Tylogix.com -> Cisco CCNA Student Notes
Great
CCNA Notes Site
Back to Tylogix.com home page http://computernetworkingnotes.com/
Back to Tylogix Networking page List_of_TCP_and_UDP_port_numbers
Subnets
|
/Network
Notation |
/25 |
/26 |
/27 |
/28 |
/29 |
/30 |
/31 |
/32 |
|
/Network
Notation |
/17 |
/18 |
/19 |
/20 |
/21 |
/22 |
/23 |
/24 |
|
Host Bits |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
|
Mask Notation |
128 |
192 |
224 |
240 |
248 |
252 |
254 |
255 |
|
OSPF Mask |
127 |
63 |
31 |
15 |
7 |
3 |
1 |
0 |
|
Steps to
build a network in the most efficient order: 1.
No
ip domain-lookup 2.
Vtp mode, domain, password 3.
Hostname
4.
Vlans in servers 5.
Vlans in Clients 6.
Vtp domains 7.
Trunks 8.
Subnets,
PC's, finger access 9.
Router
& switch interfaces |
Show int trunk Show vtp status Show ip int brief Show int vlan Show vlan Show IP Route Show Run |
!=========Router
0 Interface Configuration ========= Hostname StickRouter Int fa0/0.66 Encapsulation
dot1q 66 ip address 10.1.1.62
255.255.255.192 Int fa0/0.77 Encapsulation
dot1q 77 ip address 10.1.1.94
255.255.255.224 R1(config)# int fa0/0.99 R1(config-subif)#encapsulation dot1q 99 native int fa0/0 no shut !Security
Configuration !------------------------- banner motd #This is CCNA3 Final# enable secret
class no ip domain-lookup line console
0 password
cisco login line vty 0 15 password
cisco login end =OSPF================================== Enable Config t Router ospf 1 Network
10.1.1.0 0.0.0.3 area 0 Network
172.17.1.0 0.0.0.255 area 0 Network
172.17.10.0 0.0.0.255 area 0 ip route Use to
disable the transmission of routing updates on the interface, meaning that
OSPF routing information is neither sent by nor received through the
interface - use the "passive-interface" verb: ISP(config)#router ospf 1 ISP(config-router)#passive-interface fa0/0 R1(config)#router ospf 1 R1(config-router)#default-information originate R1(config-router)#ip route 0.0.0.0
0.0.0.0 se0/0/1 !--Propagate
the default OSPF Route: R1(config)#router ospf 1 R1(config-router)#default-information originate !--OSPF
Area Authentication per Interface: ip
address 192.16.64.2 255.255.255.0 ip
ospf message-digest-key 1 md5 cisco123 R1(config-router)#area 0
authentication message-digest !--- Message digest key with ID "1" and !--- Key value (password) is set as "cisco123". ================================================================== !OSPF example
With MD5 Authentication !Note that
the message-digest-key statement must
be done for every interface !R3_R9 router ospf 1 network
123.23.23.0 0.0.0.255 area 0 network
113.13.13.0 0.0.0.255 area 0 network
103.3.3.0 0.0.0.255 area 0 area 0
authentication message-digest int s0/0/0 ip ospf
message-digest-key 1 md5 MyOSPFPassword int s0/0/1 ip ospf
message-digest-key 1 md5 MyOSPFPassword !Propagate
the route in OSPF ip route 209.165.201.0
255.255.255.224 serial 0/0/1 router OSPF default-information
originate ================================================================== Config t Int se0/0 Ip address 10.0.0.1
255.255.255.252 Clock rate
64000 !=======
172.16.0.0 /24 max ---------------------------- ----- 5 hosts 172.16.1.0 /29 /248
6 +8 10 hosts
172.16.2.0 /27 /240 14
+16 20 hosts
172.16.3.0 /27 /224 30
+32 40 hosts
172.16.5.0 /26 /192 62
+64 reload !=======
192.168.1.0 /25 ---------------------------- 10
hosts 192.168.1.0 /27 /224 97 -> 110 20
hosts 192.168.1.32 /27 /224 33 ->
62 30 hosts
192.168.1.64 /28 /192 65 ->
78 !=======
10.1.1.0 /24 max ---------------------------- ----- 5 hosts 10.1.1.1.0 /29 /248
6 +8 10 hosts
10.1.1.2.0 /27 /240 14
+16 20 hosts
10.1.1.3.0 /27 /224 30
+32 40 hosts
10.1.1.5.0 /26 /192 62
+64 !======emergency
reload========= enable erase startup-config delete
vlan.dat reload !=======Passive
OSPF Interfaces=== BRANCH(config)#router ospf 1 BRANCH(config-router)#passive-interface fa0/0.1 BRANCH(config-router)#passive-interface fa0/0.10 BRANCH(config-router)#passive-interface fa0/0.99 !==Static Network Address
Translation (NAT)====================== ================================================================= !
Establish static translation between inside local address !
and outside global address ! Local IP Global IP Ip nat inside source
static 192.168.10.254 209.165.200.254 ! Identify S0/0/0 as the
inside NAT interface Int s0/0/0 Ip nat
inside ! Identify S0/0/1 as the
outside NAT interface Int S0/0/1 Ip nat
outside !==Dynamic Network Address
Translation (NAT)====================== !!!! Example 1 ! in this example S0/0/0 is
inside, S0/0/1 is outside !================================================================= ! Define pool of global
addresses to be allocated as needed ! start-IP end-IP mask Ip nat
pool NAT_POOL_1 209.165.200.226
209.165.200.250 netmask 255.255.255.224 !define standard access
list permitting those addresses that are to be translated Access-list 1 permit
192.168.0.0 0.0.255.255 !Establish dynamic source
translation, specifying the access list Ip nat
inside source list 1 pool NAT_POOL_1 ! Specify the inside NAT
interface Int se0/0/0 Ip nat
inside ! Specify the outside NAT
interface Int S0/0/1 Ip nat
outside !================================================================= !!! NAT Example 2 (more verbose) !================================================================= !!!
Configure Dynamic NAT with a Pool of Addresses !!!
Step 1: Define a pool of global addresses. !
Create a pool of addresses to which matched source addresses are translated. !
The following command creates a pool named MY-NAT-POOL !
that translates matched addresses to an available IP address !
in the 209.165.200.241 to 209.165.200.246 range. ip nat pool MY-NAT-POOL
209.165.200.241 209.165.200.246 netmask
255.255.255.248 !!!
Step 2: Create a standard access control list !!!
to identify which inside addresses are translated. ip access-list standard NAT_ACL permit 172.16.10.0 0.0.0.255 permit 172.16.11.0 0.0.0.255 !!!
Step 3: Establish dynamic source translation !!!
by binding the pool with the access control list. !
A router can have more than one NAT pool and more than one ACL. !
The following command tells the router which address pool !
to use to translate hosts that are allowed by the ACL. ip nat inside source list
NAT pool MY-NAT-POOL !!!Overload
Option: ip nat inside source list
NAT pool MY-NAT-POOL overload !!!
Step 5: Specify inside and outside NAT interfaces. interface
fa0/0 ip nat inside interface
serial 0/0/0 ip nat inside interface
serial 0/0/1 ip nat outside !================================================================= !==NAT OVERLOAD
Configuration (may PC's to 1 global address)====== ! in this example S0/0/0 is
inside, S0/0/1 is outside !================================================================= ! Define standard
access-list permitting those addresses ! that are to be translated Access-list 1 permit
192.168.0.0 0.0.255.255 ! Establish dynamic source
translation, ! specifying the
access-list defined in the prior step Ip nat
inside source list 1 int se0/0/1 overload ! Specify the inside NAT
interface Int se0/0/0 Ip nat
inside ! Specify the outside NAT
interface Int S0/0/1 Ip nat
outside !==NAT OVERLOAD
Configuration using pool of public addresses ===== ! in this example S0/0/0 is
inside, S0/0/1 is outside !================================================================= ! Define standard
access-list permitting those addresses ! that are to be translated Access-list 1 permit
192.168.0.0 0.0.255.255 ! Define pool of address
named NAT_POOL_2 to be used in NAT Ip nat
pool NAT_POOL_2 209.165.200.226
209.165.200.240 Bind pool NAT_POOL_2 with
Access-Control list 1 Ip nat
inside source list 1 pool NAT_POOL_2 overload ! Specify the inside NAT
interface Int se0/0/0 Ip nat
inside ! Specify the outside NAT
interface Int S0/0/1 Ip nat
outside |
|
ALWAYS
do a Copy run start To
save the configuration! |
||
|
!------------------------------- !--Basic
Configuration Commands !------------------------------- enable erase startup-config delete
vlan.dat reload line console
0 logging
synchronous enable config t hostname S1 banner motd #This is the banner for S1# enable secret
class no ip domain-lookup line console
0 password
cisco login line vty 0 15 password
cisco login end |
||
|
!===========Server
Switch================= !------------------------ no ip domain-lookup int range fa0/1-24 shut !------------------------ Switch(config)# vtp mode server/client Switch(config)# vtp domain Practice2 (must be consistent) Switch(config)# vtp password Practice2 !------------------------ int range fa0/21-24 switchport mode trunk switchport trunk native vlan 100 vlan 100 name
Management !------------------------ en!Configure VTP server with VLAN (the VTP server is S0) vlan 5 name Finance vlan 5 name Sales !Trunk Links
& Native VLAN on ALL SWITCH-to-SWITCH! !-------------------------------------------------- Int range fa0/23-24 switchport mode trunk switchport trunk native vlan 100 <<<<========= Switch Ports
to PC or Hosts !---------------------------------------- S1(config)#int range fa0/7-18 S1(config-if-range)#switchport mode access S1(config-if-range)#switchport access vlan 15 !
------------------------ spanning-tree
vlan 1 root primary spanning-tree
vlan 5 root primary spanning-tree
vlan 6 root primary spanning-tree
vlan 100 root primary !======CLIENT ROUTER============================ vtp mode client vtp domain Practice2 vtp password Practice2 end !Configure
Management Interface on DLS2 !------------------------------------- enable config t int vlan101 ip address 10.1.2.115
255.255.255.240 no shut !!to verify
do a show spanning-tree !==========Switch
to Router===================== int fa0/1 Switchport mode trunk switchport trunk native vlan 100 copy run
start !==========Static
and default Routes============ ip route [destination_network]
[mask] [next-hop_address
or exit_interface]
[administrative_distance]
[permanent]
ip route 0.0.0.0 0.0.0.0
10.0.0.2 ip route 0.0.0.0 0.0.0.0 Se0/0/1 In this command
192.0.0.0 is the destination network and 255.0.0.0 is the subnet mask on
destination network and 192.0.0.2 is the ip
address of next hope 192.0.0.0 = destination
network. 255.0.0.0 = subnet mask. 192.0.0.2 = next-hop
address. IP address 192.168.10.1 255.255.255.0 no shut !=====================DHCP
Sample Configurations================== !================================================================= !Note: There are two DHCP
pools here and a helper address
!!!!!!! !!!DHCP !!!!!!! !Router R1 !!! Pool 101 !==Step 1: Define
Excluded Addresses (typically statics) Enable Config t Ip dhcp excluded-address 101.1.1.1 101.1.1.8 !!!==Step 2.1:
Create a DHCP Pool of addresses Ip dhcp pool LAN_POOL_101 Network
101.1.1.0 255.255.255.0 !!! Default router
(gateway address closest to PC) Default-router
101.1.1.1 end !!! Poll 102 !==Step 2: Define
Excluded Addresses (typically statics) Enable Config t Ip dhcp excluded-address 103.3.3.1 103.3.3.8 !!!==Step 2.1:
Create a DHCP Pool of addresses Ip dhcp pool LAN_POOL_103 Network
103.3.3.0 255.255.255.0 !!! Default router
(gateway address closest to PC) Default-router
103.3.3.3 !(typically on a
different router) ! Helper address on
router closest to PC, ! pointing to
closest port to the DHCP router enable config t int fa0/0 ip helper-address 113.13.13.1 ========================================================= A simpler DHCP
Example, with "Simulated DNS" ========================================================= !Router R1 R1_LAN10 !!!==Step 1: Define
Excluded Addresses Enable Config t Ip dhcp excluded-address 172.16.10.1 172.16.10.3 !!!==Step 2: Create
a DHCP Pool of addresses Ip dhcp pool R1_LAN10 Network
172.16.10.0 255.255.255.0 !!!==Step 3: Set
parameters !note: the default
router is really the default gateway Default-router
172.16.10.1 !!!==Step 3: Set
DHCP Helper (DHCP relay router) !!! The interface
here is closest to the client (PC in general) !!! The IP address
is the address of the DHCP server. !!! This is used if
the PC is on a different network segment !!! than the server !Optional: !Helper address on router
closest to PC pointing to closest port on DHCP router enable config t int fa0/0 ip helper-address 192.168.10.1 !!! Configure pool
