BY EMAD AL-Atoum

Contents

Points To Remember ........................................................................................................... 2

Basic Notes ......................................................................................................................... 2

Basic IOS Notes ................................................................................................................... 5

Top 10 'Show' Commands ................................................................................................... 6

Security Notes ..................................................................................................................... 7

Cisco Discovery Protocol (CDP) ............................................................................................ 7

DHCP Notes ........................................................................................................................ 8

STP Notes ........................................................................................................................... 8

Vlan Notes .......................................................................................................................... 9

Trunking Notes: ................................................................................................................ 10

ACL Notes ......................................................................................................................... 10

Access List Notes: Numbered And Named ACL .................................................................. 11

IP Routing Notes ............................................................................................................... 15

Quick Reminder About HSRP ............................................................................................. 16

Basic Notes On BGP (Border Gateway Protocol) ................................................................... 17

Ospf Notes ....................................................................................................................... 19

Configuring Basic Ospf...................................................................................................... 20

EIGRP Notes. ..................................................................................................................... 21

EIGRP Configuration And Troubleshooting Commands ....................................................... 22

IPv6 Notes ........................................................................................................................ 24

NAT Notes ........................................................................................................................ 25

Frame Relay Notes ............................................................................................................ 25

Short Note On Etherchannel .............................................................................................. 26

Netflow ............................................................................................................................. 27

pg. 2

CCNA (200-120) QUICK NOTES

Points To Remember

By default router can break up broadcast domains. You need vlans in switches to break

broadcast domains

Both router and switch can break up collision domains

Routing occur in internet layer in DOD TCP/IP reference model

PPP perform in layer 2

FTP belongs to Application layer

When Global command that is set once and affects the entire router

LCP PPP sub protocol negotiates authentication options

PPP and DSL are valid WAN connectivity methods

Rapid Spanning Tree Protocol, an enhancement to Spanning Tree Protocol is used to

prevent loops

When using the term “frame” we can easily recognize it belongs to the Data Link layer

When using the term “Packet” we can easily recognize it belongs to the Network layer

Show version command reveals the last method used to powercycle a router

show ip interface command is used to verify which interfaces are affected by the ACL

Both routers must use the same password for CHAP to authentication

Basic Notes

To check the connectivity between a host and a destination (through some networks) we

can use both “tracert” and “ping” commands. But the difference between these 2

commands is the “tracert” command can display a list of near-side router interfaces in the

path between the source and the destination. The “traceroute” command has the same

function of the “tracert” command but it is used on Cisco routers only, not on a PC

When powered on, the router first checks its hardware via Power-On SelfTest (POST).

Then it checks the configuration register to identify where to load the IOS image from. In the

output above we learn that the Configuration register value is 0×2102 so the router will try to

boot the system image from Flash memory first.

pg. 3

The last known good router will try to inform you that the destination cannot be

reached (with a Destination Unreachable message type) so from that information you

can learn how far your packets can travel to and where the problem is.

Each interface on a router must be in a different network. If two interfaces are in the same

network, the router will not accept it and show error when the administrator assigns it.

When no startup configuration file is found in NVRAM, the System Configuration Dialog

will appear to ask if we want to enter the initial configuration dialog or not.

Ping command can be used from a PC to verify the connectivity between hosts that connect

through a switch in the same LAN

Organizational Unique Identifier (OUI) is the first 24 bits of a MAC address for a network

device, which indicates the specific vendor for that device as assigned by the Institute of

Electrical and Electronics Engineers, Incorporated (IEEE). This identifier uniquely identifies a

vendor, manufacturer, or an organization.

The Maximum Transmission Unit (MTU) defines the maximum Layer 3 packet (in bytes) that

the layer can pass onwards.

Modern Ethernet networks built with switches and full-duplex connections no longer utilize

CSMA/CD. CSMA/CD is only used in old switches

The Network layer is responsible for network addressing and routing through the

internetwork. So a ping fails, you may have an issue with the Network layer. Packets are

created when the network layer adds Layer 3 addresses and control information to a segment.

The transport layer divides a data stream into segments and may add reliability and flow

control information.

Application layer in the OSI reference model is responsible for determining the availability of

the receiving program and checking to see if enough resources exist for that communication

When upgrading new version of the IOS we need to copy the IOS to the Flash so first we

have to check if the Flash has enough memory or not. Also running the new IOS may require

more RAM than the older one so we should check the available RAM too. We can check both

with the “show version” command.

When will devices transmit in a Ethernet network ?

