ccna practical notes
TRANSCRIPT
R o o t - X S e c u r i t y
H a x a - 2 N u l l L a m b d a : X
0 1 0 1 0 0 1 1 0 1
0 1 0 1 0 0 0 0 0 1
2 / 1 2 / 2 0 1 5
Raghav Bisht
Notes contains basic router and switches networking.
CCNA Networking
Notes
NETWORK: When two or more than two computers are inter-connected for:-
Data communications
Sharing -- Resource Sharing
-- Data sharing
NETWORKING: The method, technique, process, or terminology through which a network is
being established is called networking.
BASIC REQUIREMENTS TO ESTABLISH A NETWORK
Communicating Devices:-
LAN Card
NIC Card
ETHERNET Card
ETHERNET Adapter
Each LAN card has a 48 bit hexadecimal address called MAC address or Physical address. It is a
unique ID and MAC address of two LAN cards can never be same. It is precoded
Or hardcoded with in LAN card and user can`t change this address.
COMMUNICATION MEDIA: WIRE BASED MEDIA (GUIDED MEDIA)
WIRE LESS MEDIA (UNGUIDED MEDIA)
WIRE BASED MEDIA: - CO-AXIL CABLE
- FIBER OPTICS
- TWISTED PAIR
CO-AXIL CABLE: - CORE
INSULATION
BRAIDED CU-MESH
THIN PLASTIC SHEET
CORE: - Core is the data carrier it carries the data from source to destination.
INSULATION: - it acts as an insulator between the core and braided cu-mesh.
It provides internal strength to the core.
It avoids data leakages.
BRAIDED CU-MESH: - To reduce EMI effect and external interference like
Noise attenuation
For ear- thing or ground
THIN PLASTIC SHEET: - To protect the wire or a whole from weather and climatic
Conditions
To provide external strength to the wire as a whole
DISADVANTAGES: - Easy to hack
- Costly (more usages of amplifiers and repeaters)
FIBER OPTICAL: - In case of optical fiber, the fiber is made up of glass or silica.
In case of both co-axial and twisted pair data is transmitted in the form of electrical
Signal, but in case of optical fiber data is transmitted in the form of optical signal.
The Three components of fiber optics technology:
- Light Source
- Optical Fiber
- Detector
Optical fiber is based on the principle of TRI (total internal reflection)
Data is transmitted in the form of light.
Wide coverage (1 & 1.5kms)
No external interference that is emi, attenuation, noise etc.
Not easy to hack
DISADVANTAGES: -
-Very costly
-Not easy to troubleshoot.
-We can`t install this wire over the pillars.
-Lot of legal formalities are involved to install wire.
TWISTED PAIR:
Reason to twist the cables:
-To reduce emi effect or external interference.
-Two parallel repeaters an antenna that can only receives the signal.
TYPES OF TWISTED PAIR:
STP (SHIELDED TWISTED PAIR)
UTP (UNSHIELDED TWISTED PAIR)
STP UTP
-Costly -Cheaper
-High Bandwidth -Low Bandwidth
-More reliable & secure & negotiable -More chance of data loss
Chance of data loss
-Negotiable chances of EMI effect & -Minimal chance of EMI effect &
Attenuation & noise attenuation & noise
-An internal shield of silver foil or -No such shield is present
Al or co-mesh is there beside outer
Plastic shield
CATEGORIES OF TWISTED PAIR: - CAT 3
- CAT 5
- CAT 7
CAT 3 CAT 5 CAT 7
3 twist per inch 5 twist per inch 7 twist per inch
10 Mbps 100 Mbps 1000 Mbps
Cheapest Cheapest Costly
Max emi Minimal emi Negotiable emi
ETHERNET CABLING:
Straight Through
Cross over
Roll over/console cable
Straight Through
-PC TO HUB OR SWITCH
-HUB/SWITCH TO ROUTER
Colour coding is same at both ends
1orange white 1orange white T+
2 orange 2 orange T-
3green white 3green white R+
4blue 4blue X
5blue white 5blue white X
6green 6green R-
7brown white 7brown white X
8brown 8brown X
Cross Over
-PC TO PC
-SWITCH TO SWITCH
-HUB TO HUB
-HUB TO SWITCH
-ROUTER TO PC
Colour coding
1orange white 1green white
2 orange 2 green
3green white 3orange white
4blue 4blue
5blue white 5blue white
6green 6orange
7brown white 7brown white
8brown 8brown
Roll Over/console:
Use to get the access of router/switch in order to configure it.
1orange white 1brown
2 orange 2brown white
3green white 3green
4blue 4blue white
5blue white 5blue
6green 6green white
7brown white 7orange
8brown 8orange white
Active pins
Router/pc hub/switch (port pins)
1 T+ R+ T+ TRANSMITTION
2 T- R- T- VANISHES THE EMI
3 R+ T+ R + RECEIVING
6 R- T- R- VANISHES THE EMI
How we decide the Ethernet cabling
PC TO PC SWITCH TO ROUTER
1 T+ 1 T+ 1 R+ ------------------ 1 T+
2 T- 2 T- 2 R- ------------------ 2 T-
3 R+ 3 R+ 3 T+ ------------------- 3 R+
6 R- 6 R- 6 T- ------------------- 6 R-
NETWORKING DEVICES
HUB
SWITCH/BRIDGE
ROUTER
HUB: -
-It is a networking device used to connect two or more than two computers
Within a LAN
-It is duffer device
-It is internally based on bus topology, in case of which a single communication
Line is shared by all the users
-Only one user can communicate at a time, either he can send the data or he can
Receive the data
-It divides the actual bandwidth among the users
-It always makes broadcast & thus result in overall wastage of bandwidth
-collisions are common in case of hub which results in congestion &thus wastage
Of bandwidth
-Broadcast domain =1
-Collision domain =1
*the area or LAN`S affected by a single broadcast is called broadcast domain
*the area or LAN`S affected by a single collision is called collision domain
Switch: -
-It is a networking device, used to connect two or more than two computers/users within a
LAN
-It is an intelligent device because it works on physical/Mac address
-It is internally based on star topology
And thus all the users can communicate at the same time
-It provides additional bandwidth to the existing users in comparison to hub
-Limited broadcast
-No collision
-Broadcast domain = 1
-Collision domain = no of ports on switch
-It is hardware based device
Switch Bridge
-Switch is hardware based device because -It is software based device B`coz a
In it ASIC (application specific integrated s/w is used to create &maintain
Circuit) are used to create table table
-Switch is a multiport bridge -The maximum no of ports in case
Bridge can be to the may 16
Similarities in switch and bridge
Both are layer two devices
Both works on Mac address
Router: -
-Device used to connect two or more than two different networks
-Routing, identify the best route the packet will take to reach from source to destination
-IP Address are used over here
-Packet filtering
-Packets are created over here
-No broadcast
-No collisions
Broadcast domain = no of ports
Collision domain = no of ports
OSI MODEL: (open system interconnection)
When the networking was introduced the only problem that was being faced was that different
e der’s o puters ere ot able to communicate with each other To solve this problem the
OSI reference model was introduced Layered Architecture:
The entire communication process was divided into smaller parts and each such
Part is known as a layer, to simplify the process of communication.
