Friday, 28 October 2011

CCNA


CCNA (Cisco Certified Network Associate)


What is a network?
  • A Collection of devices that can communicate together
  • The Fabric that ties business applications together

Function of a Network
Pieces of a Network
Applications that use Network
Network Designs

Understanding the Pieces of the Network
Ethernet Cable
PC---Network Interface Card
Router---WAN + Internet
WAN + Internet --- service Provider
Switch—Router
Switch--- Server

Applications that use the Network
Web Browser and FTP
Database Application
Instant Messenger
Email
Online Games

Considerations for Network Applications
Delay
Availability
Speed & Size
Bit
Byte
KiloByte
MegaByte
GigaByte
TerraByte

Network Designs
Bus
Star
Ring
Mytyhical OSI Model

Top
Application
Presentation
Session
Bottom
Transport
Network
Data Link
Physical
-Interfaces with the Application
-Provides Network access to Applications.
-Generi-Fies the data (understand by applications)
-Encryption Services
-Starts and Ends Sessions
-Logically keeps sessions seperate          
-Dictates how the Data is sent (Reliable, Unreliable)
-Defines well-known Services (ports)
-Provides Logical addressing
-Finds best path to a destination
-Provides Physical addressing
-Ensures Data is error-free
-Provides access to the cable
-Electrical signals, ones and zeros

All People Seen/m To Need Data Processing
Please Do Not Throw Sochay Pizza Away               
Helps Breakdown Network Functions (Access/permissions Internet, Servers, Applications)
Creates standards for equipment manufacturing
Allows vendors to focus in specialized areas of the Network

OSI Model in Real World
ftp ftp.cisco.com
Netstat







OSI vs TCP/IP

OSI
TCP/IP
TCP/IP Protocol Suite
Application
Application
Telnet
FTP
SMTP
DNS
RIP
SNMP
Presentation
Session
Transport
Host to Host Transport Layer
TCP
UDP
Network
Internet
ARP
IP
IGMP
ICMP
Data Link
Network Access
(Network Interface Layer)
Ethernet
Token Ring
Frame Relay
ATM
Physical























IP Address Format
4 Numbers, each number from 0-255, 32bits in length alongwith subnet mask and gateway.
Understanding two address concepts (IP & MAC)
Need of MAC address
ARP- A broadcast message every PC sends onto the network in order to know the destination if exists onto the same network.
Such Local broadcasting (ARP) from one PC to another is always occurred by means of MAC address.
 Need of IP address
Need for Transferring of data from one network to another.
Router prohabits local ARP broadcast from one pc to another.
Therefore ARP broadcast always restricts by a router to go outside.
Local PC broadcast ARP for default gateway which it knows well

Source IP-----------------Fixed
Destination IP-----------Fixed
Source MAC-------------Vary
Destination MAC-------vary

Default Address Classes

Class A – X.X.X.X 255.0.0.0 – Range 1-126 –16,777,214 Hosts
Class B – X.X.X.X 255.255.0.0 – Range 128-191 – 65,536 Hosts
Class C – X.X.X.X 255.255.255.0 – Range 192-223 – 254 Hosts

Public vs Private Addresses

Public—Usable on the internet and the internal Networks

Private—Usable only on internal networks
Three ranges:
Class A – 10.0.0.0 – 10.255.255.255
Class B – 172.16.0.0 – 172.31.255.255
Class C – 192.168.0.0 – 192.168.255.255

Lookback range used for testing: 127.x.x.x
Auto-Configuration range: 169.254.x.x

Differentiate between TCP and UDP

TCP
UDP
Builds Connections
Connectionless
Uses Sequence Numbers
Best-Effort Delivery
Reliable (Uses Acks)
Unreliable

TCP—Three-Way Handshake--SYN-SYSACK-ACK
TCP Windowing

Port Numbers
Port Number+IP=Socket/session
www.iana.org/assignments/port-numbers
0-1023 is considered as well –known ports.