Ethernet network is a shared environment so all devices have the right to access to the

medium. If more than one device transmits simultaneously, the signals collide and cannot

reach the destination. If a device detects another device is sending, it will wait for a specified

amount of time before attempting to transmit. When there is no traffic detected, a device will

transmit its message. While this transmission is occurring, the device continues to listen for

traffic or collisions on the LAN. After the message is sent, the device returns to its default

listening mode.

pg. 4

Two purposes does the Ethernet protocol use physical addresses

1. Physical addresses or MAC addresses are used to identify devices at layer 2

2. To allow communication between different devices on the same network

The following locations can be configured as a source for the IOS image:

1. Flash (the default location)

2. TFTP server

3. ROM (used if no other source is found)

What is the difference between a CSU/DSU and a modem?

A CSU/DSU converts digital signals from a router to a leased line; a modem converts digital

signals from a router to a phone line.

Router boot process:

The Power-On SelfTest (POST) checks the router’s hardware. When the POST completes

successfully, the System OK LED indicator comes on.

The router checks the configuration register to identify where to load the IOS image from. A

setting of 0×2102 means that the router will use information in the startup-config file to

locate the IOS image. If the startup-config file is missing or does not specify a location, it will

check the following locations for the IOS image:

1. Flash (the default location)

2. TFTP server

3. ROM (used if no other source is found)

pg. 5

Basic IOS Notes

service password-encryption command, all the (current and future) passwords are

encrypted. This command is primarily useful for keeping unauthorized individuals from

viewing your password in your configuration file.

How to secure the virtual terminal interfaces on a router?

1. Configure a virtual terminal password and login process.

2. Enter an access list and apply it to the virtual terminal interfaces using the access-class

command.

Commands

Router(config)# service password-encryption command encrypts all plaintext passwords.

Router (config-if)# ppp authentication chap pap command is used to enable CHAP

authentication with PAP as the fallback method on a serial interface

Router#show vlan command only displays access ports, the trunk ports are not showed in

this command

"Show frame-relay lmi” command allows you to verify the encapsulation type (CISCO or IETF)

for a frame relay link

show ip ospf database - command is used to display the collection of OSPF link states

Below lists popular modes in Cisco switch/router:

Router> User mode

Router# Privileged mode

Router(config)# Configuration mode

Router(config-if)# Interface level (within configuration mode)

Router(config-

router)# Routing engine level (within configuration mode)

Router(config-line)# Line level (vty, tty, async) within configuration mode

pg. 6

Top 10 'Show' Commands

One of the most important abilities a network administrator is the know-how to get

information out of his network devices so he can find out what's going on with the network.

In most networks, the staple of information gathering has been the "show" commands. Here

are the list of top ten commands you must know.

show version: Start simple; this command gives uptime, info about your software and

hardware and a few other details.

show ip interface brief: This command is great for showing up/down status of your IP

interfaces, as well as what the IP address is of each interface. It's mostly useful for

displaying critical info about a lot of interfaces on one easy to read page.

show interface: This is the more popular version of the command that shows detailed

output of each interface. You'll usually want to specify a single interface or you'll have to

hit 'page down' a lot. This command is useful because it shows traffic counters and also

detailed info about duplex and other link-specific goodies.

show ip interface: This often overlooked command is great for all the configuration

options that are set. These include the switching mode, ACLs, header compression, ICMP

redirection, accounting, NAT, policy routing, security level, etc. Basically, this command

tells you how the interface is behaving.

show ip route: This indispensable command shows your routing table, which is usually the

primary purpose of the box. Get to know the options on this command.

show arp: Can't ping a neighbor? Make sure you're getting an arp entry.

show running-config: This is an easy one. It tells you how the box is configured right now.

Also, "show startup-config" will tell you how the router will be configured after the next

reboot.

show port: Similar to the show interface command on routers, this command gives you the

status of ports on a switch.

show vlan: With the trend toward having lots of VLANs, check this command to make sure

your ports are in the VLANs you think they are. Its output is very well designed.

show tech-support: This command is great for collecting a lot of info. It basically runs a

whole bunch of other show commands, and spits out dozens of pages of detailed output,

designed to be sent to technical support. But, it's also useful for other purposes.

pg. 7

Security Notes

We only enable PortFast feature on access ports (ports connected to end stations). But if

someone does not know he can accidentally plug that port to another switch and a loop

may occur when BPDUs are being transmitted and received on these ports.

With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop

We can verify whether port security has been configured by using the “show running-

config” or “show port-security interface” for more detail

Port security is only used on access port (which connects to hosts) so we need to set that

port to “access” mode, then we need to specify the maximum number of hosts which are

allowed to connect to this port.

Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security

mac-address ” command.

One of the most widely deployed network security technologies today is IPsec over VPNs. It

provides high levels of security through encryption and authentication, protecting data

from unauthorized access.

