Sie sind auf Seite 1von 2

Concepts in IP Addressing value, that would be R block size for the new ports are slower connections (compared

are slower connections (compared Securing Your Cisco Devices

IP is a Layer 3 media-independent connection- subnets, which would be 10.0, 10.32, 10.64, to Ethernet) that can be used for WAN You can use Telnet/SSH to remotely manage
less protocol. Every device that is connected to 10.96, and so on. connections. a Cisco device after it has IP addresses
the network must have a unique IP address. An The number of host that can be created use the Flash is a storage location that keeps the configured on it and interfaces enabled.
IP address has two major parts: the network and formula 2Host bits – 2. If we have a network of IOS image. NVRAM is a storage location Using the command login on the vty lines
the host portions., that leaves four host bits, so we that holds the startup configuration. RAM requires the user to provide a password

The CCENT Cram Sheet

Domain Name System (DNS) is used to map would have a possibility of 24 – 2 = 14 hosts on holds the current running configuration. The when connecting via Telnet. That password
friendly names to the actual IP addresses asso- any network that had a /28 mask.Subnetting is a initial startup file in NVRAM is called startup is configured on the vty lines.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ciated with those names. process of moving the mask to the right. config. The configuration that is running in
To configure a password on all five Telnet
IPv6 uses several types of addresses, including RAM is called running config.
This Cram Sheet contains key facts about the ICND1/CCENT exam. Review this information as IPv4 uses a 32-bit number represented as four lines, you use configuration commands
octets separated by periods, called dotted- global unicast (which ranges from 2000 through 1. POST (power-on self-test): Device finds similar to the following:
the last thing you do before you enter the testing center, paying special attention to those areas
decimal. IPv6 uses 128-bit numbers represented 3FFF), link local unicast addresses (which begin hardware and performs hardware-checking
in which you think that you need the most review. You can transfer any of these facts from your routines. Router(config)#line vty 0 4
head onto a blank sheet of paper immediately before you begin the exam. in eight groups of four hexadecimal characters with FE80) and multicast addresses (which begin
each, separated by colons. Both IPv4 and IPv6 with FF). Transition strategies include tunnel- 2. Locate IOS. Router(config-line)#password cisco
Networking Fundamentals use a mask to identify how many bits going from ing, dual stacking, and protocol translation. An 3. Load IOS.
Physical components for a network include hosts, connections, switches, and routers. Physical left to right are being used to identify the net- anycast address is similar to unicast except that 4. Locate configuration (startup config).
topology describes the layout of the physical components. A logical topology communicates work. Bits not used to identify the network are anycast packets will go to the one host that is 5. Load configuration (running config).
how the data flows through the network. used to identify hosts on that specific network. closest as determined by the routing protocol Configuring SSH
metric. IPv6 never broadcasts; it multicasts The configuration register is a four-characterTo configure SSH on your router or switch,
A local-area network (LAN) is a geographically close in proximity, high-speed network. A wide- A default gateway is required to send a packet
instead. hexadecimal value that can be changed to you need the following elements:
area network (WAN) is a network that is using third-party services (such as an service provider) out of a local network.
IPv6 address compression: manipulate how the router behaves at boot.
to connect devices over large geographic areas. A WAN is a collection of LANs connected over a • A hostname
IPV4 ADDRESS CLASS AND RANGE The default value is 0x2102.
long distance (farther than the LAN could provide). Given the address 2010:0000:BBBB:000C • A domain name
Class High-Order Bits First Octet Range :D000:0000:0000:0001, the following address The characters 0x indicate that the • An RSA key
WAN technologies include dedicated leased lines, which are a dedicated point-to-point connec-
A 0 1–126 representations are possible: characters that follow are in hexadecimal.
tion that can use Point-to-Point Protocol (PPP) or High-Level Data Link Control (HDLC). Packet- • A username and password for local authentica-
B 10 128–191 This makes it clear whether the value is “two tion
switched connections share the bandwidth with other logical circuits, such as with Frame Relay. Drop leading 0s:
C 110 192–223 thousand one hundred and two” or, as in
High-speed LANs typically use Ethernet in full duplex, using switches that operate at Layer 2. 2010:0:BBBB:C:D000:0:0:1 this case, “two one zero two hexadecimal.” Sample SSH Configuration
Routers operate logically at Layer 3. D 1110 224–239
Compress contiguous all-0 groups with :: once The fourth character in the configuration Switch>enable
E 11110 240–255
per address.
Network Models register is known as the boot field. Changing
Switch#config t
2010:0:BBBB:C:D000::1 the value for this character will have the
Valid hex characters in an IPv6 address are 0–F. following effects: Switch(config)#hostname
Layer Name Protocols and Devices PDU Name Class Default Mask Branch_2960
IPv6 can use an EUI-64 method to create the • 0x2100 = Always boot to ROMmon.
7 Application FTP, Telnet, TFTP, SMTP, SNMP, DNS, HTTP Data host ID, starting with information from the MAC • 0x2102 through 0x210F = Load the first valid Branch_2960(config)#ip domain-name
B IOS in flash.
6 Presentation ASCII, .jpg, .doc Data address being used by the interface.
C The command-line interface has two primary
5 Session Establishment and teardown of logical sessions Data The command ipv6 unicast-routing is off by
modes: user mode and privileged mode. Branch_2960(config)#crypto key
4 Transport TCP: Connection oriented, reliable Segment default, and must be enabled for a router to for-
IPV4 PRIVATE IP ADDRESS RANGES When in privileged mode, we can then enter generate rsa
UDP: Connectionless, unreliable, uses upper layer protocols ward the IPv6 packets of network devices.
Class Range configuration mode, as well as submodes, Branch_2960(config)#username admin
3 Network IP, routing and path determination, logical addressing Packet IPv6 uses Neighbor Discovery Protocol (NDP) to
A to for configuration. password ciscocisco
Routers determine Layer 2 addresses (replaces Address
B to Context-sensitive help can be invoked by
2 Data Link Ethernet, Frame Relay, PPP, HDLC, MAC addresses Frame Resolution Protocol [ARP]). Autoconfiguration Branch_2960(config)#line vty 0 4
C to allows you to obtain, via plug-and-play, an IP using the question mark (?).
address without using a DHCP server. The running configuration is stored in Branch_2960(config-line)#login
1 Physical Bits transmitted on media Bits
Subnetting allows you to create additional sub- RAM as running config, and the startup
Hubs, repeaters The IP stacks for IPv4 and IPv6 are completely Branch_2960(config-line)#login
nets. Variable-length subnet masking (VLSM) configuration is saved in NVRAM as startup
separate from each other, as are the routing local
allows you to use different mask lengths so as config.
protocols for each of the stacks.
TCP AND UDP to not waste IP addresses. Branch_2960(config-line)#transport
Commonly used commands include show
To create IP subnets, you take (starting on the
IPv6 OSPFv3 doesn’t use network statements. It input ssh
Know the following protocols and port numbers: uses interface commands to enable each inter- version, show interface, show ip interface
left) what used to be host IP bits and allocate brief, and show running-config. Branch_2960(config-line)#exit
TCP UDP face for OSPF. Static IPv6 routes can be created
them for subnetwork addressing. The number
FTP 20, 21 DNS 53 using the command ipv6 route. Cisco Discovery Protocol (CDP) is a proprie- In global configuration mode, you can use
of bits that you allocate above and beyond
Telnet 23 DHCP 67, 68 tary (Cisco only) data-link (Layer 2) protocol. the command ip ssh version 2. Multiple
the default control how many subnets you can Working with Cisco Equipment It is enabled by default, but can be disabled
SMTP 25 TFTP 69 create. The formula is two to the power of the versions of SSH are available, with Version
The console port on a router or switch can be globally via the no cdp run command. To
DNS 53 NTP 123 number of bits that you take. For example, if we 2 being more secure than Version 1. The
used to initially configure the device. Ethernet learn remote device Layer 3 address, hard-
HTTP 80 SNMP 161 start with a network and we use 3 command show ip ssh verifies that SSH is
ports are high-speed interfaces used to ware platform, and IOS version, use show
POP 110 additional bits to make it, we could configured. The command show ssh shows
forward traffic, and can also be used to allow cdp neighbor or show cdp entry command.
create 23 = 8 new subnets. Because the least current SSH connections to the router or
NNTP 119 management traffic such as Secure Shell (SSH)
significant bit of the new mask falls on the 32 switch.
