Ccna Notes

Just Rock it \\m//

Routers – Different IP address

Switch

Network Devices (N/w Devices)

Hub

Switch

Router

Repeater

Bridge

Cable

NIC (Network Interface Card)

Switch :

Works in Layer 2 & 3

Same Network

Topology :

Bus Topology

Star Topology

Ring Topology

Mesh Topology

Extended Star Topology

1

Just Rock it \\m//

Cable :

Co – Axial Cable

Twisted Pair Cable

Fiber Optic Cable

Twisted Pair Cable

STP UTP

Strait Through Cable Cross Over Cable Roll Over Cable

Strait Through Cable :

It is used to connect different devices.

Like : Pc to Switch, Pc to Hub, Router to Switch

Cross Over Cable :

It is used to connect same devices

Pc to Pc, Hub to Hub, Router to Router, Router to Pc

Roll Over Cable :

It is used to connect Router Console to Pc / (Comm Port)

Strait Through Cable Cross Over Cable Roll Over Cable

White Orange - W/O

Orange - O

White Green - W/G

Blue - Blue

White Blue - White Blue

Green - Green

White Brown - W/B

Brown - B

White Orange - White Green

Orange - Green

White Green - White Orange

Blue - Blue

White Blue - White Blue

Green - Orange

White Brown - White Brown

Brown - Brown

White Orange – Brown

Orange – White Brown

White Green – Green

Blue – White Blue

White Blue – Blue

Green – White Green

White Brown – Orange

Brown – White Orange

2

Just Rock it \\m//

Lx, Zx To connect long distance places.

Cat 5e Cable – Connect up to 500 Mts.

ip Adds Related – Pc, Router

Mac Adds Related – Switch ( In organizations)

Binary – Hub ( 12 Ports in small offices not in Organizations. Single input and output.)

Collision Domain – Data Loss.

DB – 9 => Converter – Used for Router Configuration.

HUB Switch

It can not used in Organizations

Singe Collision Domain.

Data Loss is High

It is used in Organizations

Each port has its own collision domain.

Data loss is very very less.

3

Just Rock it \\m//

OSI Layer

OSI – Open System Inter Connect

7. Application Layer - Communications

Hardware 6. Presentation Layer - Encryption / Decryption

Layer 5. Session Layer - Terminate the Session

Heart of OSI 4. Transport Layer - TCP / UDP, Acknowledgement

3. Network Layer - Finding the Shortest Path

Software 2. Data Link Layer - MAC address

Layer 1. Physical Layer - Binary (Convert Signals into Binary)

Routing Protocols Routed Protocols

( Rib, eigrp, OSPF) (ip, ipx)

TCP – ip address

UDP – Domain Names, Like – Google.com, yahoo.com

Layer 1 Devices – Hub

Layer 2 Devices – Switch, NIC

Layer 2 Devices – Router

Private IP Address

Class A : 10.0.0.0 to 10.255.255.255

Class B : 172.16.0.0 to 172.31.255.255

Class C : 192.168.0.0 to 192.168.255.255

Only for LAN

4

Just Rock it \\m//

IP address

IP v 4 32 Bits Binary ( 192.168.1.1)

IP v 6 128 Bits Hexadecimal (2003 : AC13 : 0012 : 42BA : 1234 / 64 )

PING : Package Internet Groper

Ping 127.0.0.1 Loop Back Address

A : 001 – 126 LAN => 1,67,77,214

B : 128 – 191 MAN => 65,534

C : 192 – 223 WAN => 254

D : 224 – 239 Multicasting

E : 240 – 255 Research

10.1.1.1 => Three dots references as ‘Octet”

Single “.” reference as 8 Bits. So 3 dots means 32 Bits.

A : N/w .Host .Host .Host

B : N/w .N/w .Host .Host

C : N/w . N/w . N/w .Host

N/w = 28

Network ID : 10.0.0.0

Broadcast ID : 10.255.255.255

Broadcast ID can not assign automatically.

5

Just Rock it \\m//

Configure IP

IP address : 192.168.1.1

Subnet Mast : 255.255.0.0

Default Gateway : 192.168.1.10

Default DNS Server : 8.8.8.8 (or) 4.4.4.4

For Network Id : Add ( 128 64 32 16 8 4 2 1 ) ( 1 1 1 1 1 1 1 1 )

For Host : Multiply (Starts from 2)

0128 = A class = 1 – 126

1128 064 = B Class = 128 – 191

1128 164 032 = C Class = 192 – 223

CIDR : Classless Inter Domain RoutingDecimal Binary128 1 0 0 0 0 0 0 0192 1 1 0 0 0 0 0 0224 1 1 1 0 0 0 0 0240 1 1 1 1 0 0 0 0248 1 1 1 1 1 0 0 0252 1 1 1 1 1 1 0 0254 1 1 1 1 1 1 1 0255 1 1 1 1 1 1 1 1

10.1.1.1 /24 – CIDR

255.255.255.0 - Subnet mask

28.28.28.0

ie. 8 +8 +8 = 24

6

Just Rock it \\m//

Subnet Mask CIDR

255.0.0.0 /8

255.128.0.0 /9

255.192.0.0 /10

255.224.0.0 /11

255.240.0.0 /12

255.248.0.0 /13

255.252.0.0 /14

255.254.0.0 /15

255.255.0.0 /16

255.255.128.0 /17

255. 255.192.0 /18

255. 255.224.0 /19

255. 255.240.0 /20

255. 255.248.0 /21

255. 255.252.0 /22

255. 255.254.0 /23

255. 255.255.0 /24

255.255.128.0 /25

255. 255. 255.192 /26

255. 255. 255.224 /27

255. 255. 255.240 /28

255. 255. 255.248 /29

255. 255. 255.252 /30

255. 255. 255.254 /31

255. 255. 255.255 /32

7

Just Rock it \\m//

Calculate how many no of subnet per N/w

Calculate how many no of Host per subnet

Calculate Block Size.

Formula for to Calculate

Subnet Mask = 2x

Host ID = 2y – 2

Block Size = 256 – Net mask

1. Ex : 192.168.1.0 /28

/28 : 255.255.255.240

240 : 1 1 1 1 0 0 0 0 ( x = 4, y = 4)

Subnet = 2x = 24 = 16

Host = 2y -2 = 24 -2 = 16 – 2 = 14

Block Size = 256 – Net Mask = 256 – 240 = 16

Subnet Id or Network Id

192.168.1.0 192.168.1.16 192.168.1.32

48,64,80,96,112, 128,144,160,176, 192,208,224,240

Valid First Host Id 192.168.1.1 192.168.1.17 192.168.1.33

Valid Last Host Id 192.168.1.14 192.168.1.30 192.168.1.46

Broadcast Id 192.168.1.15 192.168.1.31 192.168.1.47

2. Ex : 200.1.4.0 /26

/26 : 255.255.255.192

192 : 1 1 0 0 0 0 0 0 ( x = 2, y = 6)

Subnet = 2x = 22 = 4

8

Just Rock it \\m//

Host = 2y -2 = 26 -2 = 64 – 2 = 62



200.1.4.0 200.1.4.64 200.1.4.128

192Valid First Host Id 200.1.4.1 200.1.4.65 200.1.4.129


Broadcast Id 200.1.4.63 200.1.4.127 200.1.4.191

3. Ex : 10.1.1.0 /30

/26 : 255.255.255.252

252 : 1 1 1 1 1 1 0 0 ( x = 6, y = 2)

Subnet = 2x = 26 = 64

Host = 2y -2 = 24 -2 = 4 – 2 = 2



10.1.1.0 10.1.1.4 10.1.1.8

12, 16, 20, 24, 28 … 254.