Febric of Networks: Ethernet

1973
Xerox invents Ethernet (3MBPS)
1982
Ethernet Standardized between vendors (10MBPS)
1995
Fast Ethernet emerges (100MBPS)
2000
Gigabit Ethernet emerges (1000MBPS)
2002
10 Ethernet emerges (10000MBPS)
2007
100 Ethernet emerges (100000MBPS)
Average user uses 5% of the bandwidth out of 100MBPS.
Ethernet lies in between Data Link and Physical Layer.
@ Data Link Layer ethernet again devides into 2 layers.
  • Logical Link Layer (LLC)
  • Media Access Control (MAC)
  •  
Carrier Sense, Multiple Access / Collision Detection

CSMA/CD is a set of rules governing how you talk on an ethernet network
-Carrier: The network signal
-Sense: The ability to detect
-Multiple Access: All devices have equal access
-Colliision: What happens if two devices send at once
-Detection: How the computers handle collisions when they happen

CSMA/CA
Used by Token Ring

Methods of Communicating
Unicast
Multicasting
Broadcasting

MAC Addresses
Consists of 12 hexa characters
6 hexa characters are for Organizational Unique Identifier (OUI)
6 hexa characters are for Vender Assigned
www.coffer.com/mac_find

Underdtanding Ethernet Cable
  • Category 5/5e unshielded twisted pair (UTP)
Max Distance: 100 meters
Connection: RJ-45
  • Multi-Mode Fiber
Max Distance: 275 meters to a few miles
Connection: Varies
  • Single-Mode Fiber
Max Distance: /Mile to many miles
Connection: Varies




Cabling Standards
-T568A + T568A =Straight Thru
 (Greenwhitegreen-Orangewhiteblue-bluewhiteorange-brownwhitebrown)
-T568B + T568B =Straight Thru
 (Orangewhiteorange-Greenwhiteblue-Bluewhitegreen-brownwhitebrown)
-T568A + T568B =Crossover
-T568B is by far is the most famous standard.
-Unlike devices use Straight-Thru
-Like devices use Crossover

Collision/ Broadcast Domain
-Collision Domain-How many devices (ports) can send/receive @ the same time
-Broadcast Domain-How far a broadcast travels til it stops
-Hub is a shared CSMA/CD
-When collision occurs, one of the devices (port) which detects the signal will send out the signal known as JAM.
-JAM broadcasts information about collision detection to all devices and stops all network communication because data needs to be resent.

Device
Collision Domain
Broadcast Domain
HUB
1
1
Switch
4
1
Router
4
4

-Bridges are slow in learning MAC addresses, software based.
-Switches Hardware based known as ASIC, full duplex communication,
-Hub @ physical
-Switch @ Data Link
-Router @ Network
-Switch maintains a CAM (content addressable memory) table

Cisco IOS
-The Internetwork Operating System
-A command line method of configuring a cisco device
-Software that is consistant through nearly all cisco devices
-Learn it once, use it many times
-More powerful than any graphical interface

Connecting to the cisco switch
  1. Get a console cable
  2. Plug the serial end into the back of the PC
  3. Plug the RJ-45 end into console port on switch
  4. Get a terminal program
-Hyerterm
-Tera term
-Minicom
-SecureCRT
  1. Set to connect via COM port with:
-Baud rate: 9600
-Data Bits: 8
Parity: None
-Stop Bits: 1
-Flow control: None

Understanding IOS command modes
User Mode (user exec)>
Privileged Mode (Privilege exec) #
Globle Configuration Mode (Config) #
 
Device Nevigation

<Ctrl-A>
Move cursor to beginning of line
<Ctrl-B>
Move cursor back one character
<Ctrl-D>
Delete the character the cursor is on
<Ctrl-H>
Same as backspace,i.e, delete the character before the cursor
<Ctrl-K>
Delete characters to end of line. The characters are held in a buffer and can be recalled for later insertion in a command line.
<Ctrl-U>
Delete to end of line, the characters go to a buffer
<Ctrl-V>
Used to insert control characters in the command line. It tells the user interface to treat the next character literally, rather than as an editor command.
<Ctrl-W>
Delete the previous word
<Ctrl-Y>
Paste the character from the buffer
Esc <
Show the firt line from the history buffer
Esc >
Show the last  line from the history buffer
Esc b
Move cursor back one word
Esc d
Delete the word in front of the cursor
Esc f
Move the cursor forward one word
Esc Del
Delete the word before the cursor



Initial setup of a cisco switch
Understanding the physical indicators
-SYSTEM- system state
-RPS-redundant power supply
-STAT-statistics of port, default
-UTIL-utilization,if 10% then 2 ports if 20% then may be 3 or 4 ports are on….. And so on for more %age
-DUPLEX-ports set as full duplex blink & ports set as half won’t blink
-SPEED-ports blink if 100 speed & won’t blink if speed 10

Performing an initial switch configuration
Vlan 1- A febric, ports assign to that febric are supposed to be a member of it
Int Vlan 1- A virtual interface which can be assigned an IP, in order to get accessed by members of the Vlan 1 febric.