Cisco Discovery Protocol (CDP)

CISCO Discovery Protocol (CDP) is a proprietary protocol designed by Cisco to help

administrators collect information about both locally attached and remote devices. By using

CDP, you can gather hardware and protocol information about neighbor devices, which is

useful info for troubleshooting the network. CDP messages are generated every 60 seconds

as multicast messages on each of its active interfaces.

The information shared in a CDP packet about a Cisco device includes the following:

Name of the device configured with the hostname command

IOS software version

Hardware capabilities, such as routing, switching, and/or bridging

Hardware platform, such as 2600, 2950, or 1900

The layer-3 address(es) of the device

The interface the CDP update was generated on

CDP allows devices to share basic configuration information without even configuring any

protocol specific information and is enabled by default on all interfaces. CDP is a Datalink

Protocol occurring at Layer 2 of the OSI model. CDP is not routable and can only go over to

directly connected devices.

pg. 8

CDP is enabled, by default, on all Cisco devices. CDP updates are generated as multicasts

every 60 seconds with a hold-down period of 180 seconds for a missing neighbor.

#cdp run This command enables cdp globally

#no cdp run turns off CDP for entire router (global config)

#no cdp enable turns off CDP on specific interface

#sh cdp neighbor shows directly connected neighbors

#sh cdp int shows which interfaces are running CDP

#sh cdp int eth 0/0 show CDP info for specific interface

#sh cdp entry <cdp neighbor here> shows CDP neighbor detail

#cdp timer 120 change how often CDP info is sent (default cdp timer is 60)

#cdp holdtime 240 how long to wait before removing a CDP neighbor (default CDP

holdtime is 180)

#sh cdp run shows if CDP turned on

DHCP Notes

Network or sub network IP address and broadcast address should never be assignable to

hosts. When try to assign these addresses to hosts, you will receive an error message saying

that they can’t be assignable.

An address conflict occurs when two hosts use the same IP address. During address

assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected,

the address is removed from the pool. The address will not be assigned until the

administrator resolves the conflict.

STP Notes

Only non-root bridge can have root port.

The path cost to the root bridge is the most important value to determine which port will

become the root port on each non-root switch. In particular, the port with lowest cost to the

root bridge will become root port (on non-root switch).

Per VLAN Spanning Tree (PVST) maintains a spanning tree instance for each VLAN

configured in the network. It means a switch can be the root bridge of a VLAN while another

switch can be the root bridge of other VLANs in a common topology. For example, Switch 1

can be the root bridge for Voice data while Switch 2 can be the root bridge for Video data. If

designed correctly, it can optimize the network traffic.

pg. 9

If we connect two switches via 2 or more links and do not enable STP on these switches then

a loop (which creates multiple copies of the same unicast frame) will occur. It is an example

of an improperly implemented redundant topology.

PVST+ is based on IEEE802.1D Spanning Tree Protocol (STP). But PVST+ has only 3 port states

(discarding, learning and forwarding) while STP has 5 port states (blocking, listening,

learning, forwarding and disabled). So discarding is a new port state in PVST+.

RSTP only has 3 port states that are discarding, learning and forwarding. When RSTP has

converged there are only 2 port states left: discarding and forwarding

A BPDU is superior than another if it has:

1. A lower Root Bridge ID

2. A lower path cost to the Root

3. A lower Sending Bridge ID

4. A lower Sending Port ID

Vlan Notes

A “Native VLAN mismatch” error will appear by CDP if there is a native VLAN mismatch on an

802.1Q link. “VLAN mismatch” can cause traffic from one vlan to leak into another vlan.

VLANs allow to group users by function, not by location or geography

VLANs help minimize the incorrect configuration of VLANs so it enhances the security of the

network

VLANs increase the number of broadcast domains while decreasing the size of the broadcast

domains which increase the utilization of the links. It is also a big advantage of VLAN

Advantages of VLANs

VLANs establish broadcast domains in switched networks.

VLANs allow access to network services based on department, not physical location.

VLANs can greatly simplify adding, moving, or changing hosts on the network.

For 802.1q encapsulation, the native VLAN must matched at both side; otherwise the link will

not work.

VLAN 1 is the default VLAN on Cisco switch. It always exists and cannot be added, modified

or removed.

VLANs 1002-1005 are default VLANs for FDDI & Token Ring and they can’t be deleted or used

for Ethernet.

pg. 10

Trunking Notes:

Valid Vlan Trunk Modes

Desirable

Auto

ON

Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol for negotiating trunking on a

link between two devices and for negotiating the type of trunking encapsulation (802.1Q) to

be used.

IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet

network. It is a protocol that allows VLANs to communicate with one another using a router.

