Abstract on the materials of the course ICND1 100-101

    Based on the results of the survey, I publish a compendium based on the materials of the ICND1 100-101 course.

    What topics are there: the TCP / IP network model, OSI model, Ethernet (cable types), HDLC. By IPv4 addressing: class networks, private addresses, network traffic transfer methods. VLANs, CDP, comparison of routing protocols, NAT, IPv6, ACLs. Very briefly, mainly data here, and not an explanation of the principles of work.

    There is not much: explanations of the operation and configuration of routing protocols, switching in networks, explanations, for example, how to determine whether the IP address belongs to a particular subnet (such questions are often encountered), there are no classless networks, VLSM, IOS, troubleshooting in the network (troubleshooting).

    TCP / IP Network Model
    TCP / IP originalTCP / IP updatedProtocol ExamplesPackage Name
    ApplicationApplicationHTTP, POP3, SMTP
    TransportTransportTCP, UDPSegment (UDP - Datagram)
    LinkData linkEthernet, Point-to-Point Protocol (PPP), T1Frame
    OSI Model
    Level nameProtocolsDevices
    Application (L7)Telnet, HTTP, FTP, SMTP, POP3, VoIP, SNMPHosts, Firewalls
    Presentation (L6)
    Session (L5)
    Transport (L4)TCP, UDPHosts, Firewalls
    Network (L3)IPRouter
    Data Link (L2)Ethernet (IEEE 802.3), HDLCLAN switch, wireless access point, cable modem, DSL modem
    Physical (L1)RJ-45, Ethernet (IEEE 802.3)LAN hub, LAN repeater, cables
    Mnemonics for remembering the order of levels: Please Do Not Take Sausage Pizzas Away
    (Please do not take pizzas with sausages with you).

    Ethernet technology, medium and maximum segment length
    EthernetCable typeMaximum length, m.
    10 BASE-TUTP CAT3 or better, 2 pairs100
    100 BASE-TXUTP CAT5 or better, 2 pairs100
    100 BASE-FXMultimode fiber400
    1000 BASE-CXSTP25
    1000 BASE-TUTP CAT5e or better, 2 4 pairs100
    1000 BASE-SXMultimode fiber275, 550
    1000 BASE-LXMultimode fiber550
    1000 BASE-LXSinglemode fiber10000 (in the book for exam 100-101, 5 km are indicated. - a lot of them)
    Using pins in 10BASE-T and 100BASE-TX standards
    Transmits on Pins 1.2Transmits on Pins 3.6
    PC NICsHubs
    Wireless Access Point (Ethernet interface)-
    Full-duplex, Half-duplex

    If there is no auto-negotiation, according to the IEEE standard, the duplex transmission parameters are selected as follows:
    • If the speed is 10 or 100 Mbps, then half-duplex transmission is used
    • If the speed is 1000 Mbps, then duplex transmission is used.

    Interfaces operating at speeds above 1 Gbit / s always use duplex transmission.
    When using duplex transmission, there are no collisions.


    One of the data link layer control protocols in High-Level Data Link Control is a high-level data link control protocol.

    By modifying the standard protocol specification, Cisco created a proprietary version of it by adding the Protocol Type field to identify the type of packet contained within the frame:
    Internet Access WAN Links: Leased Line, DSL, Cable.

    IPv4 Addressing

    Class networks
    ClassFirst octet rangeValid Network NumbersHosts per networkNumber of networks
    A1 - 1261.0.0.0 - 777 214126
    B128 - 191128.0.0.0 -,53416 384
    C192 - 223192.0.0.0 - 097 152
    D (multicast)224 - 239
    E (experimental)240 - 255
    Private IP Addresses
    Address classReserved Address Space
    A10.0.0.0 through
    B172.16.0.0 through
    C192.168.0.0 through
    Traffic transmission methods in networks:

    Unicast traffic (single-purpose packet transmission) is used primarily for services of a "personal" nature. Each subscriber can request personal video content at any time convenient for him.

    Broadcast traffic (broadcast packet transmission) uses a special IP address to send the same data stream to all subscribers of a given IP network. For example, such an IP address can end in 255, for example, or have 255 in all four fields (

    Multicasttraffic (multicast packet transmission) is used to transmit video streaming when it is necessary to deliver video content to an unlimited number of subscribers without overloading the network. This is the most commonly used type of data transmission in IPTV networks when a large number of subscribers watch the same program. Multicast traffic uses a special class of destination IP addresses, for example, addresses in the range - These can be class D IP addresses.

