Beruflich Dokumente
Kultur Dokumente
100 Base:
Standard Cable Type Mode Encoding Pairs Require Distance (Meter)
10BaseT Cat 3,4,5 Half Duplex Manchester 2 100
100BaseTX Cat 5 Half Duplex, Full 4B/5B 2 100
Duplex
100BaseT4 Cat 3 Half Duplex 8B/6T 4 100
100BaseT2 Cat 3,4,5 Half Duplex, Full PAM5x5 2 100
Duplex
100BaseFX Multi Mode Half Duplex, Full 1 412(Half Duplex)
Duplex 2000(Full Duplex)
100BaseFX Single Mode Half Duplex, Full 1 10 Km
Duplex
Command:
speed [ auto | 10 | 100 | 1000 ]
duplex [nonegotiate | auto | full | half]
CMSA/CD:
1-A device with a frame to send listens until the Ethernet is not busy
2-When the Ethernet is not busy, the sender begin sending the frame
3-The sender listen to make sure no collision occurred
4-If there was a collision all station that send a frame send a jamming signal to ensure that all station
recognize the collision
5-After the jamming is complete, each sender of one of the original collided frame randomizes a timer and
wait that long before re-sending
6-After all timers expire, the original senders can begin again with step 1
Frame Format:
IEEE 802.3 (DIX):
Starting Delimiter Destination Source Address Length LLC header and Information Frame Check
(1 byte) Address (6 bytes) (6 bytes) (2 bytes) field (46 - 1500 bytes) Sequence
(4 bytes)
Starting Destination Source Length DSAP SSAP Control Information field Frame Check
Delimiter Address (6 Address (6 (2 (46 - 1500 bytes) Sequence
(1 byte) bytes) bytes) bytes) (4 bytes)
|----------------------------OUI----------------------------------------|-------------------------------Vendor Assigned-----------------------|
1st byte
Switching Method:
Method Error Detecting How work
Store and Forward Can detect error Store all frame before switching the
frame and check if there is collision
occurred by run CRC checking
Cut-Through Cannot detect any error Switch the frame as soon as the
destination MAC received
Fragment-Free Detect error in the first 64 byte Switch the frame after the first 64 byte
received
Definition:
Auto Negotiation: it's an Ether net procedure by witch two connected devices choose common parameter,
such as speed and duplex mode
half duplex: half duplex system provides for communication in both directions, but only one direction at a
time
full duplex: allow communication in both direction simultaneously
Cross over cable: it's a type of ether net cable used to connect computing devices together directly
Straight through cable: it's a type of ether net cable used to connect two different type of devices
Uni-cast address: it's a logical address which represent single node or device on the network
Multi-cast address: it's an identifier for a group of host that have joined a multi-cast group
Broad-cast: it's a network address that allow information to be sent to all nodes on the network
Loop-back circuity: it's circuit used to route flow from the originating facility quickly back to the same
source, primary used for testing local transmission.
I/G bit: it's the Least Significant Bit in the first byte of the frame address used to distinguish the frame
address from individual(unicast) address or group (multicast, broadcast) address
U/L bit: it's the second bit in the first byte of the frame address used to distinguish address from Universal
address or Local Address
CSMA/CD: it's a method used for collision detection.
VLAN:
extended vlan range 1006 – 4094, used with transparent VTP mode a d store in the running configuration
file, and cannot be pruned from the interface and cannot configured using VMPS
Command:
Database mode:
vlan database
vlan [#] name [name]
apply
show current
show proposed
configuration mode
vlan [#]
name [name]
switchport
if the switch is layer 3 set the port as switch port
switchport mode [access | trunk | dynamic [desirable | auto]]
switchport access vlan [#]
assign interface to a vlan
Trunking:
1-dot1q: IEEE support both standard and extended VLAN range and it insert tag in the frame
2-ISL: cisco proprietary trunk add 26 byte on the front of the frame and 4 byte trailer support both stadard
and extended VLAN range
Command:
switchport mode [trunk | dynamic [auto | desirable]]
switchport trunk encapsulation [dot1q | isl | negotiate]
switchport trunk allowed vlan [all | none | add | remove | except | vlan#]
switchport trunk native [vlan#]
switchport trunk pruning vlan [none | add | remove | except | vlan#]
show interfaces trunk
show interfaces [type] trunk
DTP:
It's a cisco proprietary protocol used to negotiate trunking between to switch's and the type of
encapsulation
Command:
switchport mode trunk
force to enable trunk means trunk on what ever on the other side can made trunking with trunk
desirable auto on the other side
switchport nonegotiate
establish the trunking only when the other side is on trunking
switchport mode dynamic auto
does not send trunking request but if it receive a trunk request it will form trunking so must on the
other side be on or desirable
switchport mode dynamic desirable
sending trunking request to the other side can establish trunking with on auto desirable on the other
side
interface [type].[sub-inteface#]
encapsulation [dot1q | isl] [vlan#]
VTP:
cisco proprietary layer 2 protocol that manage the deletion, creation and renaming of the VLAN on the
network
VTP modes:
1-Server mode can create delete modify VLAN
2-Client mode listen to VTP advertisement cannot create delete modify VLAN
3-Transparent mode when the switch configured for this mode the switch can create delete
modify VLAN locally on the switch but also advertise received VTP messages from to,from the
VTP domain
VTP use revision number to check which VTP update is the most recent and on each update the revision
number is incremented by on when its received to another switch it compare the revision number that has
with the new in the VTP message if it has larger than in the VTP update message it will ignore the update
message if it's lower than local revision number it will update local VLAN as in the update message and
then propagate the messages to another switch's
The switch's in the same domain must share the same VTP domain name, the same password (MD5
hashing) if it configured on the switch 's, and it will run only on the trunk interfaces
Command:
vtp domain [name]
vtp interface [name]
specify the interface to be the ID for the update information
vtp mode [server | client | transparent]
vtp password [password]
vtp pruning
vtp version [1 | 2]
show vtp status
show vtp counter
Private VLAN:
used to split the single vlan into multiple isolated broadcast sub-domain, Type of vlan 1-Promiscuous Vlan
port belong to this vlan can communicate with all ports on the vlan 2- Isolated Vlan can communicate only
with Promiscuous port 3- Community Vlan can communicate with other community port and promiscuous
port.