Configuring switch security
Cisco password cracker- if encryption level is 7 then one can easily break the password.
Wireshark Network Analyzer- Packet sniffer

SSH steps
  1. Username and password
  2. Domain name (in order to develop certificate it is required)
  3. Generate the keys
  4. Version of ssh (ip ssh version 2)
  5. Transport input ssh
-Tera Term web 3.1 (SSH program)
-Terminal monitor command in global mode will log messages when there is an activity on ports

MAC Security
Interface
Switchport mode access
Switchport port-security maximum
Switchport port-security violation
Switchport port-security mac-address
-show port-security int

Configuring speed and duplex
-Defualt-Auto
Interface
Duplex
Speed

Optimizing the Device
  1. Logging synchronous – now a command can be written without interruption of console messages
  2. Exec-timeout 30 0 (min sec)
  3. No exec-timeout (unlimited connectivity)
-Default idle time is 300 seconds to kick off from the device
  1. No ip doamin-lookup
  2. Alias exec s show ip interface brief (alias –mode-alias to be-actual command)

STP
-Switches forward broadcast packets out all ports by design
-Reducdant connections are necessary in business networks
-The place of ST: Drop trees on redundant links (until they are needed)

Troubleshooting using show commands
Show ip interface brief
Show interface
Show run

Types of Wireless Networks
Personal Area Network (PAN)
Locall Area Network (LAN)
Metropolitan Area Network (MAN)
Wide Area Network (WAN)
Wireless LAN Facts
-A wireless Access Point (WAP) communicates like a HUB
                Shared Signal
                Half Duplex
-Uses unlicensed bands of radio frequency (RF)
-Wireless is a Physical and Data Link standard
-Uses CSMA/CA instead of CSMA/CD
-Facts connectivity issues because of interference

Unlicensed Frequencies
900MHZ Range: 900 - 928
2.4GHZ Range: 2.400 -2.483
5GHZ Range: 5.150 – 5.350
-The lower the frequency the further the bandwidth for lower band

RF
-RF waves are absorbed (passing through walls) or reflected (by metal)
-Higher Data rates have shorter ranges
-Higher frequencies of RF have higher data rates
-Higher frequencies of RF have shorter ranges
*Check out cisco’s wireless explorer game

802.11 Lineup
 802.11B
-Official as of September 1999
-Frequency 2.4GHZ
-Up to 11 MBPS (1, 2, 5.5, 11 Data rates)
-Most popular standard
-3 clean channels
802.11G
-Official as of June 2003
-Frequency 2.4GHZ
-Backards compatible with 802.11B
-Up to 54 MBPS (12 Data rates)
-3 clean channels
802.11A
-Official as of September 1999
-Frequency 5.8GHZ
-Up to 54 MBPS
-Not compatible with 802.11B/G
-12 to 23 clean channels
802.11N
-Up to 100 MbPS
-MIMO (multiple input multiple output)

The Power over the Wireless World
(ITU-R)- International Telecommunicaiton Union-Radiocommunication Sector: Regulates the radio frequencies used for wireless transmission
IEEE- Institute of Electrical and Electronic Engineers: Maintains the 802.11 wireless transmission standards
Wi-Fi Alliance- Ensures certified Interoperatibility between 802.11 wireless vendors

Wireless Dangers

Wireless Security
Authentication
Encryption
Intrusion Prevention System

Encryption and Authentication Combinations
Orininally: Pre-shared key WEP (weak)
Evolution#1: Pre-shared key WPA1 (interm solution used TKIP encryption)
Evolution#2: WPA1 and 802.1x authentication
Evolution#3: WPA2 (802.11I) and 802.1x authentication

Understanding the SSID
-The service set indentifier (SSID) uniquely identifies and seperates wireless networks
-When a wireless client is enabled:
  1. Client issues a probe
  2. Access Point (s) respond with a beacon
  3. Client associates with chosen SSID
  4. Access Point adds client MAC to Association table

Correct Design of a WLAN
-RF service areas should have 10-15% overlap
-Repeaters should have 50% overlap
-Bordering access points should use different channels