    Applications, their port numbers, and protocols
    Port numberProtocolapplication
    20TCPFTP data
    21TCPFTP control
    67, 68UDPDHCP
    Collision Domains and Broadcast Domains

    Cisco 2960 Catalyst. Switch LEDs
    1SYST (system)General state of the system (green - the power is on and the switch is functioning normally, IOS is loaded, orange - POST (Power on Self Test) has ended with errors and IOS has not been booted, not lit - the power is off)
    2RPS (redundant Power Supply)Auxiliary power supply status
    3STAT (status)The status for each port (blinks green - the connection is working, data is being transmitted through the interface, lights up green - the connection is working, but the data is not transmitted, blinks orange - the interface is administratively down or was dynamically disconnected for some reason, turned off - the connection is not working)
    4DUPLX (duplex)Lights up green - the port is operating in full duplex mode; off - in half duplex mode
    5SpeedFlashing green - 1 Gb / s, Steady green - 100 Mb / s, Off - 10 Mb / s
    6ModeMode button
    7PortThe indicators indicate different states depending on which mode is selected by the Mode button.
    Switch memory types
    RAM (Working Memory and Running Configuration) Flash (Cisco IOS Software) ROM (Bootstrap Program) NVRAM (Startup Configuration)

    Virtual LANs

    In a local network, all devices are in the same broadcast domain.

    Trunking protocols

    - ISL (Inter-Switch Link). The protocol was created by Cisco many years before the IEEE organization developed its own. The protocol provides for the encapsulation of each source Ethernet frame in the ISL header and trailer. Currently, some modern devices no longer support this protocol. (Cisco Catalyst 2960).

    - 802.1Q. Designed by IEEE. Both protocols tag each VLAN ID frame. But the 802.1Q protocol does not encapsulate the original frame. Instead, you can insert a 4-byte additional VLAN header into the Ethernet header of the original frame.
    TypePriorityFlagVLAN ID (12 bits)

    VLAN IDs:

    1-1005 - normal range
    1006 - 4094 - extended range

    802.1Q does not add a header to frames in its own (native) VLAN.
    Both protocols support multiple instances of STP.

    Trunking Administrative Mode Options (parameters of the administrative mode of the trunk connection, determined using the switchport mode command)
    accessPrevents the use of a trunk connection. The port always acts as a non-trunk (in network access mode)
    trunkTrunk always used
    dynamic desirableInitiates the transmission of channel mode negotiation messages and responses to negotiation messages in order to dynamically determine whether to start using a trunk connection, and also defines encapsulation in a trunk connection
    dynamic autoPassively awaiting receipt of a message for negotiation of a trunk connection, after which the switch responds and negotiates whether to use a trunk connection, and in the case of a positive response, negotiates the type of trunk connection
    Coordination of administrative modes on 2 switches

    AccessDynamic autoTrunkDynamic desirable
    AccessAccessAccessDo not useAccess
    Dynamic autoAccessAccessTrunkTrunk
    TrunkDo not useTrunkTrunkTrunk
    Dynamic desirableAccessTrunkTrunkTrunk
    CDP (Cisco Discovery Protocol)

    Cisco's Device Discovery Protocol can be a useful tool for checking the information in the network diagram, as well as filling in missing information about devices and network topology. Show cdp

    group commands
    show cdp neighbors [type number]Displays one summary line with information about each neighboring device or only about the neighboring device that is connected to a specific interface, if this interface is specified
    show cdp neighbors detailDisplays a large amount of information about each neighboring device (approximately 15 lines), presenting each neighboring device separately
    show cdp entry nameDisplays the same information as show cdp neighbors detail, but only for one specified neighboring device (case-sensitive)
    Network Switch Interface Status Codes
    Line statusProtocol StatusInterface StatusCause
    Administrativerative downDowndisabledThe shutdown command is applied on the interface
    DownDownnotconnectThe cable is not connected, faulty, the pinout is incorrect, device speeds do not match, the device at the other end of the cable is turned off or its interface is stopped (power-off, shutdown, err-disabled)
    UpDownnotconnectPractically not found
    DownDown (err-disabled)err-disabledThe interface is blocked using Port security has disabled the interface
    Actions performed by the port security tool, depending on the established mode of elimination of violations
    Violation ModeDestruction of non-compliant trafficDestruction of all traffic after violation occursSetting the interface to err-disabled as a result of violationIncrease in counter values ​​in connection with the detection of each new violation
    Routing protocols are divided into 2 broad categories:

    internal (IGP) - Internal Gateway Protocols - used inside one autonomous system (AS - autonomous system, network under a single administrative control belonging to one organization)

    external (EGP) - Exterior Gateway Protocols - used between autonomous Systems

    IGP Routing Protocol Algorithms
    • distance-vector (Bellman-Ford) (DV)
    • taking into account the state of the channel (link-state, LS)
    • balanced hybrid (extended distance vector)

    IGP Protocol Comparison
    Classless, supports VLSM masks, forwards the mask in route announcementsNotYesYesYesYes
    AlgorithmDVDVadvanced DVLSLS
    Supports manual summationNotYesYesYesYes
    BrandedNotNotYes (but RFC came out in 2013)NotNot
    Routing table updates are forwarded to the multicast addressNotYesYesYes-
    IP IGP metrics
    Rip-2Hop countThe number of routers (transit devices) between this router and the destination network
    OSPFCostThe sum of the costs of all channels along the packet route, usually based on the bandwidth value
    EIGRPComposite bandwidth and delayIt is calculated based on the bandwidth of the “slowest” channel on the route and cumulative delay for such a route
    Protocol Feature Comparison
    MetricsHop countCostComposite bandwidth and delay
    Does periodic route announcementsYes (every 30 sec.)NotNot
    Full or partial announcements are sentFullPartialPartial
    Destination of routing announcements224.0.0.9224.0.0.5
    Maximum metric value (“infinite metric”)162 ^ 24 - 12 ^ 32 - 1
    Is load balancing supported on non-equal channels (i.e. channels with different metrics)NotNotYes
    Standard values ​​for administrative distance in the operating system IOS (Default Administrative Distances)
    Route typeAdministrative distance
    BGP (external routes)20
    EIGRP (internal routes)90
    EIGRP (external routes)170
    BGP (internal routes)200
    ACL (Access Control Lists)
    Списки управления доступом

    Типы списков

    Standard Numbered ACLs (1-99) – стандартные нумерованные
    Extended Numbered ACLs (100-199) – расширенные нумерованные
    Additional ACL Numbers (1300-1999 standard, 2000-2699 extended) — дополнительные
    Named ACLs – именованные

    Improved Editing with Sequence Numbers – расширенное редактирование с порядковыми номерами

    Стандартные списки управления доступом

    access-list access-list-number {deny | permit} source [source-wildcard]

    Standard lists should be located near the receiver of packages, so as not to accidentally drop the necessary packages.
    Standard lists allow checking only the sender address in a packet.
    The list is searched sequentially, the packet is processed according to the first matching rule (first-match logic).
    The default action if the package is not matched to any of the list commands is a ban.

    Using the access control list on the selected interface of the router taking into account the desired direction using the interface configuration mode command:

    ip access-group number {in | out}

    Advanced access control lists

    Fields that can only be checked using extended lists: recipient IP address, portions of the recipient IP address specified with an inverted mask, protocol type, sender port, recipient port, TCP streams, TOS bytes over IP, priority IP packet.

    The access-list command should use the tcp keyword to check TCP port numbers, udp to check UDP port numbers. The ip keyword does not provide port number verification.

    Parameters indicating the port of the sender and receiver are positional. Their location in the command determines whether the parameter is used to check the port of the sender or recipient:

    packet filtering based on the port number of the recipient

    access-list 101 permit tcp eq 21

    packet filtering based on sender port number

    access-list 101 permit tcp eq 21
    access-list access-list-number {deny | permit} 
    {tcp | udp} source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [established] [log]

    Extended lists should be placed as close to the sender as possible.

    Named Lists A

    command for configuring a named standard or advanced access control list with switching to access control list configuration mode

    ip access-list {standard | extended} name

    Access control list configuration mode command to enter information about mapping criteria and actions related to a named access control list that maps to TCP segments

    {deny | permit} source [source wildcard] [log] 
    {deny | permit} tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [log]

    Editing ACLs using sequence numbers

    Deleting a row with sequence number 20:

    no 20

    Insert a new first line with number 5:

    5 deny

    Before making changes to the access control list, delete it in the interface in which it is set ( no ip access-group ).
    If the lists are created in a text editor (as recommended), then it may be convenient to start each file with the no access-list number command, followed by the configuration commands in the access control list. In this case, after each editing of the file, it is enough to copy and paste the contents of the entire file, using the first line, the entire existing access control list will be deleted, and the remaining instructions will recreate the new list.

