Ccna Quick Revision Notes

Quick Notes
Standard Access Lists
1 - 99 or 1300 - 1999 Standard Access List (Looks at the source IP) place close to destination
Stop the Accounting users from accessing the HR server attached to Lab B router but allow all other
users access to the LAN.
RouterB#config t
RouterB(config)#access-list 10 deny 192.168.10.128 0.0.0.31
RouterB(config)#access-list 10 permit any
RouterB(config)#interface Ethernet 0
RouterB(config-if)#ip access-group 10 out
192.168.10.129/27 = /24 +3 bits = 4th octet is the interesting octet 11100000 = 224,
Block size = 256 – 224 = 32
Net ID’s 0, 32, 64, 96,128, 160
Host 192.168.10.129 is in the 128 subnet
so subnet = 192.168.10.128
Wildcard is 0.0.0.31, one less than the block size in the interesting octet.
Extended Access Lists
100 - 199 or 2000 – 2699 Extended Access List place close to source
Stop telnet access to the networks attached to the E1 and E2 interfaces.
Rtr(config)#access-list 110 deny tcp any 172.16.48.0 0.0.15.255 eq 23

Rtr(config)#access-list 110 deny tcp any 172.16.192.0 0.0.63.255 eq 23
Rtr(config)#access-list 110 permit ip any any
Rtr(config)#interface Ethernet 1
Rtr(config-if)#ip access-group 110 out
Rtr(config-if)#interface Ethernet 2
Rtr(config-if)#ip access-group 110 out
172.16.50.173/20, Class B address /16, 3rd octet is the interesting octet /20 = 4 bits borrowed,
11110000 = 240
Block size = 256 - 240 = 16,
0, 16, 32, 48, 64
50 is in the 48 subnet = 172.16.48.0, wildcard mask is 1 less than block size = 0.0.15.255
Note we configure one access list containing both conditions and apply it to the two interfaces
rather than create one access list for each condition and place it on each interface.
Example
Prevent SMTP traffic originating from the WANs from travelling over link A to an SMTP server with
destination 192.168.115.20 by putting an outbound extended IP access list on the Serial 0 interface
of RouterX.
Source Destination
rtr(config)#access-list 105 deny TCP any host 192.168.115.20 eq SMTP
rtr(config)#access-list 105 permit IP any any
rtr(config)#interface serial 0
rtr(config-if)#ip access-group 105 out
Example
HTTP, Telnet, Simple Mail Transfer Protocol (SMTP), POP3, and FTP traffic are permitted, and the
rest of the traffic sourced from Network B destined to Network A is denied.
Permit TCP traffic with destination port values matching WWW (port 80), Telnet (port 23), SMTP
(port 25), POP3 (port 110), FTP (port 21), or FTP data (port 20).
rtr(config)#access-list 102 permit tcp any any eq www

rtr(config)#access-list 102 permit tcp any any eq telnet
rtr(config)#access-list 102 permit tcp any any eq smtp
rtr(config)#access-list 102 permit tcp any any pop3
rtr(config)#access-list 102 permit tcp any any eq 21
rtr(config)#access-list 102 permit tcp any any eq 20
rtr(config)#interface ethernet0
rtr(config-if)#ip access-group 102 in
Notice an implicit deny all clause at the end of an ACL denies all other traffic, which does not
match the permit clauses.
Allow Access to a Range of Contiguous IP Addresses
Allow all hosts in Network B with the network address 192.168.10.0/24 to access network
192.168.200.0/24 in Network A.
#access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.200.0 0.0.0.255

(source) (destination)
#interface ethernet0
#ip access-group 101 in
This allows packets with a source address in the network 192.168.10.0/24 and a destination in the
network 192.168.200.0/24 access to Network A. There is the implicit deny all clause at the end of
the ACL which denies all other traffic through E0 inbound on R1.
Viewing ACLs
Router(config)#show access-lists (shows all access lists)

Router(config)#show access-list 101 (shows access list 101)
Router(config)#show ip interface (shows the access lists on the interface)
Removal of ACLs
Router(config)#no access-list 1
Named Access Lists
Note we type ip access-list, not access-list. This allows us to enter a named access list.
Configure an extended access list name it secure_LAN to allow pings from loopback 0 Router B to
loopback 0 Router A and also an access list to allow anyone to telnet into loopback 1 on Router A
only.
RouterA>enable
RouterA#config t
RouterA(config)#ip access-list extended secure_LAN
RouterA(config-ext-nacl)#permit icmp host 172.30.1.1 host 172.16.1.1
(source) (destination)
RouterA(config-ext-nacl)#permit tcp any host 172.20.1.1 eq telnet
RouterA(config-ext-nacl)#exit source destination
RouterA(config)#int s0
RouterA(config-if)#ip access-group secure_LAN in
RouterA(config-if)#exit
RouterA(config)#exit
Confirm with the show ip access-lists command
RouterA#show ip access-lists
Extended ip access list secure_LAN
Permit icmp host 172.30.1.1 host 172.16.1.1
Permit tcp any host 172.20.1.1 eq telnet
Static NAT
Define Inside Local and Inside Global Addresses
Router(config)#ip nat inside source static 10.0.0.3 179.2.2.80

Inside local outside global
Router(config)#interface ethernet0
Router(config-if)#ip nat inside
Router(config)#interface serial0
Router(config-if)#ip nat outside
inside local outside global
(config)#ip nat inside source static 10.1.1.2 192.168.1.2
(config)#int E0
(config-if)#ip nat inside
(config-if)#exit
(config)#int S0
(config)#ip nat outside
Dynamic NAT
A router needs to be configured with NAT and it has 15 public addresses, 179.9.8.80 through
179.9.8.95 call this pool_1. On the inside network hosts use the private addresses of 10.1.0.0/16.
What is the NAT configuration on the router?
(config)#access-list 1 permit 10.1.0.0 0.0.255.255

(config)#ip nat pool POOL_1 179.9.8.80 179.9.8.95 netmask 255.255.255.0
public address pool
(config)#ip nat inside source list 1 pool POOL_1
(config)#int E0
(config-if)#ip nat inside
(config)#exit
(config)int S0
(config-if)#ip nat outside
Another Example
Router(config)#access-list 1 permit 10.0.0.0 0.0.0.255

Router(config)#ip nat pool cisco 179.2.2.65 179.2.2.90 netmask
255.255.255.224
Router(config)#ip nat inside source list 1 pool cisco
Router(config)#interface ethernet0
Router(config-if)#ip nat inside
Router(config)#interface serial0
Router(config-if)#ip nat outside
Global outside addresses 25, therefore block size 32, netmask 256 – 32 = 224
Configure PAT
A border router needs to be configured with NAT and will allow 6 public addresses, 198.18.131.65
through 70. On the inside network there are 63 hosts that use the private addresses of
192.168.10.129 through 190. What is the NAT configuration on the border router?
Answer
#ip nat pool Todd 198.18.131.65 198.18.131.70 netmask 255.255.255.248