Setting up a Wireless Network
  1. Pre-test switch port with Laptop (DHCP, DNS ,etc)
  2. Connect WAP
  3. Set up and test SSID with no security
  4. Add and test security (Pre-shared key)
  5. Add and test authenticaiton (802.1x)

Reviewing IP Basics
Ipv4 Address:
-Four octet (byte) address
-Can be one of three different classes
-When combined with a subnet mask, defines a network and host portion
-Operates at layer 3 of the OSI Model

Network Scenario # 1 (216.21.5.0 255.255.255.0) need 5 networks
Network Requirements
1-Determine Number of Networks and convert to binary
                5 = 00000101 (3 BITS)
2-Reserve Bits in subnet mask and find your increment
                255.255.255.0 = 11111111.11111111.11111111.00000000
                                                                                                              11100000
                                                                                                             -------------
                                            =     255      .    255          .    255       .     224                                       
3-Use increment to find your network ranges
216.21.5.0   ----216.21.5.31
                216.21.5.32 ----216.21.5.63
216.21.5.64 ----216.21.5.95
216.21.5.96 ----
Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 2 (195.5.20.0 255.255.255.0) need 50 networks
Network Requirements
1-Determine Number of Networks and convert to binary
                50 = 00110010 (6 BITS)
2-Reserve Bits in subnet mask and find your increment
                255.255.255.0 = 11111111.11111111.11111111.00000000
                                                                                                              11111100
                                                                                                             -------------
                                            =     255      .    255          .    255       .     252                                       
3-Use increment to find your network ranges
195.5.20.0----195.5.20.3
                195.5.20.4----195.5.20.7
195.5.20.8----195.5.20.11
195.5.20.12----195.5.20.15
195.5.20.16----195.5.20.19
195.5.20.20----
Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 3 (150.5.0.0 255.255.0.0) need 100 networks
Network Requirements
1-Determine Number of Networks and convert to binary
                100 = 01100100 (7 BITS)
2-Reserve Bits in subnet mask and find your increment
                255.255.0.0 = 11111111.11111111.00000000.00000000
                                                                                         11111110
                                                                                        -------------
                                            =     255      .    255          .    254       .     0                                            
3-Use increment to find your network ranges
150.5.0.0----150.5.1.255
                150.5.2.0----150.5.3.255
150.5.4.0----150.5.5.255
150.5.6.0----150.5.7.255
150.5.8.0------

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 4 (10.0.0.0 255.0.0.0) need 500 networks
Network Requirements
1-Determine Number of Networks and convert to binary
                500 = 111111111 (9 BITS)
2-Reserve Bits in subnet mask and find your increment
                255.0.0.0 = 11111111.00000000.00000000.00000000
                                                           11111111.10000000
                                                           ------------------------
                                   =     255      .    255       .    128       .     0                                        
3-Use increment to find your network ranges
10.0.0.0----10.0.127.255
                10.0.128.0----10.0.255.255
10.1.0.0----10.1.127.255
10.1.128.0----10.1.255.255
10.2.0.0----

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Practice

1-(C) 200.1.1.0, 40 Networks
2-(C) 199.9.10.0, 14 Networks
3-(B) 170.50.0.0, 1000 Networks
4-(A) 12.0.0.0, 25 Networks



Network Scenario # 1 (216.21.5.0 255.255.255.0) need 30 Hosts
Network Requirements
1-Determine Number of Hosts and convert to binary
                30 = 00011110 (5 BITS)
2-Reserve Bits in subnet mask and find your increment
                255.255.255.0 = 11111111.11111111.11111111.00000000
                                                                                                              11100000
                                                                                                             -------------
                                            =     255      .    255          .    255       .     224                                       
3-Use increment to find your network ranges
216.21.5.0   ----216.21.5.31
                216.21.5.32 ----216.21.5.63
216.21.5.64 ----216.21.5.95
216.21.5.96 ----
Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 2 (195.5.20.0 255.255.255.0) need 50 Hosts
Network Requirements
1-Determine Number of Hosts and convert to binary
                50 = 00110010 (6 BITS)
2-Reserve Bits in subnet mask and find your increment
                255.255.255.0 = 11111111.11111111.00000000.00000000
                                                                                                              110000000
                                                                                                             -------------
                                            =     255      .    255          .    255       .     192                                       
3-Use increment to find your network ranges
195.5.20.0----195.5.20.63
                195.5.20.64----195.5.20.127
195.5.20.128----195.5.20.191
195.5.20.192----195.5.20.255
Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)
Network Scenario # 3 (150.5.0.0 255.255.0.0) need 500 Hosts
Network Requirements
1-Determine Number of Hosts and convert to binary
                500 = 111111111 (9 BITS)
2-Reserve Bits in subnet mask and find your increment
                255.255.0.0 = 11111111.11111111.00000000.00000000
                                                                                     11111110
                                                                                    -------------
                                            =     255      .    255          .    254       .     0                                            
3-Use increment to find your network ranges
150.5.0.0----150.5.1.255
                150.5.2.0----150.5.3.255
150.5.4.0----150.5.5.255
150.5.6.0----150.5.7.255
150.5.8.0------

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 4 (10.0.0.0 255.0.0.0) need 100 Hosts
Network Requirements
1-Determine Number of Hosts and convert to binary
                100 = 01100100 (7 BITS)
2-Reserve Bits in subnet mask and find your increment
                255.0.0.0 = 11111111.00000000.00000000.00000000
                                                           11111111.11111111.10000000
                                                           ------------------------------------
                                   =     255      .    255       .     255       .     128                                  
3-Use increment to find your network ranges
10.0.0.0----10.0.0.127
                10.0.0.128----10.0.0.255
10.0.1.0----10.0.127.255
10.0.1.128----10.0.1.255
10.0.2.0----10.0.127.255
10.0.2.128----10.0.2.255

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Practice

1-(C) 200.1.1.0, 40 Hosts
2-(C) 199.9.10.0, 12 Hosts
3-(B) 170.50.0.0, 1000 Hosts
4-(A) 12.0.0.0, 100 Hosts
Initial Router Configuration

Understanding Physical Indicators
                Console
                Auxiliary
                Fast Etnernet
                WIC
                T1

Router Boot & Initial Configuration
#banner motd @
It’s a secure router
@

# logging synchronous

#line con 0

#Exec-timeout 30 0

#show ip interface brief

#interface range 0 - 3

SDM and DHCP server Configuration

-Security Device Manager
-A graphic user interface (GUI) that you can use to configure and manage your router
-Web – based
-Works on all mainline Cisco router
-Designed to allow IOS configuration without extensive

Configuring router to support SDM

  1. Generate encryption keys (used in SSH and HTTPS)
#ip domain-name phq.com
#crypto key generate rsa general keys
  1. Turn on the HTTP/HTTPS servers for router
#ip http server
#ip http secure-server
  1. Create a Privilege level 15 user account
#username Jeremy privilege 15 secret/password Cisco
  1. Configure VTY ports and HTTP access for privilege level 15 and to use the local user database
# ip http authentication local (for http access)
#line vty 0 4
#login local
  1. Install java on PC and access the router using a web browser

Understanding DHCP

                -DHCP allows you to give devices IP addresses without manual configuration
                -Typically given for a limited time
                -Can be “manually allocated” for key network devices
                -DHCP servers can be server-based or router-based

DHCP Process

                ---------------------Client---------------------àDHCP Discover (Broadcast)
                ß------------------Server-----------------------DHCP Offer (Unicast)
                ---------------------Client---------------------àDHCP Request (Unicast)
                ß------------------Server-----------------------DHCP ACK (Unicast)

Using SDM to configure a DHCP Server
DHCP Pools> Add >





Note: BY bringing the router as DHCP server now the clients automatically get the IP addresses. Hence therefore no need of windows DHCP server
DHCP Pool Status
SDM >Additional tasks > DHCP Pools > DHCP Pool Status
# show IP DHCP Binding
 

Implementing Static Routing

Ip route <Destination Network-Mask> <next hop>
Default Route: Ip route <.0.0.0.0 0.0.0.0> <next hop>
Ip name-server (DNS ip (of service provider)) use in order to let router to resolve name addresses into ip addresses (ex: google.com)
Static routing knows only one thing that is how they are directly connected to.