with a default gateway and !!! a
"simulated DNS" at 172.16.20.254 ip dhcp pool R1_LAN10 network 172.16.10.0
255.255.255.0 default-router
172.16.10.1 dns-server 172.16.20.254 ================================================================== |
||
|
Standard Access Control List (ACL) |
access-list [Access_list_number]
[permit | deny] [IP_address] [wildcard
mask (optional)] |
|
Extended Access Control List (ACL) |
access-list [Access_list_number]
[permit|deny] IP_protocol
source_address source_wildcard_mask [source_protocol_information]
destination_address
destination_wildcard_mask [destination_protocol_information]
[log] |
CCNA
4 Final Practice Notes
|
CCNA 4
Final Practice Notes Good
example configuration using both lmi-type q933a and
ANSI for Frame-Relay. http://networkforum.org/forum/viewtopic.php?f=8&t=72 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!Frame-Relay Switch Configuration for two Serial Ports (middle carrier) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!Note: the interface here below is the standard interface
for the local port exit Note:
PPP and Frame-Relay are mutually exclusive. (One cannot encapsulate the other) !============================= !(on a different router than the DHCP) ============================== !Standard NAT ============================== ! 1) the default route ! 2) the two-instructions default-information
originate which requires the router ospf 1
instruction first ! Here is the static route to return the pings
from the 200... range that has been translated from the ! Inside 198..... network ! This is coded on the ISP router !This is on the ISP: ! This static IP route is allowing only the
range from 200.2.2.0 to 200.2.2.7. How this is done is with ! a subnet mask: the last octet in the top of
the address range is 7 (in 200.2.2.7). ! To figure out the mask, look at binary 7
(111) and do the reverse of that for the last octet of the mask ! which means there will be 5 1's and 3 0's in
the last mask as in (11111000) = 248. So the mask is: ip route 200.2.2.0 255.255.255.248 Serial0/0.1 !OSPF with
Frame-Relay !===================================================== area 0
authentication message-digest int s0/0 int s0/1 !!! Note: Anytime
the network has frame-relay links, use the following to ensure OSPF does
propagate !!! Who knows
why.... OK. the explanation is: !!!This command
manually sets the OSPF network type to broadcast, this is a default for ethernet links. ip ospf network broadcast !========================== !======================================================================== !!! Ping ACL -
Note: this is an extended ACL, so it should be placed closest to the origin
of the ping. ======================================================================================================= !!! Extended Access
List !!! Ping ACL -
Note: this is an extended ACL, so it should be placed closest to the origin
of the ping. access-list 101
deny icmp
host 101.1.1.10 host 113.13.13.3
echo access-list 101
deny icmp
host 101.1.1.10 host 123.23.23.3
echo access-list 101
permit ip any any int F0/0 ip access-group 101 in !!!! Access List Debugging show access-list !!! Remove Access
list is a two-step operation: !!! 1) Collapse the
Access-List no access-list 101 !!! 2) Remove the
Access-list from the interface int f0/0 no ip access-group 101 !!! Note the
inconsistency, an acces-list, once it is applied to
an interface is deemed an access-group
|
Network Address Translation - NAT
|
!Standard
NAT !=======Network
Address Translation (NAT)=== !pool
of addresses to be allocated (beginning, end, mask) Ip nat
pool NAT_POOL_1 209.165.200.226
209.165.200.240 netmask 255.255.255.224 !Standard access list
permitting those addresses that are to be tranlated Access-list 1 permit
192.168.0 0.0.0.255 !Dynamic source translation
specifying access list defined in prior step Ip nat
inside source list 1 pool NAT_POOL_1 !interface connected to the
inside Interface Se0/0/0 Ip nat
inside !interface connected to the
outside Interface Se0/0/1 IP nat
outside |
|
!=======
Static Network NAT=== !one
IP address to one IP address Ip nat
inside source static 192.168.10.254
209.165.200.254 Interface
se0/0/0 Ip nat
inside Interface
se0/0/1 Ip nat
outside |
|
!=======
Network Address Translation Overload (aka Port Address Translation (PAT)=== Access-list
1 permit 192.168.0.0 0.0.255.255 Ip nat
inside source list 1 interface se0/0/1 overload Interface
se0/0/0 Ip nat
inside Interface
se0/0/1 Ip nat
outside |
|
======NAT
Troubleshooting Show
ip nat translations Show
ip nat translations
verbose |
Frame Relay Practical Examples
|
configuring a static
Frame Relay map, is optional unless you are using sub-interfaces. The
Frame Relay
map will map aLayer 3 address
to a local DLCI. Note that the DLCI numbers are the target (102 for R2, 101 for R1). This step is optional because inverse-arp will automatically perform
this map for you. The syntax for a Frame Relay
map is as follows: Frame-Relay End-Configuration for one Serial Port
(HQ) HQ(config-if)#int s0/0/0 HQ(config-if)#ip address 10.0.0.1 255.255.255.248 HQ(config-if)#encapsulation
frame-relay HQ(config-if)#frame-relay
lmi-type ansi For point-to-point
frame-relay sub-interface, use the following command: HQ(config-if)#frame-relay
interface-dlci 104 For frame-relay
major interface, use the following
command: HQ(config-if)#frame-relay
map ip 10.0.0.4 104 broadcast ietf note: use either
frame-relay interface-dlci OR frame-relay map IP
but not both HQ(config-if)#no
shut - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - Frame-Relay End-Configuration for one Serial Port
(East) EAST(config-if)#int s0/0/0 EAST(config-if)#ip address 10.0.0.4 255.255.255.248 EAST(config-if)#encapsulation
frame-relay ietf EST(config-if)#frame-relay
lmi-type ansi EAST(config-if)#frame-relay
interface-dlci 401 note: use either
frame-relay interface-dlci OR frame-relay map IP
but not both EAST(config-if)#no shut - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - Frame-Relay Switch
Configuration for two Serial Ports (middle carrier) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ! Frame Relay Switch
(transparent transporter) ! incoming interface frame-relay switching int s0/1 clock rate 64000 encapsulation frame-relay frame-Relay intf-type dce ! route incoming packets from 102 (S0/0) to 201 via S0/1 frame-Relay route 102 int S0/0
201 no shut ! incoming interface int s0/0 clock rate 64000 encapsulation frame-relay frame-Relay intf-type dce ! route incoming packets from 201 (S0/1) to 102 via S0/0 frame-Relay route 201 int S0/1 102 no shut - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !Back
to Back Frame-Relay (no middle "frame-relay cloud") !
