Ccna Notes
-
Upload
maheshwar-elango -
Category
Documents
-
view
177 -
download
22
Transcript of Ccna Notes
Just Rock it \\m//
Routers – Different IP address
Switch
Network Devices (N/w Devices)
Hub
Switch
Router
Repeater
Bridge
Cable
NIC (Network Interface Card)
Switch :
Works in Layer 2 & 3
Same Network
Topology :
Bus Topology
Star Topology
Ring Topology
Mesh Topology
Extended Star Topology
1
Just Rock it \\m//
Cable :
Co – Axial Cable
Twisted Pair Cable
Fiber Optic Cable
Twisted Pair Cable
STP UTP
Strait Through Cable Cross Over Cable Roll Over Cable
Strait Through Cable :
It is used to connect different devices.
Like : Pc to Switch, Pc to Hub, Router to Switch
Cross Over Cable :
It is used to connect same devices
Pc to Pc, Hub to Hub, Router to Router, Router to Pc
Roll Over Cable :
It is used to connect Router Console to Pc / (Comm Port)
Strait Through Cable Cross Over Cable Roll Over Cable
White Orange - W/O
Orange - O
White Green - W/G
Blue - Blue
White Blue - White Blue
Green - Green
White Brown - W/B
Brown - B
White Orange - White Green
Orange - Green
White Green - White Orange
Blue - Blue
White Blue - White Blue
Green - Orange
White Brown - White Brown
Brown - Brown
White Orange – Brown
Orange – White Brown
White Green – Green
Blue – White Blue
White Blue – Blue
Green – White Green
White Brown – Orange
Brown – White Orange
2
Just Rock it \\m//
Lx, Zx To connect long distance places.
Cat 5e Cable – Connect up to 500 Mts.
ip Adds Related – Pc, Router
Mac Adds Related – Switch ( In organizations)
Binary – Hub ( 12 Ports in small offices not in Organizations. Single input and output.)
Collision Domain – Data Loss.
DB – 9 => Converter – Used for Router Configuration.
HUB Switch
It can not used in Organizations
Singe Collision Domain.
Data Loss is High
It is used in Organizations
Each port has its own collision domain.
Data loss is very very less.
3
Just Rock it \\m//
OSI Layer
OSI – Open System Inter Connect
7. Application Layer - Communications
Hardware 6. Presentation Layer - Encryption / Decryption
Layer 5. Session Layer - Terminate the Session
Heart of OSI 4. Transport Layer - TCP / UDP, Acknowledgement
3. Network Layer - Finding the Shortest Path
Software 2. Data Link Layer - MAC address
Layer 1. Physical Layer - Binary (Convert Signals into Binary)
Routing Protocols Routed Protocols
( Rib, eigrp, OSPF) (ip, ipx)
TCP – ip address
UDP – Domain Names, Like – Google.com, yahoo.com
Layer 1 Devices – Hub
Layer 2 Devices – Switch, NIC
Layer 2 Devices – Router
Private IP Address
Class A : 10.0.0.0 to 10.255.255.255
Class B : 172.16.0.0 to 172.31.255.255
Class C : 192.168.0.0 to 192.168.255.255
Only for LAN
4
Just Rock it \\m//
IP address
IP v 4 32 Bits Binary ( 192.168.1.1)
IP v 6 128 Bits Hexadecimal (2003 : AC13 : 0012 : 42BA : 1234 / 64 )
PING : Package Internet Groper
Ping 127.0.0.1 Loop Back Address
A : 001 – 126 LAN => 1,67,77,214
B : 128 – 191 MAN => 65,534
C : 192 – 223 WAN => 254
D : 224 – 239 Multicasting
E : 240 – 255 Research
10.1.1.1 => Three dots references as ‘Octet”
Single “.” reference as 8 Bits. So 3 dots means 32 Bits.
A : N/w .Host .Host .Host
B : N/w .N/w .Host .Host
C : N/w . N/w . N/w .Host
N/w = 28
Network ID : 10.0.0.0
Broadcast ID : 10.255.255.255
Broadcast ID can not assign automatically.
5
Just Rock it \\m//
Configure IP
IP address : 192.168.1.1
Subnet Mast : 255.255.0.0
Default Gateway : 192.168.1.10
Default DNS Server : 8.8.8.8 (or) 4.4.4.4
For Network Id : Add ( 128 64 32 16 8 4 2 1 ) ( 1 1 1 1 1 1 1 1 )
For Host : Multiply (Starts from 2)
0128 = A class = 1 – 126
1128 064 = B Class = 128 – 191
1128 164 032 = C Class = 192 – 223
CIDR : Classless Inter Domain RoutingDecimal Binary128 1 0 0 0 0 0 0 0192 1 1 0 0 0 0 0 0224 1 1 1 0 0 0 0 0240 1 1 1 1 0 0 0 0248 1 1 1 1 1 0 0 0252 1 1 1 1 1 1 0 0254 1 1 1 1 1 1 1 0255 1 1 1 1 1 1 1 1
10.1.1.1 /24 – CIDR
255.255.255.0 - Subnet mask
28.28.28.0
ie. 8 +8 +8 = 24
6
Just Rock it \\m//
Subnet Mask CIDR
255.0.0.0 /8
255.128.0.0 /9
255.192.0.0 /10
255.224.0.0 /11
255.240.0.0 /12
255.248.0.0 /13
255.252.0.0 /14
255.254.0.0 /15
255.255.0.0 /16
255.255.128.0 /17
255. 255.192.0 /18
255. 255.224.0 /19
255. 255.240.0 /20
255. 255.248.0 /21
255. 255.252.0 /22
255. 255.254.0 /23
255. 255.255.0 /24
255.255.128.0 /25
255. 255. 255.192 /26
255. 255. 255.224 /27
255. 255. 255.240 /28
255. 255. 255.248 /29
255. 255. 255.252 /30
255. 255. 255.254 /31
255. 255. 255.255 /32
7
Just Rock it \\m//
Calculate how many no of subnet per N/w
Calculate how many no of Host per subnet
Calculate Block Size.
Formula for to Calculate
Subnet Mask = 2x
Host ID = 2y – 2
Block Size = 256 – Net mask
1. Ex : 192.168.1.0 /28
/28 : 255.255.255.240
240 : 1 1 1 1 0 0 0 0 ( x = 4, y = 4)
Subnet = 2x = 24 = 16
Host = 2y -2 = 24 -2 = 16 – 2 = 14
Block Size = 256 – Net Mask = 256 – 240 = 16
Subnet Id or Network Id
192.168.1.0 192.168.1.16 192.168.1.32
48,64,80,96,112, 128,144,160,176, 192,208,224,240
Valid First Host Id 192.168.1.1 192.168.1.17 192.168.1.33
Valid Last Host Id 192.168.1.14 192.168.1.30 192.168.1.46
Broadcast Id 192.168.1.15 192.168.1.31 192.168.1.47
2. Ex : 200.1.4.0 /26
/26 : 255.255.255.192
192 : 1 1 0 0 0 0 0 0 ( x = 2, y = 6)
Subnet = 2x = 22 = 4
8
Just Rock it \\m//
Host = 2y -2 = 26 -2 = 64 – 2 = 62
Block Size = 256 – Net Mask = 256 – 192 = 64
Subnet Id or Network Id
200.1.4.0 200.1.4.64 200.1.4.128
192Valid First Host Id 200.1.4.1 200.1.4.65 200.1.4.129
Valid Last Host Id 200.1.4.62 200.1.4.126 200.1.4.190
Broadcast Id 200.1.4.63 200.1.4.127 200.1.4.191
3. Ex : 10.1.1.0 /30
/26 : 255.255.255.252
252 : 1 1 1 1 1 1 0 0 ( x = 6, y = 2)
Subnet = 2x = 26 = 64
Host = 2y -2 = 24 -2 = 4 – 2 = 2
Block Size = 256 – Net Mask = 256 – 252 = 4
Subnet Id or Network Id
10.1.1.0 10.1.1.4 10.1.1.8
12, 16, 20, 24, 28 … 254.
Valid First Host Id 10.1.1.1 10.1.1.5 10.1.1.9
Valid Last Host Id 10.1.1.2 10.1.1.6 10.1.1.10
Broadcast Id 10.1.1.3 10.1.1.7 10.1.1.11
9
Just Rock it \\m//
4. Ex : 192.2.0.0 /22 (important)
/22 : 255.255.252.0
252 : 1 1 1 1 1 1 0 0 . 0 0 0 0 0 0 0 0 ( x = 6, y = 10)
Subnet = 2x = 26 = 64
Host = 2y -2 = 210 -2 = 1024 – 2 = 1022
Block Size = 256 – Net Mask = 256 – 252.0 = 4.0
Subnet Id or Network Id
192.2.0.0 192.2.4.0 192.2.8.0
12.0, 16.0, 20.0Valid First Host Id 192.2.0.1 192.2.4.1 192.2.8.1
Valid Last Host Id 192.2.3.254 192.2.7.254 192.2.11.254
Broadcast Id 192.2.3.255 192.2.7.255 192.2.11.255
0.1 0.255 = 255
1.0 1.255 = 256
2.0 2.255 = 256
3.0 3.254 = 255
Total = 1022
5. Ex : 15.100.0.0 /20
/22 : 255.255.240.0
252 : 1 1 1 1 0 0 0 0 . 0 0 0 0 0 0 0 0 ( x = 4, y = 12)
Subnet = 2x = 24 = 16
Host = 2y -2 = 212 -2 = 4096 – 2 = 4094
Block Size = 256 – Net Mask = 256 – 240.0 = 16.0
Subnet Id or 15.100.0.0 15.100.16.0 15.100.32.0 48.0, 64.0,
10
Just Rock it \\m//
Network Id
80.0, 96.0Valid First Host Id 15.100.0.1 15.100.16.1 15.100.32.1
Valid Last Host Id 15.100.15.254 15.100.31.254 15.100.47.254
Broadcast Id 15.100.15.255 15.100.31.255 15.100.47.255
0.1 0.255 = 255
1.0 1.255 = 256 ..15.0 15.254 = 255
Total = 4094
6. Ex : 10.0.0.0 /13
/13 : 255.248.0.0
252 : 1 1 1 1 1 0 0 0 . 0 0 0 0 0 0 0 0 . 0 0 0 0 0 0 0 0 ( x = 5, y = 19)
Subnet = 2x = 25 = 32
Host = 2y -2 = 219 -2 = 524288 – 2 = 524286
Block Size = 256 – Net Mask = 256 – 248.0.0 = 8.0.0
Subnet Id or Network Id
10.0.0.0 10.8.0.0 10.16.0.0
32.0.0, 48.0.0, 64.0.0, 000
Valid First Host Id 10.0.0.1 10.8.0.1 10.16.0.1
Valid Last Host Id 10.7.254.254 10.15.254.254 10.31.254.254
Broadcast Id 10.7.255.255 10.15.255.255 10.31.255.255
-- x --
Find the host IP for the following Ids :-11
Just Rock it \\m//
1. 216.4.1.64 /27
2. 117.8.1.200 /38
3. 17.2.4.0 /22
4. 20.49.24.0 /21
Ex : 150.8.1.48 /28
/28 : 255.255.255.240
Block Size = 256 – Net Mask = 256 -240 = 16.