Implementing Dynamic Routing with RIP

Types of Routing Protocols
-Distance vector
  • Easy to configure            
  • Not many features
  • RIP,IGRP
-Link State
  • Difficult to configure
  • Feature-Riffic
  • OSPF, IS-IS
-Hybrid
  • “The best of both worlds”
  • Proprietary
  • EIGRP

Understanding RIP
 -Algorithm first developed in 1969
-Comes in two versions: RIPv1 and RIPv2
RIPv1:
  • Classsful (advertise network but not subnet mask) version (Doesn’t supports VLSM)
  • No Authentication
  • Uses Broadcast (30 seconds)
RIPv2:
  • Classless version (supports VLSM)
  • Adds Authentication
  • Uses Multicast
Configuring RIP
  • Turn on RIP (Global Configuration),#router rip
  • Change version #version 2
  • Enter network statements (does 2 things—1) tells rip what networks to advertise and – 2) tells rip what interfaces to send advertise on)
#network (ex.192.168.1.0)
-no auto-summary: It keep rip for auto summarization of classful network

Internet Access with NAT and PAT
Understanding Need for NAT
  • NAT allows multiple devices to share an internet IP address
How NAT works
                Inside Address ---- Outside Address
                Static NAT----- One to One
                PAT-----One to many
Configuring NAT using SDM


WAN Connectivity


Styles of WAN Connections
Leased Lines: Dedicated bandwidth between locations
  • T1 CAS (channel-Associated Signaling)
  • E1 CAS
Circuit Switched: On-demand bandwidth between locations
  • Dial-up modems
  • ISDN
Packet switched: Shared, but guaranteed, bandwidth between locations
  • Frame Relay
  • ATM
Configuring Leased Line Connections
L2 Protocols: HDLC (Cisco) and PPP (Open)
Serial Cross-over cable (DCE-DTE)
#Show controllers
#clock rate

Management and Security (Telnet, SSH and CDP)

-<ctrl, shift, 6 > then X—suspend telnet/ssh session
-Resume number--(discard the suspend session and rejoin the session, where number indicates particular device that a session is built). Also only number can be also with no resume to write
-show sessions—shows open sessions from your router

-show users—show open sessions to your router
-Disconnect—kills one of your open telnet sessions (Disconnect number where number indicates a session that is supposed to be closed)
-Clear Line <X>-- kills an open telnet session to you (where x is a line number or connection through which a remote user is connected to you router and that is supposed to be cleared onto your router)
Note: show line command shows how many lines the router has for VTY

Understanding The Cisco Discovery Protocol

-Allows seeing directly connected Cisco devices
-Useful for building accurate network diagrams
-Show cdp neighbors—show directly connected
Show cdp neighbors details
-show cdp entry (device name)—show detail about neighbor device
-No cdp enable (interfaces)
-No cdp run (Device)

Management and Security (File Management)
Understanding the copy command
-Allows you to move files between components
-Primary Components
                RAM
                NVRAM
                FLASH
                TFTP
#boot system tftp://192.168.1.50/c2801- adventerprisek9-mz………………………….bin

Rebuilding the small office network (SWITCH)
  1. Beginning: Wipe out configs
#write erase (nvram)
#erase startup-config
  1. Security: Passwords and Banner
#enable password ()
#enable secret ()
#line vty 0 4/console 0
#password ()
#login
#banner motd )
+++++++++++++++++++++++++++++
Do not log on
+++++++++++++++++++++++++++++
)
  1. Cosmetics: Name, Work Environment
#hostname ()
#line con 0/vty 0 4
#logging synchronous
#line con 0
#no exec-timeout or exec-timeout 0 0 (default 300 sec)
#no ip domain-lookup
  1. Management: IP Address and Gateway
#int vlan 1
#ip address 192.168.1.10 255.255.255.0
#no shut
#ip default-gateway 192.168.1.1
  1. Interfaces: Speed, Duplex, Descriptions
#int fa0/1
#duplex full
#speed 100
#description
#show int description
  1. Verify and Backup: CDP, TFTP, show Interfaces