HTTPS 443 over IP to the device being managed. Serial
You can the use of a username and To remotely manage a switch, you need Routes can be learned from a router being Visualizing Data Flows If no DHCP server is present on a local network, command could verify Layer 3 connectivity
password for access via Telnet or SSH an IP address, subnet mask, and default directly connected to a network, by running a To communicate on an IP network, the a router could be configured as a DHCP relay to another device. You can use a telnet
by using the command login local on the gateway. The switch must be reachable on a routing protocol and dynamically learning routes computer needs to use an IP address. Name that could forward the DHCP requests to a command to verify Layer 4 and application layer
vty line. The username required must be port in its management VLAN. from another router that is running the same resolution is done through DNS. For devices to DHCP server. connectivity.
configured on the router as well as in global VLANs logically divide a switch into multiple, protocol, or by configuring a static route. communicate on their own local network, they Network Address Translation can be configured You can use the traceroute command to
configuration mode when using login local. independent networks at Layer 2. use ARP to discover the Layer 2 addresses of
The following example shows the configuration on a one-to-one mapping (NAT), or a one to validate the path and help to isolate a routing
You may use an access control list (ACL) Create separate broadcast domains in a of a static route to the network the local devices they want to communicate many mapping (PAT, Port Address Translation). issue on the network.
and apply it to the vty lines to control which switch, increasing the number of broadcast using the next local hop of with. When communicating with a remote
NAT maps an IP address to a different address. The commands show ip nat translations and
source addresses can connect. In addition, device, a local computer uses ARP to discover
domains. Router(config)#ip route • Static: ip nat inside source static [inside ip] show ip nat statistics can help you determine
you can set timeouts for inactive sessions on the Layer 2 address of its default gateway. ARP
Span multiple switches using trunks. [outside ip] whether NAT is working.
the vty lines. entries may be cached to avoid having to use
• Inside local: A private IP address assigned to a host The command show access-lists shows the
A remote AAA server may be used to control Allow logical grouping of users by function. The default route syntax, using a default next
ARP time.
on the inside network contents of ACLs, and show ip interface shows
the authentication, instead of using a local VLAN configuration steps: hop of, is as follows: Routers look at Layer 3 destination addresses, • Inside global: A registered Internet address that whether an ACL is applied as a filtering ACL
username configured on the router. 1. The VLAN must be created. and based on their routing tables forward represents an inside host to an outside network
Router(config)#ip route (inbound or outbound) on an interface.
Banner messages with legal warnings may 2. The desired ports must be added to the new packets to the next logical hop in the path • Outside global: The registered address of an To troubleshoot or verify DHCP functions, you
also be set up on the router, via the banner VLAN. toward that destination. Internet host
could use the following commands on the IOS
command. Link-state routing protocols send updates Access Lists • Outside local: The address of the Internet host as it
Routing between VLANs requires a router or router acting as a DHCP server: show ip dhcp
Port security is a feature used on Layer appears on the inside network
a Layer 3 switch. containing the state of their own links to all An access control list is a method to identify pool, show ip dhcp binding, show ip dhcp
2 switch interfaces to control the number other routers on the network. Examples are specific traffic. One use of an ACL is to filter Here is a PAT configuration example using conflict.
of MAC addresses associated with that Trunks carry traffic from multiple VLANs over OSPF and Intermediate System-to-Intermediate a pool of addresses to translate to (named
traffic at an interface. ACLs are processed in When troubleshooting OSPF, verify that you can
interface. When enabled, this feature allows a single connection (crossover cable). The System (IS-IS). They calculate the paths to each a top-down fashion and may be applied to MyPool, starting with and ending with
VLAN ID is tagged using IEEE 802.1Q reach the neighbor with a ping to verify Layers
a maximum of one MAC address to be destination from the topological database and an interface inbound or outbound from the
1–3, and then use show ip protocols or show
associated with this interface. A violation of Spanning Tree Protocol (STP) provides a place the best of them into the routing table. perspective of the interface it is applied to. access-list 1 permit ip ospf int brief to verify that the interfaces are
this policy results in a shutdown of the port loop-free topology. Route summarization/aggregation/supernetting
Implicit deny any at end: Every access list must enabled for OSPF and show ip ospf interface
by default. To verify port security details, use represents several networks/subnets as one
the command show port-security. Basic Routing have at least one permit; otherwise, it denies all ip nat pool MyPool to see the details such as timers. The command
larger network address, by shortening the traffic. show ip ospf neighbor shows current OSPF
Routers enable communication between netmask
Switch Operations and Configuration subnet mask to include only the “in-common” neighbors.
networks. The primary function of a router is Standard IP access lists filter the entire IP
bits from all the networks. ip nat inside source list 1 pool
The most common physical media used for to determine which path to use and to then protocol based on the source IP address/
Summarizing is a process of moving the mask MyPool overload
Ethernet networks is twisted pair. Fiber-optic forward packets. network. Standard ACL numbers range from 1
cabling allows for transmission at higher data Interior gateway protocols (IGPs) (such to the left. For instance, subnet to 99. Place as close to destination as possible. interface Ethernet 0
rates over longer distances. and could both be summarized by
as Open Shortest Path First [OSPF] and Extended IP access lists filter based on the ip nat inside
Ethernet physical addressing = MAC Enhanced Interior Gateway Routing Protocol source IP address/network, destination IP
addresses. 12 hexadecimal digits. [EIGRP]) are routing protocols in the same For OSPF, the router ID is the configured router address/network, specific protocols (TCP, UDP, interface serial 0
domain, and exterior gateway protocols ID. If no router ID is configured, the highest IP ICMP, and so on), and port number. Place as
PC to switch/hub = Straight-through cable. ip nat outsid)
(EGPs) (such as Border Gateway Protocol address on a loopback interface is used. If there close to the source as possible. Extended ACL
Hub-hub, switch-switch, PC-PC, router- are no loopback interfaces, the router ID will be numbers range from 100 to 199 and 2000 to
[BGP]) is a routing protocol that is used
router, PC-router directly (no switch/hub): the highest IP address on any other interface. 2699. Network Time Protocol (NTP) provides time
between different entities/companies.
Use crossover cable. synchronization between network devices. NTP
A router uses the longest match in its routing For two routers to become OSPF neighbors, One access list per direction per protocol per
Switches, bridges, and routers segment may be used to synchronize the time on the
table to make a forwarding decision. If they must agree on the area, the network, the interface.
a network. Hubs and repeaters extend a local router or switch with an NTP server. The
multiple routes exist for the same network, authentication and the timers.
network. Wildcard mask: 0s match; 1s ignore the commands show ntp associations and show
the router uses the one with the lowest To configure OSPF, we enable a process and corresponding bit in the address. ntp status can verify the state of the NTP.
Switches increase the number of collision administrative distance. When there are include a network statement as shown here:
domains. Do not segment broadcast The extended access list syntax is as follows: Troubleshooting
multiple routes to the same network and they Router(config)#router ospf 7
domains. Routers, Layer 3 switches, and have the same administrative distance, the access-list list#[permit | deny] Troubleshooting tools include ping, telnet,
VLANs segment broadcast domains. metric or cost (lower being better) is used. Router(config-router)#network [protocol] [source ip] [WCmask] tracert, and show commands to verify area 0 [dest. ip][WCmask] [operator] the status of interface, the contents or
A switch is a multiport bridge. Switches Default administrative distances for routing [operand]
forward frames using hardware application- protocols are as follows: routing tables, and the current ability to
specific integrated circuits (ASIC), making You can use the command show ip route to communicate with local or remote IP devices.
Connected interface 0 see the routing table. In general, place more specific statements at A duplex mismatch could cause performance
them faster than bridges. Dedicated
bandwidth per port. Static route 1 the top of the ACL and more general statements degradation.
Routing between VLANs can be done through
EIGRP internal 90 at the bottom. ACLs are processed from top to
Bridges and switches learn MACs by reading an external router using the router-on-a- One method of troubleshooting involves using
OSPF 110 bottom and stop when a match occurs.
the source MAC of each frame. stick concept, or can be done internally by a the OSI model to determine at which point the
RIP 120 multilayer switch that will do the Layer 3 routing IP Services network is no longer functioning.
Half duplex: Shared collision domain and
lower throughput. between the subnets that are associated with IP addresses can be delivered via Dynamic The show interface command could assist us
each of the VLANs. When using a router to Host Configuration Protocol (DHCP). DHCP can in validating Layers 1 and 2 locally. The show
Full duplex: Point-to-point and higher route between VLANs, using router on a stick,
throughput. Allows both ends to transmit
include information about the DNS server that CDP neighbors command could validate Layer
the switch is configured as a trunk link, and the should be used, in addition to a default gateway 2 between a local Cisco device and another
simultaneously. router is configured with subinterfaces. for the client to use. directly connected Cisco device. A ping