0,16,32,48,64
Host Ids = 49 .. 63
1. 216.4.1.64 /27
/27 : 255.255.255.224
Block Size – 256 – Net Mask = 256 – 224 = 32
0,32,64,96,128
Host Ids = 65 – 94
2. 117.8.1.200 /30
/30 : 255.255.255.252
B.S. = 256 – 252 = 4
0,4,8,12, …, 200,204
Host Ids = 201 - 202
3. 100.98.4.128 /25
/25 : 255.255.255.128
B.S. = 256 – 128 = 128
0,128
Host Ids = 129 - 254
12
Just Rock it \\m//
4. 17.2.4.0 /22
/22 : 255.255.252.0
B.S. = 256 – 252.0 = 4.0
4.0, 8.0, 12.0
Host Ids = 4.1 – 7.254
5. 20.49.24.0 /21
/21 : 255.255.248.0
B.S. = 256 – 248.0 = 8.0
0.0, 8.0, 16.0, 24.0, 32.0
Host Ids = 24.1 – 31.254
Find the N/w id for the following ids.
1. 199.4.1.35 /28
2. 10.8.8.255 /22
3. 140.2.1.50 /25
4. 17.88.2.52 /29
Ex : 100.2.1.100 /27
/27 : 255.255.255.224
B.S. = 256 – 224 = 32
0,32,64,96,128
N/w id : 96
1. 199.4.1.35 /28
/28 : 255.255.255.240
B.S. = 256 – 240 = 16
0,16,32,48
N/w id : 32
13
Just Rock it \\m//
2. 10.8.8.255 /22
/22 : 255.255.252.0
B.S. = 256 – 252.0 = 4.0
0.0, 4.0, 8.0, 12.0
N/w id : 8.0
3. 140.2.1.50 /25
/25 : 255.255.255.128
B.S. = 256 – 128 = 128
0, 128
N/w id : 0
4. 17.88.2.52 /29
/29 : 25.255.25.248
B.S. = 256 – 148 = 8
0, 8, 16, 32, 40, 48, 56
N/w id : 48
Ethernet Card Speed
Ethernet Card - 10Mbps
Fast Ethernet Card - 100 Mbps
Gigabyte Ethernet - 1 GB
14
Just Rock it \\m//
Internal & External Components of Router
Router :
Router is a device which makes communication between two or more networks
present in different geographical location.
Routers are data forwarding devices which work at layer 3.
Routers forward data based on logical addresses (IP, IPx, AppleTalk)
Many Companies are manufacturing Routers :
CISCO
Nortel
Multicom
Cydades
Juniper
Dlink
Linksys
3com
CISCO designed the Router into 3 Layers :
Access Layer Router.
Distribution Layer Router.
Core Layer Router.
Access Layer Router :
Routers which are used by small organization.
Used for end user connectivity.
Router series : 800, 1600, 1700, 2500, 2600
15
Just Rock it \\m//
Distribution Layer Router :
Routers which are used by the ISP’s
Used for policy based routing and access control.
Router series : 2600, 3200, 3600, 3700
Core Layer Router :
Routers which are used by the Global ISP’s.
Used for faster surfing access internet.
Router series : 6400, 7200, 7300, 7400, 7500, 7600, 10000, 12000
Console Port :
It is known as Local Administrative Port.
It is used for Initial Configuration.
Password Recovery.
Auxiliary Port :
It is known as Remote Administrative Port.
Used for Remote Administration.
Other Ports :
BRI Ports
Basic Rate Interface used to connect ISDN. It is available on 2503 and 2520 model Routers.
IO Base I Port
Used for connecting LAN to the Router. It is available on 2520 model Router.
WAN Interfaces
Serial interface (SO, SI)
ISDN interface (BRIO)
16
Just Rock it \\m//
LAN Interfaces – Ethernet
AUI (Attachment Unit Interface) (EO)
10 base T.
Administration Interfaces
Console Port.
Auxiliary Port.
Internal Components :
ROM
A bootstrap program is located here.
It contains POST Routines.
Rx boot mode (mini IOs), ROM monitor mode are also located here.
Flash
Internet work Operating System (IOS) is stored here. IOS is command line
interface.
NVRAM
Non volatile RAM
The configuration by the Router is stored permanently when it is saved.
RAM
It is temporary storage memory where running configuration is stored.
The size of RAM is greater than NVRAM.
Processor
Motorola Processor 30 MHz, RISC based processor. ( Reduced Instruction
set computer).
17
Just Rock it \\m//
IP Routing :
Static Route
Default Route
Dynamic Route (Rip, eigrp, OSPF)
Router Modes :
Router > User Mode
Router Privilege Mode
Router (Config) Global Mode
Router (Config-if) Interface Mode
Static Route :
195.168.1.1 S2/0
S2/0 195.168.1.2
Fa0/0 192.168.1.100 Fa0/0 192.168.2.100
192.168.1.1 1.2 192.168.2.1 2.2
18
R1
R2
DCE – Data Communication Equipment
DTE – Data Terminal Equipment
Just Rock it \\m//
Commands to Configure S2/0 and Fa0/0 IPs in Routers
Router > Enable
Router Configure Terminal
Router (config) Host Name cbe
Cbe (config) Interface Fa 0/0
Cbe (config - if) IP address 192.168.1.100 255.255.255.0
Cbe (config-if) No Shutdown
Cbe (config-if) Exit
Cbe (config) Interface S2/0
Cbe (config - if) IP address 195.168.1.1 255.255.255.0
Cbe (config-if) Clock Rate 64000
Cbe (config-if) No Shutdown
Cbe (config-if) End
Router > Enable
Router Configure Terminal
Router (config) Host Name Mas
Mas (config) Interface Fa 0/0
Mas (config - if) IP address 192.168.2.100 255.255.255.0
Mas (config-if) No Shutdown
Mas (config-if) Exit
Mas (config) Interface S2/0
Mas (config - if) IP address 195.168.1.2 255.255.255.0
Mas (config-if) Clock Rate 64000
Mas (config-if) No Shutdown
Mas (config-if) End
19
Just Rock it \\m//
Commands to Connect PCs Through Routers
Cbe # configure terminal
Cbe (config) # ip route 192.168.2.0 255.255.255.0 195.168.1.2 - (Another router’s fa0/0)
Mas # configure terminal
Mas (config) # ip route 192.168.1.0 255.255.255.0 195.168.1.1
Trouble Shoot Commands
Show ip interface brief => Interface Status
Show run => Current Status
Show controllers s2/0 => Serial Port Status
Show ip route => Routing Information
Show cdp neighbour detail => Neighbour Router Information(Cdp – Cisco Discover Protocol)
Show version => Router Model, Configuration, Register value, RAM or NVRAM.
DTE V.35 => Connected
DTE V.11 => Not Connected
20
do is used run any command run in any mode.do is used run any command run in any mode.
Show ip interface brief
Show run
No with command will remove the assigned ip addresses.
wr => To save the configuration in NVRAM. It will work in privilege mode. (or) copy run start.
wr => To save the configuration in NVRAM. It will work in privilege mode. (or) copy run start.
Just Rock it \\m//
110.10.1.1 S2/0 150.150.1.1 S3/0
S2/0 110.10.1.2 S3/0 150.150.1.2
Fa0/0 200.10.1.5 Fa0/0 100.10.1.5 Fa0/0 170.10.1.5
200.10.1.1 1.2 100.10.1.1 1.2 170.10.1.1 1.2
Commands to Configure S2/0 and Fa0/0 IPs in Routers
Router > Enable
Router Configure Terminal
Router (config) Host Name cbe
Cbe (config) Interface Fa 0/0
Cbe (config - if) IP address 200.10.1.5 255.255.255.0
Cbe (config-if) No Shutdown
Cbe (config-if) Exit
Cbe (config) Interface S2/0
Cbe (config - if) IP address 110.10.1.1 255.0.0.0
Cbe (config-if) Clock Rate 64000
Cbe (config-if) No Shutdown
Cbe (config-if) End
Router > Enable21
R1
R2
R2
Just Rock it \\m//
Router Configure Terminal
Router (config) Host Name Tup
Tup (config) Interface Fa 0/0
Tup (config - if) IP address 100.10.1.5 255.0.0.0
Tup (config-if) No Shutdown
Tup (config-if) Exit
Tup (config) Interface S2/0
Tup (config - if) IP address 110.10.1.2 255.0.0.0
Tup (config-if) Clock Rate 64000
Tup (config-if) No Shutdown
Tup (config) Interface S3/0
Tup (config - if) IP address 150.150.1.1 255.255.0.0
Tup (config-if) No Shutdown
Tup (config-if) End
Router > Enable
Router Configure Terminal
Router (config) Host Name Poy
Poy (config) Interface Fa 0/0
Poy (config - if) IP address 170.10.1.5 255.255.0.0
Poy (config-if) No Shutdown
Poy (config-if) Exit
Poy (config) Interface S3/0
Poy (config - if) IP address 150.150.1.2 255.255.0.0
Poy (config-if) Clock Rate 64000
Poy (config-if) No Shutdown
Poy (config-if) End
22
Just Rock it \\m//
Commands to Connect Pcs through Routers
Cbe # configure terminal
Cbe (config) # ip route 100.0.0.0 255.0.0.0 110.10.1.2 - (Second Router fa0/0)
Cbe (config) # ip route 170.10.0.0 255.255.0.0 110.10.1.2 - (Third Router fa0/0)
Tup # configure terminal
Tup (config) # ip route 170.10.0.0 255.255.0.0 150.150.1.2 - (Third Router fa0/0)
Tup (config) # ip route 200.10.1.0 255.255.255.0 110.10.1.1 - (First Router fa0/0)
Poy # configure terminal
Poy (config) # ip route 100.0.0.0 255.255.0.0 150.150.1.1 - (Second Router fa0/0)
Poy (config) # ip route 200.10.1.0 255.255.255.0 150.150.1.1 - (First Router fa0/0)
Commands to Connect Routers
Cbe # configure terminal
Cbe (config) # ip route 150.150.0.0 255.255.0.0 110.10.1.2 - (Third Router S2/0)
Poy # configure terminal
Poy (config) # ip route 110.0.0.0 255.0.0.0 150.150.1.1 - (First Router S2/0)
Default Route
Commands to Connect Pcs through Routers
Cbe # configure terminal
Cbe (config) # ip route 0.0.0.0 0.0.0.0 110.10.1.2 - (Second Router fa0/0)
Cbe (config) # ip route 0.0.0.0 0.0.0.0 110.10.1.2 - (Third Router fa0/0)
Cbe (config) # ip route 0.0.0.0 0.0.0.0 110.10.1.2 - (Third Router S3/0)23
Just Rock it \\m//
Tup # configure terminal
Tup (config) # ip route 0.0.0.0 0.0.0.0 150.150.1.2 - (Third Router fa0/0)
Tup (config) # ip route 0.0.0.0 0.0.0.0 110.10.1.1 - (First Router fa0/0)
Poy # configure terminal
Poy (config) # ip route 0.0.0.0 0.0.0.0 150.150.1.1 - (First Router fa0/0)
Poy (config) # ip route 0.0.0.0 0.0.0.0 150.150.1.1 - (Second Router fa0/0)
Poy (config) # ip route 0.0.0.0 0.0.0.0 150.150.1.1 - (First Router S2/0)
Dynamic Route
Rip version 1 : Class Full
Rip Version 2 : Class Less
Rip – Routing information Protocol )
IGP – Internal Gateway Protocol – Same as Value
EGP – Different as Value
RIP – Bellman Fort Algorithm
EIGRP - Dual Algorithm
OSPF – Dijkstras Algorithm
RIP works on the basis Distance Vector Protocol
Only 16 routers will be used.
RIP is used in small organization.
HOP count is used for counting. ( One HOP is data travels from one router to another router. )
24
Just Rock it \\m//
219.2.1.1 S2/0 178.66.4.1 S3/0
S2/0 219.2.1.2 S3/0 178.66.4.2
Fa0/0 68.49.8.1 Fa0/0 10.21.1.1 Fa0/0 199.44.1.1
68.49.8.2 8.3 10.21.1.2 1.3 199.44.1.2 1.3
Dynamic Route
Commands to Connect Pcs through Routers
R1 # configure terminal
R1 (config) # router rip
R1 (config – router) # network 68.0.0.0
R1 (config – router) # network 219.2.1.0
R2 # configure terminal
R2 (config) # router rip
R2 (config – router) # network 10.0.0.0
R2 (config – router) # network 178.166.0.0
R2 (config – router) # network 219.2.1.0
R3 # configure terminal
R3 (config) # router rip
R3 (config – router ) # network 199.44.1.0
R3 (config – router) # network 178.66.0.0
25
R1
R2
R2
Just Rock it \\m//
Password Settings
Enable password
Enable secret
Console password
Telnet password
Auxiliary password
Enable Password
R1 # configure terminal
R1 (config) # enable password ccna
R1 # exit
Enable Secret
R1 # configure terminal
R1 (config) # enable secret cisco
R1 # exit
Console Password
R1 # configure terminal
R1 (config) # line console 0
R1 (config) # password ccnp
R1 # login
R1 # exit
Telnet Password
R1 # configure terminal
R1 (config) # line vty 0 4
R1 (config) # password ccie
R1 # login
R1 # exit
26
Just Rock it \\m//
Auxiliary Password
R1 # configure terminal
R1 (config) # line aux 0
R1 (config) # password 1234
R1 # login
R1 # exit
Telnet : Telecommunication Network.
SDM : Secure Device Manager.
For Telnet
Type telnet password in R0
Open R1
Type telnet and space any ip address of Router 0
Telnet is used to configure other router from our router. The command is
telnet ip address s2/0 or fa0/0
As Value – Autonomous System Value.
BGP – Border Gateway Protocol.
OSPF – Open shortest Path First.
EIGRP – Enhanced Interior Gateway Routing Protocol.
27
# service password- encryptionThis command is used encrypt the passwords.
# service password- encryptionThis command is used encrypt the passwords.
Just Rock it \\m//
Password Recovery
Password :
[ Power off and on ]
#############
Press ctrl + Break
Romon 1 > confreg 0x2142 (Ram)
Romon 1 > reset
Router > en
Router # configure terminal
Router (config) # config register 0x2102 (NVRAM)
Router (config) # exit
Router # copy startup-config running-config ( nvram to ram)
Router # configure terminal
Router # Line console 0
Router # password 12345
Router # login
Router # end
Router # wr
Router # reload
To Remove Password
Router # line console 0
Router # no password (no enable secret)
Router # no login
Router # end28
Just Rock it \\m//
Rip Version 2 :
=> Ip Save
=> Cost wise Less.
195.20.1.0 /24 2 Users
195.20.1.5 /30 S2/0 195.20.1.9 /30 S3/0
S2/0 195.20.1.6 S3/0 195.20.1.10
Fa0/0 195.20.1.65/26 Fa0/0 195.20.1.17/28 Fa0/0 195.20.1.33/27
195.20.1.66 1.67/26 195.20.1.18 1.19/28 195.20.1.34 1.35/27
/26 : 255.255.255.192
B.S. = 256-192 = 64 => 0, 64, 128,192
/27 : 255.255.255.224
B.S. = 256-224 = 32 => 0, 32, 64, 96
/28 : B.S. = 256-240 = 16 => 0, 16, 32,48
211 /21 : 2048-2 = 2046
210 /22 : 1024-2 = 1022
29 /23 : 512-2 = 510
28 /24 : 256-2 = 254
27 /25 : 128-2 = 126
26 /26 : 64 – 2 = 62
25 /27 : 32 – 2 = 30
24 /28 : 16 – 2 = 14
23 /29 : 8 – 2 = 6
22 /30 : 4 – 2 = 2
Assigning ip address for classless is different from classful. We have to choose the
subnet mask according to the CIDR value.
29
R1
50 Users
R2
10 Users
R2
25 Users
Just Rock it \\m//
Router > Enable
Router Configure Terminal
Router (config) Host Name R1
R1 (config) Interface Fa 0/0
R1 (config - if) IP address 195.20.1.65 255.255.255.192
R1 (config-if) No Shutdown
R1 (config-if) Exit
R1 (config) Interface S2/0
R1 (config - if) IP address 195.20.1.5 255.255.255.252
R1 (config-if) Clock Rate 64000
R1 (config-if) No Shutdown
R1 (config-if) End
R2 (config) Interface S2/0
R2 (config - if) IP address 195.20.1.6 255.255.255.252
R2 (config) Interface S3/0
R2 (config - if) IP address 195.20.1.9 255.255.255.252
R2 (config) Interface Fa 0/0
R2 (config - if) IP address 195.20.1.17 255.255.255.240
R3 (config) Interface S3/0
R3 (config - if) IP address 195.20.1.10 255.255.255.252
R3 (config) Interface Fa 0/0
R3 (config - if) IP address 195.20.1.33 255.255.255.224
Router Route Configuration.
R1 (config) router rip
30
Just Rock it \\m//
R1 (config-router) version 2
R1 (config-router) network 195.20.1.4
R1 (config-router) network 195.20.1.64
R2 (config) router rip
R2 (config-router) version 2
R2 (config-router) network 195.20.1.4
R2 (config-router) network 195.20.1.8
R2 (config-router) network 195.1.16
R3 (config) router rip
R3 (config-router) version 2
R3 (config-router) network 195.20.1.8
R3 (config-router) network 195.20.1.32
14.3.12.0 /16 2 Users
14.3.12.5 /30 S2/0 14.3.12.9 /30 S3/0
S2/0 14.3.12.6/30 S3/0 14.3.12.10/30
Fa0/0 14.3.4.1/22 Fa0/0 14.3.128.1/17 Fa0/0 14.3.32.1/19
14.3.4.2 4.3/22 14.3.128.2 128.3/17 14.3.32.3 32.4/19
31
R1
1000 Users
R2
20000 Users
R3
5000 Users
Just Rock it \\m//
/22 : 255.255.252.0
B.S. = 256-252.0 = 4.0 => 4.0, 8.0, 12.0
/17 : 255.255.128.0
B.S. = 256-128.0 = 128.0 => 0, 128.0
/19 : B.S. = 256-224.0 = 32.0, 64.0
211 /21 : 2048-2 = 2046
210 /22 : 1024-2 = 1022
29 /23 : 512-2 = 510
28 /24 : 256-2 = 254
27 /25 : 128-2 = 126
26 /26 : 64 – 2 = 62
25 /27 : 32 – 2 = 30
24 /28 : 16 – 2 = 14
23 /29 : 8 – 2 = 6
22 /30 : 4 – 2 = 2
Assigning ip address for classless is different from classful. We have to choose the
subnet mask according to the CIDR value.
Router > Enable
Router Configure Terminal
Router (config) Host Name R1
R1 (config) Interface Fa 0/0
R1 (config - if) IP address 14.3.4.1 255.255.252.0
R1 (config-if) No Shutdown
R1 (config-if) Exit
R1 (config) Interface S2/0
R1 (config - if) IP address 14.3.12.5 255.255.255.252
R1 (config-if) Clock Rate 64000
R1 (config-if) No Shutdown
R1 (config-if) End
R2 (config) Interface S2/0
R2 (config - if) IP address 14.3.12.6 255.255.255.252
R2 (config) Interface S3/0
R2 (config - if) IP address 14.3.12.9 255.255.255.252
R2 (config) Interface Fa 0/0
R2 (config - if) IP address 14.3.128.1 255.255.128.032
Just Rock it \\m//
R3 (config) Interface S3/0
R3 (config - if) IP address 14.3.12.10 255.255.255.252
R3 (config) Interface Fa 0/0
R3 (config - if) IP address 14.3.32.1 255.255.224.0
Router Route Configuration.
R1 (config) router rip
R1 (config-router) version 2
R1 (config-router) network 14.3.12.4
R1 (config-router) network 14.3.4.0
R2 (config) router rip
R2 (config-router) version 2
R2 (config-router) network 14.3.12.4
R2 (config-router) network 14.3.12.8
R2 (config-router) network 14.3.128.0
R3 (config) router rip
R3 (config-router) version 2
R3 (config-router) network 14.3.12.8
R3 (config-router) network 14.3.32.0
33
Just Rock it \\m//
EIGRP :
219.2.1.1 S2/0 178.66.4.1 S3/0
S2/0 219.2.1.2 S3/0 178.66.4.2
Fa0/0 68.49.8.1 Fa0/0 10.21.1.1 Fa0/0 199.44.1.1
68.49.8.2 8.3 10.21.1.2 1.3 199.44.1.2 1.3
Dynamic Route
Commands to Connect Pcs through Routers
R1 # configure terminal
R1 (config) # router eigrp 10 ( 10 is as value, u could use the same ‘as’ value for each router.)
R1 (config – router) # network 68.0.0.0
R1 (config – router) # network 219.2.1.0
R1 (config – router) # no auto-summary
R2 # configure terminal
R2 (config) # router eigrp 10
R2 (config – router) # network 10.0.0.0
R2 (config – router) # network 178.166.0.0
R2 (config – router) # network 219.2.1.0
R1 (config – router) # no auto-summary
R3 # configure terminal
R3 (config) # router eigrp 1034
R1
R2
R3
Just Rock it \\m//
R3 (config – router ) # network 199.44.1.0
R3 (config – router) # network 178.66.0.0
R1 (config – router) # no auto-summary
OSPF – Open Shortest Path First :
199.41.1.1 S2/0 216.3.1.1 S3/0
S2/0 199.41.1.2 S3/0 216.3.1.2
Fa0/0 172.16.1.1 Fa0/0 10.28.4.1 Fa0/0 121.22.22.1
172.16.1.2 1.3 10.28.4.2 4.3 121.22.22.2 22.3
Commands to Connect Pcs through Routers
R1 # configure terminal
R1 (config) # router ospf 10 ( 10 Process Id, u can change this for each routers.)
R1 (config – router) # network 172.16.0.0 0.0.255.255 area 0 (Have to minus from subnet)
R1 (config – router) # network 199.41.1.0 0.0.0.255 area 0
R2 # configure terminal
R2 (config) # router ospf 15
R2 (config – router) # network 10.0.0.0 0.255.255.255 area 0
R2 (config – router) # network 199.41.1.0 0.0.0.255 area 0
R2 (config – router) # network 216.3.1.0 0.0.0.255 area 0
35
R1
R2
R3
Just Rock it \\m//
R3 # configure terminal
R3 (config) # router ospf 20
R3 (config – router ) # network 216.3.1.0 0.0.0.255 area 0
R3 (config – router) # network 121.0.0.0 0.255.255.255 area 0
debug ip ospf events
debug ip rip events
debug ip eigrp events
Traceroute 121.22.22.2
OSPF – Class Less – Open Shortest Path First :
2 Users
172.16.4.201 /30 S2/0 172.16.4.181 /30 S3/0
S2/0 72.16.4.202/30 S3/0 172.16.4.182/30
Fa0/0 172.16.4.33/28 Fa0/0 172.16.8.1/22 Fa0/0 172.16.4.81/29
172.16.4.34 4.35/28 172.16.8.2 8.3/22 172.16.4.81 4.82/29
36
R1
R2
R3
Just Rock it \\m//
Commands to Connect Pcs through Routers
R1 # configure terminal
R1 (config) # router ospf 10 ( 10 Process Id, u can change this for each routers.)
R1 (config – router) # network 172.16.4.32 0.0.0.15 area 0 (Have to minus from subnet)
R1 (config – router) # network 172.16.4.200 0.0.0.3 area 0
R2 # configure terminal
R2 (config) # router ospf 15
R2 (config – router) # network 172.16.4.200 0.0.0.3 area 0
R2 (config – router) # network 172.16.4.180 0.0.0.3 area 0
R2 (config – router) # network 172.16.8.0 0.0.0.16 area 0
R3 # configure terminal
R3 (config) # router ospf 20
R3 (config – router) # network 172.16.4.180 0.0.0.3 area 0
R3 (config – router) # network 172.16.4.80 0.0.0.8 area 0
37
OSPF Authentication :
# configure terminal
# int s2/0
# ip ospf authentication-key mksekar (Password)
# exit
# router ospf 15 (Process id should same with route configuration.)
# area 0 authentication
# end
OSPF Authentication :
# configure terminal
# int s2/0
# ip ospf authentication-key mksekar (Password)
# exit
# router ospf 15 (Process id should same with route configuration.)
# area 0 authentication
# end
Just Rock it \\m//
Multiple Route Configuration :
10.1.1.1 /24 20.1.1.1 /24
R5 # configure terminal
R5 (config) # router eigrp 10 ( As Value - Autonomous System Value)
R5 (config – router) # network 210.22.1.8
R5 (config – router) # network 210.22.1.12
R5 (config – router) # network 210.22.1.24
R5 (config – router) # no auto-summary
R5 # exit
R5 (config) # router rip
R5 (config – router) # version 2
R5 (config – router) # network 210.22.1.8
R5 (config – router) # network 210.22.1.12
R5 (config – router) # network 210.22.1.24
38
RIP V2
S3/0 - 210.22.1.14 /30S2/0 - 210.22.1.17 /30
S6/0 - 210.22.1.13 /30
S3/0 - 210.22.1.9 /30
S3/0 - 210.22.1.10 /30
S2/0 - 210.22.1.6 /30
S2/0 - 210.22.1.26 /30
S2/0 - 210.22.1.25 /30
S3/0 - 210.22.1.22 /30
S3/0 - 210.22.1.21 /30
S2/0 - 210.22.1.5 /30
R1
R3
R2R4 R5
S6/0 - 210.22.1.18 /30
EIGRP
OSPF
EIGRP, OSPF, RIP V2
Just Rock it \\m//
R5 # exit
R5 (config) # router ospf 20
R5 (config – router) # network 210.22.1.8 0.0.0.3 area 0
R5 (config – router) # network 210.22.1.12 0.0.0.3 area 0
R5 (config – router) # network 210.22.1.24 0.0.0.3 area 0
R4 # configure terminal
R4 (config) # router eigrp 10
R4 (config – router) # network 210.22.1.4
R4 (config – router) # network 210.22.1.16
R4 (config – router) # network 210.22.1.20
R4 (config – router) # no auto-summary
R4 # exit
R4 (config) # router rip
R4 (config – router) # version 2
R4 (config – router) # network 210.22.1.4
R4 (config – router) # network 210.22.1.16
R4 (config – router) # network 210.22.1.20
R4 # exit
R4 (config) # router ospf 20
R4 (config – router) # network 210.22.1.4 0.0.0.3 area 0
R4 (config – router) # network 210.22.1.16 0.0.0.3 area 0
R4 (config – router) # network 210.22.1.20 0.0.0.3 area 0
R1 # configure terminal
R1 (config) # router eigrp 10
R1 (config – router) # network 210.22.1.4
R1 (config – router) # network 210.22.1.8
R1 (config – router) # no auto-summary
39
Just Rock it \\m//
R2 # configure terminal
R2 (config) # router rip
R2 (config) # version 2
R2 (config – router) # network 210.22.1.20
R2 (config – router) # network 210.22.1.24
R3 # configure terminal
R3 (config) # router ospf 20
R3 (config – router) # network 210.22.1.16 0.0.0.3 area 0
R3 (config – router) # network 210.22.1.12 0.0.0.3 area 0
Multiple Area OSPF Route Configuration :
195. 20.1.5 /30 1.9 /30 ASBR 1.13 /30 1.21 /30
1.6 /30 1.10 /30 1.14 /30 1.22 /30
10.1.1.1 /24 170.2.1.1 /24 192.168.1.1 /24 20.1.1.1 /24 123.21.1.1 /24
1.2 1.2 1.2 1.2 1.2
Area 1 Area 0 Area 2
R1 # configure terminal
R1 (config) # router ospf 20
R1 (config – router) # network 195.20.1.4 0.0.0.3 area 1
R1 (config – router) # network 10.1.1.0 0.0.0.255 area 1
40
R1
R3
R2
R4
R5
ASBR – Autonomous System Boundary Router.ASBR – Autonomous System Boundary Router.
Just Rock it \\m//
R2 # configure terminal
R2 (config) # router ospf 20
R2 (config – router) # network 195.20.1.4 0.0.0.3 area 1
R2 (config – router) # network 195.20.1.8 0.0.0.3 area 0
R2 (config – router) # network 172.2.1.0 0.0.0.255 area 1
R3 # configure terminal
R3 (config) # router ospf 20
R3 (config – router) # network 195.20.1.12 0.0.0.3 area 1
R3 (config – router) # network 195.20.1.8 0.0.0.3 area 0
R3 (config – router) # network 192.168.1.0 0.0.0.255 area 1
R4 # configure terminal
R4 (config) # router ospf 20
R4 (config – router) # network 195.20.1.12 0.0.0.3 area 0
R4 (config – router) # network 195.20.1.20 0.0.0.3 area 2
R4 (config – router) # network 20.1.1.0 0.0.0.255 area 2
R5 # configure terminal
R5 (config) # router ospf 20
R5 (config – router) # network 195.20.1.20 0.0.0.3 area 2
R5 (config – router) # network 123.21.1.0 0.0.0.255 area 2
Debug ip rib => is used to show background information of router.
41
Just Rock it \\m//
Rules of Routing :
Head office Ethernet interface should be in the same network as you head office LAN and similarly on branch office side.
Head office S0 and Branch office S1 should be in same network.
Head office LAN and branch office LAN should be in different network.
All interface of router should be in different network.
Types of Routing :
Static Routing
Default Routing
Dynamic Routing
Static Routing :
It is configured by administrator manually
Mandatory need of destination Network id.
It is secure and fast.
Used for small organizations with a network of 10-15 routers.
Administrative distance for static route is 0 & 1. It is “trustworthiness” of the
routing information. Lesser the administrative distance, higher the preference.
Disadvantage of Static Routing :
Administrative work is more.
Compulsory need of destination network ids.
Used only for small organizations.
It can not dynamically update topology changes.42
Just Rock it \\m//
Default Routing :
A default routing protocol is configured for unknown destinations.
Generally used in the internet where the destinations are unknown.
Example : The address of yahoo.com is unknown.
Configured at the end points.
It is the last preferred routing.
Dynamic Routing :
Advantage of Dynamic over Static :
There is no need to know the destination networks.
Need to advertise the directly connected networks.
Updates the topology changes dynamically.
Administrative work is reduced.
Used for large organizations.
Type of Dynamic Routing Protocols :
Distance Vector Protocol.
Link State Protocol.
Hybrid Protocol.
Distance Vector Protocol :
Works with Bellman Ford algorithm.
Periodic Updates.
43
Just Rock it \\m//
Classful routing protocol.
Full routing tables are exchanged.
Updates are through broadcast.
Also known as “Routing By Rumor”.
Example : RIP, IGRP.
Link State Protocol :
Works with Dijkstra Algorithm.
Link state updates.
Classless routing protocol.
Missing routes are exchanged.
Updates are through multicast.
Also known as “Routing by Intelligence”
Example : OSPF, IS-IS.
Hybrid Protocol :
Works with Dual algorithm.
Link state updates.
Classless routing protocols.
Missing routes are exchanged.
Updates are through multicast.
Also known as “Routing by intelligence”.
Ex : EIGRP
44
Just Rock it \\m//
Routing Information Protocol :
Open Standard Protocol
Classfull routing protocol
Updates are broadcasted via 255.255.255.255
Administrative distance is 120
Metric: Hop count
Max Hop counts: 15 Max routers : 16
Load Balancing of 4 equal paths
Used for small organizations
Update timer: 30 sec
- Time between consecutive updates
Invalid timer: 180 sec
- Time a router waits to hear updates
- The route is marked unreachable if there is no update during this interval.
Flush timer: 240 sec
- Time before the invalid route is purged from the routing table
Hold down timer: 18Osec
- Specifies the amount of time for which the information about poorer routes are ignored.
Disadvantages of RIP :
More Bandwidth utilization
Doesn’t consider the bandwidth, works only with hop counts
Slow convergence
Formation of Routing loops
45
Just Rock it \\m//
SWITCHING :
Manageable – Console Port Available.
Non – Manageable.
Switching Types :
VLAN and VTP
VLAN – Traffic will be reduced
10.1.1.1 1.2 1.3 1.4 1.5 1.6
Vlan 2 Vlan 3 Vlan 4
Switch > enable
Switch # configure terminal
Switch(config) # vlan 2
Switch(config) # name HR
Switch(config) # vlan 3
Switch(config) # name Mark
Switch(config) # vlan 4
Switch(config) # name CCNA
Switch(config) # exit
Switch # configure terminal
46
0/1 0/2 0/3 0/4 0/5 0/6
Just Rock it \\m//
Switch(config) # interface range fastEthernet 0/1-fastEthernet 0/2
Switch(config-if-range) # switchport access vlan 2
Switch(config-if-range) # interface range fa0/3-fa0/4
Switch(config-if-range) # switchport access vlan 3
Switch(config-if-range) # interface range fa0/5-fa0/6
Switch(config-if-range) # switchport access vlan 4
Switch(config-if-range) # end
Switch # show vlan
Switch > enable
Switch # configure terminal
Switch # interface vlan 2
Switch # ip address 10.1.1.100 255.0.0.0
Switch # no shutdown
VTP – Virtual Trunk Port :
Fa0/0 Fa0/0.1 – 10.1.1.1, Fa0/0.2 – 20.1.1.1, Fa0/0.3 – 30.1.1.1, Fa0/0.4 – 40.1.1.1.
10.1.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3 40.1.1.2 1.3
Vlan 2 Vlan 3 Vlan 4 Vlan 5
47
0/1 0/2 0/3 0/4 0/5 0/6 0/1 0/2 0/3 0/4 0/5
R1
Just Rock it \\m//
Switch > enable
Switch # configure terminal
Switch(config) # vlan 2
Switch(config) # name CCNA
Switch(config) # vlan 3
Switch(config) # name CCNP
Switch(config) # exit
Switch # configure terminal
Switch(config) # interface range fastEthernet 0/2-fastEthernet 0/3
Switch(config-if-range) # switchport access vlan 2
Switch(config-if-range) # interface range fa0/4-fa0/5
Switch(config-if-range) # switchport access vlan 3
Switch(config-if-range) # interface range fa0/1
Switch(config-if-range) # switchport mode trunk
Switch(config-if-range) # interface range fa0/6
Switch(config-if-range) # switchport mode trunk
Switch(config-if-range) # end
Switch # show vlan
R1 > enable
R1 # configure terminal
R1 (config) # interface fa0/0
R1 (config-if) # no shutdown
R1 (config-if) # interface fa0/0.1
R1 (config-subif) # encapsulation dot1Q 2
R1 (config-subif) # ip address 10.1.1.1 255.0.0.0
R1 (config-subif) # interface fa0/0.2
R1 (config-subif) # encapsulation dot1Q 3
R1 (config-subif) # ip address 20.1.1.1 255.0.0.048
Just Rock it \\m//
R1 (config-subif) # interface fa0/0.3
R1 (config-subif) # encapsulation dot1Q 4
R1 (config-subif) # ip address 30.1.1.1 255.0.0.0
R1 (config-subif) # interface fa0/0.4
R1 (config-subif) # encapsulation dot1Q 5
R1 (config-subif) # ip address 40.1.1.1 255.0.0.0
R1 (config-subif) # end
R1 # wr
Sw2 > enable
Sw2 # configure terminal
Sw2(config) # vlan 4
Sw2(config) # name Cisco
Sw2(config) # vlan 5
Sw2(config) # name Poy
Sw2(config) # exit
Sw2 # configure terminal
Sw2(config) # interface range fa0/2-fa0/3
Sw2(config-if-range) # switchport access vlan 3
Sw2(config-if-range) # interface range fa0/4-fa0/5
Sw2(config-if-range) # switchport access vlan 4
49
Just Rock it \\m//
VTP – Virtual Trunk Port with Hub :
Fa0/0 Fa0/0.1 – 195.68.1.1, Fa0/0.2 – 200.1.1.1, Fa0/0.3 – 10.1.1.1.
195.68.1.2 1.3 200.1.1.2 1.3 10.1.1.2 1.3 1.4 1.5
Vlan 2 Vlan 3 Vlan 4
Switch > enable
Switch # configure terminal
Switch(config) # vlan 2
Switch(config) # name CCNA
Switch(config) # vlan 3
Switch(config) # name CCNP
Switch(config) # vlan 4
Switch(config) # name Cisco
Switch(config) # exit
Switch # configure terminal
Switch(config) # interface range fa0/2-fa0/3
Switch(config-if-range) # switchport access vlan 2
Switch(config-if-range) # interface range fa0/4-fa0/5
50
0/1 0/2 0/3 0/4 0/5 0/6
R1
Hub
Just Rock it \\m//
Switch(config-if-range) # switchport access vlan 3
Switch(config-if-range) # interface range fa0/6
Switch(config-if-range) # switchport access vlan 4
Switch(config-if-range) # interface range fa0/1
Switch(config-if-range) # switchport mode trunk
Switch(config-if-range) # end
Switch # show vlan
R1 > enable
R1 # configure terminal
R1 (config) # interface fa0/0
R1 (config-if) # no shutdown
R1 (config-if) # interface fa0/0.1
R1 (config-subif) # encapsulation dot1Q 2
R1 (config-subif) # ip address 195.68.1.1 255.255.255.0
R1 (config-subif) # interface fa0/0.2
R1 (config-subif) # encapsulation dot1Q 3
R1 (config-subif) # ip address 200.1.1.1 255.255.255.0
R1 (config-subif) # interface fa0/0.3
R1 (config-subif) # encapsulation dot1Q 4
R1 (config-subif) # ip address 10.1.1.1 255.0.0.0
R1 (config-subif) # end
R1 # wr
51
Just Rock it \\m//
How to take Backup :
R1 > enable
R1 # configure terminal
R1 (config) # interface fa0/0
R1 (config-if) # ip address 192.168.1.1 255.255.255.0
R1 (config-if) # no shutdown
R1 (config-if) # exit
R1 (config) # enable secret ccna
R1 (config) # line console 0
R1 (config) # password pollachi
R1 (config) # login
R1 (config) # end
R1 # show version
Copy flash image
Copy flash tftp
Source file name [] : paste flash file name
Address (or) Remote Name : 192.168.1.2 (Server Address)
Destination file name [] :
Copy startup-config tftp
How to Upgrade IOS :
Rommon1 > Reset
Boot failed
Rommon2 > IP_ADDRESS = 192.168.1.1
Rommon3 > IP_SUBNET_MASK = 255.255.255.0
Rommon4 > DEFAULT_GATEWAY = 192.168.1.1
Rommon5 > TFT_SERVER = 192.168.1.2
Rommon6 > TFT_FILE = Paste the file name
Rommon7 > tftpdnld52
Just Rock it \\m//
Access – Control List :
It is used to filter the unknown packets.
Type of Attack :
Worm
Virus
DOS – Denied of Service
Trojan
ACL
IP IPx
Name Number
Standard Extended Standard Extended
53
Just Rock it \\m//
Standard Access Control List :
50.1.1.1 S2/0 60.1.1.2 S3/0
S2/0 50.1.1.2 S3/0 60.1.1.3
Fa0/0 10.1.1.1 Fa0/0 20.1.1.1 Fa0/0 30.1.1.1
10.1.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3
Assign ips and routing for communication.
Deny a Network :
R1 # configure terminal
R1(config) # access-list 15 deny 10.0.0.0 0.255.255.255
R1(config) # interface fa0/0
R1(config-if ) # ip access-group 15 in
R1(config-if) # end
R1#
54
R1
R2
R3
Just Rock it \\m//
Permit a Telnet :
50.1.1.1 S2/0 60.1.1.2 S3/0
S2/0 50.1.1.2 S3/0 60.1.1.3
Fa0/0 10.1.1.1 Fa0/0 20.1.1.1 Fa0/0 30.1.1.1
10.1.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3
Assign ips and routing for communication.R1 # configure terminal
R1 (config) # access-list 20 permit 60.1.1.3 (serial interface of the router)
R1 (config) # line vty 0 4
R1(config) # ip access-class 20 in
R1(config-if ) # end
R1 #
R2 # telnet 50.1.1.1Trying 50.1.1.1 ...% Connection refused by remote hostR2 #
R3#telnet 50.1.1.1Trying 50.1.1.1 ...OpenUser Access VerificationPassword: R1>exit[Connection to 50.1.1.1 closed by foreign host]R3#
55
R1
R2
R3
Just Rock it \\m//
Host to Network :
50.1.1.1 S2/0 60.1.1.2 S3/0
S2/0 50.1.1.2 S3/0 60.1.1.3
Fa0/0 192.168.1.1 Fa0/0 20.1.1.1 Fa0/0 30.1.1.1
192.168.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3
Assign ips and routing for communication.R1 # configure terminal
R1(config) # access-list 15 deny 20.1.1.2 0.0.0.0
R1(config) # access-list 15 permit any
R1(config) # int fa0/0
R1(config-if) # ip access-group 15 out
R1(config-if) # end
R1 #
%SYS-5-CONFIG_I: Configured from console by console
R1 #
56
R1
R2
R3
Just Rock it \\m//
Extended Access List :
50.1.1.1 S2/0
S2/0 50.1.1.2
Fa0/0-10.1.1.1 Fa0/0-20.1.1.1 Fa0/0-30.1.1.1 Fa0/0-40.1.1.1
10.1.1.2 1.3 20.1.1.2 1.3 30.1.1.2 1.3 40.1.1.2 1.3
Assign ips and routing for communication.
Deny a host to host using access list
R1 # configure terminal
R1(config) # access-list 100 deny ip host 10.1.1.2 host 40.1.1.3
R1(config) # access-list 100 permit ip any any
R1(config) # int fa0/0
R1(config-if) # ip access-group 100 in
R1(config-if) # end
R1 #
Deny a host to a network using access list
R1 # configure Terminal
R1(config) # access-list 150 deny ip host 20.1.1.3 40.0.0.0 0.255.255.255
R1(config) # access-list 150 permit ip any any
R1(config) # int fa1/0
R1(config-if) # ip access-group 150 in
R1(config-if) # end
R1#
57
R1
R2
Just Rock it \\m//
Deny a Network to a Network using access list
R1 # configure Terminal
R1(config) # access-list 151 deny ip 20.0.0.0 0.255.255.255 40.0.0.0 0.255.255.255
R1(config) # access-list 151 permit ip any any
R1(config) # int fa1/0
R1(config-if) # ip access-group 151 in
R1(config-if) # end
R1#
Online Exam Question :
195.20.160.65/30 S2/0
S2/0 195.20.160.66/30
Fa0/0-172.22.242.30/28 Fa0/0-192.168.33.254 /24
172.22.242.23/28 242.24 192.168.33.1/24 33.2 33.3 33.4
Assign ips and routing for communication.Deny a host to host using access listR2 # configure terminal
R2(config) # access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
R2(config) # access-list 100 deny tcp any host 172.22.242.23 eq 80
R2(config) # access-list 100 permit ip any any
R2(config) # int fa0/0
R2(config-if) # ip access-group 100 out
R2(config-if) # end
R2 # 58
R1
R2
S S
Just Rock it \\m//
OSPF routing, Telnet to a particular PC and Block two pcs :
192.6.1.5/30 S2/0 192.6.1.9/30 S2/0
S2/0 1.6/30 S3/0 1.10/30
Fa0/0-192.6.1.24/28 Fa0/0-192.1.2.6 /23 Fa0/0-192.1.1.49 /29 Fa1/0.1-10.1.1.65 /27 Fa1/0.2-10.1.1.129 /26
1
1.18/28 1.19 2.2/23 2.3 1.50/29 1.51 1.66/28 1.67 1.129/28 1.130
Assign ips and routing for communication.
Router > enable
Router # configure terminal
Router(config) # hostname R3
R3(config) # end
R3 #
Router # configure terminal
R3(config) # int fa1/0
R3(config-if) # no sh
R3(config-if) # int fa1/0.1
R3(config-subif) # encapsulation dot1Q 2
R3(config-subif) # ip ad 10.1.1.65 255.255.255.224
R3(config-subif) # int fa1/0.2
R3(config-subif) # encapsulation dot1Q 3
R3(config-subif) # ip ad 10.1.1.129 255.255.255.192
R3 # sh ip ro
59
R1
R2
R3
Just Rock it \\m//
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.64/27 is directly connected, FastEthernet1/0.1
C 10.1.1.128/26 is directly connected, FastEthernet1/0.2
192.6.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.6.1.8/30 is directly connected, Serial2/0
C 192.6.1.48/29 is directly connected, FastEthernet0/0
R3 # conf t
R3(config) # router ospf 12
R3(config-router) # network 10.1.1.64 0.0.0.31 area 0
R3(config-router) # network 10.1.1.128 0.0.0.63 area 0
R3(config-router) # network 192.6.1.8 0.0.0.3 area 0
00:51:18: %OSPF-5-ADJCHG: Process 12, Nbr 192.6.2.6 on Serial2/0 from LOADING to FULL, Loading Done
R3(config-router) # network 192.6.1.48 0.0.0.7 area 0
R3(config-router) # do wr
Building configuration...
[OK]
R3(config-router) # end
%SYS-5-CONFIG_I: Configured from console by console
R3 #
Switch > enable
Switch # configure terminal
Switch(config) # vlan 2
Switch(config-vlan) # name ccna
Switch(config-vlan) # vlan 3
Switch(config-vlan) # name ccnp
Switch(config-vlan) # exit
Switch(config) # interface range fa0/2-3
Switch(config-if-range) # switchport access vlan 2
Switch(config-if-range) # interface range fa0/4-5
60
Just Rock it \\m//
Switch(config-if-range) # switchport access vlan 3
Switch(config-if-range) # int fa0/1
Switch(config-if) # switchport mode trunk
Switch(config-if) # end
Switch >
Deny a host to host :
R2 # enable
R2 # configure terminal
R2(config) # access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
R2(config) # access-list 111 ?
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
R2(config) # access-list 111 deny ?
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
ip Any Internet Protocol
ospf OSPF routing protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
R2(config) # access-list 112 deny ip ?
A.B.C.D Source address
any Any source host
host A single source host
R2(config) # access-list 112 deny ip host ?61
Just Rock it \\m//
A.B.C.D Source address
R2(config) # access-list 111 deny ip host 192.6.2.3 host 192.6.1.50
R2(config) # access-list 111 permit ip any any
R2(config) # interface fa0/0
R2(config-if) # ip access-group 111 in
R2(config-if) #
R1 # configure terminal
R1(config) # line vty 0 5
R1(config-line) # password mksekar
R1(config-line) # login
R1(config-line) # exit
R1(config) # enable secret ccna
R1(config) #
PC > telnet 192.6.1.5
Trying 192.6.1.5 ...Open
User Access Verification
Password:
R1>enable
Password:
R1#exit
[Connection to 192.6.1.5 closed by foreign host]
PC > telnet 192.6.1.6
Trying 192.6.1.6 ...Open
[Connection to 192.6.1.6 closed by foreign host]
PC >
PC > telnet 195.6.1.5
Trying 195.6.1.5 ...
% Connection timed out; remote host not responding
PC >
62
Just Rock it \\m//
Permit a particular Pc to Telnet with R1 :
R1 # configure terminal
R1(config) # access-list 11 permit 10.1.1.66
R1(config) # line vty 0 5
R1(config-line) # access-class 11 in
R1(config-line) #
From other Pcs and Routers :
R2#telnet 192.6.1.5
Trying 192.6.1.5 ...