Broadcast Id 10.1.1.3 10.1.1.7 10.1.1.11

9

Just Rock it \\m//

4. Ex : 192.2.0.0 /22 (important)

/22 : 255.255.252.0

252 : 1 1 1 1 1 1 0 0 . 0 0 0 0 0 0 0 0 ( x = 6, y = 10)

Subnet = 2x = 26 = 64

Host = 2y -2 = 210 -2 = 1024 – 2 = 1022

Block Size = 256 – Net Mask = 256 – 252.0 = 4.0


192.2.0.0 192.2.4.0 192.2.8.0

12.0, 16.0, 20.0Valid First Host Id 192.2.0.1 192.2.4.1 192.2.8.1


Broadcast Id 192.2.3.255 192.2.7.255 192.2.11.255

0.1 0.255 = 255

1.0 1.255 = 256

2.0 2.255 = 256

3.0 3.254 = 255

Total = 1022

5. Ex : 15.100.0.0 /20

/22 : 255.255.240.0

252 : 1 1 1 1 0 0 0 0 . 0 0 0 0 0 0 0 0 ( x = 4, y = 12)

Subnet = 2x = 24 = 16

Host = 2y -2 = 212 -2 = 4096 – 2 = 4094

Block Size = 256 – Net Mask = 256 – 240.0 = 16.0

Subnet Id or 15.100.0.0 15.100.16.0 15.100.32.0 48.0, 64.0,

10

Just Rock it \\m//

Network Id

80.0, 96.0Valid First Host Id 15.100.0.1 15.100.16.1 15.100.32.1


Broadcast Id 15.100.15.255 15.100.31.255 15.100.47.255

0.1 0.255 = 255

1.0 1.255 = 256 ..15.0 15.254 = 255

Total = 4094

6. Ex : 10.0.0.0 /13

/13 : 255.248.0.0

252 : 1 1 1 1 1 0 0 0 . 0 0 0 0 0 0 0 0 . 0 0 0 0 0 0 0 0 ( x = 5, y = 19)

Subnet = 2x = 25 = 32

Host = 2y -2 = 219 -2 = 524288 – 2 = 524286

Block Size = 256 – Net Mask = 256 – 248.0.0 = 8.0.0


10.0.0.0 10.8.0.0 10.16.0.0

32.0.0, 48.0.0, 64.0.0, 000



Broadcast Id 10.7.255.255 10.15.255.255 10.31.255.255

-- x --

Find the host IP for the following Ids :-11

Just Rock it \\m//

1. 216.4.1.64 /27

2. 117.8.1.200 /38

3. 17.2.4.0 /22

4. 20.49.24.0 /21

Ex : 150.8.1.48 /28

/28 : 255.255.255.240

Block Size = 256 – Net Mask = 256 -240 = 16.

0,16,32,48,64

Host Ids = 49 .. 63

1. 216.4.1.64 /27

/27 : 255.255.255.224

Block Size – 256 – Net Mask = 256 – 224 = 32

0,32,64,96,128

Host Ids = 65 – 94

2. 117.8.1.200 /30

/30 : 255.255.255.252

B.S. = 256 – 252 = 4

0,4,8,12, …, 200,204

Host Ids = 201 - 202

3. 100.98.4.128 /25

/25 : 255.255.255.128

B.S. = 256 – 128 = 128

0,128

Host Ids = 129 - 254

12

Just Rock it \\m//

4. 17.2.4.0 /22

/22 : 255.255.252.0

B.S. = 256 – 252.0 = 4.0

4.0, 8.0, 12.0

Host Ids = 4.1 – 7.254

5. 20.49.24.0 /21

/21 : 255.255.248.0

B.S. = 256 – 248.0 = 8.0

0.0, 8.0, 16.0, 24.0, 32.0

Host Ids = 24.1 – 31.254

Find the N/w id for the following ids.

1. 199.4.1.35 /28

2. 10.8.8.255 /22

3. 140.2.1.50 /25

4. 17.88.2.52 /29

Ex : 100.2.1.100 /27

/27 : 255.255.255.224

B.S. = 256 – 224 = 32

0,32,64,96,128

N/w id : 96

1. 199.4.1.35 /28

/28 : 255.255.255.240

B.S. = 256 – 240 = 16

0,16,32,48

N/w id : 32

13

Just Rock it \\m//

2. 10.8.8.255 /22

/22 : 255.255.252.0

B.S. = 256 – 252.0 = 4.0

0.0, 4.0, 8.0, 12.0

N/w id : 8.0

3. 140.2.1.50 /25

/25 : 255.255.255.128

B.S. = 256 – 128 = 128

0, 128

N/w id : 0

4. 17.88.2.52 /29

/29 : 25.255.25.248

B.S. = 256 – 148 = 8

0, 8, 16, 32, 40, 48, 56

N/w id : 48

Ethernet Card Speed

Ethernet Card - 10Mbps

Fast Ethernet Card - 100 Mbps

Gigabyte Ethernet - 1 GB

14

Just Rock it \\m//

Internal & External Components of Router

Router :

Router is a device which makes communication between two or more networks

present in different geographical location.

Routers are data forwarding devices which work at layer 3.

Routers forward data based on logical addresses (IP, IPx, AppleTalk)

Many Companies are manufacturing Routers :

CISCO

Nortel

Multicom

Cydades

Juniper

Dlink

Linksys

3com

CISCO designed the Router into 3 Layers :

Access Layer Router.

Distribution Layer Router.

Core Layer Router.

Access Layer Router :

Routers which are used by small organization.

Used for end user connectivity.

Router series : 800, 1600, 1700, 2500, 2600

15

Just Rock it \\m//

Distribution Layer Router :

Routers which are used by the ISP’s

Used for policy based routing and access control.

Router series : 2600, 3200, 3600, 3700

Core Layer Router :

Routers which are used by the Global ISP’s.

Used for faster surfing access internet.

Router series : 6400, 7200, 7300, 7400, 7500, 7600, 10000, 12000

Console Port :

It is known as Local Administrative Port.

It is used for Initial Configuration.

Password Recovery.

Auxiliary Port :

It is known as Remote Administrative Port.

Used for Remote Administration.

Other Ports :

BRI Ports

Basic Rate Interface used to connect ISDN. It is available on 2503 and 2520 model Routers.

IO Base I Port

Used for connecting LAN to the Router. It is available on 2520 model Router.

WAN Interfaces

Serial interface (SO, SI)

ISDN interface (BRIO)

16

Just Rock it \\m//

LAN Interfaces – Ethernet

AUI (Attachment Unit Interface) (EO)

10 base T.

Administration Interfaces

Console Port.

Auxiliary Port.

Internal Components :

ROM

A bootstrap program is located here.

It contains POST Routines.

Rx boot mode (mini IOs), ROM monitor mode are also located here.

Flash

Internet work Operating System (IOS) is stored here. IOS is command line

interface.

NVRAM

Non volatile RAM

The configuration by the Router is stored permanently when it is saved.

RAM

It is temporary storage memory where running configuration is stored.

The size of RAM is greater than NVRAM.

Processor

Motorola Processor 30 MHz, RISC based processor. ( Reduced Instruction

set computer).

17

Just Rock it \\m//

IP Routing :

Static Route

Default Route

Dynamic Route (Rip, eigrp, OSPF)

Router Modes :

Router > User Mode

Router Privilege Mode

Router (Config) Global Mode

Router (Config-if) Interface Mode

Static Route :

195.168.1.1 S2/0

S2/0 195.168.1.2

Fa0/0 192.168.1.100 Fa0/0 192.168.2.100

192.168.1.1 1.2 192.168.2.1 2.2

18

R1

R2

DCE – Data Communication Equipment

DTE – Data Terminal Equipment

Just Rock it \\m//

Commands to Configure S2/0 and Fa0/0 IPs in Routers

Router > Enable

Router Configure Terminal

Router (config) Host Name cbe

Cbe (config) Interface Fa 0/0

Cbe (config - if) IP address 192.168.1.100 255.255.255.0

Cbe (config-if) No Shutdown

Cbe (config-if) Exit

Cbe (config) Interface S2/0


Cbe (config-if) Clock Rate 64000


Cbe (config-if) End

Router > Enable


Router (config) Host Name Mas

Mas (config) Interface Fa 0/0

Mas (config - if) IP address 192.168.2.100 255.255.255.0

Mas (config-if) No Shutdown

Mas (config-if) Exit

Mas (config) Interface S2/0

Mas (config - if) IP address 195.168.1.2 255.255.255.0

Mas (config-if) Clock Rate 64000

Mas (config-if) No Shutdown

Mas (config-if) End

19

Just Rock it \\m//

Commands to Connect PCs Through Routers

Cbe # configure terminal

Cbe (config) # ip route 192.168.2.0 255.255.255.0 195.168.1.2 - (Another router’s fa0/0)

Mas # configure terminal

Mas (config) # ip route 192.168.1.0 255.255.255.0 195.168.1.1

Trouble Shoot Commands

Show ip interface brief => Interface Status

Show run => Current Status

Show controllers s2/0 => Serial Port Status

Show ip route => Routing Information

Show cdp neighbour detail => Neighbour Router Information(Cdp – Cisco Discover Protocol)

Show version => Router Model, Configuration, Register value, RAM or NVRAM.