Command:
vlan [#]
private-vlan primary
private-vlan association [vlan range | add [vlan #] | remove [vlan #]]
vlan [#]
private-vlan isolated
vlan [#]
private-vlan community
interfaces [type] [#]
switchport mode private-vlan host
switchport private-vlan host-association [primary vlan #] [private vlan #]
interfaces [type] [#]
switchport mode private-vlan promiscuous
switchport private-vlan mapping [primary vlan #] [private vlan range
interfaces vlan [primary vlan #]
private-vlan mapping [secondary vlan #]
for layer 3 routing between PVLAN
Port Channel:
Load balance based on the last bit's or XOR between the last two element of the load balancing method,
load balanced source or destination or both IP address, MAC address, Port number
ether channel mode:
1-on force to enable port channel
2-off disable port channel
3-desirable for cisco PAgP, active LACP, initiate the negotiation to perform port channel
4-auto PAgP, passive LACP, willing to perform port channel if the other end device initiate the request to
perform the port channel
Command:
port-channel load balance [src-ip | src-mac | src-port | dst-ip | dst-mac | dst-port | src-dst-ip | src-dst-
mac | src-dst-port]
channel-protocol [lacp | pagp]
channel-group [1-256] [desirable | auto | active | passive | on]
show etherchannel
STP:
802.1d:
Major Steps:
1-Elect root bridge
2-Determine each switch root port
2-Determine the Designated port for each segment
Electing Root Port:
each switch has an ID combined of 2 byte priority and 6 byte MAC address, the priority
field improved to contain two field 4 bit priority and 12 bit VLAN ID to support per
VLAN STP
Determine Root Port:
The root switch send hello every two second and each switch receive this hello forward
it to another switch's after updating the cost, bridge ID, port priority, and the port number
of the exit interface. The port with the lowest bridge ID and cost on each switch will be
the root port if the cost is equal use the lowest priority of the neighbor if equal use the
lowest port number of the neighbor.
Default Port Cost:
Speed Original IEEE Revised IEEE
10 Mbps 100 100
100 Mbps 10 19
1 Gbps 1 4
10 Gbps 1 2
Determine Designated Port:
The switch that have a lowest cost to the segment will have the designated port if equal
lowest forwarder bridge ID if equal lowest priority port if equal lowest port number
If there is fail on the network each switch wait 10 times of hello time to wait before
begin process of electing of new root bridge
To have a correct MAC address table after occurring an failure on the root bridge each
switch experience on the STP port status changed will send a TCN BPDU to the root and
each switch receive this message sill reply by acknowledgment using TCA
Then any changing from blocking to forwarding statue will be move through blocking,
listening, learning then forwarding state
PVSTP:
will run a STP instance for each VLAN by using new priority field for VLAN ID which provide a
unique bridge ID for each VLAN
RSTP:
802.1w, waiting only to three missing hello not to ten hello, transition from block state to learning
state bypassing the listening state, add backup designated port
RSTP define port type as:
Link Type Description
Point-to-Point Connect two switch togther
Shared Connect switch to hub
Edge Connect switch to end device
Port state: Discarding, Learning, Forwarding
Port Roles: RP, DP, Alternate RP, Backup DP
RPSTP:
like RSTP but run one instance for each VLAN
MST:
how to:enable MST on the switch, in the MST configuration mode create region name, create
revision number, map VLAN to MST STP instance.
Optimizing STP:
1-Port Fast: put the port into forwarding state immediately, so to be safe use the root guard and
BPDU guard feature with on the port you enable this feature on it.