802.1Q trunks support tagged and untagged frames. If a switch receives untagged frames on

a trunk port, it believes that frame is a part of the native VLAN. Also, frames from a native

VLAN are not tagged when exiting the switch via a trunk port.

Three elements must be used when you configure a router interface for vlan trunking?

1. one IP network or subnetwork for each subinterface

2. subinterface encapsulation identifiers that match vlan tags

3. one subinterface per vlan

Cisco switches support two trunking protocols 802.1q & ISL. 802.1q is an open standard and

is thus compatible between most vendors’ equipment while Inter-Switch Link (ISL) is Cisco

proprietary.

ACL Notes

The standard access lists are ranged from 1 to 99 and from 1300 to 1999

We can have only 1 access list per protocol, per direction and per interface. It means:

We cannot have 2 inbound access lists on an interface

We can have 1 inbound and 1 outbound access list on an interface

We can use a dynamic access list to authenticate a remote user with a specific username and

password. The authentication process is done by the router or a central access server such as

a TACACS+ or RADIUS server.

pg. 11

Access List Notes: Numbered And Named ACL

Explanation of Access Control Lists (ACLs)

Access control lists (ACLs) are set of rules which allows you to permit or deny packets based

on source and destination IP address, IP protocol information, or TCP or UDP protocol

information. You can configure the following types of ACLs:

1. Standard – Permits or denies packets based on source IP address. Valid standard ACL IDs

are 1 – 99

2. Extended – Permits or denies packets based on source and destination IP address and also

based on IP protocol information. Valid extended ACL IDs are a number from 100 – 199

Access-lists use wildcard masks to match traffic. Access control lists (ACLs) can be used for

two purposes on Cisco devices:

- To filter traffic

- To identify traffic

When filtering traffic, access lists are applied on interfaces. As a packet passes through a

router, the top line of the rule list is checked first, and the router continues to go down the

list until a match is made. Once a match is made, the packet is either permitted or denied.

NOTE : There is an implicit ‘deny all’ at the end of all access lists. We can’t delete it. So an

access lists that contain only deny statements will prevent all traffic. If you want ACL to allow

traffic there must be a permit statement

Access lists are applied either inbound (packets received on an interface, before routing), or

outbound (packets leaving an interface, after routing). Only one access list per interface,

per protocol, per direction is allowed.

Even filtering traffic is the primary use of access lists, there are several instances when it is

necessary to identify traffic using ACLs, including:

• Identifying interesting traffic to bring up an ISDN link or VPN tunnel

• Identifying routes to filter or allow in routing updates

• Identifying traffic for QoS purposes

Types of Access List

There are two categories of access lists:

Numbered ACL .it is the basic one. You cannot remove individual lines from a numbered

access list. The entire access list must be deleted and recreated. All new entries to a

numbered access list are added to the bottom. Best practice is to use a text editor to manage

your access-lists.

There are two common types of numbered access lists:

1. IP standard access lists

2. IP extended access lists

pg. 12

Named ACL provide more flexibility than Numbered access list. We can give names to

identify your access-lists. individual lines can be removed from a named access-list. All new

entries are added to the bottom of the access list like numbered ACL

There are two common types of named access lists:

1. IP standard named access lists

2. IP extended named access lists

How to permit or deny a specific host in Access list ?

we can use an example of 172.16.10.1 .As we want to block a specific address(host) in a

network, we can use wildcard mask "0.0.0.0" .all octet in wildcard mask set to "0" means

every octet must be matched.

There are actually two ways we can match a host:

• Using a wildcard mask "0.0.0.0" – 172.16.10.1 0.0.0.0

• Using the keyword “host” – host 172.16.10.1

Above method is use to match exactly a host. So how what we do to match the all

address ?

There are actually two ways we can match all addresses:

• Using a wildcard mask "255.255.255.255" - 0.0.0.0 255.255.255.255

• Using the keyword “any” – any source or destination

Standard IP Access List

Syntax

access-list [1-99] [permit | deny] [source address] [wildcard mask]

Standard IP access-lists are based upon the source host or network IP address, and should be

placed closest to the destination network. Range of standard access list is from 1-99

Example

Qn : Block network 172.20.0.0 from accessing the 172.19.0.0 network

Router(config)# access-list 20 deny 172.20.0.0 0.0.255.255

Router(config)# access-list 20 permit any

Note : Access list must be created on the router which is close to destination

First line deny all hosts on the 172.20.x.x network.

The second line uses a keyword of "any", which will match (permit) any other address.

Always remember that you must have at last one permit statement in your access list.

Otherwise all traffic will be blocked because of implicit deny at the end

pg. 13

Creating a access-list won’t do anything it the network. It must be applied on an interface. To

apply this access list, we would configure the following on Router:

Router(config)# int s0

Router(config-if)# ip access-group 20 in

To view all IP access lists configured on the router:

Router# show ip access-list

To view what interface an access-list is configured on:

Router# show ip interface

Router# show running-config

Extended IP Access List

Syntax

access-list [100-199] [permit | deny] [protocol] [source address] [wildcard mask]

[destination address] [wildcard mask] [operator] [port]

Extended IP access-lists block based upon the source IP address, destination IP address, and

TCP or UDP port number. Extended access-lists should be placed closest to the source

network.

Example :

access-list 100 deny tcp host 1.1.1.1 host 2.2.2.2 eq 23

access-list 100 deny tcp 3.3.3.0 0.0.0.255 any eq 80

access-list 100 permit ip any any

1. The first line deny host 1.1.1.1 from accessing host 2.2.2.2 via telnet (port 23)

2. The second line deny http (eq port 80)access of 3.3.3.0 network

3. The third line allows all other traffic

Like our earlier example this ACL also be applied on interface to take effect. To apply this

access list, we would configure the following command

int fa 0/0

ip access-group 100 in

In the above example we used eq port 80 to block http

pg. 14

We can use several other operators for port numbers:

1. eq Matches a specific port

2. gt Matches all ports greater than the port specified

3. lt Matches all ports less than the port specified

4. neq Matches all ports except for the port specified

5. range Match a specific inclusive range of ports

The following will match all ports greater than 100:

Router(config)# access-list 101 permit tcp any host 172.16.10.10 gt 100

The following will match all ports less than 1024:

Router(config)# access-list 101 permit tcp any host 172.16.10.10 lt 1024

The following will match all ports that do not equal 443:

Router(config)# access-list 101 permit tcp any host 172.16.10.10 neq 443

The following will match all ports between 80 and 88:

Router(config)# access-list 101 permit tcp any host 172.16.10.10 range 80 88

Named Access Lists

Named access lists provide us with two advantages over numbered access lists. First, we can

apply an identifiable name to an access list, for documentation purposes. Second, we can

remove individual lines in a named access-list, which is not possible with numbered access

lists.

Please note, though we can remove individual lines in a named access list, we cannot insert individual lines into that

named access list. New entries are always placed at the bottom of a named access list

To create a standard named access list, the syntax would be as follows:

Router(config)# ip access-list standard NAME

Router(config-std-nacl)# deny 172.18.0.0 0.0.255.255

Router(config-std-nacl)# permit any

To create an extended named access list, the syntax would be as follows:

Router(config)# ip access-list extended NAME

Router(config-ext-nacl)# permit tcp 172.18.0.0 0.0.255.255 host 172.16.10.10 eq 80

Router(config-ext-nacl)# deny ip 172.18.0.0 0.0.255.255 172.16.0.0 0.0.255.255

pg. 15

Router(config-ext-nacl)# permit ip any any

Troubleshooting

show access-lists [<number> | <name>]

show ip access-lists [<number> | <name>]

show ip access-lists interface <interface>

show ip access-lists dynamic

show ip interface [<interface>]

IP Routing Notes

When one route is advertised by more than one routing protocol, the router will choose to use

the routing protocol which has lowest Administrative Distance.

Routers decrement the TTL by 1 every time they forward a packet; if a router decrements the

TTL to 0, it throws away the packet. This prevents packets from rotating forever

Remember these rules:

The IP addresses (of source and destination) of a packet never change during the

transportation through the network.

For example if PC-A wants to send a packet to PC-Z then the source and destination IP

addresses of the packet will be the IP addresses of PC-A and PC-Z no matter how many

devices they go through.

The MAC addresses, conversely, will change while passing the devices. The source MAC

address is the address of the last sender and the destination MAC address is the address of

the next device.

The simple syntax of static route:

ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface}

Explanation

destination-network-address: destination network address of the remote network

subnet mask: subnet mask of the destination network

next-hop-IP-address: the IP address of the receiving interface on the next-hop router

exit-interface: the local interface of this router where the packets will go out

pg. 16

Quick Reminder About HSRP

In this article we will discuss about brief about HSRP

Quick reminder about HSRP

Hot Standby Router Protocol (HSRP) is a Cisco proprietary protocol.

With HSRP, two or more devices support a virtual router with a fictitious MAC address and

unique IP address

Hosts use this IP address as their default gateway and the MAC address for the Layer 2

header

The virtual router’s MAC address is 0000.0c07.ACxx , in which xx is the HSRP group.

Multiple groups (virtual routers) are allowed.

The Active router forwards traffic. The Standby router is backup and monitors periodic

hellos (multicast to 224.0.0.2,

UDP port 1985) to detect a failure of the active router.

The active router is chosen because it has the highest HSRP priority (default priority is

100). In case of a tie, the router

with the highest configured IP address wins the election

A new router with a higher priority does not cause an election unless it is configured to

preempt.

HSRP States

Initial: HSRP is not running.

Learn: The router does not know the virtual IP address and is waiting to hear from the

active router.

Listen: The router knows the IP and MAC of the virtual router, but it is not the active or

standby router.

Speak: Router sends periodic HSRP hellos and participates in the election of the active

router.

Standby: Router monitors hellos from active router and assumes responsibility if active

router fails.

Active: Router forwards packets on behalf of the virtual router.

pg. 17

Basic Notes On BGP (Border Gateway Protocol)

BGP

RIP, OSPF and EIGRP are all different but they have one thing in common…they want to find

the shortest path to the destination. But when coming to Internet being able to manipulate

traffic paths is far more important than finding the shortest path. There is only one routing

protocol we currently use on the Internet which is BGP.

Within an autonomous system we use an IGP like OSPF or EIGRP. For routing between the

different autonomous systems we use an EGP(external gateway protocol). The only EGP we

use nowadays is BGP. We can say internet as a bunch of autonomous system that are

connected to each other. We need to register AS number for BGP just like public IP address.

Autonomous system numbers are 16-bit which means we have AS from 1 up to 65535.

There’s also a private range (64512 – 65535) which we can use for non-internet usage

There are two types of BGP:

1. External BGP: Used for routing between autonomous systems

2. Internal BGP: Used for routing within the autonomous system.

Points to Remember

BGP is the routing protocol we use to route between autonomous systems:

BGP guarantees loop-free routing information.

BGP is completely different than IGPs.

BGP avoids loops by using path vector routing protocol [BGP saves path when they enter

inside a AS]

BGP doesn't use metrics but a rich set of BGP attributes.

BGP uses TCP port 179

Administrative distance of EBGP is 20

Administrative distance of IBGP is 200

Authentication used in BGP is MD5

Currently using BGP v4

BGP saves paths to all destination in a table called forwarding table.Best path from

forwarding table is saved in routing table

Routers running BGP is termed as BGP speakers

BGP neighbors are called Peers. Peers must be configured statically

BGP was built for reliability and Control but not for speed.

pg. 18

Once BGP peers form a neighbor relationship, they share their full routing table.

Afterwards, only changes to the routing table are forwarded to peers.

CISCO recommendation on BGP

Use BGP

- When AS is multi-homed

- When AS is a transit AS

Do not use BGP

- In a single homed AS

- With a router that does not have sufficent resources to handle it

- With a staff who does not have a good understanding of BGP path selection and

manipulation

Neighbor States

Idle : Neighbor is not responding

Active : Attempting to connect

Connect : TCP session established

Open Sent : Open message sent

Open Confirm : Response received

Established : Adjacency established

Packet Types:

Open : After a neighbour is confirmed manually, BGP sends an open message to establish

peering with that neighbour

Update : Used to transfer routing information between peers

Keep Alive : BGP peers exchange keep-alive messages in every 60 seconds by default. It

keeps the peering session alive

Notification : Notification is a warning message send before closing connection with a BGP

Peer.

pg. 19

Ospf Notes

The highest IP address of all loopback interfaces will be chosen as Router-ID

110 is the default administrative distance of OSPF

The default number of equal-cost paths that can be placed into the routing of a Cisco OSPF

router is 4. We can change this default value by using “maximum-paths” command:

Router(config-router)#maximum-paths 2

Note: Cisco routers support up to 6 equal-cost paths

Characteristics of a link-state routing protocol

Provides common view of entire topology

Calculates shortest path

Utilizes event-triggered updates

Describe the routing protocol OSPF

It supports VLSM.

It confines network instability to one area of the network.

It allows extensive control of routing updates

Hierarchical design of OSPF (basically means that you can separate the larger internetwork

into smaller internetworks called areas) helps us create a network with all features listed like

(decrease routing overhead, speed up convergence; confine network instability to single areas

of the network).

Hello packets and LSAs from other routers are used by router running a link-state protocol to

build and maintain its topological database

To form an adjacency (become neighbour), router A & B must have the same Hello interval,

Dead interval and AREA number.

pg. 20

Configuring Basic Ospf

Routing protocol configuration occurs in Global Configuration mode. On Router, to configure

OSPF:

Router(config)# router ospf 1

Router(config-router)# router-id 1.1.1.1

Router(config-router)# network 172.16.0.0 0.0.255.255 area 1

Router(config-router)# network 172.17.0.0 0.0.255.255 area 0

Explanation

The first command, router ospf 1, enables the OSPF process. The “1” indicates the OSPF

process ID, and can be unique on each router. The process ID allows multiple OSPF

processes to run on the same router.

