Cisco CCNA Quick Notes (Part of ICND1)

Greetings!

In this post, I structured the notes created with the students in the courses in the process of repeating the material covered. Initially, all this was done in a notebook. There are no detailed descriptions in the post, etc. Added a few charts and designed in order. In general, consider the information as short cheat sheets that you can read in the evening before passing the exam to quickly refresh everything in your memory. If it is interesting, then you can lay out ICND2, and there are many other things in the same vein.

Network layer: IP

• 32-bit Address Length
• The notation Dotted-Decimal is used for recording. We beat it in octets of 8 bits, write it in decimal, separate it with a dot: 10.1.1.1

Address classes and first octet rule:

Class	Address range (first octet)	Network / Host Length	First octet rule
A	1-127	8.24	0xxxxxxx
B	128-191	16.16	10xxxxxx
C	192-223	24.8	110xxxxx
D	224-239	Multicast	1110xxxx
E	240-255	Experimental	1111xxxx

The problem of the lack of IP addresses and its solutions:

1. Private / Public addresses
  a. A 10.xxx
  b. B 172.16.xx - 172.31.xx
  c. C 192.168.xx
2. Subnet Mask / VLSM / CIDR
3. NAT
4. IPv6

Transport Layer: UDP / TCP

Protocol	Specifications
TCP	Reliable	Forms a pre-connection (Connection-oriented)
UDP	Unreliable (Best-Effort)	Connection does not form (Connectionless)

The process of forming a TCP connection (3-Way Handshake):



TCP-Window:

• Ability to send N-data segments and get a single ACK.
• Fixed (window size is fixed) & Scaling (exchange changes during the session) Window.

Work with Cisco IOS

Boot process:

1. BIOS> POST
2. BIOS> Bootstrap
3. Bootstrap> iOS
4. IOS> Startup-config

Configuration Methods:
1. CLI
  a. Console
  b. AUX (Routers)
  c. VTY (Telnet / ssh)
2. GUI
  a. Web Server (horror)
  b. SDM
3. SNMP

Configuration Modes:

Title	Description	Invitation	Deep into	Up
USER EXEC	User mode. Almost no rights.	>	enable	exit logout
PRI EXEC	Privileged mode. Administrator rights. Logging, debug. Transition to configuration modes.	#	configure terminal	Exit Logout Disable
GLOBAL CONFIG	Global configuration mode. Parameters that affect the device as a whole are configured.	(config) #	Interface ... Vlan ... Router ... Controller ...	Exit CTRL-Z (immediately in PRI EXEC)
SUB CONFIG	We configure interfaces, vlana, routing protocols, etc.	(config-if) # (config-line) # And etc.		Exit CTRL-Z (immediately in PRI EXEC)

Getting help:

• ? - all mode commands
• ab? - teams starting with ab
• command? - arguments to command

Basic Switch Configuration

!
! Set the device name and domain name. FQDN is required to configure SSH.
!
hostname SW1
ip domain-name CISCO.LOCAL
!
! Create a virtual L3 interface. We throw it in the 1st vlan. Assign IP.
! Turn on.
! For the interface to go up, at least 1 active interface in the specified Vlan is required.
!
interface vlan 1
 ip address 1.1.1.1 255.0.0.0
 no shutdown
!
! Default Gateway in global mode. To administer the switch from other
! networks.
!
ip default-gateway 1.1.1.254
!