    NAT Network Address Translation. Network Address Translation

    NAT Addressing Terms
    Inside localIP Address Assigned to a Host on a Private Enterprise Network
    Inside globalTo represent an internal node when a packet is forwarded through an external network. The NAT router changes the sender address in the packet from internal local to internal global.
    Outside globalThe real IP address assigned to a node located outside the enterprise network, usually on the Internet.
    Outside localNAT can translate external IP addresses. When a NAT router forwards a packet from the internal network to the external, using NAT to change the external address, the IP address representing the external host as the destination IP address in the packet header is called the external local address.

    Translation NAT (PAT) Congestion Allows NAT translation to support multiple clients with just a few public IP addresses.

    NAT dynamic translation table with congestion
    Inside localInside global
    Configuring Static Address Translation

    1. Using an Interface Subcommand
    ip nat inside
    Configure the interfaces so that they are inside the NAT schema.
    2. Using the interface subcommand
    ip nat outside
    Configure the interfaces so that they are on the outside of the NAT scheme.
    3. Configure static transformations using the global configuration command
    ip nat inside source static inside-local inside-global

    Configuring dynamic address translation

    1. Using an interface subcommand
    ip nat inside
    Configure the interfaces so that they are inside the NAT schema.
    2. Using the interface subcommand
    ip nat outside
    Configure the interfaces so that they are on the outside of the NAT scheme.
    3. Configure the ACL corresponding to packets arriving at the internal interfaces for which NAT translation should be applied.
    4. Using the global configuration command, set the pool of registered addresses:
    ip nat pool name first-address last-address mask subnet-mask
    5. Enable dynamic translation by specifying an ACL access list and address pool:
    ip nat source list acl-number pool pool-name

    Configuring NAT Congestion (PAT)

    Same steps as in p. 1-4 to configure dynamic translation

    5. ip nat source list acl-number interface type number overload


    IPv6 Routing Protocols
    Routing protocolDefinedRemarks
    RIPng (RIP Next Generation)RFCReference to “Star Trek: the Next Generation.”
    OSPFv3 (OSPF version 3)RFCIPv4 uses OSPFv2
    EIGRPv6 (EIGRP for IPv6)CiscoCisco owns EIGRP rights, but also publishes it as informational RFCs
    MP BGP-4 (Multiprotocol BGP version 4)RFCBGP version 4 was created highly extensible, IPv6 support was added as an addition to MP BGP-4
    IPv6 Address Types
    A typeFirst hexadecimal character
    Global unicast2 or 3
    Unique localFd
    Global unicast
    Set by IANA, RIR or ISP (P bits)Set by Local Engineer (S bits)(I bits)
    Global routing prefixSubnetInterface id
    P + S + I = 128

    Пример: 2001:DB8:1111:4::1

    Unique Local Unicast
    8 bits40 bits16 bits64 bits
    FdGlobal ID (Pseudo-Random)SubnetInterface id
    Subnet id

    Пример: FD00:1:1:0001::1

    10 bits54 bits64 bits
    FE80 / 101111111010All 0Interface id
    Use of addressIPv6IPv4
    All channel IP nodesFF02 :: 1Broadcast Subnet Address
    All channel routersFF02 :: 2Not
    OSPF MessagesFF02 :: 5,
    FF02 :: 6,
    RIP Messages (Version 2 and NG)FF02 :: 9224.0.0.9
    Сообщения протокола EIGRPFF02::A224.0.0.10
    Агенты пересылки протокола DHCP (маршрутизаторы, осуществляющие пересылку служебных сообщений серверу DHCP)FF02::1:2Нет
    Специальные адреса:
    ::1 (аналог
    :: (unknown, все нули)
    Формат адреса с идентификатором интерфейса и EUI-64
    48 bits16 bits64 bits
    Subnet Prefix Subnet Interface ID
    1st Half of MAC
    Invert 7th Bit, 1st Byte (Reading Left to Right)
    FFFE2nd Half of MAC
    Defined by ConfigurationCalculated by Router Using EUI-64
    Sources of information:
    1. Odom U. CCENT / CCNA ICND1 100-101 Official Cert Guide, 2013
    2. Odom U. Official Guide to Preparing for the Certification Exams CCENT / CCNA ICND1, 2nd ed .: Per. from English - M .: LLC “I.D. Williams, 2009, i.e. this is to the old 640-822,
    3. Odom U. Official Guide to Preparing for the Certification Exams CCNA ICND2, 2nd ed .: Per. from English - M .: LLC “I.D. Williams, 2009, i.e. this is to the old 640-816 and 640-802,
    4. Laemmle T. CCNA Cisco Certified Network Associate, Study Guide, 7th edition, 2011
    5. Transmission of Unicast, Broadcast and Multicast traffic.
    6. KDPV taken from here

    Useful links:

    Also popular now: