ccna quick revision notes
TRANSCRIPT
Quick Notes
Standard Access Lists
1 - 99 or 1300 - 1999 Standard Access List (Looks at the source IP) place close to destination
Stop the Accounting users from accessing the HR server attached to Lab B router but allow all other users access to the LAN.
RouterB#config tRouterB(config)#access-list 10 deny 192.168.10.128 0.0.0.31RouterB(config)#access-list 10 permit anyRouterB(config)#interface Ethernet 0RouterB(config-if)#ip access-group 10 out
192.168.10.129/27 = /24 +3 bits = 4th octet is the interesting octet 11100000 = 224, Block size = 256 – 224 = 32Net ID’s 0, 32, 64, 96,128, 160Host 192.168.10.129 is in the 128 subnet so subnet = 192.168.10.128
Wildcard is 0.0.0.31, one less than the block size in the interesting octet.
Extended Access Lists
100 - 199 or 2000 – 2699 Extended Access List place close to source
Stop telnet access to the networks attached to the E1 and E2 interfaces.
Rtr(config)#access-list 110 deny tcp any 172.16.48.0 0.0.15.255 eq 23Rtr(config)#access-list 110 deny tcp any 172.16.192.0 0.0.63.255 eq 23Rtr(config)#access-list 110 permit ip any anyRtr(config)#interface Ethernet 1Rtr(config-if)#ip access-group 110 outRtr(config-if)#interface Ethernet 2Rtr(config-if)#ip access-group 110 out
172.16.50.173/20, Class B address /16, 3rd octet is the interesting octet /20 = 4 bits borrowed, 11110000 = 240Block size = 256 - 240 = 16, 0, 16, 32, 48, 64 50 is in the 48 subnet = 172.16.48.0, wildcard mask is 1 less than block size = 0.0.15.255
Note we configure one access list containing both conditions and apply it to the two interfaces rather than create one access list for each condition and place it on each interface.
Example
Prevent SMTP traffic originating from the WANs from travelling over link A to an SMTP server with destination 192.168.115.20 by putting an outbound extended IP access list on the Serial 0 interface of RouterX.
Source Destinationrtr(config)#access-list 105 deny TCP any host 192.168.115.20 eq SMTPrtr(config)#access-list 105 permit IP any anyrtr(config)#interface serial 0rtr(config-if)#ip access-group 105 out
ExampleHTTP, Telnet, Simple Mail Transfer Protocol (SMTP), POP3, and FTP traffic are permitted, and the rest of the traffic sourced from Network B destined to Network A is denied.
Permit TCP traffic with destination port values matching WWW (port 80), Telnet (port 23), SMTP (port 25), POP3 (port 110), FTP (port 21), or FTP data (port 20).
rtr(config)#access-list 102 permit tcp any any eq wwwrtr(config)#access-list 102 permit tcp any any eq telnetrtr(config)#access-list 102 permit tcp any any eq smtprtr(config)#access-list 102 permit tcp any any pop3rtr(config)#access-list 102 permit tcp any any eq 21rtr(config)#access-list 102 permit tcp any any eq 20rtr(config)#interface ethernet0rtr(config-if)#ip access-group 102 in
Notice an implicit deny all clause at the end of an ACL denies all other traffic, which does not match the permit clauses.
Allow Access to a Range of Contiguous IP Addresses
Allow all hosts in Network B with the network address 192.168.10.0/24 to access network 192.168.200.0/24 in Network A.
#access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.200.0 0.0.0.255 (source) (destination)
#interface ethernet0#ip access-group 101 in
This allows packets with a source address in the network 192.168.10.0/24 and a destination in the network 192.168.200.0/24 access to Network A. There is the implicit deny all clause at the end of the ACL which denies all other traffic through E0 inbound on R1.
Viewing ACLs
Router(config)#show access-lists (shows all access lists)Router(config)#show access-list 101 (shows access list 101)Router(config)#show ip interface (shows the access lists on the interface)
Removal of ACLs
Router(config)#no access-list 1
Named Access Lists
Note we type ip access-list, not access-list. This allows us to enter a named access list.
Configure an extended access list name it secure_LAN to allow pings from loopback 0 Router B to loopback 0 Router A and also an access list to allow anyone to telnet into loopback 1 on Router A only.
RouterA>enableRouterA#config tRouterA(config)#ip access-list extended secure_LANRouterA(config-ext-nacl)#permit icmp host 172.30.1.1 host 172.16.1.1
(source) (destination)RouterA(config-ext-nacl)#permit tcp any host 172.20.1.1 eq telnetRouterA(config-ext-nacl)#exit source destinationRouterA(config)#int s0RouterA(config-if)#ip access-group secure_LAN inRouterA(config-if)#exitRouterA(config)#exitConfirm with the show ip access-lists command
RouterA#show ip access-listsExtended ip access list secure_LAN Permit icmp host 172.30.1.1 host 172.16.1.1 Permit tcp any host 172.20.1.1 eq telnet
Static NAT
Define Inside Local and Inside Global Addresses
Router(config)#ip nat inside source static 10.0.0.3 179.2.2.80 Inside local outside global
Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config)#interface serial0 Router(config-if)#ip nat outside
inside local outside global(config)#ip nat inside source static 10.1.1.2 192.168.1.2(config)#int E0(config-if)#ip nat inside(config-if)#exit(config)#int S0(config)#ip nat outside
Dynamic NAT
A router needs to be configured with NAT and it has 15 public addresses, 179.9.8.80 through 179.9.8.95 call this pool_1. On the inside network hosts use the private addresses of 10.1.0.0/16. What is the NAT configuration on the router?
(config)#access-list 1 permit 10.1.0.0 0.0.255.255(config)#ip nat pool POOL_1 179.9.8.80 179.9.8.95 netmask 255.255.255.0
public address pool(config)#ip nat inside source list 1 pool POOL_1(config)#int E0(config-if)#ip nat inside(config)#exit
(config)int S0(config-if)#ip nat outside
Another Example
Router(config)#access-list 1 permit 10.0.0.0 0.0.0.255Router(config)#ip nat pool cisco 179.2.2.65 179.2.2.90 netmask 255.255.255.224 Router(config)#ip nat inside source list 1 pool cisco Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config)#interface serial0 Router(config-if)#ip nat outside
Global outside addresses 25, therefore block size 32, netmask 256 – 32 = 224
Configure PAT
A border router needs to be configured with NAT and will allow 6 public addresses, 198.18.131.65 through 70. On the inside network there are 63 hosts that use the private addresses of 192.168.10.129 through 190. What is the NAT configuration on the border router?
Answer
#ip nat pool Todd 198.18.131.65 198.18.131.70 netmask 255.255.255.248 #access-list 1 permit 192.168.10.128 0.0.0.63#ip nat inside source list 1 pool Todd overload
ip nat pool Todd 198.18.131.65 198.18.131.70 netmask 255.255.255.248 Sets the pool name as Todd and creates the dynamic pool of public addresses for the NAT to use from 198.18.131.65 to 70
For the inside global pool 5 addresses are required block size = 2, 4, 8. Block size must be 8, 256 - 8 = 248, Giving us a netmask of 255.255.255.248
Inside local 63 hosts required block size 64 therefore wildcard mask is 0.0.0.63 For the subnet the start of local address pool is 192.168.10.129This lies in the 192.168.10.128 subnet
ip nat inside source list 1 pool Todd overloadThis sets dynamic pool to use Port Address Translation (PAT) by using the overload cmd
Remember to add the ip nat inside and ip nat outside statements on the interfaces.
Lab_A(config)#int s0/0Lab_A(config-if)#ip nat outsideLab_A(config-if)#ip f0/0Lab_A(config-if)#ip nat inside
Question Simulation 1
Configure a router to provide Internet access. The ISP has provided you with six public IP addresses of 198.18.158.97, 198.18.158.98, 198.18.158.99, 198.18.158.100, 198.18.158.101, and 198.18.158.102. ABC.com has 62 hosts that need access to the Internet simultaneously. The hosts in the ABC.com LAN have been assigned private space addresses in the range of 192.168.98.65 - 192.168.98.126. The following have already been configured on the router
1. The basic router configuration 2. The appropriate interfaces have been configured for NAT inside an NAT outside. 3. The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required)
4. All passwords have been temporarily set to "Cisco" The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access to the hosts in the ABC1 LAN. Functionality can be tested by clicking on the host provided for testing.
Configuration informationRouter name: ABC1 inside global addresses: 198.18.158.97 198.18.158.102/29inside local addresses: 192.168.98.65 - 192.168.98.126/26 Number of inside hosts: 62
password Cisco
Answer
ABC1(config)#ip nat inside source list 1 pool nat-pool overload ABC1(config)#access-list 1 permit 192.168.98.64 0.0.0.63 ABC1(config)#ip nat pool nat-pool 198.18.158.97 198.18.158.102 netmask 255.255.255.248 ABC1(config)#int Fa0/0 ABC1(config-if)#ip nat inside ABC1(config-if)#exit ABC1(config)#int s0 ABC1(config-if)#ip nat outside ABC1(config-if)#end ABC1#copy run start
Previously the ip nat pool nat-pool was configured with /26 which is 255.255.255.192 which is incorrect because we are configuring inside global and it's /29 which is 255.255.255.248.
Explanation Public ip addresses 198.18.158.97 – 1025 addresses, block size 8, 256 – 8 = 248, netmask 255.255.255.248
Local inside addresses 192.168.98.65 – 126, 62 hosts = block size 8, 16, 32, 64, block size = 64 Start of local pool 192.168.98.65 lies in the 64 subnet = 192.168.98.64So subnet and inverse mask 192.168.98.64 0.0.0.63
Question NAT SIM 2A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 - 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30
Weaver>enableWeaver#configure terminalRouter(config)#hostname weaverWeaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15Weaver(config)#ip nat pool isp_adr 198.18.184.105 198.18.184.110 netmask 255.255.255.248Weaver(config)#ip nat inside source list 10 pool isp_adr overload
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Number inside hosts = 14, block size = 16, wildcard = 0.0.0.15Start of local pool 192.168.100.17 lies in the 192.168.100.16 subnet
198.18.184.105 – 110, 5 addresses block size 8, 256 – 8 = 248, netmask = 255.255.255.248
Weaver(config)#ip nat inside source list 10 pool isp_adr overload
overload keyword is compulsory because the internal LAN address space is more then the ISP provided public address range 6 public address for 14 private lan hosts which all need to access the internet at the same time.
--------------------verify configuration--------------------
#clear ip nat translation *#clear ip nat translation inside glob ip local ip [outside glob ip local ip]
#show ip nat translations#show ip nat statistics
Passwords
enable password (used to secure privileged mode)enable secret – the newer encrypted password that overrides the enable password
Router#config tRouter(config)#enable secret toddRouter(config)#enable password todd
Auxiliary Password
Router#config t Router(config)#line aux 0Router(config-line)#loginRouter(config-line)#password todd
Console Password
Router#config t Router(config)#line console 0Router(config-line)#loginRouter(config-line)#password todd1
VTY - Virtual Terminal, Telnet Password
Router(config)#line vty 0 4Router(config-line)#loginRouter(config-line)#password todd2
In effect the only line that changes is the line config
To manually encrypt your passwords use the service password-encryption cmd
Router#config tRouter(config)#service password-encryptionRouter(config)#^Z
Router(config)#banner motd #Enter text message. End with the character ‘#’You have entered a secure system,authorized access ONLY! #Router(config)#^Z
Control A = start of lineControl E = end of lineControl F = right (forwardControl B = left (back)Control P = repeat last= previous commandControl N = repeat most recent commandEsc B = back 1 wordEsc F = Fwd 1 word
Password Resetting
Flash memory is also called NVRAM
If the boot field is 0x0, Router boots to ROM Monitor Mode (ROMMON).If the boot field is 0x1, the Router boots from IOS in ROM If the boot field is 0x2 through 0xF, Router will first look in FLASH (NVRAM) for an IOS.
If the configuration register is set to
0x2142 bypasses the configuration in NVRAM.0x2102, The default value for the configuration register the router boots normally.0x1000, the boot field value is zero, so it will boot to ROMMON.0x0107, the boot field is 7 so the router will still boot normally.0x2101, the router will boot from ROM into RXBOOT mode on the next reboot.0x2105, 5 = boot field anything between 0x2 to 0xF will look for startup-configuration in the NVRAM.
Boots normally.
Router#show interface s0/0Serial0/0 is up, line protocol is down
Datalink problem. Clocking (keepalive) or framing problem. Check the keepalives and encapsulation matches on both ends and the clock rate is set if needed.
Router#sh int s0/0Serial0/0 is down, line protocol is down
Physical layer problem. If both are down it’s a cable or interface problem.
QuestionYou as the administrator issue the shutdown command on Serial 1. You later view this interface using the show interface Serial 1 command. How will this interface be displayed? A. Serial 1 is up, line protocol is up. B. Serial 1 is up, line protocol is down. C. Serial 1 is down, line protocol is down. D. Serial 1 is administratively down, the line protocol is down. Answer D
ExplanationThe shutdown command administratively disables an interface. The result is the interface will be down as will the line protocol.
CDP
To see if cdp is running
R3#show cdp interfaceEthernet0 is up line protocol is upEncapsulation ARPASending CDP packets every 60sHoldtime is 180s
To disable cdp on an interface To enable cdp on an interfaceuse no cdp enable cmd use cdp enable cmd
R3#config t R3#config t
R3(config)#int s0 R3(config)#int s0R3(config-if)#no cdp enable R3(config-if)#cdp enableR3(config-if)#^Z R3(config-if)#^Z
To disable CDP on the entire router use the no cdp run in global configuration mode.
When issuing a show cdp entry command, the following information is provided. 1. Neighbor device ID 2. Layer 3 protocol information (ie IP address) 3. Local interface and Port identifiers of the neighbors remote ports4. The hold time in seconds 5. Devices capabilities 6. Device Platform7. IOS type and version.
Gathering Neighbour Information
Todd2509#show cdp neighborCapability codes: R – router, T – Trans Bridge, B – Source Route Bridge, S – switch, H - Host – IGMP, r- repeater
Device ID Local Intrfce Holdtime Capability Platform Port ID1900Switch Eth0 238 T S 1900 225000B Ser0 138 R 2500 Ser0
So the output shows directly connected to the 2509 router are a switch with a hostname of 1900Switch and a 2500B router.
#show cdp neighbors displays information about directly connected devices
1. Neighbor Device ID: The hostname of the neighbor device2. Local Interface: The interface on which the cdp packet from the neighbor is heard3. Capability: Capability of this neighboring device - R for router, S for switch, H for Host etc.4. Platform: The neighbor device type (ie. 2500 router)5. Port ID: The interface of the remote neighbor sending CDP information6. Holdtime: Decremental hold time in seconds
But there's one vital piece of info missing - the neighbor's IP address.You'll need to run show cdp neighbor detail to get that.
IP Addresses
Example 255.255.255.192/26Subnetting 192.168.10.0 network address with 255.255.255.192 subnet mask
How many subnets? /26 compared to /24 = 2 extra bits borrowed for the network address, 2^2 = 4 How many hosts per subnet? = 6 bits left for the host address 2^6 – 2 = 62 hostsWhat are the valid subnets? 256 – subnet mask = block size256 – 192 = 64, so subnets are 0 64 128 192 What’s the broadcast address for each subnet 63 127 191 255What are the valid hosts? 1-62 65-126 129-190 193-254
QuestionYou work as a network technician. You have subnetted the 201.105.13.0 network with a /26 mask. Your boss asks you how many usable subnetworks and usable host addresses per subnet this will provide. What should you tell her?
A. 64 networks and 4 hostsB. 4 networks and 64 hostsC. 2 networks and 62 hostsD. 62 networks and 2 hosts
Answer C
/26, therefore 2 bits borrowed for networkSubnets= 2^2 - 2 = 4 - 2 = 2 2 bits for network portion therefore 6 bits left for number of hosts 2^6 - 2 = 64 – 2 = 62
Summarization
QuestionIn the network shown below, what is the most efficient summarization that R1 can use to advertise its networks to R2?
A. 172.1.0.0/22
B. 172.1.0.0/21
C. 172.1.4.0/22
D. 172.1.4.0/25 172.1.4.128/25 172.1.5.0/24 172.1.6.0/24
172.1.7.0/24
E. 172.1.4.0/21
Answer C
172.1.4.0/22
Explanation: In large internetworks, hundreds, or even thousands, of network addresses can exist. It is often problematic for routers to maintain this volume of routes in their routing tables. Route summarization (also called route aggregation or supernetting) can reduce the number of routes that a router must maintain, because it is a method of representing a series of network numbers in a single summary address.
172.1.4.0 172.1 : 00000100.0172.1.4.128 : 00000100.128172.1.5.0 : 00000101.0172.1.6.0 : 00000110.0172.1.7.0 : 00000111.0
172.1 is the same for all networks 3rd octet changes therefore reduce to binary to find the remaining common bits, which is the first 6 bits so /16 + /6 = /22
Quick Notes WAN
HDLC is the default encapsulation used by cisco routers over serial links No Authentication can be used with HDLC!
CorporateRouter>enableRouter#config tRouter(config)#hostname CorpCorp(config)#interface serial 0Corp(config-if)#ip address 10.1.1.1 255.255.255.0Corp(config-if)#no shutdownCorp(config-if)#exitCorp(config)#exitCorp#
Here the default HDLC is used as Corp router is cisco no configuration necessary
A show interface serial 0, shows HDLC running.
Router#show int s0Serial0/0 is up, line protocol is upMTU 1500 bytes, BW 1544 KbitEncapsulation HDLC, loopback not set
PPP
If we have a Cisco router and a non-Cisco router connected we must configure PPP HDLC won’t work. Authentication can be used with PPP
Left#config t Left(config)#username Right password cisco Left(config)#int s0 Left(config-if)#encapsulation ppp Left(config-if)#ppp authentication chap Left(config-if)#ppp authentication pap Left(config-if)#^Z
Passwords must match on each router
Frame Relay
Dynamic address mapping using Inverse ARP Single Interface
CorporateRouter>enableRouter#config tRouter(config)#hostname CorpCorp(config)#interface serial 0Corp(config-if)#encapsulation frame-relayCorp(config-if)#frame-relay lmi-type ciscoCorp(config-if)#ip address 10.1.1.1 255.255.255.0Corp(config-if)#frame-relay interface-dlci 100Corp(config-if)#no shutdownCorp(config-if)#exitCorp(config)#exitCorp#
No encapsulation method was specifically configured, the default is Cisco, which means that a Cisco router is on both sides of the link.
If you have a Cisco router on one side of the link and a Nortel or other on the other side of the link, then the configuration would be.
CorporateRouter>enableRouter#config tRouter(config)#hostname CorpCorp(config)#interface serial 0Corp(config-if)#encapsulation frame-relay ietfCorp(config-if)#frame-relay lmi-type (ansi or Q.933A)Corp(config-if)#ip address 10.1.1.1 255.255.255.0Corp(config-if)#frame-relay interface-dlci 100Corp(config-if)#no shutdownCorp(config-if)#exitCorp(config)#exit
The frame-relay interface-dlci command performs dynamic address mapping using Inverse ARP to map the next-hop address to the local DLCI on the router.
Static Mapping
#config tRouter(config)#interface serial 0/0Router(config)#no fame-relay inverse-arpRouter(config-if)#encapsulation frame-relayRouter(config-if)#ip address 192.168.0.5 255.255.255.0Router(config-if)#frame-relay map ip 192.168.0.6 100 broadcastRouter(config-if)#no shutdownRouter(config-if)exit
frame-relay map ip can be configured multiple times to associate more than one DLCI to an interface.If the Cisco encapsulation (default) is configured on a serial interface then by default that applies to all VCs on that serial interface unless configured otherwise to use IETF (non Cisco) encapsulation.
Router(config-if)#frame-relay map ip 192.168.1.1 103 broadcastRouter(config-if)#frame-relay map ip 172.16.1.1 102 broadcast ietf
Router#show frame-relay map
Serial0 (up): ip 192.168.1.1 dlci 103(0x7A,0x1CA0), static, broadcast,CISCO, status defined, activeSerial0 (up): ip 172.16.1.1 dlci 102(0x7A,0x1CA0), static, broadcast,IETF, status defined, active
Congestion Control
Forward Explicit Congestion Notification (FECN) bit is set to zero by default, and will be set to 1 if congestion was experienced by the frame in the direction in which the frame was travelling.
Backward Explicit Congestion Notification (BECN) will be set to 1 by a DCE in frames that are being sent back to the source. If network congestion exists in the opposite direction in which the frame was travelling,
show frame pvc Displays the FECN, BECN, and DE values.
R1#show frame pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)
Active Inactive Deleted Static Local 2 0 0 0 Switched 0 0 0 0 Unused 0 0 0 0
DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0
input pkts 30 output pkts 0 in bytes 2280 out bytes 0 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 pvc create time 00:07:45, last time pvc status changed 00:06:55
Subinterfaces
Point-to-Point
CentralRouter>enableRouter#config tRouter(config)#hostname Central
Central(config)#interface serial 0Central(config-if)#encapsulation frame-relayCentral(config-if)#frame-relay lmi-type ciscoCentral(config-if)#no shutdownCentral(config-if)#no ip address
Central(config-if)#interface serial 0/0.1 point-to-pointCentral(config-subif)#ip address 10.20.1.1 255.255.255.0Central(config-subif)#frame-relay interface-dlci 51
Central(config-if)#interface serial 0/0.2 point-to-pointCentral(config-subif)#ip address 10.20.2.1 255.255.255.0Central(config-subif)#frame-relay interface-dlci 52
Central(config-if)#interface serial 0/0.3 point-to-pointCentral(config-subif)#ip address 10.20.3.1 255.255.255.0Central(config-subif)#frame-relay interface-dlci 53Central(config-if)#exitCentral(config)#exit
The no ip address cmd is configured under the major interface.Each point-to-point subinterface must be on a separate subnet.
Multipoint
Router(config)#interface serial 1 Router(config-if)#no ip addressRouter(config-if)#encapsulation frame-relayRouter(config-if)#exitRouter(config)#interface serial 1.2 multipointRouter(config-subif)#ip address 172.16.1.1 255.255.0.0Router(config-subif)#frame-relay interface-dlci 100 b dynamicRouter(config-subif)#frame-relay map ip 172.16.1.2 200 bRouter(config-subif)#frame-relay map ip 172.16.1.3 300 b static Router(config-subif)#frame-relay map ip 172.16.1.4 400 bRouter(config-subif)#exit
The multipoint subinterface shares its subnet with each mapping static or dynamic. The no ip address cmd is configured under the major interface.
Multipoint and point-to-point subinterfaces can coexist
RouterA(config)#interface serial 0/0RouterA(config-if)#no ip address (optional)(removes ip address only required if the interface already had an ip address)RouterA(config-if)#encapsulation frame-relay ietfRouterA(config-if)#frame-relay lmi-type ansiRouterA(config-if)#interface s0/0.2 point-to-pointRouterA(config-subif)#ip address 2.1.1.1 255.255.255.0RouterA(config-subif)#frame-relay interface-dlci 20 broadcast
RouterA(config)#interface serial 0/0RouterA(config-if)#encapsulation frame-relayRouterA(config-if)#frame-relay lmi-type ciscoRouterA(config-if)#int s0/0.1 multipointRouterA(config-subif)#ip address 1.1.1.1 255.255.0.0RouterA(config-subif)#frame-relay map ip 1.1.1.2 18 broadcastRouterA(config-subif)#frame-relay map ip 1.1.1.3 19 broadcast
RouterA(config-subif)#frame-relay interface-dlci 18 broadcast
The show frame map command displays the current Network layer-to-DLCI mappings and info about the connection
Use the show frame-relay pvc [dlci] command to display the status of each configured This command lists all PVCs, and what DLCI numbers their using also frames sent, received, dropped, marked discard eligible, or with their Forward Explicit Congestion Notification (FECN) or Backward-Explicit Congestion Notification (BECN) bit set.
Troubleshooting Frame Relay
There are a few commands used to check the status of your interfaces and permanent virtual circuits (PVC’s)
show frame-relay lmi Local Management Interface (LMI) traffic stats exchanged between the local router and the Frame Relay Switch.
show frame-pvc command lists all configured PVCs and Data Link Connection Identifier (DLCI) numbers.
show interface ….. displays statistics for all interfaces configured on the switch shows LMI traffic, encapsulation as well as Layer-2 and Layer3 information.
show frame map shows network layer-to-DLCI mappings
ISDN
ISDN BRI is made up of two B channels of 64k each and one D channel of 16k also referred to as 2 B + D Total bandwidth for ISDN BRI, is then 144k (64+64+16=144)D channels work with LAPD at the Data Link Layer for reliable connections.
ISDN BRI routers come with either a U interface or an S/T interface
QuestionWhat Channel is provided by ISDN BRI? A. 2B+1D B. 30B+1D C. 23B+1D D. 2D+1B
Answer A
Terminal Adapter (TA) enables ISDN for non-ISDN devices TE2 devices ie (PC’s, analogue phone/modem)
Terminal Equipment 1 (TE1) supports ISDN (routers with ISDN interfaces, ISDN telephones, PC’s).
Terminal Equipment 2 (TE2) A non-ISDN device, (serial interface on a router PC, analogue phone/modem) they require a TA to connect to ISDN
Network Termination 1 (NT1) Attaches to ISDN BRI lines terminates the connection from the Central Office (CO) converts BRI signals for ISDN line.
Network Termination 2 (NT2) Used with PRI
VLAN
ISL is a Cisco proprietary VLAN tagging method, 802.1q is an open VLAN tagging standard.Configuring Trunk Links on a Switch
Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk encapsulation [dot1q / isl]
Configuring VLAN encapsulation on a Router Router(config-if)#encapsulation dot1q vlan-number
dot1q Example
It is recommended that the sub-interface value is the same as the VLAN.
switchportYou only use the switchport command on switches—not routers.
You can configure an interface to be an access linkSwitch(config-if)#switchport mode access
Or put a port in a certain VLANSwitch(config-if)#switchport access vlan 101
To change trunking protocolSwitch(config-if)#switchport trunk encapsulation isl
Creating VLAN’s
S1#config tS1(config)#vlan 2S1(config-vlan)#name SalesS1(config-vlan)#vlan 3S1(config-vlan)#name MarketingS1(config-vlan)#vlan 4S1(config-vlan)#name accountingS1(config-vlan)#^Z
After you have created VLANs verify them with a show vlan command
show vlan
S1#show vlan
Trunk ports don’t show up in the VLAN database. You have to use the show interface trunk command to see trunked ports.
S3750-1#show interface trunk
Port Mode Encapsulation Status Native vlan Fa1/0/13 desirable n-isl trunking 1 Fa1/0/14 desirable n-isl trunking 1
Removing VLANs from a Trunk
We can remove VLANs from the allowed list to prevent traffic from certain VLANs from traversing a trunked link
S1#config tS1(config)#int f0/1S1(config-if)#switchport trunk allowed vlan remove 4
To remove a range of VLANs S1(config-if)#switchport trunk allowed vlan remove 4-8
Assigning Switch Ports to VLANs on a Switch
S1(config-if)#switchport mode accessS1(config-if)#switchport access vlan 3
S1#config tEnter configuration commands one per line. End with CNTRL/ZS1(config)#vlan 5 S1(config-vlan)#name marketingS1(config-vlan)#exitS1(config)#vlan 10S1(config-vlan)#name humanresourcesS1(config-vlan)#exit
S1(config)#interface FastEthernet 0/2S1(config-if)#switchport mode accessS1(config-if)#switchport access vlan 5S1(config-if)#exitS1(config)#interface fastEternet 0/3S1(config-if)#switchport mode accessS1(config-if)#switchport access vlan 5S1(config-if)#exitS1(config)#interface fastEternet 0/4S1(config-if)#switchport mode accessS1(config-if)#switchport access vlan 10S1(config-if)#exitS1(config)#interface fastEternet 0/5S1(config-if)#switchport mode accessS1(config-if)#switchport access vlan 10S1(config-if)#exitS1(config)#
At this point, ports 2 and 3 can communicate with each other and ports 4 & 5 can communicate. This is because the ports are in their own VLAN. For the device on port 2 to communicate with the device on port 4, you would have to configure a trunk port to a router so that it can strip off the VLAN information, route the packet, and add back the VLAN information.
Assigning a range of access ports to VLAN
QuestionYou have hired a new salesperson. All sales associates are placed in VLAN5. You are adding a port on your Catalyst 2950 switch to VLAN 5. Which commands accomplish this goal?
A. sw1(config-if)#switchport access vlan 5B. sw1(config)#vlan-membership port vlan 5C. sw1(config-if)#vlan-membership static 5D. sw1(config) #port membership vlan 5 Answer A
You go to the particular interface/port you want to assign to VLAN 5 and enter the command switchport access vlan (vlan#).
QuestionWhat command will configure an interface on a Catalyst 2900 series switch to carry traffic from all VLANs to another directly connected switch? (Choose two)
A. Switch(config-if)# vlan all
B. Switch(config-if)# switchport access vlan 30C. Switch(config-if)# switchport access vlan allD. Switch(config-if)# switchport mode trunkE. Switch(config-if)# switchport trunk encapsulation dot1q
Answer C, E
Switch(config-if)# switchport access vlan allSwitch(config-if)# switchport trunk encapsulation dot1q
Switches have 3 VTP modes
Server – add, modify, delete VLANs in the domain
Client – process VLAN changes and forward VTP messages VLANs cannot be created, deleted and edited on clients
Transparent – forward VTP messages onlyVTP transparent switches do not participate in the VTP domain.
VLANs can be created, deleted and edited, but are local to the switch only they keep their own database and are not advertised to the other switches in the VTP domain
When a switch is configured as a VTP server, you must define a VTP domain before you can create VLANs.
Configuring the Domain
1900(config)#vtp mode server1900(config)#vtp domain Cisco21900(config)#vtp password cantona
VTP can be configured in global or VLAN configuration mode.
Question
Host A in the graphic is connected to a switch port assigned to VLAN 1. Which two settings on host A are required to allow connectivity with Host B on VLAN 2? (Choose two)
A. IP address: 192.1.1.66 255.255.255.240 B. IP address: 192.1.1.130 255.255.255.192 C. IP address: 192.1.1.142 255.255.255.240 D. Default gateway: 192.1.1.129E. Default gateway: 192.1.1.65 F. Default gateway: 192.1.1.1
Answer C, D
ExplanationSub-interface Fast Ethernet 0/0.2 was created for VLAN 1via the "encapsulation dot1q 1" command.
C is correct asHost A resides in VLAN 1 it must be configured with an IP address in the 192.1.1.128/28 subnet VLAN 1 192.1.1.129 255.255.255.240 host range?256 – 240 = 16 Block Size0,16, 32, 48, 64, 80, 96, 112, 128, 144
129 is in the 128 subnet, valid hosts 129 - 142
D is correct asHost A must be configured with the IP address of the default gateway, which is the IP address assigned to the sub-interface of the router.
QuestionWhich of the following are valid configuration values for the hosts shown in the graphic? (choose three)
A. host A IP address: 192.1.1.65
B. host A subnet mask: 255.255.255.224
C. host B IP address: 192.1.1.125
D. host B default gateway: 192.1.1.65
E. host C IP address: 192.1.1.166
F. host C subnet mask: 255.255.255.224
Answer C, D, F
ExplanationVLAN1 192.1.1.65 255.255.255.192 hosts?256 – 192 = 64 Block Size0, 64, 128, 19265 lies in the 64 subnetHost range 65 -126
VLAN10 192.1.1.129 255.255.255.224256 – 224 = 32
0, 32, 64, 96, 128, 160129 lies in the 128 subnetHost range 129 -58
Routing
Route AD Connected 0Static 1EIGRP 90IGRP 100OSPF 110RIP 120EnhancedEIGRP 170Unknown 255
Link-state routing uses
Link-state advertisements (LSAs) – A link-state advertisement (LSA) is a small packet of routing information that is sent between routers.
Topological database – A topological database is a collection of information gathered from LSAs.
SPF algorithm – The shortest path first (SPF) algorithm is a calculation performed on the database resulting in the SPF tree.
Routing tables – A list of the known paths and interfaces.
Distance vector protocols send the entire routing table to directly connected neighbors. Link state protocols only send updates containing the state of their own links to all other routers on the network
A passive interface on a routerAllows a router to receive routing updates on an interface but not send updates via that interface.
QuestionWhich of these statements is true regarding distance-vector routing protocols?
A. They send the entire routing table to directly connected neighbors.B. They send the entire routing table to every router in the network.C. They send the changes to the routing table to directly connected neighbors.D. They send the changes to the routing table to every router in the network.
Answer A
Distance-vector routing protocols send the entire routing table to directly connected neighbors. B is incorrect, as the routers send the tables only to their directly connected neighbors. If a router learns of another route from its neighbor, it then passes that information on to another neighbor.
Static Routing
ExampleSay that you have two locations, connected by a WAN T1 circuit. On the LAN side of each of these locations, you have a small Ethernet network.
The only way for the devices on Ethernet LAN 10.10.1.0 to communicate with devices on network 10.10.2.0, is to use routing. With such a simple network, static routing is a perfect solution. You can enter one route on each router and be done with the configuration.
The static routes for this network,
San Diego#conf t San Diego(config)#ip route 10.10.2.0 255.255.255.0 20.1.1.2
Destination mask next hop
Chicago#conf t Chicago(config)#ip route 10.10.1.0 255.255.255.0 20.1.1.1
The syntax is: ip route <destination> <netmask> <next hop> <admin distance> or<exit interface>
The next-hop address router(config)#ip route 172.16.20.0 255.255.255.0 172.16.10.2
The exit interface router(config)#ip route 172.16.20.0 255.255.255.0 s0/0
ExampleRouterB is connected to the networks 192.168.20.0, 192.168.30.0 and 192.168.40.0We must configure the following static routes on RouterB192.168.10.0192.168.50.0
RouterB(config)#ip route 192.168.10.0 255.255.255.0 192.168.20.1RouterB(config)#ip route 192.168.50.0 255.255.255.0 192.168.40.2
Now looking at the routing table you can see RouterB understands how to find each network.RouterB#show ip routeCodes: C - connected, etc…
S 192.168.50.0 [1/0] via 192.168.40.2C 192.168.40.0 is directly connected, Serial 0/1C 192.168.30.0 is directly connected, FastEthernet0/0C 192.168.20.0 is directly connected, Serial 0/0S 192.168.10.0 [1/0] via 192.168.20.1RouterB#
Default Route
A default route serves as a gateway of last resort. If there are no matches for a destination in the routing table, the default route will be used.
R1(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2 (next-hop IP address) R1(config)#ip route 0.0.0.0 0.0.0.0 serial0 (local exit interface)
The syntax is: ip route 0.0.0.0 0.0.0.0 <next hop> <admin distance> <or exit interface>
To turn off default routing add no in frontR1(config)#no ip route 0.0.0.0 0.0.0.0 200.1.1.2
QuestionYou are configuring router Lon, and want to configure a gateway of last resort to router Man.Router Lon will be sending this traffic out its interface serial0, which has an ip address of 172.1.1.1 Router Man will be receiving this traffic on its interface serial1, and this interface has an ip address of 189.12.12.12 Which of the following statements will successfully configure a gateway of last resort?
A. ip route 0.0.0.0 0.0.0.0 189.12.12.12B. ip route 0.0.0.0 0.0.0.0 serial1C. ip route 0.0.0.0 0.0.0.0 serial0
D. ip route 255.255.255.255 255.255.255.255 172.1.1.1E. ip route 255.255.255.255 255.255.255.255 serial1F. ip route 255.255.255.255 255.255.255.255 189.12.12.12G. ip route 255.255.255.255 255.255.255.255 serial0H. ip route 0.0.0.0 0.0.0.0 172.1.1.1
Answer A, C
ExplanationThese are the only two routes that will work A. ip route 0.0.0.0 0.0.0.0 189.12.12.12 (next hop ip)C. ip route 0.0.0.0 0.0.0.0 serial0 (exit interface)
RIP
RouterA(config)#router ripRouterA(config-router)#network 192.168.10.0RouterA(config-router)#network 192.168.20.0RouterA(config-router)# ^Z
RIPv1 all devices in the network must use the same subnet mask. Classful routing.RIPv2 sends subnet mask info with the route updates. This is Classless routing.
To disable RIP RouterA(config)#no router rip
To view route information do a show ip route from privileged mode or a do show ip route from configuration mode
RouterA#show ip routeCodes: C – connected etc…
R 192.168.50.0 [120/2] via 192.168.20.2 00:00:23 serial0/0R 192.168.40.0 [120/1] via 192.168.20.2 00:00:23 serial0/0R 192.168.30.0 [120/1] via 192.168.20.2 00:00:23 serial0/0C 192.168.20.0 is directly connected, serial0/0C 192.168.10.0 is directly connected, FastEthernet0/0RouterA#
RIP Example
Configure Router A, use the network ID of 192.168.164.0/28. The s0/0 interface of Router A will use the last available IP address in the 8th subnet and fa0/0 will use the last available IP address in the 2nd subnet. Do not consider the zero subnet valid.
Answer
/28 = 255.255.255.240 mask256 – 240 = 16 block size in the 4th octet Since we have a block size of 16 our subnets are: (not starting at subnet zero) 16, 32, 48, 64, 80, 96,112,128,144 etc… The 8th subnet for the s0/0 interface is subnet 128 Valid host range is 129 – 142, 143 is the broadcast addressThe 2nd subnet fa0/0 = subnet 32Valid hosts 33 – 46, 47 as broadcast
Configuration on Router A will be
RouterA(config)#interface s0/0 RouterA(config-if)#ip address 192.168.164.142 255.255.255.240RouterA(config-if)#no shutdownRouterA(config-if)#interface fa0/0 RouterA(config-if)#ip address 192.168.164.46 255.255.255.240RouterA(config-if)#no shutdownRouterA(config-if)#router ripRouterA(config-router)#network 192.168.164.0RouterA(config-router)#^ZRouterA#
To prevent RIP updates from propagating across your LAN/WAN
RouterA#config tRouterA(config)#router ripRouterA(config-router)#network 192.168.10.0 RouterA(config-router)#passive-interface serial 0/0
This command stops RIP updates from being propagated out serial interface 0/0, but serial interface 0/0 can still receive RIP updates.
Question
If the passive interface command is enabled on the fa0/0 interface of Router E, which statements are true? (Choose two.) A. Router E will send all routing updates via interface fa0/0. B. Router E will ignore all routing updates learned via interface fa0/0. C. Router E will use routing updates learned via interface fa0/0. D. Router E will not send routing updates via interface fa0/0.
Answer C, D
Router E will use routing updates learned via interface fa0/0. Router E will not send routing updates via interface fa0/0.
RIPv2 is a classless routing protocol (even though it is configured as classful, like RIPv1 it sends subnet mask information along with the route updates)
RouterC(config)#router ripRouterC(config-router)#version 2RouterC(config-router)#network 192.168.40.0RouterC(config-router)#network 192.168.50.0
RIP version 2 default behavior is to autosummarize routes advertised across classful boundaries. To disable this behavior, run the no auto-summary command under the RIP process.
R1#conf tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#router ripR1(config-router)#version 2R1(config-router)#no auto-summaryR1(config-router)#network 172.10.0.0
If you want to see only a certain protocol route from the entire routing table, run theshow ip route followed by the protocol or route type (static, for example).
R1#show ip route ripR 2.0.0.0/8 [120/1] via 172.16.123.2, 00:00:26, Serial0R 3.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1[120/1] via 172.16.123.3, 00:00:09, Serial0R 10.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
The hold down timer for RIP is 180 sec. The flush timer for RIP is 240 sec.
It broadcasts it entire routing table every 30 seconds by default and it can be load balanced as many as six equal cost paths (4 paths are the default).
QuestionYou are configuring the Ike router on the network shown in the figure below. You would like to use the RIP routing protocol to propagate all the networks to the three routers shown. What configuration would you apply to Ike to have it participate in this objective?
A. Ike(config)#router rip Ike(config-router)#network 172.16.0.0 Ike(config-router)#network 192.168.45.0
B. Ike(config)#router rip Ike(config-router)#network 172.16.30.0 Ike(config-router)#network 192.168.35.0 Ike(config-router)#network 192.168.45.0 Ike(config-router)#network 192.168.55.0
C. Ike(config)#router rip Ike(config-router)#network 172.16.0.0 Ike(config-router)#network 192.168.35.0 Ike(config-router)#network 192.168.45.0 Ike(config-router)#network 192.168.55.0
D. Ike(config)#router rip Ike(config-router)#network 172.16.0.0 Ike(config-router)#network 192.168.0.0
Answer A
RIP is considered a classful protocol. From a configuration standpoint, this means that networks must be entered into the configuration using their default classes (Class A, B, or C). Because 172.16.0.0 is a class B network, it must be entered as if it had a class B subnet mask rather than the subnet mask shown in the figure. In addition, you enter directly connected interfaces only into a routing process
EIGRP
EIGRP is a classless, enhanced distance vector Cisco proprietary protocol. It includes the subnet mask in its route updates
It doesn’t send link state updates like OSPF but sends distance vector updates with info about networks and the cost of reaching them. But like link state it synchronises routing tables between neighbors at startup and when the topology changes
EIGRP hello messages are sent every 5 secs on Ethernet by default.EIGRP has a maximum hop count of 100, but it can be set up to 255.
Router#config tRouter(config)#router eigrp 20Router(config-router)#network 172.16.0.0 Router(config-router)#network 10.0.0.0
Note the AS number 20 which can be any number 1 to 65535
Router(config)#router eigrp 20Router(config-router)#passive-interface serial 0/1
EIGRP passive interfaces differ to RIP they will neither send nor receive updates.
EIGRP also supports the use of discontiguous subnets
Discontiguous subnets work with OSPF by default because OSPF does not auto-summarise like EIGRP.
A Discontiguous Network
Here the subnets 172.16.10.0 and 172.16.20.0 are connected together with a 10.3.1.0 network. By default each router thinks it has the only 172.16.0.0 classful network.
Configuring Discontiguous Networks
By default routers running EIGRP will automatically summarise the classful boundaries and routing will not work. Here’s how to turn auto summarisation off.
RouterA#config tRouterA(config)#router eigrp 100
RouterA(config-router)#network 172.16.0.0 RouterA(config-router)#network 10.0.0.0RouterA(config-router)#no auto-summary
RouterB#config tRouterB(config)#router eigrp 100RouterB(config-router)#network 172.16.0.0 RouterB(config-router)#network 10.0.0.0RouterB(config-router)#no auto-summary
By using the no auto-summary command EIGRP will advertise all the subnets between the two routers.
In the presence of discontiguous subnets automatic summarisation must be disabled for routing to work.
EIGRP topology table
Routes with larger metrics to the network via other routers, is the Reported Distance (RD).
A Feasible Successor is a neighbor whose Reported Distance is less than the current Feasible Distance.
The Successor for a particular route is the neighbour/peer with the lowest metric/distance to that network and is the primary route to a desination.
Feasible Distance (FD) is the route with the lowest metric to a network.
Reported Distance (FD) is the distance advertised by a neighbour
Open Shortest Path First (OSPF) open source
If not your routers are Cisco then you can’t use EIGRP so your options are RIP or OSPF. Note OSPF cant load balance across unequal cost links as EIGRP can.
OSPF supports VLSM, has no limitation of network reachability, it maintains neighbor relationships using the IP multicast address of 224.0.0.5. After initialization, OSPF only sends updates on routing table sections which have changed it does not send the entire routing table.
Router ID The Router ID (RID) is an IP address used to identify the router.
The Designated Router is elected by the Hello Protocol.
A router's Hello Packet contains its Router Priority. The router with the highest priority becomes the designated router (DR). If the priorities are the same, then the router with the highest router ID by (the highest IP address of all loopback interfaces). If no loop-back interfaces are configured, OSPF will choose the highest IP address.
Priority areas are 0 to 255, when the priority of a router is 0, the router will not participate in the election.
Only the DR will send LSAs to the rest of the network. For backup purposes also a Backup DR (BDR) is elected All routers also establish adjacencies to the BDR BDR itself also establishes adjacency to DR
R1#show ip ospf neighborNeighbor ID Pri State Dead Time Address Interface2.2.2.2 1 FULL/BDR 00:00:34 192.168.12.2 Serial1/13.3.3.3 1 FULL/BDR 00:00:36 192.168.13.3 FastEthernet0/0
Neighborship database A variety of details such as the Router ID and state are maintained on each router in the neighbourship database it is a list of all OSPF routers which have received hello packets.
Configuring Priority
A router with the highest OSPF priority will win the election for DR.
R3#config tR3(config)#interface f0/0R3(config-if)#ip ospf priority 100
Note we have to reload or shutdown the routers for election to take place and priority take effect.
We can see Priority with show ip ospf interface
R3#show ip ospf interface FastEthernet0/0 is up, line protocol is up Internet Address 171.154.45.39 Area 0Process ID 64999 Router ID 171.154.45.39 Network Type BROADCAST Cost 10 Transmit Delay is 1 sec State DR Priority 100 Designated Router (ID) 171.154.45.39, Interface address 192.168.50.1
Configure a loopback interface
Router(config)#interface loopback 0Router(config-if)#ip address 192.168.31.33 255.255.255.255Router(config-if)#exit
To remove the loopback interface
Router(config)#no interface loopback 0
01:47:27: %LINK-5-CHANGED: Interface Loopback0,Changed stateto administratively down
If you don't want to use a Loopback interface, you can still force the router ID to use a particular IP address with the router-id configuration command
Router5#configure terminal Enter configuration commands, one per line. End with CNTL/Z.Router5(config)#router ospf 87Router5(config-router)#router-id 172.25.1.7Router5(config-router)#endRouter5#
You can see what the RID for your router is with the following command:
Router5#show ip ospf Routing Process "ospf 87" with ID 172.25.1.7 Supports only single TOS(TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs Number of external LSA 5. Checksum Sum 0x28868 Number of DCbitless external LSA 0 Number of DoNotAge external LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Area BACKBONE(0) Number of interfaces in this area is 2 Area has no authentication
Configuring OSPF Areas
After the OSPF process we need to identify the interfaces and area on which you want to activate OSPF.
RouterA#config tRouterA(config)#router ospf 1RouterA(config-router)#network 10.0.0.0 0.255.255.255 area 0In multi-area OSPF networks all areas are required to connect to area 0 the backbone area.
The Process ID is in the range 1-65535The area-id is an integer between 0 and 4294967295Priority is the range 0 to 255 (not shown)
If you have more than one network statement, the order becomes important. In the following example, the last line matches all IP addresses and assigns them to Area 0. But, because this line comes last, it only picks up any addresses that are not captured by either of the lines above it. However, if we had written this line first, then all of the interfaces would wind up in Area 0.
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z.Router1(config)#router ospf 55Router1(config-router)#network 10.0.0.0 0.255.255.255 area 2Router1(config-router)#network 172.20.0.0 0.0.255.255 area 100Router1(config-router)#network 0.0.0.0 255.255.255.255 area 0Router1(config-router)#endRouter1#
We have a router with theses 4 subnets connected to four different interfaces.192.168.10.64/28, 192.168.10.80/28, 192.168.10.96/28, 192.168.10.8/30
All interfaces need to be in area 0. Seems the easiest config is
Test#config tTest(config)#router ospf 1Test(config-router)#network 192.168.10.0 0.0.0.255 area 0
But to cover CCNA objectives lets use separate subnets and wildcards
Test#config tTest(config)#router ospf 1Test(config-router)#network 192.168.10.64 0.0.0.15 area 0Test(config-router)#network 192.168.10.80 0.0.0.15 area 0Test(config-router)#network 192.168.10.96 0.0.0.15 area 0Test(config-router)#network 192.168.10.8 0.0.0.3 area 0
If the area address ranges are nicely assigned (which also helps immensely when you have to start summarizing), you can use a single network statement to cover the whole area. If, for example, area 3 has address range 10.1.16.0/20, use network 10.1.16.0 0.0.15.255 area 3
If the router has all interfaces in a single area, I would always usenetwork 0.0.0.0 255.255.255.255 area area-id (unless there is an extremely good reason that some interfaces should not be seen by the OSPF)
To configure Man router with an ip address shown and loopback interface on Fa0/0 for ospf
Man#config terminalMan(config)#interface fa0/0Man(config-if)#ip address 192.168.1.1 255.255.255.0Man(config-if)#no shutdownMan(config-if)#interface loopback 0Man(config-if)#ip address 192.168.31.11 255.255.255.255
Man(config)#router ospf 1Man(config-router)#network 192.168.1.0 0.0.0.255 area 01 is the ospf process ID which is locally significant.
The show ip ospf interface (interface) command
Displays Priority, timer intervals, router ID number and neighbor adjacencies
Show ip ospf neighbor & Show ip ospf neighbor detail Summarises the OSPF information regarding neighbour id, priority, adjacency state and DR or BDR.
So use the show ospf neighbor command to see who won DR election
Layer 2 Switching
Forward/filter decisions When a frame is received on an interface, the switch looks at the destination hardware address and finds the exit interface in the MAC database. The frame is only forwarded out the specified destination port.
Looking at the output of a show mac address-table If the switch received a frame with the following MAC addresses
The destination MAC address is found in the MAC address table and is forwarded out the fa0/3 interface.
3 main switching methods are
Cut Through - looks at the first 6 bytes of the destination MAC address onlyFragment free cut through - looks at the first 64 bytes onlyStore and forward - looks at the entire frame
Spanning Tree Protocol (STP)
Bridge Priority - Numerical value held by switches. All Catalyst switches are priority 32768Bridge ID = Priority Value and switch MAC Address.
Root bridge This is the bridge with the lowest bridge ID.
Root port The port with the lowest path cost to the root bridge.Used for communicating with the root bridge.
Designated port this has been determined as having the lowest cost. A designated port will be marked as a forwarding port.
NonDesignated port has a higher cost than the designated port Nondesignated ports are put in blocking mode.
Any port that is not either a root port or a designated port is placed into the blocking state.
Switch A is the root bridge because it’s the one with the lowest bridge ID. Switch B must shut down one of its ports connected to Switch A to prevent a switching loop from occurring.
STP will shut down the link with the lowest bandwidth, here both links are 100Mbps so STP will shut down the highest port number ie Fa0/12.
Wireless
The Service Set Identifier (SSID) all wireless devices in a WLAN must be configured with the same SSID in order to communicate.
Ad-hocThe simplest form of a wireless network is created by connecting two or more wireless clients together in a peer-to-peer network. A wireless network established in this manner is known as an ad-hoc network and does not include an AP.
All clients within an ad-hoc network are equal. The area covered by this network is known as an Independent Basic Service Set (IBSS).
Infrastructure ModeLarger networks require a single device that controls communications in the wireless cell, an AP Access Point.The area covered by a single AP is known as a Basic Service Set (BSS) or cell.
The Basic Service Set (BSS) is the smallest building block of a WLAN. The area of coverage of a single AP is limited. To expand the coverage area, it is possible to connect multiple BSSs through a Distribution System (DS). This forms an Extended Service Set (ESS). An ESS uses multiple APs. Each AP is in a separate BSS.
In order to allow movement between the cells without the loss of signal, BSSs must overlap by approximately 10%. This allows the client to connect to the second AP before disconnecting from the first AP.
Most home and small business environments consist of a single BSS. However, as the required coverage area and number hosts needing to connect increases it becomes necessary to create an ESS.
802.11b standard uses DSSS with a maximum data rate of 11Mbps
802.11b supports four data rates: 1, 2, 5.5, and 11 Mbps.
Wi-Fi Protected Access (WPA). Specifies the use of dynamic encryption keys that change each time a client establishes a connection. It includes authentication by PSK.
QuestionYou and a co-worker have established wireless communication directly between your wireless laptops. What type of wireless topology has been created?
A. BSSB. ESSC. IBSSD. SSID
Answer C
ExplanationAd-hoc mode or Independent Basic Service Set [IBSS] is simply a group of computers talking wirelessly to each other with no access point (AP).
IPv6
21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A or
21DA:D3:0:2F3B:2AA:FF:FE28:9C5A with the leading zeros removed
A contiguous sequence of 16-bit blocks set to 0 in the colon-hexadecimal format can be compressed to ::
FE80:0:0:0:2AA:FF:FE9A:4CA2 can be compressed to FE80::2AA:FF:FE9A:4CA2.
FF02:0:0:0:0:0:0:2 can be compressed to FF02::2.
0000, may be replaced with two colons:: as long as there is only one double colon used in an address
1234:0:0:0:ABCD:0:0:123 could be represented as1234::ABCD:0:0:123 or 1234:0:0:0:ABCD::123
You can identify these and other IPv6 addresses by their initial bits
1111 111010 - Link Local prefix FE80::/10
1111 111011 a site-local address IPv6 unicast address prefix FEC0::/10
1111 1111 – Multicast has a prefix of FF00::/8
6to4 is 2002::/16 - this is the transition system—the structure that allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels.
Autoconfiguration
MAC-48: 00:01:03:69:8B:CF EUI-64: 0201:03ff:fe69:8bcf
Example
Host Ethernet address is 00:30:48:23:58:df
Network prefix is 2001:db8:1:cafe::/64
Address is
2001:0db8:0001:cafe:0230:48ff:fe23:58df
The change in the top byte of the address from ‘00’ to ‘02’ comes from the global bit being set in the translation from IEEE MAC-48 to EUI-64
What multicast address does RIPng use?
Answer FF02::9
What multicast address does EIGRPv6 use?
Answer FF02::A
What two multicast addresses does OSPFv3 use?
Answer FF02::5, FF02::6
A router that is running both IPv4 and IPv6 addressing on the same interface is known asDual-stack