Basic Security

!
! Connection Protection (USER EXEC).
!
! Console Port Security
!
line console 0
 login - enable password authentication
 password PASSWORD - password for authentication
!
! Network connection protection. Virtual Terminals (vty).
! We configure and enable only the SSH protocol.
!
! User Creation
!
username ROOT secret CISCO
username ADMIN secret OCSIC
!
! Enabling SSH and key generation
!
crypto key genereate rsa
!
! Configuring vty ports
!
line vty 0 15
 login local - authentication based on user and password database
 transport input ssh - allow only SSH connections
!
! Preferred Mode Protection
!
enable password OCSIC - the password is stored in clear text
enable secret CISCO - password is stored as a hash
!
! Encrypt passwords stored in clear text
!
service password-encryption
!
! Banner creation
!
banner motd @
-------------------------------------------------- ----
Unauthorized access is blah-blah-blah
-------------------------------------------------- - @
!
! Port Security
!
interface fa0 / 1
 switchport mode access
! We define safe (legal) addresses:
! - maximum number of legal addresses
 switchport port-security maximum 10	
! - static indication of a legal address
 switchport port-security mac-address 0001.0002.0003 	
! - dynamic determination of legal addresses and their entry in running-config
 switchport port-security mac-address sticky	
 switchport port-security violation shutdown - in case of violation, disable the port
 switchport port-security - enable port-security on the interface

Verification:

show running-config - current configuration file
show startup-config - boot configuration file
show int - interface information
show int vlan 1
show int fa0 / 1
show ip int brie
show port-security - port security check	
show port-security int fa0 / 1
show port-security address
show version - device information

Saving the configuration file:

copy running-config startup-config

Routing

Metric - route selection within the protocol.

Administrative distance (AD) - choice of a route between protocols. From 0 to 255. Less = better.

Protocol	Metrics	AD
Connected	-	0
Static	-	1
EIGRP	Metric = 256 * (BW + Delay)	90
OSPF	Cost = 100 / BW Mbps	110
Rip	Hop count	120

Protocol Classes:

• Distance Vector (RIP, IGRP, EIGRP)
• Link-State (OSPF, IS-IS)

Masking

Example 1:

192.168.2.0/24

11000000.10101000.00000010. 00000000 192.168.2.0 / 24 network

11111111.11111111.11111111. 00000000 255.255.255.0 mask

11000000.10101000.00000010. 00000001 192.168.2.1 1 host

11000000.10101000.00000010. 11111110 192.168.2.254 Last host

11000000.10101000.00000010. 11111111 192.168.2.255 Broadcast

Example 2:

This range is 195.1.1.0 / 24 divided into visits:

• 2 networks of 30 hosts
• 4 networks of 6 hosts
• 2 transport networks

1.30 hosts 2 ^ n-2> = 30 n = 5
                           ---------
11000011.00000001.00000001.000 00000 195.1.1.0 / 27 Subnet Zero
11111111.11111111.11111111.111 00000 255.255.255.224
11000011.00000001.00000001.000 00001 195.1.1.1 / 27 1 host
11000011.00000001.00000001.000 11110 195.1.1.30 / 27 last host
11000011.00000001.00000001.000 11111 195.1.1.31 / 27 broadcast
11000011.00000001.00000001.001 00000 195.1.1.32 / 27 Second network
11000011.00000001.00000001.001 00001 195.1.1.33 / 27
11000011.00000001.00000001.001 11110 195.1.1.62 / 27
11000011.00000001.00000001.001 11111 195.1.1.63 / 27
11000011.00000001.00000001.010 00000 195.1.1.64 / 27 Third ...
11000011.00000001.00000001.010 00001 195.1.1.65 / 27
11000011.00000001.00000001.010 11110 195.1.1.94 / 27
11000011.00000001.00000001.010 11111 195.1.1.95 / 27
11000011.00000001.00000001.011 00000 195.1.1.96 / 27
11000011.00000001.00000001.011 00001 195.1.1.97 / 27
11000011.00000001.00000001.011 11110 195.1.1.126 / 27
11000011.00000001.00000001.011 11111 195.1.1.127 / 27
...
11000011.00000001.00000001.111 00000 195.1.1.224 / 27
11000011.00000001.00000001.111 00001 195.1.1.225 / 27
11000011.00000001.00000001.111 11110 195.1.1.254 / 27
11000011.00000001.00000001.111 11111 195.1.1.255 / 27
2.6 hosts 2 ^ n-2> = 6 n = 3
11000011.00000001.00000001.010 00 000 195.1.1.64 / 29
11111111.11111111.11111111.111 11 000 255.255.255.248
11000011.00000001.00000001.010 00 001 195.1.1.65 / 29
11000011.00000001.00000001.010 00 110 195.1.1.70 / 29
11000011.00000001.00000001.010 00 111 195.1.1.71 / 29
11000011.00000001.00000001.010 01 000 195.1.1.72 / 29
11000011.00000001.00000001.010 01 001 195.1.1.73 / 29
11000011.00000001.00000001.010 01 110 195.1.1.78 / 29
11000011.00000001.00000001.010 01 111 195.1.1.79 / 29
11000011.00000001.00000001.010 10 000 195.1.1.80 / 29
11000011.00000001.00000001.010 10 001 195.1.1.81 / 29
11000011.00000001.00000001.010 10 110 195.1.1.86 / 29
11000011.00000001.00000001.010 10 111 195.1.1.87 / 29
11000011.00000001.00000001.010 11 000 195.1.1.88 / 29
11000011.00000001.00000001.010 11 001 195.1.1.89 / 29
11000011.00000001.00000001.010 11 110 195.1.1.94 / 29
11000011.00000001.00000001.010 11 111 195.1.1.95 / 29
3.2 hosts n = 2
11000011.00000001.00000001.010 10 0 00 195.1.1.80 / 30
11111111.11111111.11111111.111 11 1 00 255.255.255.252
11000011.00000001.00000001.010 10 0 01 195.1.1.81 / 30
11000011.00000001.00000001.010 10 0 10 195.1.1.82 / 30
11000011.00000001.00000001.010 10 0 01 195.1.1.83 / 30
11000011.00000001.00000001.010 10 1 00 195.1.1.84 / 30
11000011.00000001.00000001.010 10 1 01 195.1.1.85 / 30
11000011.00000001.00000001.010 10 1 10 195.1.1.86 / 30
11000011.00000001.00000001.010 10 1 11 195.1.1.87 / 30

