interface fastethernet 0/0
f0/0 interface
ip
description
YGN(config-if)#no shutdown
interface
serial interface
YGN(config)#interface serial 0/0
YGN(config-if)#ip address 192.168.1.1 255.255.255.0
YGN(config-if)#description Link to ISP
YGN(config-if)#clock rate 64000
Clock rate
YGN(config-if)#no shutdown
logging synchronous Command
YGN(config)#line con 0
YGN(config-line)#logging synchronous
CCNA 640-802
Command
command
Page 13 of 127
console
information
exec-timeout Command
YGN(config)#line con 0
Console
YGN(config-line)#exec-timeout 0 0
YGN(config-line)#
Banner
YGN(config)#banner motd $
------------------------------------------------------------WARNING: This router is the property of Ciscronet Networking Academy. Any unauthorized access is
monitored. Violators will be prosecuted.
------------------------------------------------------------$
Router
YGN(config)#line vty 0 1
telnet user
YGN(config-line)#password telnet
telnet password
YGN(config-line)#login
login o
console port
(eg. 0 4)
user database
Normal User
Admin User
ssh
Router
YGN(config)#line vty 0 4
YGN(config-line)#login local
login
login
Router
Domain Name
Choose the size of the key modulus in the range of 360 to 2048 for
your General Purpose Keys.Choosing a key modulus greater than
512 may take a few minutes.
How many bits in the modulus[512]: 1024
%
b [OK]
YGN>sh users
Line
User
Host(s)
idle
00:02:05
ssh
idle
00:00:32
0 con 0
68 vty 1
Idle
Location
CCNA 640-802
Page 14 of 127
DHCP Configuration
Network Scope
YGN(dhcp-config)#default-router 192.168.1.1
Gateway
YGN(dhcp-config)#dns-server 192.168.1.10
DNS Server
YGN(dhcp-config)#netbios-name-server 192.168.1.10
YGN(dhcp-config)#domain-name abc.com
Domain Name
YGN(dhcp-config)#lease 0 1 0
DHCP Reservation
YGN#clear ip dhcp binding
dhcp ip
clear
IP
YGN(config-dhcp)#client-identifier 0108.0027.4b84
MAC-Address
YGN(config-dhcp)#client-name winxp1
Computer Name
Login
Server
Password length
CCNA 640-802
Page 15 of 127
log
log
log
DHCP Exercise
Router>en
Admin Mode
Router#conf t
Global Mode
Admin Mode
Router(config)#line con 0
Console Configuration
Router(config-line)#login local
User Database
Router(config-line)#exit
Sub Interface
Router(config)#line vty 0 4
Telnet Configuration
Router(config-line)#login local
User Database
Router(config-line)#exit
Sub Interface
Interface f0/0
IP
Router(config-if)#no shut
Interface
Router(config-if)#int f0/1
Interface f0/1
IP
Router(config-if)#no shut
Interface
Router(config-if)#exit
Sub Interface
Account Dept
Router(dhcp-config)#default-router 192.168.1.1
Gateway
Router(dhcp-config)#dns-server 192.168.1.10
DNS Server
Router(dhcp-config)#exit
Router(config)#ip dhcp pool Marketing-Dept
Marketing Dept
Router(dhcp-config)#default-router 192.168.2.1
Gateway
Router(dhcp-config)#dns-server 192.168.1.10
DNS Server
Router(dhcp-config)#exit
CCNA 640-802
Page 16 of 127
Address
192.168.1.20
Address
For HTTP
Router
Router>en
Admin Mode
Router#conf t
Router(config)#hostname YGN
YGN#clock set 4:10:00 July 27 2012
YGN#conf t
CCNA 640-802
Page 17 of 127
Fastethernet interface
IP
Description
YGN(config-if)#no shut
Interface
YGN(config-if)#exit
Sub Interface
User Database
Console Configuration
YGN(config-line)#login local
User Database
YGN(config)#line vty 0 1
Telnet Configuration
YGN(config-line)#login local
User Database
YGN(config-line)#end
Sub Interface
Computer
Router
PC>telnet 192.168.1.1
Router
O
User Access Verification
Username : telnet
Password : ******
Router
YGN#conf t
Telnet Configuration
YGN(config-line)#login local
User Database
YGN(config-line)#exit
Sub interface
setting
CCNA 640-802
Page 18 of 127
Computer
Router
ssh protocol
Open
Password:*****
YGN#
Static Route
Two ways of static route
1.
2.
exit interface
Static Route
Routing Change
Routing Protocol
small network
Administrator
Router
Router
Routing Table
Change
Admin Distance
CCNA 640-802
Page 19 of 127
HQ>en
Next-hop IP
HQ#conf t
Route
Bandwidth
Static
Data
AD
Exit Interface
B1#conf t
Static
Route
Static + CIDR
B2#conf t
CCNA 640-802
Page 20 of 127
(stub) network
CCNA 640-802
Page 21 of 127
HQ>en
HQ#conf t
HQ(config)#ip route 192.168.2.0 255.255.254.0 10.10.10.2
HQ(config)#ip route 192.168.4.0 255.255.254.0 10.10.10.6 5
HQ(config)#ip route 192.168.4.0 255.255.254.0 10.10.10.10 10
HQ(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.14
B1>en
B1#conf t
B1(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0
B2>en
B2#conf t
B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0 3
B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/1 2
B3>en
B3#conf t
B3(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0
CCNA 640-802
Page 22 of 127
HQ(config)#int f0/1
HQ(config-if)#ip helper-address 192.168.0.10
HQ(config-if)#exit
HQ(config)#
B1(config)#int f0/0
B1(config-if)#ip helper-address 192.168.0.10
B1(config-if)#int f0/1
B1(config-if)#ip helper-address 192.168.0.10
B1(config-if)#exit
B2(config)#int f0/0
B2(config-if)#ip helper-address 192.168.0.10
B2(config-if)#int f0/1
B2(config-if)#ip helper-address 192.168.0.10
B2(config-if)#exit
B2(config)#
B3(config)#int f0/0
B3(config-if)#ip helper-address 192.168.0.10
B3(config-if)#int f0/1
B3(config-if)#ip helper-address 192.168.0.10
B3(config-if)#exit
CCNA 640-802
Page 23 of 127
CCNA 640-802
Page 24 of 127
cisco devices
HQ#sh cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
HQ#sh cdp neighbors
Neighbor Devices
Fas 0/0
Switch
156
2950
Port ID
Fas 0/1
Fas 0/1
156
2950
B2
Ser 0/0/1
163
C1841
Fas 0/1
Ser 0/0/0
B3
Ser 0/1/1
163
C1841
Ser 0/0/0
B2
Ser 0/1/0
163
C1841
Ser 0/0/1
B1
Ser 0/0/0
164
C1841
Ser 0/0/0
(or)
Neighbor Device
Information
CDP Protocol
HQ(config)#int f0/0
Interface
FastEthernet Port
Age (min) Hardware Addr Type Interface
Internet 192.168.0.1
Internet 192.168.0.10
Internet 192.168.1.1
CCNA 640-802
Page 25 of 127
CDP
Server
CCNA 640-802
Page 26 of 127
B1>en
B1#conf t
B1(config)#ip domain-lookup
DNS Server
Record
B1(config)#exit
B2>en
B2#conf t
B2(config)#ip domain-lookup
B2(config)#ip name-server 192.168.0.10
B2(config)#exit
B3>en
B3#conf t
B3(config)#ip domain-lookup
B3(config)#ip name-server 192.168.0.10
B3(config)#exit
B3#hq
HQ Router
CCNA 640-802
# domain-lookup
Page 27 of 127
YGN>enable
Admin Mode
Startup-config file
Server Address
TFTP Server
TFTP Server
copy
save
Writing startup-config....!!
[OK - 592 bytes]
592 bytes copied in 3.078 secs (0 bytes/sec)
YGN#
Delete Config From Router
YGN#erase startup-config
Restore Config File from TFTP Server
YGN#copy tftp startup-config
TFTP Server
TFTP Server
CCNA 640-802
Page 28 of 127
File
copy
Filename
YGN>en
Admin Mode
YGN#conf t
Global Mode
FTP
Username create
FTP
Password create
YGN(config)#exit
Admin Mode
Startup-Config file
FTP Server
FTP Server
copy
Writing startup-config...
[OK - 531 bytes]
531 bytes copied in 0.063 secs (8000 bytes/sec)
YGN#
Restore Config File from FTP Server
YGN>en
Admin Mode
YGN#conf t
Global Mode
YGN(config)#int f0/0
Interface f0/0
IP
YGN(config-if)#no shut
Interface
YGN(config-if)#exit
Sub Interface
YGN(config)#exit
Global Mode
FTP Server
copy
CCNA 640-802
file
Page 29 of 127
Filename
YGN#show flash
Flash directory
sigdef-category.xml
1 227537
sigdef-default.xml
TFTP
IOS
Flash
TFTP Server IP
IOS Name
copy
Flash directory
Name/status
3 33591768 c1841-advipservicesk9-mz.124-15.T1.bin
4 13832032 c1841-ipbase-mz.123-14.T7.bin
2 28282
sigdef-category.xml
1 227537
sigdef-default.xml
YGN#show version
Boot
version
TFTP Server
Boot
192.168.0.100
YGN(config)#do write
Current Configuration
YGN(config)#do reload
Router
CCNA 640-802
Page 30 of 127
Restart
Step 1 xmodem
IOS
restore
IOS
rommon1#confreg 0x3922
Boot
rommon2#reset
(0x3922)
Router Boot
Console speed
Software
115200
speed
rommon1#xmodem c filename.bin
Do you wish to continue y/n? y
Hyper Terminal
TransferSend File (or)
Tera Term
FileTransferxmodemsend and then browse
File location
Router(config)#line con 0
Console
Router(config-line)#speed 9600
Speed
CCNA 640-802
Page 31 of 127
software
console
Dynamic Route
Routing Protocol
RIP version 2
Advanced Routing Protocol
Large Network
cisco
Internetwork
Static Route
IS-IS (
IGRP( Interior
developed
Router
CCNA 640-802
support
1982
Page 32 of 127
neighbors Router
Information
Administrator
IGP protocol
RIP,IGRP,EIGRP,OSPF
Number
IS-IS Protocol
AS(Autonomous System)
BGP Protocol
AS Number
hop count
Vector
Routing Information
Vector Protocol
State Protocol
Neighbor Router
Update
Complete View
CCNA 640-802
Update
Page 33 of 127
Distance
Link-State Link
Routing
Information
hop count
Network
( Periodic Update)
N
direction
Distance Vector
Neighbor
Periodic Update
Protocol
- RIPv2,EIGRP,OSPF
Convergence
Convergence
Routing Information
Network
IGRP Protocol
EIGRP
RIP
OSPF Protocol
Metric
Metric = Distance or hop count (eg. RIP Protocol
hop count
RIP Protocol
Bandwidth
data
Bandwidth
synchronize
data
Administrative Distance
Network
AD
Protocol
AD
Router
EIGRP Network
Time to Convergence
Scalability
Classless
Resource Usage
CCNA 640-802
Page 34 of 127
AD
Router
Connected Network
Learning
update
Router
30 seconds
Neighbor Router
IGRP
90 seconds
Routing Table
Routing Table
Failure of a link
Failure of a router
RIP Timers
30s
Update
invalid
Update
Routing Table
Network down
CCNA 640-802
180s (default)
Page 35 of 127
Routing Loop
180s
Bounded Update
EIGRP Protocol
EIGRP
Bounded Update
Partial Update
Periodic Update
Network
active
Network
neighbors
update
neighbor routers
update
EIGRP
Triggered Update
Triggered Update
update
Network
down
Neighbor Routers
update
Synchronized Update
synchronized update
update
Routers
Neighbor Routers
data
Routing Loop
R3 Router
N
R2 Router
R3
down
Packet
R3
R2
Periodic update
R2
R1 Router
Network 10.4.0.0
Data
R3
CCNA 640-802
R2
Interface s0/0/1
R3
Triggered update
Routing Table Update
Network
R3
R3 Table
Neighbor Router R2
R2
Interface s0/0/1
Page 36 of 127
Data
Interface s0/0/1
Data
data
Routing Loop
Count to Infinity
Holddown Timer
Route Poisoning
Poison Reverse
Default TTL
CCNA 640-802
Page 37 of 127
Exercise 1.
R1(config)#router rip
RIP Protocol
Network
Update
Interface
R1(config-router)#network 192.168.1.0
R1(config-router)#network 192.168.2.0
R1(config-router)#passive-interface f0/0
R2(config)#router rip
R2(config-router)#network 192.168.2.0
R2(config-router)#network 192.168.3.0
R2(config-router)#network 192.168.4.0
R2(config-router)#passive-interface f0/0
R3(config)#router rip
R3(config-router)#network 192.168.4.0
R3(config-router)#network 192.168.5.0
R3(config-router)#passive-interface f0/0
Related Commands
R1#sh run | sec router
router rip
passive-interface FastEthernet0/0
network 192.168.1.0
network 192.168.2.0
CCNA 640-802
Page 38 of 127
R1#sh ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 17 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 1, receive any version
Interface
Serial0/0
12
Distance
192.168.2.2
120
Last Update
00:00:07
Distance:
(default is
120)
R1#sh ip route rip
R
CCNA 640-802
change
Page 39 of 127
Exercise 2.
R1(config)#router rip
R1(config-router)#network 172.30.0.0
R2(config)#router rip
R2(config-router)#network 172.30.0.0
R2(config-router)#network 192.168.4.0
R3(config)#router rip
R3(config-router)#network 192.168.4.0
R3(config-router)#network 192.168.1.0
PN
Route
R3
ISP Router
R2
Distribute
CCNA 640-802
Page 40 of 127
RIP Network
Default
R3
R2
ISP
Router
172.30.0.0/22 Network
R2
172.30.0.0/22 Network
static route
R2(config)#router rip
R2(config-router)#no network 192.168.4.0
R2(config-router)#passive-interface s0/1
RIP update
R2(config-router)#exit
Configuration
ISP
ISP
R2(config)#router rip
R2(config-router)#default-information originate
RIP
Default Route
RIP
Default Route
Router
RIP Network
RIP
Router)
Router
Router
default router
default router
subnet mask
address field
auto summary
eg. 172.16.0.0/22
network
VLSM
classful
172.16.0.0/16
subnet mask
support
auto summary
VLSM,CIDR
Discontinuous Network
support
Discontinuous Network R2
CCNA 640-802
Network
summarized
Page 41 of 127
RIPv2
subnet mask
Discontinuous Network
Data
support
RIPv1
support
RIPv2
support
auto summary
M
Exercise 3.
R1(config)#router rip
R1(config-router)#network 172.30.0.0
R1(config-router)#network 209.165.200.0
R1(config-router)#version 2
R1(config-router)#no auto-summary
R2(config)#router rip
R2(config-router)#network 10.0.0.0
R2(config-router)#network 209.165.200.0
R2(config-router)#version 2
R2(config-router)#no auto-summary
R3(config)#router rip
R3(config-router)#network 172.30.0.0
R3(config-router)#network 209.165.200.0
R3(config-router)#version 2
R3(config-router)#no auto-summary
CCNA 640-802
VLSM,CIDR
Page 42 of 127
VLSM Network
-
Internet
Network
R2(config)#router rip
RIP Network
R2(config-router)#redistribute static
Static
R3(config)#int lo 1
Loopback Interface
IP Address
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 lo 1
R3(config)#router rip
RIP Configuration
R3(config-router)#default-information originate
Default Route
CCNA 640-802
Page 43 of 127
RIP
create
#for test
Features of EIGRP
-
Bounded Updates
Establishing Adjacencies
CCNA 640-802
Page 44 of 127
Hello
- Hello packets
multicast
CCNA 640-802
60s
neighbors
T1
Hello packets
b
Page 45 of 127
5s
T1
Network
down
Query
EIGRP Protocol
protocol
support
EIGRP
TCP/IP
Table
Neighbors Table
N
CCNA 640-802
down
Path
Topology Table
Routing Table
Routing path
TCP/IP,IPX
best path
Topology Table
Page 46 of 127
Backup path
Apple Talk
Routing Table
b
backup path
EIGRP Protocol
Transport Layer
Modules
TCP/IP,IPX
AppleTalk
Module
Layer
PDM Modules
support
DUAL Algorithm
Router
Network
Neighbor Routers
Acknowledge
Down
Neighbors Router
Update Packets
Router
Neighbors
Neighbor Router
Reply
Network
b
(Convergence State)
Administrative Distance
Internal EIGRP 90
CCNA 640-802
Update Packets
Page 47 of 127
Query Packets
Authentication
Authentication
authenticate
Router
Router
Authenticate(same
EIGRP
Max Hop
255
Router
CCNA 640-802
Page 48 of 127
Max Path
Exercise 1.