DTE V.35 => Connected

DTE V.11 => Not Connected

20

do is used run any command run in any mode.do is used run any command run in any mode.

Show ip interface brief

Show run

No with command will remove the assigned ip addresses.

wr => To save the configuration in NVRAM. It will work in privilege mode. (or) copy run start.

wr => To save the configuration in NVRAM. It will work in privilege mode. (or) copy run start.

Just Rock it \\m//

110.10.1.1 S2/0 150.150.1.1 S3/0

S2/0 110.10.1.2 S3/0 150.150.1.2

Fa0/0 200.10.1.5 Fa0/0 100.10.1.5 Fa0/0 170.10.1.5

200.10.1.1 1.2 100.10.1.1 1.2 170.10.1.1 1.2

Commands to Configure S2/0 and Fa0/0 IPs in Routers

Router > Enable


Router (config) Host Name cbe

Cbe (config) Interface Fa 0/0



Cbe (config-if) Exit

Cbe (config) Interface S2/0


Cbe (config-if) Clock Rate 64000


Cbe (config-if) End

Router > Enable21

R1

R2

R2

Just Rock it \\m//


Router (config) Host Name Tup

Tup (config) Interface Fa 0/0

Tup (config - if) IP address 100.10.1.5 255.0.0.0

Tup (config-if) No Shutdown

Tup (config-if) Exit

Tup (config) Interface S2/0


Tup (config-if) Clock Rate 64000


Tup (config) Interface S3/0



Tup (config-if) End

Router > Enable


Router (config) Host Name Poy

Poy (config) Interface Fa 0/0

Poy (config - if) IP address 170.10.1.5 255.255.0.0

Poy (config-if) No Shutdown

Poy (config-if) Exit

Poy (config) Interface S3/0

Poy (config - if) IP address 150.150.1.2 255.255.0.0

Poy (config-if) Clock Rate 64000

Poy (config-if) No Shutdown

Poy (config-if) End

22

Just Rock it \\m//

Commands to Connect Pcs through Routers


Cbe (config) # ip route 100.0.0.0 255.0.0.0 110.10.1.2 - (Second Router fa0/0)

Cbe (config) # ip route 170.10.0.0 255.255.0.0 110.10.1.2 - (Third Router fa0/0)

Tup # configure terminal

Tup (config) # ip route 170.10.0.0 255.255.0.0 150.150.1.2 - (Third Router fa0/0)

Tup (config) # ip route 200.10.1.0 255.255.255.0 110.10.1.1 - (First Router fa0/0)

Poy # configure terminal

Poy (config) # ip route 100.0.0.0 255.255.0.0 150.150.1.1 - (Second Router fa0/0)

Poy (config) # ip route 200.10.1.0 255.255.255.0 150.150.1.1 - (First Router fa0/0)

Commands to Connect Routers


Cbe (config) # ip route 150.150.0.0 255.255.0.0 110.10.1.2 - (Third Router S2/0)


Poy (config) # ip route 110.0.0.0 255.0.0.0 150.150.1.1 - (First Router S2/0)

Default Route



Cbe (config) # ip route 0.0.0.0 0.0.0.0 110.10.1.2 - (Second Router fa0/0)

Cbe (config) # ip route 0.0.0.0 0.0.0.0 110.10.1.2 - (Third Router fa0/0)

Cbe (config) # ip route 0.0.0.0 0.0.0.0 110.10.1.2 - (Third Router S3/0)23

Just Rock it \\m//

Tup # configure terminal

Tup (config) # ip route 0.0.0.0 0.0.0.0 150.150.1.2 - (Third Router fa0/0)

Tup (config) # ip route 0.0.0.0 0.0.0.0 110.10.1.1 - (First Router fa0/0)


Poy (config) # ip route 0.0.0.0 0.0.0.0 150.150.1.1 - (First Router fa0/0)

Poy (config) # ip route 0.0.0.0 0.0.0.0 150.150.1.1 - (Second Router fa0/0)

Poy (config) # ip route 0.0.0.0 0.0.0.0 150.150.1.1 - (First Router S2/0)

Dynamic Route

Rip version 1 : Class Full

Rip Version 2 : Class Less

Rip – Routing information Protocol )

IGP – Internal Gateway Protocol – Same as Value

EGP – Different as Value

RIP – Bellman Fort Algorithm

EIGRP - Dual Algorithm

OSPF – Dijkstras Algorithm

RIP works on the basis Distance Vector Protocol

Only 16 routers will be used.

RIP is used in small organization.

HOP count is used for counting. ( One HOP is data travels from one router to another router. )

24

Just Rock it \\m//

219.2.1.1 S2/0 178.66.4.1 S3/0

S2/0 219.2.1.2 S3/0 178.66.4.2

Fa0/0 68.49.8.1 Fa0/0 10.21.1.1 Fa0/0 199.44.1.1

68.49.8.2 8.3 10.21.1.2 1.3 199.44.1.2 1.3

Dynamic Route


R1 # configure terminal

R1 (config) # router rip

R1 (config – router) # network 68.0.0.0









R3 (config – router ) # network 199.44.1.0


25

R1

R2

R2

Just Rock it \\m//

Password Settings

Enable password

Enable secret

Console password

Telnet password

Auxiliary password

Enable Password


R1 (config) # enable password ccna

R1 # exit

Enable Secret


R1 (config) # enable secret cisco

R1 # exit

Console Password


R1 (config) # line console 0

R1 (config) # password ccnp

R1 # login

R1 # exit

Telnet Password


R1 (config) # line vty 0 4

R1 (config) # password ccie

R1 # login

R1 # exit

26

Just Rock it \\m//

Auxiliary Password


R1 (config) # line aux 0

R1 (config) # password 1234

R1 # login

R1 # exit

Telnet : Telecommunication Network.

SDM : Secure Device Manager.

For Telnet

Type telnet password in R0

Open R1

Type telnet and space any ip address of Router 0

Telnet is used to configure other router from our router. The command is

telnet ip address s2/0 or fa0/0

As Value – Autonomous System Value.

BGP – Border Gateway Protocol.

OSPF – Open shortest Path First.

EIGRP – Enhanced Interior Gateway Routing Protocol.

27

# service password- encryptionThis command is used encrypt the passwords.

# service password- encryptionThis command is used encrypt the passwords.

Just Rock it \\m//

Password Recovery

Password :

[ Power off and on ]

#############

Press ctrl + Break

Romon 1 > confreg 0x2142 (Ram)

Romon 1 > reset

Router > en

Router # configure terminal

Router (config) # config register 0x2102 (NVRAM)

Router (config) # exit

Router # copy startup-config running-config ( nvram to ram)


Router # Line console 0

Router # password 12345

Router # login

Router # end

Router # wr

Router # reload

To Remove Password

Router # line console 0

Router # no password (no enable secret)

Router # no login

Router # end28

Just Rock it \\m//

Rip Version 2 :

=> Ip Save

=> Cost wise Less.

195.20.1.0 /24 2 Users

195.20.1.5 /30 S2/0 195.20.1.9 /30 S3/0

S2/0 195.20.1.6 S3/0 195.20.1.10

Fa0/0 195.20.1.65/26 Fa0/0 195.20.1.17/28 Fa0/0 195.20.1.33/27

195.20.1.66 1.67/26 195.20.1.18 1.19/28 195.20.1.34 1.35/27

/26 : 255.255.255.192

B.S. = 256-192 = 64 => 0, 64, 128,192

/27 : 255.255.255.224

B.S. = 256-224 = 32 => 0, 32, 64, 96

/28 : B.S. = 256-240 = 16 => 0, 16, 32,48

211 /21 : 2048-2 = 2046

210 /22 : 1024-2 = 1022

29 /23 : 512-2 = 510

28 /24 : 256-2 = 254

27 /25 : 128-2 = 126

26 /26 : 64 – 2 = 62

25 /27 : 32 – 2 = 30

24 /28 : 16 – 2 = 14

23 /29 : 8 – 2 = 6

22 /30 : 4 – 2 = 2

Assigning ip address for classless is different from classful. We have to choose the

subnet mask according to the CIDR value.

29

R1

50 Users

R2

10 Users

R2

25 Users

Just Rock it \\m//

Router > Enable


Router (config) Host Name R1

R1 (config) Interface Fa 0/0

R1 (config - if) IP address 195.20.1.65 255.255.255.192

R1 (config-if) No Shutdown

R1 (config-if) Exit

R1 (config) Interface S2/0


R1 (config-if) Clock Rate 64000


R1 (config-if) End











Router Route Configuration.

R1 (config) router rip

30

Just Rock it \\m//

R1 (config-router) version 2

R1 (config-router) network 195.20.1.4






R2 (config-router) network 195.1.16





14.3.12.0 /16 2 Users

14.3.12.5 /30 S2/0 14.3.12.9 /30 S3/0

S2/0 14.3.12.6/30 S3/0 14.3.12.10/30

Fa0/0 14.3.4.1/22 Fa0/0 14.3.128.1/17 Fa0/0 14.3.32.1/19

14.3.4.2 4.3/22 14.3.128.2 128.3/17 14.3.32.3 32.4/19

31

R1

1000 Users

R2

20000 Users

R3

5000 Users

Just Rock it \\m//

/22 : 255.255.252.0

B.S. = 256-252.0 = 4.0 => 4.0, 8.0, 12.0

/17 : 255.255.128.0

B.S. = 256-128.0 = 128.0 => 0, 128.0

/19 : B.S. = 256-224.0 = 32.0, 64.0

211 /21 : 2048-2 = 2046

210 /22 : 1024-2 = 1022

29 /23 : 512-2 = 510

28 /24 : 256-2 = 254

27 /25 : 128-2 = 126

26 /26 : 64 – 2 = 62

25 /27 : 32 – 2 = 30

24 /28 : 16 – 2 = 14

23 /29 : 8 – 2 = 6

22 /30 : 4 – 2 = 2

Assigning ip address for classless is different from classful. We have to choose the

subnet mask according to the CIDR value.

Router > Enable


Router (config) Host Name R1




R1 (config-if) Exit



R1 (config-if) Clock Rate 64000


R1 (config-if) End







Just Rock it \\m//





Router Route Configuration.














33

Just Rock it \\m//

EIGRP :

219.2.1.1 S2/0 178.66.4.1 S3/0

S2/0 219.2.1.2 S3/0 178.66.4.2

Fa0/0 68.49.8.1 Fa0/0 10.21.1.1 Fa0/0 199.44.1.1

68.49.8.2 8.3 10.21.1.2 1.3 199.44.1.2 1.3

Dynamic Route



R1 (config) # router eigrp 10 ( 10 is as value, u could use the same ‘as’ value for each router.)



R1 (config – router) # no auto-summary


R2 (config) # router eigrp 10







R1

R2

R3

Just Rock it \\m//

R3 (config – router ) # network 199.44.1.0



OSPF – Open Shortest Path First :

199.41.1.1 S2/0 216.3.1.1 S3/0

S2/0 199.41.1.2 S3/0 216.3.1.2

Fa0/0 172.16.1.1 Fa0/0 10.28.4.1 Fa0/0 121.22.22.1

172.16.1.2 1.3 10.28.4.2 4.3 121.22.22.2 22.3



R1 (config) # router ospf 10 ( 10 Process Id, u can change this for each routers.)

R1 (config – router) # network 172.16.0.0 0.0.255.255 area 0 (Have to minus from subnet)

R1 (config – router) # network 199.41.1.0 0.0.0.255 area 0


R2 (config) # router ospf 15




35

R1

R2

R3

Just Rock it \\m//



R3 (config – router ) # network 216.3.1.0 0.0.0.255 area 0


debug ip ospf events

debug ip rip events

debug ip eigrp events

Traceroute 121.22.22.2

OSPF – Class Less – Open Shortest Path First :

2 Users

172.16.4.201 /30 S2/0 172.16.4.181 /30 S3/0

S2/0 72.16.4.202/30 S3/0 172.16.4.182/30

Fa0/0 172.16.4.33/28 Fa0/0 172.16.8.1/22 Fa0/0 172.16.4.81/29

172.16.4.34 4.35/28 172.16.8.2 8.3/22 172.16.4.81 4.82/29

36

R1

R2

R3

Just Rock it \\m//



R1 (config) # router ospf 10 ( 10 Process Id, u can change this for each routers.)

R1 (config – router) # network 172.16.4.32 0.0.0.15 area 0 (Have to minus from subnet)











37

OSPF Authentication :

# configure terminal

# int s2/0

# ip ospf authentication-key mksekar (Password)

# exit

# router ospf 15 (Process id should same with route configuration.)

# area 0 authentication

# end

OSPF Authentication :

# configure terminal

# int s2/0

# ip ospf authentication-key mksekar (Password)

# exit

# router ospf 15 (Process id should same with route configuration.)

# area 0 authentication

# end

Just Rock it \\m//

Multiple Route Configuration :

10.1.1.1 /24 20.1.1.1 /24


R5 (config) # router eigrp 10 ( As Value - Autonomous System Value)





R5 # exit


R5 (config – router) # version 2




38

RIP V2

S3/0 - 210.22.1.14 /30S2/0 - 210.22.1.17 /30

S6/0 - 210.22.1.13 /30

S3/0 - 210.22.1.9 /30

S3/0 - 210.22.1.10 /30

S2/0 - 210.22.1.6 /30

S2/0 - 210.22.1.26 /30

S2/0 - 210.22.1.25 /30

S3/0 - 210.22.1.22 /30

S3/0 - 210.22.1.21 /30

S2/0 - 210.22.1.5 /30

R1

R3

R2R4 R5

S6/0 - 210.22.1.18 /30

EIGRP

OSPF

EIGRP, OSPF, RIP V2

Just Rock it \\m//

R5 # exit











R4 # exit


R4 (config – router) # version 2




R4 # exit










39

Just Rock it \\m//



R2 (config) # version 2







Multiple Area OSPF Route Configuration :

195. 20.1.5 /30 1.9 /30 ASBR 1.13 /30 1.21 /30

1.6 /30 1.10 /30 1.14 /30 1.22 /30

10.1.1.1 /24 170.2.1.1 /24 192.168.1.1 /24 20.1.1.1 /24 123.21.1.1 /24

1.2 1.2 1.2 1.2 1.2

Area 1 Area 0 Area 2





40

R1

R3

R2

R4

R5

ASBR – Autonomous System Boundary Router.ASBR – Autonomous System Boundary Router.

Just Rock it \\m//




















Debug ip rib => is used to show background information of router.

41

Just Rock it \\m//

Rules of Routing :

Head office Ethernet interface should be in the same network as you head office LAN and similarly on branch office side.

Head office S0 and Branch office S1 should be in same network.

Head office LAN and branch office LAN should be in different network.

All interface of router should be in different network.

Types of Routing :

Static Routing

Default Routing

Dynamic Routing

Static Routing :

It is configured by administrator manually

Mandatory need of destination Network id.

It is secure and fast.

Used for small organizations with a network of 10-15 routers.

Administrative distance for static route is 0 & 1. It is “trustworthiness” of the

routing information. Lesser the administrative distance, higher the preference.

Disadvantage of Static Routing :

Administrative work is more.

Compulsory need of destination network ids.

Used only for small organizations.

It can not dynamically update topology changes.42

Just Rock it \\m//

Default Routing :

A default routing protocol is configured for unknown destinations.

Generally used in the internet where the destinations are unknown.

Example : The address of yahoo.com is unknown.

Configured at the end points.

It is the last preferred routing.

Dynamic Routing :

Advantage of Dynamic over Static :

There is no need to know the destination networks.

Need to advertise the directly connected networks.

Updates the topology changes dynamically.

Administrative work is reduced.

Used for large organizations.

Type of Dynamic Routing Protocols :

Distance Vector Protocol.

Link State Protocol.

Hybrid Protocol.

Distance Vector Protocol :

Works with Bellman Ford algorithm.

Periodic Updates.

43

Just Rock it \\m//

Classful routing protocol.

Full routing tables are exchanged.

Updates are through broadcast.

Also known as “Routing By Rumor”.

Example : RIP, IGRP.

Link State Protocol :

Works with Dijkstra Algorithm.

Link state updates.

Classless routing protocol.

Missing routes are exchanged.

Updates are through multicast.

Also known as “Routing by Intelligence”

Example : OSPF, IS-IS.

Hybrid Protocol :

Works with Dual algorithm.

Link state updates.

Classless routing protocols.

Missing routes are exchanged.

Updates are through multicast.

Also known as “Routing by intelligence”.

Ex : EIGRP

44

Just Rock it \\m//

Routing Information Protocol :

Open Standard Protocol

Classfull routing protocol

Updates are broadcasted via 255.255.255.255

Administrative distance is 120

Metric: Hop count

Max Hop counts: 15 Max routers : 16

Load Balancing of 4 equal paths

Used for small organizations

Update timer: 30 sec

- Time between consecutive updates

Invalid timer: 180 sec

- Time a router waits to hear updates

- The route is marked unreachable if there is no update during this interval.

Flush timer: 240 sec

- Time before the invalid route is purged from the routing table

Hold down timer: 18Osec

- Specifies the amount of time for which the information about poorer routes are ignored.

Disadvantages of RIP :

More Bandwidth utilization

Doesn’t consider the bandwidth, works only with hop counts

Slow convergence

Formation of Routing loops

45

Just Rock it \\m//

SWITCHING :

Manageable – Console Port Available.

Non – Manageable.

Switching Types :

VLAN and VTP

VLAN – Traffic will be reduced

10.1.1.1 1.2 1.3 1.4 1.5 1.6

Vlan 2 Vlan 3 Vlan 4

Switch > enable

Switch # configure terminal

Switch(config) # vlan 2

Switch(config) # name HR


Switch(config) # name Mark


Switch(config) # name CCNA

Switch(config) # exit


46

0/1 0/2 0/3 0/4 0/5 0/6

Just Rock it \\m//

Switch(config) # interface range fastEthernet 0/1-fastEthernet 0/2

Switch(config-if-range) # switchport access vlan 2

Switch(config-if-range) # interface range fa0/3-fa0/4




Switch(config-if-range) # end

Switch # show vlan

Switch > enable


Switch # interface vlan 2

Switch # ip address 10.1.1.100 255.0.0.0

Switch # no shutdown

VTP – Virtual Trunk Port :

Fa0/0 Fa0/0.1 – 10.1.1.1, Fa0/0.2 – 20.1.1.1, Fa0/0.3 – 30.1.1.1, Fa0/0.4 – 40.1.1.1.

10.1.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3 40.1.1.2 1.3

Vlan 2 Vlan 3 Vlan 4 Vlan 5

47

0/1 0/2 0/3 0/4 0/5 0/6 0/1 0/2 0/3 0/4 0/5

R1

Just Rock it \\m//

Switch > enable





Switch(config) # name CCNP



Switch(config) # interface range fastEthernet 0/2-fastEthernet 0/3




Switch(config-if-range) # interface range fa0/1

Switch(config-if-range) # switchport mode trunk




Switch # show vlan

R1 > enable


R1 (config) # interface fa0/0

R1 (config-if) # no shutdown

R1 (config-if) # interface fa0/0.1

R1 (config-subif) # encapsulation dot1Q 2

R1 (config-subif) # ip address 10.1.1.1 255.0.0.0

R1 (config-subif) # interface fa0/0.2



Just Rock it \\m//







R1 (config-subif) # end

R1 # wr

Sw2 > enable

Sw2 # configure terminal

Sw2(config) # vlan 4

Sw2(config) # name Cisco

Sw2(config) # vlan 5

Sw2(config) # name Poy

Sw2(config) # exit

Sw2 # configure terminal

Sw2(config) # interface range fa0/2-fa0/3

Sw2(config-if-range) # switchport access vlan 3

Sw2(config-if-range) # interface range fa0/4-fa0/5

Sw2(config-if-range) # switchport access vlan 4

49

Just Rock it \\m//

VTP – Virtual Trunk Port with Hub :

Fa0/0 Fa0/0.1 – 195.68.1.1, Fa0/0.2 – 200.1.1.1, Fa0/0.3 – 10.1.1.1.

195.68.1.2 1.3 200.1.1.2 1.3 10.1.1.2 1.3 1.4 1.5

Vlan 2 Vlan 3 Vlan 4

Switch > enable





Switch(config) # name CCNP


Switch(config) # name Cisco



Switch(config) # interface range fa0/2-fa0/3



50

0/1 0/2 0/3 0/4 0/5 0/6

R1

Hub

Just Rock it \\m//







Switch # show vlan

R1 > enable




R1 (config-if) # interface fa0/0.1









R1 (config-subif) # end

R1 # wr

51

Just Rock it \\m//

How to take Backup :

R1 > enable



R1 (config-if) # ip address 192.168.1.1 255.255.255.0


R1 (config-if) # exit

R1 (config) # enable secret ccna

R1 (config) # line console 0

R1 (config) # password pollachi

R1 (config) # login

R1 (config) # end

R1 # show version

Copy flash image

Copy flash tftp

Source file name [] : paste flash file name

Address (or) Remote Name : 192.168.1.2 (Server Address)

Destination file name [] :

Copy startup-config tftp

How to Upgrade IOS :

Rommon1 > Reset

Boot failed

Rommon2 > IP_ADDRESS = 192.168.1.1

Rommon3 > IP_SUBNET_MASK = 255.255.255.0

Rommon4 > DEFAULT_GATEWAY = 192.168.1.1

Rommon5 > TFT_SERVER = 192.168.1.2

Rommon6 > TFT_FILE = Paste the file name

Rommon7 > tftpdnld52

Just Rock it \\m//

Access – Control List :

It is used to filter the unknown packets.

Type of Attack :

Worm

Virus

DOS – Denied of Service

Trojan

ACL

IP IPx

Name Number

Standard Extended Standard Extended

53

Just Rock it \\m//

Standard Access Control List :

50.1.1.1 S2/0 60.1.1.2 S3/0

S2/0 50.1.1.2 S3/0 60.1.1.3

Fa0/0 10.1.1.1 Fa0/0 20.1.1.1 Fa0/0 30.1.1.1

10.1.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3

Assign ips and routing for communication.

Deny a Network :


R1(config) # access-list 15 deny 10.0.0.0 0.255.255.255

R1(config) # interface fa0/0

R1(config-if ) # ip access-group 15 in

R1(config-if) # end

R1#

54

R1

R2

R3

Just Rock it \\m//

Permit a Telnet :

50.1.1.1 S2/0 60.1.1.2 S3/0

S2/0 50.1.1.2 S3/0 60.1.1.3

Fa0/0 10.1.1.1 Fa0/0 20.1.1.1 Fa0/0 30.1.1.1

10.1.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3

Assign ips and routing for communication.R1 # configure terminal

R1 (config) # access-list 20 permit 60.1.1.3 (serial interface of the router)

R1 (config) # line vty 0 4

R1(config) # ip access-class 20 in

R1(config-if ) # end

R1 #

R2 # telnet 50.1.1.1Trying 50.1.1.1 ...% Connection refused by remote hostR2 #

R3#telnet 50.1.1.1Trying 50.1.1.1 ...OpenUser Access VerificationPassword: R1>exit[Connection to 50.1.1.1 closed by foreign host]R3#

55

R1

R2

R3

Just Rock it \\m//

Host to Network :

50.1.1.1 S2/0 60.1.1.2 S3/0

S2/0 50.1.1.2 S3/0 60.1.1.3

Fa0/0 192.168.1.1 Fa0/0 20.1.1.1 Fa0/0 30.1.1.1

192.168.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3

Assign ips and routing for communication.R1 # configure terminal

R1(config) # access-list 15 deny 20.1.1.2 0.0.0.0

R1(config) # access-list 15 permit any

R1(config) # int fa0/0

R1(config-if) # ip access-group 15 out

R1(config-if) # end

R1 #

%SYS-5-CONFIG_I: Configured from console by console

R1 #

56

R1

R2

R3

Just Rock it \\m//

Extended Access List :

50.1.1.1 S2/0

S2/0 50.1.1.2

Fa0/0-10.1.1.1 Fa0/0-20.1.1.1 Fa0/0-30.1.1.1 Fa0/0-40.1.1.1

10.1.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3 40.1.1.2 1.3


Deny a host to host using access list


R1(config) # access-list 100 deny ip host 10.1.1.2 host 40.1.1.3

R1(config) # access-list 100 permit ip any any


R1(config-if) # ip access-group 100 in

R1(config-if) # end

R1 #

Deny a host to a network using access list

R1 # configure Terminal

R1(config) # access-list 150 deny ip host 20.1.1.3 40.0.0.0 0.255.255.255




R1(config-if) # end

R1#

57

R1

R2

Just Rock it \\m//

Deny a Network to a Network using access list

R1 # configure Terminal

R1(config) # access-list 151 deny ip 20.0.0.0 0.255.255.255 40.0.0.0 0.255.255.255




R1(config-if) # end

R1#

Online Exam Question :

195.20.160.65/30 S2/0

S2/0 195.20.160.66/30

Fa0/0-172.22.242.30/28 Fa0/0-192.168.33.254 /24

172.22.242.23/28 242.24 192.168.33.1/24 33.2 33.3 33.4

Assign ips and routing for communication.Deny a host to host using access listR2 # configure terminal

R2(config) # access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

R2(config) # access-list 100 deny tcp any host 172.22.242.23 eq 80



R2(config-if) # ip access-group 100 out

R2(config-if) # end

R2 # 58

R1

R2

S S

Just Rock it \\m//

OSPF routing, Telnet to a particular PC and Block two pcs :

192.6.1.5/30 S2/0 192.6.1.9/30 S2/0

S2/0 1.6/30 S3/0 1.10/30

Fa0/0-192.6.1.24/28 Fa0/0-192.1.2.6 /23 Fa0/0-192.1.1.49 /29 Fa1/0.1-10.1.1.65 /27 Fa1/0.2-10.1.1.129 /26

1

1.18/28 1.19 2.2/23 2.3 1.50/29 1.51 1.66/28 1.67 1.129/28 1.130


Router > enable


Router(config) # hostname R3

R3(config) # end

R3 #



R3(config-if) # no sh

R3(config-if) # int fa1/0.1

R3(config-subif) # encapsulation dot1Q 2

R3(config-subif) # ip ad 10.1.1.65 255.255.255.224

R3(config-subif) # int fa1/0.2

R3(config-subif) # encapsulation dot1Q 3

R3(config-subif) # ip ad 10.1.1.129 255.255.255.192

R3 # sh ip ro

59

R1

R2

R3

Just Rock it \\m//

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.1.1.64/27 is directly connected, FastEthernet1/0.1

C 10.1.1.128/26 is directly connected, FastEthernet1/0.2

192.6.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.6.1.8/30 is directly connected, Serial2/0

C 192.6.1.48/29 is directly connected, FastEthernet0/0

R3 # conf t

R3(config) # router ospf 12

R3(config-router) # network 10.1.1.64 0.0.0.31 area 0



00:51:18: %OSPF-5-ADJCHG: Process 12, Nbr 192.6.2.6 on Serial2/0 from LOADING to FULL, Loading Done


R3(config-router) # do wr

Building configuration...

[OK]

R3(config-router) # end

%SYS-5-CONFIG_I: Configured from console by console

R3 #

Switch > enable



Switch(config-vlan) # name ccna

Switch(config-vlan) # vlan 3

Switch(config-vlan) # name ccnp

Switch(config-vlan) # exit

Switch(config) # interface range fa0/2-3


Switch(config-if-range) # interface range fa0/4-5

60

Just Rock it \\m//


Switch(config-if-range) # int fa0/1

Switch(config-if) # switchport mode trunk

Switch(config-if) # end

Switch >

Deny a host to host :

R2 # enable


R2(config) # access-list ?

<1-99> IP standard access list

<100-199> IP extended access list

R2(config) # access-list 111 ?

deny Specify packets to reject

permit Specify packets to forward

remark Access list entry comment

R2(config) # access-list 111 deny ?

ahp Authentication Header Protocol

eigrp Cisco's EIGRP routing protocol

esp Encapsulation Security Payload

gre Cisco's GRE tunneling

icmp Internet Control Message Protocol

ip Any Internet Protocol

ospf OSPF routing protocol

tcp Transmission Control Protocol

udp User Datagram Protocol

R2(config) # access-list 112 deny ip ?

A.B.C.D Source address

any Any source host

host A single source host

R2(config) # access-list 112 deny ip host ?61

Just Rock it \\m//

A.B.C.D Source address

R2(config) # access-list 111 deny ip host 192.6.2.3 host 192.6.1.50




R2(config-if) #


R1(config) # line vty 0 5

R1(config-line) # password mksekar

R1(config-line) # login

R1(config-line) # exit

R1(config) # enable secret ccna

R1(config) #

PC > telnet 192.6.1.5

Trying 192.6.1.5 ...Open

User Access Verification

Password:

R1>enable

Password:

R1#exit

[Connection to 192.6.1.5 closed by foreign host]

PC > telnet 192.6.1.6


[Connection to 192.6.1.6 closed by foreign host]

PC >

PC > telnet 195.6.1.5

Trying 195.6.1.5 ...

% Connection timed out; remote host not responding

PC >

62

Just Rock it \\m//

Permit a particular Pc to Telnet with R1 :


R1(config) # access-list 11 permit 10.1.1.66

R1(config) # line vty 0 5

R1(config-line) # access-class 11 in

R1(config-line) #

From other Pcs and Routers :

R2#telnet 192.6.1.5

Trying 192.6.1.5 ...

% Connection refused by remote host

R2#

From the pc 10.1.1.66 :

PC > telnet 192.6.1.5


User Access Verification

Password:

R1>enable

Password:

R1#exit

63

Just Rock it \\m//

DHCP - Dynamic Host Configuration Protocol :

Router > enable



R1(config) # end

R1 #


R1(config) # interface FastEthernet0/0

R1(config-if) # ip address 192.168.1.1 255.255.255.0

R1(config-if) # no shutdown

R1(config-if) # exit

R1(config) # ip dhcp excluded-address 192.168.1.1 192.168.1.11

R1(config) # ip dhcp pool mksekar

R1(dhcp-config) # network 192.168.1.0 255.255.255.0

R1(dhcp-config) # default-router 192.168.1.1

R1(dhcp-config) # end

R1#

64

R1

http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CEoQFjAD&url=http%3A%2F%2Fen.wikipedia.org%2Fwiki%2FDynamic_Host_Configuration_Protocol&ei=ngR_T8aLFtHirAe4uP3PBQ&usg=AFQjCNF1ddj1C67TIrMvwagdAd-OoGczUQ&sig2=n5yhMHYuwYw_GRf2nW9r9A

Just Rock it \\m//

65

Just Rock it \\m//

Using Layer 3 Switch (Multi User) to assign Dynamic Host Ips automatically :

0/6 0/3 0/2 0/3 0/3 0/6

0/7 0/7

0/8 0/4 0/4 0/8

0/9 0/9 0/1 0/2 0/1 0/2

0/1 0/1 0/1 0/1

0/6 0/7 0/8 0/9 0/6 0/7 0/8 0/9 0/6 0/7 0/8 0/9 0/6 0/7 0/8 0/9


Switch(config) # interface range fa0/2-5

Switch(config-if-range) # switchport trunk encapsulation dot1q


Switch(config-if-range) # exit

Switch(config) # vtp version 2

Switch(config) # vtp domain ccnp

Changing VTP domain name from NULL to ccnp

Switch(config) # no ip domain-lookup

Switch(config) # end

Switch #



Switch(config-vlan) # name sales

66

Layer 3 Switch

Just Rock it \\m//

Switch(config-vlan) # vlan 20

Switch(config-vlan) # name hr

Switch(config-vlan) # exit

Switch(config) # ip dhcp pool sales

Switch(dhcp-config) # network 192.168.1.0 255.255.255.0

Switch(dhcp-config) # default-router 192.168.1.1

Switch(dhcp-config) # exit

Switch(config) # ip dhcp pool hr

Switch(dhcp-config) # network 10.0.0.0 255.0.0.0

Switch(dhcp-config) # default-router 10.0.0.1

Switch(dhcp-config) # exit

Switch(config) # interface vlan 10

%LINK-5-CHANGED: Interface Vlan10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up

Switch(config-if) # ip address 192.168.1.1 255.255.255.0

Switch(config-if) # exit

Switch(config) # interface vlan 20

%LINK-5-CHANGED: Interface Vlan20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up

Switch(config-if) # ip address 10.0.0.1 255.0.0.0

Switch(config-if) # exit

Switch(config) # end

Switch #

S1 > enable

S1 # configure terminal

S1(config) # no ip domain-lookup

67

Just Rock it \\m//

S1(config) # vtp mode client

S1(config) # interface range fa0/1-5

S1(config-if-range)#switchport mode trunk

S1(config-if-range) # interface range fa0/6-7

S1(config-if-range) # switchport access vlan 10

S1(config-if-range) # exit

S1(config) # interface range fa0/8-9

S1(config-if-range) # switchport access vlan 20

S1(config-if-range) # end

S1 #

Configure all the remaining switches like this.

68

Just Rock it \\m//

Static NAT : Network Address Translation :

195.168.1.1 S2/0

S2/0 195.168.1.2

Fa0/0 192.168.1.100 Fa0/0 192.168.2.100

192.168.1.1 1.2 192.168.2.1 2.2

Router > enable



R1(config) #

R1(config) # end

R1 #


R1(config) # interface Serial2/0



R1(config-if) # clock rate 128000






69

R1

R2

Just Rock it \\m//

R1(config) # router rip

R1(config-router) # network 192.168.1.0


R1(config-router) # exit

Static Nat Concept :


R1(config-if) # ip nat inside


R1(config) # interface serial 2/0

R1(config-if) # ip nat outside


R1(config) # ip nat inside source static 192.168.1.1 195.168.1.1

R1(config) # exit

R1 # debug ip nat

IP NAT debugging is on

R1 #

Before Natting:

PC > ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time=156ms TTL=126




Ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 125ms, Maximum = 156ms, Average = 144ms70

Just Rock it \\m//

After Natting :

PC > ping 192.168.1.1









Minimum = 141ms, Maximum = 156ms, Average = 144ms

PC >

71

Just Rock it \\m//

Dynamic NAT : Network Address Translation :

195.168.1.1 S2/0

S2/0 195.168.1.2

Fa0/0 192.168.1.100 Fa0/0 192.168.2.100

192.168.1.1 1.2 192.168.2.1 2.2

Router > enable



R1(config) # end

R1 #


R1(config) # interface Serial2/0



R1(config-if) # clock rate 128000






R1(config) # router rip

72

R1

R2

Just Rock it \\m//



R1(config-router) # exit

Dynamic Nat Concept :

R1(config) # interface fastEthernet0/0

R1(config-if) # ip nat inside

R1(config) # interface serial2/0

R1(config-if) # ip nat outside


R1(config) # access-list 10 permit 192.168.1.0 0.0.0.255

R1(config) # ip nat pool ccna 195.168.1.1 195.168.1.2 netmask 255.255.255.0

R1(config) # ip nat inside source list 10 pool ccna overload

R1(config) # end

R1# debug ip nat

IP NAT debugging is on

R1#

PC>ping 192.168.1.1


Request timed out.







73

Just Rock it \\m//


PC>ping 192.168.1.2










PC >

74

Just Rock it \\m//

Frame – Relay Concept :

S2/0 S0 S1 S2/0

S2

S2/0 S2/0.1-195.168.2.2

Fa0/0-10.1.1.1 Fa0/0-20.1.1.1

Fa0/0-30.1.1.1

Router > enable



R1(config)#end




R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface s2/0


R1(config-if)#encapsulation frame-relay 75

S2/0.1-195.168.1.2

R1

R2

R3

S2/0.1-195.168.1.1S2/0.2-195.168.2.1

Just Rock it \\m//

R1(config)#interface s2/0.1 point-to-point

R1(config-subif)#ip address 195.168.1.1 255.255.255.0

R1(config-subif)#no shutdown

R1(config-subif)#frame-relay interface-dlci 100





R1(config)#router eigrp 10

R1(config-router)#network 10.0.0.0



R1(config-router)#no auto-summary

R1(config-router)#end

R1#



R2(config-if)#encapsulation frame-relay







R3(config-if)#encapsulation frame-relay

R3(config)#interface s2/0.1 point-to-point 76

Just Rock it \\m//




77

Just Rock it \\m//

78

Just Rock it \\m//

Access Control List

It is a Layer 3 security which controls the flow of traffic from one router to another.

It is also called as Packet Filtering Firewall.

Types of Access-list

Standard ACL

Extended ACL

Named ACL

Standard Access List

The access-list number lies between 1 – 99.

Can block a Network, Host and Subnet

Two way communication is stopped

All services are blocked.

Implemented closest to the destination. (Guideline)

Extended Access List

The access-list number lies between 100 – 199.

Can block a Network, Host, Subnet and Service

One way communication is stopped

Selected services can be blocked.

Implemented closest to the source. (Guideline)

79

Just Rock it \\m//

Terminology

Deny : Blocking a Network/Host/Subnet/Service .

Permit : Allowing a Network/Host/Subnet/Service

Source Address : The address of the PC from where the request starts. Show Diagram

Destination address : The address of the PC where the request ends.

Inbound : Traffic coming into the interface

Outbound : Traffic going out of the interface

Protocols:

IP

TCP

UDP

ICMP

Operators :

eq (equal to)

neq (not equal to)

It (less than)

gt (greater than)

Services: HTTP, FTP, TELNET, DNS, DHCP etc..

80

Just Rock it \\m//

Wild Card Mask

Tells the router which addressing bits must— match in the address of the ACL

statement.

It’s the inverse of the subnet mask, hence is also called as Inverse mask.

A bit value of 0 indicates MUST MATCH (Check Bits)

A bit value of I. indicates IGNORE (Ignore Bits)

Wild Card Mask for a Host will be always 0.0.0.0

A wild card mask can be calculated using the formula:

Global Subnet Mask

- Customized Subnet Mask--------------------------------

Wild Card Mask

E.g.

255.255.255.255

- 255.255.255.240----------------------

0.0. 0.15

Rules of Access List

All deny statements have to be given First.

There should be at least one Permit statement

An implicit deny blocks all traffic by default when there is no match (an invisible

statement).

Can have one access-list per interface per direction. (i.e.) Two access-list per

interface, one in inbound direction and one in outbound direction.

Works in Sequential order

81

Just Rock it \\m//

Editing of access-lists is not possible (i.e) Selectively adding or removing access-list

statements is not possible.

Named Access List

Access-lists are identified using Names rather than Numbers.

Names are Case-Sensitive

No limitation of Numbers here.

One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific

statement from the ACL is possible.

(lOS version 11.2 or later allows Named ACL)

Standard Named Access List

Creation of Standard Named Access List

Router(config)# ip access-list standard <name>

Router(config-std-nacl)# <permit/deny> <source address> <source wildcard mask>

Implementation of Standard Named Access List

Router(config)#interface <interface type> <interface no>

Router(config-if)#ip access-group <name> <out/in>

82

Just Rock it \\m//

Switching

Hub

It is a Physical layer device (Layer 1)

It is Dummy Device

It works with 0’s and l’s (Bits)

It works with broadcasting

It works with shared bandwidth

It is has 1 Broadcast Domain and 1 Collision Domain

Collisions are identified using Access Methods called CSMA/CD and CSMA/CA

Broadcast Domain & Collision DomainBroadcast Domain :

Set of all devices that receive broadcast frames originating from any device within

the set.

Collision domain:

In Ethernet, the network area within which frames that have collided are

propagated is called a collision domain.

A collision domain is a network segment with two or more devices sharing the

same bandwidth.

Repeaters and hubs propagate collisions, LAN switches, bridges, and routers do

not.

83

Just Rock it \\m//

Switch :

It is Data link layer device (Layer 2)

Its is An Intelligent device

It works with Physical addresses (i.e. MAC addresses)

It works with fixed bandwidth

It works with Flooding and Unicast

It has 1 Broadcast domain and Number of Collision domains depends upon the

number of ports.

It maintains a MAC address table

Types of SwitchesManageable switches:

On a Manageable switch an IP address can be ass. and configurations can be

made. It has a console port.

Unmanageable switches

On an Unmanageable switch configurations cannot be made, an IP address cannot

be assigned as there is no console port.

Bridge Switch

Bridges are software based

Bridges have lesser no. of ports

Generally used for connecting two different topology (Segment)

Switches are hardware based

Switches have higher no. of ports

Generally used for connecting single topology (Segment)

84

Just Rock it \\m//

Router

It is a Network layer device (Layer 3)

Its is an Intelligent device

It works with Logical Addressing (i.e. IP, IPX, AppleTalk)

It works with Fixed bandwidth

Number of Broadcast domains depends upon the number of ports and Number of

Collision domains depends upon the number of ports.

Cisco’s Hierarchical Design Model

Cisco divided the Switches into 3 Layers

Access Layer Switches

Switches Series:1900 & 2900

Distribution Layer Switches

Switches Series:3000 & 5000

Core Layer Switches

Switches Series:7000, 8000 & 10,000

Switching Modes

Three types of Switching Mode :

Store & Forward

A Default switching method for distribution layer switches

Latency : High

Error Checking : Yes

85

Just Rock it \\m//

Fragment Free

It is also referred to as Modified Cut-Through

A Default Switching method for access layer switches.

Latency : Medium

Error Checking : On 64 bytes of Frame

Cut through

A Default switching method for the core layer switches

Latency : Low

Error Checking : No

Latency is the total time taken for a Frame to pass through the Switch. Latency

depends on the switching ode and the hardware capabilities of the Switch.

Virtual LAN

VLAN is a logical group of end devices independent of their physical location. VLAN

is a broadcast domain.

Divides a Single Broadcast domain into Multiple Broadcast domains to minimize

broadcast traffic.

Flexibility of design based on function or departments.

Enhances Security

By default all ports of the switch are in VLAN1 . This is known as Administrative

VLAN or Management VLAN

Ethernet VLANs can be created from 2 -1001.

VLAN Membership can be Static VLAN or Dynamic VLAN.

86

Just Rock it \\m//

Static LAN

Static VLAN5 are based on port membership.

Need to manually assign a physical port on a switch to a VLAN

Also called Port-Based VLANs

Port can be a member of single VLAN and not multiple VLANs

Dynamic VLAN

Dynamic VLANs are based on the MAC address of an end device.

Switch automatically assigns the port to a VLAN by an identified MAC address.

Each port can be a member of multiple VLANs

For Dynamic VLAN configuration, VMPS (VLAN Membership Policy Server) is

needed.

WAN Connection Types

There are three types of Wan Connectivity :

Dedicated Lines

Circuit switching

Packet Switching

Dedicated Lines

Used for shorter to medium distances and for longer connectivity.

Private line

Bandwidth is fixed

Lineis24hrsup

Whether used or not billing is done

eg : Leased Lines87

Just Rock it \\m//

Circuit Switching

Used for medium to longer distances and for shorter connectivity.

Bandwidth is fixed

Billing Depends upon the Usage

eg: ISDN, PSTN (Dial Up connections)

Packet Switching

Used for medium to longer distances and for longer connectivity.

Bandwidth is shared

eg: Frame-Relay

Encapsulation

PPP HDLC

Point to Point Protocol

Open Standard Protocol (works with same and different company Routers i.e. Cisco - Nortel, Cisco-Multicom

Supports Authentication

Supports Compression

High level Data link Control

Vendor proprietary Protocol (works with same company Router only, i.e. Cisco-Cisco, Nortel-Nortel, etc.)

No Support for Authentication

No Support for Compression

PPP Authentication

In PPP two types of Authentication:

PAP - Password Authentication Protocol.

2 Way Handshaking protocol.

Username and password are sent in clear text.

No Security.88

Just Rock it \\m//

CHAP- Challenge Handshake Authentication protocol

3 Way Handshaking protocol

Username is sent in clear text and Password in encrypted form

Secure

DCE DTE

Data Communication Equipment.

Generate Clocking (i.e. Speed).

Master.

Eg. of DCE device in Leased Line Setup : V.35 & G.703 Modem & Mux.

Eg. of DCE device in Dial up Setup : Dial up Modem.

Data Termination Equipment.

Accept Clocking (i.e. Speed).

Slave.

Eg. of DTE device in Leased Line Setup : Router

Eg. of DTE device in Dial up Setup : Computer.

Network Address Translation

Translates Private addresses to Public and Public addresses to Private.

Allows Communication from the private world to the public world and not vice

versa.

Used for internet sharing

89

Just Rock it \\m//

Frame Relay

Frame Relay is a data link layer packet-switching protocol that uses digital cir

It is used for medium to longer distances and for longer connectivity.

Leased lines also provide longer connectivity but a physical circuit is used to make

connection between 2 sites and the same circuit path is used always.

Frame Relay connections use logical circuits to make connections between 2 sites.

These logical circuits are referred to as Virtual Circuits(VCs).

Multiple VCs can exist on the same physical connection.

VCs are Full duplex.

Advantages of Frame Relay

VCs overcome the scalability problems of leased lines by providing multiple logical

circuits over the same physical connection.

Only one serial interface of a router is needed to handle the VC connections to

multiple sites Whereas using leased lines multiple serial interfaces are needed to

connect to multiple sites.

VCs provide full connectivity at a much lower price compared to leased lines.

Frame Relay Terminology

Sub-interfaces

Uses Shared bandwidth

Local Management interface(LMI):

used between the Frame relay DTE(eg. Router) and the Frame Relay DCE(eg.

Frame Relay switch)

90

Just Rock it \\m//

Defines how the DTE interacts with the DCE

Locally significant

Provides VCs status information(a keep-alive mechanism)

LMI standards: Cisco, ANSI, Q933a

The DTE and DCE must have the same LMI signaling type

Data Link Connection Identifier (DLCI) :

Used to identify each VC on a physical interface (i.e.) Each VC has a unique local

address called a DLCI flu m be r.

Switch will map to the destination depending on the DLCI number

Inverse ARP is used to map DLCIs to next hop addresses.

Mapping can also be done manually.

Its Locally significant.

These numbers are given by the Frame relay service providers, Service providers

assign DLCIs in the range of 16 to 1007.

By Mr. M.Sekar

91

Ccna Notes

Documents

head office

wild card

collision

link state

distance vector

open shortest

default switching

link state