Terminology:

195.1.1.0 / 24 Network (Mask = Class)
195.1.0.0 / 16 Summary (Mask <Class)
195.1.1.0 / 30 Subnet (Mask> Class)
195.1.1.1 / 32 Host (Mask = 32)
0.0.0.0 / 0 Default Route

Using a router as a DHCP server

Configuring RTR-DHCP:

! Exclusive range (router addresses)
!
ip dhcp excluded-address 1.1.1.1 
ip dhcp excluded-address 2.1.1.2 2.1.1.20
!
! Creating an address pool for the network 1.1.1.0 (connected)
!
ip dhcp pool NET1
 network 1.1.1.0 255.255.255.0 - address pool
 default-router 1.1.1.1 - default gateway
 dns-server 1.1.1.1 8.8.8.8 - DNS server
!
!
! Creating an address pool for the 2.2.2.0 network (remote, via relay)
!
ip dhcp pool NET2
 network 2.2.2.0 255.255.255.0 - address pool
 default-router 2.2.2.1 - default gateway
 dns-server 1.1.1.1 8.8.8.8. - DNS server
Verification:
Sh ip dhcp bindings
Sh ip dhcp conflicts
Sh ip dhcp s

RTR-RELAY Setup:

! Forward broadcast packets to the specified address
int fa0 / 1
 ip address 2.2.2.1 255.255.255.0 - interface on the remote network 2.2.2.0	
 ip helper-address 1.1.1.1 - where to forward (DHCP address)
!
! Forward only UDP67 Broadcasts
Ip forward-protocol udp 67

Remote Access (telnet / ssh)

Customer teams	Description
1.1.1.1 HOSTNAME telnet 1.1.1.1 ssh -l USERNAME 1.1.1.1	Open connection
CTRL + SHIFT + 6 - X	return to local session
show sessions	view connections
ENTER-ENTER	return to the last active session (*)
2 Resume 2	return to connection # 2
disconnect 2	close connection # 2
Server Commands	Description
Show users	who is connected
Send	Chat
Clear line vty 1	disable vty 1
Show ssh	view ssh connections

Wan

PPP:

     1. LCP = Link Control Protocol
                a. Compession
                b. Error detection
                c. Authentication
     2. NCP = Network Control Protocol
                a. IPCP
                b. IPV6CP
                c. CDPCP

Configuring Serial Interfaces:

show controllers - defined by DCE or DTE
!
interface serial 1/0		 
 clock rate 64000 - speed in bps (on the DCE interface)
 bandwidth 64 - used to calculate the metric (kbps)
 encapsulation ppp - set encapsulation
 ip address 4.4.4.1 255.255.255.252
 no shutdown	
! 

For check:

Sh interface s1 / 0
Sh controllers s1 / 0

RIP Protocol

Protocols at level 3:

• Routing (RIP, OSPF, EIGRP)
• Routed (IP, IPv6, IPX, AppleTalk)

Routing Protocols:

• IGP - Inside AS (RIP, OSPF, EIGRP)
• EGP - Between AS (BGP)

Routing Protocol Classes:

• Distance-Vector: RIP, IGRP
• Advanced Distance-Vector: EIGRP, BGP
• Link-State: OSPF, IS-IS

VLSM / CIDR Support:

• Classfull (RIPv1, IGRP)
• Classless (RIPv2, BGP, OSPF, EIGRP, IS-IS)

Setup Steps:

• 1. Enable routing protocol
• 2. Select local interfaces. Choosing an interface means that:
• a. Interface sends updates
• b. Interface receives updates
• c. Interface network will be included in updates

Rip:

Rip1	Rip2
Class	Classless
UDP520	UDP520
Updates sends to 255.255.255.255	Updates sends to 224.0.0.9
	Supports authentication
	Supports Manual Summation

Rtr-a

sh ip interface brief - looked at interfaces
!
router rip - enable RIP
 version 2 - enable RIPv2
 network 1.0.0.0 - select local interfaces. In RIP, Class Networks
 network 2.0.0.0
 no auto-summary - disable auto-summarization (the router will transmit 
! subnets, instead of class network addresses)

RTR-B:

router rip			
 version 2			
 network 2.0.0.0
 no auto-summary

Verification:

show ip protocols
show ip route rip 
show ip rip?
debug ip rip

Control

Search for iOS during the boot process:

1. NVRAM: config-register
2. NVRAM: startup-config (boot system commands)
3. First iOS file from Flash:
4. If not found, then 3 times tries to find iOS on tftp (Broadcast)
5. ROMMON

Configuration Register:

• 16 bit
• Each bit somehow affects the boot process
• For the IOS search, bits c 0 through 3 are responsible: 
              o 0x0 ROMMON
              o 0x1 Boot IOS from ROM
              o 0x2-F Standard boot

View and edit:

Show version
Config-register 0x2100 - boot to ROMMON (last 0)
Ios update
sh flash - make sure you have free space
dir flash

If there is no free space for copying a new iOS:

#copy flash: ios.old tftp: //1.1.1.1 - Backup old IOS (just in case)
! Free up space:
! Formatting flash (if not sorry)
#erase flash:						
! Or delete individual files
#del flash: ios.old			
!
#copy tftp: //1.1.1.1/newios flash: - Copy the new iOS
! 
#reload - Reboot

If there is free space:

#copy tftp: //1.1.1.1/newios flash: - Copy the new iOS
(config) #boot system flash: newios - instruct to boot into the new iOS
#copy running startup - Save the config
#reload - Reboot

IOS Recovery:

ROMMON> tftpdnld

Password Recovery:

• Reboot (turn off)
• Click CTRL-Break
• We get into ROMMON

! In ROMMOM, we change the 6th bit (2142) in the configuration register. The value of the bit is
! ignore boot config
ROMMON> confreg 0x2142		
! We are overloaded
ROMMON> reset
! Startup-config will be ignored at boot. We restore it.
#copy startup runn
! We return the configuration register
(config) # config-register 0x2102
! Change password
(config) #enable secret cisco
! Save the config
#copy runn start

Additional monitoring and management teams

show tech-support | redirect tftp: //1.1.1.1/filename - show all
show processes - CPU and RAM usage
show processes cpu history