Application layer: -
- It provides user interface
-It provides different applications like file, print, scan, database, e-mail, browsing etc
Presentation Layer: -
-It is used to present the data so that the destination is understood
-It is o er ed ith s ta a d se a ti s ( < ..?*^ _ - >) (something meaningful)
-Different data processing techniques like compression, decompression, encryption and
decryption are decide over here
Session Layer:-
-Three way handshake Request, Negotiation, Acknowledgement
-It creates, maintain and terminate the session
-Dialog control (to check weather everything is going as desired or not) if not then the session
Will be terminated
-It keeps different applications data separate from each other
Transport Layer:-
-It provides both Reliable as well as Unreliable delivery. B`coz at this layer TCP and UDP are use
1.) Acknowledgement
--------------------------------
-----------------------------
Source -----------------------------
Source Destination
2.) Acknowledgement with time
----------------------------------
----------------------------------
----------------------------------
3.) Windowing
-------------------------
-------------------------
-------------------------
-------------------------
-------------------------
-------------------------
-------------------------
-------------------------
4.) Sequencing
-Sending data in sequences
-Segmentation is done over here
Segment contain
Control Information ------------- Logical Port no of every Protocol
-The bulk data is divided into smaller parts and each such part is known as segment
-Error correction before retransmission
Network Layer: -
-Routers are used over here
-IP addresses are used
-Routing is done
-Packets are framed
-Packet filtering is done
Data Link Layer: -
-Switches and bridges are used
-Mac Address are used
-Frames are created
-Error detection is done over here
Physical Layer: -
-Data is transmitted in bit form
-Different electrical and mechanical aspects are define over here, Like voltage, frequency
Bandwidth, wire speed
-Hub are used at this layer
-End to End connectivity
-LAN topologies are decided over here.
TCP/IP Protocol Suite:
Cisco Three layer Hierarchical Model
Core Layer:-
It refers as to transmission media (leased line or RF based). This layer act as back bone of your
Network, If this layer fails every single user will be affected for reliable and fast data
communication
Distribution Layer:-
This layer act as intermediator between core layer and access layer
Routers are used at this layer.
Access layer:-
This layer deals with workgroup level users.
TCP/IP Protocol suit:-
TELNET:- (23) the term telnet has been derived from telephone network
The system that requests the telnet service is called telnet client and the system that provides
the requested telnet service is called telnet server.
Uses
Telnet is used to get the remote textual access of a device which is remotely located
FTP (20-21) TFTP (69)
It allows transfer of data as well as It only allows transfer of files
Browsing of directory
Ftp allows transfer of bulk size files It only allows transfer of limited size files
A special authentication user name & No such authentication is required
Password is must
SNMP: - (simple network management protocol)
It manages and control the overall performance of network for this purpose it has hired few
agents called watch dog.
If everything is going ok than a message called baseline will be sent but if anything goes wrong
in that case an alert message called trap will be send.
DNS: -53 (domain name server)
It is used to resolve name into IP addresses
DHCP: - (dynamic host configuration protocol)
It is used to assign IP address related information automatically.
HTTP: -80 (hyper text transfer protocol)
It is used to upload or download the web pages over the internet.
LDP: - (line printer daemon) service
LPR: - (line printer resource)
It is used to sharing of printer over the network. It works along with LPR for this purpose.
NFS: - (network file system)
It allows two different O.S. `s file systems compatible with each other.
Foe e g: windows & Linux
X-windows:
It is only through x-widows the GUI mode is enabled or activated over UNIX based O.S.
SMTP: - (simple mail transfer protocol)
It is used to transfer the mail from source to destination (for uploading)
POP 3: - (post office protocol ver-3)
It is used to receive the mail from source to destination (for downloading)
TCP 6 UDP 17
It provides connection oriented service It provides connectionless service
It provides reliable delivery It provides unreliable service
TCP is slower data communication process It is fast data communication process
TCP support flow control It does not support
Support sequencing Does not
Support acknowledgment Does not
Support acknowledgment with timer Does not
Support windowing Does not
IP: - (internet Protocol) 32bit logical
It provides logical add or IP addressing. It helps in creation of packets
ARP: - (address resolution protocol)
It is used to resolve IP address into MAC address. (48 bit hexadecimal)
For e g: as in case of a SWITCH.
RARP: - (reverse address resolution protocol)
It is used to resolve MAC address into IP address.
For e g: in case of DHCP server.
ICMP: - (internet control message protocol)
This protocol handles connection related messages, for e g: Request Timed Out while pinging.
IP ADDRESSING
It is a 32 bit logical address that is used to identify your pc uniquely over a network
0 0 0 0 0 0 0 0 0
CLASS A: 0 1 1 1 1 1 1 1 127
CLASS B: 1 0 0 0 0 0 0 0 128
1 0 1 1 1 1 1 1 191
CLASS C: 1 1 0 0 0 0 0 0 192
1 1 0 1 1 1 1 1 223
CLASS D: 1 1 1 0 0 0 0 0 224
1 1 1 0 1 1 1 1 239
(FOR R&D)
CLASS E: 1 1 1 1 0 0 0 0 240
1 1 1 1 1 1 1 1 255
FOR SCIENTIFIC USE)
CLASS A
NET ID HOST ID HOST ID HOST ID
NODE HOST HOST HOST
SUBNET MASK 255.0.0.0
HERE NETWORK 28
HOST 224
CLASS B
NODE NODE HOST HOST
SUBNET MASK 255.255.0.0
HERE NETWORK 216
HOST 216
CLASS C
NODE NODE NODE HOST
SUBNET MASK 255.255.255.0
HERE NETWORK 224
HOST 28
NET ID NET ID HOST ID HOST ID
NET ID NET ID NET ID HOST ID
PRIVATE NETWORKS
CLASS A 10.0.0.0 NID
10.255.255.255 BID
Only Network
CLASS B 172.16.0.0
172.31.0.0 ALL 16 TO 31
16 Networks
CLASS C 192.168.10.0
192.168.255.0
256 Networks
IP ADDRESSING: - It is a 32 bit logical address that uniquely identify the host within a
WAN
MAC ADDRESS: - It is a 48 bit hexadecimal address that uniquely identify a host within
LAN. It is a unique identifier & Mac address of two Lan cards can never be same, it is pre-coded
Or hard corded with in lan cars and user can`t change it.
Each IP address has 4 octets and each octet is
Separated through a dot (.)
Decimal Binary hexadecimal
0 0 0 0 0 0
1 0 0 0 1 1
2 0 0 1 0 2
3 0 0 1 1 3
4 0 1 0 0 4
5 0 1 0 1 5
6 0 1 1 0 6
7 0 1 1 1 7
8 1 0 0 0 8
9 1 0 0 1 9
10 1 0 1 0 A
11 1 0 1 1 B
12 1 1 0 0 C
13 1 1 0 1 D
14 1 1 1 0 E
15 1 1 1 1 F
Classes of network: -
Each IP address is divided into two parts
NET ID (network identifier)
HOST ID
Net ID: it is uniquely identifies the network.
Host ID: it is uniquely identifies the host of that network.
For e g 10.0.0.1
Here 10.0.0.0 --------N/W ID
0.0.0.1----------Host ID
CLASSES of network
CLASS A 0 0 0 0 0 0 0 0 0
END 0 1 1 1 1 1 1 1 127
CLASS B: 1 0 0 0 0 0 0 0 128
END 1 0 1 1 1 1 1 1 191
CLASS C: 1 1 0 0 0 0 0 0 192
END 1 1 0 1 1 1 1 1 223
CLASS D: 1 1 1 0 0 0 0 0 224
END 1 1 1 0 1 1 1 1 239
FOR MULTICASTING
(FOR ADVANCE R&D PURPOSE)
CLASS E: 1 1 1 1 0 0 0 0 240
END 1 1 1 1 1 1 1 1 255
FOR SCIENTIFIC USE)
POINTS TO REMEMBER:-
-When all the host ID portion bits of an IP add are 0, It is a network address
-When all the host ID portion bits of an IP address are 1, it is a broadcast address for that
network 10.255.255.255 129.10.255.255
-When all the net ID bits of an IP address are set to 0 it is host address
10.0.0.1 ------IP address
0.0.0.1-------Host address
-when all the net ID bits of an IP address are 1it represent all networks
-255.0.0.0 –is the subnet mask of a class
-When all the net ID bits &Host ID bits of an IP address are 1 it represent global broadcast (all
network all host) e g 255.255.255.255
-When both net ID &Host ID are 0 it is used for default routing 0.0.0.0
-127.0.0.1 it is loop back address used for self testing, if ping to this address is successful it
means the TCP/IP protocol stack is immaculate or if there is no reply the TCP/IP suit is corrupt
reinstall O.S.