#access-list 1 permit 192.168.10.128 0.0.0.63
#ip nat inside source list 1 pool Todd overload
ip nat pool Todd 198.18.131.65 198.18.131.70 netmask 255.255.255.248
Sets the pool name as Todd and creates the dynamic pool of public addresses for the NAT to use
from 198.18.131.65 to 70
For the inside global pool 5 addresses are required block size = 2, 4, 8.
Block size must be 8, 256 - 8 = 248, Giving us a netmask of 255.255.255.248
Inside local 63 hosts required block size 64 therefore wildcard mask is 0.0.0.63
For the subnet the start of local address pool is 192.168.10.129
This lies in the 192.168.10.128 subnet
ip nat inside source list 1 pool Todd overload

This sets dynamic pool to use Port Address Translation (PAT) by using the overload cmd
Remember to add the ip nat inside and ip nat outside statements on the interfaces.
Lab_A(config)#int s0/0
Lab_A(config-if)#ip nat outside
Lab_A(config-if)#ip f0/0
Lab_A(config-if)#ip nat inside
Question Simulation 1
Configure a router to provide Internet access. The ISP has provided you with six public IP
addresses of 198.18.158.97, 198.18.158.98, 198.18.158.99, 198.18.158.100, 198.18.158.101, and
198.18.158.102. ABC.com has 62 hosts that need access to the Internet simultaneously. The hosts
in the ABC.com LAN have been assigned private space addresses in the range of 192.168.98.65 -
192.168.98.126. The following have already been configured on the router
1. The basic router configuration

2. The appropriate interfaces have been configured for NAT inside an NAT outside.
3. The appropriate static routes have also been configured (since the company will be a stub
network, no routing protocol will be required)
4. All passwords have been temporarily set to "Cisco" The task is to complete the NAT configuration
using all IP addresses assigned by the ISP to provide Internet access to the hosts in the ABC1 LAN.
Functionality can be tested by clicking on the host provided for testing.
Configuration information
Router name: ABC1 inside global addresses: 198.18.158.97 198.18.158.102/29
inside local addresses: 192.168.98.65 - 192.168.98.126/26 Number of inside hosts: 62
password Cisco
Answer
ABC1(config)#ip nat inside source list 1 pool nat-pool overload

ABC1(config)#access-list 1 permit 192.168.98.64 0.0.0.63
ABC1(config)#ip nat pool nat-pool 198.18.158.97 198.18.158.102 netmask
255.255.255.248
ABC1(config)#int Fa0/0
ABC1(config-if)#ip nat inside
ABC1(config-if)#exit
ABC1(config)#int s0
ABC1(config-if)#ip nat outside
ABC1(config-if)#end
ABC1#copy run start
Previously the ip nat pool nat-pool was configured with /26 which is 255.255.255.192 which is
incorrect because we are configuring inside global and it's /29 which is 255.255.255.248.
Explanation
Public ip addresses 198.18.158.97 – 102
5 addresses, block size 8, 256 – 8 = 248, netmask 255.255.255.248
Local inside addresses 192.168.98.65 – 126, 62 hosts = block size 8, 16, 32, 64, block size = 64
Start of local pool 192.168.98.65 lies in the 64 subnet = 192.168.98.64
So subnet and inverse mask 192.168.98.64 0.0.0.63
Question NAT SIM 2

A network associate is configuring a router for the weaver company to provide internet access. The
ISP has provided the company six public IP addresses of 198.18.184.105 - 198.18.184.110. The
company has 14 hosts that need to access the internet simultaneously. The hosts in the company
LAN have been assigned private space addresses in the range of 192.168.100.17 –
192.168.100.30
Weaver>enable
Weaver#configure terminal
Router(config)#hostname weaver
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Weaver(config)#ip nat pool isp_adr 198.18.184.105 198.18.184.110 netmask
255.255.255.248
Weaver(config)#ip nat inside source list 10 pool isp_adr overload
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Number inside hosts = 14, block size = 16, wildcard = 0.0.0.15

Start of local pool 192.168.100.17 lies in the 192.168.100.16 subnet
198.18.184.105 – 110, 5 addresses block size 8, 256 – 8 = 248, netmask = 255.255.255.248
Weaver(config)#ip nat inside source list 10 pool isp_adr overload
overload keyword is compulsory because the internal LAN address space is more then the ISP
provided public address range 6 public address for 14 private lan hosts which all need to access the
internet at the same time.
--------------------
verify configuration
--------------------
#clear ip nat translation *

#clear ip nat translation inside glob ip local ip [outside glob ip local
ip]
#show ip nat translations

#show ip nat statistics
Passwords
enable password (used to secure privileged mode)

enable secret – the newer encrypted password that overrides the enable password
Router#config t
Router(config)#enable secret todd
Router(config)#enable password todd
Auxiliary Password
Router#config t
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password todd
Console Password
Router#config t
Router(config)#line console 0
Router(config-line)#password todd1
VTY - Virtual Terminal, Telnet Password

Router(config)#line vty 0 4
Router(config-line)#password todd2
In effect the only line that changes is the line config
To manually encrypt your passwords use the service password-encryption cmd
Router#config t
Router(config)#service password-encryption
Router(config)#^Z
Router(config)#banner motd #
Enter text message. End with the character ‘#’
You have entered a secure system,authorized access ONLY! #
Router(config)#^Z
Control A = start of line

Control E = end of line
Control F = right (forward
Control B = left (back)
Control P = repeat last= previous command
Control N = repeat most recent command
Esc B = back 1 word
Esc F = Fwd 1 word
Password Resetting
Flash memory is also called NVRAM
If the boot field is 0x0, Router boots to ROM Monitor Mode (ROMMON).
If the boot field is 0x1, the Router boots from IOS in ROM
If the boot field is 0x2 through 0xF, Router will first look in FLASH (NVRAM) for an IOS.
If the configuration register is set to
0x2142 bypasses the configuration in NVRAM.

0x2102, The default value for the configuration register the router boots normally.
0x1000, the boot field value is zero, so it will boot to ROMMON.
0x0107, the boot field is 7 so the router will still boot normally.
0x2101, the router will boot from ROM into RXBOOT mode on the next reboot.
0x2105, 5 = boot field anything between 0x2 to 0xF will look for startup-configuration in the NVRAM.
Boots normally.
Router#show interface s0/0
Serial0/0 is up, line protocol is down
Datalink problem. Clocking (keepalive) or framing problem. Check the keepalives and encapsulation
matches on both ends and the clock rate is set if needed.
Router#sh int s0/0

Serial0/0 is down, line protocol is down
Physical layer problem. If both are down it’s a cable or interface problem.
Question
You as the administrator issue the shutdown command on Serial 1. You later view this interface
using the show interface Serial 1 command. How will this interface be displayed?
A. Serial 1 is up, line protocol is up.

B. Serial 1 is up, line protocol is down.
C. Serial 1 is down, line protocol is down.
D. Serial 1 is administratively down, the line protocol is down.
Answer D
Explanation
The shutdown command administratively disables an interface. The result is the interface will be
down as will the line protocol.
CDP
To see if cdp is running
R3#show cdp interface

Ethernet0 is up line protocol is up
Encapsulation ARPA
Sending CDP packets every 60s
Holdtime is 180s
To disable cdp on an interface To enable cdp on an interface

use no cdp enable cmd use cdp enable cmd
R3#config t R3#config t
R3(config)#int s0 R3(config)#int s0
R3(config-if)#no cdp enable R3(config-if)#cdp enable
R3(config-if)#^Z R3(config-if)#^Z
To disable CDP on the entire router use the no cdp run in global configuration mode.
When issuing a show cdp entry command, the following information is provided.
1. Neighbor device ID
2. Layer 3 protocol information (ie IP address)
3. Local interface and Port identifiers of the neighbors remote ports
4. The hold time in seconds
5. Devices capabilities
6. Device Platform
7. IOS type and version.
Gathering Neighbour Information
Todd2509#show cdp neighbor

Capability codes: R – router, T – Trans Bridge, B – Source Route Bridge,
S – switch, H - Host – IGMP, r- repeater
Device ID Local Intrfce Holdtime Capability Platform Port ID

1900Switch Eth0 238 TS 1900 2
25000B Ser0 138 R 2500 Ser0
So the output shows directly connected to the 2509 router are a switch with a hostname of
1900Switch and a 2500B router.
#show cdp neighbors displays information about directly connected devices
1. Neighbor Device ID: The hostname of the neighbor device

2. Local Interface: The interface on which the cdp packet from the neighbor is heard
3. Capability: Capability of this neighboring device - R for router, S for switch, H for Host etc.
4. Platform: The neighbor device type (ie. 2500 router)
5. Port ID: The interface of the remote neighbor sending CDP information
6. Holdtime: Decremental hold time in seconds
But there's one vital piece of info missing - the neighbor's IP address.
You'll need to run show cdp neighbor detail to get that.
IP Addresses
Example 255.255.255.192/26
Subnetting 192.168.10.0 network address with 255.255.255.192 subnet mask
How many subnets?

/26 compared to /24 = 2 extra bits borrowed for the network address, 2^2 = 4
How many hosts per subnet? = 6 bits left for the host address 2^6 – 2 = 62 hosts
What are the valid subnets? 256 – subnet mask = block size
256 – 192 = 64, so subnets are 0 64 128 192
What’s the broadcast address for each subnet 63 127 191 255
What are the valid hosts? 1-62 65-126 129-190 193-254
Question
You work as a network technician. You have subnetted the 201.105.13.0 network with a /26 mask.
Your boss asks you how many usable subnetworks and usable host addresses per subnet this will
provide. What should you tell her?
A. 64 networks and 4 hosts

B. 4 networks and 64 hosts
C. 2 networks and 62 hosts
D. 62 networks and 2 hosts
Answer C
/26, therefore 2 bits borrowed for network

Subnets= 2^2 - 2 = 4 - 2 = 2
2 bits for network portion therefore 6 bits left for number of hosts 2^6 - 2 = 64 – 2 = 62
Summarization
Question
In the network shown below, what is the most efficient summarization that R1 can use to advertise
its networks to R2?
A. 172.1.0.0/22
B. 172.1.0.0/21
C. 172.1.4.0/22
D. 172.1.4.0/25
172.1.4.128/25
172.1.5.0/24
172.1.6.0/24
172.1.7.0/24
E. 172.1.4.0/21
Answer C
172.1.4.0/22
Explanation: In large internetworks, hundreds, or even thousands, of network addresses can exist. It
is often problematic for routers to maintain this volume of routes in their routing tables. Route
summarization (also called route aggregation or supernetting) can reduce the number of routes that
a router must maintain, because it is a method of representing a series of network numbers in a
single summary address.
172.1.4.0 172.1 : 00000100.0

172.1.4.128 : 00000100.128
172.1.5.0 : 00000101.0
172.1.6.0 : 00000110.0
172.1.7.0 : 00000111.0
172.1 is the same for all networks 3rd octet changes therefore reduce to binary to find the remaining
common bits, which is the first 6 bits so /16 + /6 = /22
Quick Notes WAN
HDLC is the default encapsulation used by cisco routers over serial links
No Authentication can be used with HDLC!
Corporate
Router>enable
Router#config t
Router(config)#hostname Corp
Corp(config)#interface serial 0
Corp(config-if)#ip address 10.1.1.1 255.255.255.0
Corp(config-if)#no shutdown
Corp(config-if)#exit
Corp(config)#exit
Corp#
Here the default HDLC is used as Corp router is cisco no configuration necessary
A show interface serial 0, shows HDLC running.
Router#show int s0
Serial0/0 is up, line protocol is up
MTU 1500 bytes, BW 1544 Kbit
Encapsulation HDLC, loopback not set
PPP
If we have a Cisco router and a non-Cisco router connected we must configure PPP HDLC won’t
work. Authentication can be used with PPP
Left#config t
Left(config)#username Right password cisco
Left(config)#int s0
Left(config-if)#encapsulation ppp
Left(config-if)#ppp authentication chap
Left(config-if)#ppp authentication pap
Left(config-if)#^Z
Passwords must match on each router
Frame Relay
Dynamic address mapping using Inverse ARP Single Interface
Corporate
Router>enable
Router#config t
Corp(config-if)#encapsulation frame-relay
Corp(config-if)#frame-relay lmi-type cisco
Corp(config-if)#frame-relay interface-dlci 100
Corp(config)#exit
Corp#
No encapsulation method was specifically configured, the default is Cisco, which means that a
Cisco router is on both sides of the link.
If you have a Cisco router on one side of the link and a Nortel or other on the other side of the link,
then the configuration would be.
Corporate
Router>enable
Router#config t
Corp(config-if)#encapsulation frame-relay ietf
Corp(config-if)#frame-relay lmi-type (ansi or Q.933A)
Corp(config-if)#frame-relay interface-dlci 100
Corp(config)#exit
The frame-relay interface-dlci command performs dynamic address mapping using Inverse ARP
to map the next-hop address to the local DLCI on the router.
Static Mapping
#config t
Router(config)#interface serial 0/0
Router(config)#no fame-relay inverse-arp
Router(config-if)#encapsulation frame-relay
Router(config-if)#ip address 192.168.0.5 255.255.255.0
Router(config-if)#frame-relay map ip 192.168.0.6 100 broadcast
Router(config-if)#no shutdown
Router(config-if)exit
frame-relay map ip can be configured multiple times to associate more than one DLCI to an
interface.
If the Cisco encapsulation (default) is configured on a serial interface then by default that applies to
all VCs on that serial interface unless configured otherwise to use IETF (non Cisco) encapsulation.
Router(config-if)#frame-relay map ip 192.168.1.1 103 broadcast

Router(config-if)#frame-relay map ip 172.16.1.1 102 broadcast ietf
Router#show frame-relay map
Serial0 (up): ip 192.168.1.1 dlci 103(0x7A,0x1CA0), static, broadcast,

CISCO, status defined, active
Serial0 (up): ip 172.16.1.1 dlci 102(0x7A,0x1CA0), static, broadcast,
IETF, status defined, active
Congestion Control
Forward Explicit Congestion Notification (FECN) bit is set to zero by default, and will be set to 1
if congestion was experienced by the frame in the direction in which the frame was travelling.
Backward Explicit Congestion Notification (BECN) will be set to 1 by a DCE in frames that are
being sent back to the source. If network congestion exists in the opposite direction in which the
frame was travelling,
show frame pvc Displays the FECN, BECN, and DE values.
R1#show frame pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)
Active Inactive Deleted Static

Local 2 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0
input pkts 30 output pkts 0 in bytes 2280

out bytes 0 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
pvc create time 00:07:45, last time pvc status changed 00:06:55
Subinterfaces
Point-to-Point
Central
Router>enable
Router#config t
Router(config)#hostname Central
Central(config)#interface serial 0
Central(config-if)#encapsulation frame-relay
Central(config-if)#frame-relay lmi-type cisco
Central(config-if)#no shutdown
Central(config-if)#no ip address
Central(config-if)#interface serial 0/0.1 point-to-point

Central(config-subif)#ip address 10.20.1.1 255.255.255.0
Central(config-subif)#frame-relay interface-dlci 51


Central(config-if)#exit
Central(config)#exit
The no ip address cmd is configured under the major interface.

Each point-to-point subinterface must be on a separate subnet.
Multipoint
Router(config)#interface serial 1
Router(config-if)#no ip address
Router(config-if)#encapsulation frame-relay
Router(config-if)#exit
Router(config)#interface serial 1.2 multipoint
Router(config-subif)#ip address 172.16.1.1 255.255.0.0
Router(config-subif)#frame-relay interface-dlci 100 b dynamic
Router(config-subif)#frame-relay map ip 172.16.1.2 200 b
Router(config-subif)#frame-relay map ip 172.16.1.3 300 b static
Router(config-subif)#frame-relay map ip 172.16.1.4 400 b
Router(config-subif)#exit
The multipoint subinterface shares its subnet with each mapping static or dynamic. The no
ip address cmd is configured under the major interface.
Multipoint and point-to-point subinterfaces can coexist
RouterA(config)#interface serial 0/0

RouterA(config-if)#no ip address (optional)
(removes ip address only required if the interface already had an ip address)
RouterA(config-if)#encapsulation frame-relay ietf
RouterA(config-if)#frame-relay lmi-type ansi
RouterA(config-if)#interface s0/0.2 point-to-point
RouterA(config-subif)#ip address 2.1.1.1 255.255.255.0
RouterA(config-subif)#frame-relay interface-dlci 20 broadcast
RouterA(config)#interface serial 0/0

RouterA(config-if)#encapsulation frame-relay
RouterA(config-if)#frame-relay lmi-type cisco
RouterA(config-if)#int s0/0.1 multipoint
RouterA(config-subif)#ip address 1.1.1.1 255.255.0.0
RouterA(config-subif)#frame-relay map ip 1.1.1.2 18 broadcast
RouterA(config-subif)#frame-relay map ip 1.1.1.3 19 broadcast
RouterA(config-subif)#frame-relay interface-dlci 18 broadcast

The show frame map command displays the current Network layer-to-DLCI mappings and info
about the connection
Use the show frame-relay pvc [dlci] command to display the status of each configured
This command lists all PVCs, and what DLCI numbers their using also frames sent, received,
dropped, marked discard eligible, or with their Forward Explicit Congestion Notification (FECN) or
Backward-Explicit Congestion Notification (BECN) bit set.
Troubleshooting Frame Relay

There are a few commands used to check the status of your interfaces and permanent virtual
circuits (PVC’s)
show frame-relay lmi Local Management Interface (LMI) traffic stats exchanged between the
local router and the Frame Relay Switch.
show frame-pvc command lists all configured PVCs and Data Link Connection Identifier (DLCI)
numbers.
show interface ….. displays statistics for all interfaces configured on the switch shows LMI
traffic, encapsulation as well as Layer-2 and Layer3 information.
show frame map shows network layer-to-DLCI mappings

ISDN
ISDN BRI is made up of two B channels of 64k each and one D channel of 16k
also referred to as 2 B + D Total bandwidth for ISDN BRI, is then 144k (64+64+16=144)
D channels work with LAPD at the Data Link Layer for reliable connections.
ISDN BRI routers come with either a U interface or an S/T interface
Question
What Channel is provided by ISDN BRI?
A. 2B+1D
B. 30B+1D
C. 23B+1D
D. 2D+1B
Answer A
Terminal Adapter (TA) enables ISDN for non-ISDN devices TE2 devices ie (PC’s, analogue
phone/modem)
Terminal Equipment 1 (TE1) supports ISDN (routers with ISDN interfaces, ISDN telephones,
PC’s).
Terminal Equipment 2 (TE2) A non-ISDN device, (serial interface on a router PC, analogue
phone/modem) they require a TA to connect to ISDN
Network Termination 1 (NT1) Attaches to ISDN BRI lines terminates the connection from the
Central Office (CO) converts BRI signals for ISDN line.
Network Termination 2 (NT2) Used with PRI
VLAN
ISL is a Cisco proprietary VLAN tagging method,

802.1q is an open VLAN tagging standard.
Configuring Trunk Links on a Switch
Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport trunk encapsulation [dot1q / isl]
Configuring VLAN encapsulation on a Router
Router(config-if)#encapsulation dot1q vlan-number
dot1q Example
It is recommended that the sub-interface value is the same as the VLAN.
switchport
You only use the switchport command on switches—not routers.
You can configure an interface to be an access link

Switch(config-if)#switchport mode access
Or put a port in a certain VLAN

Switch(config-if)#switchport access vlan 101
To change trunking protocol

Switch(config-if)#switchport trunk encapsulation isl
Creating VLAN’s
S1#config t
S1(config)#vlan 2
S1(config-vlan)#name Sales
S1(config-vlan)#vlan 3
S1(config-vlan)#name Marketing
S1(config-vlan)#vlan 4
S1(config-vlan)#name accounting
S1(config-vlan)#^Z
After you have created VLANs verify them with a show vlan command
show vlan
S1#show vlan
Trunk ports don’t show up in the VLAN database.

You have to use the show interface trunk command to see trunked ports.
S3750-1#show interface trunk
Port Mode Encapsulation Status Native vlan

Fa1/0/13 desirable n-isl trunking 1
Fa1/0/14 desirable n-isl trunking 1
Removing VLANs from a Trunk

We can remove VLANs from the allowed list to prevent traffic from certain VLANs from traversing a
trunked link
S1#config t
S1(config)#int f0/1
S1(config-if)#switchport trunk allowed vlan remove 4
To remove a range of VLANs

S1(config-if)#switchport trunk allowed vlan remove 4-8
Assigning Switch Ports to VLANs on a Switch
S1(config-if)#switchport mode access

S1(config-if)#switchport access vlan 3
S1#config t
Enter configuration commands one per line. End with CNTRL/Z
S1(config)#vlan 5
S1(config-vlan)#name marketing
S1(config-vlan)#exit
S1(config)#vlan 10
S1(config-vlan)#name humanresources
S1(config-vlan)#exit
S1(config)#interface FastEthernet 0/2

S1(config-if)#exit
S1(config)#interface fastEternet 0/3
S1(config-if)#exit
S1(config-if)#exit
S1(config-if)#exit
S1(config)#
At this point, ports 2 and 3 can communicate with each other and ports 4 & 5 can communicate.
This is because the ports are in their own VLAN. For the device on port 2 to communicate with the
device on port 4, you would have to configure a trunk port to a router so that it can strip off the
VLAN information, route the packet, and add back the VLAN information.
Assigning a range of access ports to VLAN
Question
You have hired a new salesperson. All sales associates are placed in VLAN5. You are adding a
port on your Catalyst 2950 switch to VLAN 5. Which commands accomplish this goal?
A. sw1(config-if)#switchport access vlan 5

B. sw1(config)#vlan-membership port vlan 5
C. sw1(config-if)#vlan-membership static 5
D. sw1(config) #port membership vlan 5
Answer A
You go to the particular interface/port you want to assign to VLAN 5 and enter the command
switchport access vlan (vlan#).
Question
What command will configure an interface on a Catalyst 2900 series switch to carry traffic from all
VLANs to another directly connected switch? (Choose two)
A. Switch(config-if)# vlan all

B. Switch(config-if)# switchport access vlan 30
C. Switch(config-if)# switchport access vlan all
D. Switch(config-if)# switchport mode trunk
E. Switch(config-if)# switchport trunk encapsulation dot1q
Answer C, E
Switch(config-if)# switchport access vlan all

Switch(config-if)# switchport trunk encapsulation dot1q
Switches have 3 VTP modes
Server – add, modify, delete VLANs in the domain
Client – process VLAN changes and forward VTP messages VLANs cannot be created, deleted
and edited on clients
Transparent – forward VTP messages only

VTP transparent switches do not participate in the VTP domain.
VLANs can be created, deleted and edited, but are local to the switch only they keep their own
database and are not advertised to the other switches in the VTP domain
When a switch is configured as a VTP server, you must define a VTP domain before you can create
VLANs.
Configuring the Domain

1900(config)#vtp mode server
1900(config)#vtp domain Cisco2
1900(config)#vtp password cantona
VTP can be configured in global or VLAN configuration mode.

Question
Host A in the graphic is connected to a switch port assigned to VLAN 1. Which two settings on host
A are required to allow connectivity with Host B on VLAN 2? (Choose two)
A. IP address: 192.1.1.66 255.255.255.240

B. IP address: 192.1.1.130 255.255.255.192
C. IP address: 192.1.1.142 255.255.255.240
D. Default gateway: 192.1.1.129
E. Default gateway: 192.1.1.65
F. Default gateway: 192.1.1.1
Answer C, D
Explanation
Sub-interface Fast Ethernet 0/0.2 was created for VLAN 1via the "encapsulation dot1q 1" command.
C is correct as
Host A resides in VLAN 1 it must be configured with an IP address in the 192.1.1.128/28
subnet
VLAN 1 192.1.1.129 255.255.255.240 host range?
256 – 240 = 16 Block Size
0,16, 32, 48, 64, 80, 96, 112, 128, 144
129 is in the 128 subnet, valid hosts 129 - 142

D is correct as
Host A must be configured with the IP address of the default gateway, which is the IP address
assigned to the sub-interface of the router.
Question
Which of the following are valid configuration values for the hosts shown in the graphic? (choose
three)
A. host A IP address: 192.1.1.65

B. host A subnet mask: 255.255.255.224
C. host B IP address: 192.1.1.125
D. host B default gateway: 192.1.1.65
E. host C IP address: 192.1.1.166
F. host C subnet mask: 255.255.255.224
Answer C, D, F
Explanation
VLAN1 192.1.1.65 255.255.255.192 hosts?
256 – 192 = 64 Block Size
0, 64, 128, 192
65 lies in the 64 subnet
Host range 65 -126
VLAN10 192.1.1.129 255.255.255.224

256 – 224 = 32
0, 32, 64, 96, 128, 160
129 lies in the 128 subnet
Host range 129 -58
Routing
Route AD
Connected 0
Static 1
EIGRP 90
IGRP 100
OSPF 110
RIP 120
Enhanced
EIGRP 170
Unknown 255
Link-state routing uses
Link-state advertisements (LSAs) – A link-state advertisement (LSA) is a small packet of

routing information that is sent between routers.
Topological database – A topological database is a collection of information gathered from

LSAs.
SPF algorithm – The shortest path first (SPF) algorithm is a calculation performed on the
database resulting in the SPF tree.
Routing tables – A list of the known paths and interfaces.
Distance vector protocols send the entire routing table to directly connected neighbors.
Link state protocols only send updates containing the state of their own links to all other routers on
the network
A passive interface on a router

Allows a router to receive routing updates on an interface but not send updates via that interface.
Question
Which of these statements is true regarding distance-vector routing protocols?
A. They send the entire routing table to directly connected neighbors.

B. They send the entire routing table to every router in the network.
C. They send the changes to the routing table to directly connected neighbors.
D. They send the changes to the routing table to every router in the network.
Answer A
Distance-vector routing protocols send the entire routing table to directly connected neighbors.
B is incorrect, as the routers send the tables only to their directly connected neighbors. If a router
learns of another route from its neighbor, it then passes that information on to another neighbor.
Static Routing
Example
Say that you have two locations, connected by a WAN T1 circuit. On the LAN side of each of these
locations, you have a small Ethernet network.
The only way for the devices on Ethernet LAN 10.10.1.0 to communicate with devices on network
10.10.2.0, is to use routing. With such a simple network, static routing is a perfect solution. You can
enter one route on each router and be done with the configuration.
The static routes for this network,
San Diego#conf t
San Diego(config)#ip route 10.10.2.0 255.255.255.0 20.1.1.2
Destination mask next hop
Chicago#conf t
Chicago(config)#ip route 10.10.1.0 255.255.255.0 20.1.1.1
The syntax is: ip route <destination> <netmask> <next hop> <admin distance>
or<exit interface>
The next-hop address

router(config)#ip route 172.16.20.0 255.255.255.0 172.16.10.2
The exit interface

router(config)#ip route 172.16.20.0 255.255.255.0 s0/0
Example
RouterB is connected to the networks 192.168.20.0, 192.168.30.0 and 192.168.40.0
We must configure the following static routes on RouterB
192.168.10.0
192.168.50.0
RouterB(config)#ip route 192.168.10.0 255.255.255.0 192.168.20.1

RouterB(config)#ip route 192.168.50.0 255.255.255.0 192.168.40.2
Now looking at the routing table you can see RouterB understands how to find each network.
RouterB#show ip route
Codes: C - connected, etc…
S 192.168.50.0 [1/0] via 192.168.40.2

C 192.168.40.0 is directly connected, Serial 0/1
C 192.168.30.0 is directly connected, FastEthernet0/0
C 192.168.20.0 is directly connected, Serial 0/0
S 192.168.10.0 [1/0] via 192.168.20.1
RouterB#
Default Route
A default route serves as a gateway of last resort. If there are no matches for a destination in the
routing table, the default route will be used.
R1(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2 (next-hop IP address)

R1(config)#ip route 0.0.0.0 0.0.0.0 serial0 (local exit interface)
The syntax is: ip route 0.0.0.0 0.0.0.0 <next hop> <admin distance>
<or exit interface>
To turn off default routing add no in front

R1(config)#no ip route 0.0.0.0 0.0.0.0 200.1.1.2
Question
You are configuring router Lon, and want to configure a gateway of last resort to router Man.
Router Lon will be sending this traffic out its interface serial0, which has an ip address of 172.1.1.1
Router Man will be receiving this traffic on its interface serial1, and this interface has an ip address
of 189.12.12.12
Which of the following statements will successfully configure a gateway of last resort?
A. ip route 0.0.0.0 0.0.0.0 189.12.12.12

B. ip route 0.0.0.0 0.0.0.0 serial1
C. ip route 0.0.0.0 0.0.0.0 serial0
D. ip route 255.255.255.255 255.255.255.255 172.1.1.1
E. ip route 255.255.255.255 255.255.255.255 serial1
F. ip route 255.255.255.255 255.255.255.255 189.12.12.12
G. ip route 255.255.255.255 255.255.255.255 serial0
H. ip route 0.0.0.0 0.0.0.0 172.1.1.1
Answer A, C
Explanation
These are the only two routes that will work
A. ip route 0.0.0.0 0.0.0.0 189.12.12.12 (next hop ip)
C. ip route 0.0.0.0 0.0.0.0 serial0 (exit interface)
RIP
RouterA(config)#router rip
RouterA(config-router)#network 192.168.10.0
RouterA(config-router)# ^Z
RIPv1 all devices in the network must use the same subnet mask. Classful routing.
RIPv2 sends subnet mask info with the route updates. This is Classless routing.
To disable RIP RouterA(config)#no router rip
To view route information do a show ip route from privileged mode or a do show ip route from
configuration mode
RouterA#show ip route
Codes: C – connected etc…
R 192.168.50.0 [120/2] via 192.168.20.2 00:00:23 serial0/0

R 192.168.40.0 [120/1] via 192.168.20.2 00:00:23 serial0/0
R 192.168.30.0 [120/1] via 192.168.20.2 00:00:23 serial0/0
C 192.168.20.0 is directly connected, serial0/0
C 192.168.10.0 is directly connected, FastEthernet0/0
RouterA#
RIP Example
Configure Router A, use the network ID of 192.168.164.0/28. The s0/0 interface of Router A will use
the last available IP address in the 8th subnet and fa0/0 will use the last available IP address in the
2nd subnet. Do not consider the zero subnet valid.
Answer
/28 = 255.255.255.240 mask

256 – 240 = 16 block size in the 4th octet
Since we have a block size of 16 our subnets are: (not starting at subnet zero)
16, 32, 48, 64, 80, 96,112,128,144 etc…
The 8th subnet for the s0/0 interface is subnet 128
Valid host range is 129 – 142, 143 is the broadcast address
The 2nd subnet fa0/0 = subnet 32
Valid hosts 33 – 46, 47 as broadcast
Configuration on Router A will be
RouterA(config)#interface s0/0
RouterA(config-if)#ip address 192.168.164.142 255.255.255.240
RouterA(config-if)#no shutdown
RouterA(config-if)#interface fa0/0
RouterA(config-if)#ip address 192.168.164.46 255.255.255.240
RouterA(config-if)#no shutdown
RouterA(config-if)#router rip
RouterA(config-router)#^Z
RouterA#
To prevent RIP updates from propagating across your LAN/WAN
RouterA#config t
RouterA(config)#router rip
RouterA(config-router)#passive-interface serial 0/0
This command stops RIP updates from being propagated out serial interface 0/0, but serial interface
0/0 can still receive RIP updates.
Question
If the passive interface command is enabled on the fa0/0 interface of Router E, which statements
are true? (Choose two.)
A. Router E will send all routing updates via interface fa0/0.

B. Router E will ignore all routing updates learned via interface fa0/0.
C. Router E will use routing updates learned via interface fa0/0.
D. Router E will not send routing updates via interface fa0/0.
Answer C, D
Router E will use routing updates learned via interface fa0/0.

Router E will not send routing updates via interface fa0/0.
RIPv2 is a classless routing protocol (even though it is configured as classful, like RIPv1 it sends
subnet mask information along with the route updates)
RouterC(config)#router rip
RouterC(config-router)#version 2
RouterC(config-router)#network 192.168.40.0
RouterC(config-router)#network 192.168.50.0
RIP version 2 default behavior is to autosummarize routes advertised across classful boundaries.
To disable this behavior, run the no auto-summary command under the RIP process.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 172.10.0.0
If you want to see only a certain protocol route from the entire routing table, run the
show ip route followed by the protocol or route type (static, for example).
R1#show ip route rip

R 2.0.0.0/8 [120/1] via 172.16.123.2, 00:00:26, Serial0
R 3.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
[120/1] via 172.16.123.3, 00:00:09, Serial0
R 10.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
The hold down timer for RIP is 180 sec. The flush timer for RIP is 240 sec.
It broadcasts it entire routing table every 30 seconds by default and it can be load balanced as
many as six equal cost paths (4 paths are the default).
Question
You are configuring the Ike router on the network shown in the figure below. You would like to use
the RIP routing protocol to propagate all the networks to the three routers shown. What
configuration would you apply to Ike to have it participate in this objective?
A. Ike(config)#router rip
Ike(config-router)#network 172.16.0.0
B. Ike(config)#router rip
C. Ike(config)#router rip
D. Ike(config)#router rip
Answer A
RIP is considered a classful protocol. From a configuration standpoint, this means that networks
must be entered into the configuration using their default classes (Class A, B, or C). Because
172.16.0.0 is a class B network, it must be entered as if it had a class B subnet mask rather than
the subnet mask shown in the figure. In addition, you enter directly connected interfaces only into a
routing process
EIGRP
EIGRP is a classless, enhanced distance vector Cisco proprietary protocol.
It includes the subnet mask in its route updates
It doesn’t send link state updates like OSPF but sends distance vector updates with info about
networks and the cost of reaching them. But like link state it synchronises routing tables between
neighbors at startup and when the topology changes
EIGRP hello messages are sent every 5 secs on Ethernet by default.
EIGRP has a maximum hop count of 100, but it can be set up to 255.
Router#config t
Router(config)#router eigrp 20
Router(config-router)#network 172.16.0.0
Router(config-router)#network 10.0.0.0
Note the AS number 20 which can be any number 1 to 65535
Router(config)#router eigrp 20
Router(config-router)#passive-interface serial 0/1
EIGRP passive interfaces differ to RIP they will neither send nor receive updates.
EIGRP also supports the use of discontiguous subnets
Discontiguous subnets work with OSPF by default because OSPF does not auto-summarise
like EIGRP.
A Discontiguous Network
Here the subnets 172.16.10.0 and 172.16.20.0 are connected together with a 10.3.1.0 network. By
default each router thinks it has the only 172.16.0.0 classful network.
Configuring Discontiguous Networks
By default routers running EIGRP will automatically summarise the classful boundaries and routing
will not work. Here’s how to turn auto summarisation off.
RouterA#config t
RouterA(config)#router eigrp 100
RouterA(config-router)#no auto-summary
RouterB#config t
RouterB(config)#router eigrp 100
RouterB(config-router)#network 172.16.0.0
RouterB(config-router)#network 10.0.0.0
RouterB(config-router)#no auto-summary
By using the no auto-summary command EIGRP will advertise all the subnets between the two
routers.
In the presence of discontiguous subnets automatic summarisation must be disabled for routing to
work.
EIGRP topology table
Routes with larger metrics to the network via other routers, is the Reported Distance (RD).
A Feasible Successor is a neighbor whose Reported Distance is less than the current Feasible
Distance.
The Successor for a particular route is the neighbour/peer with the lowest metric/distance to that
network and is the primary route to a desination.
Feasible Distance (FD) is the route with the lowest metric to a network.
Reported Distance (FD) is the distance advertised by a neighbour
Open Shortest Path First (OSPF) open source
If not your routers are Cisco then you can’t use EIGRP so your options are RIP or OSPF. Note
OSPF cant load balance across unequal cost links as EIGRP can.
OSPF supports VLSM, has no limitation of network reachability, it maintains neighbor relationships
using the IP multicast address of 224.0.0.5. After initialization, OSPF only sends updates on routing
table sections which have changed it does not send the entire routing table.
Router ID The Router ID (RID) is an IP address used to identify the router.
The Designated Router is elected by the Hello Protocol.
A router's Hello Packet contains its Router Priority. The router with the highest priority becomes
the designated router (DR). If the priorities are the same, then the router with the highest router
ID by (the highest IP address of all loopback interfaces). If no loop-back interfaces are
configured, OSPF will choose the highest IP address.
Priority areas are 0 to 255, when the priority of a router is 0, the router will not participate in
the election.
 Only the DR will send LSAs to the rest of the network.

 For backup purposes also a Backup DR (BDR) is elected
 All routers also establish adjacencies to the BDR
 BDR itself also establishes adjacency to DR
R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/BDR 00:00:34 192.168.12.2 Serial1/1
3.3.3.3 1 FULL/BDR 00:00:36 192.168.13.3 FastEthernet0/0
Neighborship database A variety of details such as the Router ID and state are maintained on
each router in the neighbourship database it is a list of all OSPF routers which have received hello
packets.
Configuring Priority
A router with the highest OSPF priority will win the election for DR.
R3#config t
R3(config)#interface f0/0
R3(config-if)#ip ospf priority 100
Note we have to reload or shutdown the routers for election to take place and priority take effect.
We can see Priority with show ip ospf interface
R3#show ip ospf interface

FastEthernet0/0 is up, line protocol is up
Internet Address 171.154.45.39 Area 0
Process ID 64999 Router ID 171.154.45.39 Network Type BROADCAST Cost 10
Transmit Delay is 1 sec State DR Priority 100
Designated Router (ID) 171.154.45.39, Interface address 192.168.50.1
Configure a loopback interface
Router(config)#interface loopback 0
Router(config-if)#ip address 192.168.31.33 255.255.255.255
Router(config-if)#exit
To remove the loopback interface
Router(config)#no interface loopback 0
01:47:27: %LINK-5-CHANGED: Interface Loopback0,

Changed stateto administratively down
If you don't want to use a Loopback interface, you can still force the router ID to use a particular IP
address with the router-id configuration command
Router5#configure terminal
Router5(config)#router ospf 87
Router5(config-router)#router-id 172.25.1.7
Router5(config-router)#end
Router5#
You can see what the RID for your router is with the following command:
Router5#show ip ospf
Routing Process "ospf 87" with ID 172.25.1.7
Supports only single TOS(TOS0) routes
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 5. Checksum Sum 0x28868
Number of DCbitless external LSA 0
Number of DoNotAge external LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Area BACKBONE(0)
Number of interfaces in this area is 2
Area has no authentication
Configuring OSPF Areas
After the OSPF process we need to identify the interfaces and area on which you want to activate
OSPF.
RouterA#config t
RouterA(config)#router ospf 1
RouterA(config-router)#network 10.0.0.0 0.255.255.255 area 0
In multi-area OSPF networks all areas are required to connect to area 0 the backbone area.
The Process ID is in the range 1-65535

The area-id is an integer between 0 and 4294967295
Priority is the range 0 to 255 (not shown)
If you have more than one network statement, the order becomes important. In the following
example, the last line matches all IP addresses and assigns them to Area 0. But, because this line
comes last, it only picks up any addresses that are not captured by either of the lines above it.
However, if we had written this line first, then all of the interfaces would wind up in Area 0.
Router1#configure terminal
Router1(config)#router ospf 55
Router1(config-router)#network 10.0.0.0 0.255.255.255 area 2
Router1(config-router)#end
Router1#
We have a router with theses 4 subnets connected to four different interfaces.

192.168.10.64/28, 192.168.10.80/28, 192.168.10.96/28, 192.168.10.8/30
All interfaces need to be in area 0. Seems the easiest config is
Test#config t
Test(config)#router ospf 1
Test(config-router)#network 192.168.10.0 0.0.0.255 area 0
But to cover CCNA objectives lets use separate subnets and wildcards
Test#config t
Test(config)#router ospf 1
If the area address ranges are nicely assigned (which also helps immensely when you have to start
summarizing), you can use a single network statement to cover the whole area. If, for example,
area 3 has address range 10.1.16.0/20,
use network 10.1.16.0 0.0.15.255 area 3
If the router has all interfaces in a single area, I would always use
network 0.0.0.0 255.255.255.255 area area-id
(unless there is an extremely good reason that some interfaces should not be seen by the OSPF)
To configure Man router with an ip address shown and loopback interface on Fa0/0 for ospf
Man#config terminal
Man(config)#interface fa0/0
Man(config-if)#ip address 192.168.1.1 255.255.255.0
Man(config-if)#no shutdown
Man(config-if)#interface loopback 0
Man(config-if)#ip address 192.168.31.11 255.255.255.255
Man(config)#router ospf 1
Man(config-router)#network 192.168.1.0 0.0.0.255 area 0
1 is the ospf process ID which is locally significant.
The show ip ospf interface (interface) command
Displays Priority, timer intervals, router ID number and neighbor adjacencies
Show ip ospf neighbor & Show ip ospf neighbor detail

Summarises the OSPF information regarding neighbour id, priority, adjacency state and DR or
BDR.
So use the show ospf neighbor command to see who won DR election
Layer 2 Switching
Forward/filter decisions When a frame is received on an interface, the switch looks at the
destination hardware address and finds the exit interface in the MAC database. The frame is only
forwarded out the specified destination port.
Looking at the output of a show mac address-table

If the switch received a frame with the following MAC addresses
The destination MAC address is found in the MAC address table and is forwarded out the fa0/3
interface.
3 main switching methods are
Cut Through - looks at the first 6 bytes of the destination MAC address only
Fragment free cut through - looks at the first 64 bytes only
Store and forward - looks at the entire frame
Spanning Tree Protocol (STP)
Bridge Priority - Numerical value held by switches. All Catalyst switches are priority 32768
Bridge ID = Priority Value and switch MAC Address.
Root bridge This is the bridge with the lowest bridge ID.
Root port The port with the lowest path cost to the root bridge.
Used for communicating with the root bridge.
Designated port this has been determined as having the lowest cost. A designated port will be
marked as a forwarding port.
NonDesignated port has a higher cost than the designated port Nondesignated ports are put in
blocking mode.
Any port that is not either a root port or a designated port is placed into the blocking state.
Switch A is the root bridge because it’s the one with the lowest bridge ID. Switch B must shut down
one of its ports connected to Switch A to prevent a switching loop from occurring.
STP will shut down the link with the lowest bandwidth, here both links are 100Mbps so STP will shut
down the highest port number ie Fa0/12.
Wireless
The Service Set Identifier (SSID) all wireless devices in a WLAN must be configured with the same
SSID in order to communicate.
Ad-hoc
The simplest form of a wireless network is created by connecting two or more wireless clients
together in a peer-to-peer network. A wireless network established in this manner is known as an
ad-hoc network and does not include an AP.
All clients within an ad-hoc network are equal. The area covered by this network is known as an
Independent Basic Service Set (IBSS).
Infrastructure Mode
Larger networks require a single device that controls communications in the wireless cell, an AP
Access Point.
The area covered by a single AP is known as a Basic Service Set (BSS) or cell.
The Basic Service Set (BSS) is the smallest building block of a WLAN. The area of coverage of a
single AP is limited. To expand the coverage area, it is possible to connect multiple BSSs through a
Distribution System (DS). This forms an Extended Service Set (ESS). An ESS uses multiple APs.
Each AP is in a separate BSS.
In order to allow movement between the cells without the loss of signal, BSSs must overlap by
approximately 10%. This allows the client to connect to the second AP before disconnecting from
the first AP.
Most home and small business environments consist of a single BSS. However, as the required
coverage area and number hosts needing to connect increases it becomes necessary to create an
ESS.
802.11b standard uses DSSS with a maximum data rate of 11Mbps
802.11b supports four data rates: 1, 2, 5.5, and 11 Mbps.

Wi-Fi Protected Access (WPA). Specifies the use of dynamic encryption keys that change each time
a client establishes a connection. It includes authentication by PSK.
Question
You and a co-worker have established wireless communication directly between your wireless
laptops. What type of wireless topology has been created?
A. BSS
B. ESS
C. IBSS
D. SSID
Answer C
Explanation
Ad-hoc mode or Independent Basic Service Set [IBSS] is simply a group of computers talking
wirelessly to each other with no access point (AP).
IPv6
21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A or
21DA:D3:0:2F3B:2AA:FF:FE28:9C5A with the leading zeros removed
A contiguous sequence of 16-bit blocks set to 0 in the colon-hexadecimal format can be

compressed to ::
FE80:0:0:0:2AA:FF:FE9A:4CA2 can be compressed to FE80::2AA:FF:FE9A:4CA2.
FF02:0:0:0:0:0:0:2 can be compressed to FF02::2.
0000, may be replaced with two colons:: as long as there is only one double colon used in an
address
1234:0:0:0:ABCD:0:0:123
could be represented as
1234::ABCD:0:0:123
or
1234:0:0:0:ABCD::123
You can identify these and other IPv6 addresses by their initial bits
1111 111010 - Link Local prefix FE80::/10
1111 111011 a site-local address IPv6 unicast address prefix FEC0::/10
1111 1111 – Multicast has a prefix of FF00::/8
6to4 is 2002::/16 - this is the transition system—the structure that allows IPv6 packets to be
transmitted over an IPv4 network without the need to configure explicit tunnels.
Autoconfiguration
MAC-48: 00:01:03:69:8B:CF
EUI-64: 0201:03ff:fe69:8bcf
Example
Host Ethernet address is 00:30:48:23:58:df
Network prefix is 2001:db8:1:cafe::/64
Address is
2001:0db8:0001:cafe:0230:48ff:fe23:58df
The change in the top byte of the address from ‘00’ to ‘02’ comes from the global bit being set in the
translation from IEEE MAC-48 to EUI-64
What multicast address does RIPng use?
Answer FF02::9
What multicast address does EIGRPv6 use?

Answer FF02::A
What two multicast addresses does OSPFv3 use?
Answer FF02::5, FF02::6

A router that is running both IPv4 and IPv6 addressing on the same interface is known as
Dual-stack

Ccna Quick Revision Notes

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Ccna Quick Revision Notes

Caricato da

Copyright:

Formati disponibili

Quick Notes

Standard Access Lists

Stop telnet access to the networks attached to the E1 and E2 interfaces.

Rtr(config)#access-list 110 deny tcp any 172.16.48.0 0.0.15.255 eq 23

rtr(config)#access-list 102 permit tcp any any eq www

#access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.200.0 0.0.0.255

Router(config)#show access-lists (shows all access lists)

Named Access Lists

Define Inside Local and Inside Global Addresses

Router(config)#ip nat inside source static 10.0.0.3 179.2.2.80

(config)#access-list 1 permit 10.1.0.0 0.0.255.255

Router(config)#access-list 1 permit 10.0.0.0 0.0.0.255

#ip nat pool Todd 198.18.131.65 198.18.131.70 netmask 255.255.255.248

ip nat inside source list 1 pool Todd overload

1. The basic router configuration

ABC1(config)#ip nat inside source list 1 pool nat-pool overload

Question NAT SIM 2

Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15

Number inside hosts = 14, block size = 16, wildcard = 0.0.0.15

198.18.184.105 – 110, 5 addresses block size 8, 256 – 8 = 248, netmask = 255.255.255.248

Weaver(config)#ip nat inside source list 10 pool isp_adr overload

#clear ip nat translation *

#show ip nat translations

enable password (used to secure privileged mode)

VTY - Virtual Terminal, Telnet Password

In effect the only line that changes is the line config

To manually encrypt your passwords use the service password-encryption cmd

Control A = start of line

Flash memory is also called NVRAM

If the configuration register is set to

0x2142 bypasses the configuration in NVRAM.

Router#sh int s0/0

A. Serial 1 is up, line protocol is up.

To see if cdp is running

R3#show cdp interface

To disable cdp on an interface To enable cdp on an interface

Gathering Neighbour Information

Todd2509#show cdp neighbor

Device ID Local Intrfce Holdtime Capability Platform Port ID

#show cdp neighbors displays information about directly connected devices

1. Neighbor Device ID: The hostname of the neighbor device

How many subnets?

A. 64 networks and 4 hosts

/26, therefore 2 bits borrowed for network

172.1.4.0 172.1 : 00000100.0

Quick Notes WAN

A show interface serial 0, shows HDLC running.

Passwords must match on each router

Dynamic address mapping using Inverse ARP Single Interface

Router(config-if)#frame-relay map ip 192.168.1.1 103 broadcast

Router#show frame-relay map

Serial0 (up): ip 192.168.1.1 dlci 103(0x7A,0x1CA0), static, broadcast,

R1#show frame pvc

PVC Statistics for interface Serial0 (Frame Relay DTE)

Active Inactive Deleted Static

input pkts 30 output pkts 0 in bytes 2280

Central(config-if)#interface serial 0/0.1 point-to-point

Central(config-if)#interface serial 0/0.2 point-to-point

Central(config-if)#interface serial 0/0.3 point-to-point

The no ip address cmd is configured under the major interface.

RouterA(config)#interface serial 0/0

RouterA(config)#interface serial 0/0

RouterA(config-subif)#frame-relay interface-dlci 18 broadcast