#show cdp neighbors
# show cdp neighbors detail
#show interfaces

Rebuilding the small office network (ROUTER)
  1. Beginning: Wipe out configs
#write erase (nvram)
#erase startup-config
  1. Security: Passwords and Banner
#enable password ()
#enable secret ()
#line vty 0 4/console 0 /aux 0
#password ()
#login
#banner motd )
+++++++++++++++++++++++++++++
Do not log on
+++++++++++++++++++++++++++++
)
#service password-encryption
  1. Cosmetics: Name, Work Environment
#hostname ()
#line con 0/vty 0 4
#logging synchronous
#line con 0
#no exec-timeout or exec-timeout 0 0 (default 300 sec)
#no ip domain-lookup
  1. Interfaces: Identify,IP, Speed, Duplex, Descriptions
#alias exec s show ip int brief
#int Ethernet 0/0
#ip address 192.168.1.10 255.255.255.0
#no shut
#duplex full
#show int description ()
  1. Routing: Default (Internet), RIP (Internal)
#router rip
#version 2
#network 192.168.1.1 (to advertise that network)
#ip route 0.0.0.0 0.0.0.0 68.110.171.97 (isp address)(internet)
Note : redistribute static command will forward/advertise the static route address to all routers in rip
#router rip
#redistribute static
  1. Verify and Backup: CDP, TFTP, show ip route/ Interfaces
#show cdp neighbors
# show cdp neighbors detail
#show interfaces
#copy running-config tftp://192.168.1.50/r3-confg.txt

Understanding VLANs
VLAN Foundations
  • Logically groups users
  • Segments Broadcast Domains
  • Subnet Correlation
  • Access Control
  • Quality of service
The Normal Switching World
  • One  collision Domain per port
  • Broadcasts sent to all ports
  • One subnet per LAN
  • Very Limited access Control
The Flexibility of VLANs
  • Segmentation of users without routers
  • No longer limited to physical location
  • Tighter control of broadcasts

Understanding Trunks and VTP

The Trunk Language- 802.1Q
What is Trunking?
  • Trunking (AKA Tagging)passes multi-VLAN information between switches
  • Places VLAN information into each frame
  • Layer 2 Feature
Note: Native VLAN is always untagged
VOMIT- (Voice over Misconfigured IP telephony) a hacking program used to hack IP telephones.
VTP (VLAN Trunking Protocol)or can say it VRP (VLAN Replication Protocol)
  • 0/1-4096 VLAN numbers
VTP Modes
SERVER (Default)
  • Power to change VLAN information
  • Sends and Receives VTP updates
  • Saves VLAN configuration
CLIENT
  • Can’t change VLAN Information
  • Sends and Receives VTP updates
  • Doesn’t Save VLAN configuration
TRANSPARENT
  • Power to change VLAN Information
  • Forwards (Passes Through) VTP updates
  • Doesn’t listen to VTP advertisements
  • Saves VLAN configuration
VLAN PRUNING
  • Keeps unnecessary broadcast traffic from crossing trunk links
  • Only works on VTP servers

Configuring VLANs and VTP
S2#int vlan 1
S2# ip address 192.168.1.11 255.255.255.0
S2# no shut
S3#int vlan 1
S3# ip address 192.168.1.12 255.255.255.0
S3# no shut

Step 1: Configure Trunks
S1(3550)#int fa 0/11
S1#switchport trunk encapsulation dot1q
S1#switchport mode trunk
S1#int fa 0/12
S1#switchport trunk encapsulation dot1q
S1#switchport mode trunk
 S1# int range fa 0/1 – 10
S1#switchport mode access
S1# int range fa 0/13 – 23
S1#switchport mode access

S2(2950)#int fa 0/1
S2#switchport trunk
S2#int range fa 0/2 – 24
S2#switchport mode access

S3(2950)#int fa 0/1
S3#switchport trunk
S3#int range fa 0/2 – 24
S3#switchport mode access

-#sh int trunk
-#sh int fa 0/1 switchport
-#sh run int fa 0/1


Step 2: Configure VTP
#Show VTP status
  • Domain Name
  • Password
  • Mode

S1# vtp domain Nuggetworld (case sensitive & auto replicated to other switches)
S1# vtp password cisco
S1# vtp mode (Default, i.e. server)

S2# vtp mode client

S3# vtp mode client
 Step 3: Configure VLANs
S1# vlan 10
S1# name sales
S1# vlan 20
S1# name marketing
S1# vlan 30
S1# name engineering

Step 4: Assigns ports to VLANs
S3# int fa 0/8
S3# switchport access vlan 10

S2# int fa 0/8
S2# switchport access vlan 10
Or for routing
S2# switchport access vlan 20

Three methods to route between VLANs
S1# int vlan 20
S1# ip address 192.168.20.1 255.255.255.0
S1# ip routing

Router-on-a-stick works
  • Router physical interface divided into subinterfaces
  • Switchport connecting to router set up as a trunk
  • Router’s subinterfaces assigned specific VLAN Tag
R2#
R2#int fa 0/0.20
R2#encapsulation dot1Q 20
R2#ip address 192.168.20.1 255.255.255.0
R2#int fa 0/0.10
R2#encapsulation dot1Q 10
R2#ip address 192.168.10.1 255.255.255.0

Note: on Ethernet, max packet 1500 bytes, baby giant 1504 (tagging)

S3# int fa0/4
S3#switchport mode trunk

R1# ip route 192.168.20.0 255.255.255.0 192.168.1.2

Understanding STP
An Ideal Design: Switch layers
  • Core-Backbone of the Network
  • Distribution- Major segments happen (modules, services, server form)
  • Access-Devices plug in to the Network
-Layered approach allows for easy, manageable growth.
-Etherchannel can provide more bandwidth on key links.
-Redundant connections eliminate a single point failure.
Redundancy
  • Switches forward broadcast packets out all ports by design
  • Redundant connections are necessary in business networks
  • The place of spanning tree: Drop trees on redundant links (until they are needed)
Facts about Spanning Tree
  • Original STP (802.1D) was created to prevent loops
  • Switches send “PROBES” into the network called “Bridge Protocol Data Units (BPDUs)” to discover loops
  • The BPDU Probes also help elect the core switch of network, called the ROOT Bridge
  • The simplistic view of STP: All switches find the best way to reach the Root Bridge then “Block” all redundant links
Understanding BPDUs and Elections
·         Three port types
-Root port: used to reach the root bridge
-Designated port: Forwarding port, one per link
-Blocking/Non-Designated port: where the tree fell
-Bridge ID = Priority.MAC Address
-Every switch has by default priority value = 32768
-Lowest priority/MAC is the best for switch to get elected as Root Bridge
How STP finds the best path
Step 1: Elect the Root
Step 2: Switches find lowest cost path to root
                Link Bandwidth                                 Cost
                        10Mbps                                        100
                      100Mbps                                       19
                          1Gps                                            4
                        10Gbps                                         2

Configuring basic STP
Configuring and Testing STP
S1# show Spanning-tree
S1#Spanning-tree vlan 1 root primary (this command forcefully decreases the priority value and bring that switch as a root bridge)
Or
S1#Spanning-tree vlan 1 root priority (this command manually decreases the priority value and bring that switch as a root bridge)

Enhancements to STP
Problems with STP
Problems and solutions
·         Problems with PCs: Modern PCs can boot faster than 30 seconds
 Solution: portfast
Switch(config-if)# spanning-tree portfast
·         Problems with uplink ports: 50 seconds of down time causes big problems
Solution: Rapid Spanning-Tree
Initial STP Enhancement: PVST+
·         Runs an instance of STP per-VLAN (by default runs on every switch)
·         Allows different Root Bridge per VLAN
Rapid STP
  • 802.1w
  • Proactive system
  • Redefined port roles
  • Many STP similarities
RSTP improves performance
-Root port: used to reach the root bridge
-Designated port: Forwarding port, one per link
-Alternate port: Discarding port, backup path to root
Configuring and Testing RSTP
S1#Spanning-tree mode rapid-pvst
S3#int fa 0/
S3#spanning-tree portfast
S2#int fa 0/
S2#spanning-tree portfast

Switching troubleshooting and security
Troubleshooting a switched network
  • Get familiar with the network
  • Absolute have an accurate network diagram
  • Work logically, from the bottom-up (OSI)



Common Troubleshooting Issues
Switch Security is Essential
-Most Security focus around the network perimeter
-Switch security checklist:
#logging buffer 64000
#show log
-kiwi syslog (software for pc onto which an output of router/switch log can be record/save)
#logging (ip address of kiwi syslog machine)
#spanning-tree bpduguard

Understanding basic VLSM
Understanding basic VLSM (variable length subnet mask)
-start with the largest subnet
Distance vector vs. Link state routing protocols
OSPF Concepts
OSPF configuration and troubleshooting
EIGRP concepts and configuration
Rules of the ACL
Configuring ACL
3 styles of NAT
Command-line NAT configuration
Concepts of VPN Technology
Implementing PPP Authentication
Understanding Frame Relay
Configuring Frame Relay
IPv6 basic concepts and addressing
IPv6 configuring, routing and interoperating















0 comments: