Binder 1

FIRST HOP REDUNDANCY packetlife.net

First Hop Redundancy Protocols

Hot Standby Router Protocol

Provides default gateway redundancy using one

active and one standby router; standardized but

licensed by Cisco

Virtual Router Redundancy Protocol

An open-standard alternative to Cisco's HSRP,

providing the same functionality

Gateway Load Balancing Protocol

Supports arbitrary load balancing in addition to

redundancy across gateways; Cisco proprietary

Protocols Comparison

HSRP VRRP GLBP

Standard RFC 2281 RFC 3768 Cisco

Load Balancing No No Yes

IPv6 Support Yes No Yes

Transport UDP 1985 IP 112 UDP 3222

Default Priority 100 100 100

Default Hello 3s 1s 3s

Multicast Group 224.0.0.2 224.0.0.18 224.0.0.102

HSRP Operation VRRP Operation GLBP Operation

HSRP Configuration

interface FastEthernet0/0 ip address 10.0.1.2 255.255.255.0 standby version {1 | 2}

standby 1 ip 10.0.1.1 standby 1 timers <hello> <dead> standby 1 priority <priority> standby 1 preempt

standby 1 authentication md5 key-string <password> standby 1 track <interface> <value> standby 1 track <object> decrement <value>

VRRP Configuration

interface FastEthernet0/0

ip address 10.0.1.2 255.255.255.0 vrrp 1 ip 10.0.1.1 vrrp 1 timers {advertise <hello> | learn}

vrrp 1 priority <priority> vrrp 1 preempt vrrp 1 authentication md5 key-string <password> vrrp 1 track <object> decrement <value>

GLBP Configuration


ip address 10.0.1.2 255.255.255.0 glbp 1 ip 10.0.1.1 glbp 1 timers <hello> <dead> glbp 1 timers redirect <redirect> <time-out> glbp 1 priority <priority> glbp 1 preempt glbp 1 forwarder preempt glbp 1 authentication md5 key-string <password> glbp 1 load-balancing <method> glbp 1 weighting <weight> lower <lower> upper <upper> glbp 1 weighting track <object> decrement <value>

HSRP/GLBP Interface States

Speak · Gateway election in progress

Active · Active router/VG

Standby · Backup router/VG

Listen · Not the active router/VG

VRRP Interface States

Master · Acting as the virtual router

Backup · All non-master routers

GLBP Roles

Active Virtual Gateway (AVG) · Answers for the virtual

router and assigns virtual MAC addresses to group members

Active Virtual Forwarder (AVF) · All routers which forward

traffic for the group (may include the AVG)

GLBP Load Balancing

Round-Robin (default) · The AVG answers host ARP requests

for the virtual router with the next router in the cycle

Host-Dependent · Round-robin cycling while maintaining a

consistent AVF for each host

Weighted · GLBP weight determines the proportionate share

of hosts handled by each AVF

Troubleshooting

show standby [brief] show vrrp [brief]

show glbp [brief] show track [brief]

by Jeremy Stretch v1.0

IEEE 802.11 WIRELESS · PART 1 packetlife.net

IEEE Standards

802.11a 802.11b 802.11g 802.11n (Draft)

Maximum Throughput 54 Mbps 11 Mbps 54 Mbps 300 Mbps

Frequency 5 GHz 2.4 GHz 2.4 GHz 2.4/5 GHz

Modulation OFDM DSSS DSSS/OFDM OFDM

Channels (FCC/ETSI) 21/19 11/13 11/13 32/32

Ratified 1999 1999 2003 N/A

WLAN Types

Ad Hoc · A WLAN between isolated stations

with no central point of control; an IBSS

Infrastructure · A WLAN attached to a wired

network via an access point; a BSS or ESS

Frame Types

Type Class

Association Management

Authentication Management

Probe Management

Beacon Management

Request To Send (RTS) Control

Clear To Send (CTS) Control

Acknowledgment (ACK) Control

Data Data

Client Association

Modulations

Scheme Modulation Throughput

DSSS

DBPSK 1 Mbps

DQPSK 2 Mbps

CCK 5.5, 11 Mbps

OFDM

BPSK 6, 9 Mbps

QPSK 12, 18 Mbps

16-QAM 24, 36 Mbps

64-QAM 48, 54 Mbps

WLAN Components

Basic Service Area (BSA) · The physical area covered by the wireless

signal of a BSS

Basic Service Set (BSS) · A set of stations and/or access points which

can directly communicate via a wireless medium

Distribution System (DS) · The wired infrastructure connecting

multiple BSSs to form an ESS

Extended Service Set (ESS) · A set of multiple BSSs connected by a DS

which appear to wireless stations as a single BSS

Independent BSS (IBSS) · An isolated BSS with no connection to a DS;

an ad hoc WLAN

Measuring RF Signal Strength

Decibel (dB) · An expression of signal strength as compared to a

reference signal; calculated as 10log10(signal/reference)

dBm · Signal strength compared to a 1 milliwatt signal

dBw · Signal strength compared to a 1 watt signal

dBi · Compares forward antenna gain to that of an isotropic antenna

Terminology

Basic Service Set Identifier (BSSID) · A MAC address (typically

belonging to an AP) which serves to uniquely identify a BSS

Service Set Identifier (SSID) · A human-friendly text string which

identifies a BSS (up to 32 characters in length)

Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) ·

The mechanism which facilitates efficient communication across a shared

wireless medium (provided by DCF or PCF)

Effective Isotropic Radiated Power (EIRP) · An expression of net

signal strength (transmitter power + antenna gain - cable loss)


IEEE 802.11 WIRELESS · PART 2 packetlife.net

Distributed Coordination Function

Interframe Spacing

Short IFS (SIFS) · Used to provide minimal spacing delay

between control frames or data fragments

DCF IFS (DIFS) · Normal spacing enforced under DCF for

management and nonfragment data frames

Arbitrated IFS (AIFS) · Variable spacing calculated to

accomodate differing qualities of service (QoS)

Extended IFS (EIFS) · Extended delay imposed after

detecting errors in a received frame

Encryption Schemes

Wired Equivalent Privacy (WEP) · Deprecated encryption

mechanism which employs a flawed RC4 implementation and a

40- or 104-bit preshared encryption key

Wi-Fi Protected Access (WPA) · A temporary fix for the

flaws in WEP; implements an improved RC4-based encryption

called Temporal Key Integirty Protocol (TKIP) which can

operate on WEP-capable hardware

IEEE 802.11i (WPA2) · IEEE standard developed to replace

WPA; requires a new generation of hardware to implement

significantly stronger AES-based CCMP encryption

Client Authentication

Open · No authentication is used

Preshared Encryption Keys · Keys must be manually

entered into clients and access points before a secure

connection can be established

Lightweight EAP (LEAP) · Deprecated Cisco- proprietary

EAP method introduced to provide dynamic keying for

WEP

EAP-TLS · Employs Transport Layer Security (TLS); PKI

certificates are required on the AP and clients to provide

mutual authentication

EAP-TTLS · Clients authenticate the AP with its cert, then

form a secure tunnel inside which the client authentication

takes place; removes the requirement for a PKI cert on the

client

Protected EAP (PEAP) · A proposal by Cisco, Microsoft,

and RSA which forms a secure tunnel like EAP-TTLS and

does not require a cert on the client

EAP-FAST · Developed by Cisco to replace LEAP;

establishes a secure tunnel using a Protected Access

Credential (PAC) in the absence of PKI certs

Quality of Service Markings

WMM 802.11e 802.1p

Platinum7 6

6 5

Gold5 4

4 3

Silver3

00

Bronze2 2

1 1

Wi-Fi Multimedia (WMM) · A Wi-Fi Alliance

certification for QoS; a subset of 802.11e

802.11e · Official IEEE WLAN QoS standard ratified

in 2005; replaces WMM

802.1p · QoS markings in the 802.1Q header on

wired Ethernet LANs shown for comparison

RF Signal Interference

Reflection Scattering Absorption

Refraction Diffraction

Antenna Types

Directional · Radiates power in one or several focused directions

Omnidirectional · Radiates power uniformly across a plane

Isotropic · A theoretical antenna referenced when measuring

effective radiated power


IEEE 802.1X packetlife.net

802.1X Header

EAP Header

EAP Flow Chart

Configuration

Global Configuration

! Define a RADIUS serverradius-server host 10.0.0.100

radius-server key MyRadiusKey

! Configure 802.1X to authenticate via AAAaaa new-model

aaa authentication dot1x default group radius

! Enable 802.1X authentication globallydot1x system-auth-control

Interface Configuration

! Configure static access modeswitchport mode access

! Enable 802.1X authentication per portdot1x port-control auto

! Configure host mode (single or multi)dot1x host-mode single-host

! Configure maximum authentication attemptsdot1x max-reauth-req

! Enable periodic reauthenticationdot1x reauthentication

! Configure a guest VLANdot1x guest-vlan 123

! Configure a restricted VLANdot1x auth-fail vlan 456

dot1x auth-fail max-attempts 3

Terminology

Extensible Authentication Protocol (EAP) · A flexible

authentication framework defined in RFC 3748

EAP Over LANs (EAPOL) · The encapsulation used by 802.1X

to carry EAP across a layer two segment

Supplicant · The device on one end of a link that requests

authentication by the authenticator

Authenticator · The device that controls the status of a link;

typically a wired switch or wireless access point

Authentication Server · A backend server which

authenticates the credentials provided by supplicants (for

example, a RADIUS server)

Guest VLAN · Fallback VLAN for clients not 802.1X-capable

Restricted VLAN · Fallback VLAN for clients which fail

authentication

802.1X Packet Types

0 EAP Packet

1 EAPOL-Start

2 EAPOL-Logoff

3 EAPOL-Key

4 EAPOL-Encap-ASF-Alert

Interface Defaults

Max Auth Requests 2

Reauthentication Off

Quiet Period 60s

Reauth Period 3600s

Server Timeout 30s

Supplicant Timeout 30s

Tx Period 30s

EAP Codes

1 Request

2 Response

3 Success

4 Failure

EAP Req/Resp Types

1 Identity

2 Notification

3 Nak

4 MD5 Challenge

5 One Time Password

6 Generic Token Card

254 Expanded Types

255 Experimental

Port-Control Options

force-authorized · Port will always remain in authorized state

(default setting)

force-unauthorized · Port will always remain in unauthorized

state, ignoring authentication attempts

auto · Port is authorized only in the presence of a successfully

authenticated supplicant

Troubleshooting

show dot1x [interface <interface>]

show dot1x statistics interface <interface>

dot1x test eapol-capable [interface <interface>]

dot1x re-authenticate interface <interface>


IPV4 MULTICAST packetlife.net

Layer 2 Addressing

Bits 1-24 Multicast OUI of 01-00-5E

Bit 25 Always set to zero

Bits 26-48 Carried over from lower 23 bits of IP address

Terminology

Reverse Path Forwarding (RPF) · Verifies that multicast traffic travels in the

reverse direction of unicast traffic, away from the tree root

Internet Group Management Protocol (IGMP) · End hosts issue IGMP

requests to local routers to join multicast groups

Cisco Group Management Protocol (CGMP) · A proprietary protocol used by

switches to obtain multicast membership information for end hosts

IGMP Configuration

IGMP Support Router(config-if)# ip igmp [version {1|2|3}]

IGMP Snooping Switch(config)# ip igmp snooping

Protocol Independent Multicast

Dense Mode · The initial tree encompasses all multicast routers; after a period

of time, routers without IGMP members prune back branches

Sparse Mode · The tree is grown from a central rendevous point out to the

multicast source and recipients

Sparse-Dense Mode · Allows a PIM-enabled interface to function in either

sparse or dense mode per group

PIMv1 · Provides automatic RP discovery with Auto-RP (Cisco proprietary)

PIMv2 · Automatic RP discovery is accomplished by the bootstrap router

method (standards based)

PIM Configuration

ip multicast-routing!interface FastEthernet0/0 ip pim {sparse-mode | dense-mode | sparse-dense-mode } ip pim version {1 | 2}

RP Configuration

Manual ip pim rp-address <IP>

Auto-RP Mapping Agent ip pim send-rp-discovery scope <TTL>

Auto-RP Candidate ip pim send-rp-announce <interface>

BSR Candidate ip pim bsr-candidate <interface>

BSR RP Candidate ip pim rp-candidate <interface>

Ranges

224.0.0.0/24 Local network control

224.0.1.0/24 Internetwork control

232.0.0.0/8 Source-specific

233.0.0.0/8 GLOP (RFC 3180)

239.0.0.0/8 Admin-scoped

Common Groups

224.0.0.1 All hosts

224.0.0.2 All routers

224.0.1.39 Cisco RP Announce

224.0.1.40 Cisco RP Discovery

Distribution Trees

Shared · A common, static set of links

which carry all multicast traffic;

administratively constructed

Source-Rooted · Provide the shortest

paths from the source to receivers

IGMP

IGMPv1 · End hosts send requests to

local routers to receive multicast traffic

for a particular group

IGMPv2 · Adds support for dynamic

leave requests and querier election

IGMPv3 · Adds multicast source filtering

capability

IGMP Snooping · A switch passively

inspects IGMP requests to determine

which hosts should receive layer two

multicast traffic

IGMP Troubleshooting

show ip igmp

show ip igmp group

show ip igmp interface

show ip igmp snooping

ip igmp join-group

PIM Troubleshooting

show ip mroute

show ip pim interface

show ip pim neighbor

show ip pim rp [mapping]

show ip rpf <IP>


IPV6 packetlife.net

Protocol Header

Version (4 bits) · Always set to 6

Traffic Class (8 bits) · A DSCP value for QoS

Flow Label (20 bits) · Identifies unique flows (optional)

Payload Length (16 bits) · Length of the payload in bytes

Next Header (8 bits) · Header or protocol which follows

Hop Limit (8 bits) · Functions as IPv4's time to live field

Source Address (128 bits) · Source IP address

Destination Address (128 bits) · Destination IP address

Address Types

Unicast · One-to-one communication

Multicast · One-to-many communication

Anycast · An address configured in multiple locations

Address Notation

Step 1 · Eliminate all leading zeros

Step 2 · Replace up to one set of consecutive zeros with a

double-colon

Address Formats

Global unicast

Link-local unicast

Multicast

EUI-64 Formation

Step 1 · Insert 0xfffe between the two halves of the MAC

Step 2 · Flip the seventh bit (universal/local flag) to 1

Special-Use Ranges

::/0 Default route

::/128 Unspecified

::1/128 Loopback

::/96 IPv4-compatible*

::FFFF:0:0/96 IPv4-mapped

2001::/32 Teredo

2001:DB8::/32 Documentation

2002::/16 6to4

FC00::/7 Unique local

FE80::/10 Link-local unicast

FEC0::/10 Site-local unicast*

FF00::/8 Multicast

* Deprecated

Extension Headers

Hop-by-hop Options (0) · Carries additional information which must be

examined by every router in the path

Routing (43) · Provides source routing functionality

Fragment (44) · Included when a packet has been fragmented by its source

Encapsulating Security Payload (50) · Provides payload encryption (IPsec)

Authentication Header (51) · Provides packet authentication (IPsec)

Destination Options (60) · Carries additional information which pertains only to

the recipient

Transition Methods

Dual Stack · Running IPv4 and IPv6 on all devices simultaneously

Tunneling · IPv6 packets are encapsulated into IPv4 using IPv6-in-IP, UDP

(Teredo), or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

Translation · Stateless IP/ICMP Translation (SIIT) translates IP header fields and

NAT Protocol Translation (NAT-PT) maps between IPv6 and IPv4 addresses


IPSEC packetlife.net

Protocols

Internet Security Association and Key Management Protocol

(ISAKMP) · A framework for the negotiation and management of

security associations between peers; traverses UDP port 500

Internet Key Exchange (IKE) · Responsible for key agreement using

public key cryptography

Encapsulating Security Payload (ESP) · Provides data encryption,

data integrity, and peer authentication; IP protocol 50

Authentication Header (AH) · Provides data integrity and peer

authentication, but not data encryption; IP protocol 51

IPsec Modes

Transport Mode · The ESP or AH header is inserted behind the IP

header; the IP header can be authenticated but not encrypted

Tunnel Mode · A new IP header is created in place of the original; this

allows for encryption of the entire original packet

Encryption Algorithms

Type Key Strength

DES Symmetric 56-bit Weak

3DES Symmetric 168-bit Medium

AES Symmetric 128, 192, or 256-bit

Strong

RSA Asymmetric 1024-bit minimum

Strong

Hashing Algorithms

Length Strength

MD5 128-bit Medium

SHA-1 160-bit Strong

IKE Phases

Phase 1 · A bidirectional ISAKMP SA is

established between peers to provide a secure

management channel; IKE is performed in main

mode or agressive mode

Phase 1.5 (optional) · Xauth can optionally be

implemented to enforce user authentication

Phase 2 · Two unidirectional IPsec SAs are

established for data transfer using separate

keys; IKE quick mode is used

Configuration

ISAKMP Policy

crypto isakmp policy 10

encryption aes 256

hash sha

authentication pre-share

group 2

lifetime 3600

ISAKMP Pre-Shared Secret Key

crypto isakmp key 0 MySecretKey address 10.0.0.2

IPsec Transform Set

crypto ipsec transform-set MyTS esp-aes 256 esp-sha-hmac mode tunnel

IPsec Profile

crypto ipsec profile MyProfile set transform-set MyTS

Virtual Tunnel Interface

interface Tunnel0

ip address 172.16.0.1 255.255.255.252

tunnel source 10.0.0.1

tunnel destination 10.0.0.2

tunnel mode ipsec ipv4

tunnel protection ipsec profile MyProfile

Terminology

Data Integrity · Secure hashing (HMAC) is used to ensure

data has not been altered in transit

Data Confidentiality · Encryption is used to ensure data

cannot be intercepted by a third party

Data Origin Authentication · Peer authentication

Anti-replay · Sequence numbers are used to detect and

block duplicate packets

Hash-based Message Authentication Code (HMAC) · A

hash of the data and secret key used to provide message

authenticity

Diffie-Hellman · A method of establishing a shared secret

key over an insecure path using public and private keys

Troubleshooting

show crypto isakmp sa

show crypto isakmp policy

show crypto ipsec sa

show crypto ipsec transform-set

debug crypto isakmp

debug crypto ipsec


QUALITY OF SERVICE · PART 1 packetlife.net

Quality of Service Models

Best Effort · No QoS policies are implemented

Integrated Services (IntServ) · Resource Reservation Protocol (RSVP) is used to

reserve bandwidth per flow across all nodes in a path

Differentiated Services (DiffServ) · Packets are individually classified and marked;

policy decisions are made independently at each node in a path

Layer 2 QoS Markings

Medium Name Type

Ethernet Class of Service (CoS) 3-bit 802.1p field in 802.1Q header

Frame Relay Discard Eligibility (DE) 1-bit drop eligibility flag

ATM Cell Loss Priority (CLP) 1-bit drop eligibility flag

MPLS Experimental Field (EXP) 3-bit field compatible with 802.1p

IP QoS Markings

Precedence · The first three bits of the IP TOS field are evaluated; compatible with

Ethernet CoS and MPLS EXP values

DSCP · The first six bits of the IP TOS are evaluated to provide more granular

classification; backward-compatible with IP Precedence

QoS Flowchart

Terminology

Per-Hop Behavior (PHB) · The individual QoS action performed at each DiffServ

node according to its configured policy

Trust Boundary · The perimeter beyond which QoS markings are not trusted

Tail Drop · Occurs when a packet is dropped because its queue is full

Policing · Creates an artificial ceiling on the amount of bandwidth that may be

consumed; traffic exceeding the cap and be remarked or dropped

Shaping · Similar to policing but buffers excess traffic for delayed transmission;

makes more efficient use of bandwidth but introduces a delay

TCP Synchronization · Flows adjust window sizes in synch, wasting bandwidth

Per-Hop Behaviors

Class Selector (CS) · Backward-

compatible with IP Precedence values

Assured Forwarding (AF) · Four classes

with variable drop preferences

Expedited Forwarding (EF) · Provides

priority queuing for delay-sensitive traffic

Congestion Avoidance

Random Early Detection (RED) ·

Packets are randomly dropped before a

queue is full to prevent tail drop;

mitigates TCP synchronization

Weighted RED (WRED) · RED with the

added capability of recognizing

prioritized traffic by its marking

IP Type of Service (TOS)

Precedence Values

Binary Application

7 111 Reserved

6 110 Routing

5 101 Voice

4 100 Streaming Video

3 011 Call Signaling

2 010 Transactional

1 001 Bulk Data

0 000 Best Effort

DSCP Values

Binary Prec. DSCP

56 111000 7 Reserved

48 110000 6 Reserved

46 101110 5 EF

32 100000

4

CS4

34 100010 AF41

36 100100 AF42

38 100110 AF43

24 011000

3

CS3

26 011010 AF31

28 011100 AF32

30 011110 AF33

16 010000

2

CS2

18 010010 AF21

20 010100 AF22

22 010110 AF23

8 001000

1

CS1

10 001010 AF11

12 001100 AF12

14 001110 AF13

0 000000 0 BE


QUALITY OF SERVICE · PART 2 packetlife.net

Queuing Comparison Chart

FIFO PQ CQ WFQ CBWFQ LLQ

Default on interfaces >2 Mbps No No <=2 Mbps No No

Number of queues 1 4 Configured Dynamic Configured Configured

Configurable classes No Yes Yes No Yes Yes

Bandwidth allocation Automatic Automatic Configured Automatic Configured Configured

Provides for minimal delay No Yes No No No Yes

Modern implementation Yes No No No Yes Yes

First In First Out (FIFO)

» Packets are transmitted in the order

they are processed

» No prioritization is provided

» Default queuing method on high-

speed (>2 Mbps) interfaces

» Configurable with the tx-ring-limit

interface configuration command

Priority Queuing (PQ)

» Provides four static queues which

cannot be reconfigured

» Higher-priority queues are always

emptied before lower-priority queues

» Lower-priority queues are at risk of

bandwidth starvation

LLQ Configuration Example

! *** Class definitions ***

class-map match-all Voice! Matches packets by DSCP value match dscp ef!class-map match-all Call-Signaling match dscp cs3!

class-map match-any Critical-Apps match dscp af21 af22

! Matches packets by access list match access-group name Mgmt_LAN

!class-map match-all Scavenger match dscp cs1!

! *** Policy creation ***policy-map Foo class Voice! Priority queue policed to 33% priority percent 33

class Call-Signaling! Allocate 5% of bandwidth bandwidth percent 5 class Critical-Apps bandwidth percent 20

! Extend queue size to 96 packets queue-limit 96 class Scavenger

! Police to 64 kbps police cir 64000 conform-action transmit exceed-action drop class class-default

! Enable WFQ fair-queue! Enable WRED random-detect!

! *** Policy Application ***interface Serial0 service-policy Foo

Troubleshooting

show policy-map

show interface

show queue <interface>

show mls qos

Custom Queuing (CQ)

» Rotates through queues using

Weighted Round Robin (WRR)

» A configurable number of bytes is

processed from each queue per turn

» Prevents queue starvation but does

not support delay-sensitive traffic

Weighted Fair Queuing (WFQ)

» Queues are dynamically created per

flow to ensure fair processing

» Statistically drops packets from

agressive flows more often

» No support for delay-sensitive traffic

Class-Based WFQ (CBWFQ)

» Provides the benefits of WFQ with

administratively configured queues

» Each queue is allocated an amount or

percentage of bandwidth

» No support for delay-sensitive traffic

Low Latency Queuing (LLQ)

» CBWFQ with the addition of a policed

strict priority queue

» Highly configurable while still

supporting delay-sensitive traffic


TH

E Q

oS

BA

SE

LINE

AT

–A–G

LAN

CE

The Q

oS Baseline is a strategic docum

ent designed to unifyQ

oS within C

isco. The Q

oS Baseline provides uniform

,standards-based recom

mendations to help ensure that Q

oSproducts, designs, and deploym

ents are unified and consistent.

The Q

oS Baseline defines up to 11 classes of traffic that m

aybe view

ed as critical to a given enterprise. A sum

mary of

these classes and their respective standards-based markings

and recomm

ended QoS configurations are show

n below.

Interactive-Video

refers to IP Video-C

onferencing; Streaming

Video is either unicast or m

ulticast uni-directional video; Voice

refers to VoIP bearer traffic only (and does not include

Call-Signaling traffic).

The (L

ocally-Defined) M

ission-Criticalclass is intended for

a subset of Transactional D

ata applications that contributem

ost significantly to the business objectives (this is a non-technical assessm

ent).

The T

ransactional Data

class is intended for foreground,user-interactive applications such as database access,transaction services, interactive m

essaging, and preferreddata services.

The B

ulk Data

class is intended for background, non-interactive traffic flow

s, such as large file transfers, contentdistribution,database synchronization, backup operations,and em

ail.

The IP R

outingclass is intended for IP R

outing protocols,such as B

order Gatew

ay Protocol (BG

P), Open Shortest

Path First (OSPF), and etc.

The C

all-Signalingclass is intended for voice and/or video

signaling traffic, such as Skinny, SIP, H.323, etc.

The N

etwork M

anagement

class is intended for network

managem

ent protocols, such as SNM

P , Syslog, DN

S, etc.

Standards-based marking recom

mendations allow

for betterintegration w

ith service-pr ovider offerings as well as other

internetworking scenarios.

In Cisco IO

S Software , rate-based queuing translates to

CB

WFQ

; priority queuing is LL

Q.D

SCP-B

ased WR

ED

(based on RFC

2597) drops AFx3 before A

Fx2, and in turndrops A

Fx2 before AFx1. R

SVP

is recomm

ended (whenever supported) for V

oice and/orInteractive-V

ideo admission control

Cisco products that support Q

oS features will use these

QoS B

aseline recomm

endations for marking, scheduling,

and admission control.

The Scavenger

class is based on an Internet 2 draft thatdefines a “less-than-B

est Effort” service. In the event of link

congestion, this class will be dropped the m

ost aggressively.

The B

est Effort

class is also the default class. Unless an

application has been assigned for preferential/deferentialservice, it w

ill remain in this default class. M

ost enterpriseshave hundr eds—

if not thousands—of applications on their

networks; the m

ajority of which w

ill remain in the B

estE

ffort service class.

The Q

oS Baseline r ecom

mendations ar e intended as a

standards-based guideline for customers-not as a m

andate.C

ustomers do not have to deploy all 11 traffic classes, but

may start w

ith simple Q

oS models and expand over tim

e asbusiness needs arise, as show

n in the diagram to the right.

Copyright ©

2005 Cisco System

s, Inc. All rights reserved. C

isco, Cisco IO

S, Cisco

Systems, and the C

isco Systems logo are registered tradem

arks of Cisco System

s, Inc.and/or its affiliates in the U

.S. and certain other countries.

All other tradem

arks mentioned in this docum

ent or Web site ar e the pr oper ty of their

respective owners. T

he use of the word partner does not im

ply a partnership relationshipbetw

een Cisco and any other com

pany. (0502R)

204170.l_ET

MG

_AE

_4.05

Application

Transactional Data

Call-Signaling

Streaming Video

Interactive-Video

Voice

Netw

ork Mgm

t

Bulk Data

Scavenger

Best Effort

IP Routing

Mission-Critical

L3 ClassificationPH

BD

SCP

18AF21

24CS3

32CS4

34AF41

46EF

16CS2

10AF11

8CS1

00

48CS6

26AF31

Recomm

ended Configuration

Rate-Based Queuing + DSCP-WRED

Rate-Based Queuing + RED

RSVP + Rate-Based Queuing + RED

RSVP + Rate-Based Queuing + DSCP-WRED

RSVP Admission Control + Priority Queuing



No BW

Guarantee + RED

BW Guarantee Rate-Based Queuing + RED



RFC 2597

RFC 2474-4.2.2

RFC 2474-4.2.2

RFC 2597

RFC 3246

RFC 2474-4.2.2

RFC 2597

Internet 2

RFC 2474-4.1

RFC 2474-4.2.2

RFC 2597

ReferencingStandard

5 Class Model

Scavenger

Critical Data

Call Signaling

Best Effort

Realtime

8 Class Model

Critical Data

Video

Call Signaling

Best Effort

Voice

Bulk D

ata

Netw

ork Control

Scavenger

QoS B

aselineM

odel

Netw

ork Mgm

t

Call Signaling

Streaming Video

Transactional

Interactive-Video

Voice

IP Routing

Mission-Critical

Scavenger

Bulk D

ata

Time

Best Effort

Qu

ality o

f Service reference ca

rd

Header

LengthBest

Effort

QUALITY O

F SERVICE MO

DELS

DiffServ

Soft QoS or D

ifferentiatedService

IntServH

ard QoS or

Integrated Service(or G

uaranteed Service)R

SVP

QUALITY O

F SERVICE MECHANISM

S

Class of ServiceCoS Value

111

110

101

100

011

010

001

CoS 7

CoS 6

CoS 5

CoS 4

CoS 3

CoS 2

CoS 1

CoS 0000

Baseline

Voice Bearer

Videoconference

Call-Signalling

High-Priority Data

Medium

-Priority Data

Best Effort

IEEE 802.1p/Q

Pream.

SFDD

ASA

FCSD

ataT/L

TPID2 bytes

TCI2 bytes

PRI

CFIVLAN

ID

3 bits1 bit

12 bits

3 bits usedfor CoS

(802.1p userpriorIty)

ISL (Cisco Proprietary)

ISL Header

26 bytesEncapsulated Fram

e 1...24.5 KBytesFCS

4 bytes

DA

RES

IND

EXBPD

UType

User

AAAA03LEN

HSA

SA 2 bits used for CoS

MPLSFram

eH

eaderM

PLS Header

32 bitsIP

Header

Payload

EXPS

LabelTTL

3 bits used for CoS

Frame Relay

Frame R

elay DE (D

iscard Eligible) bit0= high priority fram

e1= low

priority frame (increased drop probability)

Flag

DLCI

DE

EA

1 bit used for CoS

Frame R

elay Header

2 bytesFlag

FCSInform

ation

C/REA

DLCI

FECNBECN

ATM

ATM CLP (Cell Loss Priority) bit

0= high priority cell1= low

priority cell (increased drop probability)

VPICLP

HEC

1 bit used for CoS

ATM H

eader5 bytes

Payload48 bytes

VCIPT

IPv4Version

FlagsFragm

ent offset

ProtocolH

eader checksumTTL

Source AddressD

estination AddressO

ptions and PaddingD

ata

IPv6Version

Payload LengthN

ext Header

Hop Lim

it

Traffic Class 1 byte

Source Address

Data

IP Precedence ValueD

escription

111N

etwork (reserved)

110Internet (reserved)

101Critical

100Flash-override

011Flash

010Im

mediate

001Priority

000R

outine

Baseline

Voice Bearer

Videoconference

Call-Signalling

High-Priority Data

Medium

-Priority Data

Best Effort

CLASSIFICATION AND M

ARKING AT THE DATA LINK LAYER

CLASSIFICATION AND M

ARKING AT THE NETW

ORK LAYER

VLAN

User CodeM

eaningXX00

Norm

al PriorityXX01

Priority 1XX10

Priority 2XX11

Highest Priority

Identification

Total lengthTO

S 1 byte

b0b1

b2b3

b4b5

b6b7

IPPrecedence

GFC

CLPH

ECVPI

PTVCI

ATM U

NI

ATM N

NI

TOS Byte (IPv4)

Traffic Class (IPv6)

- ToS Byte (IPv4) / Traffic Class (IPv6) : IP precedence

This reference card is about Differentiated Service

•Classification

•M

arking•

Congestion Managem

ent•

Congestion Avoidance•

Policing and Shaping•

Link Efficiency Mechanism

s

Priority at the Layer 2 is called Class of Service (CoS).Depending on the protocol run at the data link layer, respectively1 (Fram

e Relay, ATM), 2 (ISL) or 3 (IEEE 802.1 p/Q, M

PLS) bitsare used in order to prioritize the traffic.

Following table show

s a possible baseline when 3 bits are used.

Extension Header Info Flow

label

Destination Address

JOH

N C

OR

DIE

R A

CA

DE

MY

QO

S BASELINE

ApplicationPH

B

REFERENCES

00

00

00

00

00

10

00

00

01

00

00

00

01

10

00

00

10

00

00

00

10

10

00

00

11

00

00

00

11

10

00

00

00

10

10

00

00

11

00

00

00

11

10

00

01

00

10

00

01

01

00

00

01

01

10

00

01

10

10

00

01

11

00

00

01

11

10

00

10

00

10

00

10

01

00

00

10

01

10

00

10

11

10

00 b0

b1b2

b3b4

b5b6

b7

DSCP

Flowcontrol

IPPrecedence

TOS Byte (IPv4)

Traffic Class (IPv6)

Default

CS1

CS2

CS3

CS4

CS5

CS6

CS7

AF11

AF12

AF13

AF21

AF22

AF23

AF31

AF32

AF33

AF41

AF42

AF43

EF

PHB

DCSP Value(decim

al)

0816243240485610121418202226283034363846

TOS Value

(decimal)

0326496

128

160

192

224

404856728088

104

112

120

136

144

152

184

Drop

Probability

Low

Medium

High

Low

Medium

High

Low

Medium

High

Low

Medium

High

xx

xx

xx

00

xx

xx

xx

10

Non ECN

-Capable

ECN-Capable Transport (ECT 1)

Best Effort

Class Selector(Backw

ardCom

patibilityw

ith IPPrecedence)

AssuredForw

arding

Expedited Forwarding

xx

xx

xx

10

xx

xx

xx

11

ECN-Capable Transport (ECT 0)

Congestion Experienced (CE)

ECN: Explicit Congestion N

oticication

L3 ClassificationD

SCP

IP Routing

Interactive-Video

Streaming-Video

Mission-Critical Data

Call-Signaling

Transactional Data

Network-M

anagement

Bulk Data

Scavenger

Best-Effort

Voice

CS6

EF

AF41

CS4

AF31

CS3

AF21

CS2

AF11

CS10

48463432262428161080

- ToS Byte (IPv4) / Traffic Class (IPv6) : DSCP

Intserv

•R

FC 2212: Specification of Guaranteed Q

uality of Service,see w

ww

.ietf.org/rfc/rfc2212.txt•

RFC 2211: Specification of the Controlled-Load Network Elem

ent Service,see w

ww

.ietf.org/rfc/rfc2211.txt

ToS Byte / Traffic Class

•RFC 791: Internet Protocol Darpa Internet Program

Protocol Specification,see w

ww

.ietf.org/rfc/rfc0791.txt•

RFC 1349: Type of Service in the Internet Protocol Suite,

see ww

w.ietf.org/rfc/rfc1349.txt

•R

FC 2474: Definition of the D

ifferentiated Services Field (DS Field) in

the IPv4 and IPv6 Headers,

see ww


DiffServ

•R

FC 3246 (previously RFC2598): An Expedited Forw

arding PHB (Per-

Hop Behavior),

see ww


•R

FC 2597: Assured Forwarding PH

B Group,

see ww


•R

FC 3168: The Addition of Explicit Congestion Notification (ECN

) to IP,see w

ww

.ietf.org/rfc/rfc3168.txt

Qu

ality o

f service

reference ca

rd©

v.2.0

JOH

N C

OR

DIE

R A

CA

DE

MY

ww

w.jca

cad

emy.co

m

SPANNING TREE · PART 1 packetlife.net

Spanning Tree Protocols

Legacy STP PVST PVST+ RSTP RPVST+ MST

Algorithm Legacy ST Legacy ST Legacy ST Rapid ST Rapid ST Rapid ST

Definition 802.1D-1998 Cisco Cisco 802.1w,802.1D-2004

Cisco 802.1s,802.1Q-2003

Instances One Per VLAN Per VLAN One Per VLAN Configurable

Trunking N/A ISL 802.1Q, ISL N/A 802.1Q, ISL 802.1Q, ISL

Spanning Tree Instance Comparison

BPDU Format

Field Bits

Protocol ID 16

Version 8

BPDU Type 8

Flags 8

Root ID 64

Root Path Cost 32

Bridge ID 64

Port ID 16

Message Age 16

Max Age 16

Hello Time 16

Forward Delay 16

Default Timers

Hello 2s

Forward Delay 15s

Max Age 20s

Spanning Tree Specifications

Open Standards

IEEE 802.1D-1998 · Deprecated legacy STP standard

IEEE 802.1w · Introduced Rapid STP (RSTP)

IEEE 802.1D-2004 · Replaced legacy STP with RSTP

IEEE 802.1s · Introduced Multiple Spanning Tree (MST)

IEEE 802.1Q-2003 · Added MST to 802.1Q

Cisco Proprietary Implementations

PVST · Per-VLAN implementation of legacy STP

PVST+ · Added 802.1Q trunking to PVST

RPVST+ · Per-VLAN implementation of RSTP

Link Costs

Bandwidth Cost

4 Mbps 250

10 Mbps 100

16 Mbps 62

45 Mbps 39

100 Mbps 19

155 Mbps 14

622 Mbps 6

1 Gbps 4

10 Gbps 2

Port States

Legacy ST Rapid ST

Disabled Discarding

Blocking Discarding

Listening Discarding

Learning Learning

Forwarding Forwarding

Spanning Tree Operation

1 Determine root bridge The bridge advertising the lowest bridge ID becomesthe root bridge

2 Select root port Each bridge selects its primary port facing the root

3 Select designated ports One designated port is selected per segment

4 Block ports with loops All non-root and non-desginated ports are blocked

Port Roles

Legacy ST Rapid ST

Root Root

Designated Designated

Blocking Alternate

Blocking Backup


SPANNING TREE · PART 2 packetlife.net

PVST+ and RPVST+ Configuration

! Set STP typespanning-tree mode {pvst | rapid-pvst}

! Bridge priorityspanning-tree vlan 1-4094 priority 32768

! Timers, in secondsspanning-tree vlan 1-4094 hello-time 2

spanning-tree vlan 1-4094 forward-time 15spanning-tree vlan 1-4094 max-age 20

! Enabling PortFast by defaultspanning-tree portfast default

! PVST+ Enhancementsspanning-tree backbonefastspanning-tree uplinkfast

! Interface attributesinterface FastEthernet0/1 spanning-tree [vlan 1-4094] port-priority 128 spanning-tree [vlan 1-4094] cost 19

! Manual link type specification spanning-tree link-type {point-to-point | shared} ! Enables spanning tree if running PVST+, or ! designates an edge port under RPVST+ spanning-tree portfast ! Spanning tree protection spanning-tree guard {loop | root | none} ! Per-interface toggling spanning-tree bpduguard enable

spanning-tree bpdufilter enable

MST Configuration

! Set STP typespanning-tree mode mst

! MST Configurationspanning-tree mst configuration name MyTree revision 1 ! Map VLANs to instances instance 1 vlan 20, 30 instance 2 vlan 40, 50

! Bridge priority (per instance)spanning-tree mst 1 priority 32768

! Timers, in secondsspanning-tree mst hello-time 2spanning-tree mst forward-time 15spanning-tree mst max-age 20

! Maximum hops for BPDUsspanning-tree mst max-hops 20

! Interface attributesinterface FastEthernet0/1 spanning-tree mst 1 port-priority 128 spanning-tree mst 1 cost 19

Bridge ID Format

Priority · 4-bit configurable priority (configurable from 0 to 61440

in increments of 4096)

System ID Extension · 12-bit value taken from VLAN number

MAC Address · 48-bit value to ensure uniqueness

Path Selection

1 Prefer the neighbor advertising the lowest root ID

2 Prefer the neighbor advertising the lowest cost to root

3 Prefer the neighbor with the lowest bridge ID

4 Prefer the lowest sender port ID

Optional PVST+ Ehancements

PortFast Enables immediate transition into the

forwarding state on edge ports

UplinkFast Enables access switches to maintain backup

paths to root

BackboneFast Enables immediate expiration of the Max Age

timer on an indirect link failure

Spanning Tree Protection

Root Guard Prevents a port from becoming the root port

BPDU Guard Error disables a port if a BPDU is received

Loop Guard Prevents a blocked port from transitioning to

listening after the Max Age timer has expired

BPDU Filter Blocks BPDUs on an interface

RSTP Link Types

Point-to-Point Connects to exactly one other bridge (a full

duplex interface)

Shared Potentially connects to multiple bridges (a half

duplex interface)

Edge Connects to a single host; designated by

applying PortFast

Troubleshooting

show spanning-tree [summary | detail]

show spanning-tree root

show spanning-tree vlan <VLAN>

show spanning-tree interface <interface>

show spanning-tree mst [<instance>] [detail]

show spanning-tree mst configuration

show spanning-tree mst interface <interface>


��

��

Application Layer

Transport Layer

Network Layer

Presentation Layer

Session Layer

Datalink Layer

Physical Layer

Application Layer

Host-to-host Layer

Internet Layer

Network AccessLayer

TCP

HTT

P

Network AccessLayer

IP

SMTP

DN

S

FTP

Oth

er

OtherUDP Version: IP version number (4 bits)IHL: Internet header length (4bits)Service: Type of service flags (1 byte)

Precedence (=absolute priority) (3 bits)Minimize delay (1 bit)Maximize throughput (1 bit)Maximize reliability (1 bit)Minimize monetary cost (1 bit)Reserved for future use (1 bit)

Total length: Total length of IP datagram (2 byte)Identification: Unique packet identifier, used to identify

the fragments of the datagram (2 bytes)Flags: Fragmentation flags, indicates if datagram

can be fragmented, and if a particularpacket is the last in the series of thefragments (3 bits)

10111110 10101100 00100001 00000011

32 bits

Netnumber Host number

190 172 33 3. . .

��

Hardware type: Identifies the type of hardware interface (2 bytes)Protocol Type: Identifies the type of protocol the

sending device is using (2 bytes)HLEN: Hardware Address Length (1 byte)PLEN: Protocol Address Length (1 byte)Operation: Request or reply (2 bytes)Sender HA: Sender hardware address (6 bytes)Sender IP: Sender IP address (4 bytes)Target HA: Target hardware address (6 bytes)Target IP: Target IP address (4 bytes)

Subnetmask

000000000

11111111255

11111111255

11111111255

Subnet Mask

NETIP Address

SUBNET HOST

32 bits

HLEN PLEN

0

Operation

Sender HA (0-3)

Target HA (2-5)

Target IP (0-4)

1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

Hardware type Protocol type

Sender HA (4-5) Sender IP (0-1)

Sender IP (2-3) Target HA (0-1)

IP Address ClassesNetnumber Host number

0

10

110

1110

1111

8-bit

0-126 A

128-191 B

192-223 C

224-239 D

240-255 E

Number of networks Number of hostsClass A 126 16.777.214Class B 16.384 65.534Class C 2.097.152 254

��

Checksum

0

Urgent pointer

Window size

Acknowledgement number

Options and Padding

Data

1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

Offset Reserved U

Destination port

A P R S F

Sequence number

Source port

Source port: Number of the port that initiates the session (2 bytes)Destination port: Number of the port for which the the transmision

is destined (2 bytes)Sequence Number: Used to reconstruct the fragmented data out of

the segments (4 bytes)Acknowledgement number: Used to acknowledge the receive of a segment (4 bytes)Offset: Size of the TCP header (4 bits)Reserved: Set to zero, reserved for future use (6 bits)Flags: (6 bits) Enables the controle functions of urgent fields (URG, 1 bit)

Acknowledgment (ACK, 1 bit)Push (PSH, 1 bit)Reset connection (RST, 1 bit)Synchronisation of sequence numbers (SYN, 1 bit)Finished sending data (FIN, 1 bit)

Window Size: Used to exchange TCP buffer sizes (2 bytes)Checksum: Checksum field (2 bytes)Urgent pointer: Points to urgent data in the data field

Only valid if the urgent flag is set (2 bytes)Options and Padding:(variable length) Options: Maximum segment size

TCP window scale Selective acknowledgment SACK-permited TCP timestamps

��7 Echo 25 SMTP9 Discard 53 DNS13 Daytime 80 HTTP17 Qotd 110 POP319 Chargen 119 NNTP20 FTP-data 179 BGP21 FTP-control 143 IMAP22 SSH 389 LDAP23 Telnet 443 HTTPs (s=over SSL)

646 MPLS

≤1023: Well known applications>1023: Proprietary applications and

client applications

Identification

TTL Protocol

0

Flags Fragment offset

Header checksum

Source Address

Destination Address

Options and Padding

Data

1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

Version IHL Service Total length

Fragm. Offset: Fragmentation offset field (13 bits)TTL: Time to live field (1 byte)Protocol: Protocol identifier field, identifies the

next higher layer protocol (1 byte)Header Checksum: Checksum field (2 bytes)Source Address: IP address of the source host

(4 bytes)Destination Address: IP address of the destination

host (4 bytes)Options and Padding: (Variable length)Options: Strict source route Loose source route Record route Timestamp Security

DOD OSI

Protocol:

1 ICMP2 IGMP6 TCP8 EGP9 IGRP17 UDP46 RSVP88 EIGRP89 OSPF

V1.5

TCP/IP (IPv4) reference card

JOHN CORDIER ACADEMY

��

��

��

��

��

��

��

��

Checksum

0

Length

Data

12

34

56

70

12

34

56

70

12

34

56

70

12

34

56

7

Destination port

Source port

Source port: N

umber of the port that initiates the session (2 bytes)

Destination port:

Num

ber of the port for which the

the transmision is destined

(2 bytes)Length:

Size of UD

P message

(2 bytes)Checksum

: Checksum

field (2 bytes)

7Echo

67D

HCP server

520R

IP9

Discard

68D

HCP client

646M

PLS13

Daytim

e69

TFTP17

Qotd

123N

TP19

Chargen161

SNM

P53

DN

S162

SNM

Ptrap

≤1023: Well know

n applications>1023: Proprietary applications

��

��

��

RFC 768:

User D

atagram Protocol

StandardR

FC 791: Internet Protocol v4

StandardR

FC 792: Internet Control M

essage Protocol Standard

RFC 793:

Transmission Control Protocol

StandardR

FC 821: Sim

ple Mail Transfer Protocol

StandardR

FC 826: Ethernet Address R

esolution ProtocolStandard

RFC 854:

Telnet Protocol Specifications Standard

RFC 959:

File Transfer Protocol Standard

RFC 1157: Sim

ple Netw

ork Managem

ent Protocol StandardR

FC 3232: Assigned Num

bers Inform

ationalhttp://w

ww

.iana.org/numbers.htm

lR

FC 1771: Border Gatew

ay Protocol v4 Draft Standard

RFC 2131: D

ynamic H

ost Configuration Protocol Draft Standard

RFC 2328: O

pen Shortest Path First v2 Standard

RFC 2453: R

outing Information Protocol v2

StandardR

FC 2616: Hypertext Transfer Protocol 1.1

Draft Standard

Search for RFC’s on http://w

ww

.rfc-editor.org

Important R

FC’sInteresting linksInternet Assigned N

umbers Authority (IAN

A) http://w

ww

.iana.orgInternet Corporation for Assigned N

ames and N

umbers

(ICANN

)http://w

ww

.icann.orgR

éseaux IP Européens (RIPE)

http://ww

w.ripe.net

American R

egistry for Internet Num

bers (ARIN

)http://w

ww

.arin.netAsia Pacific N

etwork Inform

ation Center (APNIC)

http://ww

w.apnic.net

Internet Engineering Task Force (IETF)http://w

ww

.ietf.orgInstitute of Electrical and Electronics Engineers (IEEE)

http://ww

w.ieee.org

InterNIC

http://rs.internic.netInternet Architecture Board (IAB)

http://ww

w.iab.org

Internet Society (ISOC)

http://ww

w.isoc.org

Internet Software Consortium

http://w

ww

.isc.orgW

orld Wide W

eb Consortium

http://ww

w.w

3c.orgInternet M

ail Consortium

http://ww

w.im

c.orgR

FC Editor http://w

ww

.rfc-editor.orgTelindus H

igh-Tech Institute (THTI)

http://ww

w.thti.telindus.be

��

��

��

��

��

VersionT.O

.S.

0

Total length

Source Address

12

34

56

70

12

34

56

70

12

34

56

70

12

34

56

7

IdentificationFragm

ent offset

Header checksum

IHL

Flags

Protocols=1TTL

Destination Address

Options and Padding

Header checksum

ICMP CO

DE

ICMP TYPEU

nused or depending on TYPE (see notes)

IP header + 8 octets of original datagram

TypeCode

00

Echo Reply

3Destination Unreachable

0N

etwork unreachable

1H

ost unreachable2

Requested protocol unreachable

3Port unreachable

4Fragm

entation needed, but “Don’t Fragm

ent flag set”

5Source route has failed

6D

estination network unknow

n7

Destination host unknow

n4

0Source Q

uench5

Redirect0

Redirect datagram

s for network

1R

edirect datagrams for host

80

Echo Request

90

Router advertisem

ent10

0R

outer selection11

Time Exceeded

0Tim

e-to-live exceeded1

fragment reassem

bly time exceeded

12Param

eter Problem0

Pointer indicates the error1

Missing a required option

2Bad length

��

��

��

��

DA

SAE-TYPE

DATA

FCS

DIX Ethernet v2

IEEE 802.300 00 00

E-TYPE

DSAP AA

SSAP AAControl

SNAP

DATA

IEEE 802.2SN

AP

DSAP 06

SSAP 06Control

DATA

IEEE 802.2

FCSD

ATAD

ASA

Length

E-Type (Hex.)

08 00: IP(v4)08 06: AR

P86 D

D: IP(v6)

TCP

/IP (IP

v4)

reference ca

rd©

v.2.0

JOH

N C

OR

DIE

R A

CA

DE

MY

ww

w.jca

cad

emy.co

m

��

��

Application Layer

Transport Layer

Network Layer

Presentation Layer

Session Layer

Datalink Layer

Physical Layer

Application Layer

Host-to-host Layer

Internet Layer

Network AccessLayer

TCP

HTT

P

Network AccessLayer

IP

SMTP

DN

S

FTP

Oth

er

OtherUDP Version: IP version number (4 bits)IHL: Internet header length (4bits)Service: Type of service flags (1 byte)

Precedence (=absolute priority) (3 bits)Minimize delay (1 bit)Maximize throughput (1 bit)Maximize reliability (1 bit)Minimize monetary cost (1 bit)Reserved for future use (1 bit)

Total length: Total length of IP datagram (2 byte)Identification: Unique packet identifier, used to identify

the fragments of the datagram (2 bytes)Flags: Fragmentation flags, indicates if datagram

can be fragmented, and if a particularpacket is the last in the series of thefragments (3 bits)

10111110 10101100 00100001 00000011

32 bits

Netnumber Host number

190 172 33 3. . .

��

Hardware type: Identifies the type of hardware interface (2 bytes)Protocol Type: Identifies the type of protocol the

sending device is using (2 bytes)HLEN: Hardware Address Length (1 byte)PLEN: Protocol Address Length (1 byte)Operation: Request or reply (2 bytes)Sender HA: Sender hardware address (6 bytes)Sender IP: Sender IP address (4 bytes)Target HA: Target hardware address (6 bytes)Target IP: Target IP address (4 bytes)

Subnetmask

000000000

11111111255

11111111255

11111111255

Subnet Mask

NETIP Address

SUBNET HOST

32 bits

HLEN PLEN

0

Operation

Sender HA (0-3)

Target HA (2-5)

Target IP (0-4)

1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

Hardware type Protocol type

Sender HA (4-5) Sender IP (0-1)

Sender IP (2-3) Target HA (0-1)

IP Address ClassesNetnumber Host number

0

10

110

1110

1111

8-bit

0-126 A

128-191 B

192-223 C

224-239 D

240-255 E

Number of networks Number of hostsClass A 126 16.777.214Class B 16.384 65.534Class C 2.097.152 254

��

Checksum

0

Urgent pointer

Window size

Acknowledgement number

Options and Padding

Data

1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

Offset Reserved U

Destination port

A P R S F

Sequence number

Source port

Source port: Number of the port that initiates the session (2 bytes)Destination port: Number of the port for which the the transmision

is destined (2 bytes)Sequence Number: Used to reconstruct the fragmented data out of

the segments (4 bytes)Acknowledgement number: Used to acknowledge the receive of a segment (4 bytes)Offset: Size of the TCP header (4 bits)Reserved: Set to zero, reserved for future use (6 bits)Flags: (6 bits) Enables the controle functions of urgent fields (URG, 1 bit)

Acknowledgment (ACK, 1 bit)Push (PSH, 1 bit)Reset connection (RST, 1 bit)Synchronisation of sequence numbers (SYN, 1 bit)Finished sending data (FIN, 1 bit)

Window Size: Used to exchange TCP buffer sizes (2 bytes)Checksum: Checksum field (2 bytes)Urgent pointer: Points to urgent data in the data field

Only valid if the urgent flag is set (2 bytes)Options and Padding:(variable length) Options: Maximum segment size

TCP window scale Selective acknowledgment SACK-permited TCP timestamps

��7 Echo 25 SMTP9 Discard 53 DNS13 Daytime 80 HTTP17 Qotd 110 POP319 Chargen 119 NNTP20 FTP-data 179 BGP21 FTP-control 143 IMAP22 SSH 389 LDAP23 Telnet 443 HTTPs (s=over SSL)

646 MPLS

≤1023: Well known applications>1023: Proprietary applications and

client applications

Identification

TTL Protocol

0

Flags Fragment offset

Header checksum

Source Address

Destination Address

Options and Padding

Data

1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

Version IHL Service Total length

Fragm. Offset: Fragmentation offset field (13 bits)TTL: Time to live field (1 byte)Protocol: Protocol identifier field, identifies the

next higher layer protocol (1 byte)Header Checksum: Checksum field (2 bytes)Source Address: IP address of the source host

(4 bytes)Destination Address: IP address of the destination

host (4 bytes)Options and Padding: (Variable length)Options: Strict source route Loose source route Record route Timestamp Security

DOD OSI

Protocol:

1 ICMP2 IGMP6 TCP8 EGP9 IGRP17 UDP46 RSVP88 EIGRP89 OSPF

V1.5

TCP/IP (IPv4) reference card


��

��

Checksum

0

Length

Data

1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

Destination portSource port

Source port: Number of the port that initiates the session (2 bytes)Destination port: Number of the port for which the

the transmision is destined (2 bytes)Length: Size of UDP message (2 bytes)Checksum: Checksum field (2 bytes)

7 Echo 67 DHCP server 520 RIP9 Discard 68 DHCP client 646 MPLS

13 Daytime 69 TFTP17 Qotd 123 NTP19 Chargen 161 SNMP53 DNS 162 SNMPtrap

≤1023: Well known applications>1023: Proprietary applications

��

RFC 768: User Datagram Protocol StandardRFC 791: Internet Protocol v4 StandardRFC 792: Internet Control Message Protocol StandardRFC 793: Transmission Control Protocol StandardRFC 821: Simple Mail Transfer Protocol StandardRFC 826: Ethernet Address Resolution Protocol StandardRFC 854: Telnet Protocol Specifications StandardRFC 959: File Transfer Protocol StandardRFC 1157: Simple Network Management Protocol StandardRFC 3232: Assigned Numbers Informational

http://www.iana.org/numbers.htmlRFC 1771: Border Gateway Protocol v4 Draft StandardRFC 2131: Dynamic Host Configuration Protocol Draft StandardRFC 2328: Open Shortest Path First v2 StandardRFC 2453: Routing Information Protocol v2 StandardRFC 2616: Hypertext Transfer Protocol 1.1 Draft Standard

Search for RFC’s on http://www.rfc-editor.org

Important RFC’s Interesting linksInternet Assigned Numbers Authority (IANA) http://www.iana.orgInternet Corporation for Assigned Names and Numbers(ICANN) http://www.icann.orgRéseaux IP Européens (RIPE) http://www.ripe.netAmerican Registry for Internet Numbers (ARIN) http://www.arin.netAsia Pacific Network Information Center (APNIC) http://www.apnic.netInternet Engineering Task Force (IETF) http://www.ietf.orgInstitute of Electrical and Electronics Engineers (IEEE) http://www.ieee.orgInterNIC http://rs.internic.netInternet Architecture Board (IAB) http://www.iab.orgInternet Society (ISOC) http://www.isoc.orgInternet Software Consortium http://www.isc.orgWorld Wide Web Consortium http://www.w3c.orgInternet Mail Consortium http://www.imc.orgRFC Editor http://www.rfc-editor.orgTelindus High-Tech Institute (THTI) http://www.thti.telindus.be

��

Version T.O.S.

0

Total length

Source Address

1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

Identification Fragment offset

Header checksum

IHL

Flags

Protocols=1TTL

Destination Address

Options and Padding

Header checksumICMP CODEICMP TYPE

Unused or depending on TYPE (see notes)

IP header + 8 octets of original datagram

Type Code

0 0 Echo Reply3 Destination Unreachable

0 Network unreachable1 Host unreachable2 Requested protocol unreachable3 Port unreachable4 Fragmentation needed, but “Don’t Fragment

flag set”5 Source route has failed6 Destination network unknown7 Destination host unknown

4 0 Source Quench5 Redirect

0 Redirect datagrams for network1 Redirect datagrams for host

8 0 Echo Request9 0 Router advertisement10 0 Router selection11 Time Exceeded

0 Time-to-live exceeded1 fragment reassembly time exceeded

12 Parameter Problem0 Pointer indicates the error1 Missing a required option2 Bad length

��

DA SA E-TYPE DATA FCS

DIX Ethernet v2

IEEE 802.300 00 00 E-TYPE

DSAP AA SSAP AA Control SNAP DATAIEEE 802.2

SNAP

DSAP 06 SSAP 06 Control DATAIEEE 802.2

FCSDATADA SA Length

E-Type (Hex.)

08 00: IP(v4) 08 06: ARP 86 DD: IP(v6)

TCP/IP (IPv4)

reference card© v.2.0


www.jcacademy.com

VLANS packetlife.net

Trunk Encapsulation

Ethernet Header

VLAN Creation

Switch(config)# vlan 100

Switch(config-vlan)# name Engineering

Access Port Configuration

Switch(config-if)# switchport mode access

Switch(config-if)# switchport nonegotiate

Switch(config-if)# switchport access vlan 100

Switch(config-if)# switchport voice vlan 150

Trunk Port Configuration

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport trunk encapsulation dot1q

Switch(config-if)# switchport trunk allowed vlan 10,100-200

Switch(config-if)# switchport trunk native vlan 10

SVI Configuration

Switch(config)# interface vlan100

Switch(config-if)# ip address 192.168.100.1 255.255.255.0

VLAN Trunking Protocol

Domain · Common to all switches participating in VTP

Server Mode · Generates and propagates VTP advertisements to

clients; this mode is default on unconfigured switches

Client Mode · Receives and forwards advertisements from servers;

VLANs cannot be manually configured on switches in client mode

Transparent Mode · Forwards advertisements but does not

participate in VTP; VLANs must be configured manually

Pruning · VLANs not having any access ports on an end switch are

removed from the trunk to reduce flooded traffic

VTP Configuration

Switch(config)# vtp mode server

Switch(config)# vtp domain LASVEGAS

Switch(config)# vtp password Presl3y

Switch(config)# vtp version 2

Switch(config)# vtp pruning

Trunk Types

802.1Q ISL

Header Size 4 bytes 26 bytes

Trailer Size N/A 4 bytes

Standard IEEE Cisco

Maximum VLANs 4094 1000

Command dot1q isl

VLAN Numbers

0 Reserved 1004 fdnet

1 default 1005 trnet

1002 fddi-default 1006-4094 Extended

1003 tr 4095 Reserved

Terminology

Trunking · Extending multiple VLANs over the

same physical connection

Native VLAN · By default, frames in this VLAN are

untagged when sent across a trunk

Access VLAN · The VLAN to which an access port is

assigned

Voice VLAN · If configured, enables minimal

trunking to support voice traffic in addition to data

traffic on an access port

Dynamic Trunking Protocol (DTP) · Can be used

to automatically establish trunks between capable

ports; carries a security risk

Switched Virtual Interface (SVI) · A virtual

interface which provides a routed gateway into and

out of a VLAN

Switch Port Modes

trunk · Forms an unconditional trunk

dynamic desirable · Actively attempts to negotiate

a trunk with the distant end

dynamic auto · Will form a trunk only if requested

by the distant end

access · Will never form a trunk

Troubleshooting

show vlan

show interface status

show interface switchport

show interface trunk

show vtp status

show vtp password


BGP · PART 1 packetlife.net

Attribute Types

Well-known Mandatory · Must be supported and propagated

Well-known Discretionary · Must be supported; propagation optional

Optional Transitive · Marked as partial if unsupported by neighbor

Optional Nontransitive · Deleted if unsupported by neighbor

Attributes

Name Type Description

Aggregator OT ID and AS of router which performed summarization

AS Path WM List of autonomous systems the advertisement has traversed

Atomic Aggregate WD Includes AS which have been dropped due to route aggregation

Cluster ID ON Originating cluster

Community OT Route tag

Local Preference WD Metric for internal neighbors to reach external paths; default 100

Multiple Exit Discriminator (MED)

ON Metric for external neighbors to reach the AS; default 0

Next Hop WM External peer in neighboring AS

Origin WM Origin type (IGP, EGP, or unknown)

Originator ID ON Identifies route reflector

Weight O Cisco proprietary, not communicated to peers; default 0

Path Selection

Order Description Preference

1 Weight Administrative preference Highest

2 Local Preference

Communicated between peers within an AS

Highest

3 Self-Originated Prefer paths originated locally True

4 AS Path Minimize AS hops Shortest

5 Origin Prefer IGP-learned routes over EGP, and EGP over unknown

IGP

6 MED Used externally to enter an AS Lowest

7 External Prefer eBGP routes over iBGP eBGP

8 IGP Cost Consider IGP attributes Lowest

9 eBGP Peering Favor more stable routes Oldest

10 Router ID Tie breaker Lowest

About BGP

Type Path Vector

Algorithm Path Selection

eBGP AD 20

iBGP AD 200

Standard RFC 4271

Protocols IP

Transport TCP 179

Authentication MD5

Terminology

Autonomous System (AS) · A logical

domain under the control of a single entity

External BGP (eBGP) · BGP neighborships

formed between autonomous systems

Internal BGP (iBGP) · BGP between peers

within a single autonomous system

Synchronization requirement · Asserts

that a route must be known by an IGP before

it may be advertised to BGP peers

Packet Types

Open Update

Keepalive Notification

Neighbor States

Idle · Neighbor is not responding

Connect · TCP session established

Open Sent · Open message sent

Open Confirm · Response received

Established · Neighborship established

Troubleshooting

show ip bgp

show ip bgp summary

show ip bgp neighbors

show ip route [bgp]

clear ip bgp * [soft]

debug ip bgp events

debug ip bgp updates

Influencing Path Selection

Weight neighbor 172.16.0.1 weight 200 Local Preference bgp default local-preference 100

MED default-metric 400 Route Map neighbor 172.16.0.1 route-map Foo


BGP · PART 2 packetlife.net

Configuration Example

Router A

interface Serial1/0 description Backbone to B ip address 172.16.0.1 255.255.255.252!interface Serial1/1 description Backbone to C ip address 172.16.0.5 255.255.255.252!interface FastEthernet2/0 description LAN ip address 192.168.1.1 255.255.255.0!router bgp 65100 no synchronization network 172.16.0.0 mask 255.255.255.252 network 172.16.0.4 mask 255.255.255.252 network 192.168.1.0 neighbor South peer-group neighbor South remote-as 65200 neighbor 172.16.0.2 peer-group South neighbor 172.16.0.6 peer-group South no auto-summary

Router B

interface FastEthernet0/0 description Local to C ip address 10.0.0.1 255.255.255.252!

interface Serial1/0 description Backbone to A ip address 172.16.0.2 255.255.255.252!interface FastEthernet2/0 description LAN ip address 192.168.2.1 255.255.255.0!router ospf 100

network 10.0.0.1 0.0.0.0 area 0 network 192.168.2.0 0.0.0.255 area 1!router bgp 65200

no synchronization redistribute ospf 100 route-map LAN_Subnets neighbor 10.0.0.2 remote-as 65200 neighbor 172.16.0.1 remote-as 65100 no auto-summary!access-list 10 permit 192.168.0.0 0.0.255.255!route-map LAN_Subnets permit 10 match ip address 10 set metric 100

Router C

interface FastEthernet0/0 description Local to B ip address 10.0.0.2 255.255.255.252!

interface Serial1/0 description Backbone to A ip address 172.16.0.6 255.255.255.252!interface FastEthernet2/0 description LAN ip address 192.168.3.1 255.255.255.0!router ospf 100

network 10.0.0.2 0.0.0.0 area 0 network 192.168.3.0 0.0.0.255 area 2!router bgp 65200 no synchronization redistribute ospf 100 route-map LAN_Subnets neighbor 10.0.0.1 remote-as 65200 neighbor 172.16.0.5 remote-as 65100 no auto-summary!access-list 10 permit 192.168.0.0 0.0.255.255!route-map LAN_Subnets permit 10 match ip address 10 set metric 100

Router A Routing Table

172.16.0.0/30 is subnetted, 2 subnetsC 172.16.0.4 is directly connected, S1/1C 172.16.0.0 is directly connected, S1/0C 192.168.1.0/24 is directly connected, F2/0B 192.168.2.0/24 [20/100] via 172.16.0.2B 192.168.3.0/24 [20/100] via 172.16.0.2

Router B Routing Table

172.16.0.0/30 is subnetted, 2 subnetsB 172.16.0.4 [20/0] via 172.16.0.1C 172.16.0.0 is directly connected, S1/0 10.0.0.0/30 is subnetted, 1 subnetsC 10.0.0.0 is directly connected, F0/0B 192.168.1.0/24 [20/0] via 172.16.0.1C 192.168.2.0/24 is directly connected, F2/0O IA 192.168.3.0/24 [110/2] via 10.0.0.2, F0/0


Int

Arrow

Edited by Foxit Reader Copyright(C) by Foxit Corporation,2005-2009 For Evaluation Only.

EIGRP packetlife.net

Protocol Header

Metric Formula

256 * (K1 * bw +K2 * bw

+ K3 * delay) *K5

256 - load reliability + K4

bw = 107 / Interface bandwidth in Kbps

delay = Interface delay in usecs / 10

EIGRP Configuration

Protocol Configuration

! Enable EIGRProuter eigrp <ASN>

! Add interfaces to advertise network <IP address> <wildcard mask>

! Configure K values metric weights 0 <k1> <k2> <k3> <k4> <k5>

! Disable automatic route summarization no auto-summary

! Designate passive interfaces passive-interface (<interface> | <default>)

! Enable stub routing eigrp stub [receive-only | connected | static | summary]

! Statically identify a neighboring router neighbor <IP address> <interface>

Interface Configuration

! Set maximum bandwidth EIGRP can consumeip bandwidth-percent eigrp <percentage>

! Configure manual summarization of outbound advertisementsip summary-address eigrp <ASN> <IP address> <mask> [<AD>]

! Enable MD5 authenticationip authentication mode eigrp <ASN> md5ip authentication key-chain eigrp <ASN> <key-chain>

! Configure hello and hold timersip hello-interval eigrp <ASN> <seconds>ip hold-time eigrp <ASN> <seconds>

! Disable split horizon for EIGRPno ip split-horizon eigrp <ASN>

Attributes

Type Distance Vector

Algorithm DUAL

Internal AD 90

External AD 170

Summary AD 5

Standard Cisco proprietary

Protocols IP, IPX, Appletalk

Transport IP 88

Authentication MD5

Multicast IP 224.0.0.10

Hello Timer 5 / 60

Hold Timer 15 / 180

K Defaults

K1 1

K2 0

K3 1

K4 0

K5 0

Packet Types

1 Update

3 Query

4 Reply

5 Hello

8 Acknowledge

Terminology

Reported Distance · The metric for a route

advertised by a neighbor

Feasible Distance · The distance advertised by a

neighbor plus the cost to get to that neighbor

Stuck In Active (SIA) · The condition when a

route becomes unreachable and not all queries are

answered; adjacencies with unresponsive neighbors

are reset

Passive Interface · An interface which does not

participate in EIGRP but whose network is

advertised

Stub Router · A router which does not relay

updates between neighbors or participate in

querying

Troubleshooting

show ip eigrp interfaces

show ip eigrp neighbors

show ip eigrp topology

show ip eigrp traffic

clear ip eigrp neighbors

debug ip eigrp [packet | neighbors]


OSPF · PART 1 packetlife.net

Protocol Header

Metric Formula

cost =100,000,000bps*

link speed

* modifiable with 'ospf auto-cost reference-bandwidth'

Link State Advertisements

Type 1 Router Link · Lists a router's neighbors and its cost to each;

flooded throughout an area

Type 2 Network Link · Generated by a DR; lists all routers on an adjacent

segment; flooded throughout an area

Type 3 Network Summary · Generated by an ABR and sent between

areas; point of summarization

Type 4 ASBR Summary · Injected by an ABR into the backbone to

advertise the presence of an ASBR

Type 5 External Link · Generated by an ASBR and flooded throughout the

AS to advertise a route external to OSPF

Type 7 NSSA External Link · Generated by an ASBR in a not-so-stubby

area; converted into a type 5 LSA by the ABR

DR/BDR Election

· The DR serves as a common point for all

adjacencies on a multiaccess segment

· The BDR also maintains adjacencies with

all routers in case the DR fails

· Election does not occur on point-to-point

or multipoint links

· Default priority (0-255) is 1; highest

priority wins; 0 cannot be elected

· DR preemption will not occur unless the

current DR is reset

Virtual Links

· Tunnel formed to join two

areas across an intermediate

· Both end routers must share a

common area

· At least one end must reside

in area 0

· Cannot traverse stub areas

· Temporary solution; not

considered best practice

Troubleshooting

show ip route show ip ospf border-routers

show ip protocols show ip ospf virtual-links

show ip ospf interface debug ip packet

show ip ospf neighbor debug ip ospf events

show ip ospf database debug ip ospf adjacency

Attributes

Type Link-State

Algorithm Dijkstra

Metric Cost (Bandwidth)

AD 110

Standard RFC 2328, 2740

Protocols IP

Transport IP 89

Authentication Plaintext, MD5

AllSPF Address 224.0.0.5

AllDR Address 224.0.0.6

Adjacency States

1 Down 5 Exstart

2 Attempt 6 Exchange

3 Init 7 Loading

4 2-Way 8 Full

Router Types

Internal Router · All interfaces reside

within the same area

Backbone Router · A router with an

interface in area 0 (the backbone)

Area Border Router (ABR) · Connects

two or more areas

AS Boundary Router (ASBR) · Connects

to additional routing domains; typically

located in the backbone

Area Types

Standard Area · Default OSPF area type

Stub Area · External summary route (type

5) LSAs are replaced by the ABR with a

default route

Totally Stubby Area · A stub area which

also replaces summary (type 3 and 4) LSAs

with a default route

Not So Stubby Area (NSSA) · A stubby

area containing an ASBR; type 5 LSAs are

converted to type 7 within the area

External Route Types

E1 · Cost of the path to the originating

ASBR is added to the route cost

E2 (default) · Only the cost of the route as

seen by the ASBR is considered


OSPF · PART 2 packetlife.net

Network Types

Nonbroadcast(NBMA)

MultipointBroadcast

MultipointNonbroadcast

Broadcast Point-to-Point

DR/BDR Eelected Yes No No Yes No

Neighbor Discovery No Yes No Yes Yes

Hello/Dead Timers 30/120 30/120 30/120 10/40 10/40

Standard RFC 2328 RFC 2328 Cisco Cisco Cisco

Supported Topology Full Mesh Any Any Full Mesh Point-to-Point


RouterA

interface Serial0/0

description WAN Link

ip address 172.16.34.2 255.255.255.252

!


description Area 0

ip address 192.168.0.1 255.255.255.0

!

interface Loopback0

! Used as router ID

ip address 10.0.34.1 255.255.255.0

!

router ospf 100

! Advertising the WAN cloud to OSPF

redistribute static subnets

network 192.168.0.0 0.0.0.255 area 0

!

! Static route to the WAN cloud

ip route 172.16.0.0 255.255.192.0 172.16.34.1

RouterB

interface Ethernet0/0

description Area 0

ip address 192.168.0.2 255.255.255.0

!


description Area 2

ip address 192.168.2.1 255.255.255.0

! Optional MD5 authentication configured

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 FooBar

! Give RouterB priority in DR election

ip ospf priority 100

!


description Area 1

ip address 192.168.1.1 255.255.255.0

!

interface Loopback0

ip address 10.0.34.2 255.255.255.0

!

router ospf 100

! Define area 1 as a stub area

area 1 stub

! Virtual link from area 0 to area 9

area 2 virtual-link 10.0.34.3

network 192.168.0.0 0.0.0.255 area 0

network 192.168.1.0 0.0.0.255 area 1

network 192.168.2.0 0.0.0.255 area 2

RouterC


description Area 9

ip address 192.168.9.1 255.255.255.0

!


description Area 2

ip address 192.168.2.2 255.255.255.0

! Optional MD5 authentication configured

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 FooBar

! Give RouterC second priority (BDR) in election

ip ospf priority 50

!

!

!

!

!

interface Loopback0

ip address 10.0.34.3 255.255.255.0

!

router ospf 100

! Define area 9 as a totally stubby area

area 9 stub no-summary

! Virtual link from area 9 to area 0

area 2 virtual-link 10.0.34.2

network 192.168.2.0 0.0.0.255 area 2

network 192.168.9.0 0.0.0.255 area 9

!


CISCO IOS VERSIONS packetlife.net

IOS Nomenclature

IOS Package Trees

Typical Release Lifecycle

First Customer Shipment (FCS) · The release is first available to

Cisco customers on CCO

EOS Notice · Notification of upcoming EOS

End of Sale (EOS) · The release is no longer orderable or included

in manufactured shipments

End of Engineering (EOE) · The last day for software fixes; only

TAC assistance is offered from this point

End of Life (EOL) · The last day for TAC support; release becomes

obsolete; upgrade is only option for support

IOS Filename

Recommended IOS

800, 1700, 2600, 2800, 3700, 3800 12.4 / 12.4T

Catalyst 2960, 3560, 3750 12.2SE

Catalyst 4500 and 4900 12.2SG

Catalyst 6500 12.2SX

7200, 7301 routers 12.4 / 12.4T / 12.2SB

7304 routers 12.2SB

7500 routers 12.4 / 12.0S

10000 routers 12.2SB

7600 routers 12.2SR

IOS Verification

Router# show version

Router# dir <filesystem>:

Router# verify <filesystem>:<image>


COMMON PORTS packetlife.net

TCP/UDP Port Numbers

7 Echo

19 Chargen

20-21 FTP

22 SSH/SCP

23 Telnet

25 SMTP

42 WINS Replication

43 WHOIS

49 TACACS

53 DNS

67-68 DHCP/BOOTP

69 TFTP

70 Gopher

79 Finger

80 HTTP

88 Kerberos

102 MS Exchange

110 POP3

113 Ident

119 NNTP (Usenet)

123 NTP

135 Microsoft RPC

137-139 NetBIOS

143 IMAP4

161-162 SNMP

177 XDMCP

179 BGP

201 AppleTalk

264 BGMP

318 TSP

381-383 HP Openview

389 LDAP

411-412 Direct Connect

443 HTTP over SSL

445 Microsoft DS

464 Kerberos

465 SMTP over SSL

497 Retrospect

500 ISAKMP

512 rexec

513 rlogin

514 syslog

515 LPD/LPR

520 RIP

521 RIPng (IPv6)

540 UUCP

554 RTSP

546-547 DHCPv6

560 rmonitor

563 NNTP over SSL

587 SMTP

591 FileMaker

593 Microsoft DCOM

631 Internet Printing

636 LDAP over SSL

639 MSDP (PIM)

646 LDP (MPLS)

691 MS Exchange

860 iSCSI

873 rsync

902 VMware Server

989-990 FTP over SSL

993 IMAP4 over SSL

995 POP3 over SSL

1025 Microsoft RPC

1026-1029 Windows Messenger

1080 SOCKS Proxy

1080 MyDoom

1194 OpenVPN

1214 Kazaa

1241 Nessus

1311 Dell OpenManage

1337 WASTE

1433-1434 Microsoft SQL

1512 WINS

1589 Cisco VQP

1701 L2TP

1723 MS PPTP

1725 Steam

1741 CiscoWorks 2000

1755 MS Media Server

1812-1813 RADIUS

1863 MSN

1985 Cisco HSRP

2000 Cisco SCCP

2002 Cisco ACS

2049 NFS

2082-2083 cPanel

2100 Oracle XDB

2222 DirectAdmin

2302 Halo

2483-2484 Oracle DB

2745 Bagle.H

2967 Symantec AV

3050 Interbase DB

3074 XBOX Live

3124 HTTP Proxy

3127 MyDoom

3128 HTTP Proxy

3222 GLBP

3260 iSCSI Target

3306 MySQL

3389 Terminal Server

3689 iTunes

3690 Subversion

3724 World of Warcraft

3784-3785 Ventrilo

4333 mSQL

4444 Blaster

4664 Google Desktop

4672 eMule

4899 Radmin

5000 UPnP

5001 Slingbox

5001 iperf

5004-5005 RTP

5050 Yahoo! Messenger

5060 SIP

5190 AIM/ICQ

5222-5223 XMPP/Jabber

5432 PostgreSQL

5500 VNC Server

5554 Sasser

5631-5632 pcAnywhere

5800 VNC over HTTP

5900+ VNC Server

6000-6001 X11

6112 Battle.net

6129 DameWare

6257 WinMX

6346-6347 Gnutella

6500 GameSpy Arcade

6566 SANE

6588 AnalogX

6665-6669 IRC

6679/6697 IRC over SSL

6699 Napster

6881-6999 BitTorrent

6891-6901 Windows Live

6970 Quicktime

7212 GhostSurf

7648-7649 CU-SeeMe

8000 Internet Radio

8080 HTTP Proxy

8086-8087 Kaspersky AV

8118 Privoxy

8200 VMware Server

8500 Adobe ColdFusion

8767 TeamSpeak

8866 Bagle.B

9100 HP JetDirect

9101-9103 Bacula

9119 MXit

9800 WebDAV

9898 Dabber

9988 Rbot/Spybot

9999 Urchin

10000 Webmin

10000 BackupExec

10113-10116 NetIQ

11371 OpenPGP

12035-12036 Second Life

12345 NetBus

13720-13721 NetBackup

14567 Battlefield

15118 Dipnet/Oddbob

19226 AdminSecure

19638 Ensim

20000 Usermin

24800 Synergy

25999 Xfire

27015 Half-Life

27374 Sub7

28960 Call of Duty

31337 Back Orifice

33434+ traceroute

Legend

Chat

Encrypted

Gaming

Malicious

Peer to Peer

Streaming

IANA port assignments published at http://www.iana.org/assignments/port-numbers


IP ACCESS LISTS packetlife.net

Standard IP ACL Syntax

! Legacy syntaxaccess-list <number> {permit | deny} <source> [log]

! Modern syntaxip access-list standard {<number> | <name>} [<sequence>] {permit | deny} <source> [log]

Actions

permit Allow matched packets

deny Deny matched packets

remark Record a config comment

evaluate Evaluate a reflexive ACL

Extended IP ACL Syntax

! Legacy syntaxaccess-list <number> {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]

! Modern syntaxip access-list extended {<number> | <name>} [<sequence>] {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]

ACL Numbers

1-991300-1999

IP standard

100-1992000-2699

IP extended

200-299 Protocol

300-399 DECnet

400-499 XNS

500-599 Extended XNS

600-699 Appletalk

700-799 Ethernet MAC

800-899 IPX standard

900-999 IPX extended

1000-1099 IPX SAP

1100-1199 MAC extended

1200-1299 IPX summary

TCP Options

ack Match ACK flag

fin Match FIN flag

psh Match PSH flag

rst Match RST flag

syn Match SYN flag

urg Match URG flag

established Match packets in a pre- established session

Logging Options

log Log ACL entry matches

log-input Log matches with ingress interface and source MAC

Source/Destination Definitions

any Any address

host <address> A single address

<network> <mask> Any address matched by the wildcard mask

IP Options

dscp <DSCP> Match packets with the given DSCP value

fragments Check non-initial fragments

option <option> Match packets with the specified IP option

precedence <0-7> Match packets with the given precedence value

ttl <count> Match packets with the given Time To Live

TCP/UDP Port Definitions

eq <port> Equal to neq <port> Not equal to

lt <port> Less than gt <port> Greater than

range <port> <port> Matches a range of port numbers

Miscellaneous Options

reflect <name> Create a reflexive ACL

time-range <name> Enable rule only during the specified time range

Applying ACLs to Restrict Traffic

interface FastEthernet0/0 ip access-group {<number> | <name>} {in | out}

Troubleshooting

show access-lists {<number> | <name>}

show ip access-lists {<number> | <name>}

show ip access-lists interface <interface>

show ip access-lists dynamic

show ip interface [<interface>]

show time-range [<name>]


PHYSICAL TERMINATIONS packetlife.net

Optical Terminations

ST (Straight Tip)

SC (Subscriber Connector)

LC (Local Connector)

MT-RJ

Wireless Antennas

RP-TNC

RP-SMA

Copper Terminations

RJ-45

RJ-11

RJ-21 (25-pair)

DE-9 (Female)

DB-25 (Male)

DB-60 (Male)

GBICs

1000Base-SX/LX

1000Base-T

Cisco GigaStack

1000Base-SX/LX SFP

1000Base-T SFP

X2 (10Gig)


Metacharacters (must be escaped)

^

$

(

)

<

.

*

+

?

[

{

\

|

>

Escape Character

\ Escape Character

Quantifiers

*

+

?

{3}

{3,}

{3,5}

0 or more

1 or more

0 or 1

Exactly 3

3 or more

3, 4 or 5

Quantifier Modifiers

"x" below represents a quantifier

x?

Ungreedy version of "x"

Anchors

^

\A

$

\Z

\b

\B

\<

\>

Start of string

Start of string

End of string

End of string

Word boundary

Not word boundary

Start of word

End of word

POSIX

[:upper:]

[:lower:]

[:alpha:]

[:alnum:]

[:digit:]

[:xdigit:]

[:punct:]

[:blank:]

[:space:]

[:cntrl:]

[:graph:]

[:print:]

[:word:]

Upper case letters

Lower case letters

All letters

Digits and letters

Digits

Hexadecimal digits

Punctuation

Space and tab

Blank characters

Control characters

Printed characters

Printed characters and

spaces

Digits, letters and

underscore

Character Classes

\c

\s

\S

\d

\D

\w

\W

\x

\O

Control character

White space

Not white space

Digit

Not digit

Word

Not word

Hexadecimal digit

Octal digit

Special Characters

\n

\r

\t

\v

\f

\xxx

\xhh

New line

Carriage return

Tab

Vertical tab

Form feed

Octal character xxx

Hex character hh

Pattern Modifiers

g

i

m

s

x

e

U

Global match

Case-insensitive

Multiple lines

Treat string as single line

Allow comments and

white space in pattern

Evaluate replacement

Ungreedy pattern

Available free from

AddedBytes.com

Assertions

?=

?!

?<=

?!= or ?<!

?>

?()

?()|

?#

Lookahead assertion

Negative lookahead

Lookbehind assertion

Negative lookbehind

Once-only Subexpression

Condition [if then]

Condition [if then else]

Comment

String Replacement (Backreferences)

$n

$2

$1

$`

$'

$+

$&

nth non-passive group

"xyz" in /^(abc(xyz))$/

"xyz" in /^(?:abc)(xyz)$/

Before matched string

After matched string

Last matched string

Entire matched string

Groups and Ranges

.

(a|b)

(...)

(?:...)

[abc]

[^abc]

[a-q]

[A-Q]

[0-7]

\n

Note: Ranges are inclusive.

Any character except

new line (\n)

a or b

Group

Passive Group

Range (a or b or c)

Not a or b or c

Letter between a and q

Upper case letter

between A and Q

Digit between 0 and 7

nth group/subpattern

Sample Patterns

Pattern

([A-Za-z0-9-]+)

(\d{1,2}\/\d{1,2}\/\d{4})

([^\s]+(?=\.(jpg|gif|png))\.\2)

(^[1-9]{1}$|^[1-4]{1}[0-9]{1}$|^50$)

(#?([A-Fa-f0-9]){3}(([A-Fa-f0-9]){3})?)

((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,15})

(\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6})

(\<(/?[^\>]+)\>)

Note: These patterns are intended for reference purposes and have not been

extensively tested. Please use with caution and test thoroughly before use.

Will Match

Letters, numbers and hyphens

Date (e.g. 21/3/2006)

jpg, gif or png image

Any number from 1 to 50 inclusive

Valid hexadecimal colour code

String with at least one upper case

letter, one lower case letter, and one

digit (useful for passwords).

Email addresses

HTML Tags

SUBNETTING packetlife.net

Subnet Chart

CIDR Subnet Mask Addresses Wildcard

/32 255.255.255.255 1 0.0.0.0

/31 255.255.255.254 2 0.0.0.1

/30 255.255.255.252 4 0.0.0.3

/29 255.255.255.248 8 0.0.0.7

/28 255.255.255.240 16 0.0.0.15

/27 255.255.255.224 32 0.0.0.31

/26 255.255.255.192 64 0.0.0.63

/25 255.255.255.128 128 0.0.0.127

/24 255.255.255.0 256 0.0.0.255

/23 255.255.254.0 512 0.0.1.255

/22 255.255.252.0 1,024 0.0.3.255

/21 255.255.248.0 2,048 0.0.7.255

/20 255.255.240.0 4,096 0.0.15.255

/19 255.255.224.0 8,192 0.0.31.255

/18 255.255.192.0 16,384 0.0.63.255

/17 255.255.128.0 32,768 0.0.127.255

/16 255.255.0.0 65,536 0.0.255.255

/15 255.254.0.0 131,072 0.1.255.255

/14 255.252.0.0 262,144 0.3.255.255

/13 255.248.0.0 524,288 0.7.255.255

/12 255.240.0.0 1,048,576 0.15.255.255

/11 255.224.0.0 2,097,152 0.31.255.255

/10 255.192.0.0 4,194,304 0.63.255.255

/9 255.128.0.0 8,388,608 0.127.255.255

/8 255.0.0.0 16,777,216 0.255.255.255

/7 254.0.0.0 33,554,432 1.255.255.255

/6 252.0.0.0 67,108,864 3.255.255.255

/5 248.0.0.0 134,217,728 7.255.255.255

/4 240.0.0.0 268,435,456 15.255.255.255

/3 224.0.0.0 536,870,912 31.255.255.255

/2 192.0.0.0 1,073,741,824 63.255.255.255

/1 128.0.0.0 2,147,483,648 127.255.255.255

/0 0.0.0.0 4,294,967,296 255.255.255.255

Decimal to Binary

Subnet Mask

255 1111 1111

254 1111 1110

252 1111 1100

248 1111 1000

240 1111 0000

224 1110 0000

192 1100 0000

128 1000 0000

0 0000 0000

Wildcard

0 0000 0000

1 0000 0001

3 0000 0011

7 0000 0111

15 0000 1111

31 0001 1111

63 0011 1111

127 0111 1111

255 1111 1111

Subnet Proportion

Classful Ranges

A 0.0.0.0 - 127.255.255.255

B 128.0.0.0 - 191.255.255.255

C 192.0.0.0 - 223.255.255.255

D 224.0.0.0 - 239.255.255.255

E 240.0.0.0 - 255.255.255.255

Reserved Ranges

RFC1918 10.0.0.0 - 10.255.255.255

Localhost 127.0.0.0 - 127.255.255.255

RFC1918 172.16.0.0 - 172.31.255.255

RFC1918 192.168.0.0 - 192.168.255.255

Determine Usable Hosts

Total Addresses

- Subnet ID

- Broadcast Address

Usable hosts

256

- 1

- 1

254

Terminology

CIDR · Classless interdomain routing was developed to

provide more granularity than legacy classful addressing;

masks expressed in the form /XX are in CIDR notation

VLSM · Variable length subnet masks are an arbitrary length

between 0 and 32 bits; CIDR relies on VLSMs to define routes


TCPDUMP packetlife.net

Command Line Options

-A Print frame payload in ASCII -q Quick output

-c <count> Exit after capturing count packets -r <file> Read packets from file

-D List available interfaces -s <len> Capture up to len bytes per packet

-e Print link-level headers in the capture dump -S Print absolute TCP sequence numbers

-F <file> Use file as the filter expression -t Don't print timestamps

-G <n> Rotate the dump file every n seconds -v[v[v]] Print more verbose output

-i <iface> Specifies the capture interface -w <file> Write captured packets to file

-K Don't verify TCP checksums -x Print frame payload in hex

-L List data link types for the interface -X Print frame payload in hex and ASCII

-n Don't convert addresses to names -y <type> Specify the data link type

-p Don't capture in promiscuous mode -Z <user> Drop privileges from root to user

Capture Filter Primitives

[src|dst] host <host> Matches a host as the IP source, destination, or either

ether [src|dst] host <ehost> Matches a host as the Ethernet source, destination, or either

gateway host <host> Matches packets which used host as a gateway

[src|dst] net <network>/<len> Matches packets to or from an endpoint residing in network

[tcp|udp] [src|dst] port <port> Matches TCP or UDP packets sent to/from port

[tcp|udp] [src|dst] portrange <p1>-<p2> Matches TCP or UDP packets to/from a port in the given range

less <length> Matches packets less than or equal to length

greater <length> Matches packets greater than or equal to length

(ether|ip|ip6) proto <protocol> Matches an Ethernet, IPv4, or IPv6 protocol

(ether|ip) broadcast Matches Ethernet or IPv4 broadcasts

(ether|ip|ip6) multicast Matches Ethernet, IPv4, or IPv6 multicasts

type (mgt|ctl|data) [subtype <subtype>] Matches 802.11 frames based on type and optional subtype

vlan [<vlan>] Matches 802.1Q frames, optionally with a VLAN ID of vlan

mpls [<label>] Matches MPLS packets, optionally with a label of label

<expr> <relop> <expr> Matches packets by an arbitrary expression

Protocols

arp ip6 slip

ether link tcp

fddi ppp tr

icmp radio udp

ip rarp wlan

TCP Flags

tcp-urg tcp-rst

tcp-ack tcp-syn

tcp-push tcp-fin

Modifiers

! or not

&& or and

|| or or

Examples

udp dst port not 53 All UDP not bound for port 53

host 10.0.0.1 && host 10.0.0.2 All packets between these hosts

tcp dst port 80 or 8080 All packets to either TCP port

ICMP Types

icmp-echoreply icmp-routeradvert icmp-tstampreply

icmp-unreach icmp-routersolicit icmp-ireq

icmp-sourcequench icmp-timxceed icmp-ireqreply

icmp-redirect icmp-paramprob icmp-maskreq

icmp-echo icmp-tstamp icmp-maskreply


WIRESHARK DISPLAY FILTERS · PART 1 packetlife.net

Ethernet

eth.addr eth.len eth.src

eth.dst eth.lg eth.trailer

eth.ig eth.multicast eth.type

IEEE 802.1Q

vlan.cfi vlan.id vlan.priority

vlan.etype vlan.len vlan.trailer

IPv4

ip.addr ip.fragment.overlap.conflict

ip.checksum ip.fragment.toolongfragment

ip.checksum_bad ip.fragments

ip.checksum_good ip.hdr_len

ip.dsfield ip.host

ip.dsfield.ce ip.id

ip.dsfield.dscp ip.len

ip.dsfield.ect ip.proto

ip.dst ip.reassembled_in

ip.dst_host ip.src

ip.flags ip.src_host

ip.flags.df ip.tos

ip.flags.mf ip.tos.cost

ip.flags.rb ip.tos.delay

ip.frag_offset ip.tos.precedence

ip.fragment ip.tos.reliability

ip.fragment.error ip.tos.throughput

ip.fragment.multipletails ip.ttl

ip.fragment.overlap ip.version

IPv6

ipv6.addr ipv6.hop_opt

ipv6.class ipv6.host

ipv6.dst ipv6.mipv6_home_address

ipv6.dst_host ipv6.mipv6_length

ipv6.dst_opt ipv6.mipv6_type

ipv6.flow ipv6.nxt

ipv6.fragment ipv6.opt.pad1

ipv6.fragment.error ipv6.opt.padn

ipv6.fragment.more ipv6.plen

ipv6.fragment.multipletails ipv6.reassembled_in

ipv6.fragment.offset ipv6.routing_hdr

ipv6.fragment.overlap ipv6.routing_hdr.addr

ipv6.fragment.overlap.conflict ipv6.routing_hdr.left

ipv6.fragment.toolongfragment ipv6.routing_hdr.type

ipv6.fragments ipv6.src

ipv6.fragment.id ipv6.src_host

ipv6.hlim ipv6.version

ARP

arp.dst.hw_mac arp.proto.size

arp.dst.proto_ipv4 arp.proto.type

arp.hw.size arp.src.hw_mac

arp.hw.type arp.src.proto_ipv4

arp.opcode

TCP

tcp.ack tcp.options.qs

tcp.checksum tcp.options.sack

tcp.checksum_bad tcp.options.sack_le

tcp.checksum_good tcp.options.sack_perm

tcp.continuation_to tcp.options.sack_re

tcp.dstport tcp.options.time_stamp

tcp.flags tcp.options.wscale

tcp.flags.ack tcp.options.wscale_val

tcp.flags.cwr tcp.pdu.last_frame

tcp.flags.ecn tcp.pdu.size

tcp.flags.fin tcp.pdu.time

tcp.flags.push tcp.port

tcp.flags.reset tcp.reassembled_in

tcp.flags.syn tcp.segment

tcp.flags.urg tcp.segment.error

tcp.hdr_len tcp.segment.multipletails

tcp.len tcp.segment.overlap

tcp.nxtseq tcp.segment.overlap.conflict

tcp.options tcp.segment.toolongfragment

tcp.options.cc tcp.segments

tcp.options.ccecho tcp.seq

tcp.options.ccnew tcp.srcport

tcp.options.echo tcp.time_delta

tcp.options.echo_reply tcp.time_relative

tcp.options.md5 tcp.urgent_pointer

tcp.options.mss tcp.window_size

tcp.options.mss_val

UDP

udp.checksum udp.dstport udp.srcport

udp.checksum_bad udp.length

udp.checksum_good udp.port

Operators

eq ==

ne !=

gt >

lt <

ge >=

le <=

Logic

and && Logical AND

or || Logical OR

xor ^^ Logical XOR

not ! Logical NOT

[n] [...] Substring operator


WIRESHARK DISPLAY FILTERS · PART 2 packetlife.net

Frame Relay

fr.becn fr.de

fr.chdlctype fr.dlci

fr.control fr.dlcore_control

fr.control.f fr.ea

fr.control.ftype fr.fecn

fr.control.n_r fr.lower_dlci

fr.control.n_s fr.nlpid

fr.control.p fr.second_dlci

fr.control.s_ftype fr.snap.oui

fr.control.u_modifier_cmd fr.snap.pid

fr.control.u_modifier_resp fr.snaptype

fr.cr fr.third_dlci

fr.dc fr.upper_dlci

PPP

ppp.address ppp.direction

ppp.control ppp.protocol

MPLS

mpls.bottom mpls.oam.defect_location

mpls.cw.control mpls.oam.defect_type

mpls.cw.res mpls.oam.frequency

mpls.exp mpls.oam.function_type

mpls.label mpls.oam.ttsi

mpls.oam.bip16 mpls.ttl

ICMP

icmp.checksum icmp.ident icmp.seq

icmp.checksum_bad icmp.mtu icmp.type

icmp.code icmp.redir_gw

DTP

dtp.neighbor dtp.tlv_type vtp.neighbor

dtp.tlv_len dtp.version

VTP

vtp.code vtp.vlan_info.802_10_index

vtp.conf_rev_num vtp.vlan_info.isl_vlan_id

vtp.followers vtp.vlan_info.len

vtp.md vtp.vlan_info.mtu_size

vtp.md5_digest vtp.vlan_info.status.vlan_susp

vtp.md_len vtp.vlan_info.tlv_len

vtp.seq_num vtp.vlan_info.tlv_type

vtp.start_value vtp.vlan_info.vlan_name

vtp.upd_id vtp.vlan_info.vlan_name_len

vtp.upd_ts vtp.vlan_info.vlan_type

vtp.version

ICMPv6

icmpv6.all_comp icmpv6.option.name_type

icmpv6.checksum icmpv6.option.name_type.fqdn

icmpv6.checksum_bad icmpv6.option.name_x501

icmpv6.code icmpv6.option.rsa.key_hash

icmpv6.comp icmpv6.option.type

icmpv6.haad.ha_addrs icmpv6.ra.cur_hop_limit

icmpv6.identifier icmpv6.ra.reachable_time

icmpv6.option icmpv6.ra.retrans_timer

icmpv6.option.cga icmpv6.ra.router_lifetime

icmpv6.option.cga.pad_length icmpv6.recursive_dns_serv

icmpv6.option.length icmpv6.type

RIP

rip.auth.passwd rip.ip rip.route_tag

rip.auth.type rip.metric rip.routing_domain

rip.command rip.netmask rip.version

rip.family rip.next_hop

BGP

bgp.aggregator_as bgp.mp_reach_nlri_ipv4_prefix

bgp.aggregator_origin bgp.mp_unreach_nlri_ipv4_prefix

bgp.as_path bgp.multi_exit_disc

bgp.cluster_identifier bgp.next_hop

bgp.cluster_list bgp.nlri_prefix

bgp.community_as bgp.origin

bgp.community_value bgp.originator_id

bgp.local_pref bgp.type

bgp.mp_nlri_tnl_id bgp.withdrawn_prefix

HTTP

http.accept http.proxy_authorization

http.accept_encoding http.proxy_connect_host

http.accept_language http.proxy_connect_port

http.authbasic http.referer

http.authorization http.request

http.cache_control http.request.method

http.connection http.request.uri

http.content_encoding http.request.version

http.content_length http.response

http.content_type http.response.code

http.cookie http.server

http.date http.set_cookie

http.host http.transfer_encoding

http.last_modified http.user_agent

http.location http.www_authenticate

http.notification http.x_forwarded_for

http.proxy_authenticate


LINUX Admin Quick Reference Jialong He

[email protected] http://www.bigfoot.com/~jialong_he

User Management Files /etc/group /etc/passwd /etc/shadow

User account information.

/etc/bashrc /etc/profile $HOME/.bashrc $HOME/.bash_profile

bash system wide and per user init files.

/etc/csh.cshrc /etc/csh.login $HOME/.cshrc $HOME/.tcshrc $HOME/.login

tcsh system wide and per user init files.

/etc/skel template files for new users.

/etc/default default for certain commands.

/etc/redhat-release /etc/slackware-version

Redhat/Slackware version info (Linux kernel version with “uname –a”)

Commands

adduser script to create an new user interactively (slackware) or link to useradd (Redhat).

useradd, userdel, usermod

create, delete, modify an new user or update default new user information..

newusers update and create new users (batch mode).

groupadd, groupdel, groupmod

add, delete or modify group.

chage. ch fn, chsh

modify account policy (password length, expire data etc.) or finger information (full name, phone number etc.) change default login shell.

linux init=/bin/sh rw

gain root access during boot prompt without password, can be used to fix some problems. mount –w -n –o remount /

Network Configuration Files /etc/rc.d/rc.inet1 (Slackware) /etc/sysconfig/nework-scripts/ifcfg-eth0 (Redhat)

IP address, Network mask, Default gateway are in these files. May edit manually to modify network parameters.

/etc/HOSTNAME hostname is set by “/bin/hostname” during

/etc/NETWORKING (Slackware) /etc/sysconfig/network (Redhat)

boot and the name is read from these files. May change manually.

etc/resolv.conf

specify name server, DNS domain and search order. For Example: search la.asu.edu nameserver 129.219.17.200

/etc/hosts host name to IP mapping file.

/etc/host.conf

host name information look up order. Example: order hosts, bind multi on

/etc/nsswitch.conf new way to specify information source.

/etc/networks /etc/protocols /etc/services

TCP/IP services and ports mapping.

/etc/rpc RPC service name to their program numbers mapping.

Commands netconfig menu driven Ethernet setup program.

pppsetup setup PPP connection (Slackware).

ifconfig

setup Ethernet during boot, for example /sbin/ifconfig eth0 ${IPADDR} broadcast ${BROADCAST} netmask ${NETMASK} /sbin/route add -net ${NETWORK} netmask ${NETMASK} eth0 /sbin/route add default gw ${GATEWAY} netmask 0.0.0.0 metric 1

host lookup host name or IP (similar to nslookup).

dnsdomainname show DNS domain name.

arping; arp find out Ethernet address by first arping then arp.

ipchains firewall and NAT (/etc/sysconfig/ipchains on Redhat)

iptables firewall and NAT (/etc/sysconfig/iptables on Redhat)

Redhat files in /etc/sysconfig Configuration Files

keyboard keyboard map, e.g., KEYBOARD=”/usr/lib/kdb/keytables/us.map”

mouse Mouse type, e.g., MOUSETYPE=Microsoft XEMU3=yes

network network settings, contains NETWORKING=yes

HOSTNAME=hostname.domain.com

NFS File Sharing Files /etc/fstab file systems mounted during boot.

/etc/exports NFS server export list.

/etc/auto.master auto mount master file.

Commands mount mount a file system or all entries in fstab.

exportfs export file system listed in exports

showmount –e hostname

show file systems exported

Printer Configuration Files /etc/printcap /etc/printcap.local

Printer capabilities data base.

/etc/lpd.conf LPRng configuration file.

/etc/lpd.perms permissions control file for the LPRng line printer spooler

/etc/hosts.lpd Access control (BSD lpd).

/etc/hosts.equiv trusted hosts.

PRINTER Environment variable of default printer.

/dev/lp0 parallel port.

Commands lpc, lpq, lprm

line printer control program, print queue maintain

Sendmail Files

sendmail.cf sendmail.mc

“sendmail.cf” is the configuration file. “sendmail.mc” is a macro file which can be used to generate “sendmail.cf” by: m4 sendmail.mc > sendmail.cf

aliases mail aliases, must run “newaliases” after change. use :include: to include external list in a file.

access

mail access control, FEATURE(access_db) should be set in sendmail.mc. For example, in /etc/mail/access cyberpromo.com REJECT mydomain.com RELAY [email protected] DISCARD makemap hash /etc/mail/access < /etc/mail/access

/etc/mail/relay- list all host/domain accepted for relaying.

domains

Commands newaliases rebuild the data base for the mail aliases file.

makemap build access database, e.g, makemap hash access.db<access

Useful Configuration Files Files httpd.conf Apache web server configuration file.

smb.conf Samba server (file and print for Windows).

lilo.conf LILO boot loder configuration file.

syslog.conf System log daemon (syslogd) configuration.

ssh_config sshd_config

SSH client and server configuration files.

ld.so.conf default dynamic library search path (run ldconfig).

mtools.conf mtool configuration file (access DOS file).

named.conf DNS name server (BIND).

sysctl.conf kernel parameters by sysctl (Redhat).

ntp.conf net time server.

inetd.conf Internet super server.

Xinetd.conf, Xinet.d directory

Extended inetd configuration.

proftpd.conf proftpd FTP server.

amanda.conf network backup server.

/etc/pine.conf /etc/pine.conf.fixed

PINE mail client system wide settings.

Rebuild Kernel Configure Kernel Parameters make config make menuconfig make xconfig

Configuring the kernel with interactive, menu or X window interface.

Compile Kernel Source make dep make zImage make zdisk make zlilo make bzImage

Building and installing a new kernel.

Compile Modules make modules make modules_install

Building and installing modules.

Manage Modules insmod, lsmod, modinfo, modprobe, rmmod, depmod

Manage loadable modules.

Miscellaneous Files /etc/shells allowed login shells

/etc/ftpusers user names NOT allowed to use ftp.

/etc/host.allow /etc/host.deny

TCP wrapper host control files.

/etc/sysconfig (redhat)

contains system configuration files.

/dev/fd0 floppy drive A

/etc/inittab /etc/init.d

system run level control file.

Commands fromdos, todos (Slackware) dos2unix, unix2dos (Redhat)

convert text file from/to linux format.

pwck, grpck verify integrity of password and group files.

pwconv, pwunconv, grpconv, grpuncov

convert to and from shadow passwords and groups.

shadowconfig toggle shadow passwords on and off.

quota, edquota, quotacheck, quotaon, quotaoff, repquota,

Manage disk quota.

lilo -D dos set LILO default OS (default=dos in lilo.conf)

ldd find out shared library dependencies.

lsof list opened files.

fuser filename show processes that using the file.

ifdown ifup

bring up/down a network interface (Redhat)

sysctl configure kernel parameters (Redhat).

socklist list opened socked.

shutdown [–r|h] now

reboot / halt computer

nmap scan a host for opened ports.

crontab show or edit cron jobs.

sys-unconfig unconfigure system

chkconfig --list list services started at different run level.

kudzu probe for new hardware (Redhat).

rpm

rpm -i INSTALL a package rpm -e UNINSTALL a package rpm -q QUERY a package rpm -U UPDATE a package

man cmd | col –b >cmd.txt

save a man page as a text file and remove control characters.

Configure Apache 2.0 with SSL mod_ssl

(1) when compile apache, specify –enable-ssl for configure script. By default, ssl is not enabled. After compiling, use “httpd –l” to list the modules. “mod_ssl” should be in them.

(2) generate private key with command: openssl genrsa -out server.key 1024 (3) generate certificate request openssl req -new -key server.key -out server.csr (4) generate self-signed certificate openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt (5) modify “ssl.conf” which is included in “httpd.conf”. Note, specify “httpd –DSSL”, otherwise, commented out <IfDefine SSL> in ssl.conf.

Syslog.conf Each line consists of a selector and an action. A selector has two parts: facilities and priorites, separated by a period (.),You may precede every priority with an equation sign (``='') to specify only this single priority and not any of the above. You may also (both is valid, too) precede the priority with an exclamation mark (``!'') to ignore all that priorities, either exact this one or this and any higher priority.

Example: mail.notice /var/log/mail # log to a file *.emerg @myhost.mydomain.org # log to remote host

facilities auth, auth-priv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, uucp, local0 – local7.

priorities debug, info, notice, warning, err, crit, alert, emerg.

action Regular File: File with full pathname beginning with “/”.

Terminal and Console: Specify a tty, same with /dev/console. Remote Machine: @myhost.mydomain.org

IPtables (Netfilter) Command Syntax iptables [-t <table >] <command > <chain > <parameters>

Save and Restore rules /sbin/iptables-save > /etc/sysconfig/iptables /sbin/iptables-restore < /etc/sysconfig/iptables Firewall script sample http://tiger.la.asu.edu/iptables_examples.htm

Build-in Table filter This is the default table for handling network packets. Build-

in chains are: 1. INPUT — This chain applies to packets received

via a network interface. 2. OUTPUT — This chain applies to packets sent

out via the same network interface which received the packets.

3. FORWARD — This chain applies to packets received on one network interface and sent out on another.

nat This table used to alter packets that create a new connection. Build-in chains:

1. PREROUTING — This chain alters packets received via a network interface when they arrive.

2. OUTPUT — This chain alters locally -generated packets before they are routed via a network interface.

3. POSTROUTING — This chain alters packets before they are sent out via a network interface.

## Masquerade everything out ppp0. iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE ## Change source addresses to 1.2.3.4. iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4

mangle This table is used for specific types of packet alteration. Build-in chains:

1. PREROUTING — This chain alters packets received via a network interface before they are routed.

2. OUTPUT — This chain alters locally-generated packets before they are routed via a network interface.

Commands --flush | -F Flush (delete) rules in the selected chain.

--policy | -P Set default policy for a particular chain.

--list | -L List all rules in filter table, use [–t tablename] to specify other tables.

--append | -A A appends a rule to the end of the specified chain.

-insert | -I Inserts a rule in a chain at a particular point.

Other commands: (1) --new | -N (2) --delete | -D (3) --replace | -D (4) --zero | -Z (5) –check | -C (6) delete-chain | -X (7) rename-chain | -E

Parameters --proto | -p [!] name protocol: by number or name, including tcp,

udp, icmp or all . --source | -s [!] addr/mask source IP address.

--destination | -d addr/mask destination IP address.

--in-interface | -i incoming interface name, e.g. eth0 or ppp0.

--out-interface | -o outgoing interface name.

--jump | -j jump to a particular target when matching a rule. Standard options: ACCEPT, DROP, QUEUE, RETURN, REJECT. May jump to a user defined chain.

--fragment | -f match second or further fragments only.

Options for TCP and UDP protocol --sport | --source-port --dport | destination-port

source and/or destination port. Can specify a range like 0:65535, use exclamation character (!) to NOT match ports.

Options for TCP only --syn Match SYN packets.

--tcp-flags Match TCP packets with specific bits set. For example, -p tcp –tcp-flags ACK,FIN,SYN SYN will only match TCP packets that have the SYN flag set and the ACK and FIN flags unset.

Options for ICMP only --icmp-type [!] type Match specified ICMP type. Valid ICMP type can be

list by iptables –p icmp -h

Option for state module (-m state --state) ESTABLISHED The matching packet is associated with other

packets in an established connection.

RELATED The matching packet is starting a new connection related in some way to an existing connection.

NEW The matching packet is either creating a new connection or is part of a two-way connection not previously seen.

INVALID The matching packet cannot be tied to a known connection.

X Window (XFree86) Files To set screen resolution, in “Screen” section and Subsection “Display”, specify a mode. For example: Modes “1024x768” To specify screen refresh rate, in “Monitor” section, specify vertical rate. For example: VertRefresh 70-120

/etc/X11/xinit/xinitrc $HOME/.xinitrc

clients to run after X server started

/etc/X11/fs/config configure X11 font path (font server).

Commands startx start X window system.

Xconfigurator (Redhat) xfree86setup (Slackware) xf86config

setup X server and generate XF86config.

XFree86 -configure XFreee86 auto configuration (Plug-n-Play), generate a template named “XF86Config.new”

Ctrl+Alt+Del stop X server (on some system Ctrl+Alt+ESC).

Ctrl+Alt+F1 Ctrl+Alt+F7

F1 temporary switch to text mode, F7 switch back to graphic mode.

SuperProbe detect graphic hardware.

xvidtune adjust X server origin and size.

xmodmap modifying key map and mouse button map.

xhost server access control program for X.

xsetroot root window parameter setting utility for X.

xlsfonts server font list displayer for X.

xset ser preference utility for X.

XF86Config

XFree86 uses a configuration file called XF86Config for its initial setup. This file is normally located in “/etc/X11” or “/etc” directory. The XF86Config file is composed of a number of sections which may be present in any order. Each section has the form: Section "SectionName" SectionEntry ... EndSection The graphics boards are described in the Device sections, and the monitors are described in the Monitor sections. They are bound toget her by a Screen section. Keyboard and Mouse are described in InputDevice sections, although Keyboard and Pointer are still recognized. ServerLayout section is at the highest level and bind together the InputDevice and Screen sections. A special keyword called Option may be used to provide free-form data to various components of the server. The Option keyword takes either one or two string arguments. The first is the option name, and the optional second argument is the option value. All Option values must be enclosed in quotes.

File Section FontPath "path" Font path elements may be either absolute directory paths, or a font server identifier

RGBPath "path" Sets the path name for the RGB color database.

ModulePath "path" Allows you to set up multiple directories to use for storing modules loaded by the XFree86 server.

EXAMPLE Section "Files" RgbPath "/usr/X11R6/lib/X11/rgb" FontPath "unix/:7100" EndSection

Serverflags Section Option "DontZap" "boolean" Disable use Ctrl+Alt+Backspace to termin ate X server.

Option "DontZoom" "boolean" Disable use ‘Ctrl+Alt+Keypad +’ and ‘Ctrl+Alt+Keypad -’ to switch video mode.

Option "BlankTime" "time" Sets the inactivity timeout for the blanking phase of the screensaver in minutes. Default 10 min.

Option "StandbyTime" "time" Sets the inactivity timeout for the "standby" phase of DPMS mode in minutes. Default 20 min.

Option "SuspendTime" "time" Sets the inactivity timeout for the "suspend" phase of DPMS mode, default 30 min.

Option "OffTime" "time" Sets the inactivity timeout for the "off" phase of DPMS mode, default 40 min.

Option "DefaultServerLayout" "layout_id" Specify the default ServerLayout section to use. Default is the first ServerLayout section.

EXAMPLE Section "ServerFlags" Option "BlankTime" "99999" Option "StandbyTime" "99999" Option "SuspendTime" "99999" Option "OffTime" "99999" EndSection

Module Section Load "modulename" Load a module. The module name given should be the module's standard name, not the module file name.

EXAMPLE Section "Module" Load "extmod" Load "type1" EndSection

InputDevice Section There are normally at least two InputDevice sections, one for Keyboard and one for Mouse.

Identifier Specify an unique name for this input device.

Drive r Specify the name of the driver to use for this input device..

Option "CorePointer" This input device is installed as the primary pointer device.

Option "CoreKeyboard" This input device is the primary Keyboard.

EXAMPLE Section "InputDevice" Identifier "Generic Keyboard" Driver "keyboard" Option "AutoRepeat" "500 30" Option "CoreKeyboard" EndSection Section "InputDevice" Identifier "PS2 Mouse" Driver "mouse" Option "CorePointer" Option "Device" "/dev/mouse" Option "Protocol" "PS/2" Option "Emulate3Buttons" "true" EndSection

Device Section Specifies information about the video card used by the system. You must have at least one Device section in your configuration file. The active device is in ServerLayout->Screen.

Identifier Specify an unique name for this graphics card.

Driver Specify the name of the driver to use for this graphics card.

EXAMPLE Section "Device" Identifier "ATI Mach64" VendorName "ATI MACH64" VideoRam 2048 EndSection

Monitor Section Monitor section describes a monitor. There must be at least one monitor section and the active one is used in ServerLayout ->Screen.

Identifier Specify an unique name for this monitor.

HorizSync horizsync-range Gives the range(s) of horizontal sync frequencies of this monitor in kHz.

VertRefresh vertrefresh-range Gives the range(s) of vertical sync frequencies of this monitor in Hz.

EXAMPLE Section "Monitor" Identifier "Generic Monitor " VendorName "Monitor Vendor" ModelName "Monitor Model" HorizSync 31.5-56.6 VertRefresh 40-70 EndSection

Screen Section Screen Section binds Device and Monitor sections. There must be at least one Screen Section. The active one is in ServerLayout section.

Identifier Specify an unique name for this Screen Section.

Device "device-id" This specifies the Identifier of Device section to be used for this screen.

Monitor "monitor-id" This specifies the Identifier of Monitor section to be used for this screen.

DefaultDepth depth Default color depth, like 8, 16 or 24.

Option "Accel" Enables XAA (X Acceleration Architecture), default is ON.

DISPLAY SUBSECTION Each Screen section must have at least one Display Subsection which matches the depth values in DefaultDepth. Depth depth This entry specifies what color depth of this Display Subsection.

Virtual xdim ydim Specifies the virtual screen resolution to be used. ViewPort x0 y0 Sets the upper left corner of the initial display. Modes "mode-name" ... Secifies the list of video modes to use. Each mode-name specified must be in double quotes. They must correspond to those specified in the appropriate Monitor section (including implicitly referenced built -in ESA standard modes). mode can be switched with Ctrl+Alt+Keypad-Plus or Ctrl+Alt+Keypad-Minus.

EXAMPLE Section "Screen" Identifier "My Screen” Device " ATI Mach64" Monitor " Generic Monitor" DefaultDepth 16 SubSection "Display" Depth 16 Modes "1024x768" "800x600" "640x480" EndSubSection SubSection "Display" Depth 24 Modes "1024x768" "800x600" "640x480" EndSubSection EndSection

ServerLayout Section ServerLayout section binds a Screen section and one or more InputSection to form a complete configuration. The active ServerLayout section is specified in ServerFlags. If not, the first ServerLayout section is active. If no ServerLayout sections are present, the single active screen and two active (core) input devices are selected as described in the relevant sections.

Identifier An unique name for this ServerLayout Section.

Screen screen-num "screen-id" position-information The screen-id field is mandatory, and specifies the Screen section being referenced.

InputDevice "idev-id" "option" ... Normally at least two are required, one for the core pointer and the other for the primary keyboard devices.

EXAMPLE Section "ServerLayout" Identifier "Default Layout" Screen "My Screen" InputDevice "Generic Keyboard" InputDevice "PS/2 Mouse" EndSection

Unix/Linux Command Reference .com

File Commandsls – directory listingls -al – formatted listing with hidden filescd dir - change directory to dircd – change to homepwd – show current directorymkdir dir – create a directory dirrm file – delete filerm -r dir – delete directory dirrm -f file – force remove filerm -rf dir – force remove directory dir *cp file1 file2 – copy file1 to file2cp -r dir1 dir2 – copy dir1 to dir2; create dir2 if it doesn't existmv file1 file2 – rename or move file1 to file2if file2 is an existing directory, moves file1 into directory file2ln -s file link – create symbolic link link to filetouch file – create or update filecat > file – places standard input into filemore file – output the contents of filehead file – output the first 10 lines of filetail file – output the last 10 lines of filetail -f file – output the contents of file as it grows, starting with the last 10 lines

Process Managementps – display your currently active processestop – display all running processeskill pid – kill process id pidkillall proc – kill all processes named proc *bg – lists stopped or background jobs; resume a stopped job in the backgroundfg – brings the most recent job to foregroundfg n – brings job n to the foreground

File Permissionschmod octal file – change the permissions of file to octal, which can be found separately for user, group, and world by adding:

● 4 – read (r)● 2 – write (w)● 1 – execute (x)

Examples:chmod 777 – read, write, execute for allchmod 755 – rwx for owner, rx for group and worldFor more options, see man chmod.

SSHssh user@host – connect to host as userssh -p port user@host – connect to host on port port as userssh-copy-id user@host – add your key to host for user to enable a keyed or passwordless login

Searchinggrep pattern files – search for pattern in filesgrep -r pattern dir – search recursively for pattern in dircommand | grep pattern – search for pattern in the output of commandlocate file – find all instances of file

System Infodate – show the current date and timecal – show this month's calendaruptime – show current uptimew – display who is onlinewhoami – who you are logged in asfinger user – display information about useruname -a – show kernel informationcat /proc/cpuinfo – cpu informationcat /proc/meminfo – memory informationman command – show the manual for commanddf – show disk usagedu – show directory space usagefree – show memory and swap usagewhereis app – show possible locations of appwhich app – show which app will be run by default

Compressiontar cf file.tar files – create a tar named file.tar containing filestar xf file.tar – extract the files from file.tartar czf file.tar.gz files – create a tar with Gzip compressiontar xzf file.tar.gz – extract a tar using Gziptar cjf file.tar.bz2 – create a tar with Bzip2 compressiontar xjf file.tar.bz2 – extract a tar using Bzip2gzip file – compresses file and renames it to file.gzgzip -d file.gz – decompresses file.gz back to file

Networkping host – ping host and output resultswhois domain – get whois information for domaindig domain – get DNS information for domaindig -x host – reverse lookup hostwget file – download filewget -c file – continue a stopped download

InstallationInstall from source:./configuremakemake installdpkg -i pkg.deb – install a package (Debian)rpm -Uvh pkg.rpm – install a package (RPM)

ShortcutsCtrl+C – halts the current commandCtrl+Z – stops the current command, resume with fg in the foreground or bg in the backgroundCtrl+D – log out of current session, similar to exitCtrl+W – erases one word in the current lineCtrl+U – erases the whole lineCtrl+R – type to bring up a recent command!! - repeats the last commandexit – log out of current session

* use with extreme caution.

http://creativecommons.org/licenses/by-sa/3.0/

THE ONE PAGE LINUX MANUALA summary of useful Linux commands

Version 3.0 May 1999 [email protected]

Starting & Stopping

shutdown -h now Shutdown the system now and do notreboot

halt Stop all processes - same as above

shutdown -r 5 Shutdown the system in 5 minutes andreboot

shutdown -r now Shutdown the system now and reboot

reboot Stop all processes and then reboot - sameas above

startx Start the X system

Accessing & mounting file systems

mount -t iso9660 /dev/cdrom/mnt/cdrom

Mount the device cdromand call it cdrom under the/mnt directory

mount -t msdos /dev/hdd/mnt/ddrive

Mount hard disk “d” as amsdos file system and callit ddrive under the /mntdirectory

mount -t vfat /dev/hda1/mnt/cdrive

Mount hard disk “a” as aVFAT file system and call itcdrive under the /mntdirectory

umount /mnt/cdrom Unmount the cdrom

Finding files and text within files

find / -name fname Starting with the root directory, lookfor the file called fname

find / -name ”*fname*” Starting with the root directory, lookfor the file containing the string fname

locate missingfilename Find a file called missingfilenameusing the locate command - thisassumes you have already used thecommand updatedb (see next)

updatedb Create or update the database of fileson all file systems attached to the linuxroot directory

which missingfilename Show the subdirectory containing theexecutable file called missingfilename

grep textstringtofind/dir

Starting with the directory called dir ,look for and list all files containingtextstringtofind

The X Window System

xvidtune Run the X graphics tuning utility

XF86Setup Run the X configuration menu withautomatic probing of graphics cards

Xconfigurator Run another X configuration menu withautomatic probing of graphics cards

xf86config Run a text based X configuration menu

Moving, copying, deleting & viewing files

ls -l List files in current directory usinglong format

ls -F List files in current directory andindicate the file type

ls -laC List all files in current directory inlong format and display in columns

rm name Remove a file or directory calledname

rm -rf name Kill off an entire directory and all it’sincludes files and subdirectories

cp filename/home/dirname

Copy the file called filename to the/home/dirname directory

mv filename/home/dirname

Move the file called filename to the/home/dirname directory

cat filetoview Display the file called filetoview

man -k keyword Display man pages containingkeyword

more filetoview Display the file called filetoview onepage at a time, proceed to next pageusing the spacebar

head filetoview Display the first 10 lines of the filecalled filetoview

head -20 filetoview Display the first 20 lines of the filecalled filetoview

tail filetoview Display the last 10 lines of the filecalled filetoview

tail -20 filetoview Display the last 20 lines of the filecalled filetoview

Installing software for Linux

rpm -ihv name.rpm Install the rpm package called name

rpm -Uhv name.rpm Upgrade the rpm package calledname

rpm -e package Delete the rpm package calledpackage

rpm -l package List the files in the package calledpackage

rpm -ql package List the files and state the installedversion of the package calledpackage

rpm -i --force package Reinstall the rpm package calledname having deleted parts of it (notdeleting using rpm -e)

tar -zxvf archive.tar.gz ortar -zxvf archive.tgz

Decompress the files contained inthe zipped and tarred archive calledarchive

./configure Execute the script preparing theinstalled files for compiling

User Administration

adduser accountname Create a new user call accountname

passwd accountname Give accountname a new password

su Log in as superuser from current login

exit Stop being superuser and revert tonormal user

Little known tips and tricks

ifconfig List ip addresses for all devices onthe machine

apropos subject List manual pages for subject

usermount Executes graphical application formounting and unmounting filesystems

/sbin/e2fsck hda5 Execute the filesystem check utilityon partition hda5

fdformat /dev/fd0H1440 Format the floppy disk in device fd0

tar -cMf /dev/fd0 Backup the contents of the currentdirectory and subdirectories tomultiple floppy disks

tail -f /var/log/messages Display the last 10 lines of the systemlog.

cat /var/log/dmesg Display the file containing the boottime messages - useful for locatingproblems. Alternatively, use thedmesg command.

* wildcard - represents everything. eg.

cp from/* to will copy all files in thefrom directory to the to directory

? Single character wildcard. eg.

cp config.? /configs will copy all filesbeginning with the name config. inthe current directory to the directorynamed configs.

[xyz] Choice of character wildcards. eg.

ls [xyz]* will list all files in the currentdirectory starting with the letter x, y,or z.

linux single At the lilo prompt, start in single usermode. This is useful if you haveforgotten your password. Boot insingle user mode, then run thepasswd command.

ps List current processes

kill 123 Kill a specific process eg. kill 123

Configuration files and what they do

/etc/profile System wide environment variables forall users.

/etc/fstab List of devices and their associated mountpoints. Edit this file to add cdroms, DOSpartitions and floppy drives at startup.

/etc/motd Message of the day broadcast to all usersat login.

etc/rc.d/rc.local Bash script that is executed at the end oflogin process. Similar to autoexec.bat inDOS.

/etc/HOSTNAME Conatins full hostname including domain.

/etc/cron.* There are 4 directories that automaticallyexecute all scripts within the directory atintervals of hour, day, week or month.

/etc/hosts A list of all know host names and IPaddresses on the machine.

/etc/httpd/conf Paramters for the Apache web server

/etc/inittab Specifies the run level that the machineshould boot into.

/etc/resolv.conf Defines IP addresses of DNS servers.

/etc/smb.conf Config file for the SAMBA server. Allowsfile and print sharing with Microsoftclients.

/etc/X11/XF86Config

Config file for X-Windows.

~/.xinitrc Defines the windows manager loaded byX. ~ refers to user’s home directory.

File permissions

If the command ls -l is given, a long list of file names isdisplayed. The first column in this list details the permissionsapplying to the file. If a permission is missing for a owner,group of other, it is represented by - eg. drwxr-x—x

Read = 4

Write = 2

Execute = 1

File permissions are altered by giving thechmod command and the appropriateoctal code for each user type. eg

chmod 7 6 4 filename will make the filecalled filename R+W+X for the owner,R+W for the group and R for others.

chmod 7 5 5 Full permission for the owner, read andexecute access for the group and others.

chmod +x filename Make the file called filename executableto all users.

X Shortcuts - (mainly for Redhat)

Control|Alt + or - Increase or decrease the screenresolution. eg. from 640x480 to800x600

Alt | escape Display list of active windows

Shift|Control F8 Resize the selected window

Right click on desktopbackground

Display menu

Shift|Control Altr Refresh the screen

Shift|Control Altx Start an xterm session

Printing

/etc/rc.d/init.d/lpd start Start the print daemon

/etc/rc.d/init.d/lpd stop Stop the print daemon

/etc/rc.d/init.d/lpdstatus

Display status of the print daemon

lpq Display jobs in print queue

lprm Remove jobs from queue

lpr Print a file

lpc Printer control tool

man subject | lpr Print the manual page called subjectas plain text

man -t subject | lpr Print the manual page called subjectas Postscript output

printtool Start X printer setup interface

~/.Xdefaults Define configuration for some X-applications. ~ refers to user’s homedirectory.

Get your own Official Linux Pocket Protector - includeshandy command summary. Visit:

www.powerup.com.au/~squadron

packetlife.net


IS-IS · PART 1

Type

Attributes

Algorithm

Metric

Link-State

Dijkstra

Default (10)

AD

Standard

Protocols

Transport

115

ISO 10589

IP, CLNS

Layer 2

Network Types

DIS Elected Yes

Broadcast

Neighbor Discovery Yes

Hello/Dead Timers 10/30

Adjacency Requirements

· Interface MTUs must match

· Areas must match (if level 1)

· System IDs must be unique

· Authentication must succeed

show ip route

show ip protocols

show [clns|isis] neighbor

show [clns|isis] interface

show isis database

· Levels must match

Protocol Header

IRPD

4 8 12 16

Type Length

Value ...

Packet Length

Version/Protocol ID Extension ID Length

R R R PDU Type Version

Reserved Maximum Area Addresses

NSAP Addressing Authentication Plaintext, MD5

Interdomain Part (IDP)Portion of the address used in routing between autonomous systems; assigned by ISO

Domain-Specific Part (DSP)Portion of the address relevant only within the local AS

Authority and Format Identifier (AFI)Identifies the authority which dictates the format of the address

Initial Domain Identifier (IDI)An organization belonging to the AFI

High Order DSP (HODSP)The area within the AS

System IDUnique router identifier; 48 bits for Cisco devices (often taken from a MAC address)

NSAP Selector (SEL)Identifies a network layer service; always 0x00 in a NET address

No

Point-to-Point

Yes

10/30

Troubleshooting

show isis spf-log

debug isis spf-events

debug isis adjacencies-packets

debug isis spf-statistics

debug isis update-packets

Routing Levels

Level 0

Level 1

Level 2

Used to locate end systems

Routing within an area

Backbone between areas

Level 3 Inter-AS routing

Terminology

Type-Length-Value (TLV)Variable-length modular datasets

Link State PDU (LSP)Carry TLVs encompassing link state information

DIS Election

· Highest-priority interface elected

· Highest system ID breaks SNPA tie

· Default interface priority is 64

· Current DIS may be preempted

· Highest SNPA (MAC/DLCI) breaks tie

Sequence Number Packet (SNP)Used to request and advertise LSPs; can be complete (CSNP) or partial (PSNP)

Hello PacketEstablishes and maintains neighbor adjacencies

Designated Intermediate SystemA pseudonode responsible for emulating point-to-point links across a multi-access segment

AFI IDI

47

Area

HODSP

0005.80ff.f800.0000 0001

System ID

0000.0c00.1234

SEL

00

Interdomain Part Domain-Specific Part

Condensed

NSAP

Example

packetlife.net


IS-IS · PART 2TLV Types

interface FastEthernet0/0description Area 1ip address 192.168.1.2 255.255.255.0ip router isisisis circuit-type level-1!router isisnet 49.0001.0000.0000.00a2.00

interface FastEthernet0/0description Area 2ip address 192.168.2.1 255.255.255.0ip router isisisis circuit-type level-1!interface Serial1/0no ip addressencapsulation frame-relay!interface Serial1/0.1 point-to-pointdescription To Area 1ip address 10.0.0.2 255.255.255.252ip router isisisis circuit-type level-2-only! MD5 authentication (keychain not shown)isis authentication mode md5isis authentication key-chain <keychain>frame-relay interface-dlci 101!interface Serial1/0.2 point-to-pointdescription To Area 3ip address 10.0.0.9 255.255.255.252ip router isisisis circuit-type level-2-onlyframe-relay interface-dlci 103!router isisnet 49.0002.0000.0000.00b1.00

interface FastEthernet0/0description Area 1ip address 192.168.1.1 255.255.255.0ip router isisisis circuit-type level-1!interface Serial1/0no ip addressencapsulation frame-relay!interface Serial1/0.1 point-to-pointdescription To Area 2ip address 10.0.0.1 255.255.255.252ip router isisisis circuit-type level-2-only! MD5 authentication (keychain not shown)isis authentication mode md5isis authentication key-chain <keychain>frame-relay interface-dlci 101!interface Serial1/0.2 point-to-pointdescription To Area 3ip address 10.0.0.5 255.255.255.252ip router isisisis circuit-type level-2-onlyframe-relay interface-dlci 102!router isisnet 49.0001.0000.0000.00a1.00

Router A2

Router B1Router A1

10.0.0.0/30

10.0.0.4/30

10.0.0.8/30

Area 1192.168.1.0/24

Area 2192.168.2.0/24

Area 3192.168.3.0/24

B2

B3

C2

C3

A2A3

1 Area Addresses

Name

2 IS Neighbors

3 ES Neighbors

Hello, LSP

Use

LSP

L1 LSP

5 Prefix Neighbors L2 LSP

128 IP Internal Reach.

129 Protocols Supported

131 IDRPI

LSP

Hello, LSP

SNP, L2 LSP

132 IP Interface Address Hello, LSP

6 IS Neighbors

8 Padding

9 LSP Entries

Hello, L2 LSP

Hello

SNP

10 Authentication All

Name Use Name Use


interface FastEthernet0/0description Area 2ip address 192.168.2.2 255.255.255.0ip router isisisis circuit-type level-1!router isisnet 49.0002.0000.0000.00b2.00

Router B2

A1

B1 C1

packetlife.net


POINT-TO-POINT PROTOCOL

LCP Header

Code Identifier Length

8 16 24 32

General PPP Configuration

! Configure a peer account if authentication will be usedusername peer-hostname password password

! Configure a local IP address pool if neededip pool name first-IP last-IP

interface Serial0/0! Enable PPP encapsulationencapsulation ppp

! Enable CHAP and/or PAP for authenticationppp authentication { chap | pap } [ chap | pap ]

! Enable compressioncompress { predictor | stac }

! Enable peer IP address assignment (server side)peer default ip address { pool name | IP-address }

! Enable IP address negotiation (client side)ip address negotiated

Troubleshooting

show ppp multilink

debug ppp authentication

PPP Components

Link Control Protocol (LCP)Provides for the establishment, configuration, and maintenance of a PPP link. Protocol-independent options are negotiated by LCP.

Network Control Protocol (NCP)A separate NCP is used to negotiate the configuration of each

network layer protocol (such as IP) carried by PPP.

debug ppp { negotiation | packet }

PPP Header

Address Control Protocol

8 16 24 32

Connection Phase Flowchart

Dead Establish

Authenticate

Network

Terminate

Auth Required

No Auth

Success

Failure

Admin Shutdown

Authentication Protocols

Plaintext Authentication Protocol (PAP)Original, obsolete authentication protocol which relies on the exchange of a plaintext key to authenticate peers (RFC 1334).

Challenge Handshake Authentication Protocol (CHAP)Authenticates peers using the MD5 checksum of a pre-shared secret

key (RFC 1994).

PPP Features

Protocol Multiplexing · Multiple NCPs

Optional Compression · Stacker/predictor

Loopback Detection · Provided by LCP

Load Balancing · Multilink PPP

Optional Authentication · PAP/CHAP

Multilink PPP Configuration

! Create the multilink interfaceinterface Multilink1ip address IP-address subnet-maskppp multilink group group

! Assign physical interfaces to the multilink groupinterface Serial0/0encapsulation pppppp multilink group group

PPP Summary

Standard RFC 1661

Asynchronous serial, synchronous serial, ISDN, HSSI

Interfaces

PPP Compression Algorithms

StackerReplaces repetitive data with symbols from a dynamic dictionary (more processor-intensive)

PredictorAttempts to predict sequential data (more memory-intensive)

PPP Connection Example

LCP Configuration Request

LCP Configuration Ack

CHAP Challenge

CHAP Response

CHAP Success

IP Control Configuration Request

IP Control Configuration Ack

CDP Control Configuration Request

CDP Control Configuration Ack

packetlife.net


FRAME MODE MPLSProtocol Header

MPLS Configuration

! Enable CEFip cef

! Select label protocolmpls label protocol ldp

! Enable MPLS on IP interfacesinterface FastEthernet0/0ip address 10.0.0.1 255.255.255.252mpls ip! Raise MPLS MTU to accommodate multilabel stackmpls mtu 1512

Terminology

Tag Distribution Protocol (TDP)Cisco's proprietary predecessor to LDP

Label Distribution Protocol (LDP)Standards-based label distribution protocol defined in RFC 3036

Interim Packet PropagationAn LSR temporarily falls back to IP routing while waiting to learn the necessary MPLS label(s)

Label-Switched Path (LSP)The unidirectional path through one or more LSRs taken by a label-switched packet belonging to an FEC

Forwarding Equivalence Class (FEC)A group of packets which are forwarded in an identical manner, typically by destination prefix and/or traffic class

Troubleshooting

show mpls interfaces

show mpls ldp neighbors

show mpls ldp bindings [detail] (LIB)

show mpls forwarding-table [detail] (LFIB)

show ip cef [detail] (FIB)

Label (20 bits) · Unique label value

Bottom of Stack (1 bit) · Indicates label is last in the stack

Time To Live (8 bits) · Hop counter mapped from IP TTL

Traffic Class (3 bits) · CoS-mapped QoS marking

Label

8 16 24 32

TC S TTL

L2 IP

Label stack

Label Switched Path

Customer (C) · IP-only routers internal to customer network

Provider Edge (PE) · LSRs on the MPLS-IP boundary

Provider (P) · MPLS-only LSRs in provider network

Customer Edge (CE) · C routers which face PE routers

Label Protocols

LDP

UDP/646Hello Port

224.0.0.2Hello Address

Proprietary

Adjacency Port

No

TCP/646

PE PE

LSP

Provider Network

Customer Network

P P

P

CE CEC C

TDP

UDP/711

255.255.255.255

Cisco

TCP/711

Conceptual Components

Forwarding/Data PlaneForwards packets based on label or destination IP address (includes the FIB and LFIB)

Control PlaneFacilitates label exchange between neighboring LSRs using LDP or TDP (includes the LIB)

Label Switching Router (LSR)Any router performing label switching (MPLS)

Label Information Base (LIB)Contains all labels learned by an LSR via a label distribution protocol

Forwarding Information Base (FIB)Routing database for unlabeled (IP) packets

Label FIB (LFIB)Routing database for labeled (MPLS) packets

Penultimate Hop Popping (PHP)The second-to-last LSR in an LSP removes the MPLS label so the last LSR only has to perform an IP lookup

debug mpls […]

Binder 1

Documents

glbp brief

priority glbp

timers glbp

glbp cisco

loadbalancing glbp

track standby

vrrp brief

wireless signal