Subnet Mask: -
It is 32 a bit logical address that distinguish net ID portion of an IP address from its host ID
portion.
It is a stream of 1`s and 0`s with all net ID portion bits are 1 and host ID bits as 0
Valid Host
CLASS A 255.0.0.0 224
-2
CLASS B 255.255.0.0 216
-2
CLASS C 255.255.255.0 28
-2
Private IP Addresses
These are those address, that are assigned to all the users which are member of a LAN but we
can`t assign these addresses publically over the internet.
Private IP`s
CLASS A 10.0.0.0-------------10.255.255.255 -> ONLY NETWORK
CLASS B 172.16.0.0----------172.31.0.0 ->16 NETWORK
CLASS C 192.168.0.0---------192.168.255.0 -> 256 NETWORK
NAT: - (Network Address Translation)
It is only through NAT the private IP address are used as publically over the internet
Three types of NAT
STATIC NAT: one to one
DYNAMIC NAT: one to many
DYNAMIC NAT WITH OVERLOAD: many to many
Sub netting: (Sub Networking)
It is a process through which a very large complex network is sub- divided into smalls parts and
each such part is known as subnet or sub-network.
Benefits:
Reduce network traffic load
Easy to manage & troubleshoot
More chances of expansion
Solution
Class c: 192.168.10.0/26
1 To identify the valid no of subnets
2n where n is = no of borrowed bit
22
=4
2 To identify valid no of host for each such subnet
2m
-2 where m is = remaining host id portion bits
26-2 =62
3 To identify the value of new subnet mask and range
255.255.255.11000000
Subnet mask 255.255.255.192
Range 256-192=64 maxm. Possibilities of octet-value of host ID
4 To identify all the valid subnets
i) 192.168.10.0 ii) 192.168.10.64
iii) 192.168.10.128 iv) 192.168.10.192
5 To identify all the valid host
i) 1to62 ii) 65 to 126
iii) 129 to 190 iv) 193 to 254
6 To identify the broadcast address for each subnet
1) 192.168.10.63 2) 192.168.10.127
3) 192.168.10.191 4) 192.168.10.255
Solution 2
192.168.10.0/28
1 24
= 16
2 24 -2 = 14
3 255.255.255.11110000
255.255.255.240
Range 256-240=16
4 1) 192.168.10.0 2) 192.168.10.16
3) 192.168.10.32 4) 192.168.10.48
5) 192.168.10.64 6) 192.168.10.80
7) 192.168.10.96 8) 192.168.10.112
9) 192.168.10.128 10) 192.168.10. &so on
5 1 to 14, 17 to 30,
33 to 46, 49 to 62
6 192.168.10.15 192.168.10.31
192.168.10.47 192.168.10.63
IP Address Troubleshooting
Problem statement:
Client 10.0.0.1 is not able to communicate with server 30.0.0.2 of other network
Steps:
1 Ping 127.0.0.1 if there is a reply means TCP/IP stack is ok and not corrupt but if there is no
reply means TCP/IP protocol stack is corrupt please reinstall it using window cd.
2 If the first step is successful than try to ping the IP address of pc`s Lan card if there is reply
LAN card is ok but if there is no reply means LAN card id faulty repair otherwise replace it.
3 If the first two steps are successful than try to ping the IP address of router Ethernet port i e
Default gateway if there is reply it means there is no problem in the local LAN physical
Topology, if it does not reply than problem is with cables, hub or switch port or router
Ethernet Port, problem is with physically topology
4 If the fist 3 steps are successful than try to ping the remote server once again if there is no
Reply, it means problem is with remote side, ask the remote site administrator to follow the
Above 3 steps to sort out the problem
If there is a reply:
Communication takes places it means everything is ok & fine
If there is no communication it means problem is with ARP & DNS server.
Components of Router:
Computer Router
HARD DISK
RAM
NV RAM
ROM
FLASH
RAM
NV RAM
ROM
Flash: - it is similar to hard disk of your computer, it is EEPROM (electrical erasable read only
memory) It contains the copy of IOS (internetwork operating system)
Ram: - Random access memory it is a volatile memory in case of any sudden power failure all
the changes made but not saved get lost. It contains the running configuration file.
Running configuration: it`s the configuration that has been changed but not saved
NV Ram: - in case of which all changes made & saved will not get lost. It contains the startup
configuration file.
Startup configuration: It is configuration that has been changed as well as saved.
Rom: 1) POST: power on self test
2) BOOT STRAP: It specifies the router from where to load the router
3) MINI IOS: It is the mini IOS
Mini IOS: It is the minimum set of drivers that are required to boot the router.
Router booting sequence
1) POST
2) BOOT STRAP: - It specifies the router from where to load the ios.
3) BY default the router will load the ios from FLASH to RAM.
4) Then the router will look for the saved configuration or start-up configuration in NV RAM if
It gets this configuration then it will load with that configuration, else it will try to go into the
Set-up mode would you like to enter into initial configuration Dialog? Y/N
Dynamic system configuration:
Ports of router:
Two type of router ports
1) Interfaces
2 Lines
Interfaces
-Interfaces are used to get make your router member of LAN or a WAN
- Over the interfaces we specify the IP addresses
-for e g: Ethernet Port
Serial Port
BRI Port (basic rate interface port)
Lines
-lines are used to get the access of a router in order to configure it
-over the line we specify Login ID &Password
-for e g: Console Line
VTY Line (virtual type)
Auxiliary Line
ETHERNET PORT:
It is an interface that is used to make your router member of a LAN. It is used for LAN
connectivity
-Two types
1) RJ 45 Female Port
2) AUI (attachment unit interface) (15 pin model)
It is always only simple Ethernet port
AUI 15 pin modular port
In case of AUI Ethernet transceiver will be used. AUI is always simple Ethernet port that is
10mbps
Three categories of Ethernet port
1 Simple Ethernet port - 10Mbps
2 fast Ethernet port - 100Mbps
3 Gigabit Ethernet port - 1000Mbps
The router`s Ethernet ports IP Address is the default gateway for all the systems that are
member of that LAN
CONSOLE PORT:
-It is a line that is used to get the access of router in order to configure it locally
-Console cable or rollover cable used for this purpose.
-One end of this console cable is male RJ 45 &other end is com (female) or serial of (9pin
connector)
-It is RJ 45 female port.
BRI PORT: (Basic Rate Interface)
-It is a port where we connect our dedicated ISDN line to our router.
-It is a RJ 45 Female port
TELEPHONE LINE ISDN
-It is an analog line -It is a digital line
-It provides only audio support -It provides both audio video &data.
-It provides to the Max of 56Kbps -It has two B + 1D channel, each B
Channel is of 64Kbps & D`s of 16
Kbps that is total of 144Kbps.
AUXILIARY PORT:
It is a line through which we can get access of router in order to configure it and that is also
remotely.
It is port where we connect our dedicated telephone line to our router.
VTY PORT: (virtual type)
-It is a logical port that does not exist physically
-It is used to activate Telnet service over the router for that purpose we have to set login &
password over the VTY line
LINE VTY 0 4
Password a b c
Login
SERIAL PORT:
-It is the port where we connect either two routers directly or remotely.
-It is used for WAN connectivity.
-It uses v.35 cable
Locally:
-When two router arte directly connected using a serial cable.
Remotely
Radio link
Serial Ports is two types
-60 pin modular port (DB 60)
-Smart Serial
DB 60:
-It is a 60 pin modular port
-It is always 1T.
Smart Serial:
-Latest and Compact
-It can be 1T or as well as 2T
Two categories of Serial Interface Card:
WIC 1T: WAN Interface Card 1 Terminal only smart serial
WIC 2T: WAN Interface Card 2 Terminal DB 60 and smart serial
Serial Cable Type:
1) End to End DT/DE cable -60 pin or Smart Serial
2) Smart Serial Cable
DCE is always female
-The Default Bandwidth over the Router Serial Port is 1.544 Mbps or1544 Kbps.
-The Bandwidth over the WIC 2T Card is divided equally among the two terminals (2T).
DTE: DTE is used to create the data for e g PC, SWITCH, ROUTER, HUB
DCE: DCE is used to transmit the data for e g MODEM
-It always use Clock-Rate
Clock-Rate of 64000 bits/sec is define over the Serial port where the DCE slot of the Serial cable
is attach
Router`s different modes of configuration
In global configuration mode two other modes are
Inter face
Configuration
Mode
Line
Configuration
Mode
User Execution mode:-
It is a very limited type of mode, in it neither we can see or save or nor we can change the
Router configuration
Commands used in this mode are: - Ping, Trace route etc
Simple Enable Password Enable Secret Password
1) Plain text format 1) Encrypted form
2) Priority low 2) High priority
Both the password can never be same
Privilege Mode:-
It is a mode where we can see or save the router`s configuration, but we can`t change the
Router`s configuration
Commands that are used in this mode are:-
Show commands are used to see the configuration
Copy commands are used to save the router configuration
Debug commands are used to see the router`s backend processing to the front end
Global Configuration Mode:-
It is the mode where we can change the router`s configuration
The commands used at this layer are:-
We can change or set the host name of the router
We can change or set the enable secret password
We can set the banners
Line Configuration Mode:-
It is a mode where we can change the configuration relating to any specific line
Commands used at this mode are:-
Login
Password
Interface Configuration Mode:-
It is a mode where we can changes the configuration related to any interface
Commands used at this mode are:-
We can set the clock-Rate
We can change or set the IP Address
We can change the status of a specific interface
BASIC COMMANDS
Privileged mode
1) Show history: - it is used to see the previous 10 commands being used over the router
Till router powered on uptill privileged mode
2) Show Terminal: - it is used to see the size of history
3) Terminal history size 20:- It is used to change the size of history
4) Show version: - It is used to see-
Version of router`s IOS &Bootstrap
Size of RAM, NVRAM & FLASH memory
No & type of interface
Configuration registered value
5) Show interfaces: - It is used to see
Name of the interface
Status of the interface
IP Add of the interface
MAC Add of the interface
MTU that is 1500 byte (Maximum Transmission Units)
Receiving Load RX Load
Transmission Load TX Load
Reliability
Load
Delay
Encapsulation type
NOTE: - By default encapsulation over the router`s Ethernet port is ARPA (Advanced Research
Project Agency) & over the serial port is HDLC (High Level Data Link Control)
6) Show interfaces interface interface name
It is used to see the above specified detailed information relating to any specific interface
7) Show Startup-Configuration: - It is used to see the startup configuration or saved
Configuration of router
It will view
The IP assigned to interfaces
Enable Password
The Password of Lines
8) Show running-configuration: - It is used to see the last changed configuration that is
Running-configuration
9) Show IP interface Brief: - This command is used to view layer three related information
It will view information about interfaces like
Name IP Add Working Line Protocol Port Status
Ok/no up/down up/down
10) Show Protocols: - This command is used to view the detailed information of routing
Protocol
11) Show IP Route: - This command is used to view the routing table
12 Copy running-configuration start-up configuration: - This command is used to save the
Running-configuration as startup-configuration or
Write running-configuration startup-configuration
13) Copy startup-configuration running-configuration: - This command is used to recover
The password
14) Show IP interface
It is used to see the layer three related information including all the interfaces
15) Show controllers <serial interface name>
It is used to see the serial cable slot attached to your router is either DTE or DCE
16) Reload
It is used to restart the router
17) Copy run start
It is used to save the running configuration into startup configuration or to permanently
Save router`s configuration
18) Copy start run
It is used to save startup configuration into your running configuration
GLOBAL CONFIGURATION MODE
1) Host name <name>
It is used to assign or change hostname of the router
2) config-register
This command is used to change the value of router`s config register
3) Enable Password _________
It is used to set or change the router simple enable password
4) Enable Secret _____________
It is used to change or set the secret enable password that is encrypted form
INTERFACE CONFIGURATION MODE
1) IP Add 10.0.0.1 255.0.0.0
This command is used to assign or change the IP Address of any specific interface
2) No Shutdown
Use to manually change the status of an interface from down to up
3) Shutdown
Use to manually change the status of an interface from up to down
4) Clock-Rate 64000
It is used to set the clock rate over the serial interface where DCE cable is attach
5) Description
It is used to set description over any specific interface of a router
LINE CONFIGURATION MODE
1) Password _________
It is used to set password over any specific line
2) Login ________
It is used to activate a line for access by user
TROUBLESHOOTING
Configuration Register value
It is a hexadecimal value that specifies the router from where to load the IOS
0x2100
This value specifies the router not to load the IOS from flash into the RAM instead the router`s
booting sequence will break and the router will go into the Romman (ROM Monitor Mode) This
mode is used for Troubleshooting, repair and maintenance The commands used at this mode
are totally different from routers normal mode.
In 2500 series router sign > (greater than) show -- it means we are in Romman mode
In 2600, 3600, 1700 series router Romman> show – it means we are in Romman mode
0x2101
This value specifies the router not to load the IOS from flash into the RAM instead to load the
MINI IOS from ROM
2500 Router (boot)
2600 Router>
3600 Router>
1700 Router>
0x2102 or (default value)
This value specifies the router to load the IOS from flash into the RAM and then the router will
look for start-up configuration in NVRAM
It is the default configuration register value in case of every Cisco router.
2500, 2600, 3600, 1700 –Router>
0x2142
This value specifies the router to load the IOS from flash into the RAM and then the router will
bypass the start-up or saved configuration in NVRAM as a result the router will try to go into
set-up mode.
Would you like to enter into initial configuration dialog? Yes/No,
You enter NO
Now you are in CLI mode and can write new configuration
PASSWORD RECOVERY
1) Power ON the router and press CTRL+BREAK key combination as a result the router will go
into the Rommon Mode
2) 2500 >, 2600, 3600, 1700 Rommon>
3) Change the configuration Register`s value from 0x2102 to 0x2142
2600, 3600, 1700 ---- Rommon> confreg 0x2142
2500 ------- > o/r ox2142 commands.
4) Restart the router
2600, 3600, 1700 ---- Rommon> restart
2500 ---- > i then enter (i –means Initialize)
5) Use copy start run
To bring the saved configuration into running configuration
6) Change all the required passwords
7) change the configurations register`s value back to 0x2102 from 0x2142
Config-register 0x2102 then enter
8) Make all the changes permanently saved using copy run start
BACKUP AND RESTORE
1) Physically connect the both PC as well as router using a cross cable
2Complete the IP Add related formalities over both PC as well as ROUTER
3) Test the physical connectivity using ping command, from PC to router and router to PC
4) Install Cisco TFTP Server software over the PC and start it
: - Back up of router`s IOS
Use show flash command to see the name of router`s IOS, and copy that name
Then use copy flash TFTP to take the backup of router`s IOS
: - Back-up of router`s startup-config
Use command copy start TFTP
: - Backup of router`s running-config
Use command copy run TFTP
#Restoring
: - Restoring router`s IOS
Use command copy TFTP flash
: - Restoring router`s Running-config
Use command copy TFTP Run
: - Restoring router`s Startup-config
Use command copy TFTP start
Telnet
The term telnet is derived from Telephone network. It is based on client server architecture the
system that request the telnet service is called telnet client and the system that provide the
requested telnet service Is called telnet server
To activate Telnet service on router
Line vty 0 4
Password <______>
Login
Two ways of using Telnet
1) Telnet <destination IP Add>
Telnet 10.0.0.2
2) Destination IP Address
10.0.0.2
To close the telnet session permanently command used is Exit
To switch among R1 and PC
CTRL+SHIFT+6 and then X -> to go back on router from PC
Press enter twice -> to go on PC from router
#show session
It is used to see all the telnet sessions being made from your router to outside environment
The information includes:
-Session no
-Active Session
-Source Address
-Destination Address
-An ideal time in minutes
#show users
It is used to see all the lines being used by the users from outside environment to get the access
of router, in order to configure it.
The information includes:
-Line name
-Line no
-Source
-Destination
-Active line
-Ideal time in minutes
-Ideal line
#disconnect <session>
It is used to forcefully terminate the telnet session being made from your router to outside
environment.
#clear line
It is used to forcefully close a line being used from outside environment over your router.
ROUTING
It is a technique or process that is used by router to select the best IP route to reach a network
or destination
Two types of protocols are used in routing i.e.
Routed Protocol
Routing Protocol
Routed Protocol:
These protocols are used to send data packets over a route decided by routing protocols.
IP, IPX, Apple talk in Macintosh (released in 1984).
Routing Protocols:
These protocols are used to find out the best IP route to among other possible routes to reach a
destination
RIP, IGRP, EIGRP, OSPF
ROUTING TYPES
Static Routing
Default Routing
Dynamic Routing
Static Routing
In this type of routing we have to set the route manually.
This type of routing is suitable for small networks and all the burden or responsibility of
performance of network is on the network administrator.
-Static routing is done on directly connected devices.
-Static routing is more reliable.
SYNTAX:
Router (config) #ip route Destination network sub masks (Exit Interface or next Hope Add.)
Administrative Distance permanent--- optional
Ip route The command used to create the static route.
Destination network The network you’re placing in the routing table.
Mask The subnet mask being used on the network.
Next-hop address the address of the next-hop router that will receive the packet and forward
It to the remote network, this is a router interface that’s on a directly connected network.
You must be able to ping the router interface before you add the route. If you type in
The wrong next-hop address or the interface to that router is down, the static route will show
Up in the router’s configuration but not in the routing table.
Exit interface Used in place of the next-hop address if you want, and shows up as a
Directly connected route
Administrative distance By default, static routes have an administrative distance of
1 (or even 0 if you use an exit interface instead of a next-hop address). You can change the
Default value by adding an administrative weight at the end of the command. I’ll talk a lot More about this subject later in the chapter when we get to the section on dynamic routing
If a network is directly connected, the router will always use the interface connected to the
Network, if you configure a static route, the router will then believe that route over any other
Learned routes, you can change the administrative distance of static routes, but by default, they
Have an AD of 1. In our static route configuration, the AD of each route is set at 150 or 151 This
Lets us configure routing protocols without having to remove the static routes. They’ll be used as
Backup routes in case the routing protocol experiences a failure of some type.
For example, if you have a static route, a RIP-advertised route, and an IGRP-advertised
Route listing the same network, then by default, the router will always use the static route
Unless you change the AD of the static route—which we did
E g from S 0
Router (config) #ip route 30.0.0.0 255.0.0.0 s1 1 permanent
If we set P (permanent) than while setting No IP route we have to give full route again.
Router (config) #no ip route 30.0.0.0 255.0.0.0 20.0.0.2
Routing table
R1 (config) #ip route 30.0.0.0 255.0.0.0 20.0.0.2
R1 (config) #ip route 40.0.0.0 255.0.0.0 20.0.0.2
R1 (config) #ip route 50.0.0.0 255.0.0.0 20.0.0.2
R2 (config) #ip route 10.0.0.0 255.0.0.0 20.0.0.1
R2 (config) #ip route 50.0.0.0 255.0.0.0 40.0.0.1
R3 (config) #ip route 10.0.0.0 255.0.0.0 40.0.0.1
R3 (config) #ip route 20.0.0.0 255.0.0.0 40.0.0.1
R3 (config) #ip route 30.0.0.0 255.0.0.0 40.0.0.1
Default routing
This routing is performed only on stub network
Stub network are defined over a network which has only one exit interface.
Syntax:
Ip route 0.0.0.0 0.0.0.0 exit interface/hop add
Router1 (config) #ip route 0.0.0.0 0.0.0.0 s1 OR
#ip route 0.0.0.0 0.0.0.0 20.0.0.2
Router2 (config) # --------------------------------------------------------
Router3 (config) #ip route 0.0.0.0 0.0.0.0 s3 / 40.0.0.1
Router1# show ip route
C - Directly connected 10.0.0.0
C - Directly connected 20.0.0.0
S - 30.0.0.0 [1/0] via 20.0.0.2
S - 40.0.0.0 [1/0] via 20.0.0.2
S - 50.0.0.0 [1/0] via 20.0.0.2
S* - If default routing is there
C 10.0.0.0 is directly connected, Ethernet0
S* 0.0.0.0 [1/0] via 20.0.0.2
C 50.0.0.0 is directly connected, Ethernet0
S* 0.0.0.0 [1/0] via 40.0.0.1
Dynamic Routing
In case of dynamic routing a specific routing protocol is used and as result router`s routing table
is configured updated automatically.
We need highly sophisticated routers and thus the cost of routing is very high.
More suitable for larger networks
Two type of network layer protocols
Two categories of Routing Protocols
-IGP (interior gateway protocol)
-EGP (exterior gateway protocol)
IGP:-
In case of IGP all routers with the same AS NO. will share the same routing table information or
communicate with each other
AS No. : - Autonomous System No.
It is a user define number that represent an area, it can be any number in the range
of 1 to 65535
For e g: IGRP, EIGRP & OSPF
EGP:-
It allows routers with different AS No to communicate with each others
For e g: BGP (Border Gateway Protocol)
AD: - (Administrative Distance)
It is a metric that rates the trustworthiness and reliability of the routing information update
being received either statically or dynamically
It can be any value in the range of 0 to 255, where 0 is
most reliable and 255 is never-ever used (unreliable)
AD METRICS
Directly Connected Networks = 0
Static and Default Routing = 1
EIGRP = 90
IGRP = 100
OSPF = 110
RIP = 120
Three Categories of Routing Protocols
-Distance Vector Routing Protocols
-Link State Routing Protocols
-Hybrid Routing Protocols
Distance Vector Routing Protocol:-
In case of DVRP each router sends its complete routing table as an update to its immediate
neighbors, the metric used to identify the best route is hop count
For e g: RIP – Routing Information Protocols
IGRP – Interior Gateway Routing protocols
Link State Routing protocol:-
In case of LSRP when two routers become immediate neighbors then only for the first time they
will exchange their complete routing table with its immediate neighbor and then only the link
status related messages will be send
Three tables are prepared
-Neighbourship Table
-Topology Table
-Routing Table
For e g: OSPF
Hybrid Routing Protocols:-
It combines the features of both DVRP & LSRP
For e g: EIGRP (enhanced interior gateway routing protocols)
Distance vector Routing Protocol
-In case of DVRP each router sends its complete routing table as an update to its immediate
Neighbors
-The metric used to identify the best route is hope count, lower the metric is best the route is
-Routing through DVRP is called routing by rumor
Pin Hole Congestion:
When all possible routes to reach the destination networks has equal metric this problem is
Known as pin hole congestion, to solve this problem load balancing is done
-Slow convergence is there in case of DVRP
-Loop: Count up till infinite
LOOP Avoidance:
1) Maximum hop count:
RIP = 15
IGRP = 100 by Default
OR IGRP = 255
OSPF = Infinite
2) Split Horizon:
Rule: the route over which an update is being received no new update will be send or
Transferred over that route
3) Split Horizon with poison reverse:
4) Trigger update:
The update is sent immediate the happening it will not wait for timers
5) Hold Down Timer:
6) Update Timer:
It is a time period after the expiry of which each router sends its complete routing table as an
Update to its immediate routers.
It is by default 30 seconds
7) Invalid Timer:
If no new update is received regarding a specific route entry, the time period for which that
Route entry will be held waiting for a valid update is called invalid timer
It is by default 180 Seconds
8) Hold Down Timer:
If a route update is received regarding a specific route entry that, route entry has become
Unreachable, then the time period for which the route entry will be held waiting for the valid
Update that is called hold down timer.
In case of RIP it will wait for 180 seconds waiting for valid update and
After e pir of hold do ti er it ill for ard update that network is down
It is by default 180 seconds
9) Flush Out Timer:
Once a route entry has become invalid the time period within which router will intimate all
Its immediate neighbors regarding the same are called flush out timer.
It is by default 240 Seconds.
RIP (Routing Information Protocol):
-it is a DVRP, in case of which each router sends its complete routing table as an update to its
immediate neighbors
-The metric used to identify the best route is hope count, lower the metric best the route is
-AD = 120
-Maximum hop count limit is = 15
Two types:
RIP v1 RIP v 2
-It is a class full routing protocol in case - it is a classless routing protocol in case of
Of which the subnet mask related info. Which the subnets mask related info. Will
Will not be sent along with route update be sent along with route update
-It does not support VLSM -It support VLSM
-AD = 120 -AD = 120
-Hop count limit = 15 -do
-Metric hop count -do
-It does not support discontigeous -it support both contiguous and discontigeous
IGRP (Interior gateway Routing Protocol):
It is a DVRP
It’s AD =
It is Cisco proprietary routing protocol which means it can works only on Cisco enabled devices
The maximum Hop count limit is = 255 and by default it is = 100
It uses the concept of AS (Autonomous System) no
It is a class full Routing protocol
It does not support VLSM
The metric used to identify the best route is combination of two things i.e. Bandwidth and
Delay, it is also known as composite metric.
Update timer: 90sec (default)
Invalid timer: 3X update timer i.e. 270sec
Hold down timer: 3X update timer +10 i.e. 280 sec
Flush out timer: 7X update timer i.e. 630 sec
R1
R1 (config) # router rip
R1 (config) # network 10.0.0.0
R1 (config) # network 20.0.0.0
R 2
R2 (config) # router rip
R2 (config) # network 30.0.0.0
R2 (config) # network 20.0.0.0
Version 2
R1
R1 (config) # router rip
R1 (config) # network 10.0.0.0
R1 (config) # network 172.16.0.0
R1 (config) # version 2
R2
R2 (config) # router rip
R2 (config) # network 192.168.10.0
R2 (config) # network 172.16.0.0
R2 (config) # version 2
IGRP
R1
R1 (config) # router igrp 10 (as no)
R1 (config) # network 10.0.0.0
R1 (config) # network 20.0.0.0
R 2
R2 (config) # router igrp 10 (as no)
R2 (config) # network 30.0.0.0
R2 (config) # network 20.0.0.0
EIGRP: (Enhance Interior Gateway Routing Protocol)
It is a hybrid routing protocol that combines the features of both DVRP and Link State Routing
Protocol.
-AD 90
-It uses the concept of as no
-It is a Cisco proprietary routing protocol that can work only over Cisco enables devices
-It is a class less routing protocol
-It supports VLSM
-Maximum hop count limit is 255 and
-By default it is 100
Characteristics of EIGRP
-PDM (protocol Dependent Modules): EIGRP provides support for multiple network layers
protocols IP, IPX, Apple Talk etc. through PDMs for each such protocol an independent set of
database will be created for e g if IP is used than IP/EIFRP database, if IPX than IPX/EIGRP
database, if apple talk/EIGRP database.
-Efficient Neighbor Discovery
-Hello packets are exchanged
-As no should be identical
When two routers become immediate neighbors than only for first time they will exchange
their o plete routi g ta le ith ea h other’s a d then only the route updates will be sent at
regular intervals
Points to Remember:
-The best route to reach the destination network is called feasible distance
-The second best alternative route also called the backup route is called feasible successor
-All possible route to reach destination network as reported by the immediate neighbors are
called reported distances
Characteristics:
-Communication via RTP (Reliable Transport Protocol):
For the first time the router will send a multicast hello to its immediate neighbors than it check
the list of all the routers that ha e ’t replied to that ulti ast
With them it starts unicast hello for next 10 times and even if there is no reply
than that router will be declared dead
-DUAL (Defusing Update Algorithm):
It is used to identify:
The best route to reach the destination network called feasible distance
The second best alternative route called feasible successor
-Metric:
The Metric used to identify the best route is combination of 4 thing
Bandwidth
Delay
Load
Reliability
-Three tables are prepared
Neighbourship table
Topology table
Routing table
-EiGRP provides support for larger networks
-It is a class less routing protocol
-It supports VLSM
-The maximum hop count limit is 255 and by default it is 100
-EIGRP support multiple autonomous system no
EIGRP support auto summarization
In this special case auto summarization process has to be stop using command
R1 (cong) # no-auto summary
EIGRP Practical:
R1
R1 (config) # router eigrp 10
R1 (config) # network 10.0.0.0
R1 (config) # network 20.0.0.0
R 2
R2 (config) # router eigrp 10
R2 (config) # network 30.0.0.0
R2 (config) # network 20.0.0.0
FROM Fig 1
R1
R1 (config) # router eigrp 11
R1 (config) # network 10.0.0.0
R1 (config) # network 172.16.0.0
R1 (config) # no auto-summary
R 2
R2 (config) # router eigrp 11
R2 (config) # network 10.0.0.0
R2 (config) # network 172.16.0.0
R1 (config) # no auto-summary
Show ip route eigrp
It is used to see EIGRP related route entries in the routing table
Show ip eigrp neighbors
It is used to see the Neighbourship table
Show ip eigrp topology
It is used to see topology table
OSPF (Open Shortest Path First):
-It is a link state routing protocol
-Its AD = 110
-Hop count limit is unlimited
-It is an open standard routing protocol that provides multi venders support
-It is a class less routing protocol
-It support VLSM
-The metric used to identify the best route is bandwidth
-It uses the concept of As no and Area
RIP V1 OSPF
-DVRP -Link State
-Class full -Class less
-No VLSM -Support VLSM
-AD 120 -AD 110
-Metric –Hop count -Bandwidth
-Maximum Hop count 15 -No Limit
-It supports auto summarization -It does not
-Only routing table is prepared -Three tables are prepared
Neighbourship, topology, routing
-It is based on flat architecture -It is based on hierarchical architecture
-It do not support manual summarization -It support manual summarization
Benefits of Hierarchical architecture of OSPF:
-confines network instability only to a part of network
-Reduced routing overload
-Scalability and flexibility
Hierarchical Architecture of OSPF
Area:
Each A.S. no is divided into smaller parts and each part is known as an area
Area 0;
The main area or the back bone area that manages the overall process of communication is
called area 0
ABR (Area Border Router):
It allows two different area routers to communicate with each other with in the same A.S. no
ASBR (Autonomous System Border Router):
It allows two different autonomous system routers to communicate with each other
OSPF is based on dijkstra algorithm in case of which first
-The shortest path is created and than
-The best route to reach the destination network is identified
Basic Terminology
Link: It represents an interconnection between two devices or an interface whose status can be
either up or down
Router ID: It is a metric in terms of highest IP adders so router with highest IP adders or router
Id will be elected as designated router (DR)
Neighbor: Router which are adjacent to each other are said to be Neighbor
Adjacency: Router which are immediate neighbors to each other are said to be adjacency
Hello packet: It is only through exchange of hello packets two routers will become neighbors to
each other
Link State Advertisement: It contain information regarding the status of the link and the route
update
Designated Router (DR): Router with the highest IP address or router ID will be elected as DR
Backup Designated Router (BDR): Router with second highest router ID or IP address will be
elected as DR
Point to Point: Unicast
BMA (broadcast Multi-access): Broadcast
NBMA (Non Broadcast Multi-access): Multicast
Wild card Mask (WCM):
For network Address
WCM = Full Mask-Subnet Mask
Or 10.0.0.0
Here SM = 255.0.0.0
FM = 255.255.255.255
WCM = 0.255.255.255
OSPF Protocol: practical
OSPF process ID:
It is locally significant it represent a unique instance of OSPF over your router, it can be any no
in between from 1 to 65535
R1
R1 (config) # router OSPF OSPF process (1) 100
R1 (config) # network 10.0.0.0 0.255.255.255 area 0
R1 (config) # network 20.0.0.0 0.255.255.255 area 0
R 2
R1 (config) # router OSPF 10
R1 (config) # network 20.0.0.0 0.255.255.255 area 0
R1 (config) # network 30.0.0.0 0.255.255.255 area 0
Commands
Show ip OSPF Database:
It is used to see the topology database table
Show ip OSPF Neighbor:
It is used to see the Neighbourship table
# Debugging:
It is used to see the routers back end processing to the front end
# Debugging IP Rip:
It is used to see the back end processing relating to RIP to your end
# Debugging IGRP event:
It is used to see back end processing related to IGRP events to your front end which include
Request for an update being made
received
send
received
Debug IP IGRP transactions
It is used to see IGRP related backend transactions to the frontend, which include:
Request for an update being made
re ei ed
Request for an update being received and the same being forwarded
Debug IP EIGRP:
It is used to turn on the debugging relating to EIGRP
Debug IP OSPF:
It is used to turn on the debugging relating to OSPF
ACL`S
-Firewall: it is a set of security policies that are being implemented in order to restrict any
unauthorized access entering into your network from outside environment.
Two Types:
Software Firewall
Hardware Firewall
Software firewall:
When software is used to restrict any unauthorized access from outside environment over your
network is called a software firewall e.g. Norton internet security, Access list etc
Hardware Firewall:
When a Hardware device is used to restrict any unauthorized access from outside environment
over your network is called a Hardware firewall for e.g. PIX (Personal Internet Exchange)
# Characteristics of Access List:
A match should be there in the Access list
Access List follows sequential processing
X Deny All Permit 10.0.0.0
Permit 10.0.0.0 Deny All
-Standard access list should be applied near to the destination network and extended access list
near to the source network
-there can be one access list active, per interface, per direction, per protocol.
# Types of access list
Standard Access List
Extended Access List
-Standard Access List:
It is a very limited type of access list. In it either there will be full access or there will be no
access, but we can`t block any specific service like telnet, ftp, ping etc
Using standard access list
In it we can only specifies the source address, but not the destination address
The access list starts from 1-99
Extended Access List:
It is a highly configurable type of access list through it either there will be full access, no access
and even we can block any specific services like ftp, telnet, traceroute, ping etc.
In it we have to specify both source address, and destination address and the type of service to
be blocked
The access list starts from 100-199
Standard ACL Syntax:
Router (config) # access list (1-99) (permit/deny) (source address) (WCM)
R2 # access-list 1 deny 10.0.0.0 0.255.255.255
R2 # access-list 1 permit any
30.0.0.10 should not be able to communicate with 10.0.0.0
R1 # access-list 2 deny 30.0.0.10 0.0.0.0
# access-list 2 permit any
Extended ACL Syntax:
#access-list (100-199) (permit/deny) (protocol) (source address) (WCM) (destination address)
(WCM) (name of the service or port no to be blocked)
Protocol:
It can be either Layer 3 protocols or Layer 4
Layer 4 protocol i.e. TCP is used to block any specific service like telnet, FTP
Layer 3 protocol i.e. IP is used to either allow full access or no access
An ICMP is used to block ping or traceroute
FTP = port 20 is for receiving files through FTP
= port 21 is for sending
Protocol port = no
TFTP = 69
SNMP = 1 – 1023 all ports are reserved
Telnet = 23 1024 or it are free ports used transport layer for communication
SMTP = 25
DNS = 53
HTTP = 80
POP 3 = 110
HTTPS = 443
10.5should not be able to telnet or FTP 30.10
R2 # access-list 100 deny TCP 30.0.0.10 0.0.0.0 10.0.0.5 0.0.0.0 range 20-23
# Access-list 100 permit IP any any or
R2 # access-list 100 deny TCP 10.0.0.5 0.0.0.0 30.0.0.0 0.0.0.0 eq FTP or
# access-list 100 deny TCP 10.0.0.5 0.0.0.0 30.0.0.10 0.0.0.0 eq telnet
# access-list 100 permit IP any any
# How to apply and where to apply an ACL
# Where to apply:
Access list is applied over any Specific interface in any specific direction
-Direction of an interface:
Ethernet port
IN – from inside to outside
OUT – from outside to inside
Serial Port:
IN – incoming Data
OUT – Outgoing Data
# How to implement ACL:
On Interface Configuration
Interface E0
# IP access-group access list no IN/OUT
If we want
To block or permit telnet service using standard Access list
# access-list 1 deny 10.0.0.5
(Config-line) # Line vty 0 4
# access-class 1 in
Show access-list
It is used to see all the access list`s created over your router
Show access-list (access list no)
It is used to see any specific access list being created over your router
Show run
It is used to see the access list created and where they have been applied
No access-list (Access list no)
It is used to remove any specific Access list
Switching:
-It is an intelligent device because
- It works on physical/Mac address
-It is internally based on star topology and thus all the users can communicate at the same time
-It provides additional bandwidth to the existing users in comparison to hub
-Limited broadcast
-No collisions are in there in case of a switch
-High data transfer rate or bandwidth (low latency)
-Cheaper than that of your router
-Faster than router
Disadvantages
-Broadcast are there that results in wastage of bandwidth
-Costly than that of hub
Difference between Switch and Bridge
Switch Bridge
-Switch is hardware based device because -It is software based device B`coz a
In it ASIC (application specific integrated s/w is used to create &maintain
Circuit) are used to create table table
-Switch is a multiport bridge -The maximum no of ports in case
Bridge can be to the may 16
Similarities
-Both are layer two devices
-Both works on Mac address
Characteristics of switching:
-Address learning
-Forwarding and filtering decision
(Broadcast) (Unicast)
Three Switching Techniques
-Cut Through
-Fragment Free
-Store and Forward
Cut Through: - In cut through switching technique when a frame is received no error detection
technique will be run over that frame instead the frame is forwarded by seeing the destination
MAC Address
Fragment Free:-In this switching technique, when a frame is received the CRC error detection
technique will be run over the first 64 bytes, and if no error is detected data will be forwarded
by seeing the destination MAC Address
Stored and Forward:- In this Switching technique when a frame is received the entire frame is
first stored and then the error detection technique CRC will be run over the entire frame and if
no error is detected the data will be forwarded by seeing the destination MAC Address
V-LANS (Virtual LAN)
By default all ports of a switch are member of a single V-LAN called default V-LAN
V-LAN:-
It is logical grouping of network users and resources over the predefine ports of a switch
Benefits:
-We can add, remove or update any V-LAN related configuration
-It is logical grouping by function
-More secure and reliable
-The users that need high level security should be made member of separate V_LAN
-Increase in no of broadcast domain with decrease in their size
-Scalability and flexibility
Redundant Link
Redundant Link: - it is the backup link, which will act in case of failure of 1st
link (duplicate link)
Disadvantages:-
1) Loop: (count uptil infinity)
2 Broadcast storm: which result in congestion, thus wastage of LAN bandwidth
3 Multiple copies of the same frame is received multiple by destination
4 Multiple loops (loops with in loops)
Loop Avoidance Algorithm
STP
Spanning Tree Protocol:-
The original version of STP was introduced by DEC (Digital Equipment Corporation) which is
now days known as Compaq later on IEEE modified this version of STP and introduced it as
802.1D
BASIC TERMS
STP: - The purpose of STP is to keep an eye overall the links thus prevent Switching loops by
shutting down the redundant link if there is any
I) Root Bridge
ii) Bridge ID: it is only on the basis of this metric the election of Root Bridge will take place,
Switch with the lowest bridge ID will be the root bridge
It is combination of two things;
1 Priority value
2MAC Address
First priority value is compared then MCA address
Default priority value in case of Cisco Switches is 32768
iii) Root bridge: Switch with the lowest bridge id will be the root bridge, It manages and decides
which switch port is too kept in which state (listening, learning, forwarding & blocking)
iv) BPDU: (Bridge protocol data unit) it is only through exchange of BPDU the election of Root
Bridge will take place
v) Root Port: Root port is the port on all the switches other than Root Bridge, through which
the other switches are at shortest distance of the root bridge
But in case distance is equal then bandwidth is used, and if bandwidth is equal then bridge id
will be used
vi) Port Cost: It is a metric which is cost in terms of bandwidth
Bandwidth cost
10mbps 100
100mbps 19
1Gbps 4
10Gbps 2
vii) Designated Port: Port with the lowest port cost or highest bandwidth are designated ports,
designated ports are always in forwarding state , all the ports of the root bridge are designated
viii) Block Port: Port with the highest port cost or lowest bandwidth will be blocked
4 States of STP
1Listening
2Learning
3Forwarding
4Blocking
Types of V-LAN’s
Static
Dynamic
#Static V-LAN’s: - in case of static V-LAN“’s the ad i istrator hi self first reate the V-LAN’s and then assign switch ports to each V-LAN manually
Static V-LAN’s are ore se ure a d relia le
Dynamic V-LAN’s: in case of dynamic V-LAN’s the MAC address data ase ill e created over
the VMPS (VLANS management policy server), in which it is specified that a system with specific
MAC address should be made a member of a specific V-LAN and when the users are attached to
any specific port of switch, the switch will assign the VLAN membership automatically, as per
that database
Types of links:
Trunk Link
Access Link
Access Link: Access link is a link that exists within a single V-LAN and the member of this link
does not know anything about its V-LAN membership, so link from PC to switch is called access
link
Trunk Link: It is a link that carries multiple V-LAN conversation from either, a switch to switch or
from switch to router; it is a 100 or 1000mbps link from either switch to switch or from switch
to router
# frame Tagging: - When there are more than one VLAN over a switch and more than one
switch in a network, than it is very difficult for the destination switch to identify from which
VLAN data has arrived and to which VLAN data has to be delivered so the concept of frame
tagging was introduced
Two techniques of frame tagging:
-ISL (Inter Switch Link)
-802.1Q
#ISL: - It is an internal frame tagging technique in case of which a 26 byte ISL header is attached
to the front and 4 byte FCS is attached as footer to the frame
-It is Cisco proprietary frame tagging technique
-It is based on 80/20 rule in case of which 80% of the networks traffic will remain at the local
segment and rest of the 20% will be placed over the line
-It is default encapsulation type in case of Cisco 1900 series Switches
# 802.1Q:- It is an internal frame tagging technique in case of which a special field called VLAN
flag or VLAN ID is added within the frame
-It is a non Cisco proprietary frame tagging technique that provide multivendor support
-It is default encapsulation type in case of Cisco 2950 Series Switches
#VTP (VLAN Trunking Protocol)
It is only through VTP the VLAN related configuration made over one switch will be transferred
or configured automatically over another switch
Benefits
Scalability and flexibility
Consistency and reliability
Basic Requirement for VTP:
-the VTP domain name of all the switches participating in VTP should be same
-The switch from which the VLAN configuration has to be transferred should be in server mode,
and the switch over which the VLAN configuration is to be transferred should be in client mode
-Trunk should be configured between both the switches
-Pass ord should e sa e o oth VTP’s
Three Type of VTP
-Server
-Client
-Transparent
Server Mode: - A switch in server mode can create and forward the VTP update, we can add,
remove or update the VLAN related configuration only over the switch which is in server mode
Client Mode:- A switch is client mode can receive and forward the VTP update and it can
ha ge its VLAN related o figuratio as per that update, e a ’t add, re o e or update VLAN related configuration over the switch which is in client mode
Transparent Mode: - A switch in transparent mode can receive and forward the VTP update,
but it will not update its VLAN related configuration as per that update
# VTP Pruning:-
VTP pruning is activated to save the valuable bandwidth of a switch by reducing no. of
broadcasts, multicasts and unicast
Important Note
-By default every switch is in VTP server mode
-By default pruning is disabled over every Cisco Switch
Which protocol DHCP used at transport layer
UDP, TCP, ARP, IP
DRAM SWITCHING
Show VLAN brief
It is used to see the VLAN’s reated o er our s it h a d the switch port assigned to each VLAN
VLAN Database
It is used to go into the VLAN mode where we can add, remove or update any VLAN related
configuration
VLAN no. of VLAN name <name>
It is used to assign a VLAN with its no. and name
Apply
It is used to make all VLAN related configuration changes permanently saved
Interface f 0/1
Switch port access VLAN <no. of VLAN>
It is used to make port member of specific VLAN
VTP
Make all the required VLANS and assign switch port to each VLAN
Than on config mode
Set VTP mode by command
VTP mode <client, server, transparent>
To set password of VTP
VTP password <password e.g. abc123>
To on pruning use command
VTP pruning
No VTP pruning -- to off the pruning
Switch port mode trunk
It is used to make a specific port of a switch trunk
Show interfaces trunk
Used to see the trunk port assigned
Show VTP status
Used to see the description relating to VTP that include
-version of VTP
-VLAN created
-VLAN supported locally
-VTP mode
-Domain name of VTP
-Status of VTP pruning
To assign IP address to switch
Interface VLAN 1
(Conf-int)# Ip add -------------------------- 255.0.0.0
# no shut
To assign default gateway
Ip default gateway <10.0.0.1
Router
# Int f 0
# no shut down
# No ip address
# Int f 0.1
# Int f0.2
# Int f0.3
# Int f 0.1
# Encapsulation dot1q 2 (2 is number of VLAN)
# Ip address 10.0.0.1 255.0.0.0
# Int f 0.2
# Encapsulation dot1q 3 (3 is number of VLAN)
# Ip address 20.0.0.1 255.0.0.0
# Int f 0.3
# Encapsulation dot1q 4 (4 is number of VLAN)
# Ip address 10.0.0.1 255.0.0.0