2-Up-Link Fast: used to perform rapid switching on the root port when a fail occurring on the
main root port to put it immediately on the forwarding state, when enabling this feature on the
switch the switch will take three action: a-increase the port priority to 49,152 b-set the port cost to
3000. when a failure occur the switch does not use TCN BPDU to inform another switch to
update MAC address table for it instead it will send a multi-cast to the all MAC address
2-Backbone Fast: used to detect the indirect link failure in the core section of the network, if the
first missing hello occur the switch send RQL BPDU which ask the neighboring if it still
receiving hello from the root bridge and so on if the switch had a failure and lost the root bridge it
will inform the original switch by another RLQ BPDU which cause the switch to go a head to
convergence without wait to mag age time to expire
Protecting STP:
Root Guard: enable per port, ignore any received superior BPDU to prevent connected port to this
port from becoming root, when it received put the port on inconsistent state, ceasing forwarding
and receiving frame the superior BPDU cease
BPDU Guard: enables per port, err disable the port upon receiving any BPDU
UDLD: use layer 2 messages to decide when the switch no longer receive frames from the
neighbor. Aggressive mode attempt to reconnect with other switch eight time after no messages
have been received if the other switch does not reply to the repeated additional messages both
side become err-disabled
Loop Guard: when normal BPDU are no longer received, the port does not go through normal
STP convergence, but rather falls into loop-inconsistent state
Command:
spanning-tree mode [mst | pvst | rapid-pvst]
spanning-tree vlan [vlan#] root [primary | secondary]
spanning-tree portfast default
spanning-tree uplinkfast [max-update-rate [#]]
spanning-tree backbone
interface [type]
spanning-tree cost [#]
spanning-tree link-type [point-to-point | shared]
spanning-tree port-priority [#]
spanning-tree vlan [vlan#] [cost | port-priority] [#]
spanning-tree portfast
spanning-tree mst configuration
name [name]
revision [number]
instance [number] vlan [range]
Tunneling:
802.1q tunneling used one VLAN ID to carry all VLAN from the two sides of the tunnel which like
VLAN-in-VLAN
1-Tunnel port cannot be included in the routed port
2-IP routing not supported on a VLAN that include 802.1q port
3-Tunnel port does not support IP ACL
4-L3 QOS ACL and any other QOS feature are not supported on tunnel port
5-DTP is incompatible with 802.1q tunneling because you must manually configure asymmetric link with
tunnel port and trunk port
6-loop back detection is supported on 802.1q tunnel
7-when 802.1q tunnel configured on the port, STP BPDU filtering enabled, CDP disabled automatically
Command:
interface [type] [#]
switchport access vlan [#]
switchport mode dot1q-tunnel
L2TP:
when PDU entered to the L2TP port it over write the destination MAC address to 01-00-0c-cd-cd-d0, and
if the 802.1q tunneling enables will double tagged also, on the egress port the original MAC address will
be used and the entire message will be passed to the other end.
1-L2TP support tunneling of STP, CDP, VTP and these protocol disabled by default
2-Tunneling is not supported on trunk port
3-Only de-encapsulated PDU's are forwarded to the ends
Command:
interface [type] [#]
switchport mode access || switchport mode dot1q-tunnel
l2protocol-tunnel [cdp | stp | vtp]
l2protocol-tunnel threshold [cdp | vtp | stp] [#]
l2protocol-tunnel cos [#]
ACL:
Two type standard and extended applied on the inbound or outbound direction on the inteface
standard use source address only for matching the ACL
extended ACL use source and destination address and L4 protocol and port number for matching the
traffic
named ACL like both standard and extended ACL but with name associated with each ACL
Inbound ACL proceed before any routing or any thing else
reflexive ACL allow packet filter based on session information using extended named IP ACL
time ACL used to apply ACL in specific time
Command:
access-list [#] [permit | deny] [host ip | source-address wildcard | any]
access-list [#] [dynamic [name] timeout [time]] [permit | deny] [ip protocol | icmp | udp | tcp]
[source-address] [wildcard] [destination-address] [wildcard] [port]
ip access-list [standard | extended] [name]
[permit | deny] ......
ip access-list extended [name]
evaluate [string]
ip access-list extended [name]
permit, deny ......... reflect [string]
time-range [name]
periodic dof hh:mm to dof hh:mm
absolute [start] [end]
ip access-list [name | number] ......... time-range [name]
Firewall:
Types of firewalls: 1- packet filter firewall work at L3 + L4. 2- Application Firewall work from L3 to L7
3- state-full packet filtering firewall like packet filter but can track application layer information. 4-
Application Inspection firewall
Command:
ip inspect tcp synwait-time [#]
ip inspect tcp finwait-time [#]
ip inspect tcp idle-time[#]
ip inspect udp idle-time [#]
ip inspect dns-maxtime [#]
ip inspect max-incomplete high [#]
ip inspect max-incomplete low [#]
ip inspect one-minute high [#]
ip inspect one-minute low [#]
ip inspect tcp max-incomplete host [#] block-time [#]
ip port-map [name] port [list of port] [list [ACL]]
ip inspect [rule name] [protocol] [tcp | udp] [timeout [#]]
interface [type] [#]
ip inspect [name] [in | out]
ZBF:
divide router interfaces into zones.
A traffic can pass through the interfaces of the same zone by default but cannot pass from one zone to
another zone without allowing it, traffic cannot pass from interfaces of zone to interface without zone so to
allow traffic pass in this case create a dummy zone for this interfaces and allow all traffic to this zone
All traffic from the router interfaces or to it i permitted by default
NEED: define zone, define zone-pair, define class-map, policy-map, apply policy-map to zone and apply
zone to interface
Command:
zone security [zone-name]
zone-pair security [pair-name] source [zone-name | self] destination [zone-name | self]
service-policy type inspect [policy-name]
class-map type inspect [match-any | match-all] [class-name]
match access-group [[#] | name [ACL-name]]
match class-map [class-name]
match protocol [protocol-name]
policy-map type inspect [policy-name]
class-map [class-name | class-default | type inspect [class-name]]
drop | inspect | pass | police
interface [type] [number]
zone-member security [zone-name]
URPF:
it check the incoming packet if it received from the interface that will use as exit interface for the return
packet, enabled if the CEF switching is enabled
Command:
interface [type] [#]
ip verify unicast reverse-path
IP Source Guard:
enable traffic forwarding on the interface if only if the IP or MAC match the binding address
Command:
ip source binding [ip] [mac] vlan [#] interface [type] [#]
interface [type] [#]
ip verify source dhcp-snooping-vlan
AAA:
PAP, CHAP, EAP Authentication:
PAP use two way handshake with user name and password sent across the link in clear text
CHAP use three way handshake and securing transfer of user name and password and
periodically check the credential to make sure about
EAP is an authentication protocol run on L2 without requiring IP
Authentication:
used to validate the user name and password, like local authentication remote access server
database like cisco access control server or radius server or tacacas+
Authorization:
determine which resource the user permitted to access
Accounting:
Logging the activity that the user performed while he access system
Command:
aaa new-model
enable AAA on the router or switch
aaa authentication login [defualt | list-name] method1 method2 ......
determine the authentication method for the default or custom list
aaa authentication enable default method1 method2 .......
used for determine the authentication method used to authenticate access to privilege mode
aaa authentication ppp [default | list-name] method1 method2 .......
used to determine the authentication method for ppp
aaa authentication attempts login [#]
set number of allowed authentication attempts
aaa authorization [auth-proxy | network | cache | exec | config-command | console | reverse-access |
configuration | ipmobile | template] [default | list-name] method1, method2 ........
aaa accounting [auth-proxy | system | network | connection | exec | commands] [default | list-name]
[start-stop | stop-only | none] broadcast group [tacacas+ | raduis]
tacacs-server host [ip or name server]
tacacs-server port [#]
tacacs-server single-connection
tacacs-server timeout [#]
tacacs-server key [key]
radius-server host [ip or name server]
radius-server auth-port [#]
radius-server acct-port [#]
radius-server timeout [#]
radius-server key [key]
IPS:
IPS contain two main component SDF, SME. SDF it's a file located on the cisco router flash or TFTP,
FTP, SCP, RCP contain signature about the attach to matching. SME load the SDF file to use it in
matching the traffic
Command:
ip ips notify [log | ssde | nr-director (for pop)]
ip ssde event [#]
set the number of queue event
ip ips po max-events [#]
set the queue size for pop
ip ips protected [start] to [end]
ip ips sdf location [path]
set the path for SDF file
ip ips sdf built-in
copy [/erase] [url] ips-sdf
ip ips fail closed
used to stop passing any traffic until the SME finish loading the signature
ip ips signature [name] delete
ip ips signature [name] disable
ip ips signature [name] list [ACL]
ip ips name [name]
interface [type] [num]
ip ips name [in | out] [list [ACL]]
IBSN and 802.1x:
use only EAP for authentication between the authenticator and the authentication server.
EAP-MD5 use the MD5 to hashing the password
Cisco lightweight
EAP-TLS use transport layer protocol for the authentication process
PEAP
Command:
aaa authentication dot1x [default | [list-name]] methods
aaa authorization network [default | [list-name]] methods
dot1x system-auth-control
interface [type] [#]
dot1x port-control [auto | force-authorization | force-unauthorized]
dot1x reauthentication
dot1x timeout reauth-period [#]
dot1x timeout quiet-period [#]
dot1x guest-vlan [vlan#]
CoPP:
used to police usage of the control plane
Command:
controle-plane
service-policy [input | output] [policy-name]
HSRP:
cisco Proprietary protocol allow multiple router appear as one gateway, one router is elected as
primary or active the other is standby and the router send hello packet to maintain its state using
mutlicast address 224.0.02 (all-router) every 3 Sec by default
active router elected based on the priority
HSRP port state: Disables – Init – Listen – Speak – Standby – Active
could use plain text or MD5 authentication between the routers
MAC address for the HSRP is 0000.0c07.acXX where XX is the group number
Command:
interface [type] [#]
standby [#] priority [#]
standby [#] timer [msec] [hello#] [msec] [holdtime]
standby [#] preempt [delay [minimum [#] | reload [#]]
standby [#] authentication [string]
standby [#] md5 key-string [0 | 7] [string]
key chain [name]
key [#]
key-string [0 | 7] [string]
standby [#] track [interface type] [#] [decremented #]
standby [#] ip [ip] [secondary]
VRRP:
IETF standard
MAC address for the VRRP is 0000.5e00.01XX where XX is the group number
Command:
interface [type] [#]
vrrp [#] priority [#]
vrrp [#] timer advertise [msec] [#]
vrrp [#] preempt [delay [#]]
vrrp [#] authentication [string]
vrrp [#] ip [ip] [secondary]
GLBP:
used to overcome the limitation of the HSRP and VRRP protocols in the balancing by perform
the balancing on the MAC address of the router in the GLBP group, the router who is responsible
to the MAC address answer to the ARP messages called AVG
AVG elected by highest priority or IP address
up to five virtual MAC address can assigned in the group to a routers these router called AVF
load-balancing method:round-robin, weighted or host-dependent
Command:
interface [type] [#]
glbp [#] priority [#]
glbp [#] preempt [delay minimum #]
glbp [#] timers [msec] [hello#][msec] [holdtime#]
glbp [#] timer redirects [redirects#] [timeout]
glbp [#] weighting [max] [lower [#]] [upper [#]]
glbp [#] weighting track [#] [decrements [#]]
glbp [#] load-balancing [round-robin | weighted | host-dependent]
glbp [#] ip [ip] [secondary]
track [#] interface [type] [#] [line-protocol | ip routing]
NAT:
used to map private address to public address.
Command:
interface [type] [#]
ip nat outside
interface [type] [#]
ip nat inside
ip nat inside source static [inside-ip] [outside-ip]
ip nat pool [name] [start-ip] [end-ip] [netmask [mask] | prefix-length ]
access-list [#] permit [subnet] [wildcard-mask]
ip nat inside source list [ACL] pool [pool] [overload] [vrf [name]]
ip nat translation timeout [#]
ip nat source route-map [name] pool [name] [reversible]
DHCP:
used to automatically assign IP to client's
DHCP process: Discover – Offer – Request – Acknowledgment – Gratuitous ARP
helper address forward the following port by default DNS, TACACS, NTP, DHCP, TFTP,
NETBIOS name, NETBIOS datagrame
Command:
ip dhcp pool [name]
netwotk [subnet/prefix-length]
lease [day's]
dns-server [dns]
default-router [ip]
import all
interface [type] [#]
ip helper-address [ip]
ip forward-protocol [tcp | udp] [#]
interface [type] [#]
ip address dhcp
WCCP:
used to redirect packet to cache engine.
Command:
ip wccp version [1 | 2]
ip wccp [web-cache | [service#] [accelerated] [group-address [ip]] [redirect-list [ACL]]
[group-list [ACL]] [password [string]]
interface [type] [#]
ip wccp redirect [web-cache | service#] redirect [in | out]
ip wccp redirect [web-cache | service#] group-listen
NTP:
used to synchronize time between network device.
Broadcast NTP server mean that the server periodically broadcast the time of the day
stratum used to describe how many hop away to the NTP server
peering mean that the server might be set or synchronize time with the other server
Command:
ntp authentication
ntp authentication-key [#] md5 [str]
ntp trust-key [#]
ntp peer [ip] [key [#]] [source [interface]]
ntp server [ip] [key [#]] [source [interface]]
ntp master [stratum#]
interface [type] [num]
ntp broadcast [client] | ntp mullticast [ip] [client]
ntp [enable | disable]
ntp max-association [#]
ntp access-group [peer | serve-only] [ACL]
Logging:
Command:
logging buffered [#]
logging [ip]
logging source-interface [type] [#]
logging count
SLA:
It's an active probing and monitoring. Used through SNMP or CLI, Measure end to end IP layer,
used to verify and monitor QOS
A destination router configured as IP SLA res-ponder
Command:
ip sla monitor 1
type [type] dest-address [ip] dest-port [port] num-packet [#]
ip sla monitor schedule 1 life [#] start-time [time] after [time]
ip sla key-chain [#]
Net Flow:
divide into cache and transport
Command:
ip flow-export source [interface-type] [#]
ip flow-export destination [interface-type] [#]
ip flow-export version [#]
interface [type] [#]
ip route-cache flow
ip flow-export [ip] [port] [version [1| 5]]
ip flow-cache entries [#]
ip route-cache distributed
ip flow [egress | ingress]
RITE:
used to export IP traffic.
Command:
ip traffic-export profile [name]
interafce [type] [#]
bidirectional
mac-address [mac]
incoming [access-list [ACL]] [sample one-in-every [#]]
outgoing [access-list [ACL]] [sample one-in-every [#]]
interface [type] [#]
ip traffic-export-export apply [name]
SNMP:
Command:
snmp-server view [name]
snmp-server community [name] [ro | rw]
snmp-server engineID local [name]
snmp-server engineID remote [ip] [name] [udp-port [#]]
snmp-server group [name] [v1 | v2c | v3] [auth | noauth| priv] [read [view-name]] [write
[view-name]] [notify [view-name]] [access [ACL]]
snmp-server host [ID] [trap | inform] [version [1 | 2c | 3]] [auth | noauth | priv] [community-
name] [udp-port [#]]
snmp-server user [name] [group] [remote [ip] [udp-port [#]]] [v1 | v2c | v3 auth [md5 | sha]
[password]] [access [ACL]]
snmp-server system-shutdown
EEM:
Command:
event manager environment [var-name] [string]
event manager policy [name] [type | system | user] [trap]
RMON:
Command:
interface [type] [#]
rmon [active | promiscuous]
rmon collection [history | host | matrix | rmon1] [controlEntry [#]] [owner [name]
[buckets [name]] [interval [#]]
rmon queuesize [#]
rmon alarm [#] [var] [sec] [delta | absolute] rising-threshold [#] falling-threshold [#] [event-
#] [owner [name]]
rmon event [#] [log] [trap [com-name]] [description [name]] [owner [name]]
FTP, TFTP, SCP, HTTP, HTTPS, TELNET:
Command:
ftp-server enable
ftp-server topdit [dir]
ip scp server enable
ip http server
ip http secure-server
ip http port [#]
ip http secure-port [#]
ip http authentication [local | tacacs]
QoS:
QoS feature used to address Delay, Jitters, Packet Loss:
1- Queuing:(PQ, CQ, MRR, WFQ, CBWFQ, LLQ)
2- Compression (CRTP)
QoS deployment:
1- CLI 2- MQC 3- AutoQoS 4-QoS policy manager
QoS categories:
1- Best effort
2- Integrated Service: guarantee bandwidth by reservation it (RSVP)
3- Differentiated Service: marking traffic and apply some policy on the marked traffic
for marking traffic can be done using IP precedence bit from TOS int the IP header or using
DSCP
IP precedence use three bit of TOS byte in the IP header to mark traffic.
DSCP user six bit of TOS byte in the IP header, IETF select subset of the DSCP and categories is
into four categories:
1- Best Effort:which have all zero bit in the DSCP
2- Expedited Forwarding (EF): have value if 46 used for latency sensitive application like voice
and video streaming
3- Assured Forwarding (AF): consist of 12 categories used to determine the preferences for
dropping packet's for the traffic flows
PHP Low Drop Medium Drop High Drop
Class 1 AF11(10) AF12(12) AF13(14)
Class 2 AF21(18) AF22(20) AF23(22)
Class 3 AF31(24) AF32(26) AF33(28)
Class 4 AF41(32) AF42(34) AF43(36)
4- Class Selector (CS): used by set 4-6th bit in the DSCP to zero for back ward compatibility with
IP precedence
QoS Tools:
1- Classification: used to classify traffic into categories not alter traffic
2- Marking: used to alter TOS or DSCP of the traffic
3- Congestion Management: queuing
4- Congestion Avoidance:used to avoid overloading the bandwidth through dropping some packet
5- Traffic shaping and policing
6- Link Efficiency: via compressing or LFI
AutoQoS used to create QoS automatically using NBAR to classify traffic and create appropriate
policy for each class, for L2 use COS bit, L3 use (TOS, DSCP), Frame Relay (DE), ATM (CLP)
NBAR can be used to identify from L3-L7 for state full marking of traffic and using signature file
to recognize the protocol using PDLM.
For VPN tunneling cisco introduce pre-classification by copping the TOP field of the original
packet to the tunnel header
mapping COS to DSCP code done by COS * 8
on catalyst switch their is four wrr queue
RED an WRED used for queue avoidance by dropping some packet when the threshold reach to
decrease the window size, WRED use ECN explicit congestion notification to notify that the
traffic between the minimum and maximum threshold so if the two end router capable of the
ECN and the queue depth between the minimum and maximum threshold the ECT and CE bit of
the ECN set to one indicating to reduce the transmission rate
Policing traffic used to limit the bandwidth by discarding the traffic that exceed the limit or
marking it, can b applied on the input or output direction of the interface. This is suitable for the
high speed interface. Cisco support one bucket for CIR policing and two bucket one for CIR and
the other for PIR
Shaping unlike policing it limit the bandwidth and the exceeded traffic buffering it, applied only
in the output directio of then interface, suitable for the low speed interface, used for limit to CIR
or PIR
On frame-relay when congestion occur the router begin discarding frame with DE set bit and the
route will send BECN to notify the neighbor to slow the transmission speed when the neighbor
receive the BENC it will slow the speed by 25 percent. If the traffic with the congestion goes to
the receiver the router send FECN to the receiver which cause the receiver to generate Q.922 test
frame to the sender and the router mark this frame with BECN to notify the sender to throttle the
transmission speed
CRTP used to improve the WAN throughput by compressing the header of the packet which
could be 40 byte to 5 byte
LFI used to fragment the large packet size to small to reduce the serialization delay to allow the
small packet live voice that arrive after the large one forwarding between the fragmented packet,
cisco support LFI in the Multi PPP interface and frame-relay interface
NBAR used to identify protocol up to L7 used commonly for classifying traffic based on the
application port number
Priority Queue PQ create four queue and the traffic is service from the high priority queue un-till
it finish go to the other low priority and each time fetch packet it will check if the higher priority
have packet in it, this may have a problem called queue starvation when the higher priority have a
lot of packet which cause the lower priority queue to wait un-till it may full without serving it
Custom Queuing CQ create 16 queue run as round-robin fashion
Weighted Fair Queue WFQ used by default for low speed interface 2048 and below, work by
create by default 256 queue each one will assigned to flow of traffic and each queue will be
weighted ab-on it IP precedence by adding one to it
RED used for congestion management by dropping packet after the queue reach specific
threshold which cause the sender to throttle the transmission speed. Not work with PQ,CQ,WFQ
RSVP used to reserve bandwidth to provide QoS for the flow of traffic. When the sender want to
begin transmission it first send PATH message to the receiver when this message reach the
receiver it will respond with reservation message Resv to the sender. Type of RSVP controlled-
load, guaranteed-rate. Controlled-load used for application expect low latency implemented with
RED and WRED. Guaranteed-rate used to guarantee the bandwidth and for delay sensitive
application implemented with WFQ. Reservation has two class shred and distinct shared mean
the reservation shared with multiple sender but distinct each sender have its own reservation, and
the reservation has two scope explicit and wild-card which will define three reservation style
wild-card filter WF, shared explicit SE and Fixed Filter FF. RSVP flow descriptor is flowspec and
filterspec flowspec is the QoS requested and the filterspec is a set of packet to receive this QoS
LLQ add priority to queue to provide a low delay to some traffic
Command:
class-map [match-all | match-any] [name]
match .........
policy-map [name]
class-map [name]
[action]
interface [type] [#]
service-policy [input | output] [policy-name]
ip nbar pdlm [path]
interface [type] [#]
ip nbar protocol-discovery
interface [type] [#]
auto qos viop [trust] [fr-atm]
interface tunnel [#]
qos pre-classify
interface [type] [#]
fair-queue [#cdt [#queue [#reserved-queue]]]
interface [type] [#]
wrr-queue cos-map [queue#] [cos#1] [cos#2] ...
wrr-queue bandwidth [weight#1] [weight#2] [weight#3] [weight#4]
policy-map [name]
random-detect [dscp-based | prec-based]
random-detect precedence [#] [min#] [max#] [mark-probability-denominator#]
random-detect dscp [#] [min#] [max#] [mark-probability-denominator#]
random-detect ecn
policy-map [name]
police cir [cir] [bc# be#] [conform-action [action] exceed-action [action] violate-
action [action]
police cir [cir] [bc#] pir [#] be#] [conform-action [action] exceed-action [action]
violate- action [action]
police cir percent [#] [bc#] pir percent [#] be#] [conform-action [action] exceed-
action [action] violate- action [action]
policy-map [name]
shape [average | peak] [#] [bc# be#]
shape [average | peak] percent [#] [bc# be#]
policy-map [name]
shape average [#] [bc# be#]
shape adaptive [#]
policy-map [name]
compression header ip [tcp | rtp]
interface multilink [#]
ppp multilink interleave
ppp fragment-delay [#]
map-class frame-raly [name]
frame-relay fragment [size]
interface [type] [#]
frame traffic-shaping
frame-relay class [name]
interface [type] [#]
rate-limit [input | output] [access-group [#]] [bps] [normal-burst] [exceed-burst]
conform-action [action] exceed-action [action]
access-list rate-limit [# 100-199] [mac]
access-list rate-limit [# 0-99] [prec]
interface [type] [#]
ip nbar protocol-discovery
interface [type] [#]
random-detect
priority-list [#] protocol .....
priority-list [#] interface .....
priority-list [#] default .....
priority-list [#] queue-limit [#] [#] [#] [#]
interface [type] [#]
priority-group [#]
queue-list [#] interface ...
queue-list protocol .....
queue-list default [#]
queue-list [#] queue [#] byte-count [#]
queue-list [#] queue [#] limit [#]
interface [type] [#]
custom-queue-list [#]
interface [type] [#]
fair-queue [threshold] [queue#] [# of reserved for RSVP]
interface [type] [#]
ip rsvp bandwidth [#] [# for each flow]
TCP/IP:
IP header
Type used to identify the the purpose for the ICMP message like echo reply, destination
unreachable, redirect, time exceeded, .... etc
code used to identify which information will contain based on the type message
ICMP redirect used by router to inform the host to transmit the packet to another router
in the sub-net id the router sees that the destination reachable via the other router
TCP used reliable connection oriented services. TCP use the sequence number to insure
the orders of the packet. TCP use the windowing mechanism to regulate the traffic flow
DD packet
LS request
LS update
LA ACK
LSA header
Router LSA
link type: 1 P2P 2 connect to transit network 3 connect to stub network 4 virtual link
Network LSA
External and Summary External LSA
AS external LSA
NSSA External LSA
option field
Command:
router isis
net [ISO-address]\
is-type [level-1 | level-2 | level1/2]
summary-address [ip] [mask]
authentication mode text [level-1 | level-2]
authentication key-chain [key-name] [level1 | level2]
interface [type] [#]
ip router isis
clns router isis
isis password [string]
EGP:
AS number private range 64512 – 65535
EGP has no algorithm to choose optimal path but it has language for the different AS to talk
together, has not mechanism to discover neighbor so they must manually configured
-Neighbor acquisition protocol: used to discover neighbor manually by sending Neighbor
Acquisition Request and the neighbor reply with Neighbor Acquisition Confirm or drop the
neighbor relationship by replying with Neighbor Acquisition Refuse and the neighbor can drop
the neighbor relationship by sending Neighbor Cease message and the other router rep;y with
Neighbor Cease Acknowledgment after the neighbor established on will be the active and the
other will be the passive cisco implement that using AS number the lowest AS will be the active
-Neighbor Reachability Protocol by using hello which send every 60 second after three message s
the the neighbor transit from down to up state and if three hello not responds from the neighbor
the state changed to cease state then sends three cease messages and if there is no response from
the neighbor the state changed to idle and after 5 minute retry the neighbor discover again for the
passive router it will send poll message and wait for 180 second two time if there is no response
changed to dead and to cease and send three cease messages wait for three if there is no response
change state to idle
-Network Reachability Protocol: the EGP increase the sequence number by 1 every poll interval
180 second, it send update contain a list of network reachable via the network. The AD of EGP is
140 and the cost increment by three
Command:
autonomous-number [#]
router egp [#]
neighbor [#]
neighbor [#] third-party [#]
default-information originate
BGP:
work on TCP port 179, and before establish the peering the three handshake must be performed,
all BGP messages are unicast.
BGP Messages:
-Open message: after the BGP neighbor establish the TCP session use this message to identify
each other and to exchange the parameter of each one include the BGP version, AS number, Hold
time, BGP identifier
-Keep alive message: send every 60 second to check the neighbor health
-Update message used to carry the route information such NLRI, path attribute, withdrawn status
-Notification message: send if there is error occurred that need to close the connection of BGP
session
BGP state:
-Idle state
-Connect state the BGP wait for the TCP connection to be established, send open message then it
transition to open sent state, the continue listen from the neighbor if it created move to active
state , if the connection retry timer expire without success any input event cause transition to idle
state
-Active state the BGP initiate to create TCP connection (wait 4 minute) if it success transit to
open sent state, if failed to create the connection will try again, if the connection retry timer
expire without success any input event cause transition to idle state
-Open Sent the open sent message sent and the BGP wait for open message from the neighbor
when it received the message check if there is error the notification sent. If there is no error the
keep alive message sent and the hold time negotiate and the type of connection determine if it
internal or external then transit to open confirm state. If an TCP disconnect message received then
close the BGP connection and try listen to another connection if any input event transit to active
state
-Open Confirm state: wait for the keep alive message or notification if keep alive the state
transition to established if notification received the state transition to idle
-Established state: in this state the neighbor establish the BGP peering and begin sending update
keep alive and notification messages if update or keep alive message received the hold time and
reset, if the notification received the state transition to idle
Path Attribute: divided into four categories well-know mandatory which must be included in any
updates, well-know discretionary which may or not included in the updates, optional-transitive
BGP process should accept the which it is included even if it's does not support the attribute and
must be advertise to the peer, optional non-transitive BGP process that not recognize this attribute
could ignore it and does not advertise to the peers
1-Origin well-know mandatory specify the origin of the routing update IGP → EGP →
Incomplete
2- AS path well-know mandatory used to carry the inter AS path to reach the destination
3- Next hop well-know mandatory specify the next hop IP of the route if the neighbor in the
deferent AS the next help is the IP of the update router and if in the same AS and the route in the
AS the next hop will be the updater router if the route is external and the update router in the
same AS next hop will be the external router
4- Local Preference well-known discretionary used only between IBGP peer
5- MED optional non transitive effect the traffic leaving the AS between EBGP peers to select
income traffic from where, the MED does not traverse to another AS other than the two
connected
6- Atomic Aggregate & Aggregator: used with overlapping route especially with summarization
by advertise the both route, advertise the more specific route, advertise the none overlapping part
of the route, aggregate the two route, advertise the less specific or don't advertise.
Atomic Aggregate well-know discretionary to alert the other router that the route was aggregate
Aggregator optional transitive specify where the aggregation performed
7- Community optional transitive used for policy management by marking the route or tag it to
work with this tag not for the all route individually
8- Originator ID and Cluster List used by route-reflector and for loop detection
both are optional non-transitive
9- weight
10- AS set contain two type AS sequence list the ordered AS number in the path, AS set list the
AS number in the path but in the ordered, used when the aggregation performed to save the
original AS number in the path of the route to prevent the loop to occur
BGP decision process: BGP routing information database contain three part 1- Adjacency RIB-In
store the route from the peers 2- Local RIB store the route after the local policy on the route
applied 3- Adjacency RIB-Out store the advertise route to the peers
Procedure:
1- high weight
2- high local preference
3- prefer the route learned from the IGP in the same router
4- Shortest AS path
5- IGP → EGP → Incomplete lowest origin code
6- lowest MED
7- EBGP → confederation EBGP → IBGP
8- shortest path to the NEXT_HOP
9- if still tie and maximum-path command applied the perform load balancing for th route
10 if not select route from the lowest BGP router ID
Route Dampening used to control flapping routes by assign a penalty to the route each flapping
occur , there is half life period, the penalty decreased at rate that reduces it to the half at the end
of half life time, if the penalty exceed the predefined threshold know as suppress limit the route
suppress and the route will be suppress until the half life reduce the penalty to less than threshold
called reuse limit
IBGP and IGP synchronization: when implement the IBGP peers must be fully meshed to avoid
routing loop, IBGP need IGP know the route to know how to reach the routes from IBGP, so the
IBGP to work correctly must be implemented either by redistribute the external route into the IGP
or by create fully meshed IBGP network and disable the synchronization
Peer Group and Community used to simplify the policy implementation on peers using group or
on routes using Community
Route Reflector used for managing the IBGP peering by reducing the fully meshed peering in the
IBGP network to set one router as route reflector and this router will maintain the peering with
other router as client for it to update the routes to those client, for more stability could make more
than one router as RR and each client peers with these RR, RR work with updates as follow: 1- if
the update from non client the router send update to the clients only. 2- if the update from client
the router update the other client and the non client. 3- if the update comes from the external
router the update sends to the client and non client. The RR use two attribute to functionality
ORGINATOR_ID CLUSTER_LIST
Confederation used to manage IBGP network by dividing the AS domain into sub domain mainly
using private AS range and these sub domains appear to the external peers as single AS by doing
this each routers in the single sub domain run IBGP between each other and EBGP between other
sub domain this will prevent routing loop and provide fully meshed network for IBGP,
confederation use two new attribute AS_CONF_SEQUENCE which list the ordered AS of the
route and AS_CONF_SET list unordered list of AS of the route
Command:
router bgp [AS]
neighbor [ip] remote-as [AS]
no auto-summary
network [subnet] mask [mask] [backdoor]
neighbor [ip] default-origine
neighbor [ip] distribute-list [ACL#] [out | in]
neighbor [ip] source-update [type] [#]
neighbor [ip] ebgp-multihop [#]
aggregate-address [ip] [mask] [summary-only] suppress-map [route-map]
attribute-map [route-map] [as-set] advertise-map [route-map]
neighbor [ip] description [string]
neighbor [ip] password [pass]
neighbor [ip] advertisement-interval [#]\
neighbor [ip] version [#]
bgp bestpath as-path ignore
neighbor [ip] maximum-prefix [#] [percentage] [warning-only]
neighbor [ip] filter-list [AS_ACL] weight [#]
neighbor [ip] weight [#]
distance [edp#] [ibgp#] [local-ibgp#]
bgp always-compare-med
table-map [route-map]
bgp dampening
neighbor [group-name] peer-group
neighbor [ip] peer-group [name]
neighbor [ip] send-community
neighbor [ip] remove-private-as
bgp confederation identifier [original-AS#]
bgp confederation peer [list-of-confederation-peer-AS#]
bgp deterministic-med
neighbor [ip] route-reflector-client
bgp cluster-id [#]
no bgp client-to-client reflection
ip community-list [1-99] [permit | deny] [community#]
ip community-list [100-199] [permit | deny] [community# | regexp]
ip bgp-community new-format
Multi-casting:
to implement multi-casting multi-cast IP must be identified and mechanism to joining and
removing from the multi-cast group and a routing protocol multi-casting
Command: