In 60 Days – ICND 1 (100-101)

2m ago
7 Views
0 Downloads
758.24 KB
64 Pages
Last View : 12d ago
Last Download : n/a
Upload by : Brenna Zink
Share:
Transcription

In 60 Days – CCENT ICND 1(100-101)The Ultimate Cram Guidewww.in60days.net Copyright Paul Browing 2013

You can print these slides if you have joined theprogram at www.in60days.netwww.in60days.net Copyright Paul Browing 2013

Warning You need to know everything on this video before you attempt the exam. This cram guide is NOT a replacement for studying and doing lots of labs.www.in60days.net Copyright Paul Browing 2013

How to. Stop the video as required Print the slides (members only)www.in60days.net Copyright Paul Browing 2013

OSI/TCP ModelLayerPurposeDataApplicationsTCP7. ApplicationEstablishes resources.DataE-mailApplication6. Presentation De/Encryption & datacompression.DataMP3, MP4Application5. SessionEstablishes sessions.DataSQL, NFSApplication4. TransportData delivery.Segment TCP/UDPHost-to-host3. NetworkBest path to destination.PacketIP/RIPInternetwork2. Data LinkMAC address/errordetection.FrameFrame relay NetworkInterface1. PhysicalData onto wire.BitsCables &deviceswww.in60days.net Copyright Paul Browing 2013NetworkInterface

OSI & TCP Model comparisonOSIApplicationTCP ansportNetworkNetworkData LinkData LinkPhysicalPhysicalwww.in60days.netCopyright Paul –Browing2013 Some People Fry BaconAll People Seem To Need DataProcessingDon’t

Common PortsPortServicePortService20212223255369FTP DataFTP 3HTTPPOP3NNTPNTPIMAPSNMPHTTPSwww.in60days.net Copyright Paul Browing 2013

TCP/IPTCPProtocol 6Reliable delivery of data. 20 byte headerUDPProtocol 17Connectionless, no delivery guarantee, 8byte headerFTPTCP 20/21Used to send large files reliablyTFTPUDP 69Sends small files across networkSNMPUDP 161/162Remotely manages network devicesICMPProtocol 1Sends query and error messages. Used byPINGARPNetworkprotocolMaps a known IP address to a MACaddressDNSUDP 53Resolves hostnames to IP addressesDHCPUDP 67/68Sends network configuration parameterswww.in60days.net Copyright Paul Browing 2013

Configure DHCPRouter(config)#ip dhcp pool NAME DHCP PoolRouter(dhcp-config)#network 10.10.10.0 255.255.255.0Router(dhcp-config)#dns-server 24.196.64.39 24.196.64.40Router(dhcp-config)#domain-name mydomain.comRouter(dhcp-config)#default-router 10.10.10.254Router(dhcp-config)#lease 1www.in60days.net Copyright Paul Browing 2013

Router ModesModeUser execPrivileged execGlobal configROM monitorSet UpPromptRouter Router#Router(config)#rommon [series of questions]RXBootRouter boot www.in60days.net Copyright Paul Browing 2013

Keyboard ShortcutsCtrl WErases a wordCtrl P (uparrow)Recall lastcommandCtrl UErases a lineCtrl NRecall nextcommandCtrl ACurser to line startEsc BMove back onewordCtrl ECurser to end oflineEsc FForward onewordCtrl F (rightarrow)Forward onecharacterTabFinish thecommandCtrl B (leftarrow)Back one characterwww.in60days.net Copyright Paul Browing 2013

Router Elements – Internal componentsDRAMBuffers, routing tables,running configROMMini OSFlashCompressed IOSNVRAMIOS expandedConfig-register Defines booting processwww.in60days.net Copyright Paul Browing 2013Wiped on powerdownRommon modeStart up configDefault value –0x2102 (0x2142skips startupconfig)

tRouterStraightStraightCrossoverCrossoverLike to like is usually a crossover apart from PC to Routerwww.in60days.net Copyright Paul Browing 2013PCStraightStraightCrossoverCrossover

Crossover – pin 1 to 3 , pin 2 to 6Straight – all pins match each sideRollover – all pins reversed so 1-8, 2-7, etc.Crossover Cable12345678Straight Cable1234567812345678Rollover Cable12345678www.in60days.net Copyright Paul Browing 20131234567887654321

Connection to the RouterConsoleAux portRollover cable. Initial config/disaster recoveryUsually modem connectionsVTYTFTPNMSTelnet ports. Usually 0-4 inclusive on routersSend small files to and from routerSNMP to report on router usage/interfaceswww.in60days.net Copyright Paul Browing 2013

Cisco Discovery Protocol (CDP) Gathers info about nearby connected devices Turn off cdp on entire router – (config)#no cdp run Turn off cdp on interface – (config-if)#no cdp enable show cdp neighbor [detail] Can be used for troubleshooting to discover neighbour details Please try the show commands as you may be asked what they tellyouwww.in60days.net Copyright Paul Browing 2013

LAN Switch1.2.3.Learns addresses – show mac-address-tableFilters and forwards frames out of correct portAvoids network/switching loops with STP (spanning treeprotocol).www.in60days.net Copyright Paul Browing 2013

Transmitting FramesStore-and-Forward Copies entire frame into buffer, checks CRC.High latencyCut-ThroughReads only destination address andforwards frame. Lowest latency.Fragment-FreeSwitch reads first 64 bytes of frame.www.in60days.net Copyright Paul Browing 2013

Spanning Tree Protocol (STP) Provides redundant paths for traffic Prevents loops on those paths Uses Bridge Protocol Data Units (BPDU) Force switch to become root:Switch(config)#spanning-tree vlan 2010 priority 8192(Or)Switch(config)#spanning-tree vlan 2010 root primarywww.in60days.net Copyright Paul Browing 2013

Port Security Protects switch ports Can permit static mac address(es) Violation action is shutdown/protect/restrict Restrict interface so only expected devices can be connected Port security identifies devices based on MAC address Port security is enabled on switch ports with different settingsavailable per port Each port can be defined with maximum allowed MAC addresswww.in60days.net Copyright Paul Browing 2013

ModePort dUnknown MACs discardedNoNoShutdownErrdisabledDisabledYes & SNMPIncrementedRestrictOpen# of excess MAC traffic deniedYes & SNMPIncrementedwww.in60days.net Copyright Paul Browing 2013

Port Security features MAC address limitation. Sticky MAC address. Static and Dynamic MAC address entry. Violation modes:Error disableshutdownProtect restrict Shutdown unused ports Assign all unused ports to unused VLAN.www.in60days.net Copyright Paul Browing 2013

Configure Port SecuritySw(config)#interface fast 0/1Sw(config-if)#switchport port-security enable port securitySw(config-if)# switchport port-security mac-address sticky Sticky MACs(or)Sw(config-if)#switchport port-security violation [shutdown/protect/restrict] violations modes(or)Sw(config-if)#switchport port-security maximum 4 Limiting access to only 4 MACs(or)Sw(config-if)#switchport port-security mac-address xxx hard codes mac addressSw#show port-security you can add [interface fast 0/1]www.in60days.net Copyright Paul Browing 2013

VLANs Logically divide your LAN Cuts down broadcast domains Improves security Easier admin VLAN info goes over trunk linkswww.in60days.net Copyright Paul Browing 2013

Configure a VLANF0/0F1/0F2/0F3/0Switch(config)#vlan 2Switch(config)#interface fast1/0Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 2Switch(config-if)#interface fast3/0Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 2www.in60days.net Copyright Paul Browing 2013

Types of ports on Switch Access port: Endpoints are usually connected on access ports. Trunk port: Other switch/non-edge devices connect to this port.Access portsTrunk portswww.in60days.net Copyright Paul Browing 2013

Configure a Trunk/AccessportTrunk link required to pass VLAN info acrossswitchesEncapsulation either ISL or 802.1q (default on2950 switch)Link usually needs to be at least 100Mbps butusually 1000Mbps (can be 10Mbps!!)Access portTrunk portSwitch1(config)#vlan 5Switch1(config)#interface fast0/1Switch1(config-if)#switchport mode accessSwitch1(config-if)#switchport access vlan 5Switch1(config-if)#interface fast0/15Switch1(config-if)#switchport mode trunkwww.in60days.net Copyright Paul Browing 2013Switch1(config-if)#switchporttrunk encapsulation isl

VLAN Trunking Protocol (VTP) Carries VLAN update between switches All must be configured in the same VTP domain VTP modes are client/server/transparent Never connect a new switch while it is in servermodeSwitchA(config)#vtp mode server[this is the default]SwitchA(config)#vtp domain CiscoSwitchA(config)#vtp password ccnawww.in60days.net Copyright Paul Browing 2013

Switch CommandsSwitch(config)#vlan 2 (creates VLAN 2)Switch(config-vlan)#name SALES (names VLAN)Switch(config)#interface fast 0/1Switch(config-if)#switchport access vlan 2 (puts interface into VLAN 2)Switch(config-if)#switchport mode trunk (sets interface to trunk)Switch(config)#vtp mode transparent/client/server (sets switch mode)Switch(config)#vtp domain howtonetwork.net (sets VTP domain name)Switch(config)#spanning-tree portfast (sets portfast) Switch(config)#ip defaultgateway 192.168.1.1 (switch default gateway)www.in60days.net Copyright Paul Browing 2013

Switch Show owvlan brief shows summary of VLAN infovtp status shows various VTP info including mode/versioninterfaces trunk shows trunk interfacesmac-address-table[dynamic] shows mac table (dynamic)*Learn all of these by heartplus the info they give you.www.in60days.net Copyright Paul Browing 2013

DTP Tries to negotiate the port to become a trunk Always on unless you manually turn hportnonegotiateCommand rejected: Conflict between 'nonegotiate' and 'dynamic'status.Switch1(config-if)#switchportmode trunkSwitch1(config-if)#switchport nonegotiateSwitch1(config-if)#Auto become a trunk if the other end is a trunk or set to desirable (passive)Desirable attempt to become a trunk (active)Auto/Auto no trunk. Must at least have one end as desirable or manually set to trunkwww.in60days.net Copyright Paul Browing 2013

IP AddressingClassBLeading Networks Networks HostsBits255.0.0.001-12612616,777,214*127.0.0.0 reserved for loopback testing255.255.0.010128-191 16,38465,534C255.255.255.0 60days.net Copyright Paul Browing 20132,097152 254

SubnetsBITS1286432168421128192224240248For working out which subnet ahost is in2522542552-2481632For working out how many subnets and hostsper subnetwww.in60days.net Copyright Paul Browing 2013

Easy Subnetting1. Change the slash number to subnet mask2. Tick down and across the chart3. Count up increments to get correct subnetwww.in60days.net Copyright Paul Browing 2013

Which subnet is 172.16.100.11 /19 in? To get to /19 we steal 3 bits (from /16) Tick 3 down and 3 across the top Count up in 32 until you get to 100.11 subnetwww.in60days.net Copyright Paul Browing 2013

BITS128643216842Subnets128The top ticks reveal the subnet increments192224240248252So we can see that stealing 3 bits gives us amask of 255.255.224.0254255www.in60days.net Copyright Paul Browing 20131

Next Steps172.16.100.11172.16.0.0Our subnet hostaddressOur first subnet172.16.32.0Our second subnet172.16.64.0Our third subnet172.16.96.0*Our fourth subnet (100.11 inhere)172.16.128.0www.in60days.net Copyright Paul Browing 2013

To Work Out All IPs172.16.100.11Our subnet host172.16.96.0Our subnet172.16.96.1Our first host172.16.127.254Our last hostOur broadcastaddress172.16.127.255www.in60days.net Copyright Paul Browing 2013

VLSMLets you chop your network into subnets200.100.100.0 /24Change mask from /24 to /25 – Now you get:Original mask (last octet) 00000000 1 Subnet 254 hostsNew mask (subnet 1) 00000000 200.100.100.0 - subnet 1 126 hostsNew mask (subnet 2) 10000000 200.100.100.128 - subnet 2 126 hostswww.in60days.net Copyright Paul Browing 2013

Route Summarization Find the common bits and advertise this.172.16.8.0 10101100.00010000.00001000.00000000172.16.9.0 10101100.00010000.00001001.00000000172.16.10.0 10101100.00010000.00001010.00000000172.16.11.0 10101100.00010000.00001011.00000000172.16.12.0 10101100.00010000.00001100.00000000172.16.13.0 10101100.00010000.00001101.00000000172.16.14.0 10101100.00010000.00001110.00000000172.16.15.0 10101100.00010000.00001111.00000000Matching Bits 10101100.00010000.00001 21 bitswww.in60days.net Copyright Paul Browing 2013Advertise - 172.16.8.0255.255.248.0

Router Packet forwarding on route lookup. Maintaining routing table Never forwards broadcastRoutes learned : Connected routes Static routes Routing protocols (dynamic routing)www.in60days.net Copyright Paul Browing 2013

Routing Protocol Types of protocol : Routed protocolIt moves data from the best path like IP, IPX and appletalk. Routing protocolIt finds the best route to the destination. IP routing is intercommunication of two different networks. It can be divided into : IGP – Interior gateway protocol EGP – Exterior gateway protocolwww.in60days.net Copyright Paul Browing 2013

Administrative DistancesDirectly ConnectedInterfaceStatic HopEIGRP Summary0ISIS15RIP120Exterior Gateway Protocol (EGP) 140External BGPEIGRP (Internal)OSPF2090110External EIGRPInternal BGPUnknownwww.in60days.net Copyright Paul Browing 2013115170200255

Static Routing Use if only a handful of routes Useful for stub networks (only one way in and out) Destination network/mask – next hop/interfaceip route 172.16.5.0 255.255.255.0 172.16.12.8ip route 172.16.5.0 255.255.255.0 serial 0/0www.in60days.net Copyright Paul Browing 2013

OSPF – Open Shortest Path First Uses IP protocol 89ClasslessUses Dijkstras shortest path first algorithm (SPF)Router ID is the highest IP addressBut loopback address is used as ID if presentBackbone area is area 0All non backbone areas must connect directly to area 0Areas can be numbered from 0 to 65535Multicasts on 224.0.0.5OSPF uses cost as a metric (108/bandwidth)www.in60days.net Copyright Paul Browing 2013

OSPF basic terms LSA – OSPF uses Link Sate Advertisement (LSA) to organize thetopology information, it is a data structure with specific informationabout the network. LSDB – Link State Database (LSDB) is the collection of LSAs known tothe router. ABR – In multiple area OSPF design some router sits at the border ofmultiple OSPF area so they are known as Area Border router (ABR). Router id - Every router in the OSPF network is identified by router idwhich can be manually assigned or automatically based on highest IPaddress of physical/loopback interface on the router.www.in60days.net Copyright Paul Browing 2013

Configure OSPFR1(config)#router ospf 20R1(config-router)#network 172.16.0.0 0.0.255.255 area 0Uses wildcard masks with network address.R1(config-router)#router-id 1.1.1.1 [manually sets router ID]www.in60days.net Copyright Paul Browing 2013

Inter-vlan routing-Using a layer 3 switch or-Router, with a VLAN trunk connecting switch. Create sub-interface for each VLAN that is required to be routed.Use 802.1Q and associate VLAN with sub-interface.Configure IP address for each.Also called )#interface fast 0/0.10encapsulation dot1q 10ip address 1.1.1.1 255.255.255.0!interface fast 0/0.20encapsulation dot1q 20ip address 1.1.2.1 255.255.255.0www.in60days.net Copyright Paul Browing 2013fa0/1Trunk port

ACL – Access Control List ACL works on packet filtering method. ACL filters packet based on below parameters: Source IPDestination IPSource portDestination port ACL works under the concept of implicit deny property. Types: Standard ACL & Extended ACLwww.in60days.net Copyright Paul Browing 2013

ACL port range 1-99 IP standard1300-1999 IP standard (expanded range)100-199 IP extended2000-2699 IP extended (expanded range)Must be applied to an interface to work.Named ACLs are case sensitiveYou can only edit a named ACL (changed in later IOS)Can apply to ports such as vty 0 4 (ip access-class)www.in60days.net Copyright Paul Browing 2013

172.16.1.1/26EXTENDED ACL Router A192.168.1.1/26Web Serverinterface serial 0/0access-group 100 in!access-list 100 permit tcp host 192.168.1.1 host 172.16.1.1 eq 80STANDARD ACL Router Ainterface serial 0/0access-group 1 in!access-list 1 permit 192.168.1.1www.in60days.net Copyright Paul Browing 2013

192.168.1.1/26Web Server172.16.1.1/26NAMED ACL Router Ainterface serial 0/0ip access-list blockweb in!ip access-list extended blockwebpermit tcp host 192.168.1.1 host 172.16.1.1 eq 80www.in60days.net Copyright Paul Browing 2013

Wildcard Masks Used for access lists and routing Take the subnet away from 255255Subnet 255Equals 0255255025522431www.in60days.net Copyright Paul Browing 20132550255

Network Address Translation (NAT) Translates internal addresses to external Used for network security Used for address preservationwww.in60days.net Copyright Paul Browing 2013

Static NAT192.168.1.1200.1.1.1interface fast ethernet 0ip nat inside!interface serial 0/0ip nat outside!ip nat inside source static 192.168.1.1 200.1.1.1www.in60days.net Copyright Paul Browing 2013

Dynamic NAT/NAT Pool192.168.1.0/26200.1.1.1-10interface fast ethernet 0ip nat inside!interface serial 0/0ip nat outside!ip nat pool internet out 200.1.1.1 200.1.1.10 prefix-length 24ip nat inside source list 1 pool internet outaccess-list 1 permit 192.168.1.00.0.0.63www.in60days.net Copyright Paul Browing 2013

PAT192.168.1.0/26200.1.1.1-10interface fast ethernet 0ip nat inside!interface serial 0/0ip nat outside!ip nat pool internet out 200.1.1.1 200.1.1.10 prefix-length 24ip nat inside source list 1 pool internet out overloadaccess-list 1 permit 192.168.1.00.0.0.63www.in60days.net Copyright PaulBrowing 2013

Network Time ProtocolR2(config)#ntp server 10.0.0.1R2#show ntp associationsaddressref clockst when poll reach delay offset* 10.0.0.1127.127.7.154464 3773.22.39* master (synced), # master (unsynced), selected, - candidate, configureddisp1.2R2#show ntp statusClock is synchronized, stratum 6, reference is 10.0.0.1nominal freq is 249.5901 Hz, actual freq is 249.5900 Hz, precision is 2**18reference time is C02C38D2.950DA968 (05:53:22.582 UTC Sun Mar 3 2002)clock offset is 4.6267 msec, root delay is 3.16 msecroot dispersion is 4.88 msec, peer dispersion is 0.23 msecwww.in60days.net Copyright Paul Browing 2013

CEF ComponentsVTP-Server-1(config)#ip cefVTP-Server-1(config)#exitwww.in60days.net Copyright Paul Browing 2013

IPv6 128 bit address in 8 parts (each 16 hex bits) EEDE:AC89:4323:5445:FE32:BB78:7856:2022 Uses multicast/anycast/unicast (no broadcasts) Use with IPv4 using tunnelling or dual stack Transition from IPv4 with Static, 6to4, Automatic, ISATAP, GREwww.in60days.net Copyright Paul Browing 2013

Compress IPv6 Address1.2.Use double colon (only once per address)Replaces leading double zerosComplete RepresentationCompressed :00CD:1234::67890000:0000:0000:0000:0000:FFFF: 172.16.255.1::FFFF: 00:0000::www.in60days.net Copyright Paul Browing 2013

Compression Method 2 Omit leading zerosComplete IPv6 Address RepresentationCompressed IPv6 Address 000:0000:0000:FFFF:172.16.255.10:0:0:0:0:FFFF: 55.1 000:0000:00000:0:0:0:0:0:0:0www.in60days.net Copyright Paul Browing 2013

IPv6 routing Using Static routesRouter(config)# ipv6 route 2001:fa8:1231:1::/64 2001:cc8:1789:2::2 Using OSPF v3ipv6 unicast-routing!ipv6 router ospf 2router-id 1.1.1.1!interface serial0/0/1ipv6 address 2001:fa8:1231:1::1ipv6 ospf 2 area 0!interface GigabitEthernet0/0ipv6 address 2001:cd8:1711:1::2ipv6 ospf 2 areawww.in60days.net Copyright Paul Browing 2013

IPv6 important commands to remember. Router# show ipv6 route Router# show ipv6 interface brief Router# show ipv6 route static Router# show ipv6 ospf Router# show ipv6 ospf interface brief Router# show ipv6 ospf neighborwww.in60days.net Copyright Paul Browing 2013

Title: In 60 Days – ICND 1 (100-101) Author: Vijit Kumawat Created Date: 10/2/2013 8:47:24 AM