DCE side !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !Back-to-back Frame-Relay !R3# ! int s0/0 clock rate 64000 ip address 113.13.13.3
255.255.255.0 encapsulation frame-relay no keepalive serial restart-delay 0 frame-relay map ip 113.13.13.1 100
broadcast no shut end !R1# int s0/0 ip address 113.13.13.1
255.255.255.0 encapsulation frame-relay no keepalive
serial restart-delay 0 frame-relay map ip 113.13.13.3 100 broadcast no shut end - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - Configuring Frame-Relay
with Sub-Interface !!!R1 with DLCI 102 !!!!!!!!!!!!!!!!!!!!!!!!!!! enable config t interface se0/0/0 encapsulation frame-relay no shutdown exit !!!Note: the interface here
below is the standard interface for the local port interface se0/0/0.102
point-to-point ip address 10.2.1.1
255.255.255.252 frame-relay interface-dlci 102 int s0/0/0.102 no shut end !!! !!!R2 with DLCI 201 !!!!!!!!!!!!!!!!!!!!!!!!!!! enable config t interface se0/0/0 encapsulation frame-relay no shutdown exit interface se0/0/0.201
point-to-point !!!Note: the interface here
below is the standard interface for the local port ip address 10.2.1.1
255.255.255.252 frame-relay interface-dlci 201 int s0/0/0.201 no shut end !!! - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - Debug: show frame-relay map |
Frame Relay
Commands & Reference
R1(config-if)#encapsulation frame-relay [ietf] |
Frame Relay encapsulation
(default encapsulation type: cisco, can be overridden to ietf) |
|
R1(config-if)#frame-relay
lmitype {ansi | cisco |
q933a} |
This command sets the LMI type
to |
|
R1(config-if)#frame-relay
interface-dlci 110 |
Enter frame-relay DCLI
configuration mode |
frame-relay map protocol address dlci [broadcast] [cisco | ietf] e.g.: R1(config-if)#frame-relay
map ip
10.5.1.1 200 broadcast |
Remote IP
address (10.5.1.1) to local DLCI 200). |
|
R1(config-if)#no
frame-relay inverse arp |
No Inverse ARP (optional) |
|
R1#show frame-relay map |
Display IP/DLCI map |
|
R1#show frame-relay pvc |
Display PVCs |
|
R1#show frame-relay lmi |
Displays LMI data |
|
R1#clear frame-relay
counters |
Resets Frame Relay counters |
|
R1#clear frame-relay inarp |
Clear Inverse ARP entries |
|
R1#debug frame-relay lmi |
Debug LM exchanges |
|
Protocol |
Defaults |
Election First Priority |
Notes |
|
Spanning-tree Protocol STP |
-
Switch management VLAN -
All VLAN's Allowed -
STP automatically enabled -
All ports belong to VLAN 1 -
Revision # -
Pruning Mode |
1)
Lowest Bridge ID (BID) 2)
Lowest mac Address |
Mode:
Transparent - forwards BTP packets Forward or STP
Blocking Receives/Forwards BPDU (bridge protocol data unit) but not frames spanning-tree vlan 99 root primary (only necessary on
the root bridge) S1(config)#spanning-tree
vlan 10 priority 4096 S1(config)#spanning-tree
vlan 20 priority 4096 S1(config)#spanning-tree
vlan 30 priority 4096 S1(config)#spanning-tree
vlan 99 priority 4096 |
|
OSPF (n(n–1))/2 Adjacencies (10 routers: 45 ajacencies) |
Default
priority ID of 1 The router priority
and OSPF router ID are the factors for determining who will become the DR and
BDR. If a loopback interface is present the lowest numbered loopback
interface will become the OSPF router ID. But the router ID can
be an address of another interface if the loopback does not
exist. It is a best practice to
always configure a loopback with OSPF. |
Highest
Priority Priority
Setting: R1(config)# interface f0/0 R1(config-if)# ipv6 ospf priority
100 Top
priority is DR (Designated Router) Second
best is DROTHER (Designated
Router Other) |
OSPF routers sends a
periodic packet referred to as the hello packet 'multicast 224.0.0.5' every
10 seconds for multi-access Every 30 seconds for
point-to-point ---------------------------------------------------- |
|
EIGRP Uses DUAL
algorithm "feasible
successors" |
Cisco
Proprietary EIGRP only
distributes information about routes that have changed Features
DUAL algorithm Supports
VLSN |
|
|
|
RIP V2 (RIP V1 not
covered here) |
Router>enable no auto-summary Note: auto-summary is the RIP-V2 default. No auto-summary is
optional to disable this feature. default-information
originate Redistributes routes from one routing domain into another
routing domain. |
|
|
Cisco Modes
|
Description |
Keyboard Shortcut |
Mode known as |
Prompt |
|
User mode |
Router> |
|
|
|
Enter Privilege mode |
Router>enable |
Privileged mode |
Router# |
|
Enter configuration mode |
Router#configure
terminal |
Global Config
mode |
Router(config)# |
|
Enter Interface mode |
Router(config)#interface
fa0/1 |
Interface mode |
Router(config-if)# |
Subnets
|
/Network Notation |
/25 |
/26 |
/27 |
/28 |
/29 |
/30 |
/31 |
/32 |
|
/Network Notation |
/17 |
/18 |
/19 |
/20 |
/21 |
/22 |
/23 |
/24 |
|
Host Bits |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
|
Mask Notation |
128 |
192 |
224 |
240 |
248 |
252 |
254 |
255 |
|
OSPF Mask |
127 |
63 |
31 |
15 |
7 |
3 |
1 |
0 |
Number of Hosts per Net,
depending on Net bits
|
Net Bits |
Networks |
Host Bits |
Hosts |
|
2 |
4 |
6 |
64-2=62 |
|
3 |
8 |
5 |
32-2=30 |
|
4 |
16 |
4 |
16-2=14 |
|
5 |
32 |
3 |
8-2 = 6 |
|
6 |
64 |
2 |
4-2
= 2 |
Quick VLAN Reference
|
VLAN Type |
Characteristics |
|
Management
VLAN |
Requires
IP address on VLAN Interface |
|
User VLAN |
Is only
assigned ports - no IP address necessary |
|
Native
VLAN |
Has the
trunk |
|
Default
VLAN |
All ports
start with default VLAN, VLAN 1 |
|
Voice
VLAN |
Uses QoS |
A great
subnet calculator bitcricket (note: this
link is to cnet.com, the original link is broken)
OSPF Single-Area
Configuration
interface Ethernet 0/0
ip address 10.1.1.1 255.255.255.0
interface serial 0/0
ip address 10.1.4.1 255.255.255.0
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
Network :
What interfaces you want to include in OSPF configuration . Here 10.0.0.0
Wildcard Mask: If bit set to 1, "don’t
care" bit (and 0 = include) . Here 0.255.255.255
Area : What
area this router is in. Here area 0
OSPF Configuration with
Multiple Areas
If router has interfaces in multiple areas:
router ospf 1
network 10.1.1.1 0.0.0.0 area 0
network 10.1.4.1 0.0.0.0 area 1
network 10.1.6.1 0.0.0.0 area 0
Useful
Commands
show ip ospf interface ->Details IP address, area , Router
ID, Hello/Dead Interval, etc. for all interfaces
show ip route ->
Shows all routes known by the router (C – Connected, O – OSPF)
show ip ospf neighbor ->
Shows the routers ospf neighbors
Remember that the RID is that router’s highest IP
address on a physical interface when OSPF starts running. Alternatively, if a
loopback interface has been configured, OSPF uses the highest IP address on a
loopback interface for the RID, even if that IP address is lower than some
physical interface’s IP address.
|
OSPF Troubleshooting ·
View
neighbors: ·
Run
debugging: ·
To
identify the interface: ·
To
change hello interval for that interface: |
|
IPv6 Troubleshooting To view all neighbours and find the ones that have IPv6
addresses: This will dump a
text file named dns_list.txt in the C: drive, which can easily be imported to
Excel. |
Device Configuration Glossary
|
Category |
Description |
Commands |
|
001_Prep |
Assign IP address to vlan |
Switch(config)#int vlan 1 Switch(config-if)#ip addr 172.22.1.11 255.255.255.0 |
|
001_Prep |
Changes the config register which controls what the router does when the router boots |
Router(config)#config-register 0x2102 |
|
001_Prep |
Configure a Message Of The Banner, with an
ending character of $ |
Switch(config)#banner motd $ |
|
001_Prep |
Configure device
system name |
Switch(config)#hostname sw1 |
|
001_Prep |
Defines a
local host file. Like /etc/hosts in unix |
Router(config)#ip host mypc 10.1.1.3 |
|
001_Prep |
Disables DNS lookup. Useful when a command
as been miss typed |
Router(config)#no ip domain-lookup |
|
001_Prep
|
Displays the clock |
Switch#show
clock |
|
001_Prep |
Enable password encryption on all clear text password
within the configuration file |
Switch(config)#service password-encryption |
|
001_Prep |
Manually starts the setup dialog which is automatically invoked when the
device starts with no
config |
Switch#setup |
|
001_Prep |
Set the timezone and automatically adjust |
Switch(config)#clock timezone gmt 0 Switch(config)#clock summer-time gmt Recurring |
|
001_Prep |
Sets the encrypted enable password |
Switch(config)#enable secret cisco |
|
001_Prep
- Boot |
Reboots the device |
Switch#reload |
|
001_Prep
- Memory |
Displays the config
held in DRAM. Which is lost
if
not copy run
start command is
not used |
Switch#show
running-config |
|
001_Prep
- Memory |
Displays the file contents of the flash |
Switch#show
flash |
|
001_Prep
- Memory |
Displays the NVRAM (None volatile) config. |
Switch#show startup-config |
|
001_Prep
- OS |
Copies files from
a TFTP server the device flash |
Switch#copy tftp flash |
|
001_Prep
- OS |
Copies IOS files to a TFTP server |
Switch#copy
flash tftp |
|
001_Prep
- OS |
Display the IOS version along with other useful info e.g. sys uptime, config register
etc |
Switch#show
version |
|
001_Prep
- OS |
Erase the config held in NVRAM. If this is followed
with the reload
command all configuration is lost |
Switch#erase startup-config |
|
001_Prep
- OS |
Saves the config. Without this command all changes/configuration will be lost. |
Switch#copy
running-config startup-config |
|
001_Prep
- OS |
Saves the running config to a TFTP server |
Switch#copy
running-config tftp |
|
010_Route
DHCP |
Enable the
router to provide a DHCP service. |
Router(config)#ip dhcp
pool MYPOOL Router(dhcp-config)#network 10.1.1.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.1.1 Router(dhcp-config)#exit Router(config)#ip dhcp
excluded-address 10.1.1.1 10.1.1.99 |
|
010_Route
EIGRP |
EIGRP
can be configured in a
similar way to RIP or the mask option could be used |
Router(config)#router eigrp 1 Router(config-router)#network 172.16.0.0 Or Router(config-router)#network 172.16.2.0 0.0.0.255 |
|
010_Route
NAT |
Configuring
a static NAT to allow
a server to be access via the Internet, using the IP address on interface
s0/0/1 |
Router(config)#ip nat
inside source static 10.1.1.2
interface s0/0/1 |
|
010_Route
NAT |
Defining
interface which NAT takes
place between |
Router(config)#int fa0/0.1 Router(config-if)#ip nat inside |
|
010_Route
OSPF |
Enable
OSPF on any local interface
which start with the ip address 10.1.x.x. Note the inverted
mask |
Router(config-)#router ospf 1 Router(config-router)#network 10.1.0.0 0.0.255.255 area 0 |
|
010_Route
OSPF |
Enable
OSPF on any local interface
which start with the ip address 10.1.x.x. Note the
inverted mask |
Router(config-)#router ospf 1 Router(config-router)#network 10.1.0.0 0.0.255.255 area 0 |
|
010_Route
RIP |
Enables RIP version
1 on all LOCAL interfaces which have a 10.x.x.x address Enables RIP version
2 |
Router(config)#router rip Router(config-router)#network 10.0.0.0 Router(config-router)#version 2 !Propagate
the route in RIP ip route 0.0.0.0 0.0.0.0 209.165.201.2 router
rip Version
2 default-information
originate |
|
010_Route
RIP |
Enables
RIPng |
Router(config)#ipv6 unicast-routing ROuter(config)#ipv6 router rip ccna Router(config)#int s0/0/0 Router(config-if)#ipv6
rip ccna enable |
|
010_Route
Static |
Defines a
static route. Renumber static routes have an admin distance
of 1. Therefore will over ride any dynamic routing. |
Router(config)#ip route 50.0.0.0
255.0.0.0 10.1.2.1 ---Or--- using the interface: RouterB (config) ip route
192.168.1.0 255.255.255.0 Se0/0/1 ---Or--- using the default route: RouterB (config) ip route
0.0.0.0 0.0.0.0 Se0/0/1 ---Note: --- Default
Route to be recorded on a single router only: static
default route it is only applied to the router on which you configure it on: R1 ( config )# ip route 0.0.0.0 0.0.0.0 se
0/0/1 ---Or--- Default
Route to be propagated to other routers: ip route
default-network 10.0.0.0 default-network will send the default route out it's
routing protocol: R1
( config )# ip route
default-network 10.0.0.0 !
Example with a static route and a default route: !
Static Route: ip route
209.165.200.240 255.255.255.240 serial 0/0/1 !
Configure a default route on R2 and propagate the route in OSPF. ip route 0.0.0.0 0.0.0.0 209.165.200.226 router
ospf 1 default-information
originate Fields • Prefix: A network address for which you want to enter a route IP Address—Specifies the internal or external
network IP address. Use 0.0.0.0 to specify a default route. The 0.0.0.0 IP address can be abbreviated as 0. • Mask: The network mask used for the network address Mask—Specifies the network mask address that applies to the
IP address. Use 0.0.0.0 to specify a default route. The 0.0.0.0 netmask
can be abbreviated as 0. • Address: IP address of the next hop address •
Interface: If you do not know the IP address of the next
hop, you can enter the interface that you want the packets to exit in order
to reach the destination address. You cannot interface a parameter if it is a
point-to-multipoint interface such as Ethernet or frame relay. • Distance (optional): The Administrative distance (By default, the
distance is 1 for all static routes that use a next hop address, or 0 for all
static routes that specify an exit interface.) • Tag (optional): A value that can be used to match a value for
controlling redistribution via route maps • Permanent (optional):
Specifies that the route will not be removed from the routing table, even if
the interface is down |
|
030_VLAN |
Add vlan
using config mode |
switch(config)#vlan 11 switch(config-vlan)#name test |
|
030_VLAN |
Assign Default gateway, note the
mode |
Switch(config)#ip default-gateway
10.1.1.1 |
|
030_VLAN |
Assign interface to vlan |
switch(config-if)#switchport access vlan 11 |
|
030_VLAN
|
Creates a
logical sub interface below the physical interface Enables 802.1q trunking on the interface Define the ip address |
Router(config)#int fa0/0.1 Router(config-subif)#encapsulation dot1Q 1 native Router(config-subif)#ip address
10.1.1.1 255.255.255.0 notes: |
|
030_VLAN |
Enables portfast |
Switch(config)#int fa0/1 Switch(config-if)#spanning-tree portfast |
|
030_VLAN |
Sets the switch
priority for the vlan. This combined with the switch
mac address creates
the switch BID |
Switch(config)#spanning-tree vlan 1
priority 4096 |
|
030_VLAN
Client |
Changes the VTP mode from the default ‘server’ mode to client mode. In client
mode no changes can
be made |
Switch(config)#vtp mode client |
|
030_VLAN
Create/Name |
Creates a
vlan. Note this now done in config mode not vlan database. Also note the ‘int vlan’ command does not
create
vlans |
Switch(config)#vlan 2 Switch(config-vlan)#name sales |
|
030_VLAN
Domain |
Manually assign a switch to a VTP domain. A switch will automatically become
part of a VTP domain
if it’s currently in the ‘null’ domain and receives a VTP frame |
Switch(config)#vtp domain lab |
|
030_VLAN
Interface Assign |
Assign an interface to vlan 2 |
Switch(config-if)#switchport access vlan 2 |
|
030_VLAN
Server |
Enable the
http server to SDM can be used |
Router(config)#ip http server |
|
030_VLAN
Spanning-Tree |
Enables RSTP. Other options are, PVST and MST |
Switch(config)#spanning-tree mode rapid-pvst |
|
030_VLAN
Trunk |
Unconditionally forces an interface into trunking. Other options are access and dynamic |
Switch(config-if)#switchport mode
trunk |
|
040_Interface |
Configure Interface fa0/1 @ speed 100 Mbps and full duplex |
Switch(config-if)#speed 100 Switch(config-if)#duplex full |
|
040_Interface |
Defines the
type of LMI being used. If left un- configured the correct LMI type should
be automatically detected |
Router(config-if)#frame-relay lmi-type
cisco Or: Router(config-if)#frame-relay lmi-type
ietf |
|
040_Interface |
Disable Interface |
Switch(config-if)shutdown |
|
040_Interface |
Displays
the interface operational
status and IP addresses for all router interfaces |
Router#show ip interface brief |
|
040_Interface
|
Enable Interface |
Switch(config-if)no shutdown |
|
040_Interface |
Select
Interface Select a range of interfaces (version dependant) |
Switch(config)#int fa0/1 Switch(config)#int range fa0/1 – 12 |
|
040_Interface |
Set the interface description |
Switch(config-if)#description |
|
040_Interface |
Set the serial interface WAN encapsulation. Other options are PPP or frame-relay |
Router(config)#interface serial 0/0/0 Router(config-if)#encapsulation ppp (optional:) Router(config-if)#compress [predictor | stac] Or Router(config-if)#encapsulation hdlc |
|
040_Interface |
Sets the logical (not physical) bandwidth of
interface. This is used by routing
protocols, SNMP queuing
etc |
Router(config)#int s0 Router(config-if)#bandwidth |
|
040_Interface |
Sets the physical clock |
Router(config-if)#clock rate 64000 |
|
040_Interface
PPP PAP |
PAP
ppp authentication This command
enable chap on
the interface.
|
Here is PAP authentication done ON R1 to R2 R1(config)#username R2 password cisco123 R1(config)#interface s0/0/0 R1(config-if)#encapsulation ppp R1(config-if)#ppp authentication
pap R1(config-if)#ppp pap
sent-username R1 password cisco123 |
|
040_Interface
PPP CHAP |
CHAP
ppp authentication This command
enable chap on
the interface.
|
!======================================================================== ! Here is CHAP
authentication done between R2 to R3 !========================================================================= !R2 !Here
is CHAP authentication done ON R2 to R3 username
R3 password SAITCHAP interface
s0/0/0 encapsulation
ppp ppp authentication chap !R3
!Here
is CHAP authentication done ON R3 to R2 username
R2 password SAITCHAP int s0/0/0 encapsulation
ppp ppp authentication chap |
|
050_Security |
Enable Port Security. |
Switch(config-if)#switchport mode
access Switch(config-if)#switchport
port-security [ENTER] Switch(config-if)#switchport
port-security mac-address sticky |
|
050_Security
Access Console |
Enable and
define console password
of ‘cisco’ |
Switch(config)#line con 0 Switch(config-line)#login Switch(config-line)#password cisco |
|
050_Security
Access Telnet |
Configures 5
Telnet sessions each with
a password
of ‘cisco’ |
Switch(config)#line vty 0 4 Switch(config-line)#login Switch(config-line)#password cisco |
|
050_Security
ACL |
An
example using named ACL
instead of numbers |
Router(config)#ip access-list extended
my_list Router(config-ext-nacl)# deny tcp host 172.16.1.1
host 172.16.2.1 eq ftp Router(config-ext-nacl)# permit ip any any The full syntax of the standard ACL command is as
follows: Router(config)#access-list access-list-number [deny | permit |
remark] source [source-wildcard] [log] The full syntax of the standard ACL command to
filter a specific host is as follows: Router(config)#access-list access-list-number [deny | permit]
source [log] |
|
050_Security
ACL |
Attaching
a named ACL to an
interface |
Router(config)#int fa0/0 Router(config-if)#ip access-group my_list in |
|
050_Security
ACL |
Defines
a standard ACL. Standard
ACL use number 1-99 |
Router(config)#access-list 1 permit 172.16.1.1 |
|
050_Security
ACL |
Defines
an Extended ACL. The
first address is the source IP address |
Router(config)#access-list 101 deny tcp host 172.16.1.1
host 172.16.2.1 eq telnet Router(config)#access-list 101 permit ip
any Any |
|
050_Security
ACL |
Use
the group command to attach
an ACL to an interface. is
used under an interface if the ACL is to filter traffic |
Router(config)#interface fa0/0 Router(config-if)#ip access-group 101
out |
|
050_Security
ACL |
Use
the show to display access lists (ACL) |
Router(config)# show access-lists |
|
050_Security
PPP |
Defines a
username and password. The list can
be used for many things from
PPP authentication to user access |
Router(config)#username sue password cisco |
|
060_Session |
Synchronise
console messages (keep
what
you have typing
on the screen) |
Switch(config-line)#logging synchronous |
|
060_Session
Mode |
Abort sequence |
<Shift>
<Ctrl> 6 |
|
060_Session Mode |
Forcible closes a
telnet session |
Switch#disconnect |
|
060_Session
Mode |
Set the device local clock. Note this is not done in
config mode |
Switch#clock
set 10:00:00 July 14 2011 |
|
060_Session
Mode |
Show the
current sessions. The one with a * is your active session |
Switch#show
sessions |
|
060_Session
Mode |
Suspend Telnet Session |
<Shift>
<Ctrl> 6(then let all keys go, then)x |
|
099_Debug |
By default displays the last 10 commands |
Switch#show
history |
|
099_Debug |
Displays the ARP cache |
Switch#show arp |
|
099_Debug
|
Displays the users currently logged on |
Switch#show
users |
|
099_Debug
|
Ping selected address |
Switch#ping 10.1.1.1 |
|
099_Debug
- Cisco Discovery Protocol |
Display CDP packets as they arrive |
Switch#debug cdp packets |
|
099_Debug - Cisco Discovery Protocol |
Displays a list of CDP neighbours |
Switch#show cdp neighbors |
|
099_Debug
- Cisco Discovery Protocol |
Extended
information on the Above |
Switch#show cdp neighbors details |
|
099_Debug
- Interface |
Display the interface status |
Switch#show int fa0/1 |
|
099_Debug
- Interface |
Displays the vlan
status and the IP address VLAN 1 (often the management vlan) |
Switch#show
interfaces vlan 1 |
|
099_Debug
- VLAN |
Displays the spanning tree status on vlan 1 |
Switch#show
spanning-tree vlan 1 |
|
099_Debug
- VLAN |
Displays VTP info such
as VTP mode, VTP domain, VTP counter. |
Switch#sh vtp status |
|
099_Debug
- VLAN |
Lists all the configured vlans |
Switch#show vlan |
|
099_Debug
Controllers |
Displays the physical cable DTE/DCE, x.21, V.35, RS232 configuration |
Router#show
controllers s 0 |
|
099_Debug
EIGRP |
Shows
Successor and Feasable-Successor Routes |
Router#show ip eigrp neighbor |
|
099_Debug
EIGRP |
Same information as the above
OSPF commands but with EIGRP |
Router#show ip eigrp interface |
|
099_Debug
Frame Relay |
Displays the end-to-end status. Recall that
‘show interface’ does not |
Router#show
frame-relay pvc |
|
099_Debug
Frame-Relay |
Displays the frame relay inverse ARP table |
Router#show
frame-relay map |
|
099_Debug
Frame-Relay |
Displays the type of LMI and the number LMI frames |
Router#show
frame-relay lmi |
|
099_Debug
NAT |
Displays the NAT translations |
Router#show ip nat translations |
|
099_Debug
OSPF |
If adjacent routers don’t become neighbours. Then
use the command to check the local router interface is
configured correctly |
Router#show ip ospf interface |
|
099_Debug
OSPF |
To become
neighbours both the local and remote interface must be correctly configured. |
Router#show ip ospf neighbor |
|
099_Debug
Ping |
Display ping
packets as they Arrive |
Switch#debug icmp packets |
|
099_Debug
Route |
Display switch MAC Addresses table. These entries are learnt from the
source mac address in the Ethernet frames |
Switch#show mac address-table |
|
099_Debug
Route |
Displays all the configured routing
protocols |
Router#show ip protocols |
|
099_Debug
Route |
Displays the IP routeing table |
Router#show ip route |
|
099
Debug Serial Interfaces |
Display
information about serial interfaces |
Show
interfaces Show
interfaces serial Show
interface serial 0/0/0 Debug
ppp { packet | negotiation | error | authentification | compression | cbcp
} |
Credits
|
Good Cheat Sheet |
http://www.ncat.co.uk/net_lib/ncat%20ccna%20cheat%20sheet.pdf |
|
PDF
Unlock |
|
|
PDF
to Word |
|
|
Variable
Subnet Tool |
|
|
Great
Simple Subnet Tool |
Definitions
|
Category |
Term |
Definition |
|
|
WAN
Link |
T1 |
Digital WAN Carrier Facility. Transmits
DS-1-formatted data at 1.544 Mbps through the telephone-switching network,
using AMI or B8ZScoding. |
Digital Lines, such as T1 or T3
carrier lines require a Channel Service Unit (CSU) And a Data Service Unit (DSU) The two are often combined in a
single box (CSU/DSU) |
|
WAN
Link |
T3 |
Digital WAN Carrier
Facility. Transmits DS3-formatted data at 44.763 Mbps through the telephone
switching network. |
|
|
WAN
Equipment |
DTE |
Data Terminal
Equipment |
|
|
WAN
Equipment |
DCE |
Data Circuit
Terminating Equipment WAN provider side
of the communication link |
|
|
WAN
Protocol |
PPP |
Point-To-Point
Protocol Serial WAN switched
connection |
|
|
WAN
Protocol |
HDLC |
High Level Data
Link Control (Cisco default) |
|
|
WAN
Protocol |
LAPF |
Link Access
Procedure Frame (Frame Relay |
|
|
WAN
Protocol |
LAPD |
Link Access
Procedure D Channel (ISDN D Channel) - less used today ISDN: Integrated
Service Digital Network |
|
|
WAN
Protocol |
LAPB |
Link Access
Procedure Balanced (X.25) - less used today |
|
|
WAN
Link |
PVC |
Private Virtual
Circuit |
|
|
WAN
Link |
SVC |
Switched Virtual
Circuit |
|
|
WAN
Link |
Frame
Relay |
Layer 2, permanent,
shared, medium-bandwidth connectivity using Virtual Circuits - Can carry both
data and voice - Data Link Layer Protocol - No error or flow
control - Rates up to 4Mbps - Bi-Directional
Communication - Circuit
Identifiers are known as - Data Link Connection
Identifiers (DLCI) |
|
|
WAN
Link |
ATM |
Asynchronous
Transfer Mode, well suited for both data and voice - Cell-based
architecture (as opposed to frame-based) - Cells contain 53
bytes - ATM Header = 5
bytes - Less efficient than
bigger frames, but good for carrying low-latency info - e.g. voice - Rates up to
622Mbps or higher |
|
Circuit Choices
|
Option |
Description |
Advantages |
Disadvantages |
Sample Link Types |
|
Leased
Line |
Point-to-Point
connection between two LAN's |
Most
Secure |
Expensive |
PPP HDLC SDLC HNAS |
|
Circuit
Switching |
Dedicated
circuit path created between endpoints. Best example: Dialup. |
Less
Expensive |
Long
call setup |
PPP ISDN |
|
Packet
Switching |
Device
transport packets via a shared single point-to-point or point-to-multipoint
link across a carrier network. Variable-length
packets are transmitted over permanent virtual Circuits (PVC's) or Switched
Virtual Circuits (SVC's) |
Widely
supported and less expensive than leased line |
Shared
media across link |
X.25 Frame
Relay |
|
Cell
Relay |
Similar
to Packet Switching but uses fixed-length cells instead of variable-length
packets. Data is divided into fixed-length cells and then transported across
virtual circuits. |
Best
for simulated use of voice and data |
Overhead
can be considerable (20%+) |
ATM |
|
Internet |
Connectionless
packet switching using the Internet as the WAN infrastructure, uses network
addressing to deliver packets. Because of security, VPN technology must be
used. |
Least
expensive Widely
Available |
Least
secure |
VPN DSL Cable
Modem Wireless |
Three Layers of the
Architecture Network Model
|
Model |
Description |
|
Access Layer |
User-level access to
the network |
|
Distribution Layer |
Aggregates wiring
closets, using switches to segment workgroups and isolate network problems. |
|
Core Layer (Backbone) |
High-speed backbone
designed to switch packets as fast as possible |
5 Modules of Cisco
Enterprise Architecture
|
Module |
Description |
|
Enterprise Campus Architecture |
Building or group of
buildings connected to ONE NETWORK |
|
Enterprise Branch Architecture |
Enables extending
applications and services found at the Campus to remote locations |
|
Enterprise Data Center
Architecture |
Centrally house data
and resources necessary for the enterprise functions |
|
Enterprise Teleworker
Architecture |
Allow teleworkers
into the enterprise, typically via remote access VPN's |
|
Enterprise Edge Architecture |
Liaison between
Campus module and other modules in the Enterprise Architecture |
Back to Tylogix Networking page