The router-id command assigns a unique OSPF ID of 1.1.1.1 for this router.

Here in OSPF we use wild card mask along with network statement to assign an interface

to a specific area

To change OSPF bandwidth

Router(config)# interface s0

Router(config-if)# bandwidth 64

To change OSPF Cost

Router(config)# interface fa 0/0

Router(config-if)# ip ospf cost 10

Changing the cost of an interface can alter which path OSPF selected as “shortest,” and thus

should be used with great care.

To alter how OSPF calculates its default metrics for interfaces:

Router(config)# router ospf 1

Router(config-router)# ospf auto-cost reference-bandwidth 100

The above ospf auto-cost command has a value of 100 configured, which is actually the

default. This indicates that a 100Mbps link will have a cost of 1 (because 100/100 is

1).Lowest cost is better

pg. 21

OSPF passive interface

As in EIGRP,OSPF will not form neighbor ship, If the Passive interface command is configured

Router(config)# router ospf 1

Router(config-router)# network 10.4.0.0 0.0.255.255 area 0

Router(config-router)# passive-interface default

Router(config-router)# no passive-interface fa 0/0

"Passive-interface default" command make all interface passive and "no passive-interface fa

0/0" command will remove passive interface from fa 0/0 interface

EIGRP Notes Make sure you know how to configure and troubleshoot EIGRP.

AD of EIGRP Internal Route is 90

AD of EIGRP external Route is 170

AD of EIGRP summary Route is 5

Passive Interface: In EIGRP (and OSPF) the passive interface command stops sending

outgoing hello packets, hence the router cannot form any neighbor relationship via the

passive interface. This behavior stops both outgoing and incoming routing updates

Feasible successor is a route whose Advertised Distance is less than the Feasible Distance of

the current best path. A feasible successor is a backup route, which is not stored in the

routing table but stored in the topology table.

EIGRP stub advertises summary and directly connected routes. EIGRP stub routing feature

improves network stability, reduce resources utilization and simplifies stub router

configuration. Any neighbor that receives a packet informing it of the stub status will not

query the stub router for any routes. EIGRP stub configuration command increases scalability

by limiting the

EIGRP query range

Active State: When a route (current successor) goes down, the router first checks its topology

table for a feasible successor but it can’t find one. So it goes active on the that route to find a

new successor by sending queries out to its neighbors requesting a path to the lost route.

pg. 22

EIGRP Configuration And Troubleshooting

Commands

Syntax

Router(config)#router eigrp <Autonomous-system-number>

Router(config-router)#network <network address>[wild card-mask] (wild card mask is

optional)

Router(config-router)#no auto-summary

Router(config-router)#variance <multiplier> (Optional)

To influence the metric, it is possible to configure bandwidth on the interfaces:

Router(config)#Interface<interface>

Router(config-if)#bandwidth<BW in kbps>

Configure Default paths in EIGRP

Method 1: Specify a default network:

Router(config)# ip default-network < network_address >

Method 2: Create a static default route and then include network 0.0.0.0 in EIGRP:

Router(config)# ip route 0.0.0.0 0.0.0.0 < next_hop_ip >

Router(config)# router eigrp < as_no >

Router(config-router)# network 0.0.0.0

To view exchange process

Router#debug eigrp packets

To view update process

Router#debug ip eigrp

To view the neighbor table:

Router#show ip eigrp neighbors

To view the EIGRP Topology Table, containing all EIGRP route information:

Router# show ip eigrp topology

To view information on EIGRP traffic sent and received on a router:

Router# show ip eigrp traffic

To view the bandwidth, delay, load, reliability and MTU values of an interface:

Router# show interface s0

To view information specific to the EIGRP protocol:

pg. 23

Router# show ip protocols

This command provides us with information on EIGRP timers, EIGRP metrics and

summarization

To view the IP routing table:

Router# show ip route

To view a specific route within the IP routing table:

Router# show ip route 10.3.0.0

To debug EIGRP in realtime:

Router# debug eigrp neighbors

Router# debug eigrp packet

Router# debug eigrp route

Router# debug eigrp summary

pg. 24

IPv6 Notes

Features of the IPv6 protocol

Autoconfiguration

No broadcasts

Plug-and-play

A single interface may be assigned multiple IPV6 addresses of any type.

Every IPV6 interface contains at least one loopback address.

With IPv6, devices can build a link-local address automatically. But notice this address is only

used for communications within the local subnetwork, routers do not forward these

addresses.

Below is the list of common kinds of IPv6 addresses:

Loopback address ::1

Link-local address FE80::/10

Site-local address FEC0::/10

Global address 2000::/3

Multicast address FF00::/8

SNMP protocol can cause overload on a CPU of a managed device

TRAP and INFORM are the alert message generated by SNMP agents

In a GLBP network, AVG is responsible for the arp request

Components of SNMP

1. MIB

2. SNMP Manager

3. SNMP Agent

3 features are added in SNMPv3 over SNMPv2

1. Message Integrity

2. Authentication

3. Encryption

Popular destinations for syslog messages to be saved

1. The logging buffer .RAM

2. The console terminal

3. Syslog server

pg. 25

The benefit of using Netflow

1. Network, Application & User Monitoring

2. Security Analysis

3. Accounting/Billing

3 things that the Netflow uses to consider the traffic to be in a same flow

1. IP address

2. Port numbers

3. L3 protocol type

NAT Notes

With static NAT, translations exist in the NAT translation table as soon as you configure static

NAT command(s), and they remain in the translation table until you delete the static NAT

command(s).Because static NAT translations are always present in the NAT table so outside

hosts can initiate the connection without being dropped

With dynamic NAT, translations do not exist in the NAT table until the router receives traffic

that requires translation. Dynamic translations have a timeout period after which they are

purged from the translation table.

By not reveal the internal Ip addresses, NAT adds some security to the inside network

By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-

address the inside hosts

Frame Relay Notes

To configure subinterface for Frame Relay, first we have to remove the IP address from the

physical interface and choose a Frame Relay encapsulation.

The PVC STATUS displays the status of the PVC. The DCE device creates and sends the report

to the DTE devices. There are 4 statuses:

ACTIVE: the PVC is operational and can transmit data

INACTIVE: the connection from the local router to the switch is working, but the connection

to the remote router is not available

DELETED: the PVC is not present and no LMI information is being received from the Frame

Relay switch

STATIC: the Local Management Interface (LMI) mechanism on the interface is disabled (by

using the “no keepalive” command). This status is rarely seen so it is ignored in some books.

pg. 26

DLCI: DLCI stands for Data Link Connection Identifier. DLCI values are used on Frame Relay

interfaces to distinguish between different virtual circuits. DLCIs have local significance

because the identifier references the point between the local router and the local Frame Relay

switch to which the DLCI is connected.

Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by

the Frame Relay switch. Frames that are sent in excess of the CIR are marked as discard

eligible (DE) which means they can be dropped if the congestion occurs within the Frame

Relay network.

Note: In the Frame Relay frame format, there is a bit called Discard eligible (DE) bit that is

used to identify frames that are first to be dropped when the CIR is exceeded.

Local Management Interface (LMI) is a signalling standard protocol used between your

router (DTE) and the first Frame Relay switch

Inverse ARP is a technique by which dynamic mappings are constructed in a network,

allowing a device such as a router to locate the logical network address and associate it with

a permanent virtual circuit (PVC).

Short Note On Etherchannel

Etherchannel is a technology that lets you bundle multiple physical links into a single logical

link.

We know if we connect two switches via one cable there will not be any loop and no need of

STP.But if we connect two or more cables between two switches there will be chance for

loops. In normal case STP will run and prevent formation of loops. But the problem is we can’t

add redundancy between switches.

Etherchannel can bundle all physical links into a logical link with the combined bandwidth.For

example if there are 4 fast Ethernet cables between switch A and Switch B, by combining 4x

100 Mbit I now have a 400 Mbit link. Spanning tree sees this link as one logical link so there

are no loops!

Etherchannel will do load balancing among the different links that we have and it takes care

of redundancy. Once one of the links fails it will keep working and use the links that we have

left.we can use up to 8 physical interface in one bundle

pg. 27

We can configure Etherchannel using two protocols

PAgP(Cisco proprietary)

LACP (IEEE standard)

These protocols can dynamically configure an etherchannel. It’s also possible to configure a

static etherchannel without these protocols doing the negotiation of the link for you.

PAgP and LACP will check if the configuration of the interfaces that you use are the same. If

you are going to create an etherchannel you need to make sure that all ports have the same

configuration:

Duplex has to be the same.

Speed has to be same.

Same native AND allowed VLANs.

Same switchport mode (access or trunk).

Netflow

What is NetFlow?

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and

monitoring network traffic Flow.

It can also used to determine where traffic is coming from, where it is going to, and how

much traffic is being generated.

NetFlow-enabled routers export traffic statistics as NetFlow records which are then collected

by a NetFlow collector.

What is a NetFlow Collector?

Routers that have the NetFlow feature enabled generate NetFlow records. These records are

exported from the router and collected using a NetFlow collector.

The NetFlow collector then processes the data to perform the traffic analysis and presentation

in a user-friendly format.

NetFlow collectors can take the form of hardware-based collectors (probes) or software-based

collectors.