% Connection refused by remote host
R2#
From the pc 10.1.1.66 :
PC > telnet 192.6.1.5
Trying 192.6.1.5 ...Open
User Access Verification
Password:
R1>enable
Password:
R1#exit
63
Just Rock it \\m//
DHCP - Dynamic Host Configuration Protocol :
Router > enable
Router # configure terminal
Router(config) # hostname R1
R1(config) # end
R1 #
R1 # configure terminal
R1(config) # interface FastEthernet0/0
R1(config-if) # ip address 192.168.1.1 255.255.255.0
R1(config-if) # no shutdown
R1(config-if) # exit
R1(config) # ip dhcp excluded-address 192.168.1.1 192.168.1.11
R1(config) # ip dhcp pool mksekar
R1(dhcp-config) # network 192.168.1.0 255.255.255.0
R1(dhcp-config) # default-router 192.168.1.1
R1(dhcp-config) # end
R1#
64
R1
Just Rock it \\m//
65
Just Rock it \\m//
Using Layer 3 Switch (Multi User) to assign Dynamic Host Ips automatically :
0/6 0/3 0/2 0/3 0/3 0/6
0/7 0/7
0/8 0/4 0/4 0/8
0/9 0/9 0/1 0/2 0/1 0/2
0/1 0/1 0/1 0/1
0/6 0/7 0/8 0/9 0/6 0/7 0/8 0/9 0/6 0/7 0/8 0/9 0/6 0/7 0/8 0/9
Switch # configure terminal
Switch(config) # interface range fa0/2-5
Switch(config-if-range) # switchport trunk encapsulation dot1q
Switch(config-if-range) # switchport mode trunk
Switch(config-if-range) # exit
Switch(config) # vtp version 2
Switch(config) # vtp domain ccnp
Changing VTP domain name from NULL to ccnp
Switch(config) # no ip domain-lookup
Switch(config) # end
Switch #
Switch # configure terminal
Switch(config) # vlan 10
Switch(config-vlan) # name sales
66
Layer 3 Switch
Just Rock it \\m//
Switch(config-vlan) # vlan 20
Switch(config-vlan) # name hr
Switch(config-vlan) # exit
Switch(config) # ip dhcp pool sales
Switch(dhcp-config) # network 192.168.1.0 255.255.255.0
Switch(dhcp-config) # default-router 192.168.1.1
Switch(dhcp-config) # exit
Switch(config) # ip dhcp pool hr
Switch(dhcp-config) # network 10.0.0.0 255.0.0.0
Switch(dhcp-config) # default-router 10.0.0.1
Switch(dhcp-config) # exit
Switch(config) # interface vlan 10
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Switch(config-if) # ip address 192.168.1.1 255.255.255.0
Switch(config-if) # exit
Switch(config) # interface vlan 20
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
Switch(config-if) # ip address 10.0.0.1 255.0.0.0
Switch(config-if) # exit
Switch(config) # end
Switch #
S1 > enable
S1 # configure terminal
S1(config) # no ip domain-lookup
67
Just Rock it \\m//
S1(config) # vtp mode client
S1(config) # interface range fa0/1-5
S1(config-if-range)#switchport mode trunk
S1(config-if-range) # interface range fa0/6-7
S1(config-if-range) # switchport access vlan 10
S1(config-if-range) # exit
S1(config) # interface range fa0/8-9
S1(config-if-range) # switchport access vlan 20
S1(config-if-range) # end
S1 #
Configure all the remaining switches like this.
68
Just Rock it \\m//
Static NAT : Network Address Translation :
195.168.1.1 S2/0
S2/0 195.168.1.2
Fa0/0 192.168.1.100 Fa0/0 192.168.2.100
192.168.1.1 1.2 192.168.2.1 2.2
Router > enable
Router # configure terminal
Router(config) # hostname R1
R1(config) #
R1(config) # end
R1 #
R1 # configure terminal
R1(config) # interface Serial2/0
R1(config-if) # ip address 195.168.1.1 255.255.255.0
R1(config-if) # no shutdown
R1(config-if) # clock rate 128000
R1(config-if) # exit
R1(config) # interface FastEthernet0/0
R1(config-if) # ip address 192.168.1.100 255.255.255.0
R1(config-if) # no shutdown
R1(config-if) # exit
69
R1
R2
Just Rock it \\m//
R1(config) # router rip
R1(config-router) # network 192.168.1.0
R1(config-router) # network 195.168.1.0
R1(config-router) # exit
Static Nat Concept :
R1(config) # interface fa0/0
R1(config-if) # ip nat inside
R1(config-if) # exit
R1(config) # interface serial 2/0
R1(config-if) # ip nat outside
R1(config-if) # exit
R1(config) # ip nat inside source static 192.168.1.1 195.168.1.1
R1(config) # exit
R1 # debug ip nat
IP NAT debugging is on
R1 #
Before Natting:
PC > ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=156ms TTL=126
Reply from 192.168.1.1: bytes=32 time=156ms TTL=126
Reply from 192.168.1.1: bytes=32 time=125ms TTL=126
Reply from 192.168.1.1: bytes=32 time=141ms TTL=126
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 156ms, Average = 144ms70
Just Rock it \\m//
After Natting :
PC > ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 195.168.1.1: bytes=32 time=156ms TTL=126
Reply from 195.168.1.1: bytes=32 time=141ms TTL=126
Reply from 195.168.1.1: bytes=32 time=141ms TTL=126
Reply from 195.168.1.1: bytes=32 time=141ms TTL=126
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 141ms, Maximum = 156ms, Average = 144ms
PC >
71
Just Rock it \\m//
Dynamic NAT : Network Address Translation :
195.168.1.1 S2/0
S2/0 195.168.1.2
Fa0/0 192.168.1.100 Fa0/0 192.168.2.100
192.168.1.1 1.2 192.168.2.1 2.2
Router > enable
Router # configure terminal
Router(config) # hostname R1
R1(config) # end
R1 #
R1 # configure terminal
R1(config) # interface Serial2/0
R1(config-if) # ip address 195.168.1.1 255.255.255.0
R1(config-if) # no shutdown
R1(config-if) # clock rate 128000
R1(config-if) # exit
R1(config) # interface FastEthernet0/0
R1(config-if) # ip address 192.168.1.100 255.255.255.0
R1(config-if) # no shutdown
R1(config-if) # exit
R1(config) # router rip
72
R1
R2
Just Rock it \\m//
R1(config-router) # network 192.168.1.0
R1(config-router) # network 195.168.1.0
R1(config-router) # exit
Dynamic Nat Concept :
R1(config) # interface fastEthernet0/0
R1(config-if) # ip nat inside
R1(config) # interface serial2/0
R1(config-if) # ip nat outside
R1(config-if) # exit
R1(config) # access-list 10 permit 192.168.1.0 0.0.0.255
R1(config) # ip nat pool ccna 195.168.1.1 195.168.1.2 netmask 255.255.255.0
R1(config) # ip nat inside source list 10 pool ccna overload
R1(config) # end
R1# debug ip nat
IP NAT debugging is on
R1#
PC>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Reply from 195.168.1.1: bytes=32 time=109ms TTL=126
Reply from 195.168.1.1: bytes=32 time=156ms TTL=126
Reply from 195.168.1.1: bytes=32 time=156ms TTL=126
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
73
Just Rock it \\m//
Minimum = 109ms, Maximum = 156ms, Average = 140ms
PC>ping 192.168.1.2
Pinging 192.168.1.2 with 32 bytes of data:
Reply from 195.168.1.1: bytes=32 time=140ms TTL=126
Reply from 195.168.1.1: bytes=32 time=141ms TTL=126
Reply from 195.168.1.1: bytes=32 time=157ms TTL=126
Reply from 195.168.1.1: bytes=32 time=141ms TTL=126
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 157ms, Average = 144ms
PC >
74
Just Rock it \\m//
Frame – Relay Concept :
S2/0 S0 S1 S2/0
S2
S2/0 S2/0.1-195.168.2.2
Fa0/0-10.1.1.1 Fa0/0-20.1.1.1
Fa0/0-30.1.1.1
Router > enable
Router # configure terminal
Router(config) # hostname R1
R1(config)#end
R1 # configure terminal
R1(config) # interface FastEthernet0/0
R1(config-if) # ip address 10.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface s2/0
R1(config-if)#no shutdown
R1(config-if)#encapsulation frame-relay 75
S2/0.1-195.168.1.2
R1
R2
R3
S2/0.1-195.168.1.1S2/0.2-195.168.2.1
Just Rock it \\m//
R1(config)#interface s2/0.1 point-to-point
R1(config-subif)#ip address 195.168.1.1 255.255.255.0
R1(config-subif)#no shutdown
R1(config-subif)#frame-relay interface-dlci 100
R1(config)#interface s2/0.2 point-to-point
R1(config-subif)#ip address 195.168.2.1 255.255.255.0
R1(config-subif)#no shutdown
R1(config-subif)#frame-relay interface-dlci 200
R1(config)#router eigrp 10
R1(config-router)#network 10.0.0.0
R1(config-router)#network 195.168.1.0
R1(config-router)#network 195.168.2.0
R1(config-router)#no auto-summary
R1(config-router)#end
R1#
R2(config)#interface s2/0
R2(config-if)#no shutdown
R2(config-if)#encapsulation frame-relay
R2(config)#interface s2/0.1 point-to-point
R2(config-subif)#ip address 195.168.1.2 255.255.255.0
R2(config-subif)#no shutdown
R2(config-subif)#frame-relay interface-dlci 101
R3(config)#interface s2/0
R3(config-if)#no shutdown
R3(config-if)#encapsulation frame-relay
R3(config)#interface s2/0.1 point-to-point 76
Just Rock it \\m//
R3(config-subif)#ip address 195.168.2.2 255.255.255.0
R3(config-subif)#no shutdown
R3(config-subif)#frame-relay interface-dlci 102
77
Just Rock it \\m//
78
Just Rock it \\m//
Access Control List
It is a Layer 3 security which controls the flow of traffic from one router to another.
It is also called as Packet Filtering Firewall.
Types of Access-list
Standard ACL
Extended ACL
Named ACL
Standard Access List
The access-list number lies between 1 – 99.
Can block a Network, Host and Subnet
Two way communication is stopped
All services are blocked.
Implemented closest to the destination. (Guideline)
Extended Access List
The access-list number lies between 100 – 199.
Can block a Network, Host, Subnet and Service
One way communication is stopped
Selected services can be blocked.
Implemented closest to the source. (Guideline)
79
Just Rock it \\m//
Terminology
Deny : Blocking a Network/Host/Subnet/Service .
Permit : Allowing a Network/Host/Subnet/Service
Source Address : The address of the PC from where the request starts. Show Diagram
Destination address : The address of the PC where the request ends.
Inbound : Traffic coming into the interface
Outbound : Traffic going out of the interface
Protocols:
IP
TCP
UDP
ICMP
Operators :
eq (equal to)
neq (not equal to)
It (less than)
gt (greater than)
Services: HTTP, FTP, TELNET, DNS, DHCP etc..
80
Just Rock it \\m//
Wild Card Mask
Tells the router which addressing bits must— match in the address of the ACL
statement.
It’s the inverse of the subnet mask, hence is also called as Inverse mask.
A bit value of 0 indicates MUST MATCH (Check Bits)
A bit value of I. indicates IGNORE (Ignore Bits)
Wild Card Mask for a Host will be always 0.0.0.0
A wild card mask can be calculated using the formula:
Global Subnet Mask
- Customized Subnet Mask--------------------------------
Wild Card Mask
E.g.
255.255.255.255
- 255.255.255.240----------------------
0.0. 0.15
Rules of Access List
All deny statements have to be given First.
There should be at least one Permit statement
An implicit deny blocks all traffic by default when there is no match (an invisible
statement).
Can have one access-list per interface per direction. (i.e.) Two access-list per
interface, one in inbound direction and one in outbound direction.
Works in Sequential order
81
Just Rock it \\m//
Editing of access-lists is not possible (i.e) Selectively adding or removing access-list
statements is not possible.
Named Access List
Access-lists are identified using Names rather than Numbers.
Names are Case-Sensitive
No limitation of Numbers here.
One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific
statement from the ACL is possible.
(lOS version 11.2 or later allows Named ACL)
Standard Named Access List
Creation of Standard Named Access List
Router(config)# ip access-list standard <name>
Router(config-std-nacl)# <permit/deny> <source address> <source wildcard mask>
Implementation of Standard Named Access List
Router(config)#interface <interface type> <interface no>
Router(config-if)#ip access-group <name> <out/in>
82
Just Rock it \\m//
Switching
Hub
It is a Physical layer device (Layer 1)
It is Dummy Device
It works with 0’s and l’s (Bits)
It works with broadcasting
It works with shared bandwidth
It is has 1 Broadcast Domain and 1 Collision Domain
Collisions are identified using Access Methods called CSMA/CD and CSMA/CA
Broadcast Domain & Collision DomainBroadcast Domain :
Set of all devices that receive broadcast frames originating from any device within
the set.
Collision domain:
In Ethernet, the network area within which frames that have collided are
propagated is called a collision domain.
A collision domain is a network segment with two or more devices sharing the
same bandwidth.
Repeaters and hubs propagate collisions, LAN switches, bridges, and routers do
not.
83
Just Rock it \\m//
Switch :
It is Data link layer device (Layer 2)
Its is An Intelligent device
It works with Physical addresses (i.e. MAC addresses)
It works with fixed bandwidth
It works with Flooding and Unicast
It has 1 Broadcast domain and Number of Collision domains depends upon the
number of ports.
It maintains a MAC address table
Types of SwitchesManageable switches:
On a Manageable switch an IP address can be ass. and configurations can be
made. It has a console port.
Unmanageable switches
On an Unmanageable switch configurations cannot be made, an IP address cannot
be assigned as there is no console port.
Bridge Switch
Bridges are software based
Bridges have lesser no. of ports
Generally used for connecting two different topology (Segment)
Switches are hardware based
Switches have higher no. of ports
Generally used for connecting single topology (Segment)
84
Just Rock it \\m//
Router
It is a Network layer device (Layer 3)
Its is an Intelligent device
It works with Logical Addressing (i.e. IP, IPX, AppleTalk)
It works with Fixed bandwidth
Number of Broadcast domains depends upon the number of ports and Number of
Collision domains depends upon the number of ports.
Cisco’s Hierarchical Design Model
Cisco divided the Switches into 3 Layers
Access Layer Switches
Switches Series:1900 & 2900
Distribution Layer Switches
Switches Series:3000 & 5000
Core Layer Switches
Switches Series:7000, 8000 & 10,000
Switching Modes
Three types of Switching Mode :
Store & Forward
A Default switching method for distribution layer switches
Latency : High
Error Checking : Yes
85
Just Rock it \\m//
Fragment Free
It is also referred to as Modified Cut-Through
A Default Switching method for access layer switches.
Latency : Medium
Error Checking : On 64 bytes of Frame
Cut through
A Default switching method for the core layer switches
Latency : Low
Error Checking : No
Latency is the total time taken for a Frame to pass through the Switch. Latency
depends on the switching ode and the hardware capabilities of the Switch.
Virtual LAN
VLAN is a logical group of end devices independent of their physical location. VLAN
is a broadcast domain.
Divides a Single Broadcast domain into Multiple Broadcast domains to minimize
broadcast traffic.
Flexibility of design based on function or departments.
Enhances Security
By default all ports of the switch are in VLAN1 . This is known as Administrative
VLAN or Management VLAN
Ethernet VLANs can be created from 2 -1001.
VLAN Membership can be Static VLAN or Dynamic VLAN.
86
Just Rock it \\m//
Static LAN
Static VLAN5 are based on port membership.
Need to manually assign a physical port on a switch to a VLAN
Also called Port-Based VLANs
Port can be a member of single VLAN and not multiple VLANs
Dynamic VLAN
Dynamic VLANs are based on the MAC address of an end device.
Switch automatically assigns the port to a VLAN by an identified MAC address.
Each port can be a member of multiple VLANs
For Dynamic VLAN configuration, VMPS (VLAN Membership Policy Server) is
needed.
WAN Connection Types
There are three types of Wan Connectivity :
Dedicated Lines
Circuit switching
Packet Switching
Dedicated Lines
Used for shorter to medium distances and for longer connectivity.
Private line
Bandwidth is fixed
Lineis24hrsup
Whether used or not billing is done
eg : Leased Lines87
Just Rock it \\m//
Circuit Switching
Used for medium to longer distances and for shorter connectivity.
Bandwidth is fixed
Billing Depends upon the Usage
eg: ISDN, PSTN (Dial Up connections)
Packet Switching
Used for medium to longer distances and for longer connectivity.
Bandwidth is shared
eg: Frame-Relay
Encapsulation
PPP HDLC
Point to Point Protocol
Open Standard Protocol (works with same and different company Routers i.e. Cisco - Nortel, Cisco-Multicom
Supports Authentication
Supports Compression
High level Data link Control
Vendor proprietary Protocol (works with same company Router only, i.e. Cisco-Cisco, Nortel-Nortel, etc.)
No Support for Authentication
No Support for Compression
PPP Authentication
In PPP two types of Authentication:
PAP - Password Authentication Protocol.
2 Way Handshaking protocol.
Username and password are sent in clear text.
No Security.88
Just Rock it \\m//
CHAP- Challenge Handshake Authentication protocol
3 Way Handshaking protocol
Username is sent in clear text and Password in encrypted form
Secure
DCE DTE
Data Communication Equipment.
Generate Clocking (i.e. Speed).
Master.
Eg. of DCE device in Leased Line Setup : V.35 & G.703 Modem & Mux.
Eg. of DCE device in Dial up Setup : Dial up Modem.
Data Termination Equipment.
Accept Clocking (i.e. Speed).
Slave.
Eg. of DTE device in Leased Line Setup : Router
Eg. of DTE device in Dial up Setup : Computer.
Network Address Translation
Translates Private addresses to Public and Public addresses to Private.
Allows Communication from the private world to the public world and not vice
versa.
Used for internet sharing
89
Just Rock it \\m//
Frame Relay
Frame Relay is a data link layer packet-switching protocol that uses digital cir
It is used for medium to longer distances and for longer connectivity.
Leased lines also provide longer connectivity but a physical circuit is used to make
connection between 2 sites and the same circuit path is used always.
Frame Relay connections use logical circuits to make connections between 2 sites.
These logical circuits are referred to as Virtual Circuits(VCs).
Multiple VCs can exist on the same physical connection.
VCs are Full duplex.
Advantages of Frame Relay
VCs overcome the scalability problems of leased lines by providing multiple logical
circuits over the same physical connection.
Only one serial interface of a router is needed to handle the VC connections to
multiple sites Whereas using leased lines multiple serial interfaces are needed to
connect to multiple sites.
VCs provide full connectivity at a much lower price compared to leased lines.
Frame Relay Terminology
Sub-interfaces
Uses Shared bandwidth
Local Management interface(LMI):
used between the Frame relay DTE(eg. Router) and the Frame Relay DCE(eg.
Frame Relay switch)
90
Just Rock it \\m//
Defines how the DTE interacts with the DCE
Locally significant
Provides VCs status information(a keep-alive mechanism)
LMI standards: Cisco, ANSI, Q933a
The DTE and DCE must have the same LMI signaling type
Data Link Connection Identifier (DLCI) :
Used to identify each VC on a physical interface (i.e.) Each VC has a unique local
address called a DLCI flu m be r.
Switch will map to the destination depending on the DLCI number
Inverse ARP is used to map DLCIs to next hop addresses.
Mapping can also be done manually.
Its Locally significant.
These numbers are given by the Frame relay service providers, Service providers
assign DLCIs in the range of 16 to 1007.
By Mr. M.Sekar
91