R1(config)#router eigrp 10
R1(config-router)#network 172.16.0.0
R1(config-router)#network 192.168.10.0
Classful
R1(config-router)#no auto-summary
R1(config)#int s0/0
R1(config-if)#bandwidth 64
R1(config-if)#int s0/1
R1(config-if)#bandwidth 1544
R2(config)#router eigrp 10
R2(config-router)#network 172.16.3.0 255.255.255.252
R2(config-router)#network 172.16.2.0 255.255.255.0
R2(config-router)#network 192.168.10.8 255.255.255.252
R2(config-router)#no auto-summary
R2(config)#int s0/0
R2(config-if)#bandwidth 64
Bandwidth
R2(config-if)#int s0/1
R2(config-if)#bandwidth 1024
R3(config)#router eigrp 10
R3(config-router)#network 192.168.10.8 0.0.0.3
R3(config-router)#network 192.168.1.0 0.0.0.255
R3(config-router)#network 192.168.10.4 0.0.0.3
R3(config-router)#no auto-summary
R3(config)#int s0/0
R3(config-if)#bandwidth 1024
R3(config-if)#int s0/1
R3(config-if)#bandwidth 1544
CCNA 640-802
auto summarized
Page 49 of 127
Delay
tos(default 0)
CCNA 640-802
Page 50 of 127
Bandwidth
DUAL Concepts
Feasible Distance
Feasible Condition
Network
)
Fesible Distance (Metric) and Successor (Gateway)
CCNA 640-802
Page 51 of 127
Neighbors Router
Fesible Distance
Reported Distance
Dual update
Topology Table
Neighbors Table
Topology Table
Default Route
Routing Path
EIGRP
Router
Route
R2(config-router)#redistribute static
Network
R2(config)#router eigrp 10
R2(config-router)#network 10.0.0.0
R2(config-router)#auto-summary
CCNA 640-802
Auto summary
Page 52 of 127
Classful
Manual Summarization
R1(config)#router eigrp 10
R1(config-router)#network 172.16.0.0
R1(config-router)#network 192.168.10.0
R1(config-router)#no auto-summary
R2(config)#router eigrp 10
R2(config-router)#network 172.16.0.0
R2(config-router)#network 192.168.10.0
R2(config-router)#no auto-summary
R3(config)#router eigrp 10
R3(config-router)#network 192.168.10.0
R3(config-router)#network 192.168.1.0
R3(config-router)#no auto-summary
R3(config-route)#exit
R3(config)#int lo 0
R3(config-if)#ip add 192.168.0.1 255.255.255.0
R3(config)#int lo 2
R3(config-if)#ip add 192.168.2.1 255.255.255.0
R3(config)#int lo 3
R3(config-if)#ip add 192.168.3.1 255.255.255.0
R3(config)#router eigrp 10
R3(config-router)#network 192.168.0.0
R3(config-router)#network 192.168.2.0
R3(config-router)#network 192.168.3.0
R3(config)#int s0/0
Interface
Manual Summarization
R3(config)#int s0/0
R3(config-if)#ip summary-address eigrp 10 192.168.0.0 255.255.252.0
CCNA 640-802
Page 53 of 127
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.10.0/30 is subnetted, 2 subnets
C
C
D
R1#
CCNA 640-802
Page 54 of 127
2.
3.
Connected Network
Hello packets
Neighbors
Link-State Router
learns
Connected Networks
Connected Networks
4.
Neighbor Routers
5.
Routers
LSP
Network
Routers
Network
Topology map
Advantages Of Link-State Routing Protocol
1.
Routers
2.
Network
Topology Map
Routers
Flood
)
3.
Periodic Update
LSP
Routers
4.
Mutiple Areas
Network
Network
CPU,Memory
Multiple Areas
Areas
Routing
Bandwidth
Routers
LSP Flooding
Resources
CCNA 640-802
Page 55 of 127
CCNA 640-802
O P
Page 56 of 127
Routers
Link-State Database
(SPF)
SPF Tree
SPF Tree
IP Routing Table
CCNA 640-802
Page 57 of 127
Exercise
Command
interrupt
R1(config)#router ospf 1
R1(config-router)#network 172.16.1.16 0.0.0.15 area 0
R1(config-router)#network 192.168.10.0 0.0.0.7 area 0
R2(config)#no logging console
R2(config)#router ospf 2
R2(config-router)#network 192.168.10.0 0.0.0.3 area 0
R2(config-router)#network 192.168.10.8 0.0.0.3 area 0
R2(config-router)#network 10.10.10.0 0.0.0.255 area 0
R3(config)#no logging console
R3(config)#router ospf 3
R3(config-router)#network 192.168.10.0 0.0.0.255 area 0
CCNA 640-802
Page 58 of 127
Network
Bandwidth
Before define bandwidth
R1-R2(10.10.10.0)
R1(config)#int s0/0
R1(config-if)#bandwidth 64
R1(config-if)#int s0/1
R1(config-if)#bandwidth 1544
R2(config)#int s0/0
R2(config-if)#bandwidth 64
R2(config-if)#int s0/1
R2(config-if)#bandwidth 1024
R3(config)#int s0/0
R3(config-if)#bandwidth 1544
R3(config-if)#int s0/1
R3(config-if)#bandwidth 1024
AD
Cost
CCNA 640-802
AD
Cost
Page 59 of 127
Cost
R1-R3-R2(10.10.10.0)
Cost= 108/BW(bps)+108/BW(bps)
Cost=108/1544*103+ 108/1024*103 + 108/100*106
=162
OSPF Cost Metric
Bandwidth 100MB
support
R1(config)#router ospf 1
R1(config-router)#auto-cost reference-bandwidth ?
<1-4294967> The reference bandwidth in terms of
Mbits per second
R1(config-router)#auto-cost reference-bandwidth
10000
Admin
cost
R1-R3-R2(10.10.10.0)
CCNA 640-802
Page 60 of 127
108
1010
R1(config)#int s0/0
R1(config-if)#ip ospf cost 16200
R2(config)#int s0/0
R2(config-if)#ip ospf cost 16200
R1-R2(10.10.10.0)
Router ID
1.
2.
Loopback Interface
3.
Physical IP
Router-ID
R1(config)#int lo 0
R1(config-if)#ip add 192.168.11.11 255.255.255.255
R2(config)#int lo 0
R2(config-if)#ip add 192.168.11.22 255.255.255.255
R3(config)#int lo 0
R3(config-if)#ip add 192.168.11.33 255.255.255.255
Router-ID
CCNA 640-802
Point to Point
-Time(Default 40s)
Page 61 of 127
Router-ID Command
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
Reload or use "clear ip ospf process" command, for this to take effect
R1(config-router)#end
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: y
R1#
R2(config)#router ospf 2
R2(config-router)#router-id 2.2.2.2
Reload or use "clear ip ospf process" command, for this to take effect
R2(config-router)#end
R2#clear ip ospf process
Reset ALL OSPF processes? [no]: y
R2#
R3(config)#router ospf 3
R3(config-router)#router-id 3.3.3.3
Reload or use "clear ip ospf process" command, for this to take effect
R3(config-router)#end
R3#clear ip ospf process
Reset ALL OSPF processes? [no]: y
R3#
CCNA 640-802
Page 62 of 127
R1
Default Route
R1(config)#int lo 1
R1(config-if)#ip address 172.20.0.1255.255.255.252
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 lo 1
R1(config)#router ospf 1
R1(config-router)#default-information originate
CCNA 640-802
Page 63 of 127
Default Type E2
metric
Type E1
R1(config)#router ospf 1
R1(config-router)#default-information originate metric-type 1
R1(config-router)#
CCNA 640-802
Page 64 of 127
E1
R1(config)#router ospf 1
O P
IA(International Area)
Loopback Interface
Area
Network
Classful
R1(config)#int lo 1
R1(config-if)#ip ospf network point-to-point
R2(config)#int lo 2
R2(config-if)#ip ospf network point-to-point
R3(config)#int lo 3
R3(config-if)#ip ospf network point-to-point
R3(config)#int lo 100
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int lo 101
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int lo 102
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int lo 103
R3(config-if)#ip ospf network point-to-point
CCNA 640-802
Page 65 of 127
Network
Route
Main Area
Route
Router
Virtual Link
Router-Id
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
Reload or use "clear ip ospf process" command, for this to take effect
R1(config-router)#end
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: y
R1#
R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
Reload or use "clear ip ospf process" command, for this to take effect
R2(config-router)#end
R2#clear ip ospf process
Reset ALL OSPF processes? [no]: y
R2#conf t
R2(config)#router ospf 1
R2(config-router)#area 23 virtual-link 3.3.3.3
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
Reload or use "clear ip ospf process" command, for this to take effect
R3(config-router)#exit
R3(config)#end
R3#clear ip ospf process
Reset ALL OSPF processes? [no]: y
R3#
R3(config)#router ospf 1
R3(config-router)#area 23 virtual-link 2.2.2.2
Virtual Link
CCNA 640-802
R3
Network
R1
Page 66 of 127
Network
Area
Virtual Link
R3
Loopback Interface
Route Summarize
R3(config)#router ospf 1
R3(config-router)#area 100 range 192.168.100.0 255.255.252.0
Multiaccess Network
Multiaccess Network
Shared Media
Devices
Point-to-Point
Boradcast Multiaccess
Point-to-multipoint
Virtual links
CCNA 640-802
Page 67 of 127
Designated Router( DR )
OSPF Multiple access networks
Router
DR
Router
BDR
Router
BDR
DR
Network
LSA
DR Router
DR
Routers
Priority
( Multiaccess Network
Point-to-Point Network
Router
Routers
Router_ID
Exercise
R1(config)#int f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#router ospf 1
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R1(config-router)#exit
CCNA 640-802
Page 68 of 127
Router Priority
LSA
R2(config)#int f0/0
R2(config-if)#ip add 192.168.1.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#router ospf 1
R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
R2(config-router)#exit
R3(config)#int f0/0
R3(config-if)#ip add 192.168.1.3 255.255.255.0
R3(config-if)#no shut
R3(config-if)#int f0/1
R3(config-if)#ip add 192.168.2.3 255.255.255.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#router ospf 1
R3(config-router)#network 192.168.1.0 0.0.0.255 area 0
R3(config-router)#network 192.168.2.0 0.0.0.255 area 0
R3(config-router)#exit
R4(config)#int f0/0
R4(config-if)#ip add 192.168.1.4 255.255.255.0
R4(config-if)#no shut
R4(config-if)#exit
R4(config)#router ospf 1
R4(config-router)#network 192.168.1.0 0.0.0.255 area 0
R4(config-router)#exit
R5(config)#int f0/0
R5(config-if)#ip add 192.168.2.5 255.255.255.0
R5(config-if)#no shut
R5(config-if)#exit
R5(config)#router ospf 1
R5(config-router)#network 192.168.2.0 0.0.0.255 area 0
R5(config-router)#exit
R3
CCNA 640-802
192.168.1.3
192.168.2.3
Page 69 of 127
IP
192.168.2.3
ID
Router ID
CCNA 640-802
Loopback Address
DR, BDR
Page 70 of 127
Router
Network
Router
DR
Router down
DROTHER
Routers
DR, BDR
Router
Priority
R1(config)#int lo 0
R1(config-if)#ip add 111.111.111.1 255.255.255.255
R1(config-if)#
R2(config)#int lo 0
R2(config-if)#ip add 111.111.111.2 255.255.255.255
R2(config-if)#
R3(config)#int lo 0
R3(config-if)#ip add 111.111.111.3 255.255.255.255
R3(config-if)#
R4(config)#int lo 0
R4(config-if)#ip add 111.111.111.4 255.255.255.255
R4(config-if)#
R5(config)#int lo 0
R5(config-if)#ip add 111.111.111.5 255.255.255.255
R5(config-if)#
R6(config)#int f0/0
R6(config-if)#ip add 192.168.1.6 255.255.255.0
R6(config-if)#no shut
R6(config-if)#int lo 0
R6(config-if)#ip add 111.111.111.6 255.255.255.255
R6(config-if)#exit
R6(config)#router ospf 1
R6(config-router)#network 192.168.1.0 0.0.0.255 area 0
R6(config-router)#exit
R6
Project
CCNA 640-802
Router ID
Page 71 of 127
BDR
Priority
( 0-255)
R3(config)#int f0/0
R3
Network
DR
Priority
Router
Priority
BDR
DR
R1(config)#int f0/0
R1(config-if)#ip ospf priority 100
R6(config)#int f0/0
Performance
Priority
RIP
Router
O P
CCNA 640-802
Page 72 of 127
DR, BDR
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 172.16.0.0
R1(config-router)#network 192.168.48.0
R1(config-router)#network 192.168.49.0
R1(config-router)#network 192.168.50.0
R1(config-router)#network 192.168.51.0
R1(config-router)#network 192.168.70.0
R1(config-router)#no auto-summary
R1(config-router)#exit
R1(config)#int lo 0
R1(config-if)#ip ospf network point-to-point
Lookback address
R1(config-if)#int lo 48
R1(config-if)#ip ospf network point-to-point
R1(config-if)#int lo 49
R1(config-if)#ip ospf network point-to-point
R1(config-if)#int lo 50
R1(config-if)#ip ospf network point-to-point
R1(config-if)#int lo 51
R1(config-if)#ip ospf network point-to-point
R1(config-if)#int lo 70
R1(config-if)#ip ospf network point-to-point
R1(config-if)#
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 172.16.0.0
R2(config-router)#no auto-summary
R2(config-router)#passive-interface s0/1
R2(config-router)#exit
R2(config)#router ospf 1
R2(config-router)#network 172.16.23.0 0.0.0.255 area 0
R2(config-router)#passive-interface s0/0
R2(config-router)#exit
R2(config)#int lo 0
R2(config-if)#ip ospf network point-to-point
R2(config-if)#exit
R2(config)#router rip
RIP Protocol
Default metric
CCNA 640-802
metric
OSPF
Redistribute
count
hop count
Page 73 of 127
hop
R2(config-router)#exit
R2(config)#router ospf 1
OSPF Protocol
cost
rip
subnets
R2(config-router)#
default
E1
R3(config)#router ospf 1
R3(config-router)#network 172.16.23.0 0.0.0.255 area 0
R3(config-router)#network 172.16.3.0 0.0.0.255 area 0
R3(config-router)#network 192.168.0.0 0.0.255.255 area 0
R3(config-router)#exit
R3(config)#int lo 0
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int lo 20
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int lo 25
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int lo 30
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int lo 35
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int lo 40
R3(config-if)#ip ospf network point-to-point
CCNA 640-802
metric
Page 74 of 127
EIGRP
O P
R2(config)#router eigrp 10
Reliability
Load
R2(config-router)#exit
R2(config)#router ospf 1
R2(config-router)#redistribute eigrp 10 subnets
R2(config-router)#exit
Switching Commands
CCNA 640-802
Page 75 of 127
? command (help)
Switch>?
User mode
command
Command Modes
Switch>
User Mode
Switch>enable
Switch#exit
<or>
User Mode
Switch#disable
Switch#configure terminal
show Commands
Switch#sh mac address-table
Switch#show running-config
Current Configuration
Switch#show startup-config
clear
save
Configuration
Global Mode
Switch(config)#hostname S1
Password
Switch(config)#enable password cisco
Admin Mode
Admin Mode
Switch(config)#line console 0
Console port
Switch(config-line)#login local
User database
Switch(config-line)#exit
Sub Interface
Switch(config)#line vty 0 4
Telnet
Switch(config-line)#login local
User database
Switch(config-line)#exit
Sub Interface
password
login
password
login
VLAN Command
Switch(config)#vlan 10
VLAN database
Switch(config-vlan)#name Account
VLAN
Switch(config-vlan)#exit
VLAN database
Switch(config)#interface f0/1
(or)
Interface f0/1
VLAN
Interface f0/1
f0/3
Switchport
VLAN 10
Exercise
CCNA 640-802
Page 76 of 127
VLAN
Port Security
PC1
PC4
Switch>en
Admin Mode
Mac Address
-----------
Type
--------
Ports
-----
0002.4a52.27bd
DYNAMIC
Fa0/2
000b.beac.acd4
DYNAMIC
Fa0/3
00d0.5849.4426
DYNAMIC
Fa0/1
Switch#conf t
Switch(config)#hostname S1
Switch
Global Mode
Port range
S1(config-if-range)#switchport port-security
Port-Security
S1(config-if-range)#switchport port-security ?
Port-Security
host
Password
Command
Port
Mac Address 1
CCNA 640-802
Page 77 of 127
Mac
Security Mode
Mac Table
Address
S1(config-if-range)#end
S1#sh port-security address
Mac Address
Type
Ports
Remaining Age
---
-----------
----
00D0.5849.4426
SecureSticky
FastEthernet0/1
0002.4A52.27BD SecureSticky
FastEthernet0/2
000B.BEAC.ACD4 SecureSticky
FastEthernet0/3
(mins)
-----
-------------
:0
Max Addresses limit in System (excluding one mac per port) : 1024
S1#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count)
(Count)
(Count)
-------------------------------------------------------------------Fa0/1
Shutdown
Fa0/2
Shutdown
Fa0/3
Shutdown
----------------------------------------------------------------------
CCNA 640-802
Page 78 of 127
Port Security
Violation Count
port shutdown
S1#sh port-security
PC1
Violation Count 1
Action
(Count)
(Count)
(Count)
-------------------------------------------------------------------Fa0/1
Shutdown
Fa0/2
Shutdown
Fa0/3
Shutdown
Port
: Enabled
Port Status
: Secure-shutdown
Violation Mode
: Shutdown
Aging Time
: 0 mins
Aging Type
: Absolute
:1
:1
:0
:1
: 00E0.A377.D11D:1
:1
S1#conf t
S1(config)#int f0/1
S1(config-if)#shutdown
S1(config-if)#no shut
Switch
CCNA 640-802
Password
Page 79 of 127
PC4
port shutdown
Router
Router>en
Admin Mode
Router#conf t
G b
Interface f0/0
Router(config-if)#no shut
Interface
Router(config-if)#exit
Sub Interface
Router(config)#int f0/1
Interface f0/1
Router(config-if)#no shut
Interface
Router(config-if)#exit
Sub Interface
Router(config)#exit
Global Mode
Router#write
Current Configuration
Switch
Switch>en
Admin Mode
Switch#conf t
Admin Mode
Switch(config)#line con 0
Console
pas
P
Switch(config-line)#login local
Switch(config-line)#exit
Sub Interface
User Account
cretate
Switch
IP
Switch(config-if)#no shut
Switch(config-if)#exit
Sub Interface
Switch(config)#line vty 0 4
Telnet
Switch(config-line)#login local
Switch(config-line)#exit
Switch(config)#ip default-gateway 192.168.1.1
Switch(config)#do write
Sub Interface
Netwrok
Current Configuration
Building configuration...
[OK]
Switch 1
PC>telnet 192.168.2.5
Trying 192.168.2.5 ...Open
User Access Verification
Username:
CCNA 640-802
Page 80 of 127
1.Power Off
Putty
setting
Mode button
prompt switch:
switch:
3.Enter swtich:flash_init
flash_init Command
Switch
Power
Power
config.text file
Switch
Restart
7. Switch>en
Switch#copy flash:config.old running-config
Config file
Setting
copy
password
VLAN Trunking
1.
2.
IEEE 802.1q
Switch(config)#vlan 99
Native Vlan
Switch(config-vlan)#name native
Switch(config-vlan)#exit
Switch(config)#interface fastethernet0/1
Interface f0/1
Trunk Port
Trunk Link
CCNA 640-802
Page 81 of 127
N
vlan
VLAN Hopping
VLAN hopping is a computer security exploit, a method of attacking networked resources on a Virtual
LAN(VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain
access to traffic on other VLANs that would normally not be accessible. There are two primary methods of
VLAN hopping: switch spoofing and double tagging. Both attack vectors can be easily mitigated with proper
switchport configuration.
Switch spoofing
In a switch spoofing attack, an attacking host imitates a trunking switch by speaking the tagging and trunking
protocols (e.g. Multiple VLAN Registration Protocol, IEEE 802.1Q, VLAN Trunking Protocol) used in maintaining
a VLAN. Traffic for multiple VLANs is then accessible to the attacking host.
Mitigation
Switch spoofing can only be exploited when interfaces are set to negotiate a trunk. To prevent this attack on
Cisco IOS, use one of the following methods[1]:
1. Ensure that ports are not set to negotiate trunks automatically.
Switch(config-if)# switch trunk nonegotiate
2. Ensure that ports that are not meant to be trunks are explicitly configured as access ports
Switch(config-if)# switch mode access
Double tagging
In a double tagging attack, an attacking host connected on a dot1q interface prepends two VLAN tags to
packets that it transmits. The packet (which corresponds to the VLAN that the attacker is really a member of)
is forwarded without the first tag, because it is the native VLAN. The second (false) tag is then visible to the
second switch that the packet encounters. This false VLAN tag indicates that the packet is destined for a target
host on a second switch. The packet is then sent to the target host as though it originated on the target VLAN
bypassing the network mechanisms that logically isolate VLANs from one another. However, this attack allows
to send packets toward the second switch, but possible answers are not forwarded to the attacking host.
Mitigation
Double Tagging can only be exploited when switches use "Native VLANs" [2]. Ports with a specific access VLAN
(the native VLAN) don't apply a VLAN tag when sending frames, allowing the attacker's fake VLAN tag to be
CCNA 640-802
Page 82 of 127
read by the next switch. It is always good practice to do one of the following (With sample IOS interface
configuration):
1. Simply do not put any hosts on VLAN 1 (The default VLAN). i.e., assign an access VLAN other than VLAN 1
to every access port
Switch(config-if)# switch access vlan 2
2. Change the native VLAN on all trunk ports to an unused VLAN ID.
Switch(config-if)# switchport trunk native vlan 999
3. Explicit tagging of the native VLAN on all trunk ports.
Switch(config-if)# switchport trunk native vlan tag
Example
As an example of a double tagging attack, consider a secure web server on a VLAN called VLAN1. Hosts on
VLAN1 are allowed access to the web server; hosts from outside the VLAN are blocked by layer 3 filters. An
attacking host on a separate VLAN, called VLAN2, creates a specially formed packet to attack the web server.
It places a header tagging the packet as belonging to VLAN2 on top of another header tagging the packet as
belonging to VLAN1. When the packet is sent, the switch on VLAN2 sees the VLAN2 header and removes it,
and forwards the packet. The VLAN2 switch expects that the packet will be treated as a standard TCP packet
by the switch on VLAN1. However, when the packet reaches VLAN1, the switch sees a tag indicating that the
packet is part of VLAN1, and so bypasses the layer 3 handling, treating it as a layer 2 packet on the same
logical VLAN. The packet thus arrives at the target server as though it was sent from another host on VLAN1,
ignoring any layer 3 filtering that might be in place.
CCNA 640-802
Page 83 of 127
Switch 1 to 5
Switch>en
Admin Mode
Switch#conf t
Global Mode
VLAN Database 10
Switch(config-vlan)#name HR
VLAN Database
Switch(config-vlan)#vlan 20
VLAN Database 20
Switch(config-vlan)#name Sale
VLAN Database
Switch(config-vlan)#vlan 30
VLAN Database 30
Switch(config-vlan)#name Manager
VLAN Database
Switch(config-vlan)#vlan 40
VLAN Database 40
Switch(config-vlan)#name Account
VLAN Database
Switch(config-vlan)#vlan 50
VLAN Database 50
Switch(config-vlan)#name Operation
VLAN Database
Switch(config-vlan)#vlan 60
VLAN Database 60
Switch(config-vlan)#name Security
VLAN Database
Name
Name
Name
Name
Name
Name
Switch(config-vlan)#exit
Switch(config)#
Switch(config)#int f0/2
Interface f0/2
Switch(config-if)#switchport port-security
Port Security
CCNA 640-802
Page 84 of 127
vlan
VLAN 10
Switch(config-if)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security violation protect
Switch(config-if)#switchport access vlan 20
Switch(config-if)#int f0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security violation protect
Switch(config-if)#switchport access vlan 30
Switch(config-if)#int f0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security violation protect
Switch(config-if)#switchport access vlan 40
Switch(config-if)#int f0/6
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security violation protect
Switch(config-if)#switchport access vlan 50
Switch(config-if)#int f0/7
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security violation protect
Switch(config-if)#switchport access vlan 60
Switch(config-if)#int f0/1
Interface f0/1
Trunk L
f0/24
Switch(config-if-range)#shutdown
Port
Shutdown
Router
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Interface f0/0
Router(config-if)#no shutdown
Interface
Router(config-if)#int f0/0.10
F0/0
VLAN
CCNA 640-802
Page 85 of 127
subinterface create
dot1Q
Route
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip add 192.168.20.1 255.255.255.0
Router(config-subif)#int f0/0.30
Router(config-subif)#encapsulation dot1Q 30
Router(config-subif)#ip add 192.168.30.1 255.255.255.0
Router(config-subif)#int f0/0.40
Router(config-subif)#encapsulation dot1Q 40
Router(config-subif)#ip add 192.168.40.1 255.255.255.0
Router(config-subif)#int f0/0.50
Router(config-subif)#encapsulation dot1Q 50
Router(config-subif)#ip add 192.168.50.1 255.255.255.0
Router(config-subif)#int f0/0.60
Router(config-subif)#encapsulation dot1Q 60
Router(config-subif)#ip add 192.168.60.1 255.255.255.0
Router(config-subif)#exit
Router(config)#ip dhcp excluded-address 192.168.10.1
Excluded Address
192.168.10.10
Router(config)#ip dhcp excluded-address 192.168.20.1
192.168.20.10
Router(config)#ip dhcp excluded-address 192.168.30.1
192.168.30.10
Router(config)#ip dhcp excluded-address 192.168.40.1
192.168.40.10
Router(config)#ip dhcp excluded-address 192.168.50.1
192.168.50.10
Router(config)#ip dhcp excluded-address 192.168.60.1
192.168.60.10
Router(config)#ip dhcp pool vlan10
Router(dhcp-config)#network 192.168.10.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.10.1
Router(dhcp-config)#ip dhcp pool vlan20
VLAN
CCNA 640-802
Page 86 of 127
PP
Intervlan Routing with Layer3 Switch (Routing with virtual interface lan)
L3(config)#vlan 10
Vlan
L3(config-vlan)#name Account
L3(config-vlan)#vlan 20
L3(config-vlan)#name HR
L3(config-vlan)#vlan 99
L3(config-vlan)#name Native_Trunk
L3(config-vlan)#exit
L3(config)#int range f0/1-2
Interface f0/1&f0/2
dot1q trunk
Trunk mode
Trunk Link
enable
N
Vlan 10,20
L3(config-if-range)#exit
L3(config)#int vlan 10
Virtual Interface 10
Route
L3(config-if)#int vlan 20
L3(config-if)#ip add 192.168.20.1 255.255.255.0
L3(config-if)#exit
L3(config)#ip routing
Vlan
IP Addresses
CCNA 640-802
Page 87 of 127
IP
Vlan
CCNA 640-802
Page 88 of 127
DHCP Scope
P
b
Switch(config)#int f0/1
Interface f0/1
Trunk Link
Neighbors Interface
b
Interface
Trunk
Neighbors Interface
Switch(config-if)#switchport nonegotiate
DTP
Interface
Trunk
Default
Switch
VTP Server
VTP Server
Client
CCNA 640-802
Page 89 of 127
Domain-name
1-32 Characters
Remark-
Switch
domain-name
password
Communicate
Switch(config)#vtp password p@ssw0rd
Switch(config)#vtp pruning
Mode 1
VTP Server
Enable
VTP pruning function use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown,
and flooded unicast packets. VTP pruning save and increases available bandwidth by restricting flooded traffic
to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP
pruning is disabled. VTP pruning does not prune traffic from VLANs that are pruning-ineligible.
What VTP Pruning does,
VLAN 1(default) is always pruning-ineligible, meaning traffic from VLAN 1 cannot be pruned in any
situation.
Pruning eligibility is based only on the VLANs that need the given broadcast information across the
trunks. It is not related with the number of ports assigned to that VLAN.
VTP Pruning does not change, add, or delete the VLANs in a VTP domain, it simply reduces the
broadcast and multicast traffic.
VTP version 2 and VTP version 1 are not interoperable on network devices in the same
VTP domain. Every network device in the VTP domain must use the same VTP version.
Do not enable VTP version 2 unless every network device in the VTP domain supports
version 2.
VTP Configuration
VTP Couters
VTP Advertisements
Summary advertisements VTP Server
Clients
5min
CCNA 640-802
P
sent
update
VTP Server
Page 90 of 127
Remark- VTP
No
Revision No
Switch
Network
L N
Update
b
Revision
Layer3 Switch
Switch(config)#hostname L3
L3(config)#int range f0/1-2
L3(config-if-range)#switchport trunk encapsulation dot1q
L3(config-if-range)#switchport mode trunk
L3(config-if-range)#exit
L3(config)#vtp mode server
L3(config)#vtp domain cisco
VTP Configuration
L3(config-vlan)#name Account
description
L3(config-vlan)#vlan 50
L3(config-vlan)#name Operation
L3(config-vlan)#vlan 60
L3(config-vlan)#name Security
L3(config)#vlan 99
L3(config-vlan)#name Native_Trunk
CCNA 640-802
Page 91 of 127
L3(config-vlan)#exit
L3(config-if-range)#int range f0/1-2
native
vlan
L3(config-if-range)#exit
L3(config)#int vlan 10
L3(config-if)#ip add 192.168.10.1 255.255.255.0
L3(config-if)#int vlan 20
L3(config-if)#ip add 192.168.20.1 255.255.255.0
L3(config-if)#int vlan 30
L3(config-if)#ip add 192.168.30.1 255.255.255.0
L3(config-if)#int vlan 40
L3(config-if)#int vlan 50
L3(config-if)#ip add 192.168.50.1 255.255.255.0
L3(config-if)#int vlan 60
L3(config-if)#ip add 192.168.60.1 255.255.255.0
L3(config-if)#exit
L3(config)#ip routing
L3(config)#int f0/3
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 10
L3(config-if)#int f0/4
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 20
L3(config-if)#int f0/5
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 30
L3(config-if)#int f0/6
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 40
L3(config-if)#int f0/7
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
CCNA 640-802
Page 92 of 127
(SW2 Configuration
Switch(config)#hostname SW2
SW2(config)#int range f0/1-2
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#exit
SW2(config)#vtp mode client
CCNA 640-802
Page 93 of 127
CCNA 640-802
Page 94 of 127
L3(config)#vlan 10
L3(config-vlan)#name HR
L3(config-vlan)#vlan 20
L3(config-vlan)#name Sale
L3(config-vlan)#vlan 30
L3(config-vlan)#name Manager
L3(config-vlan)#vlan 40
L3(config-vlan)#name Account
L3(config-vlan)#vlan 50
L3(config-vlan)#name Operation
L3(config-vlan)#vlan 60
L3(config-vlan)#name Security
L3(config-vlan)#vlan 99
L3(config-vlan)#name Native
L3(config-vlan)#exit
L3(config)#vtp mode server
L3(config)#vtp domain cisco
L3(config)#vtp password cisco
CCNA 640-802
Page 95 of 127
VOIP
L3(config-if)#int f0/4
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 20
L3(config-if)#switchport voice vlan 20
L3(config-if)#int f0/5
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 30
L3(config-if)#switchport voice vlan 30
L3(config-if)#int f0/6
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 40
L3(config-if)#switchport voice vlan 40
L3(config-if)#int f0/7
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 50
L3(config-if)#switchport voice vlan 50
L3(config-if)#int f0/8
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
CCNA 640-802
Page 96 of 127
CCNA 640-802
Page 97 of 127
IP
CCNA 640-802
Page 98 of 127
switchport mode
SWA(config-if)#switchport port-security
SWA(config-if)#switchport port-security violation protect
SWA(config-if)#switchport access vlan 20
SWA(config-if)#switchport voice vlan 20
SWA(config-if)#int f0/5
SWA(config-if)#switchport mode access
SWA(config-if)#switchport port-security
SWA(config-if)#switchport port-security violation protect
SWA(config-if)#switchport access vlan 30
SWA(config-if)#switchport voice vlan 30
SWA(config-if)#int f0/6
SWA(config-if)#switchport mode access
SWA(config-if)#switchport port-security
SWA(config-if)#switchport port-security violation protect
SWA(config-if)#switchport access vlan 40
SWA(config-if)#switchport voice vlan 40
SWA(config-if)#int f0/7
SWA(config-if)#switchport mode access
SWA(config-if)#switchport port-security
SWA(config-if)#switchport port-security violation protect
SWA(config-if)#switchport access vlan 50
SWA(config-if)#switchport voice vlan 50
SWA(config-if)#int f0/8
SWA(config-if)#switchport mode access
SWA(config-if)#switchport port-security
SWA(config-if)#switchport port-security violation protect
SWA(config-if)#switchport access vlan 60
SWA(config-if)#switchport voice vlan 60
SWA(config-if)#int range f0/9 - 24
SWA(config-if-range)#shutdown
SWB(config)#vtp mode server
SWB(config)#vtp password cisco
SWB(config)#int f0/2
SWB(config-if)#switchport mode access
SWB(config-if)#switchport port-security
SWB(config-if)#switchport port-security violation protect
SWB(config-if)#switchport access vlan 10
SWB(config-if)#switchport voice vlan 10
SWB(config-if)#int f0/3
SWB(config-if)#switchport mode access
SWB(config-if)#switchport port-security
SWB(config-if)#switchport port-security violation protect
CCNA 640-802
Page 99 of 127
CCNA 640-802
CCNA 640-802
10,20,30,40,50,60
SWD(config-if)#switchport nonegotiate
SWD(config-if)#int f0/2
SWD(config-if)#switchport mode access
SWD(config-if)#switchport port-security
SWD(config-if)#switchport port-security violation protect
SWD(config-if)#switchport access vlan 10
SWD(config-if)#switchport voice vlan 10
SWD(config-if)#int f0/3
SWD(config-if)#switchport mode access
SWD(config-if)#switchport port-security
SWD(config-if)#switchport port-security violation protect
SWD(config-if)#switchport access vlan 20
SWD(config-if)#switchport voice vlan 20
SWD(config-if)#int f0/4
SWD(config-if)#switchport mode access
SWD(config-if)#switchport port-security
SWD(config-if)#switchport port-security violation protect
SWD(config-if)#switchport access vlan 30
SWD(config-if)#switchport voice vlan 30
SWD(config-if)#int f0/5
SWD(config-if)#switchport mode access
SWD(config-if)#switchport port-security
SWD(config-if)#switchport port-security violation protect
SWD(config-if)#switchport access vlan 40
SWD(config-if)#switchport voice vlan 40
SWD(config-if)#int f0/6
SWD(config-if)#switchport mode access
SWD(config-if)#switchport port-security
SWD(config-if)#switchport port-security violation protect
SWD(config-if)#switchport access vlan 50
SWD(config-if)#switchport voice vlan 50
SWD(config-if)#int f0/7
SWD(config-if)#switchport mode access
SWD(config-if)#switchport port-security
SWD(config-if)#switchport port-security violation protect
SWD(config-if)#switchport access vlan 60
SWD(config-if)#switchport voice vlan 60
SWD(config-if)#int range f0/8 -24
SWD(config-if-range)#shutdown
CME(config)#int f0/0
CME(config-if)#ip add 192.168.0.1 255.255.255.252
CCNA 640-802
CME(config-if)#no shut
CME(config-if)#exit
CME(config)#ip route 10.10.10.0 255.255.255.0 f0/0
CME(config)#ip route 10.10.20.0 255.255.255.0 f0/0
CME(config)#ip route 10.10.30.0 255.255.255.0 f0/0
CME(config)#ip route 10.10.40.0 255.255.255.0 f0/0
CME(config)#ip route 10.10.50.0 255.255.255.0 f0/0
CME(config)#ip route 10.10.60.0 255.255.255.0 f0/0
CME(config)#telephony-service
Phone Service
CME(config-telephony)#max-dn 30
Ph.ext
CME(config-telephony)#max-ephones 30
Ph.
CME(config-telephony)#exit
CME(config)#ephone-dn 1
CME(config-ephone-dn)#number 9101
Ph extension
CME(config-ephone-dn)#ephone-dn 2
CME(config-ephone-dn)#number 9102
CME(config-ephone-dn)#ephone-dn 3
CME(config-ephone-dn)#number 9103
CME(config-ephone-dn)#ephone-dn 4
CME(config-ephone-dn)#number 9104
CME(config-ephone-dn)#ephone-dn 5
CME(config-ephone-dn)#number 9105
CME(config-ephone-dn)#ephone-dn 6
CME(config-ephone-dn)#number 9201
CME(config-ephone-dn)#ephone-dn 7
CME(config-ephone-dn)#number 9202
CME(config-ephone-dn)#ephone-dn 8
CME(config-ephone-dn)#number 9203
CME(config-ephone-dn)#ephone-dn 9
CME(config-ephone-dn)#number 9204
CME(config-ephone-dn)#ephone-dn 10
CME(config-ephone-dn)#number 9205
CME(config-ephone-dn)#ephone-dn 11
CME(config-ephone-dn)#number 9301
CME(config-ephone-dn)#ephone-dn 12
CME(config-ephone-dn)#number 9302
CME(config-ephone-dn)#ephone-dn 13
CME(config-ephone-dn)#number 9303
CME(config-ephone-dn)#ephone-dn 14
CME(config-ephone-dn)#number 9304
CCNA 640-802
CME(config-ephone-dn)#ephone-dn 15
CME(config-ephone-dn)#number 9305
CME(config-ephone-dn)#ephone-dn 16
CME(config-ephone-dn)#number 9401
CME(config-ephone-dn)#ephone-dn 17
CME(config-ephone-dn)#number 9402
CME(config-ephone-dn)#ephone-dn 18
CME(config-ephone-dn)#number 9403
CME(config-ephone-dn)#ephone-dn 19
CME(config-ephone-dn)#number 9404
CME(config-ephone-dn)#ephone-dn 20
CME(config-ephone-dn)#number 9405
CME(config-ephone-dn)#ephone-dn 21
CME(config-ephone-dn)#number 9501
CME(config-ephone-dn)#ephone-dn 22
CME(config-ephone-dn)#number 9502
CME(config-ephone-dn)#ephone-dn 23
CME(config-ephone-dn)#number 9503
CME(config-ephone-dn)#ephone-dn 24
CME(config-ephone-dn)#number 9504
CME(config-ephone-dn)#ephone-dn 25
CME(config-ephone-dn)#number 9505
CME(config-ephone-dn)#ephone-dn 26
CME(config-ephone-dn)#number 9601
CME(config-ephone-dn)#ephone-dn 27
CME(config-ephone-dn)#number 9602
CME(config-ephone-dn)#ephone-dn 28
CME(config-ephone-dn)#number 9603
CME(config-ephone-dn)#ephone-dn 29
CME(config-ephone-dn)#number 9604
CME(config-ephone-dn)#ephone-dn 30
CME(config-ephone-dn)#number 9605
CME(config-ephone-dn)#exit
CME(config)#ephone 1
CME(config-ephone)#type cipc
Type = softphone
CME(config-ephone)#mac-address 000A.F3CA.14B1
CME(config-ephone)#button 1:1
Ext no.
CME(config-ephone)#ephone 2
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0001.638E.60BA
CME(config-ephone)#button 1:2
CCNA 640-802
(9101)
CME(config-ephone)#ephone 3
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0090.0CE6.AC8A
CME(config-ephone)#button 1:3
CME(config-ephone)#ephone 4
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 00E0.A353.5EBA
CME(config-ephone)#button 1:4
CME(config-ephone)#ephone 5
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 000A.F390.BBE5
CME(config-ephone)#button 1:5
CME(config-ephone)#ephone 6
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0001.4248.E46A
CME(config-ephone)#button 1:6
CME(config-ephone)#ephone 7
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 000B.BE10.4336
CME(config-ephone)#button 1:7
CME(config-ephone)#ephone 8
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 00D0.5897.0895
CME(config-ephone)#button 1:8
CME(config-ephone)#ephone 9
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0002.4AED.6AB6
CME(config-ephone)#button 1:9
CME(config-ephone)#ephone 10
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0007.ECA4.8CCE
CME(config-ephone)#button 1:10
CME(config-ephone)#ephone 11
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 00E0.F7A2.2543
CME(config-ephone)#button 1:11
CME(config-ephone)#ephone 12
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 00D0.9793.B500
CME(config-ephone)#button 1:12
CME(config-ephone)#ephone 13
CME(config-ephone)#type cipc
CCNA 640-802
CME(config-ephone)#mac-address 0030.A316.ABB3
CME(config-ephone)#button 1:13
CME(config-ephone)#ephone 14
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 00E0.B013.C2B3
CME(config-ephone)#button 1:14
CME(config-ephone)#ephone 15
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 000A.41D9.9A33
CME(config-ephone)#button 1:15
CME(config-ephone)#ephone 16
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0001.9769.0AE8
CME(config-ephone)#button 1:16
CME(config-ephone)#ephone 17
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0009.7C9C.1A52
CME(config-ephone)#button 1:17
CME(config-ephone)#ephone 18
CME(config-ephone)#mac-address 0010.1112.9D99
CME(config-ephone)#button 1:18
CME(config-ephone)#type cipc
CME(config-ephone)#ephone 19
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0005.5E26.516A
CME(config-ephone)#button 1:19
CME(config-ephone)#ephone 20
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 000B.BEED.0C31
CME(config-ephone)#button 1:20
CME(config-ephone)#ephone 21
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 00D0.FF90.81C4
CME(config-ephone)#button 1:21
CME(config-ephone)#ephone 22
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0010.11EA.B09D
CME(config-ephone)#button 1:22
CME(config-ephone)#
CME(config-ephone)#ephone 23
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 00D0.BA28.A209
CCNA 640-802
CME(config-ephone)#button 1:23
CME(config-ephone)#ephone 24
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0002.4A8C.6226
CME(config-ephone)#button 1:24
CME(config-ephone)#ephone 25
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 00D0.5854.800C
CME(config-ephone)#button 1:25
CME(config-ephone)#ephone 26
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 000D.BDDC.7A11
CME(config-ephone)#button 1:26
CME(config-ephone)#ephone 27
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0001.97A0.3065
CME(config-ephone)#button 1:27
CME(config-ephone)#ephone 28
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0002.1654.4B8B
CME(config-ephone)#button 1:28
CME(config-ephone)#ephone 29
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0006.2AE5.4C38
CME(config-ephone)#button 1:29
CME(config-ephone)#ephone 30
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 00D0.FF4E.969A
CME(config-ephone)#button 1:30
CME(config-ephone)#exit
CME(config)#telephony-service
CME(config-telephony)#ip source-address 192.168.0.1 port
2000
CCNA 640-802
Switch to Switch
recover
Backup
P
Data
Port
Root Port
Root Bridge
Link
Desg Port
P
Link
Forwarded Port
Path Cost
Down
BLK port
P
Switch
Root Bridge
(0-61440)
Priority
2. Priority
4-bit
Mac Address
Switch
Switch
Port
Switch(config)#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Priority
Address
32769
0001.6435.13E5
Prio.Nbr Type
Desg FWD 19
128.2
P2p
Fa0/1
Desg FWD 19
128.1
P2p
CCNA 640-802
Path Cost
Switch
P
Path
Cost
10 GB
1 GB
100 MB
19
10 MB
100
Port No.
Port No.
Non-Root Switch
Link
Acti
Root Port
Down
20s, Forwarding
15s
MAC Learning
19+19
CCNA 640-802
Switch
every 2s
Link Down
Cost 19
BLK Port
Root Bridge
Root Bridge
10
Backup Link
15s
50s
P
Mac Address
Path Cost
Port
Switch
Root Bridge
Neighbor Switch
Root Port
Mac Address
Access Layer
Core Layer
Priority
Switch
Data
Root Bridge
Root Bridge
CCNA 640-802
Mac Address
Switch
Access Layer
Vlan
Root Primary
BLK Port
Rapid PVST
Rapid PVST
Backup Link
2s
P
Switch(config)#spanning-tree mode rapid-pvst
CCNA 640-802
CCNA 640-802
YGN-S3(config-if-range)#exit
YGN-S3(config)#vtp mode client
YGN-S3(config)#vtp domain cisco
YGN-S3(config)#vtp password cisco
Router
Users
instructions
ACL
1.
2.
2.
Data Packets
3.
Destination Addresses
filter
Router
CCNA 640-802
1-99
source addresses
L
interface
Destination
4.
Filter
OSI Model
Layer 3
Exercise 1
deny
Access-list
Rule
host
Destination Network
Source Network
outbound
host
Deny host
CCNA 640-802
IP
Interface
Rule
Deny
source network
Deny
192.168.1.0 Network
Network
192.168.1.255
192.168.1.128
B1(config)#
B1(config)#int f0/0
B1(config-if)#ip access-group 13 out
192.168.1.0-64
192.168.1.128-192
Deny
Deny
IP
b
B1(config)#
B1(config)#int f0/0
B1(config-if)#ip access-group 16 out
CCNA 640-802
255
Exercises
192.168.7.0 Network
CCNA 640-802
Website access
7.0 Network
0.0 Network
website
80
access-list 110 permit udp 192.168.7.0 0.0.0.255 host
website
192.168.0.10 eq 53
Service
Client
DNS
DHCP Service
(68
server
int f0/1
client
67
Access-List
Interface
ip access-group 110 in
access-list 111 deny tcp 192.168.7.0 0.0.0.255 host
Website
192.168.0.11 eq 80
deny
cisco.com website
(Remark Deny
ACL
access-list 111 permit tcp 192.168.7.0 0.0.0.255 any eq
)
website
80
access-list 111 permit udp 192.168.7.0 0.0.0.255 host
192.168.0.10 eq 53
access-list 111 permit udp any eq 68 any eq 67
int f0/1
ip access-group 111 in
access-list 111 permit icmp 192.168.7.0 0.0.0.255
7.0 Network
CCNA 640-802
2.0 Network
Ping
7.64-7.96
2.224-2.255
deny
7.100 computer
192.168.0.11 eq 21
int f0/1
ip access-group 112 in
Name Access-List
Router
CCNA 640-802
0.11
HQ(config)#line vty 0 4
HQ(config-line)#password telnet
HQ(config-line)#exit
HQ(config)#ip access-list standard John
John
John compuer
Standard ACL
HQ(config-std-nacl)#exit
HQ(config)#line vty 0 4
Telnet
HQ(config-line)#access-class John in
ACL
HQ(config-line)#exit
Computer
Server Network
Switch
Admin Mode
Password
Switch(config)#line vty 0 4
Switch(config-line)#password telnet
Password
Switch(config-line)#exit
Switch(config)#int vlan 1
Switch
IP
Switch
gateway
192.168.1.31
Switch(config-std-nacl)#exit
Switch(config)#line vty 0 4
ACL
Switch(config-line)#access-class John in
Switch(config-line)#exit
CCNA 640-802
R1#sh clock
R1(config)#clock timezone YGN 6 30
R1#clock set 19:00:00 11 Oct 2012
R1(config)#ntp master
ntp server
Time Setting
NTP Server
111.0 Network
222.0 Network
ICMP Allow
111.10 Client
222.20 Server
ICMP Deny
ACL
ACL No.
R1(config)#ip access-list extended PING
R1(config-ext-nacl)#9 deny icmp host 192.168.111.10 host 192.168.222.20 echo
R1(config-ext-nacl)#do sh access-list
CCNA 640-802
ACL No.
start no.increase count
(Time Frame
R1(config)#time-range RDP
R1(config-time-range)#?
Time range configuration commands:
absolute absolute time and date
default Set a command to its defaults
exit
no
CCNA 640-802
IT Vlan 24
B1(config)#line vty 0 4
Router
B1 Router
B1(config-line)#access-class 10 in
7.0 Guest Network
Internet Access
Allow
(HTTP,HTTPS,DNS,DHCP)
Guest Network
DNS Server
DNS Service
Guest Network
Internal website(www.abc.com)
Guest Network
Internal website(www.abc.com)
CCNA 640-802
Guest Network
Internet Website
Guest Network
Internet Website
Guest Network
DHCP Server
DHCP Service
Guest Network
Wireless
Guest Network
Wireless
Guest Network
SMTP
B2(config)#access-list 120 deny tcp 10.10.7.0 0.0.0.255 host 10.10.15.50 0.0.0.255 eq 110
L
Guest Network
POP3
Guest Network
Guest Network
B2(config)#int f0/0.17
B2(config-subif)#ip access-group 120 in
Three types of NATStatic NAT (one to one)- Mapping an unregistered IP address to a registered IP address on a one-toone basis. Particularly useful when a device needs to be accessible from outside the network.
CCNA 640-802
In static NAT, the computer with the IP address of 192.168.0.10 will always translate to 213.81.71.69:
Overloading A form of dynamic NAT that maps multiple unregistered IP addresses to a single
registered IP address by using different ports. Known also as PAT (Port Address Translation), single
address NAT or port-level multiplexed NAT.
In overloading, each computer on the private network is translated to the same IP address
(213.18.123.100) but with a different port number assignment:
CCNA 640-802
External Client
Internet
203.81.64.11
NAT(config)#int s0/0/0
10.1.0.254
translate
outside interface
NAT(config-if)#int f0/0
NAT(config-if)#ip nat inside
Int f0/0
inside interface
Wan IP
DNS Server
CCNA 640-802
Internet
WAN IP
Port
WAN IP 3
NAT
Interface
POOL
NAT(config)#int s0/0/0
NAT(config-if)#ip nat outside
NAT(config-if)#int f0/0
NAT(config-if)#ip nat inside
NAT(config-if)#int f0/1
NAT(config-if)#ip nat inside
NAT#sh ip nat translations
NAT
NAT
Internet
DNS
Allow
CCNA 640-802
Overload
PAT
CCNA 640-802